NetBox: Difference between revisions

From NixOS Wiki
the configuration was in my opinion a little bit confusing. i got it to work with my done changes. i dont have an ssl intern at the moment so i cant do with ssl configuration. when i have one i will update these page
Cobalt (talk | contribs)
m Fixed inline code and added note about plugin id name difference
 
(4 intermediate revisions by 3 users not shown)
Line 2: Line 2:
== Setup ==
== Setup ==


==== Setup Secret Key ====
=== Setup Secret Key ===
Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [https://docs.netbox.dev/en/stable/configuration/required-parameters/#secret_key].


Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [https://docs.netbox.dev/en/stable/configuration/required-parameters/#secret_key].
You should '''NOT''' share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:
You should not share this key outside of the configuration (i.e. in /nix/store) and it must be at least 50 characters long:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
Line 13: Line 13:
</syntaxhighlight>
</syntaxhighlight>


===== Basic Configuration =====
=== Configuration ===
The module will automatically setup a redis instance and a PostgreSQL database.<syntaxhighlight lang="nix">
 
==== Basic Configuration ====
The module will automatically set up a Redis instance and a PostgreSQL database.<syntaxhighlight lang="nix">
{ config, ... }: {
{ config, ... }: {


Line 26: Line 28:
   services.nginx = {
   services.nginx = {
     enable = true;
     enable = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
     virtualHosts.<name> = {
     virtualHosts.<name> = {
       locations = {
       locations = {
Line 39: Line 43:
</syntaxhighlight>
</syntaxhighlight>


==== With Transport encryption ====
<syntaxhighlight lang="nix">
{ config, ... }: {
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };
  services.nginx = {
    enable = true;
    forceSSL = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    recommendedTlsSettings = true;
    enableACME = true;
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };
  security.acme = {
    [ ... ]
    acceptTerms = true;
  };
}
</syntaxhighlight>For more acme settings and further instruction, please look here [[ACME]].
For more nginx settings and further instruction, please look here  [[Nginx|Nginx.]]
=== Plugins ===
The NixOS module supports plugins from nixpkgs. However, at the moment only a small set of plugins is packaged in nixpkgs and is available as part of [https://search.nixos.org/packages?type=packages&query=python3Packages+netbox python3Packages]. The documentation for plugins is being worked on and discussed in [https://github.com/NixOS/nixpkgs/issues/261522 #261522].
To include a plugin:<syntaxhighlight lang="nix">
{ pkgs, ... }: {
  services.netbox = {
    plugins = ps: with ps; [ ps.netbox-reorder-rack ];
    settings.PLUGINS = ["netbox_reorder_rack"];
  };
}
</syntaxhighlight>The plugin identifier for <source lang="nix" enclose="none">services.netbox.settings.PLUGINS</source> is usually contained in the official documentation for the plugin. It usually is slightly different from the package name.


=== Setup Superuser ===
=== Setup Superuser ===


There will be no user after the installation, so you need to install one manually.
There will be no user after the installation, so you need to register one manually.  
 
To do this, run:  
To do this, run:  
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
Line 55: Line 110:
</syntaxhighlight>
</syntaxhighlight>


You can now log in with the given credentials.
=== Troubleshooting ===


You can now login with the given credentials at https://netbox.domain.tld/login/
==== CSRF aborted message at login ====
If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.


It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.


== Documentation ==
== Documentation ==

Latest revision as of 13:56, 21 December 2024

NetBox is available as a module.

Setup

Setup Secret Key

Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [1].

You should NOT share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:

mkdir -p /var/lib/netbox/
nix-shell -p openssl
openssl rand -hex 50 > /var/lib/netbox/secret-key-file

Configuration

Basic Configuration

The module will automatically set up a Redis instance and a PostgreSQL database.

{ config, ... }: {

  networking.firewall.allowedTCPPorts = [ 80 ];

  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };

  services.nginx = {
    enable = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };
}

With Transport encryption

{ config, ... }: {

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };

  services.nginx = {
    enable = true;
    forceSSL = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    recommendedTlsSettings = true;
    enableACME = true;
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };

  security.acme = {
    [ ... ]
    acceptTerms = true;
  };

}

For more acme settings and further instruction, please look here ACME.

For more nginx settings and further instruction, please look here Nginx.

Plugins

The NixOS module supports plugins from nixpkgs. However, at the moment only a small set of plugins is packaged in nixpkgs and is available as part of python3Packages. The documentation for plugins is being worked on and discussed in #261522.

To include a plugin:

{ pkgs, ... }: {
  services.netbox = {
    plugins = ps: with ps; [ ps.netbox-reorder-rack ];
    settings.PLUGINS = ["netbox_reorder_rack"];
  };
}

The plugin identifier for services.netbox.settings.PLUGINS is usually contained in the official documentation for the plugin. It usually is slightly different from the package name.

Setup Superuser

There will be no user after the installation, so you need to register one manually.

To do this, run:

$ netbox-manage createsuperuser

Username (leave blank to use 'netbox'): 
Email address: 
Password: 
Password (again): 

Superuser created successfully.

You can now log in with the given credentials.

Troubleshooting

CSRF aborted message at login

If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.

It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.

Documentation