NetBox: Difference between revisions

From NixOS Wiki
m →‎With Transport encryption: forget to add 443 at with TLS encryption
Klinger (talk | contribs)
m Acme to ACME link
 
Line 78: Line 78:


}  
}  
</syntaxhighlight>For more acme settings and further instruction, please look here [[Acme]].
</syntaxhighlight>For more acme settings and further instruction, please look here [[ACME]].


For more nginx settings and further instruction, please look here  [[Nginx|Nginx.]]
For more nginx settings and further instruction, please look here  [[Nginx|Nginx.]]

Latest revision as of 19:47, 25 June 2024

NetBox is available as a module.

Setup

Setup Secret Key

Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [1].

You should NOT share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:

mkdir -p /var/lib/netbox/
nix-shell -p openssl
openssl rand -hex 50 > /var/lib/netbox/secret-key-file

Configuration

Basic Configuration

The module will automatically set up a Redis instance and a PostgreSQL database.

{ config, ... }: {

  networking.firewall.allowedTCPPorts = [ 80 ];

  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };

  services.nginx = {
    enable = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };
}

With Transport encryption

{ config, ... }: {

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };

  services.nginx = {
    enable = true;
    forceSSL = true;
    user = "netbox"; # otherwise nginx cant access netbox files
    recommendedProxySettings = true; # otherwise you will get CSRF error while login
    recommendedTlsSettings = true;
    enableACME = true;
    virtualHosts.<name> = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
    };
  };

  security.acme = {
    [ ... ]
    acceptTerms = true;
  };

}

For more acme settings and further instruction, please look here ACME.

For more nginx settings and further instruction, please look here Nginx.

Setup Superuser

There will be no user after the installation, so you need to register one manually.

To do this, run:

$ netbox-manage createsuperuser

Username (leave blank to use 'netbox'): 
Email address: 
Password: 
Password (again): 

Superuser created successfully.

You can now log in with the given credentials.

Troubleshooting

CSRF aborted message at login

If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.

It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.

Documentation