forked from hacc/haccfiles
netbox uff(d)
This commit is contained in:
parent
5a28a55f01
commit
f75429781d
4 changed files with 192 additions and 2 deletions
|
@ -31,6 +31,8 @@ let
|
|||
|
||||
uffd = callPackage ./uffd {};
|
||||
|
||||
netbox = callPackage ./netbox { };
|
||||
|
||||
inherit (unstable) vaultwarden vaultwarden-vault;
|
||||
};
|
||||
|
||||
|
|
70
pkgs/netbox/0001-add-uffd-oauth2-backend.patch
Normal file
70
pkgs/netbox/0001-add-uffd-oauth2-backend.patch
Normal file
|
@ -0,0 +1,70 @@
|
|||
From 00e282e32b46bb4b6040dc3810599c693306c0ec Mon Sep 17 00:00:00 2001
|
||||
From: David Croft <david@sargasso.net>
|
||||
Date: Thu, 24 Mar 2022 11:09:14 +0000
|
||||
Subject: [PATCH] add uffd oauth2 backend
|
||||
|
||||
---
|
||||
social_core/backends/uffd.py | 51 ++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 51 insertions(+)
|
||||
create mode 100644 social_core/backends/uffd.py
|
||||
|
||||
diff --git a/social_core/backends/uffd.py b/social_core/backends/uffd.py
|
||||
new file mode 100644
|
||||
index 00000000..fb8ffb62
|
||||
--- /dev/null
|
||||
+++ b/social_core/backends/uffd.py
|
||||
@@ -0,0 +1,51 @@
|
||||
+from urllib.parse import urlencode
|
||||
+
|
||||
+from .oauth import BaseOAuth2
|
||||
+
|
||||
+
|
||||
+class UffdOAuth2(BaseOAuth2):
|
||||
+ """Uffd OAuth2 authentication backend
|
||||
+
|
||||
+ You need to set the following config:
|
||||
+ SOCIAL_AUTH_UFFD_KEY - client id
|
||||
+ SOCIAL_AUTH_UFFD_SECRET - client secret
|
||||
+ SOCIAL_AUTH_UFFD_BASE_URL - base url to uffd installation
|
||||
+ """
|
||||
+
|
||||
+ name = 'uffd'
|
||||
+ ACCESS_TOKEN_METHOD = 'POST'
|
||||
+ REFRESH_TOKEN_METHOD = 'POST'
|
||||
+ SCOPE_SEPARATOR = ' '
|
||||
+ STATE_PARAMETER = True
|
||||
+ REDIRECT_STATE = False
|
||||
+ EXTRA_DATA = [
|
||||
+ ('id', 'id'),
|
||||
+ ]
|
||||
+
|
||||
+ def get_user_details(self, response):
|
||||
+ """Return user details from a Uffd account"""
|
||||
+ fullname, first_name, last_name = self.get_user_names(fullname=response.get('name'))
|
||||
+ return {
|
||||
+ 'username': response.get('nickname'),
|
||||
+ 'email': response.get('email') or '',
|
||||
+ 'fullname': fullname,
|
||||
+ 'first_name': first_name,
|
||||
+ 'last_name': last_name,
|
||||
+ }
|
||||
+
|
||||
+ def user_data(self, access_token, *args, **kwargs):
|
||||
+ """Loads user data from service"""
|
||||
+ url = self.userinfo_url() + '?' + urlencode({'access_token': access_token})
|
||||
+ try:
|
||||
+ return self.get_json(url)
|
||||
+ except ValueError:
|
||||
+ return None
|
||||
+
|
||||
+ def authorization_url(self):
|
||||
+ return self.setting('BASE_URL') + '/oauth2/authorize'
|
||||
+
|
||||
+ def access_token_url(self):
|
||||
+ return self.setting('BASE_URL') + '/oauth2/token'
|
||||
+
|
||||
+ def userinfo_url(self):
|
||||
+ return self.setting('BASE_URL') + '/oauth2/userinfo'
|
||||
--
|
||||
2.38.1
|
||||
|
99
pkgs/netbox/default.nix
Normal file
99
pkgs/netbox/default.nix
Normal file
|
@ -0,0 +1,99 @@
|
|||
# note: this file has been copied out of nixpkgs 22.05, except for
|
||||
# that bit where we add the patch for uffd. There does not seem to
|
||||
# be a better way to do this, since successive overrides to the
|
||||
# python package set revert each other, and this file does such an
|
||||
# override.
|
||||
|
||||
{ lib
|
||||
, pkgs
|
||||
, fetchFromGitHub
|
||||
, nixosTests
|
||||
, python3
|
||||
|
||||
, plugins ? ps: [] }:
|
||||
|
||||
let
|
||||
py = python3.override {
|
||||
packageOverrides = self: super: {
|
||||
django = super.django_4;
|
||||
social-auth-core = super.social-auth-core.overrideAttrs ( old: {
|
||||
patches = [ ./0001-add-uffd-oauth2-backend.patch ];
|
||||
} );
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
extraBuildInputs = plugins py.pkgs;
|
||||
in
|
||||
py.pkgs.buildPythonApplication rec {
|
||||
pname = "netbox";
|
||||
version = "3.2.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "netbox-community";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-iA0KIgaHQh0OsN/tXmTATIlvnf0aLRdjeQ6VkiR9VJ4=";
|
||||
};
|
||||
|
||||
format = "other";
|
||||
|
||||
patches = pkgs.netbox.patches;
|
||||
|
||||
propagatedBuildInputs = with py.pkgs; [
|
||||
django_4
|
||||
django-cors-headers
|
||||
django-debug-toolbar
|
||||
django-filter
|
||||
django-graphiql-debug-toolbar
|
||||
django-mptt
|
||||
django-pglocks
|
||||
django-prometheus
|
||||
django-redis
|
||||
django-rq
|
||||
django-tables2
|
||||
django-taggit
|
||||
django-timezone-field
|
||||
djangorestframework
|
||||
drf-yasg
|
||||
swagger-spec-validator # from drf-yasg[validation]
|
||||
graphene-django
|
||||
jinja2
|
||||
markdown
|
||||
markdown-include
|
||||
mkdocs-material
|
||||
netaddr
|
||||
pillow
|
||||
psycopg2
|
||||
pyyaml
|
||||
social-auth-core
|
||||
social-auth-app-django
|
||||
svgwrite
|
||||
tablib
|
||||
jsonschema
|
||||
] ++ extraBuildInputs;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/opt/netbox
|
||||
cp -r . $out/opt/netbox
|
||||
chmod +x $out/opt/netbox/netbox/manage.py
|
||||
makeWrapper $out/opt/netbox/netbox/manage.py $out/bin/netbox \
|
||||
--prefix PYTHONPATH : "$PYTHONPATH"
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
# PYTHONPATH of all dependencies used by the package
|
||||
pythonPath = python3.pkgs.makePythonPath propagatedBuildInputs;
|
||||
|
||||
tests = {
|
||||
inherit (nixosTests) netbox;
|
||||
};
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/netbox-community/netbox";
|
||||
description = "IP address management (IPAM) and data center infrastructure management (DCIM) tool";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ n0emis raitobezarius ];
|
||||
};
|
||||
}
|
|
@ -7,6 +7,12 @@
|
|||
localAddress = "192.168.140.10";
|
||||
autoStart = true;
|
||||
|
||||
bindMounts = {
|
||||
"/persist" = {
|
||||
hostPath = "/persist/containers/netbox";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
path = (evalConfig {
|
||||
hosts = { };
|
||||
groups = { };
|
||||
|
@ -18,12 +24,24 @@
|
|||
|
||||
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
|
||||
|
||||
|
||||
|
||||
services.netbox = {
|
||||
enable = true;
|
||||
secretKeyFile = "/var/lib/netbox/secret";
|
||||
listenAddress = "0.0.0.0";
|
||||
};
|
||||
|
||||
secretKeyFile = "/persist/var/lib/netbox/secret";
|
||||
# this is set by the nopersist profile
|
||||
# dataDir = lib.mkForce "/persistvar/lib/netbox";
|
||||
|
||||
extraConfig = ''
|
||||
REMOTE_AUTH_BACKEND = 'social_core.backends.uffd.UffdOAuth2'
|
||||
SOCIAL_AUTH_UFFD_KEY = "netbox"
|
||||
SOCIAL_AUTH_UFFD_BASE_URL = "https://login.infra4future.de"
|
||||
with open("/uffd-secret", "r") as file:
|
||||
SOCIAL_AUTH_UFFD_SECRET = file.readline().replace("\n", "")
|
||||
'';
|
||||
};
|
||||
|
||||
services.coredns = {
|
||||
enable = true;
|
||||
|
@ -42,5 +60,6 @@
|
|||
locations."/" = {
|
||||
proxyPass = "http://${config.containers.netbox.localAddress}:8001";
|
||||
};
|
||||
locations."/static".root = "/persist/containers/netbox/var/lib/netbox";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue