From 6f67715a6537c380925bef08128774fcbeb52a6e Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Sat, 12 Aug 2023 11:53:11 +0200 Subject: [PATCH] renge/netbox: Init --- machines/renge/configuration.nix | 1 + machines/renge/secrets.yaml | 7 ++++--- machines/renge/services/netbox.nix | 26 ++++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 machines/renge/services/netbox.nix diff --git a/machines/renge/configuration.nix b/machines/renge/configuration.nix index b18a5e4..0d00b88 100644 --- a/machines/renge/configuration.nix +++ b/machines/renge/configuration.nix @@ -16,6 +16,7 @@ ./services/libreddit.nix ./services/matrix ./services/murmur.nix + ./services/netbox.nix ./services/nitter.nix ./services/password-hash-self-service.nix ./services/prometheus.nix diff --git a/machines/renge/secrets.yaml b/machines/renge/secrets.yaml index f8a8c63..6e763b9 100644 --- a/machines/renge/secrets.yaml +++ b/machines/renge/secrets.yaml @@ -3,6 +3,7 @@ go-neb-overrides: ENC[AES256_GCM,data:nogN8wqu5U1BXIAZwgKpTFbOvt18lVu/slJiimz0eJ hcloud_exporter-environment: ENC[AES256_GCM,data:EtGDTr7bnQeHAx1TjzmMSGFaiuZM7AzGIyDiXhfd2V9mVF7ebuaWnMw3ioN4gbvXT5rrxkFr2xNj6IoVl/oPgjdWxg32zwT862zWMwvbLTRGMYDUUovF,iv:+u9vx4A4IoPLIbwzagm4R31aQ9bJzMWFOc4ui62dgcs=,tag:oh9bOyLGOCBgujZvMJNmQg==,type:str] invidious-extra-settings: ENC[AES256_GCM,data:njAVRilLVlNLgFY5g0FMn7uZsSX3mWK8PnWW/oJoaUj7L0g597eRmL76LfvScz6+pbSYaY2H2Olt+YL0LWY0jt+gM0+FwG2+0ddrtrpjGeGa,iv:rNwvSV9YXqnQqNtzW79hEUKx6c0rddEcC31EVE7qr3w=,tag:iGiDNj5zDHXiO+mhmAwK4Q==,type:str] murmur-superuser: ENC[AES256_GCM,data:Jac1Vs3tiSmL/qLwDhPhSoVzMNT0nAP+cg==,iv:ReUkEjCkEqUJKzHzIKdp77szhHitiDBXaxQnNWKQU9c=,tag:HfVrtSJwDPrHgZlKxcUiuA==,type:str] +netbox-secret-key: ENC[AES256_GCM,data:OBsB7Lj66AvgXIvieKnZo7AwGavi1rQ9RG2sJihxoHjJQjvbu8/kIKsiBC2o8mTTlxI=,iv:yqH2BnN63Ag4dgQr8iTA2V0WUw0qYaOTeVG/2PN7EL0=,tag:Ne2vh1GA0BCY5jh0nylgtw==,type:str] prometheus-htpasswd: ENC[AES256_GCM,data:glClg69iOdFMKNtQexg38+81aLkxD9EHJMD1IpuwEQlMNuUC4mX9EbRYbRnDE1jY4AeVsF3Xm8RxH65Ga5LYx6V2lOQrQRr+KFSLTLW1bjBnPi+9VoambTL7S3YyR5BnJAghi3mkIegv66DSaezprC+bGROcwgSKvdR/m5U=,iv:VLWlv4cr52VmZAVeXq3GDjoPE11DmiIMJnGek+lNiV4=,tag:WBNYdT+D49qXfPh6R5uXnQ==,type:str] synapse-registration-shared-secret: ENC[AES256_GCM,data:PG50Z6fP5hLJwREosB6t1EqV7qKNpFAi9j1b7pzdSUEGFoOXiW9kDeV3jBjwJdFNRFaOX0lK7+AH5I/BuBvqHDRTi2guFiQPPvX6fo+fBnD9kR5Fy4w9hr0Z3NA0Hhg=,iv:bGP8J+fSgdghtjtjXnL1hXAEFD56zacJhJmJHX0rIFg=,tag:SIUOXU2MvdwIuxkrKqScgg==,type:str] synapse-turn-shared-secret: ENC[AES256_GCM,data:nerJ4Lc9zQSJ2HU6VpO+f7gAviYdQGgOxGqqFapYb1QwvFNlC25yT1SHkY42ZkYy97YBBednXjaoLTnRFbRmzTe80eyWzjlYneouVB33w8zx7xiwzDyk,iv:7vS3whvzi1FDpTAcnDsZZXrr707L9Fo5WAL+k3orMCM=,tag:n11U3bYSzmTCWu9Wg/cmKw==,type:str] @@ -14,8 +15,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-03-26T12:53:34Z" - mac: ENC[AES256_GCM,data:iNn/Xn5YmruxdltWQfox/BXM6cMDt8nUDjB/Ytmpm6X64u/1nt1VGcD5E2xHUjZIIAM8ppDtUvqbwuPEC61h9TglCGiF20hPxeiWiPo5chrRccOTZwUib1bekv9S5V9PCEzd1APPGFFDU8ipYNxM7ifhqzXGicVCrIIDD9AL82g=,iv:hVXxyvbKQOIjnAThy//VTmAbYkgWr2hZGlJgsqmoyYc=,tag:BSdhzW6RRWPbH+lGH7fDfw==,type:str] + lastmodified: "2023-08-11T20:15:30Z" + mac: ENC[AES256_GCM,data:fWn+whz1qz+Q3Kte6UThFyIFApNiOkC8ToLd37grkgUMla23DJ5Ex3fBOXreQ6yS8wcm9sF27I6bQNQtd6pS4qQAVi/NpAjIZsjToddM4I8vegO/uF0T7qxvUIG/fwbpO0l/D9pKT5r6C35QSCm3SpxipQkZhp4pZZRZ1UcHQVI=,iv:waHrk0IiD0BTka5u/9RWJszN10newBV4Cl28pWwl+do=,tag:/W3RvwN+SnPpSDPQrHVipw==,type:str] pgp: - created_at: "2022-03-23T13:59:53Z" enc: | @@ -56,4 +57,4 @@ sops: -----END PGP MESSAGE----- fp: FD4E1FB15DD0F36A77790229826C04C0BE319FA2 unencrypted_suffix: _unencrypted - version: 3.7.1 + version: 3.7.3 diff --git a/machines/renge/services/netbox.nix b/machines/renge/services/netbox.nix new file mode 100644 index 0000000..7f2b24e --- /dev/null +++ b/machines/renge/services/netbox.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + +{ + sops.secrets.netbox-secret-key = { + sopsFile = ../secrets.yaml; + owner = "netbox"; + }; + + services.netbox = { + enable = true; + package = pkgs.netbox; + secretKeyFile = config.sops.secrets.netbox-secret-key.path; + }; + + services.nginx.virtualHosts."netbox.sbruder.de" = { + enableACME = true; + forceSSL = true; + locations = { + "/".proxyPass = with config.services.netbox; "http://${listenAddress}:${toString port}"; + "/static/".alias = "${config.services.netbox.dataDir}/static/"; + }; + }; + + # allow nginx access to static + users.groups."${config.users.users.netbox.name}".members = [ "nginx" ]; +}