Official NixOS Wiki

NetBox: Difference between revisions

VisualWikitext
imported>Vater
Created page with "[https://netbox.dev/ {{PAGENAME}}] (<s>[[wikipedia:en:{{PAGENAME}}]]</s>) is available as a module. == configuration examples == ==== minimal configuration ==== <!-- <s..."
 
Cobalt (talk | contribs)
2 edits
m Fixed inline code and added note about plugin id name difference
 
(12 intermediate revisions by 5 users not shown)
Line 1: Line 1:
[https://netbox.dev/ {{PAGENAME}}] (<s>[[wikipedia:en:{{PAGENAME}}]]</s>) is available as a [[module]].
[https://netbox.dev/ {{PAGENAME}}] is available as a [[module]].
== Setup ==


== configuration examples ==
=== Setup Secret Key ===
Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [https://docs.netbox.dev/en/stable/configuration/required-parameters/#secret_key].


==== minimal configuration ====
You should '''NOT''' share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:
<!--


<syntaxhighlight lang="nix">
<syntaxhighlight lang="bash">
mkdir -p /var/lib/netbox/
nix-shell -p openssl
openssl rand -hex 50 > /var/lib/netbox/secret-key-file
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="nix">
# system.stateVersion = "22.05";


  services.netbox.enable = true;
=== Configuration ===


  networking.firewall.allowedTCPPorts = [ 8001 ];
==== Basic Configuration ====
</syntaxhighlight>
The module will automatically set up a Redis instance and a PostgreSQL database.<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
{ config, ... }: {
</syntaxhighlight>


: unencrypted http (only)
  networking.firewall.allowedTCPPorts = [ 80 ];
<s>http://hostName.domain.tld:8001</s>


!-->
  services.netbox = {
==== basic configuration ====
    enable = true;
<!--
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };


<syntaxhighlight lang="nix">
  services.nginx = {
    enable = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };
}
</syntaxhighlight>
</syntaxhighlight>
==== With Transport encryption ====
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
# system.stateVersion = "22.05";
{ config, ... }: {


# networking.hostName = "netbox";
  networking.firewall.allowedTCPPorts = [ 80 443 ];
# networking.domain = "domain.tld";


   services.netbox.enable = true;
   services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };


   services.nginx.enable = true;
   services.nginx = {
# services.nginx.recommendedOptimisation = true;
     enable = true;
#  services.nginx.recommendedGzipSettings = true;
 
# services.nginx.recommendedProxySettings = true;
  services.nginx.virtualHosts."${config.networking.fqdn}" = {
     locations."/" = {
#      proxyPass = "http://127.0.0.1:8001";
      proxyPass = "http://[::1]:8001";
    };
     forceSSL = true;
     forceSSL = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    recommendedTlsSettings = true;
     enableACME = true;
     enableACME = true;
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
   };
   };
# services.nginx.recommendedTlsSettings = true;
  security.acme.defaults.email = "acme@${config.networking.domain}";
  security.acme.acceptTerms = true;


#  networking.firewall.allowedTCPPorts = [ 80 443 8001 ];
  security.acme = {
  networking.firewall.allowedTCPPorts = [ 80 443 ];
    [ ... ]
</syntaxhighlight>
    acceptTerms = true;
<syntaxhighlight lang="nix">
  };
</syntaxhighlight>


https://netbox.domain.tld
}
</syntaxhighlight>For more acme settings and further instruction, please look here [[ACME]].


!-->
For more nginx settings and further instruction, please look here  [[Nginx|Nginx.]]
<!--


==== small configuration ====
=== Plugins ===
with some (working (and maybe non working)) plugins
The NixOS module supports plugins from nixpkgs. However, at the moment only a small set of plugins is packaged in nixpkgs and is available as part of [https://search.nixos.org/packages?type=packages&query=python3Packages+netbox python3Packages]. The documentation for plugins is being worked on and discussed in [https://github.com/NixOS/nixpkgs/issues/261522 #261522].


<syntaxhighlight lang="nix">
To include a plugin:<syntaxhighlight lang="nix">
</syntaxhighlight>
{ pkgs, ... }: {
  services.netbox = {
    plugins = ps: with ps; [ ps.netbox-reorder-rack ];
    settings.PLUGINS = ["netbox_reorder_rack"];
  };
}
</syntaxhighlight>The plugin identifier for <source lang="nix" enclose="none">services.netbox.settings.PLUGINS</source> is usually contained in the official documentation for the plugin. It usually is slightly different from the package name.


-->
=== Setup Superuser ===
<!--


== database ==
There will be no user after the installation, so you need to register one manually.


-->
To do this, run:
<!--
<syntaxhighlight lang="bash">
$ netbox-manage createsuperuser


== web server ==
-->
<!--
== accounts ==
: groups and privileges
==== LDAP ====
==== OpenID ====
==== OAuth ====
-->
== login ==
(first you have to) create an initial account (on the cli)
: this initial account will get highest privileges
<syntaxhighlight lang="bash">netbox-manage createsuperuser</syntaxhighlight>
<syntaxhighlight lang="bash">
Username (leave blank to use 'netbox'):  
Username (leave blank to use 'netbox'):  
</syntaxhighlight>
<syntaxhighlight lang="bash">
Email address:  
Email address:  
Password:  
Password:  
Password (again):  
Password (again):  
</syntaxhighlight>
 
<syntaxhighlight lang="bash">
Superuser created successfully.
Superuser created successfully.
</syntaxhighlight>
</syntaxhighlight>


https://netbox.domain.tld/login/
You can now log in with the given credentials.
 
=== Troubleshooting ===
 
==== CSRF aborted message at login ====
If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.
 
It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.
 
== Documentation ==


:; Login: ''netbox''
* https://netbox.dev/
:; Password: ''…''
** https://docs.netbox.dev/
: <tt>Sign In</tt>


[[Category:Guide]]
[[Category:Guide]]
[[Category:Applications]]
[[Category:Applications]]
Retrieved from "https://wiki.nixos.org/wiki/NetBox"