forked from CCCHH/nix-infra
netbox: integrate with CCCHH ID (Keycloak)
This commit is contained in:
parent
c54b655b0e
commit
05b96b8fae
2 changed files with 20 additions and 3 deletions
|
@ -11,9 +11,19 @@
|
|||
enable = true;
|
||||
package = pkgs.netbox;
|
||||
secretKeyFile = "/run/secrets/netbox_secret_key";
|
||||
keycloakClientSecret = "/run/secrets/netbox_keycloak_secret";
|
||||
settings = {
|
||||
ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ];
|
||||
SESSION_COOKIE_SECURE = true;
|
||||
# CCCHH ID (Keycloak) integration.
|
||||
# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7
|
||||
# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html
|
||||
REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2";
|
||||
SOCIAL_AUTH_KEYCLOAK_KEY = "netbox";
|
||||
# SOCIAL_AUTH_KEYCLOAK_SECRET set via keycloakClientSecret option.
|
||||
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB";
|
||||
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth";
|
||||
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -21,6 +31,12 @@
|
|||
mode = "0440";
|
||||
owner = "netbox";
|
||||
group = "netbox";
|
||||
restartUnits = [ "netbox.service" ];
|
||||
restartUnits = [ "netbox.service" "netbox-rq.service" ];
|
||||
};
|
||||
sops.secrets."netbox_keycloak_secret" = {
|
||||
mode = "0440";
|
||||
owner = "netbox";
|
||||
group = "netbox";
|
||||
restartUnits = [ "netbox.service" "netbox-rq.service" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
netbox_secret_key: ENC[AES256_GCM,data:7cVGSlrCo3MEjeLjfeZrL0VZi3+yZqsC3qI+rx+xadic78H0egWCCNaYEHIgtilgFjw=,iv:gnearzPduWcrVLU/FuzS05eNPZ5srX0hqZyElq+19ek=,tag:9MKgFb4eVYE6a5ncx9sgpw==,type:str]
|
||||
netbox_keycloak_secret: ENC[AES256_GCM,data:WLPCwl6KmHhyGwpqchZUmTr0XwA1T9asAEXNOSQMfGU=,iv:fsO+Ho18Uz6+y2iohbve1bUKhCR/c2zNrbODR2Jrh3Q=,tag:MWeh7GhdyUJnSzrndA3l3Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -14,8 +15,8 @@ sops:
|
|||
V1lQK3YzTWI5ZGdyeGtFQ0E3QXQ3YnMK8sBStC8xBKwpeWkF/HrryWi0hZA69nuw
|
||||
a73HiZuED8KEp5OPME3yC6Ode71uEEaE/av2zp7WUYbCqVpWnwcjSg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-26T01:07:35Z"
|
||||
mac: ENC[AES256_GCM,data:0zWNPrUqpuC/qXOaTE8ayrTbnZdg9VA2NqxSNnV0bogqxVkg8zhbx8OKYfNQ0DswjxKNEnKsqjp62gA678VfRfGHJU5ZoHfAC7kBbrkDy+pMzS6LRwT+7n0C1AbaaG7hienGJQsx2gUUYqu7OSQuS722lXAw65deFvZGtL6lt8E=,iv:mOLkzF5pJFazmH9XX94Hjd04FcgSh0hY4juEO3vKNBc=,tag:lSk0lnVONQCmuO0KmxlL0Q==,type:str]
|
||||
lastmodified: "2024-10-08T23:54:23Z"
|
||||
mac: ENC[AES256_GCM,data:6KwBwJ1uTuOaCTcBs9sgvX+E/bV37ylJmDqYupa3545ba5Y3VMuF2Hx72zzRYPmh5/DmwzDxc/f7TZUheO5jwwwMGGNCYuX2c+nkzLgtovT/yCXTo8vPHNf03fQRHlOq28ztQIG8Ug1s/t4XkA+iuqPdbvyNKLbsJfJBqg4SF44=,iv:SUXPFtW3/pSTBnjAh77G6pJTucHy4VEhUVkELiMJ4JU=,tag:SfLCwPpJuvL7RrIRmN5PGg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-05-26T01:07:22Z"
|
||||
enc: |-
|
||||
|
|
Loading…
Reference in a new issue