{ config, lib, pkgs, evalConfig, ... }: { containers.netbox = { privateNetwork = true; hostAddress = "192.168.140.1"; localAddress = "192.168.140.10"; autoStart = true; bindMounts = { "/persist" = { hostPath = "/persist/containers/netbox"; isReadOnly = false; }; }; path = (evalConfig { hosts = { }; groups = { }; } ({ config, lib, pkgs, profiles, modules, sources, ... }: { boot.isContainer = true; networking.useDHCP = false; users.users.root.hashedPassword = ""; system.stateVersion = "21.11"; imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ]; services.netbox = { enable = true; listenAddress = "0.0.0.0"; secretKeyFile = "/persist/var/lib/netbox/secret"; # this is set by the nopersist profile # dataDir = lib.mkForce "/persistvar/lib/netbox"; extraConfig = '' REMOTE_AUTH_BACKEND = 'social_core.backends.uffd.UffdOAuth2' SOCIAL_AUTH_UFFD_KEY = "netbox" SOCIAL_AUTH_UFFD_BASE_URL = "https://login.infra4future.de" with open("/uffd-secret", "r") as file: SOCIAL_AUTH_UFFD_SECRET = file.readline().replace("\n", "") ''; }; # Enables nginx to traverse the directory to access /static systemd.services.netbox.serviceConfig.StateDirectoryMode=lib.mkForce 0751; services.coredns = { enable = true; config = '' .:53 { forward . 1.1.1.1 } ''; }; })).config.system.build.toplevel; }; services.nginx.virtualHosts."netbox.infra4future.de" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://${config.containers.netbox.localAddress}:8001"; }; locations."/static".root = "/persist/containers/netbox/var/lib/netbox"; }; }