NetBox: Difference between revisions

Revision as of 18:51, 15 February 2024

NetBox is available as a module.

Setup

Setup Secret Key

Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [1]. You should not share this key outside of the configuration (i.e. in /nix/store) and it must be at least 50 characters long:

mkdir -p /var/lib/netbox/
nix-shell -p openssl
openssl rand -hex 50 > /var/lib/netbox/secret-key-file

Basic Configuration

{ config, ... }: {
  system.stateVersion = "24.05";

  networking.hostName = "netbox";
  networking.domain = "domain.tld";
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.netbox = {
    enable = true;
    secretKeyFile = "/var/lib/netbox/secret-key-file";
  };

  services.nginx = {
    enable = true;
    user = "netbox";
    recommendedTlsSettings = true;
    clientMaxBodySize = "25m";

    virtualHosts."${config.networking.fqdn}" = {
      locations = {
        "/" = {
          proxyPass = "http://[::1]:8001";
          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
        };
        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
      };
      forceSSL = true;
      enableACME = true;
      serverName = "${config.networking.fqdn}";
    };
  };

  security.acme = {
    defaults.email = "acme@${config.networking.domain}";
    acceptTerms = true;
  };
}

The module will automatically setup a redis instance and a PostgreSQL database. Your NetBox instance is now available at: https://netbox.domain.tld

Setup Superuser

There will be no user after the installation, so you need to install one manually. To do this, run:

$ netbox-manage createsuperuser

Username (leave blank to use 'netbox'): 
Email address: 
Password: 
Password (again): 

Superuser created successfully.

You can now login with the given credentials at https://netbox.domain.tld/login/

Documentation

https://netbox.dev/
- https://docs.netbox.dev/

@@ Line 1: / Line 1: @@
-[https://netbox.dev/ {{PAGENAME}}] (<s>[[wikipedia:en:{{PAGENAME}}]]</s>) is available as a [[module]].
+[https://netbox.dev/ {{PAGENAME}}] is available as a [[module]].
-== configuration examples ==
+== Setup ==
-==== minimal configuration ====
+==== Setup Secret Key ====
+Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [https://docs.netbox.dev/en/stable/configuration/required-parameters/#secret_key].
+You should not share this key outside of the configuration (i.e. in /nix/store) and it must be at least 50 characters long:
-: <syntaxhighlight lang="bash">mkdir -p /var/lib/netbox/</syntaxhighlight>
-: <syntaxhighlight lang="bash">$EDITOR /var/lib/netbox/passwordFile</syntaxhighlight>
-: <syntaxhighlight lang="bash">cat /var/lib/netbox/passwordFile</syntaxhighlight>
 <syntaxhighlight lang="bash">
-this-is-an-initial-password-for-netbox
+mkdir -p /var/lib/netbox/
+nix-shell -p openssl
+openssl rand -hex 50 > /var/lib/netbox/secret-key-file
 </syntaxhighlight>
-<!--
-<syntaxhighlight lang="nix">
-</syntaxhighlight>
-<syntaxhighlight lang="nix">
-# system.stateVersion = "22.05";
-  services.netbox.enable = true;
+==== Basic Configuration ====
-  services.netbox.secretKeyFile = "/var/lib/netbox/passwordFile";
-  networking.firewall.allowedTCPPorts = [ 8001 ];
-</syntaxhighlight>
 <syntaxhighlight lang="nix">
-</syntaxhighlight>
+{ config, ... }: {
+  system.stateVersion = "24.05";
-: unencrypted http (only)
+  networking.hostName = "netbox";
-<s>http://hostName.domain.tld:8001</s>
+  networking.domain = "domain.tld";
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
-!-->
+  services.netbox = {
+    enable = true;
-==== basic configuration ====
+    secretKeyFile = "/var/lib/netbox/secret-key-file";
+  };
-<syntaxhighlight lang="nix">
+  services.nginx = {
-</syntaxhighlight>
+    enable = true;
-<syntaxhighlight lang="nix">
+    user = "netbox";
-# system.stateVersion = "22.05";
+    recommendedTlsSettings = true;
+    clientMaxBodySize = "25m";
-# networking.hostName = "netbox";
+    virtualHosts."${config.networking.fqdn}" = {
-# networking.domain = "domain.tld";
+      locations = {
+        "/" = {
-  services.netbox.enable = true;
+          proxyPass = "http://[::1]:8001";
-  services.netbox.secretKeyFile = "/var/lib/netbox/passwordFile";
+          # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
+        };
-  services.nginx.enable = true;
+        "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
-# services.nginx.recommendedOptimisation = true;
-#  services.nginx.recommendedGzipSettings = true;
-# services.nginx.recommendedProxySettings = true;
-  services.nginx.virtualHosts."${config.networking.fqdn}" = {
-    locations = {
-      "/" = {
-#        extraConfig = ''
-##          proxy_pass http://127.0.0.1:8001;
-#          proxy_pass http://[::1]:8001;
-#          proxy_set_header X-Forwarded-Host $http_host;
-#          proxy_set_header X-Real-IP $remote_addr;
-#          proxy_set_header X-Forwarded-Proto $scheme;
-#        '';
-#        proxyPass = "http://127.0.0.1:8001";
-        proxyPass = "http://[::1]:8001";
-####        proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
-      };
-      "/static/" = {
-#        extraConfig = ''
-#          alias /var/lib/netbox/static/;
-#        '';
-#        alias = "/var/lib/netbox/static/";
-        alias = "${config.services.netbox.dataDir}/static/";
        };
+      forceSSL = true;
+      enableACME = true;
+      serverName = "${config.networking.fqdn}";
      };
-    forceSSL = true;
-    enableACME = true;
-#    serverName = "${config.networking.hostName}.${config.networking.domain}";
-    serverName = "${config.networking.fqdn}";
    };
-  services.nginx.clientMaxBodySize = "25m";
-  services.nginx.user = "netbox";
-# services.nginx.recommendedTlsSettings = true;
-  security.acme.defaults.email = "acme@${config.networking.domain}";
-  security.acme.acceptTerms = true;
-#  networking.firewall.allowedTCPPorts = [ 80 443 8001 ];
+  security.acme = {
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+    defaults.email = "acme@${config.networking.domain}";
-</syntaxhighlight>
+    acceptTerms = true;
-<syntaxhighlight lang="nix">
+  };
+}
 </syntaxhighlight>
-https://netbox.domain.tld
+The module will automatically setup a redis instance and a PostgreSQL database. Your [[{{PAGENAME}}]] instance is now available at: https://netbox.domain.tld
 <!--
@@ Line 120: / Line 89: @@
 -->
-== login ==
+=== Setup Superuser ===
-=== no (initial) account is create by default ===
-tl;dr: No login is possible after installing and running [[{{PAGENAME}}]]. No account is created. You have to [[#create an initial account]].
-==== reenact that there is no initial account created by default ====
-<syntaxhighlight lang="bash">su postgres</syntaxhighlight>
-----
-<syntaxhighlight lang="bash">psql</syntaxhighlight>
-----
-----
-postgres=# <syntaxhighlight lang="bash">\l</syntaxhighlight>
+There will be no user after the installation, so you need to install one manually.
+To do this, run:
 <syntaxhighlight lang="bash">
-                                  List of databases
+$ netbox-manage createsuperuser
-   Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges
------------+----------+----------+-------------+-------------+-----------------------
- netbox    | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres         +
-           |          |          |             |             | postgres=CTc/postgres+
-           |          |          |             |             | netbox=CTc/postgres
- postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 |
- template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
-           |          |          |             |             | postgres=CTc/postgres
- template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +
-           |          |          |             |             | postgres=CTc/postgres
-(4 rows)
-</syntaxhighlight>
-postgres=# <syntaxhighlight lang="bash">\c netbox</syntaxhighlight>
-<syntaxhighlight lang="bash">
-You are now connected to database "netbox" as user "postgres".
-</syntaxhighlight>
-netbox=# <syntaxhighlight lang="bash">\dt</syntaxhighlight>
-<syntaxhighlight lang="bash">
-</syntaxhighlight>
-netbox=# <syntaxhighlight lang="bash">SELECT * FROM auth_user;</syntaxhighlight>
-<syntaxhighlight lang="bash">
- id | password | last_login | is_superuser | username | first_name | last_name | email | is_staff | is_active | date_joined
-----+----------+------------+--------------+----------+------------+-----------+-------+----------+-----------+-------------
-(0 rows)
-</syntaxhighlight>
-netbox=# <syntaxhighlight lang="bash">\q</syntaxhighlight>
-----
-----
-<syntaxhighlight lang="bash">exit</syntaxhighlight>
-----
-=== create an initial account ===
-(first you have to) create an initial account (on the cli)
-: this initial account will get highest privileges
-<syntaxhighlight lang="bash">netbox-manage createsuperuser</syntaxhighlight>
-<syntaxhighlight lang="bash">
 Username (leave blank to use 'netbox'):
-</syntaxhighlight>
-<syntaxhighlight lang="bash">
 Email address:
 Password:
 Password (again):
-</syntaxhighlight>
-<syntaxhighlight lang="bash">
 Superuser created successfully.
 </syntaxhighlight>
-=== first login ===
-https://netbox.domain.tld/login/
+You can now login with the given credentials at https://netbox.domain.tld/login/
-:; Login: ''netbox''
-:; Password: ''…''
-: <tt>Sign In</tt>
-== documentation ==
+== Documentation ==
 * https://netbox.dev/