From 3e787c2cbae8ad1b925a7c02e0f23fa15f9cda70 Mon Sep 17 00:00:00 2001 From: Myned Date: Sun, 6 Oct 2024 10:15:20 -0500 Subject: [PATCH] containers: add netbox with plugins Signed-off-by: Myned --- options/custom/containers/netbox/Dockerfile | 5 + options/custom/containers/netbox/default.nix | 88 ++++++++++++++++++ options/custom/containers/netbox/extra.py | 32 +++++++ .../containers/netbox/plugin_requirements.txt | 11 +++ secrets/secrets.nix | 3 + secrets/server/caddy/Caddyfile | Bin 3424 -> 3500 bytes secrets/server/netbox/.env | Bin 0 -> 963 bytes secrets/server/netbox/cache.env | Bin 0 -> 543 bytes secrets/server/netbox/db.env | 9 ++ 9 files changed, 148 insertions(+) create mode 100644 options/custom/containers/netbox/Dockerfile create mode 100644 options/custom/containers/netbox/default.nix create mode 100644 options/custom/containers/netbox/extra.py create mode 100644 options/custom/containers/netbox/plugin_requirements.txt create mode 100644 secrets/server/netbox/.env create mode 100644 secrets/server/netbox/cache.env create mode 100644 secrets/server/netbox/db.env diff --git a/options/custom/containers/netbox/Dockerfile b/options/custom/containers/netbox/Dockerfile new file mode 100644 index 0000000..d2b24ee --- /dev/null +++ b/options/custom/containers/netbox/Dockerfile @@ -0,0 +1,5 @@ +# TODO: Upgrade to v4.1 when supported by netbox-acls +FROM docker.io/netboxcommunity/netbox:v4.0.11 + +COPY ./plugin_requirements.txt /opt/netbox/ +RUN /opt/netbox/venv/bin/pip install --no-warn-script-location -r /opt/netbox/plugin_requirements.txt diff --git a/options/custom/containers/netbox/default.nix b/options/custom/containers/netbox/default.nix new file mode 100644 index 0000000..b171804 --- /dev/null +++ b/options/custom/containers/netbox/default.nix @@ -0,0 +1,88 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.custom.containers.netbox; +in { + options.custom.containers.netbox.enable = mkOption {default = false;}; + + config = mkIf cfg.enable { + age.secrets = let + secret = filename: { + file = "${inputs.self}/secrets/${filename}"; + }; + in { + "${config.custom.profile}/netbox/.env" = secret "${config.custom.profile}/netbox/.env"; + "${config.custom.profile}/netbox/cache.env" = secret "${config.custom.profile}/netbox/cache.env"; + "${config.custom.profile}/netbox/db.env" = secret "${config.custom.profile}/netbox/db.env"; + }; + + #?? arion-netbox pull + environment.shellAliases.arion-netbox = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.netbox.settings.out.dockerComposeYaml}"; + + # https://github.com/netbox-community/netbox-docker + virtualisation.arion.projects.netbox = { + serviceName = "netbox"; + + # https://github.com/netbox-community/netbox-docker/blob/release/docker-compose.yml + settings.services = let + netbox = { + container_name = "netbox"; + depends_on = ["cache" "db"]; + env_file = [config.age.secrets."${config.custom.profile}/netbox/.env".path]; + restart = "unless-stopped"; + volumes = ["${./extra.py}:/etc/netbox/config/extra.py"]; + + # https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins + #!! Context modifications require a rebuild + #?? arion-netbox build + build.context = "${./.}"; + }; + in { + netbox.service = + netbox + // { + ports = ["8585:8080"]; + }; + + housekeeping.service = + netbox + // { + container_name = "netbox-housekeeping"; + command = ["/opt/netbox/housekeeping.sh"]; + depends_on = ["netbox"]; + }; + + worker.service = + netbox + // { + container_name = "netbox-worker"; + command = ["/opt/netbox/venv/bin/python" "/opt/netbox/netbox/manage.py" "rqworker"]; + depends_on = ["netbox"]; + }; + + cache.service = { + container_name = "netbox-cache"; + command = ["sh" "-c" "valkey-server --requirepass $$REDIS_PASSWORD"]; + env_file = [config.age.secrets."${config.custom.profile}/netbox/cache.env".path]; + image = "docker.io/valkey/valkey:8.0"; + restart = "unless-stopped"; + }; + + db.service = { + container_name = "netbox-db"; + env_file = [config.age.secrets."${config.custom.profile}/netbox/db.env".path]; + image = "docker.io/postgres:16"; + restart = "unless-stopped"; + + volumes = [ + "${config.custom.containers.directory}/netbox/db:/var/lib/postgresql/data" + ]; + }; + }; + }; + }; +} diff --git a/options/custom/containers/netbox/extra.py b/options/custom/containers/netbox/extra.py new file mode 100644 index 0000000..b6f3f34 --- /dev/null +++ b/options/custom/containers/netbox/extra.py @@ -0,0 +1,32 @@ +# https://github.com/netbox-community/netbox-docker/blob/release/configuration/extra.py + +CENSUS_REPORTING_ENABLED = False +LOGIN_PERSISTENCE = True + +# BUG: pynetbox does not send token with version requests +# https://github.com/netbox-community/Device-Type-Library-Import/issues/134 +# https://github.com/netbox-community/pynetbox/pull/641 +LOGIN_REQUIRED = True + +TIME_ZONE = "America/Chicago" + +PLUGINS = [ + "netbox_acls", + "netbox_attachments", + "netbox_dns", + "netbox_interface_synchronization", + "netbox_lists", + "netbox_otp_plugin", + "netbox_reorder_rack", + # // "netbox_routing", + "netbox_secrets", + "netbox_topology_views", + "slurpit_netbox", +] + +PLUGINS_CONFIG = { + "netbox_acls": {"top_level_menu": True}, + "netbox_otp_plugin": {"otp_required": False}, + "netbox_secrets": {"top_level_menu": True}, + "netbox_topology_views": {"allow_coordinates_saving": True}, +} diff --git a/options/custom/containers/netbox/plugin_requirements.txt b/options/custom/containers/netbox/plugin_requirements.txt new file mode 100644 index 0000000..c00a53b --- /dev/null +++ b/options/custom/containers/netbox/plugin_requirements.txt @@ -0,0 +1,11 @@ +netbox-acls == 1.6.* # https://github.com/netbox-community/netbox-acls +netbox-attachments == 5.1.* # https://github.com/Kani999/netbox-attachments +netbox-interface-synchronization == 4.0.* # https://github.com/NetTech2001/netbox-interface-synchronization +netbox-lists == 4.0.* # https://github.com/devon-mar/netbox-lists +netbox-otp-plugin == 1.3.* # https://github.com/k1nky/netbox-otp-plugin +netbox-plugin-dns == 1.1.* # https://github.com/peteeckel/netbox-plugin-dns +netbox-reorder-rack == 1.1.* # https://github.com/netbox-community/netbox-reorder-rack +#// netbox-routing # https://github.com/DanSheps/netbox-routing +netbox-secrets == 2.0.* # https://github.com/Onemind-Services-LLC/netbox-secrets +netbox-topology-views == 4.0.* # https://github.com/netbox-community/netbox-topology-views +slurpit_netbox == 0.9.* # https://gitlab.com/slurpit.io/slurpit-netbox diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 64c8d2a..9314fc9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -75,6 +75,9 @@ in { "server/mastodon/.env".publicKeys = server; "server/mastodon/db.env".publicKeys = server; "server/matrix-conduit/conduwuit.toml".publicKeys = server; + "server/netbox/.env".publicKeys = server; + "server/netbox/cache.env".publicKeys = server; + "server/netbox/db.env".publicKeys = server; "server/netdata/parent.conf".publicKeys = server; "server/nextcloud/.env".publicKeys = server; "server/nextcloud/db.env".publicKeys = server; diff --git a/secrets/server/caddy/Caddyfile b/secrets/server/caddy/Caddyfile index a9dc3ed541610b5679c2cd6be3379125ec5f739a..79f95ddf9058805ad4166abf45b23b9814dd9a26 100644 GIT binary patch delta 3470 zcmV;94RP||8mt?TEPrutI8kFmGD&4ZIbun4M>A+cPHt3bNn%Y>cS%fTNl$k%d2elN zOF~&!X9{w1XJ&X|F?T^QPjo~tQ*A|QSV&7xIC^DTZAw%*SZqm1OL=%&Nm46iSqd#a zAaiqQEoEdfH8n9gAaiDTdT&u6S656?dNEd6ay4iM zSUFHu;bw_z|OKD71Fh(nXMOHCEZ!vH<3STPDHyl>PL~Q{i zezN*9F^|jVrBp55JqxdJO5_80(uJ z!ukyBA31ulf<}Nju zYm|z^XLhA3N?t|wX~wOngF-n;l0PHWSEJ({>@Z)_ci^_NF1Qg5@5%CJRMnjJ69qDi z4xiubwvlJ{N;F@(W3mrpR}b_?4QNXCA*H#0Y}dy+rin0FP&3(0OoYVi!QfaDl| z6EcinA+K^I)Y!ep2osrsrplAeD}HryXiIPM!xI#378Su_ge`c}gO&2M|69 znB-^`#N2PC7n_#^zC@e86)CVvtSF;KQCmx0)clt! zGlPXEhAp?!lQu6sd` zQZZr*h21UW69c77fMUk1o-U++*48#yVBWP@*tnQrXyB`gr`YBg+^%UIBa<&c9Q~bk zLAE`Pm9$KF9^} zC01#YIn_jU6b*hW%=C_bG`)DA!$*n7%k@avd>jr%q9w5dR%<4#ceznY6;nn4fQBpg z!EV$YKCtPOSaFYRxA7vVb&gNCa@GK3M=43@myzNZW)(o{U3{Zx&$Gl)k|J8UEHtVT zZ@N?Vg9h}YGMl@zdk%GRrTS%Ig&7b_Yn;qdfhw#nT(D-bu(8&EQBATgQ+VxVzu$D; zqClXJeD{6xj=s#^(#>3@WIld?r7QX!{|P!nr+EnqTcItgirMET3e8c60j_(k5_#7A zLt!=`K1MZwfSw$|d>it4BMz8b^!4Cjm*yEVPqa3rozQZSjdbr%s@~gLG^nogI97;4 z5^aF6~8%P8t!y& zV!W`VqkZ$_#|Eum04Z;%)ZOoOTCPPZ1X!yi3~+N zwrIb;{D6quG?dI%VV22_P!l=M+@JmQX!FpF?AE$}DX-K-NX${*GR+;S%7ZP&z@X|w zXhNeP;oB(Kme*U;XcVF2Y3Jj*(d1sxpRDu2Vrj3s60;hE)6*ZLIfv0Q5$9zJIf@J* z5tA_Ivx~tWxZj0LlVg5D|2TZEHIi}fgTG!JI`;l=2eD?u+SFnA^}|}Udj;Pnid(F19PG9Rbcvs|Dc{DzE%jEMixutYV=_3KXfMC zRG*D?$44vNdQM@dobkS&F-cFPSfy z=V$c8JW)Qn;KB^H$cbeh@OH9|!2mmOojB87;_bnw5#C!VHA$%Lv10icTA$7{^TjpnfvCJD2G3W~YJ%oUK@03Khc?%NLZ>m>eJwgWQ zKCLfK@#vglT9S4c3>DB~Vz;&iguo>W7%b4iyF{jVM%WlhfvrWIS0i+8c--O>9~ct0I7Won3I`K_KT_(Cc-12OKK+y%*-;<+o58vs^+ZByrcnGo%u z#7uIAsL8F=4aq51e9Skkp>xl|TjbM1I;p4I%Kw5X+CFO2LunoHSea=}TMfv#5 zo$IMw95!H}B_U`IJO5}Wm;6d-iO0Fw92m3A&B@~8c)#;Zuxzqm+9+Ei+D6&67v3;X9`*|acE9BYivz6X>@2cL0ET5dQCTIZ)!PlZ(4d%QaE*Ha5-W%QY%GQZwf6w zAaiqQEoEdfH8n9gAaiDTdT&u6ML|h-dQon7Z%c7dPIW~uR7Oy5GDv7+Y%^*`P&a0J zLQz9)XEJGUX=-j!3VBC&NitPsYdLOEQBp}#G;TIBZ+R~_N-;P_VM>an|HHyda;ORhN@A0XK=zP%z3x;g=P%^tUr!hUenh)A(e|B$1j#DO-vA zj&LPrHfDR>!@Q&qPJ>m7JKdy5uwB}lTGgr{Wq;57WN#tp;UwHU+{!&OnXqw~P4|j< zeC9-d9)D(}44l(`3q9Gu|6FF-g`JA7{L2M`lg*lEz9Sl96lgQHy;z_%B0bjc)<|^K zf(1t?49!nP1SmoYE5~lAclr5mWm#0O6ydGm+@Xm9zeOd5jyKXsllJentPKb&{~KF@ z3OM_~#6o)uA`nnV&7_-OnY~zcNY|&tPnQjUpzcG3;O7dh-;x1L!%M=ixRxX!Q8l9? zEi2>iXbi23cNsAVqz2S7R%sb}G1_1$E)fQW4gEptu^i;)i+BLE7I7fmR|rcq+|1&A zTB6~kZ&4RaDWZ1?%NeMyweBReDs|O)p8E-8yZ~bGi(G1o)$AI!TL?qA&D74 z#rNB1iSa`)Q_3r<+_6)`Qx}ksNFyJ=+RC=0A(n#E^|^00HPljdNfg~MQ%WL`(Y;2> z)mJeqK_Y4Qy4=9}*5UuWQGow|&QW@Qd>_4tV+qmhZMfa%Zp4%BpWRs8wEu$z`ZdVl zcjqXbzUPiYLy4|HGI_+MsrJBPWsg!F-SW-|NU`D<0HN{h8O|ngOWT(!9VkpSV# zf;db%pG_KC*H3bP8c|$U!-H`{Xf`UFgwQ>yO)7=E92%RG>GFs?8286P{#Rcqa`y8rgq->*6J}XpOidef^Qv*sHD6}YsT#Nj`;oSTxc8x1nfWIz-PzRsG|kH zi!`QIc^BllcAps6BJyiZ$wnI_BHc zU1|BOg3QszA9}@7*rY&zMX&Rj&J*F+CX+)`vgM_eYacjCXXl56Yse?)gMBBK1Q-G9 zRk;P<;|%rbbQBf(CP-G6%9QBwa5Nn;lZ$AE5}t|&#YpA_RS0Y%_$Aii^d)!K06FSx zwE<-UjL;)Ice93S1@*w#(H#q{lObXViNJ1x&cQL%gwfRoECxJ(K+h4d4RU6ycjUHL zi9N!mO_s^TgS-eS2!M7BJvjMydP(sO`jST#e8%(mLXV|pgf z3wdfpA*PDghQ5w}t&@-_N5wo|ub{Q?6Ie}ln#L3dIcZyyi%n~eCIVUCM76IW9#i{6 znpgr&rtRLy_0u3u+iTNIB0)kGu}dX;L~th|!Z!cmi@Ftpn@t~!weLvk>P7>5p=RhK;ed zgcYo>UWYY*$qH)dJ)h$gIeL6phM<|Wzg36!}oH+vq*ow?Z-X|UwR%BKPh4LB|i-nz3fa=m5ee|**A z!(Li@GzFpNTKxGhShLw8KqTvv2PZL>Kd2U*F=C<(+IN(VuDpI1z1{ev3yGAY-zH z#7*tvE;M1+WnrVF{xfDl;@X?K0v9bQrDQ8Y)I>DjPZ5`Iz=OZ}N87(wtRpTpc}*he zmkE`BkVW&dXj?}y{$Zq?pK42Ei2)=MrEvsh5O|Po9)_+5c1@_QG$x_KYUZk?)G{BS zyWX54Q#$}89jaFDaL)~H?=SQ!c(ES}BX$R#krn?s-K*X`vV>^e?v_}RLGbh8crKU= z+8|vX=?5J}G8$NT&+Q27D8>4nAXY(S^jD&PVPp~s@OmOl{Ew((5^4)(#Yk4a5`0(s z1R_JIGYT;ftXcPE3x+fFapm+7atLvY&Un*-{Mu1u_grkbyNTlDB3N?_>Wk|7cB9O% z{`y^$VG-u$oKhJ@LLkIlEp==VvklMVjDU#n`mhKW_5>ATK0h%+g#fNQnB>-=HA{Sd zYVNt{cv{Op-cijyp5DPVKDQS*Z9WCLO z%N~FCQy9gJ>;*)aO1^0UuR3o}drw0xONi!j`Q*q#lIu9n^-KFn&wRO@zUq6@n0{owUU+tLQrq-- zPvo{2`Nv^4ssndRR^lMA%`73W`);g!kZ>an>^-2+ctel0_ zAUV>1$DtuGP>DS_{^(~U}Mz6w;Jl5XDPEMMUwJ8NDLrfJJ5e|0onD5Ks z8hU`ycBqVK1P>g%O`L##bkw4}k3{bn)S|(;PzR_|3FE?aZP8#XxO^10Y`2T&X>F1N zBP}VuW5)HM?iZ<-=!;`~w3!HhGACbMKd{=3ez&Zqs>o2u95(1Dir+hKN5Ne6R!x%X zqoklZN;trU+VLbH1#oZ(R)=!iOGX~*-4`a@D%dZU=-F<-A&~rPEIKQYs5>X)ssy%o z$Xa1ww3c^F>)RpG&l2Z_fW%h)H-pqFB8sHuKqQJYjS<-C$-(-_@F*RBBf-nL&hmjD zPQBaiCN3%_bZ-_&4L)VS&MLA-g#?)W@B57vL$fXf&sbIlz)hsPyb4MK|26sLK=Uye zq2X7}l;21*83Q?6+-y+@L+Qz(QMDGjJGRr5c`O_n+x;632lo=)n#!Ss;PY}c@Vc`A zo9eZa^<~nk?xA*FeNAkCuH4I6kOC~tBgyQSLpkR!e_f^Q)x+N4R7liz?Q))5b5E}o z7AI7R2*cZVKrre5On}uHj}i9!q<<06ag@=no^Ed$&@C>hzvIYgt&d$u3JlxEFU%DL z3AiveJl5sW{$m>zT(Em=v-6gR^VPyr%%wnW_9H2^mX9a-4Kizg%2%yHn*RGZK%}?y z#qb|`=t~Y=XffFjJ0iiW@H9$|Z{pKUFo3>rt_?1_N3i7L{+_ku{O38GF>2>gu^6*P zQY*78=@~ATa~aCPd{ zy?WnvA zC@zfBH_OwG3^uAT&d#oKDK*bB3pdiviPAQ!NVLpI3imE`3FHc{OfvBB$g2u5@OLZC zudML#_pU54sLFCT&(HVFjmY=R$xiEh#bG7uv7!@RKF0%fV9Y*Ob>sf zutY;AC-1QAEEmJj5)&?6U0sFpjGR)#yv%Zo^sKA^eRm6&zyP0gXSXb03uEu}DBn=? zs_gW@oZO70@?tK%?){JQd8N;7TY2GQm;a7aE+V3ve?&1SntA$cIO#vzsI=qXp=(Ow zS36u!1@#{*ocXu*3t#kl-j@=GI$c=i$i}X@Uj6K^@yrd4pW9--XO(lm|MABraAVOb zuFs0x?$?=}zx=-J*C)r}-)a72_WA=4Wqu|uiRk!x=e1d=f@E}&{?>9*ME(l*OJ4J^Vdwd_`xZyoy+Ew#x?td;-hzd zf3LoG`)Q#_LNizN{|${E?@pI)X|+6K8sRT7;da3Ga;ASDw(3ncy2YoR#C2%T!!E;j zQToOACpX$k?5e)#?5~DR+pPjxJd-t=l6da&sTCwH@cIb zta$X4v-55_N#*Xek3nWnfKLlxx9RzTxXKmCgJXjpDos1bC|yCO^amYPo9unAlMr|XwZ literal 0 HcmV?d00001 diff --git a/secrets/server/netbox/cache.env b/secrets/server/netbox/cache.env new file mode 100644 index 0000000000000000000000000000000000000000..7533171b3a7927b4cfcbb19abb94619842099246 GIT binary patch literal 543 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT)a5c-a2vo@QEA;ls z&U6X)2~To~D$CXmxAY4xbTzH2N_2AfHa7Nh4=r;pataMfcjbyqOScF&O0{(Ht0*%w zk22LxGqOx}bj?k!FgNzdaWU}oPV-9jcd{%jOGdY?IIW^8KTttCI6N@8(x5QRvLYoa zr!v_x+oROOH`p&iKP1F2IKQGQOxwSzGAP(Ix0ow6$FVrIG&4!xydziplpQ3$Jwfa>y$}VV)np1yc$>;04iWN4@uG#1k zx5OlGI$L0!tK_2n|Jii^uf4dH?c7AR_g~qroV{rqx$1z-Qv=DDt38|kuWJjP?y)PN Ku64;eqv-&k7RO)! literal 0 HcmV?d00001 diff --git a/secrets/server/netbox/db.env b/secrets/server/netbox/db.env new file mode 100644 index 0000000..5947a9d --- /dev/null +++ b/secrets/server/netbox/db.env @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 8E6j8Q m8gcV7QJYaY5aXQVfwpeYhHvpRZxB7TyVAQ2PLPKEH4 +3CMDnCvJJAoWb+dsiiT+XDDga+J0A1i45ItUloYPLbs +-> ssh-ed25519 sfxzoQ YczqBRqlP8jRn3yvCL67aBtP8l4pbvjaoYJPKXegVRo +AdXDHkqehiUEKGiPb//PEAezWNWCd3RADBlj2s1sgVs +-> ssh-ed25519 fEyKPw 4/iuxqm//a6g6MxWfuG6UnQTIrCJ6TxVYINWoKE2an8 +Ot52wghJyc4nwcq4yyIq9r+upVcEDuvaNi/U5uUiH/M +--- mfhw4DBbORqU7oNviE/DNacM5wDC1QzzPxbz7Fw2T0o +3:*}Ljb `iwz\>9QFTYQo_:cv:ܩ;wDTRJr4 JsIĥueXc}*Lzho , :5:ut,|~>Avܧ4z2-/JYf_{[Af텓 \ No newline at end of file