CCCHH/nix-infra
CCCHH/nix-infra
16
2
Fork 2
Code Issues Pull requests 3 Projects Wiki Activity

Migrate NetBox to Chaosknoten and hamburg.ccc.de domain

Browse source
This commit is contained in:
June 2023-09-21 19:09:28 +02:00
parent 2e3e8c7031
commit 01a6d189f2
5 changed files with 47 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/hosts/netbox/default.nix
View file

@ -4,6 +4,7 @@
imports = [ imports = [
./configuration.nix ./configuration.nix
./netbox.nix ./netbox.nix
./networking.nix
./nginx.nix ./nginx.nix
]; ];
} }

2
config/hosts/netbox/netbox.nix
View file

@ -11,7 +11,7 @@
enable = true; enable = true;
secretKeyFile = "/secrets/netbox-secret-key.secret"; secretKeyFile = "/secrets/netbox-secret-key.secret";
settings = { settings = {
ALLOWED_HOSTS = [ "netbox.ccchh.net" "10.31.208.29" ]; ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ];
SESSION_COOKIE_SECURE = true; SESSION_COOKIE_SECURE = true;
}; };
}; };

26
config/hosts/netbox/networking.nix Normal file
View file

@ -0,0 +1,26 @@
# Networking configuration for the host.
# Sources for this configuration:
# - https://nixos.org/manual/nixos/stable/#sec-networking
# - https://nixos.wiki/wiki/Systemd-networkd
# - https://wiki.archlinux.org/title/Systemd-networkd
{ config, pkgs, ... }:
{
networking.interfaces.net0 = {
ipv4.addresses = [
{
address = "172.31.17.149";
prefixLength = 25;
}
];
};
networking.defaultGateway = "172.31.17.129";
networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
networking.search = [ "hamburg.ccc.de" ];
systemd.network.links."10-net0" = {
matchConfig.MACAddress = "62:ED:44:20:7C:C1";
linkConfig.Name = "net0";
};
}

28
config/hosts/netbox/nginx.nix
View file

@ -12,10 +12,10 @@
# So nginx can access the Netbox static files. # So nginx can access the Netbox static files.
user = "netbox"; user = "netbox";
virtualHosts."acme-netbox.ccchh.net" = { virtualHosts."acme-netbox.hamburg.ccc.de" = {
default = true; default = true;
enableACME = true; enableACME = true;
serverName = "netbox.ccchh.net"; serverName = "netbox.hamburg.ccc.de";
listen = [ listen = [
{ {
@ -25,20 +25,17 @@
]; ];
}; };
virtualHosts."netbox.ccchh.net" = { virtualHosts."netbox.hamburg.ccc.de" = {
default = true; default = true;
forceSSL = true; forceSSL = true;
useACMEHost = "netbox.ccchh.net"; useACMEHost = "netbox.hamburg.ccc.de";
listen = [ listen = [
{ {
addr = "0.0.0.0"; addr = "0.0.0.0";
port = 80; port = 8443;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true; ssl = true;
extraParameters = [ "proxy_protocol" ];
} }
]; ];
@ -51,11 +48,20 @@
}; };
extraConfig = '' extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
client_max_body_size 25m; client_max_body_size 25m;
''; '';
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 31820 ]; networking.firewall.allowedTCPPorts = [ 8443 31820 ];
networking.firewall.allowedUDPPorts = [ 443 ]; networking.firewall.allowedUDPPorts = [ 8443 ];
} }

4
flake.nix
View file

@ -65,10 +65,10 @@
netbox = { netbox = {
deployment = { deployment = {
targetHost = "netbox.z9.ccchh.net"; targetHost = "netbox-intern.hamburg.ccc.de";
targetPort = 22; targetPort = 22;
targetUser = "colmena-deploy"; targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ]; tags = [ "chaosknoten" ];
}; };
imports = [ imports = [
./config/common ./config/common