netbox uff(d)

This commit is contained in:
stuebinm 2022-12-09 02:53:48 +01:00
parent 5a28a55f01
commit f75429781d
4 changed files with 192 additions and 2 deletions

View file

@ -31,6 +31,8 @@ let
uffd = callPackage ./uffd {};
netbox = callPackage ./netbox { };
inherit (unstable) vaultwarden vaultwarden-vault;
};

View file

@ -0,0 +1,70 @@
From 00e282e32b46bb4b6040dc3810599c693306c0ec Mon Sep 17 00:00:00 2001
From: David Croft <david@sargasso.net>
Date: Thu, 24 Mar 2022 11:09:14 +0000
Subject: [PATCH] add uffd oauth2 backend
---
social_core/backends/uffd.py | 51 ++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
create mode 100644 social_core/backends/uffd.py
diff --git a/social_core/backends/uffd.py b/social_core/backends/uffd.py
new file mode 100644
index 00000000..fb8ffb62
--- /dev/null
+++ b/social_core/backends/uffd.py
@@ -0,0 +1,51 @@
+from urllib.parse import urlencode
+
+from .oauth import BaseOAuth2
+
+
+class UffdOAuth2(BaseOAuth2):
+ """Uffd OAuth2 authentication backend
+
+ You need to set the following config:
+ SOCIAL_AUTH_UFFD_KEY - client id
+ SOCIAL_AUTH_UFFD_SECRET - client secret
+ SOCIAL_AUTH_UFFD_BASE_URL - base url to uffd installation
+ """
+
+ name = 'uffd'
+ ACCESS_TOKEN_METHOD = 'POST'
+ REFRESH_TOKEN_METHOD = 'POST'
+ SCOPE_SEPARATOR = ' '
+ STATE_PARAMETER = True
+ REDIRECT_STATE = False
+ EXTRA_DATA = [
+ ('id', 'id'),
+ ]
+
+ def get_user_details(self, response):
+ """Return user details from a Uffd account"""
+ fullname, first_name, last_name = self.get_user_names(fullname=response.get('name'))
+ return {
+ 'username': response.get('nickname'),
+ 'email': response.get('email') or '',
+ 'fullname': fullname,
+ 'first_name': first_name,
+ 'last_name': last_name,
+ }
+
+ def user_data(self, access_token, *args, **kwargs):
+ """Loads user data from service"""
+ url = self.userinfo_url() + '?' + urlencode({'access_token': access_token})
+ try:
+ return self.get_json(url)
+ except ValueError:
+ return None
+
+ def authorization_url(self):
+ return self.setting('BASE_URL') + '/oauth2/authorize'
+
+ def access_token_url(self):
+ return self.setting('BASE_URL') + '/oauth2/token'
+
+ def userinfo_url(self):
+ return self.setting('BASE_URL') + '/oauth2/userinfo'
--
2.38.1

99
pkgs/netbox/default.nix Normal file
View file

@ -0,0 +1,99 @@
# note: this file has been copied out of nixpkgs 22.05, except for
# that bit where we add the patch for uffd. There does not seem to
# be a better way to do this, since successive overrides to the
# python package set revert each other, and this file does such an
# override.
{ lib
, pkgs
, fetchFromGitHub
, nixosTests
, python3
, plugins ? ps: [] }:
let
py = python3.override {
packageOverrides = self: super: {
django = super.django_4;
social-auth-core = super.social-auth-core.overrideAttrs ( old: {
patches = [ ./0001-add-uffd-oauth2-backend.patch ];
} );
};
};
extraBuildInputs = plugins py.pkgs;
in
py.pkgs.buildPythonApplication rec {
pname = "netbox";
version = "3.2.1";
src = fetchFromGitHub {
owner = "netbox-community";
repo = pname;
rev = "v${version}";
sha256 = "sha256-iA0KIgaHQh0OsN/tXmTATIlvnf0aLRdjeQ6VkiR9VJ4=";
};
format = "other";
patches = pkgs.netbox.patches;
propagatedBuildInputs = with py.pkgs; [
django_4
django-cors-headers
django-debug-toolbar
django-filter
django-graphiql-debug-toolbar
django-mptt
django-pglocks
django-prometheus
django-redis
django-rq
django-tables2
django-taggit
django-timezone-field
djangorestframework
drf-yasg
swagger-spec-validator # from drf-yasg[validation]
graphene-django
jinja2
markdown
markdown-include
mkdocs-material
netaddr
pillow
psycopg2
pyyaml
social-auth-core
social-auth-app-django
svgwrite
tablib
jsonschema
] ++ extraBuildInputs;
installPhase = ''
mkdir -p $out/opt/netbox
cp -r . $out/opt/netbox
chmod +x $out/opt/netbox/netbox/manage.py
makeWrapper $out/opt/netbox/netbox/manage.py $out/bin/netbox \
--prefix PYTHONPATH : "$PYTHONPATH"
'';
passthru = {
# PYTHONPATH of all dependencies used by the package
pythonPath = python3.pkgs.makePythonPath propagatedBuildInputs;
tests = {
inherit (nixosTests) netbox;
};
};
meta = with lib; {
homepage = "https://github.com/netbox-community/netbox";
description = "IP address management (IPAM) and data center infrastructure management (DCIM) tool";
license = licenses.asl20;
maintainers = with maintainers; [ n0emis raitobezarius ];
};
}

View file

@ -7,6 +7,12 @@
localAddress = "192.168.140.10";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/netbox";
isReadOnly = false;
};
};
path = (evalConfig {
hosts = { };
groups = { };
@ -18,12 +24,24 @@
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
services.netbox = {
enable = true;
secretKeyFile = "/var/lib/netbox/secret";
listenAddress = "0.0.0.0";
};
secretKeyFile = "/persist/var/lib/netbox/secret";
# this is set by the nopersist profile
# dataDir = lib.mkForce "/persistvar/lib/netbox";
extraConfig = ''
REMOTE_AUTH_BACKEND = 'social_core.backends.uffd.UffdOAuth2'
SOCIAL_AUTH_UFFD_KEY = "netbox"
SOCIAL_AUTH_UFFD_BASE_URL = "https://login.infra4future.de"
with open("/uffd-secret", "r") as file:
SOCIAL_AUTH_UFFD_SECRET = file.readline().replace("\n", "")
'';
};
services.coredns = {
enable = true;
@ -42,5 +60,6 @@
locations."/" = {
proxyPass = "http://${config.containers.netbox.localAddress}:8001";
};
locations."/static".root = "/persist/containers/netbox/var/lib/netbox";
};
}