CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues 1 Pull requests 1 Wiki Activity

netbox: configure and patch NetBox for OIDC group and role mapping

Browse source 
The custom pipeline code is licensed under the Creative Commons: CC
BY-SA 4.0 license.

See:
https://github.com/goauthentik/authentik/blob/main/LICENSE
https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
https://docs.goauthentik.io/integrations/services/netbox/
This commit is contained in:
June 2025-01-14 20:49:14 +01:00
commit 5676b1a468
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
4 changed files with 91 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
config/hosts/netbox/netbox.nix
View file

@ -9,7 +9,8 @@
{
services.netbox = {
enable = true;
package = pkgs.netbox;
# Explicitly use the patched NetBox package.
package = pkgs.netbox_4_1;
secretKeyFile = "/run/secrets/netbox_secret_key";
keycloakClientSecret = "/run/secrets/netbox_keycloak_secret";
settings = {
@ -24,6 +25,24 @@
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB";
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth";
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token";
SOCIAL_AUTH_PIPELINE = [
# The default pipeline as can be found in:
# /nix/store/q2jsn56bgkj0nkz0j4w48x3klyn2x4gp-netbox-4.1.7/opt/netbox/netbox/netbox/settings.py
"social_core.pipeline.social_auth.social_details"
"social_core.pipeline.social_auth.social_uid"
"social_core.pipeline.social_auth.social_user"
"social_core.pipeline.user.get_username"
"social_core.pipeline.user.create_user"
"social_core.pipeline.social_auth.associate_user"
"netbox.authentication.user_default_groups_handler"
"social_core.pipeline.social_auth.load_extra_data"
"social_core.pipeline.user.user_details"
# Use custom pipeline functions patched in via netbox41OIDCMappingOverlay.
# See: https://docs.goauthentik.io/integrations/services/netbox/
"netbox.custom_pipeline.add_groups"
"netbox.custom_pipeline.remove_groups"
"netbox.custom_pipeline.set_roles"
];
};
};