forked from hacc/haccfiles
netbox uff(d)
This commit is contained in:
parent
5a28a55f01
commit
f75429781d
4 changed files with 192 additions and 2 deletions
|
@ -31,6 +31,8 @@ let
|
||||||
|
|
||||||
uffd = callPackage ./uffd {};
|
uffd = callPackage ./uffd {};
|
||||||
|
|
||||||
|
netbox = callPackage ./netbox { };
|
||||||
|
|
||||||
inherit (unstable) vaultwarden vaultwarden-vault;
|
inherit (unstable) vaultwarden vaultwarden-vault;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
70
pkgs/netbox/0001-add-uffd-oauth2-backend.patch
Normal file
70
pkgs/netbox/0001-add-uffd-oauth2-backend.patch
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
From 00e282e32b46bb4b6040dc3810599c693306c0ec Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Croft <david@sargasso.net>
|
||||||
|
Date: Thu, 24 Mar 2022 11:09:14 +0000
|
||||||
|
Subject: [PATCH] add uffd oauth2 backend
|
||||||
|
|
||||||
|
---
|
||||||
|
social_core/backends/uffd.py | 51 ++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 51 insertions(+)
|
||||||
|
create mode 100644 social_core/backends/uffd.py
|
||||||
|
|
||||||
|
diff --git a/social_core/backends/uffd.py b/social_core/backends/uffd.py
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..fb8ffb62
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/social_core/backends/uffd.py
|
||||||
|
@@ -0,0 +1,51 @@
|
||||||
|
+from urllib.parse import urlencode
|
||||||
|
+
|
||||||
|
+from .oauth import BaseOAuth2
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+class UffdOAuth2(BaseOAuth2):
|
||||||
|
+ """Uffd OAuth2 authentication backend
|
||||||
|
+
|
||||||
|
+ You need to set the following config:
|
||||||
|
+ SOCIAL_AUTH_UFFD_KEY - client id
|
||||||
|
+ SOCIAL_AUTH_UFFD_SECRET - client secret
|
||||||
|
+ SOCIAL_AUTH_UFFD_BASE_URL - base url to uffd installation
|
||||||
|
+ """
|
||||||
|
+
|
||||||
|
+ name = 'uffd'
|
||||||
|
+ ACCESS_TOKEN_METHOD = 'POST'
|
||||||
|
+ REFRESH_TOKEN_METHOD = 'POST'
|
||||||
|
+ SCOPE_SEPARATOR = ' '
|
||||||
|
+ STATE_PARAMETER = True
|
||||||
|
+ REDIRECT_STATE = False
|
||||||
|
+ EXTRA_DATA = [
|
||||||
|
+ ('id', 'id'),
|
||||||
|
+ ]
|
||||||
|
+
|
||||||
|
+ def get_user_details(self, response):
|
||||||
|
+ """Return user details from a Uffd account"""
|
||||||
|
+ fullname, first_name, last_name = self.get_user_names(fullname=response.get('name'))
|
||||||
|
+ return {
|
||||||
|
+ 'username': response.get('nickname'),
|
||||||
|
+ 'email': response.get('email') or '',
|
||||||
|
+ 'fullname': fullname,
|
||||||
|
+ 'first_name': first_name,
|
||||||
|
+ 'last_name': last_name,
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ def user_data(self, access_token, *args, **kwargs):
|
||||||
|
+ """Loads user data from service"""
|
||||||
|
+ url = self.userinfo_url() + '?' + urlencode({'access_token': access_token})
|
||||||
|
+ try:
|
||||||
|
+ return self.get_json(url)
|
||||||
|
+ except ValueError:
|
||||||
|
+ return None
|
||||||
|
+
|
||||||
|
+ def authorization_url(self):
|
||||||
|
+ return self.setting('BASE_URL') + '/oauth2/authorize'
|
||||||
|
+
|
||||||
|
+ def access_token_url(self):
|
||||||
|
+ return self.setting('BASE_URL') + '/oauth2/token'
|
||||||
|
+
|
||||||
|
+ def userinfo_url(self):
|
||||||
|
+ return self.setting('BASE_URL') + '/oauth2/userinfo'
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
99
pkgs/netbox/default.nix
Normal file
99
pkgs/netbox/default.nix
Normal file
|
@ -0,0 +1,99 @@
|
||||||
|
# note: this file has been copied out of nixpkgs 22.05, except for
|
||||||
|
# that bit where we add the patch for uffd. There does not seem to
|
||||||
|
# be a better way to do this, since successive overrides to the
|
||||||
|
# python package set revert each other, and this file does such an
|
||||||
|
# override.
|
||||||
|
|
||||||
|
{ lib
|
||||||
|
, pkgs
|
||||||
|
, fetchFromGitHub
|
||||||
|
, nixosTests
|
||||||
|
, python3
|
||||||
|
|
||||||
|
, plugins ? ps: [] }:
|
||||||
|
|
||||||
|
let
|
||||||
|
py = python3.override {
|
||||||
|
packageOverrides = self: super: {
|
||||||
|
django = super.django_4;
|
||||||
|
social-auth-core = super.social-auth-core.overrideAttrs ( old: {
|
||||||
|
patches = [ ./0001-add-uffd-oauth2-backend.patch ];
|
||||||
|
} );
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
extraBuildInputs = plugins py.pkgs;
|
||||||
|
in
|
||||||
|
py.pkgs.buildPythonApplication rec {
|
||||||
|
pname = "netbox";
|
||||||
|
version = "3.2.1";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "netbox-community";
|
||||||
|
repo = pname;
|
||||||
|
rev = "v${version}";
|
||||||
|
sha256 = "sha256-iA0KIgaHQh0OsN/tXmTATIlvnf0aLRdjeQ6VkiR9VJ4=";
|
||||||
|
};
|
||||||
|
|
||||||
|
format = "other";
|
||||||
|
|
||||||
|
patches = pkgs.netbox.patches;
|
||||||
|
|
||||||
|
propagatedBuildInputs = with py.pkgs; [
|
||||||
|
django_4
|
||||||
|
django-cors-headers
|
||||||
|
django-debug-toolbar
|
||||||
|
django-filter
|
||||||
|
django-graphiql-debug-toolbar
|
||||||
|
django-mptt
|
||||||
|
django-pglocks
|
||||||
|
django-prometheus
|
||||||
|
django-redis
|
||||||
|
django-rq
|
||||||
|
django-tables2
|
||||||
|
django-taggit
|
||||||
|
django-timezone-field
|
||||||
|
djangorestframework
|
||||||
|
drf-yasg
|
||||||
|
swagger-spec-validator # from drf-yasg[validation]
|
||||||
|
graphene-django
|
||||||
|
jinja2
|
||||||
|
markdown
|
||||||
|
markdown-include
|
||||||
|
mkdocs-material
|
||||||
|
netaddr
|
||||||
|
pillow
|
||||||
|
psycopg2
|
||||||
|
pyyaml
|
||||||
|
social-auth-core
|
||||||
|
social-auth-app-django
|
||||||
|
svgwrite
|
||||||
|
tablib
|
||||||
|
jsonschema
|
||||||
|
] ++ extraBuildInputs;
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/opt/netbox
|
||||||
|
cp -r . $out/opt/netbox
|
||||||
|
chmod +x $out/opt/netbox/netbox/manage.py
|
||||||
|
makeWrapper $out/opt/netbox/netbox/manage.py $out/bin/netbox \
|
||||||
|
--prefix PYTHONPATH : "$PYTHONPATH"
|
||||||
|
'';
|
||||||
|
|
||||||
|
passthru = {
|
||||||
|
# PYTHONPATH of all dependencies used by the package
|
||||||
|
pythonPath = python3.pkgs.makePythonPath propagatedBuildInputs;
|
||||||
|
|
||||||
|
tests = {
|
||||||
|
inherit (nixosTests) netbox;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
homepage = "https://github.com/netbox-community/netbox";
|
||||||
|
description = "IP address management (IPAM) and data center infrastructure management (DCIM) tool";
|
||||||
|
license = licenses.asl20;
|
||||||
|
maintainers = with maintainers; [ n0emis raitobezarius ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -7,6 +7,12 @@
|
||||||
localAddress = "192.168.140.10";
|
localAddress = "192.168.140.10";
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
|
bindMounts = {
|
||||||
|
"/persist" = {
|
||||||
|
hostPath = "/persist/containers/netbox";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
path = (evalConfig {
|
path = (evalConfig {
|
||||||
hosts = { };
|
hosts = { };
|
||||||
groups = { };
|
groups = { };
|
||||||
|
@ -18,12 +24,24 @@
|
||||||
|
|
||||||
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
|
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
services.netbox = {
|
services.netbox = {
|
||||||
enable = true;
|
enable = true;
|
||||||
secretKeyFile = "/var/lib/netbox/secret";
|
|
||||||
listenAddress = "0.0.0.0";
|
listenAddress = "0.0.0.0";
|
||||||
};
|
|
||||||
|
|
||||||
|
secretKeyFile = "/persist/var/lib/netbox/secret";
|
||||||
|
# this is set by the nopersist profile
|
||||||
|
# dataDir = lib.mkForce "/persistvar/lib/netbox";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
REMOTE_AUTH_BACKEND = 'social_core.backends.uffd.UffdOAuth2'
|
||||||
|
SOCIAL_AUTH_UFFD_KEY = "netbox"
|
||||||
|
SOCIAL_AUTH_UFFD_BASE_URL = "https://login.infra4future.de"
|
||||||
|
with open("/uffd-secret", "r") as file:
|
||||||
|
SOCIAL_AUTH_UFFD_SECRET = file.readline().replace("\n", "")
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
services.coredns = {
|
services.coredns = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -42,5 +60,6 @@
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://${config.containers.netbox.localAddress}:8001";
|
proxyPass = "http://${config.containers.netbox.localAddress}:8001";
|
||||||
};
|
};
|
||||||
|
locations."/static".root = "/persist/containers/netbox/var/lib/netbox";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue