NetBox: Difference between revisions

From NixOS Wiki
imported>Vater
Klinger (talk | contribs)
m Acme to ACME link
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[https://netbox.dev/ {{PAGENAME}}] (<s>[[wikipedia:en:{{PAGENAME}}]]</s>) is available as a [[module]].
[https://netbox.dev/ {{PAGENAME}}] is available as a [[module]].
== configuration examples ==
== Setup ==


==== minimal configuration ====
=== Setup Secret Key ===
Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [https://docs.netbox.dev/en/stable/configuration/required-parameters/#secret_key].
 
You should '''NOT''' share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:


: <syntaxhighlight lang="bash">mkdir -p /var/lib/netbox/</syntaxhighlight>
: <syntaxhighlight lang="bash">$EDITOR /var/lib/netbox/passwordFile</syntaxhighlight>
: <syntaxhighlight lang="bash">cat /var/lib/netbox/passwordFile</syntaxhighlight>
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
this-is-an-initial-password-for-netbox
mkdir -p /var/lib/netbox/
nix-shell -p openssl
openssl rand -hex 50 > /var/lib/netbox/secret-key-file
</syntaxhighlight>
</syntaxhighlight>
<!--


<syntaxhighlight lang="nix">
=== Configuration ===
</syntaxhighlight>
<syntaxhighlight lang="nix">
# system.stateVersion = "22.05";


  services.netbox.enable = true;
==== Basic Configuration ====
  services.netbox.secretKeyFile = "/var/lib/netbox/passwordFile";
The module will automatically set up a Redis instance and a PostgreSQL database.<syntaxhighlight lang="nix">
{ config, ... }: {


   networking.firewall.allowedTCPPorts = [ 8001 ];
   networking.firewall.allowedTCPPorts = [ 80 ];
</syntaxhighlight>
<syntaxhighlight lang="nix">
</syntaxhighlight>


: unencrypted http (only)
  services.netbox = {
<s>http://hostName.domain.tld:8001</s>
    enable = true;
 
    secretKeyFile = "/var/lib/netbox/secret-key-file";
!-->
  };
 
==== basic configuration ====


<syntaxhighlight lang="nix">
  services.nginx = {
</syntaxhighlight>
    enable = true;
<syntaxhighlight lang="nix">
    user = "netbox"; # otherwise nginx cant access netbox files
# system.stateVersion = "22.05";
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
 
    virtualHosts.<name> = {
# networking.hostName = "netbox";
      locations = {
# networking.domain = "domain.tld";
        "/" = {
 
          proxyPass = "http://[::1]:8001";
  services.netbox.enable = true;
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
  services.netbox.secretKeyFile = "/var/lib/netbox/passwordFile";
        };
 
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
  services.nginx.enable = true;
# services.nginx.recommendedOptimisation = true;
#  services.nginx.recommendedGzipSettings = true;
 
# services.nginx.recommendedProxySettings = true;
  services.nginx.virtualHosts."${config.networking.fqdn}" = {
    locations = {
      "/" = {
#        extraConfig = ''
##          proxy_pass http://127.0.0.1:8001;
#          proxy_pass http://[::1]:8001;
#          proxy_set_header X-Forwarded-Host $http_host;
#          proxy_set_header X-Real-IP $remote_addr;
#          proxy_set_header X-Forwarded-Proto $scheme;
#        '';
#        proxyPass = "http://127.0.0.1:8001";
        proxyPass = "http://[::1]:8001";
####        proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
      };
      "/static/" = {
#        extraConfig = ''
#          alias /var/lib/netbox/static/;
#        '';
#        alias = "/var/lib/netbox/static/";
        alias = "${config.services.netbox.dataDir}/static/";
       };
       };
     };
     };
    forceSSL = true;
    enableACME = true;
   };
   };
  services.nginx.user = "netbox";
}  
# services.nginx.recommendedTlsSettings = true;
  security.acme.defaults.email = "acme@${config.networking.domain}";
  security.acme.acceptTerms = true;
 
#  networking.firewall.allowedTCPPorts = [ 80 443 8001 ];
  networking.firewall.allowedTCPPorts = [ 80 443 ];
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="nix">
</syntaxhighlight>
https://netbox.domain.tld
<!--
==== small configuration ====
with some (working (and maybe non working)) plugins


==== With Transport encryption ====
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
</syntaxhighlight>
{ config, ... }: {


-->
  networking.firewall.allowedTCPPorts = [ 80 443 ];
<!--


== database ==
  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };


-->
  services.nginx = {
<!--
    enable = true;
    forceSSL = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    recommendedTlsSettings = true;
    enableACME = true;
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };


== web server ==
  security.acme = {
    [ ... ]
    acceptTerms = true;
  };


-->
}
<!--
</syntaxhighlight>For more acme settings and further instruction, please look here [[ACME]].


== accounts ==
For more nginx settings and further instruction, please look here  [[Nginx|Nginx.]]
: groups and privileges


==== LDAP ====
=== Setup Superuser ===


==== OpenID ====
There will be no user after the installation, so you need to register one manually.  
==== OAuth ====
 
-->
== login ==
 
=== no (initial) account is create by default ===
 
tl;dr: No login is possible after installing and running [[{{PAGENAME}}]]. No account is created. You have to [[#create an initial account]].
 
==== reenact that there is no initial account created by default ====
 
<syntaxhighlight lang="bash">su postgres</syntaxhighlight>
 
----
 
<syntaxhighlight lang="bash">psql</syntaxhighlight>
 
----
----
 
postgres=# <syntaxhighlight lang="bash">\l</syntaxhighlight>
<syntaxhighlight lang="bash">
                                  List of databases                                                                                                                                                                                         
  Name    |  Owner  | Encoding |  Collate  |    Ctype    |  Access privileges                                                                                                                                                           
-----------+----------+----------+-------------+-------------+-----------------------                                                                                                                                                       
netbox    | postgres | UTF8    | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres        +                                                                                                                                                       
          |          |          |            |            | postgres=CTc/postgres+                                                                                                                                                       
          |          |          |            |            | netbox=CTc/postgres                                                                                                                                                           
postgres  | postgres | UTF8    | en_US.UTF-8 | en_US.UTF-8 |                                                       
template0 | postgres | UTF8    | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +                                 
          |          |          |            |            | postgres=CTc/postgres                                 
template1 | postgres | UTF8    | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +                                 
          |          |          |            |            | postgres=CTc/postgres                                 
(4 rows)                                                 
</syntaxhighlight>
 
postgres=# <syntaxhighlight lang="bash">\c netbox</syntaxhighlight>
<syntaxhighlight lang="bash">
You are now connected to database "netbox" as user "postgres".
</syntaxhighlight>
 
netbox=# <syntaxhighlight lang="bash">\dt</syntaxhighlight>
<syntaxhighlight lang="bash">
</syntaxhighlight>


netbox=# <syntaxhighlight lang="bash">SELECT * FROM auth_user;</syntaxhighlight>
To do this, run:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
id | password | last_login | is_superuser | username | first_name | last_name | email | is_staff | is_active | date_joined                                                                                                                 
$ netbox-manage createsuperuser
----+----------+------------+--------------+----------+------------+-----------+-------+----------+-----------+-------------                                                                                                                 
(0 rows)                                                                                                             
</syntaxhighlight>


netbox=# <syntaxhighlight lang="bash">\q</syntaxhighlight>
----
----
<syntaxhighlight lang="bash">exit</syntaxhighlight>
----
=== create an initial account ===
(first you have to) create an initial account (on the cli)
: this initial account will get highest privileges
<syntaxhighlight lang="bash">netbox-manage createsuperuser</syntaxhighlight>
<syntaxhighlight lang="bash">
Username (leave blank to use 'netbox'):  
Username (leave blank to use 'netbox'):  
</syntaxhighlight>
<syntaxhighlight lang="bash">
Email address:  
Email address:  
Password:  
Password:  
Password (again):  
Password (again):  
</syntaxhighlight>
 
<syntaxhighlight lang="bash">
Superuser created successfully.
Superuser created successfully.
</syntaxhighlight>
</syntaxhighlight>


=== first login ===
You can now log in with the given credentials.
 
=== Troubleshooting ===
 
==== CSRF aborted message at login ====
If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.
 
It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.


https://netbox.domain.tld/login/
== Documentation ==


:; Login: ''netbox''
* https://netbox.dev/
:; Password: ''…''
** https://docs.netbox.dev/
: <tt>Sign In</tt>


[[Category:Guide]]
[[Category:Guide]]
[[Category:Applications]]
[[Category:Applications]]

Latest revision as of 19:47, 25 June 2024

NetBox is available as a module.

Setup

Setup Secret Key

Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [1].

You should NOT share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:

mkdir -p /var/lib/netbox/
nix-shell -p openssl
openssl rand -hex 50 > /var/lib/netbox/secret-key-file

Configuration

Basic Configuration

The module will automatically set up a Redis instance and a PostgreSQL database.

{ config, ... }: {

  networking.firewall.allowedTCPPorts = [ 80 ];

  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };

  services.nginx = {
    enable = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };
}

With Transport encryption

{ config, ... }: {

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };

  services.nginx = {
    enable = true;
    forceSSL = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    recommendedTlsSettings = true;
    enableACME = true;
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };

  security.acme = {
    [ ... ]
    acceptTerms = true;
  };

}

For more acme settings and further instruction, please look here ACME.

For more nginx settings and further instruction, please look here Nginx.

Setup Superuser

There will be no user after the installation, so you need to register one manually.

To do this, run:

$ netbox-manage createsuperuser

Username (leave blank to use 'netbox'): 
Email address: 
Password: 
Password (again): 

Superuser created successfully.

You can now log in with the given credentials.

Troubleshooting

CSRF aborted message at login

If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.

It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.

Documentation