NixOS Wiki

NetBox: Difference between revisions

← Older edit
VisualWikitext
imported>Vater
No edit summary
Cobalt (talk | contribs)
2 edits
m Fixed inline code and added note about plugin id name difference
 
(10 intermediate revisions by 5 users not shown)
Line 1: Line 1:
[https://netbox.dev/ {{PAGENAME}}] (<s>[[wikipedia:en:{{PAGENAME}}]]</s>) is available as a [[module]].
[https://netbox.dev/ {{PAGENAME}}] is available as a [[module]].
== configuration examples ==
== Setup ==


==== minimal configuration ====
=== Setup Secret Key ===
Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [https://docs.netbox.dev/en/stable/configuration/required-parameters/#secret_key].
 
You should '''NOT''' share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:


<syntaxhighlight lang="bash">mkdir -p /var/lib/netbox/</syntaxhighlight>
<syntaxhighlight lang="bash">$EDITOR /var/lib/netbox/passwordFile</syntaxhighlight>
<syntaxhighlight lang="bash">cat /var/lib/netbox/passwordFile</syntaxhighlight>
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
this-is-an-initial-password-for-netbox
mkdir -p /var/lib/netbox/
nix-shell -p openssl
openssl rand -hex 50 > /var/lib/netbox/secret-key-file
</syntaxhighlight>
</syntaxhighlight>
<!--


<syntaxhighlight lang="nix">
=== Configuration ===
</syntaxhighlight>
<syntaxhighlight lang="nix">
# system.stateVersion = "22.05";


  services.netbox.enable = true;
==== Basic Configuration ====
  services.netbox.secretKeyFile = "/var/lib/netbox/passwordFile";
The module will automatically set up a Redis instance and a PostgreSQL database.<syntaxhighlight lang="nix">
{ config, ... }: {


   networking.firewall.allowedTCPPorts = [ 8001 ];
   networking.firewall.allowedTCPPorts = [ 80 ];
</syntaxhighlight>
<syntaxhighlight lang="nix">
</syntaxhighlight>


: unencrypted http (only)
  services.netbox = {
<s>http://hostName.domain.tld:8001</s>
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };


!-->
  services.nginx = {
==== basic configuration ====
    enable = true;
 
    user = "netbox"; # otherwise nginx cant access netbox files
<syntaxhighlight lang="nix">
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
</syntaxhighlight>
    virtualHosts.<name> = {
<syntaxhighlight lang="nix">
      locations = {
# system.stateVersion = "22.05";
        "/" = {
 
          proxyPass = "http://[::1]:8001";
# networking.hostName = "netbox";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
# networking.domain = "domain.tld";
        };
 
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
  services.netbox.enable = true;
  services.netbox.secretKeyFile = "/var/lib/netbox/passwordFile";
 
  services.nginx.enable = true;
# services.nginx.recommendedOptimisation = true;
#  services.nginx.recommendedGzipSettings = true;
 
# services.nginx.recommendedProxySettings = true;
  services.nginx.virtualHosts."${config.networking.fqdn}" = {
    locations = {
      "/" = {
#        extraConfig = ''
##          proxy_pass http://127.0.0.1:8001;
#          proxy_pass http://[::1]:8001;
#          proxy_set_header X-Forwarded-Host $http_host;
#          proxy_set_header X-Real-IP $remote_addr;
#          proxy_set_header X-Forwarded-Proto $scheme;
#        '';
#        proxyPass = "http://127.0.0.1:8001";
        proxyPass = "http://[::1]:8001";
####        proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
      };
      "/static/" = {
#        extraConfig = ''
#          alias /var/lib/netbox/static/;
#        '';
#        alias = "/var/lib/netbox/static/";
        alias = "${config.services.netbox.dataDir}/static/";
       };
       };
     };
     };
    forceSSL = true;
    enableACME = true;
   };
   };
  services.nginx.user = "netbox";
}  
# services.nginx.recommendedTlsSettings = true;
  security.acme.defaults.email = "acme@${config.networking.domain}";
  security.acme.acceptTerms = true;
 
#  networking.firewall.allowedTCPPorts = [ 80 443 8001 ];
  networking.firewall.allowedTCPPorts = [ 80 443 ];
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="nix">
</syntaxhighlight>
https://netbox.domain.tld
<!--
==== small configuration ====
with some (working (and maybe non working)) plugins


==== With Transport encryption ====
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
</syntaxhighlight>
{ config, ... }: {


-->
  networking.firewall.allowedTCPPorts = [ 80 443 ];
<!--


== database ==
  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };


-->
  services.nginx = {
<!--
    enable = true;
    forceSSL = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    recommendedTlsSettings = true;
    enableACME = true;
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };


== web server ==
  security.acme = {
    [ ... ]
    acceptTerms = true;
  };


-->
}
<!--
</syntaxhighlight>For more acme settings and further instruction, please look here [[ACME]].


== accounts ==
For more nginx settings and further instruction, please look here  [[Nginx|Nginx.]]
: groups and privileges


==== LDAP ====
=== Plugins ===
The NixOS module supports plugins from nixpkgs. However, at the moment only a small set of plugins is packaged in nixpkgs and is available as part of [https://search.nixos.org/packages?type=packages&query=python3Packages+netbox python3Packages]. The documentation for plugins is being worked on and discussed in [https://github.com/NixOS/nixpkgs/issues/261522 #261522].


==== OpenID ====
To include a plugin:<syntaxhighlight lang="nix">
==== OAuth ====
{ pkgs, ... }: {
  services.netbox = {
    plugins = ps: with ps; [ ps.netbox-reorder-rack ];
    settings.PLUGINS = ["netbox_reorder_rack"];
  };
}
</syntaxhighlight>The plugin identifier for <source lang="nix" enclose="none">services.netbox.settings.PLUGINS</source> is usually contained in the official documentation for the plugin. It usually is slightly different from the package name.


-->
=== Setup Superuser ===
== login ==


=== no (initial) account is create by default ===
There will be no user after the installation, so you need to register one manually.


tl;dr: No login is possible after installing and running [[{{PAGENAME}}]]. No account is created. You have to [[#create an initial account]].
To do this, run:  
 
==== reenact that there is no initial account created by default ====
 
<syntaxhighlight lang="bash">su postgres</syntaxhighlight>
 
----
 
<syntaxhighlight lang="bash">psql</syntaxhighlight>
 
----
----
 
postgres=# <syntaxhighlight lang="bash">\l</syntaxhighlight>
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
                                  List of databases                                                                                                                                                                                         
$ netbox-manage createsuperuser
  Name    |  Owner  | Encoding |  Collate  |    Ctype    |  Access privileges                                                                                                                                                           
-----------+----------+----------+-------------+-------------+-----------------------                                                                                                                                                       
netbox   | postgres | UTF8    | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres        +                                                                                                                                                       
          |          |          |            |            | postgres=CTc/postgres+                                                                                                                                                       
          |          |          |            |            | netbox=CTc/postgres                                                                                                                                                           
postgres  | postgres | UTF8    | en_US.UTF-8 | en_US.UTF-8 |                                                       
template0 | postgres | UTF8    | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +                                 
          |          |          |            |            | postgres=CTc/postgres                                 
template1 | postgres | UTF8    | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +                                 
          |          |          |            |            | postgres=CTc/postgres                                 
(4 rows)                                                 
</syntaxhighlight>


postgres=# <syntaxhighlight lang="bash">\c netbox</syntaxhighlight>
<syntaxhighlight lang="bash">
You are now connected to database "netbox" as user "postgres".
</syntaxhighlight>
netbox=# <syntaxhighlight lang="bash">\dt</syntaxhighlight>
<syntaxhighlight lang="bash">
</syntaxhighlight>
netbox=# <syntaxhighlight lang="bash">SELECT * FROM auth_user;</syntaxhighlight>
<syntaxhighlight lang="bash">
id | password | last_login | is_superuser | username | first_name | last_name | email | is_staff | is_active | date_joined                                                                                                                 
----+----------+------------+--------------+----------+------------+-----------+-------+----------+-----------+-------------                                                                                                                 
(0 rows)                                                                                                             
</syntaxhighlight>
netbox=# <syntaxhighlight lang="bash">\q</syntaxhighlight>
----
----
<syntaxhighlight lang="bash">exit</syntaxhighlight>
----
=== create an initial account ===
(first you have to) create an initial account (on the cli)
: this initial account will get highest privileges
<syntaxhighlight lang="bash">netbox-manage createsuperuser</syntaxhighlight>
<syntaxhighlight lang="bash">
Username (leave blank to use 'netbox'):  
Username (leave blank to use 'netbox'):  
</syntaxhighlight>
<syntaxhighlight lang="bash">
Email address:  
Email address:  
Password:  
Password:  
Password (again):  
Password (again):  
</syntaxhighlight>
 
<syntaxhighlight lang="bash">
Superuser created successfully.
Superuser created successfully.
</syntaxhighlight>
</syntaxhighlight>


=== first login ===
You can now log in with the given credentials.
 
=== Troubleshooting ===
 
==== CSRF aborted message at login ====
If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.
 
It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.


https://netbox.domain.tld/login/
== Documentation ==


:; Login: ''netbox''
* https://netbox.dev/
:; Password: ''…''
** https://docs.netbox.dev/
: <tt>Sign In</tt>


[[Category:Guide]]
[[Category:Guide]]
[[Category:Applications]]
[[Category:Applications]]
Retrieved from "https://wiki.nixos.org/wiki/NetBox"