From 062c2f8a6476d95a4ce4413236c43c329155daca Mon Sep 17 00:00:00 2001 From: lbrinkhaus Date: Fri, 14 Jan 2022 17:07:44 +0100 Subject: [PATCH] Initialize and add Netbox Docker image --- .dockerignore | 8 + .editorconfig | 20 +++ .gitattributes | 17 ++ .gitignore | 195 +++++++++++++++++++++++ Dockerfile | 71 +++++++++ README.md | 1 + root/defaults/configuration.py | 282 +++++++++++++++++++++++++++++++++ root/defaults/uwsgi.ini | 11 ++ root/etc/cont-init.d/50-config | 71 +++++++++ root/etc/services.d/netbox/run | 6 + 10 files changed, 682 insertions(+) create mode 100644 .dockerignore create mode 100644 .editorconfig create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 root/defaults/configuration.py create mode 100644 root/defaults/uwsgi.ini create mode 100644 root/etc/cont-init.d/50-config create mode 100644 root/etc/services.d/netbox/run diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..501b0bd --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +.git +.gitignore +.github +.gitattributes +.idea +.drone.yml +READMETEMPLATE.md +README.md diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..a92f7df --- /dev/null +++ b/.editorconfig @@ -0,0 +1,20 @@ +# This file is globally distributed to all container image projects from +# https://github.com/linuxserver/docker-jenkins-builder/blob/master/.editorconfig + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +insert_final_newline = true +# trim_trailing_whitespace may cause unintended issues and should not be globally set true +trim_trailing_whitespace = false + +[{Dockerfile*,**.yml}] +indent_style = space +indent_size = 2 + +[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}] +indent_style = space +indent_size = 4 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..bdb0cab --- /dev/null +++ b/.gitattributes @@ -0,0 +1,17 @@ +# Auto detect text files and perform LF normalization +* text=auto + +# Custom for Visual Studio +*.cs diff=csharp + +# Standard to msysgit +*.doc diff=astextplain +*.DOC diff=astextplain +*.docx diff=astextplain +*.DOCX diff=astextplain +*.dot diff=astextplain +*.DOT diff=astextplain +*.pdf diff=astextplain +*.PDF diff=astextplain +*.rtf diff=astextplain +*.RTF diff=astextplain diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2d900d3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,195 @@ +# Windows image file caches +Thumbs.db +ehthumbs.db + +# Folder config file +Desktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msm +*.msp + +# Windows shortcuts +*.lnk + +# ========================= +# Operating System Files +# ========================= + +# OSX +# ========================= + +.DS_Store +.AppleDouble +.LSOverride + +# Thumbnails +._* + +# Files that might appear on external disk +.Spotlight-V100 +.Trashes + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +.history/ +.jenkins-external + +# ---> Go +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, build with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# ---> JetBrains +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# Generated files +.idea/**/contentModel.xml + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/modules.xml +# .idea/*.iml +# .idea/modules + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +# ---> Eclipse + +.metadata +bin/ +tmp/ +*.tmp +*.bak +*.swp +*~.nib +local.properties +.settings/ +.loadpath +.recommenders + +# External tool builders +.externalToolBuilders/ + +# Locally stored "Eclipse launch configurations" +*.launch + +# PyDev specific (Python IDE for Eclipse) +*.pydevproject + +# CDT-specific (C/C++ Development Tooling) +.cproject + +# CDT- autotools +.autotools + +# Java annotation processor (APT) +.factorypath + +# PDT-specific (PHP Development Tools) +.buildpath + +# sbteclipse plugin +.target + +# Tern plugin +.tern-project + +# TeXlipse plugin +.texlipse + +# STS (Spring Tool Suite) +.springBeans + +# Code Recommenders +.recommenders/ + +# Annotation Processing +.apt_generated/ + +# Scala IDE specific (Scala & Java development for Eclipse) +.cache-main +.scala_dependencies +.worksheet + +# ---> VisualStudioCode +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json + +.idea diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..cab5887 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,71 @@ +FROM harbor.dragse.it/base/alpine:3.15 + +LABEL maintainer="Lennard Brinkhaus " + +RUN echo $'http://nexus.dragse.it/repository/apk-main/\nhttp://nexus.dragse.it/repository/apk-community/' > /etc/apk/repositories + +RUN apk --no-cache upgrade \ + && apk --no-cache add ca-certificates wget openssl \ + && update-ca-certificates + +# set version label +ARG NETBOX_RELEASE="v3.1.5" + +RUN echo "**** install runtime packages ****" && \ + apk add --no-cache --upgrade \ + postgresql-client \ + py3-pillow \ + py3-setuptools \ + python3 \ + uwsgi \ + uwsgi-python + +RUN \ + echo "**** install build packages ****" && \ + apk add --no-cache --upgrade --virtual=build-dependencies \ + curl \ + cargo \ + gcc \ + git \ + jpeg-dev \ + libffi-dev \ + libxslt-dev \ + libxml2-dev \ + musl-dev \ + openssl-dev \ + postgresql-dev \ + python3-dev \ + zlib-dev && \ + echo "**** install netbox ****" && \ + mkdir -p /app/netbox && \ + if [ -z ${NETBOX_RELEASE+x} ]; then \ + NETBOX_RELEASE=$(curl -sX GET "https://api.github.com/repos/netbox-community/netbox/releases/latest" \ + | awk '/tag_name/{print $4;exit}' FS='[""]'); \ + fi && \ + curl -o \ + /tmp/netbox.tar.gz -L \ + "https://github.com/netbox-community/netbox/archive/${NETBOX_RELEASE}.tar.gz" && \ + tar xf \ + /tmp/netbox.tar.gz -C \ + /app/netbox/ --strip-components=1 && \ + echo "**** install pip packages ****" && \ + python3 -m ensurepip && \ + rm -rf /usr/lib/python*/ensurepip && \ + cd /app/netbox && \ + pip3 install --no-cache-dir -U pip wheel && \ + pip3 install --no-cache-dir --ignore-installed --find-links https://wheel-index.linuxserver.io/alpine/ -r requirements.txt && \ + echo "**** cleanup ****" && \ + apk del --purge \ + build-dependencies && \ + rm -rf \ + /tmp/* \ + ${HOME}/.cargo \ + ${HOME}/.cache + +# copy local files +COPY root/ / + +# ports and volumes +EXPOSE 8000 + +VOLUME /config diff --git a/README.md b/README.md new file mode 100644 index 0000000..c88a571 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# netbox diff --git a/root/defaults/configuration.py b/root/defaults/configuration.py new file mode 100644 index 0000000..e20892f --- /dev/null +++ b/root/defaults/configuration.py @@ -0,0 +1,282 @@ +######################### +# # +# Required settings # +# # +######################### + +# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write +# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. +# +# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] +ALLOWED_HOSTS = ['{{ALLOWED_HOST}}'] + +# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters: +# https://docs.djangoproject.com/en/stable/ref/settings/#databases +DATABASE = { + 'NAME': '{{DB_NAME}}', # Database name + 'USER': '{{DB_USER}}', # PostgreSQL username + 'PASSWORD': '{{DB_PASSWORD}}', # PostgreSQL password + 'HOST': '{{DB_HOST}}', # Database server + 'PORT': '{{DB_PORT}}', # Database port (leave blank for default) + 'CONN_MAX_AGE': 300, # Max database connection age +} + +# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate +# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended +# to use two separate database IDs. +REDIS = { + 'tasks': { + 'HOST': '{{REDIS_HOST}}', + 'PORT': {{REDIS_PORT}}, + # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel + # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], + # 'SENTINEL_SERVICE': 'netbox', + 'PASSWORD': '{{REDIS_PASSWORD}}', + 'DATABASE': {{REDIS_DB_TASK}}, + 'SSL': False, + # Set this to True to skip TLS certificate verification + # This can expose the connection to attacks, be careful + # 'INSECURE_SKIP_TLS_VERIFY': False, + }, + 'caching': { + 'HOST': '{{REDIS_HOST}}', + 'PORT': {{REDIS_PORT}}, + # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel + # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], + # 'SENTINEL_SERVICE': 'netbox', + 'PASSWORD': '{{REDIS_PASSWORD}}', + 'DATABASE': {{REDIS_DB_CACHE}}, + 'SSL': False, + # Set this to True to skip TLS certificate verification + # This can expose the connection to attacks, be careful + # 'INSECURE_SKIP_TLS_VERIFY': False, + } +} + +# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file. +# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and +# symbols. NetBox will not run without this defined. For more information, see +# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY +SECRET_KEY = '{{SECRET_KEY}}' + + +######################### +# # +# Optional settings # +# # +######################### + +# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of +# application errors (assuming correct email settings are provided). +ADMINS = [ + # ('John Doe', 'jdoe@example.com'), +] + +# URL schemes that are allowed within links in NetBox +ALLOWED_URL_SCHEMES = ( + 'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp', +) + +# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same +# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP. +BANNER_TOP = '' +BANNER_BOTTOM = '' + +# Text to include on the login page above the login form. HTML is allowed. +BANNER_LOGIN = '' + +# Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set: +# BASE_PATH = 'netbox/' +BASE_PATH = '{{BASE_PATH}}' + +# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90) +CHANGELOG_RETENTION = 90 + +# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be +# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or +# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers +CORS_ORIGIN_ALLOW_ALL = False +CORS_ORIGIN_WHITELIST = [ + # 'https://hostname.example.com', +] +CORS_ORIGIN_REGEX_WHITELIST = [ + # r'^(https?://)?(\w+\.)?example\.com$', +] + +# Specify any custom validators here, as a mapping of model to a list of validators classes. Validators should be +# instances of or inherit from CustomValidator. +# from extras.validators import CustomValidator +CUSTOM_VALIDATORS = { + # 'dcim.site': [ + # CustomValidator({ + # 'name': { + # 'min_length': 10, + # 'regex': r'\d{3}$', + # } + # }) + # ], +} + +# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal +# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging +# on a production system. +DEBUG = False + +# Email settings +EMAIL = { + 'SERVER': 'localhost', + 'PORT': 25, + 'USERNAME': '', + 'PASSWORD': '', + 'USE_SSL': False, + 'USE_TLS': False, + 'TIMEOUT': 10, # seconds + 'FROM_EMAIL': '', +} + +# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table +# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True. +ENFORCE_GLOBAL_UNIQUE = False + +# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and +# by anonymous users. List models in the form `.`. Add '*' to this list to exempt all models. +EXEMPT_VIEW_PERMISSIONS = [ + # 'dcim.site', + # 'dcim.region', + # 'ipam.prefix', +] + +# Enable the GraphQL API +GRAPHQL_ENABLED = True + +# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). +# HTTP_PROXIES = { +# 'http': 'http://10.10.1.10:3128', +# 'https': 'http://10.10.1.10:1080', +# } + +# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing +# NetBox from an internal IP. +INTERNAL_IPS = ('127.0.0.1', '::1') + +# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs: +# https://docs.djangoproject.com/en/stable/topics/logging/ +LOGGING = {} + +# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain +# authenticated to NetBox indefinitely. +LOGIN_PERSISTENCE = False + +# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users +# are permitted to access most data in NetBox but not make any changes. +LOGIN_REQUIRED = False + +# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to +# re-authenticate. (Default: 1209600 [14 days]) +LOGIN_TIMEOUT = None + +# Setting this to True will display a "maintenance mode" banner at the top of every page. +MAINTENANCE_MODE = False + +# The URL to use when mapping physical addresses or GPS coordinates +MAPS_URL = 'https://maps.google.com/?q=' + +# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g. +# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request +# all objects by specifying "?limit=0". +MAX_PAGE_SIZE = 1000 + +# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that +# the default value of this setting is derived from the installed location. +# MEDIA_ROOT = '/opt/netbox/netbox/media' + +# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the +# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example: +# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage' +# STORAGE_CONFIG = { +# 'AWS_ACCESS_KEY_ID': 'Key ID', +# 'AWS_SECRET_ACCESS_KEY': 'Secret', +# 'AWS_STORAGE_BUCKET_NAME': 'netbox', +# 'AWS_S3_REGION_NAME': 'eu-west-1', +# } + +# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics' +METRICS_ENABLED = False + +# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM. +NAPALM_USERNAME = '' +NAPALM_PASSWORD = '' + +# NAPALM timeout (in seconds). (Default: 30) +NAPALM_TIMEOUT = 30 + +# NAPALM optional arguments (see https://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must +# be provided as a dictionary. +NAPALM_ARGS = {} + +# Determine how many objects to display per page within a list. (Default: 50) +PAGINATE_COUNT = 50 + +# Enable installed plugins. Add the name of each plugin to the list. +PLUGINS = [] + +# Plugins configuration settings. These settings are used by various plugins that the user may have installed. +# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings. +# PLUGINS_CONFIG = { +# 'my_plugin': { +# 'foo': 'bar', +# 'buzz': 'bazz' +# } +# } + +# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to +# prefer IPv4 instead. +PREFER_IPV4 = False + +# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1. +RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22 +RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220 + +# Remote authentication support +REMOTE_AUTH_ENABLED = {{REMOTE_AUTH_ENABLED}} +REMOTE_AUTH_BACKEND = '{{REMOTE_AUTH_BACKEND}}' +REMOTE_AUTH_HEADER = '{{REMOTE_AUTH_HEADER}}' +REMOTE_AUTH_AUTO_CREATE_USER = {{REMOTE_AUTH_AUTO_CREATE_USER}} +REMOTE_AUTH_DEFAULT_GROUPS = {{REMOTE_AUTH_DEFAULT_GROUPS}} +REMOTE_AUTH_DEFAULT_PERMISSIONS = {{REMOTE_AUTH_DEFAULT_PERMISSIONS}} + +# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the +# version check or use the URL below to check for release in the official NetBox repository. +RELEASE_CHECK_URL = None +# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases' + +# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of +# this setting is derived from the installed location. +# REPORTS_ROOT = '/opt/netbox/netbox/reports' + +# Maximum execution time for background tasks, in seconds. +RQ_DEFAULT_TIMEOUT = 300 + +# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of +# this setting is derived from the installed location. +SCRIPTS_ROOT = '/config/scripts' + +# The name to use for the session cookie. +SESSION_COOKIE_NAME = 'sessionid' + +# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use +# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only +# database access.) Note that the user as which NetBox runs must have read and write permissions to this path. +SESSION_FILE_PATH = None + +# Time zone (default: UTC) +TIME_ZONE = 'UTC' + +# Date/time formatting. See the following link for supported formats: +# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date +DATE_FORMAT = 'N j, Y' +SHORT_DATE_FORMAT = 'Y-m-d' +TIME_FORMAT = 'g:i a' +SHORT_TIME_FORMAT = 'H:i:s' +DATETIME_FORMAT = 'N j, Y g:i a' +SHORT_DATETIME_FORMAT = 'Y-m-d H:i' diff --git a/root/defaults/uwsgi.ini b/root/defaults/uwsgi.ini new file mode 100644 index 0000000..c3ec96b --- /dev/null +++ b/root/defaults/uwsgi.ini @@ -0,0 +1,11 @@ +[uwsgi] +http-socket = :8000 +enable-threads +plugin = python3 +module = netbox.wsgi:application +static-map = /static=static +static-gzip-dir = static/CACHE +hook-pre-app = exec:/usr/bin/python3 ./manage.py collectstatic --noinput +hook-pre-app = exec:/usr/bin/python3 ./manage.py remove_stale_contenttypes --no-input +hook-pre-app = exec:/usr/bin/python3 ./manage.py clearsessions +attach-daemon = /usr/bin/python3 ./manage.py rqworker diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config new file mode 100644 index 0000000..b6eb97e --- /dev/null +++ b/root/etc/cont-init.d/50-config @@ -0,0 +1,71 @@ +#!/usr/bin/with-contenv bash + +mkdir -p /config/scripts + +declare -A NETBOX_CONF +NETBOX_CONF[ALLOWED_HOST]=${ALLOWED_HOST:-netbox.example.com} +NETBOX_CONF[BASE_PATH]=${BASE_PATH:-} +NETBOX_CONF[DB_NAME]=${DB_NAME:-netbox} +NETBOX_CONF[DB_USER]=${DB_USER:-root} +NETBOX_CONF[DB_PASSWORD]=${DB_PASSWORD:-} +NETBOX_CONF[DB_HOST]=${DB_HOST:-postgres} +NETBOX_CONF[DB_PORT]=${DB_PORT:-} +NETBOX_CONF[REDIS_HOST]=${REDIS_HOST:-redis} +NETBOX_CONF[REDIS_PORT]=${REDIS_PORT:-6379} +NETBOX_CONF[REDIS_PASSWORD]=${REDIS_PASSWORD:-} +NETBOX_CONF[REDIS_DB_TASK]=${REDIS_DB_TASK:-0} +NETBOX_CONF[REDIS_DB_CACHE]=${REDIS_DB_CACHE:-1} +NETBOX_CONF[REMOTE_AUTH_ENABLED]=${REMOTE_AUTH_ENABLED:-False} +NETBOX_CONF[REMOTE_AUTH_BACKEND]=${REMOTE_AUTH_BACKEND:-netbox.authentication.RemoteUserBackend} +NETBOX_CONF[REMOTE_AUTH_HEADER]=${REMOTE_AUTH_HEADER:-HTTP_REMOTE_USER} +NETBOX_CONF[REMOTE_AUTH_AUTO_CREATE_USER]=${REMOTE_AUTH_AUTO_CREATE_USER:-False} +NETBOX_CONF[REMOTE_AUTH_DEFAULT_GROUPS]=${REMOTE_AUTH_DEFAULT_GROUPS:-[]} +NETBOX_CONF[REMOTE_AUTH_DEFAULT_PERMISSIONS]=${REMOTE_AUTH_DEFAULT_PERMISSIONS:-{}} + +cd /app/netbox/netbox/netbox +NETBOX_CONF[SECRET_KEY]=${SECRET_KEY:-$(python3 ../generate_secret_key.py)} + +if [ ! -f "/config/configuration.py" ]; then + cp /defaults/configuration.py /config/configuration.py + + # sed in values or skip if value not set + for KEY in "${!NETBOX_CONF[@]}"; do \ + sed -i 's|{{'$KEY'}}|'${NETBOX_CONF[$KEY]}'|g' /config/configuration.py + done +fi + +[[ ! -e "/config/media" ]] && \ + mv /app/netbox/netbox/media /config/media + +rm -rf /app/netbox/netbox/media +ln -sf /config/media /app/netbox/netbox/media + +ln -sf /config/configuration.py /app/netbox/netbox/netbox/configuration.py + +mv /defaults/uwsgi.ini /app/netbox/netbox/uwsgi.ini > /dev/null 2>&1 + +# permissions +chown -R abc:abc \ + /app/netbox \ + /config + +cd /app/netbox || exit + +s6-setuidgid abc /usr/bin/python3 netbox/manage.py migrate + +if [ -n "$SUPERUSER_EMAIL" ] && [ -n "$SUPERUSER_PASSWORD" ]; +then +cat << EOF | s6-setuidgid abc python3 /app/netbox/netbox/manage.py shell +from django.contrib.auth.models import User; + +username = 'admin'; +password = '$SUPERUSER_PASSWORD'; +email = '$SUPERUSER_EMAIL'; + +if User.objects.filter(username=username).count()==0: + User.objects.create_superuser(username, email, password); + print('Superuser created.'); +else: + print('Superuser creation skipped. Already exists.'); +EOF +fi diff --git a/root/etc/services.d/netbox/run b/root/etc/services.d/netbox/run new file mode 100644 index 0000000..763ef74 --- /dev/null +++ b/root/etc/services.d/netbox/run @@ -0,0 +1,6 @@ +#!/usr/bin/with-contenv bash + +cd /app/netbox/netbox || exit + +exec \ + s6-setuidgid abc /usr/sbin/uwsgi uwsgi.ini