From d31497613546399616af7980d62484067a346299 Mon Sep 17 00:00:00 2001 From: yuri Date: Sat, 5 Aug 2023 04:47:14 +0200 Subject: [PATCH] Add netbox host --- hosts.nix | 3 ++ hosts/netbox/configuration.nix | 17 +++++++++++ hosts/netbox/default.nix | 8 +++++ hosts/netbox/netbox.nix | 7 +++++ hosts/netbox/nginx.nix | 29 +++++++++++++++++++ hosts/netbox/secrets.nix | 11 +++++++ .../virtualHosts/acme-challenge.nix | 9 ++++++ 7 files changed, 84 insertions(+) create mode 100644 hosts/netbox/configuration.nix create mode 100644 hosts/netbox/default.nix create mode 100644 hosts/netbox/netbox.nix create mode 100644 hosts/netbox/nginx.nix create mode 100644 hosts/netbox/secrets.nix diff --git a/hosts.nix b/hosts.nix index ab1de0e..9c83870 100644 --- a/hosts.nix +++ b/hosts.nix @@ -37,6 +37,9 @@ in hostNixpkgs = nixpkgs-unstable; site = "vs"; }; + netbox = { + site = "vs"; + }; nextcloud = { hostNixpkgs = nixpkgs-unstable; site = "vs"; diff --git a/hosts/netbox/configuration.nix b/hosts/netbox/configuration.nix new file mode 100644 index 0000000..5bf8422 --- /dev/null +++ b/hosts/netbox/configuration.nix @@ -0,0 +1,17 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "netbox"; + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; + }; + + system.stateVersion = "23.05"; +} diff --git a/hosts/netbox/default.nix b/hosts/netbox/default.nix new file mode 100644 index 0000000..5dd147b --- /dev/null +++ b/hosts/netbox/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ./netbox.nix + ./nginx.nix + ]; +} diff --git a/hosts/netbox/netbox.nix b/hosts/netbox/netbox.nix new file mode 100644 index 0000000..32e37e4 --- /dev/null +++ b/hosts/netbox/netbox.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + services.netbox = { + enable = true; + secretKeyFile = "/secrets/netbox-secret-key.secret"; + }; +} diff --git a/hosts/netbox/nginx.nix b/hosts/netbox/nginx.nix new file mode 100644 index 0000000..a2d1782 --- /dev/null +++ b/hosts/netbox/nginx.nix @@ -0,0 +1,29 @@ +{ config, ... }: +{ + services.nginx = { + enable = true; + clientMaxBodySize = "25m"; + user = "netbox"; + virtualHosts."netbox.grzb.de" = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; + locations."/static/" = { + alias = "${config.services.netbox.dataDir}/static/"; + }; + locations."/" = { + proxyPass = "http://${config.services.netbox.listenAddress}:${builtins.toString config.services.netbox.port}"; + }; + }; + }; +} diff --git a/hosts/netbox/secrets.nix b/hosts/netbox/secrets.nix new file mode 100644 index 0000000..e31c666 --- /dev/null +++ b/hosts/netbox/secrets.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + deployment.keys."netbox-secret-key.secret" = { + keyCommand = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" "pass" "netbox/secret-key" ]; + destDir = "/secrets"; + user = "netbox"; + group = "netbox"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; +} diff --git a/hosts/web-public-2/virtualHosts/acme-challenge.nix b/hosts/web-public-2/virtualHosts/acme-challenge.nix index d16de8f..9dc3b4b 100644 --- a/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -9,4 +9,13 @@ proxyPass = "http://jellyfin.vs.grzb.de:80"; }; }; + services.nginx.virtualHosts."netbox.grzb.de" = { + listen = [{ + addr = "0.0.0.0"; + port = 80; + }]; + locations."^~ /.well-known/acme-challenge/" = { + proxyPass = "http://netbox.vs.grzb.de:80"; + }; + }; }