CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues 1 Pull requests 1 Wiki Activity

netbox: integrate with CCCHH ID (Keycloak)

Browse source
This commit is contained in:
June 2024-10-09 02:18:46 +02:00 committed by echtnurich
commit 51cc0097f0
Signed by: echtnurich
SSH key fingerprint: SHA256:1eIkxME0VPeXC2WMl9Haus+q0SLFymSAWU7f6Z+A8Aw
2 changed files with 20 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

18
config/hosts/netbox/netbox.nix
View file

@ -11,9 +11,19 @@
enable = true;
package = pkgs.netbox;
secretKeyFile = "/run/secrets/netbox_secret_key";
keycloakClientSecret = "/run/secrets/netbox_keycloak_secret";
settings = {
ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ];
SESSION_COOKIE_SECURE = true;
# CCCHH ID (Keycloak) integration.
# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2";
SOCIAL_AUTH_KEYCLOAK_KEY = "netbox";
# SOCIAL_AUTH_KEYCLOAK_SECRET set via keycloakClientSecret option.
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB";
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth";
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token";
};
};
@ -21,6 +31,12 @@
mode = "0440";
owner = "netbox";
group = "netbox";
restartUnits = [ "netbox.service" ];
restartUnits = [ "netbox.service" "netbox-rq.service" ];
};
sops.secrets."netbox_keycloak_secret" = {
mode = "0440";
owner = "netbox";
group = "netbox";
restartUnits = [ "netbox.service" "netbox-rq.service" ];
};
}

5
config/hosts/netbox/secrets.yaml
View file

@ -1,4 +1,5 @@
netbox_secret_key: ENC[AES256_GCM,data:7cVGSlrCo3MEjeLjfeZrL0VZi3+yZqsC3qI+rx+xadic78H0egWCCNaYEHIgtilgFjw=,iv:gnearzPduWcrVLU/FuzS05eNPZ5srX0hqZyElq+19ek=,tag:9MKgFb4eVYE6a5ncx9sgpw==,type:str]
netbox_keycloak_secret: ENC[AES256_GCM,data:WLPCwl6KmHhyGwpqchZUmTr0XwA1T9asAEXNOSQMfGU=,iv:fsO+Ho18Uz6+y2iohbve1bUKhCR/c2zNrbODR2Jrh3Q=,tag:MWeh7GhdyUJnSzrndA3l3Q==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +15,8 @@ sops:
V1lQK3YzTWI5ZGdyeGtFQ0E3QXQ3YnMK8sBStC8xBKwpeWkF/HrryWi0hZA69nuw
a73HiZuED8KEp5OPME3yC6Ode71uEEaE/av2zp7WUYbCqVpWnwcjSg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-26T01:07:35Z"
mac: ENC[AES256_GCM,data:0zWNPrUqpuC/qXOaTE8ayrTbnZdg9VA2NqxSNnV0bogqxVkg8zhbx8OKYfNQ0DswjxKNEnKsqjp62gA678VfRfGHJU5ZoHfAC7kBbrkDy+pMzS6LRwT+7n0C1AbaaG7hienGJQsx2gUUYqu7OSQuS722lXAw65deFvZGtL6lt8E=,iv:mOLkzF5pJFazmH9XX94Hjd04FcgSh0hY4juEO3vKNBc=,tag:lSk0lnVONQCmuO0KmxlL0Q==,type:str]
lastmodified: "2024-10-08T23:54:23Z"
mac: ENC[AES256_GCM,data:6KwBwJ1uTuOaCTcBs9sgvX+E/bV37ylJmDqYupa3545ba5Y3VMuF2Hx72zzRYPmh5/DmwzDxc/f7TZUheO5jwwwMGGNCYuX2c+nkzLgtovT/yCXTo8vPHNf03fQRHlOq28ztQIG8Ug1s/t4XkA+iuqPdbvyNKLbsJfJBqg4SF44=,iv:SUXPFtW3/pSTBnjAh77G6pJTucHy4VEhUVkELiMJ4JU=,tag:SfLCwPpJuvL7RrIRmN5PGg==,type:str]
pgp:
- created_at: "2024-05-26T01:07:22Z"
enc: |-