pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / web-apps / netbox / default.nix
at master 4.8 kB view raw
1let 2 ldapDomain = "example.org"; 3 ldapSuffix = "dc=example,dc=org"; 4 5 ldapRootUser = "admin"; 6 ldapRootPassword = "foobar"; 7 8 testUser = "alice"; 9 testPassword = "verySecure"; 10 testGroup = "netbox-users"; 11in 12import ../../make-test-python.nix ( 13 { 14 lib, 15 pkgs, 16 netbox, 17 ... 18 }: 19 { 20 name = "netbox"; 21 22 meta = with lib.maintainers; { 23 maintainers = [ 24 minijackson 25 ]; 26 }; 27 28 skipTypeCheck = true; 29 30 nodes.machine = 31 { config, ... }: 32 { 33 virtualisation.memorySize = 2048; 34 services.netbox = { 35 enable = true; 36 package = netbox; 37 secretKeyFile = pkgs.writeText "secret" '' 38 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 39 ''; 40 41 enableLdap = true; 42 ldapConfigPath = pkgs.writeText "ldap_config.py" '' 43 import ldap 44 from django_auth_ldap.config import LDAPSearch, PosixGroupType 45 46 AUTH_LDAP_SERVER_URI = "ldap://localhost/" 47 48 AUTH_LDAP_USER_SEARCH = LDAPSearch( 49 "ou=accounts,ou=posix,${ldapSuffix}", 50 ldap.SCOPE_SUBTREE, 51 "(uid=%(user)s)", 52 ) 53 54 AUTH_LDAP_GROUP_SEARCH = LDAPSearch( 55 "ou=groups,ou=posix,${ldapSuffix}", 56 ldap.SCOPE_SUBTREE, 57 "(objectClass=posixGroup)", 58 ) 59 AUTH_LDAP_GROUP_TYPE = PosixGroupType() 60 61 # Mirror LDAP group assignments. 62 AUTH_LDAP_MIRROR_GROUPS = True 63 64 # For more granular permissions, we can map LDAP groups to Django groups. 65 AUTH_LDAP_FIND_GROUP_PERMS = True 66 ''; 67 }; 68 69 services.nginx = { 70 enable = true; 71 72 recommendedProxySettings = true; 73 74 virtualHosts.netbox = { 75 default = true; 76 locations."/".proxyPass = "http://localhost:${toString config.services.netbox.port}"; 77 locations."/static/".alias = "/var/lib/netbox/static/"; 78 }; 79 }; 80 81 # Adapted from the sssd-ldap NixOS test 82 services.openldap = { 83 enable = true; 84 settings = { 85 children = { 86 "cn=schema".includes = [ 87 "${pkgs.openldap}/etc/schema/core.ldif" 88 "${pkgs.openldap}/etc/schema/cosine.ldif" 89 "${pkgs.openldap}/etc/schema/inetorgperson.ldif" 90 "${pkgs.openldap}/etc/schema/nis.ldif" 91 ]; 92 "olcDatabase={1}mdb" = { 93 attrs = { 94 objectClass = [ 95 "olcDatabaseConfig" 96 "olcMdbConfig" 97 ]; 98 olcDatabase = "{1}mdb"; 99 olcDbDirectory = "/var/lib/openldap/db"; 100 olcSuffix = ldapSuffix; 101 olcRootDN = "cn=${ldapRootUser},${ldapSuffix}"; 102 olcRootPW = ldapRootPassword; 103 }; 104 }; 105 }; 106 }; 107 declarativeContents = { 108 ${ldapSuffix} = '' 109 dn: ${ldapSuffix} 110 objectClass: top 111 objectClass: dcObject 112 objectClass: organization 113 o: ${ldapDomain} 114 115 dn: ou=posix,${ldapSuffix} 116 objectClass: top 117 objectClass: organizationalUnit 118 119 dn: ou=accounts,ou=posix,${ldapSuffix} 120 objectClass: top 121 objectClass: organizationalUnit 122 123 dn: uid=${testUser},ou=accounts,ou=posix,${ldapSuffix} 124 objectClass: person 125 objectClass: posixAccount 126 userPassword: ${testPassword} 127 homeDirectory: /home/${testUser} 128 uidNumber: 1234 129 gidNumber: 1234 130 cn: "" 131 sn: "" 132 133 dn: ou=groups,ou=posix,${ldapSuffix} 134 objectClass: top 135 objectClass: organizationalUnit 136 137 dn: cn=${testGroup},ou=groups,ou=posix,${ldapSuffix} 138 objectClass: posixGroup 139 gidNumber: 2345 140 memberUid: ${testUser} 141 ''; 142 }; 143 }; 144 145 users.users.nginx.extraGroups = [ "netbox" ]; 146 147 networking.firewall.allowedTCPPorts = [ 80 ]; 148 }; 149 150 testScript = 151 let 152 changePassword = pkgs.writeText "change-password.py" '' 153 from users.models import User 154 u = User.objects.get(username='netbox') 155 u.set_password('netbox') 156 u.save() 157 ''; 158 in 159 builtins.replaceStrings 160 [ "$\{changePassword}" "$\{testUser}" "$\{testPassword}" "$\{testGroup}" ] 161 [ "${changePassword}" "${testUser}" "${testPassword}" "${testGroup}" ] 162 (lib.readFile "${./testScript.py}"); 163 } 164)