Add docker role for netbox

sown · Dec 1, 2024 · 06335f2 · 06335f2
1 parent d79b801
commit 06335f2
Show file tree

Hide file tree

Showing 7 changed files with 95 additions and 0 deletions.
diff --git a/config.yml b/config.yml
@@ -59,3 +59,5 @@
       tags: docker-kmibot
     - role: docker_kmicms
       tags: docker-kmicms
+    - role: docker_netbox
+      tags: docker-netbox
diff --git a/group_vars/all/ntp.yml b/group_vars/all/ntp.yml
@@ -0,0 +1 @@
+ntp_timezone: Europe/London
diff --git a/host_vars/CONTAINERS-1/netbox.yml b/host_vars/CONTAINERS-1/netbox.yml
@@ -0,0 +1,22 @@
+docker_netbox_oidc_app_name: netbox-dev
+docker_netbox_oidc_client_id: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  61343235343832316132313236646331303733333963356630333939663133613930306166316433
+  6534636436663762346435313966386462383033613264630a643264386163356231336433636363
+  64303038326332636637646163636465653737643864376133303239616131346534666162363431
+  6563613061303237620a643564343964393433636531343266353530613566323437393763616238
+  31336266363564363537633836643436653036376139326163326537316564303764343733363235
+  3939353230643261333335373139626430386430316331373437
+docker_netbox_oidc_client_secret: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  35326436396639366439616534363062323032613865376332643737616431346333373962663737
+  6238626363666630613330653336323235613538313638300a313565386536343066653762313632
+  34353031626163326134613262626636633234356630306161643063313563343563656232633162
+  6337636234343461610a656136653735333336323235363535356364356432383236363166366230
+  66653138373237313766313565313435326466303437626438373638383439356564333638613563
+  31346462633761616236323561636163366332396334633165626436663734353561366561356663
+  37626234646264316338353362336635323563383832363036303363613538326463393631373761
+  33376466636461636361373538353265336632626164633061383761633866396636663036623837
+  64343834346463353331633839383833323461396234613130323634643638366466646533313132
+  61376263383238343837363263383338373835343933303934333931643062323332393931303330
+  613530643539333532363939626137393431
diff --git a/roles/docker_netbox/files/configuration.py b/roles/docker_netbox/files/configuration.py
@@ -0,0 +1,8 @@
+from os import environ
+
+# python-social-auth configuration
+SOCIAL_AUTH_OIDC_ENDPOINT = environ.get('SOCIAL_AUTH_OIDC_ENDPOINT')
+SOCIAL_AUTH_OIDC_KEY = environ.get('SOCIAL_AUTH_OIDC_KEY')
+SOCIAL_AUTH_OIDC_SECRET = environ.get('SOCIAL_AUTH_OIDC_SECRET')
+SOCIAL_AUTH_OIDC_SCOPE = ["openid", "profile", "email", "roles"]
+LOGOUT_REDIRECT_URL = environ.get('LOGOUT_REDIRECT_URL')
diff --git a/roles/docker_netbox/files/docker-compose.override.yml b/roles/docker_netbox/files/docker-compose.override.yml
@@ -0,0 +1,36 @@
+services:
+  netbox:
+    networks:
+      - default
+      - traefik
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.netbox.rule=Host(`netbox-dev.containers-dev.sown.org.uk`)
+      - traefik.http.routers.netbox.tls.certresolver=le
+      - traefik.http.services.netbox-netbox.loadbalancer.server.port=8080
+      - traefik.http.middlewares.netbox-ratelimit.ratelimit.average=5
+      - traefik.http.middlewares.netbox-ratelimit.ratelimit.burst=1000
+      - traefik.http.routers.netbox.middlewares=netbox-ratelimit
+    environment:
+      - TIMEZONE={{ ntp_timezone }}
+      - REMOTE_AUTH_ENABLED=true
+      - REMOTE_AUTH_BACKEND=social_core.backends.open_id_connect.OpenIdConnectAuth
+      - SOCIAL_AUTH_OIDC_ENDPOINT=https://sso.sown.org.uk/application/o/{{ docker_netbox_oidc_app_name }}
+      - SOCIAL_AUTH_OIDC_KEY={{ docker_netbox_oidc_client_id }}
+      - SOCIAL_AUTH_OIDC_SECRET={{ docker_netbox_oidc_client_secret }}
+      - LOGOUT_REDIRECT_URL=https://sso.sown.org.uk/application/o/{{ docker_netbox_oidc_app_name }}/end-session/
+    restart: unless-stopped
+  netbox-worker:
+    restart: unless-stopped
+  netbox-housekeeping:
+    restart: unless-stopped
+  postgres:
+    restart: unless-stopped
+  redis:
+    restart: unless-stopped
+  redis-cache:
+    restart: unless-stopped
+
+networks:
+  traefik:
+    external: true
diff --git a/roles/docker_netbox/handlers/main.yml b/roles/docker_netbox/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart netbox  # noqa: no-changed-when
+  command:
+    chdir: /opt/netbox
+    cmd: "{{ docker_update_command }}"
diff --git a/roles/docker_netbox/tasks/main.yml b/roles/docker_netbox/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Checkout netbox-docker into /opt/netbox
+  git:
+    repo: https://github.com/netbox-community/netbox-docker.git
+    dest: /opt/netbox
+    version: 3.0.2
+  notify: Restart netbox
+
+- name: Install extra config
+  template:
+    src: files/configuration.py
+    dest: /opt/netbox/configuration/ansible.py
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+  notify: Restart netbox
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.override.yml
+    dest: /opt/netbox/docker-compose.override.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+  notify: Restart netbox