# Sources for this configuration: # - https://docs.netbox.dev/en/stable/configuration/ # - https://colmena.cli.rs/unstable/features/keys.html # - https://colmena.cli.rs/unstable/reference/deployment.html # - https://git.grzb.de/yuri/nix-infra/-/blob/33f2d9e324c2e3a8b1b41c20bce239001bcce9fc/hosts/netbox/secrets.nix { config, pkgs, ... }: { services.netbox = { enable = true; package = pkgs.netbox; secretKeyFile = "/run/secrets/netbox_secret_key"; keycloakClientSecret = "/run/secrets/netbox_keycloak_secret"; settings = { ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ]; SESSION_COOKIE_SECURE = true; # CCCHH ID (Keycloak) integration. # https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7 # https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2"; SOCIAL_AUTH_KEYCLOAK_KEY = "netbox"; # SOCIAL_AUTH_KEYCLOAK_SECRET set via keycloakClientSecret option. SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"; SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"; SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"; }; }; sops.secrets."netbox_secret_key" = { mode = "0440"; owner = "netbox"; group = "netbox"; restartUnits = [ "netbox.service" "netbox-rq.service" ]; }; sops.secrets."netbox_keycloak_secret" = { mode = "0440"; owner = "netbox"; group = "netbox"; restartUnits = [ "netbox.service" "netbox-rq.service" ]; }; }