From 70f02c59df5420bae8bffa68dec4581784acc525 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Wed, 13 Aug 2025 15:55:48 -0400
Subject: [PATCH] working netbox

---
 hosts/nixos/HandlerOne/default.nix  |  2 ++
 modules/services/netbox/default.nix | 20 +++++++++++++++-----
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/hosts/nixos/HandlerOne/default.nix b/hosts/nixos/HandlerOne/default.nix
index ad44a8c..0504482 100644
--- a/hosts/nixos/HandlerOne/default.nix
+++ b/hosts/nixos/HandlerOne/default.nix
@@ -49,6 +49,7 @@
       "modules/services/trilium"
       "modules/services/fail2ban"
       "modules/services/ollama/nginx.nix" # Just host the nginx path back to Parzival
+      "modules/services/netbox"
     ])
   ];
 
@@ -121,6 +122,7 @@
       "matrix.wanderingcrow.net" = {};
       "ta.wanderingcrow.net" = {};
       "chat.wanderingcrow.net" = {};
+      "netbox.wanderingcrow.net" = {};
     };
   };
 }
diff --git a/modules/services/netbox/default.nix b/modules/services/netbox/default.nix
index 8fc9255..7bdbde9 100644
--- a/modules/services/netbox/default.nix
+++ b/modules/services/netbox/default.nix
@@ -1,19 +1,27 @@
 {
+  inputs,
   config,
   pkgs,
   ...
-}: {
+}: let
+  sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
+in {
   users.users.nginx.extraGroups = ["netbox"];
 
-  sops.secrets."netbox/secret-key" = {};
+  sops.secrets."netbox/secret-key" = {
+    owner = "netbox";
+    sopsFile = "${sopsFolder}/shared.yaml";
+  };
 
   services.nginx = {
     enable = true;
     recommendedProxySettings = true; # otherwise you will get CSRF error while login
     virtualHosts."netbox.wanderingcrow.net" = {
+      forceSSL = true;
+      useACMEHost = "netbox.wanderingcrow.net";
       locations = {
         "/" = {
-          proxyPass = "/run/netbox/netbox.sock";
+          proxyPass = "http://${config.services.netbox.listenAddress}:${builtins.toString config.services.netbox.port}";
         };
         "/static/" = {alias = "${config.services.netbox.dataDir}/static/";};
       };
@@ -21,8 +29,10 @@
   };
 
   services.netbox = {
-    enabled = true;
-    unixSocket = "/run/netbox/netbox.sock";
+    enable = true;
+    package = pkgs.netbox;
+    listenAddress = "0.0.0.0";
+    port = 9099;
     secretKeyFile = config.sops.secrets."netbox/secret-key".path;
   };
 }