WIP: add netbox

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>

deployment/check/data-model-tf-proxmox/nixosTest.nix

@@ -162,6 +162,13 @@ in
           KMS_KEY = "tsjxw9NjKUBUlzbTnD7orqIAdEmpGYRARvxD51jtY+o=";
         };
       };
+      services.netbox = {
+        enable = true;
+        # FIXME randomly generate this
+        secretKeyFile = pkgs.writeText "netbox-secret" "634da8232803a8155a58584d3186127000207e079d600fc10a890e5cd59c2f4b8f0e0654005944d2ce87f5be9c22ceebec66";
+        # listenAddress = "[::1]";
+        # port = 8001;
+      };
     };
 
   extraTestScript = ''

deployment/run/netbox-store-ips/main.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_providers {
+    netbox = {
+      source  = "e-breuninger/netbox"
+      version = "= 5.0.0"
+    }
+  }
+  backend "http" {
+  }
+}
+
+resource "netbox_ip_range" "ips" {
+  start_address = var.start_address
+  end_address   = var.end_address
+}

deployment/run/netbox-store-ips/tf.nix

@@ -0,0 +1,49 @@
+# FIXME: use overlays so this gets imported just once?
+{
+  pkgs,
+}:
+# FIXME centralize overlays
+# XXX using recent revision for https://github.com/NixOS/nixpkgs/pull/447849
+let
+  sources = import ../../../npins;
+  mkProvider =
+    args:
+    pkgs.terraform-providers.mkProvider (
+      { mkProviderFetcher = { repo, ... }: sources.${repo}; } // args
+    );
+in
+(
+  (pkgs.callPackage "${sources.nixpkgs-unstable}/pkgs/by-name/op/opentofu/package.nix" { })
+  .overrideAttrs
+  (old: rec {
+    patches = (old.patches or [ ]) ++ [
+      # TF with back-end poses a problem for nix: initialization involves both
+      # mutation (nix: only inside build) and a network call (nix: not inside build)
+      ../../check/data-model-tf/02-opentofu-sandboxed-init.patch
+    ];
+    # versions > 1.9.0 need go 1.24+
+    version = "1.9.0";
+    src = pkgs.fetchFromGitHub {
+      owner = "opentofu";
+      repo = "opentofu";
+      tag = "v${version}";
+      hash = "sha256-e0ZzbQdex0DD7Bj9WpcVI5roh0cMbJuNr5nsSVaOSu4=";
+    };
+    vendorHash = "sha256-fMTbLSeW+pw6GK8/JLZzG2ER90ss2g1FSDX5+f292do=";
+  })
+).withPlugins
+  (p: [
+    # p.external
+    # p.null
+    (mkProvider {
+      owner = "e-breuninger";
+      repo = "terraform-provider-netbox";
+      rev = "v5.0.0";
+      spdx = "MPL-2.0";
+      # hash = null;
+      hash = "sha256-iCaCt8ZbkxCk43QEyj3PeHYuKPCPVU2oQ78aumH/l6k=";
+      vendorHash = "sha256-Q3H/6mpkWn1Gw0NRMtKtkBRGHjPJZGBFdGwfalyQ4Z0=";
+      homepage = "https://registry.terraform.io/providers/e-breuninger/netbox";
+      provider-source-address = "registry.opentofu.org/e-breuninger/netbox";
+    })
+  ])

deployment/run/netbox-store-ips/variables.tf

@@ -0,0 +1,9 @@
+variable "start_address" {
+  description = "Start of the IP range, e.g. 10.0.0.1/24."
+  type = string
+}
+
+variable "end_address" {
+  description = "End of the IP range, e.g. 10.0.0.50/24."
+  type = string
+}