NetBox: Difference between revisions

(11 intermediate revisions by 5 users not shown)

Line 1:

[https://netbox.dev/ {{PAGENAME}}] ~~(<s>[[wikipedia:en:{{PAGENAME}}]]</s>)~~ is available as a [[module]].

[https://netbox.dev/ {{PAGENAME}}] is available as a [[module]].

== Setup ==

== ~~configuration examples~~ ==

=== Setup Secret Key ===

Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [https://docs.netbox.dev/en/stable/configuration/required-parameters/#secret_key].

~~==== minimal~~ configuration ~~====~~

You should '''NOT''' share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:

~~<!--~~

mkdir -p /var/lib/netbox/

nix-shell -p openssl

openssl rand -hex 50 > /var/lib/netbox/secret-key-file

</syntaxhighlight>

~~<syntaxhighlight lang="nix">~~

~~# system.stateVersion = "22.05";~~

~~services.netbox.enable~~ = ~~true;~~

=== Configuration ===

~~networking.firewall.allowedTCPPorts~~ = ~~[ 8001 ];~~

==== Basic Configuration ====

~~</syntaxhighlight>~~

The module will automatically set up a Redis instance and a PostgreSQL database.<syntaxhighlight lang="nix">

{ config, ... }: {

~~</syntaxhighlight>~~

~~: unencrypted http (only)~~

networking.firewall.allowedTCPPorts = [ 80 ];

~~<s>http://hostName~~.~~domain~~.~~tld:8001</s>~~

~~!-->~~

services.netbox = {

==~~== basic configuration ====~~

enable = true;

<!--

secretKeyFile = "/var/lib/netbox/secret-key-file";

};

<~~syntaxhighlight lang~~="~~nix~~">

services.nginx = {

enable = true;

user = "netbox"; # otherwise nginx cant access netbox files

recommendedProxySettings = true; # otherwise you will get CSRF error while login

virtualHosts.<name> = {

locations = {

"/" = {

proxyPass = "http://[::1]:8001";

# proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";

};

"/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };

};

}

</syntaxhighlight>

==== With Transport encryption ====

~~# system~~.~~stateVersion = "22~~.~~05";~~

{ config, ... }: {

# networking.~~hostName = "netbox";~~

networking.firewall.allowedTCPPorts = [ 80 443 ];

~~# networking~~.~~domain~~ = ~~"domain.tld"~~;

services.netbox~~.enable~~ = ~~true;~~

services.netbox = {

enable = true;

~~services.nginx.~~enable = true;

secretKeyFile = "/var/lib/netbox/secret-key-file";

~~# services.nginx.recommendedOptimisation~~ = ~~true~~;

};

~~# services.nginx.recommendedGzipSettings = true~~;

~~# services.nginx.recommendedProxySettings = true;~~

services.nginx = {

services.nginx~~.virtualHosts."${config.networking.fqdn}"~~ = {

enable = true;

~~locations."/"~~ = {

~~# proxyPass = "http://127.0.0.1:8001";~~

~~proxyPass = "http://[::1]:8001";~~

};

forceSSL = true;

user = "netbox"; # otherwise nginx cant access netbox files

recommendedProxySettings = true; # otherwise you will get CSRF error while login

recommendedTlsSettings = true;

enableACME = true;

virtualHosts.<name> = {

locations = {

"/" = {

proxyPass = "http://[::1]:8001";

# proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";

};

"/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };

};

~~# services.nginx.recommendedTlsSettings = true;~~

~~security.acme.defaults.email = "acme@${config.networking.domain}";~~

~~security.acme.acceptTerms = true;~~

~~# networking.firewall~~.~~allowedTCPPorts~~ = [ ~~80 443 8001 ];~~

security.acme = {

~~networking~~.~~firewall~~.~~allowedTCPPorts = [ 80 443~~ ];

[ ... ]

~~</syntaxhighlight>~~

acceptTerms = true;

~~<syntaxhighlight lang~~=~~"nix">~~

};

~~</syntaxhighlight>~~

~~https:~~/~~/netbox.domain~~.~~tld~~

}

</syntaxhighlight>For more acme settings and further instruction, please look here [[ACME]].

~~!-->~~

For more nginx settings and further instruction, please look here [[Nginx|Nginx.]]

~~<!--~~

==== ~~small configuration~~ ====

=== Plugins ===

~~with some (working (~~and ~~maybe non working)) plugins~~

The NixOS module supports plugins from nixpkgs. However, at the moment only a small set of plugins is packaged in nixpkgs and is available as part of [https://search.nixos.org/packages?type=packages&query=python3Packages+netbox python3Packages]. The documentation for plugins is being worked on and discussed in [https://github.com/NixOS/nixpkgs/issues/261522 #261522].

To include a plugin:<syntaxhighlight lang="nix">

~~</syntaxhighlight>~~

{ pkgs, ... }: {

services.netbox = {

-->

plugins = ps: with ps; [ ps.netbox-reorder-rack ];

~~<!--~~

settings.PLUGINS = ["netbox_reorder_rack"];

};

~~== database ==~~

}

</syntaxhighlight>The plugin identifier for <source lang="nix" enclose="none">services.netbox.settings.PLUGINS</source> is usually contained in the official documentation for the plugin. It usually is slightly different from the package name.

-->

<~~!--~~

== ~~web server ==~~

-->

<~~!--~~

~~== accounts ==~~

~~: groups and privileges~~

~~==== LDAP ====~~

===~~= OpenID ====~~

=== Setup Superuser ===

~~==== OAuth =~~===

~~-->~~

There will be no user after the installation, so you need to register one manually.

~~== login ==~~

~~=== no (initial) account is create by default ===~~

To do this, run:

~~tl;dr~~: ~~No login is possible after installing and running [[{{PAGENAME}}]]. No account is created. You have to [[#create an initial account]].~~

~~==== reenact that there is no initial account created by default ====~~

~~<syntaxhighlight lang="bash">su postgres</syntaxhighlight>~~

~~----~~

~~<syntaxhighlight lang="bash">psql</syntaxhighlight>~~

~~----~~

~~postgres=# <syntaxhighlight lang="bash">\l</syntaxhighlight>~~

~~<syntaxhighlight lang="bash">~~

~~List of databases~~

~~-----------+----------+----------+-------------+-------------+-----------------------~~

~~| | | | | postgres=CTc/postgres+~~

~~| | | | | netbox=CTc/postgres~~

~~| | | | | postgres=CTc/postgres~~

~~| | | | | postgres=CTc/postgres~~

~~(4 rows)~~

~~</syntaxhighlight>~~

~~postgres=# <syntaxhighlight lang="bash">\c netbox</syntaxhighlight>~~

~~<syntaxhighlight lang="bash">~~

~~You are now connected to database "netbox" as user "postgres".~~

~~</syntaxhighlight>~~

~~netbox=# <syntaxhighlight lang="bash">\dt</syntaxhighlight>~~

~~<syntaxhighlight lang="bash">~~

~~</syntaxhighlight>~~

~~netbox=# <syntaxhighlight lang="bash">SELECT * FROM auth_user;</syntaxhighlight>~~

$ netbox-manage createsuperuser

-~~---+----------+------------+--------------+----------+------------+-----------+-------+----------+-----------+-------------~~

~~(0 rows)~~

~~</syntaxhighlight>~~

~~netbox=# <syntaxhighlight lang="bash">\q</syntaxhighlight>~~

~~----~~

~~<syntaxhighlight lang="bash">exit</syntaxhighlight>~~

~~----~~

~~=== create an initial account ===~~

~~(first you have to) create an initial account (on the cli)~~

~~: this initial account will get highest privileges~~

~~<syntaxhighlight lang="bash">netbox-manage createsuperuser</syntaxhighlight>~~

~~<syntaxhighlight lang="bash">~~

Username (leave blank to use 'netbox'):

~~</syntaxhighlight>~~

~~<syntaxhighlight lang="bash">~~

Email address:

Password:

Password (again):

~~</syntaxhighlight>~~

~~<syntaxhighlight lang="bash">~~

Superuser created successfully.

</syntaxhighlight>

=== ~~first~~ login ===

You can now log in with the given credentials.

=== Troubleshooting ===

==== CSRF aborted message at login ====

If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.

It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.

~~https://netbox.domain.tld/login/~~

== Documentation ==

:~~; Login: ''~~netbox''

* https://netbox.dev/

:~~; Password: ''…''~~

** https://docs.netbox.dev/

~~: <tt>Sign In<~~/~~tt>~~

[[Category:Guide]]

[[Category:Applications]]

@@ Line 1: / Line 1: @@
-[https://netbox.dev/ {{PAGENAME}}] (<s>[[wikipedia:en:{{PAGENAME}}]]</s>) is available as a [[module]].
+[https://netbox.dev/ {{PAGENAME}}] is available as a [[module]].
+== Setup ==
-== configuration examples ==
+=== Setup Secret Key ===
+Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [https://docs.netbox.dev/en/stable/configuration/required-parameters/#secret_key].
-==== minimal configuration ====
+You should '''NOT''' share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:
-<!--
-<syntaxhighlight lang="nix">
+<syntaxhighlight lang="bash">
+mkdir -p /var/lib/netbox/
+nix-shell -p openssl
+openssl rand -hex 50 > /var/lib/netbox/secret-key-file
 </syntaxhighlight>
-<syntaxhighlight lang="nix">
-# system.stateVersion = "22.05";
-  services.netbox.enable = true;
+=== Configuration ===
-  networking.firewall.allowedTCPPorts = [ 8001 ];
+==== Basic Configuration ====
-</syntaxhighlight>
+The module will automatically set up a Redis instance and a PostgreSQL database.<syntaxhighlight lang="nix">
-<syntaxhighlight lang="nix">
+{ config, ... }: {
-</syntaxhighlight>
-: unencrypted http (only)
+  networking.firewall.allowedTCPPorts = [ 80 ];
-<s>http://hostName.domain.tld:8001</s>
-!-->
+  services.netbox = {
-==== basic configuration ====
+    enable = true;
-<!--
+    secretKeyFile = "/var/lib/netbox/secret-key-file";
+  };
-<syntaxhighlight lang="nix">
+  services.nginx = {
+    enable = true;
+    user = "netbox"; # otherwise nginx cant access netbox files
+    recommendedProxySettings = true; # otherwise you will get CSRF error while login
+    virtualHosts.<name> = {
+      locations = {
+        "/" = {
+          proxyPass = "http://[::1]:8001";
+          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
+        };
+        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
+      };
+    };
+  };
+}
 </syntaxhighlight>
+==== With Transport encryption ====
 <syntaxhighlight lang="nix">
-# system.stateVersion = "22.05";
+{ config, ... }: {
-# networking.hostName = "netbox";
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
-# networking.domain = "domain.tld";
-   services.netbox.enable = true;
+   services.netbox = {
+    enable = true;
-  services.nginx.enable = true;
+    secretKeyFile = "/var/lib/netbox/secret-key-file";
-# services.nginx.recommendedOptimisation = true;
+  };
-#  services.nginx.recommendedGzipSettings = true;
-# services.nginx.recommendedProxySettings = true;
+   services.nginx = {
-   services.nginx.virtualHosts."${config.networking.fqdn}" = {
+     enable = true;
-     locations."/" = {
-#      proxyPass = "http://127.0.0.1:8001";
-      proxyPass = "http://[::1]:8001";
-    };
      forceSSL = true;
+    user = "netbox"; # otherwise nginx cant access netbox files
+    recommendedProxySettings = true; # otherwise you will get CSRF error while login
+    recommendedTlsSettings = true;
      enableACME = true;
+    virtualHosts.<name> = {
+      locations = {
+        "/" = {
+          proxyPass = "http://[::1]:8001";
+          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
+        };
+        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
+      };
+    };
    };
-# services.nginx.recommendedTlsSettings = true;
-  security.acme.defaults.email = "acme@${config.networking.domain}";
-  security.acme.acceptTerms = true;
-#  networking.firewall.allowedTCPPorts = [ 80 443 8001 ];
+  security.acme = {
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+    [ ... ]
-</syntaxhighlight>
+    acceptTerms = true;
-<syntaxhighlight lang="nix">
+  };
-</syntaxhighlight>
-https://netbox.domain.tld
+}
+</syntaxhighlight>For more acme settings and further instruction, please look here [[ACME]].
-!-->
+For more nginx settings and further instruction, please look here  [[Nginx|Nginx.]]
-<!--
-==== small configuration ====
+=== Plugins ===
-with some (working (and maybe non working)) plugins
+The NixOS module supports plugins from nixpkgs. However, at the moment only a small set of plugins is packaged in nixpkgs and is available as part of [https://search.nixos.org/packages?type=packages&query=python3Packages+netbox python3Packages]. The documentation for plugins is being worked on and discussed in [https://github.com/NixOS/nixpkgs/issues/261522 #261522].
-<syntaxhighlight lang="nix">
+To include a plugin:<syntaxhighlight lang="nix">
-</syntaxhighlight>
+{ pkgs, ... }: {
+  services.netbox = {
--->
+    plugins = ps: with ps; [ ps.netbox-reorder-rack ];
-<!--
+    settings.PLUGINS = ["netbox_reorder_rack"];
+  };
-== database ==
+}
+</syntaxhighlight>The plugin identifier for <source lang="nix" enclose="none">services.netbox.settings.PLUGINS</source> is usually contained in the official documentation for the plugin. It usually is slightly different from the package name.
--->
-<!--
-== web server ==
--->
-<!--
-== accounts ==
-: groups and privileges
-==== LDAP ====
-==== OpenID ====
+=== Setup Superuser ===
-==== OAuth ====
--->
+There will be no user after the installation, so you need to register one manually.
-== login ==
-=== no (initial) account is create by default ===
+To do this, run:
-tl;dr: No login is possible after installing and running [[{{PAGENAME}}]]. No account is created. You have to [[#create an initial account]].
-==== reenact that there is no initial account created by default ====
-<syntaxhighlight lang="bash">su postgres</syntaxhighlight>
-----
-<syntaxhighlight lang="bash">psql</syntaxhighlight>
-----
-----
-postgres=# <syntaxhighlight lang="bash">\l</syntaxhighlight>
-<syntaxhighlight lang="bash">
-                                  List of databases
-   Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges
------------+----------+----------+-------------+-------------+-----------------------
- netbox    | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres         +
-           |          |          |             |             | postgres=CTc/postgres+
-           |          |          |             |             | netbox=CTc/postgres
- postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
- template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
-           |          |          |             |             | postgres=CTc/postgres
- template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
-           |          |          |             |             | postgres=CTc/postgres
-(4 rows)
-</syntaxhighlight>
-postgres=# <syntaxhighlight lang="bash">\c netbox</syntaxhighlight>
-<syntaxhighlight lang="bash">
-You are now connected to database "netbox" as user "postgres".
-</syntaxhighlight>
-netbox=# <syntaxhighlight lang="bash">\dt</syntaxhighlight>
-<syntaxhighlight lang="bash">
-</syntaxhighlight>
-netbox=# <syntaxhighlight lang="bash">SELECT * FROM auth_user;</syntaxhighlight>
 <syntaxhighlight lang="bash">
- id | password | last_login | is_superuser | username | first_name | last_name | email | is_staff | is_active | date_joined
+$ netbox-manage createsuperuser
-----+----------+------------+--------------+----------+------------+-----------+-------+----------+-----------+-------------
-(0 rows)
-</syntaxhighlight>
-netbox=# <syntaxhighlight lang="bash">\q</syntaxhighlight>
-----
-----
-<syntaxhighlight lang="bash">exit</syntaxhighlight>
-----
-=== create an initial account ===
-(first you have to) create an initial account (on the cli)
-: this initial account will get highest privileges
-<syntaxhighlight lang="bash">netbox-manage createsuperuser</syntaxhighlight>
-<syntaxhighlight lang="bash">
 Username (leave blank to use 'netbox'):
-</syntaxhighlight>
-<syntaxhighlight lang="bash">
 Email address:
 Password:
 Password (again):
-</syntaxhighlight>
-<syntaxhighlight lang="bash">
 Superuser created successfully.
 </syntaxhighlight>
-=== first login ===
+You can now log in with the given credentials.
+=== Troubleshooting ===
+==== CSRF aborted message at login ====
+If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.
+It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.
-https://netbox.domain.tld/login/
+== Documentation ==
-:; Login: ''netbox''
+* https://netbox.dev/
-:; Password: ''…''
+** https://docs.netbox.dev/
-: <tt>Sign In</tt>
 [[Category:Guide]]
 [[Category:Applications]]