about summary refs log tree commit diff
path: root/nix/hosts/corrino/www/netbox.emile.space.nix
blob: a86209c66a20aeee6c8f96a14ffecf0e63019094 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
{ config, pkgs, ... }:

{
  services.nginx.virtualHosts."netbox.emile.space" = {
    forceSSL = true;
    enableACME = true;
    kTLS = true;

    locations."/" = {
      proxyPass = "http://[::1]:8001";
      proxyWebsockets = true;
    };
    locations."/static/".root = "${config.services.netbox.dataDir}";
  };

  users.users.nginx.extraGroups = [ "netbox" ];

  environment.systemPackages = with pkgs; [ netbox ];

  services.netbox = {
    enable = true;
    package = pkgs.netbox_3_6; # nixos 23.11 now has netbox 3.6
    dataDir = "/var/lib/netbox";
    settings.ALLOWED_HOSTS = [ "*" ];
    enableLdap = false;
    settings = {};
    secretKeyFile = config.age.secrets.netbox_secret.path;
    port = 8001;
    listenAddress = "[::1]";
  };

  age.secrets.netbox_secret = {
    mode = "440";
    owner = "netbox";
    group = "netbox";
  };

  #services.netbox = {
  #  enable = true;
  #  listenAddress = "[::1]";
  #  secretKeyFile = config.age.secrets.netbox_secret.path;
  #  package = pkgs.netbox.override { python3 = pkgs.python310; };
  #  # extraConfig = ''
  #  #   # REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'
  #  #   # SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = 'https://auth.c3voc.de'

  #  #   EXEMPT_VIEW_PERMISSIONS = ['*']
  #  # '';
  #};

  # add nginx to the netbox group so it can read /var/lib/nginx/static
  # users = {
  #   groups."netbox" = {};
  #   users = {
  #     netbox = {
  #       isNormalUser = true;
  #       group = "netbox";
  #     };
  #   };
  # };
  # users.users.nginx.extraGroups = [ "netbox" ];
}