Initialize and add Netbox Docker image

.dockerignore

@@ -0,0 +1,8 @@
+.git
+.gitignore
+.github
+.gitattributes
+.idea
+.drone.yml
+READMETEMPLATE.md
+README.md

.editorconfig

@@ -0,0 +1,20 @@
+# This file is globally distributed to all container image projects from
+# https://github.com/linuxserver/docker-jenkins-builder/blob/master/.editorconfig
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+# trim_trailing_whitespace may cause unintended issues and should not be globally set true
+trim_trailing_whitespace = false
+
+[{Dockerfile*,**.yml}]
+indent_style = space
+indent_size = 2
+
+[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
+indent_style = space
+indent_size = 4

.gitattributes

@@ -0,0 +1,17 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs     diff=csharp
+
+# Standard to msysgit
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain

.gitignore

@@ -0,0 +1,195 @@
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# =========================
+# Operating System Files
+# =========================
+
+# OSX
+# =========================
+
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+.history/
+.jenkins-external
+
+# ---> Go
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# ---> JetBrains
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+# ---> Eclipse
+
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.settings/
+.loadpath
+.recommenders
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# PyDev specific (Python IDE for Eclipse)
+*.pydevproject
+
+# CDT-specific (C/C++ Development Tooling)
+.cproject
+
+# CDT- autotools
+.autotools
+
+# Java annotation processor (APT)
+.factorypath
+
+# PDT-specific (PHP Development Tools)
+.buildpath
+
+# sbteclipse plugin
+.target
+
+# Tern plugin
+.tern-project
+
+# TeXlipse plugin
+.texlipse
+
+# STS (Spring Tool Suite)
+.springBeans
+
+# Code Recommenders
+.recommenders/
+
+# Annotation Processing
+.apt_generated/
+
+# Scala IDE specific (Scala & Java development for Eclipse)
+.cache-main
+.scala_dependencies
+.worksheet
+
+# ---> VisualStudioCode
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+.idea

Dockerfile

@@ -0,0 +1,71 @@
+FROM harbor.dragse.it/base/alpine:3.15
+
+LABEL maintainer="Lennard Brinkhaus <lennard.brinkhaus@dragse.de>"
+
+RUN echo $'http://nexus.dragse.it/repository/apk-main/\nhttp://nexus.dragse.it/repository/apk-community/' > /etc/apk/repositories
+
+RUN   apk --no-cache upgrade \
+  &&   apk --no-cache add ca-certificates wget openssl \
+  &&   update-ca-certificates
+
+# set version label
+ARG NETBOX_RELEASE="v3.1.5"
+
+RUN echo "**** install runtime packages ****" && \
+      apk add --no-cache --upgrade \
+        postgresql-client \
+        py3-pillow \
+        py3-setuptools \
+        python3 \
+        uwsgi \
+        uwsgi-python
+
+RUN \
+  echo "**** install build packages ****" && \
+  apk add --no-cache --upgrade --virtual=build-dependencies \
+    curl \
+    cargo \
+    gcc \
+    git \
+    jpeg-dev \
+    libffi-dev \
+    libxslt-dev \
+    libxml2-dev \
+    musl-dev \
+    openssl-dev \
+    postgresql-dev \
+    python3-dev \
+    zlib-dev && \
+  echo "**** install netbox ****" && \
+  mkdir -p /app/netbox && \
+  if [ -z ${NETBOX_RELEASE+x} ]; then \
+    NETBOX_RELEASE=$(curl -sX GET "https://api.github.com/repos/netbox-community/netbox/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]'); \
+  fi && \
+  curl -o \
+  /tmp/netbox.tar.gz -L \
+    "https://github.com/netbox-community/netbox/archive/${NETBOX_RELEASE}.tar.gz" && \
+  tar xf \
+  /tmp/netbox.tar.gz -C \
+    /app/netbox/ --strip-components=1 && \
+    echo "**** install pip packages ****" && \
+  python3 -m ensurepip && \
+  rm -rf /usr/lib/python*/ensurepip && \
+  cd /app/netbox && \
+  pip3 install --no-cache-dir -U pip wheel && \
+  pip3 install --no-cache-dir --ignore-installed --find-links https://wheel-index.linuxserver.io/alpine/ -r requirements.txt && \
+  echo "**** cleanup ****" && \
+  apk del --purge \
+    build-dependencies && \
+  rm -rf \
+    /tmp/* \
+    ${HOME}/.cargo \
+    ${HOME}/.cache
+
+# copy local files
+COPY root/ /
+
+# ports and volumes
+EXPOSE 8000
+
+VOLUME /config

README.md

@@ -0,0 +1 @@
+# netbox

root/defaults/configuration.py

@@ -0,0 +1,282 @@
+#########################
+#                       #
+#   Required settings   #
+#                       #
+#########################
+
+# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
+# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
+#
+# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
+ALLOWED_HOSTS = ['{{ALLOWED_HOST}}']
+
+# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
+#   https://docs.djangoproject.com/en/stable/ref/settings/#databases
+DATABASE = {
+    'NAME': '{{DB_NAME}}',         # Database name
+    'USER': '{{DB_USER}}',               # PostgreSQL username
+    'PASSWORD': '{{DB_PASSWORD}}',           # PostgreSQL password
+    'HOST': '{{DB_HOST}}',      # Database server
+    'PORT': '{{DB_PORT}}',               # Database port (leave blank for default)
+    'CONN_MAX_AGE': 300,      # Max database connection age
+}
+
+# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
+# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
+# to use two separate database IDs.
+REDIS = {
+    'tasks': {
+        'HOST': '{{REDIS_HOST}}',
+        'PORT': {{REDIS_PORT}},
+        # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
+        # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
+        # 'SENTINEL_SERVICE': 'netbox',
+        'PASSWORD': '{{REDIS_PASSWORD}}',
+        'DATABASE': {{REDIS_DB_TASK}},
+        'SSL': False,
+        # Set this to True to skip TLS certificate verification
+        # This can expose the connection to attacks, be careful
+        # 'INSECURE_SKIP_TLS_VERIFY': False,
+    },
+    'caching': {
+        'HOST': '{{REDIS_HOST}}',
+        'PORT': {{REDIS_PORT}},
+        # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
+        # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
+        # 'SENTINEL_SERVICE': 'netbox',
+        'PASSWORD': '{{REDIS_PASSWORD}}',
+        'DATABASE': {{REDIS_DB_CACHE}},
+        'SSL': False,
+        # Set this to True to skip TLS certificate verification
+        # This can expose the connection to attacks, be careful
+        # 'INSECURE_SKIP_TLS_VERIFY': False,
+    }
+}
+
+# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
+# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
+# symbols. NetBox will not run without this defined. For more information, see
+# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
+SECRET_KEY = '{{SECRET_KEY}}'
+
+
+#########################
+#                       #
+#   Optional settings   #
+#                       #
+#########################
+
+# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
+# application errors (assuming correct email settings are provided).
+ADMINS = [
+    # ('John Doe', 'jdoe@example.com'),
+]
+
+# URL schemes that are allowed within links in NetBox
+ALLOWED_URL_SCHEMES = (
+    'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
+)
+
+# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
+# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
+BANNER_TOP = ''
+BANNER_BOTTOM = ''
+
+# Text to include on the login page above the login form. HTML is allowed.
+BANNER_LOGIN = ''
+
+# Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set:
+# BASE_PATH = 'netbox/'
+BASE_PATH = '{{BASE_PATH}}'
+
+# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
+CHANGELOG_RETENTION = 90
+
+# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
+# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
+# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
+CORS_ORIGIN_ALLOW_ALL = False
+CORS_ORIGIN_WHITELIST = [
+    # 'https://hostname.example.com',
+]
+CORS_ORIGIN_REGEX_WHITELIST = [
+    # r'^(https?://)?(\w+\.)?example\.com$',
+]
+
+# Specify any custom validators here, as a mapping of model to a list of validators classes. Validators should be
+# instances of or inherit from CustomValidator.
+# from extras.validators import CustomValidator
+CUSTOM_VALIDATORS = {
+    # 'dcim.site': [
+    #     CustomValidator({
+    #         'name': {
+    #             'min_length': 10,
+    #             'regex': r'\d{3}$',
+    #         }
+    #     })
+    # ],
+}
+
+# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
+# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
+# on a production system.
+DEBUG = False
+
+# Email settings
+EMAIL = {
+    'SERVER': 'localhost',
+    'PORT': 25,
+    'USERNAME': '',
+    'PASSWORD': '',
+    'USE_SSL': False,
+    'USE_TLS': False,
+    'TIMEOUT': 10,  # seconds
+    'FROM_EMAIL': '',
+}
+
+# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
+# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
+ENFORCE_GLOBAL_UNIQUE = False
+
+# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
+# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
+EXEMPT_VIEW_PERMISSIONS = [
+    # 'dcim.site',
+    # 'dcim.region',
+    # 'ipam.prefix',
+]
+
+# Enable the GraphQL API
+GRAPHQL_ENABLED = True
+
+# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
+# HTTP_PROXIES = {
+#     'http': 'http://10.10.1.10:3128',
+#     'https': 'http://10.10.1.10:1080',
+# }
+
+# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
+# NetBox from an internal IP.
+INTERNAL_IPS = ('127.0.0.1', '::1')
+
+# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
+#   https://docs.djangoproject.com/en/stable/topics/logging/
+LOGGING = {}
+
+# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
+# authenticated to NetBox indefinitely.
+LOGIN_PERSISTENCE = False
+
+# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
+# are permitted to access most data in NetBox but not make any changes.
+LOGIN_REQUIRED = False
+
+# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
+# re-authenticate. (Default: 1209600 [14 days])
+LOGIN_TIMEOUT = None
+
+# Setting this to True will display a "maintenance mode" banner at the top of every page.
+MAINTENANCE_MODE = False
+
+# The URL to use when mapping physical addresses or GPS coordinates
+MAPS_URL = 'https://maps.google.com/?q='
+
+# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
+# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
+# all objects by specifying "?limit=0".
+MAX_PAGE_SIZE = 1000
+
+# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
+# the default value of this setting is derived from the installed location.
+# MEDIA_ROOT = '/opt/netbox/netbox/media'
+
+# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
+# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
+# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
+# STORAGE_CONFIG = {
+#     'AWS_ACCESS_KEY_ID': 'Key ID',
+#     'AWS_SECRET_ACCESS_KEY': 'Secret',
+#     'AWS_STORAGE_BUCKET_NAME': 'netbox',
+#     'AWS_S3_REGION_NAME': 'eu-west-1',
+# }
+
+# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
+METRICS_ENABLED = False
+
+# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
+NAPALM_USERNAME = ''
+NAPALM_PASSWORD = ''
+
+# NAPALM timeout (in seconds). (Default: 30)
+NAPALM_TIMEOUT = 30
+
+# NAPALM optional arguments (see https://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
+# be provided as a dictionary.
+NAPALM_ARGS = {}
+
+# Determine how many objects to display per page within a list. (Default: 50)
+PAGINATE_COUNT = 50
+
+# Enable installed plugins. Add the name of each plugin to the list.
+PLUGINS = []
+
+# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
+# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
+# PLUGINS_CONFIG = {
+#     'my_plugin': {
+#         'foo': 'bar',
+#         'buzz': 'bazz'
+#     }
+# }
+
+# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
+# prefer IPv4 instead.
+PREFER_IPV4 = False
+
+# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
+RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22
+RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220
+
+# Remote authentication support
+REMOTE_AUTH_ENABLED = {{REMOTE_AUTH_ENABLED}}
+REMOTE_AUTH_BACKEND = '{{REMOTE_AUTH_BACKEND}}'
+REMOTE_AUTH_HEADER = '{{REMOTE_AUTH_HEADER}}'
+REMOTE_AUTH_AUTO_CREATE_USER = {{REMOTE_AUTH_AUTO_CREATE_USER}}
+REMOTE_AUTH_DEFAULT_GROUPS = {{REMOTE_AUTH_DEFAULT_GROUPS}}
+REMOTE_AUTH_DEFAULT_PERMISSIONS = {{REMOTE_AUTH_DEFAULT_PERMISSIONS}}
+
+# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
+# version check or use the URL below to check for release in the official NetBox repository.
+RELEASE_CHECK_URL = None
+# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
+
+# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
+# this setting is derived from the installed location.
+# REPORTS_ROOT = '/opt/netbox/netbox/reports'
+
+# Maximum execution time for background tasks, in seconds.
+RQ_DEFAULT_TIMEOUT = 300
+
+# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
+# this setting is derived from the installed location.
+SCRIPTS_ROOT = '/config/scripts'
+
+# The name to use for the session cookie.
+SESSION_COOKIE_NAME = 'sessionid'
+
+# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
+# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
+# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
+SESSION_FILE_PATH = None
+
+# Time zone (default: UTC)
+TIME_ZONE = 'UTC'
+
+# Date/time formatting. See the following link for supported formats:
+# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
+DATE_FORMAT = 'N j, Y'
+SHORT_DATE_FORMAT = 'Y-m-d'
+TIME_FORMAT = 'g:i a'
+SHORT_TIME_FORMAT = 'H:i:s'
+DATETIME_FORMAT = 'N j, Y g:i a'
+SHORT_DATETIME_FORMAT = 'Y-m-d H:i'

root/defaults/uwsgi.ini

@@ -0,0 +1,11 @@
+[uwsgi]
+http-socket = :8000
+enable-threads
+plugin = python3
+module = netbox.wsgi:application
+static-map = /static=static
+static-gzip-dir = static/CACHE
+hook-pre-app = exec:/usr/bin/python3 ./manage.py collectstatic --noinput
+hook-pre-app = exec:/usr/bin/python3 ./manage.py remove_stale_contenttypes --no-input
+hook-pre-app = exec:/usr/bin/python3 ./manage.py clearsessions
+attach-daemon = /usr/bin/python3 ./manage.py rqworker

root/etc/cont-init.d/50-config

@@ -0,0 +1,71 @@
+#!/usr/bin/with-contenv bash
+
+mkdir -p /config/scripts
+
+declare -A NETBOX_CONF
+NETBOX_CONF[ALLOWED_HOST]=${ALLOWED_HOST:-netbox.example.com}
+NETBOX_CONF[BASE_PATH]=${BASE_PATH:-}
+NETBOX_CONF[DB_NAME]=${DB_NAME:-netbox}
+NETBOX_CONF[DB_USER]=${DB_USER:-root}
+NETBOX_CONF[DB_PASSWORD]=${DB_PASSWORD:-}
+NETBOX_CONF[DB_HOST]=${DB_HOST:-postgres}
+NETBOX_CONF[DB_PORT]=${DB_PORT:-}
+NETBOX_CONF[REDIS_HOST]=${REDIS_HOST:-redis}
+NETBOX_CONF[REDIS_PORT]=${REDIS_PORT:-6379}
+NETBOX_CONF[REDIS_PASSWORD]=${REDIS_PASSWORD:-}
+NETBOX_CONF[REDIS_DB_TASK]=${REDIS_DB_TASK:-0}
+NETBOX_CONF[REDIS_DB_CACHE]=${REDIS_DB_CACHE:-1}
+NETBOX_CONF[REMOTE_AUTH_ENABLED]=${REMOTE_AUTH_ENABLED:-False}
+NETBOX_CONF[REMOTE_AUTH_BACKEND]=${REMOTE_AUTH_BACKEND:-netbox.authentication.RemoteUserBackend}
+NETBOX_CONF[REMOTE_AUTH_HEADER]=${REMOTE_AUTH_HEADER:-HTTP_REMOTE_USER}
+NETBOX_CONF[REMOTE_AUTH_AUTO_CREATE_USER]=${REMOTE_AUTH_AUTO_CREATE_USER:-False}
+NETBOX_CONF[REMOTE_AUTH_DEFAULT_GROUPS]=${REMOTE_AUTH_DEFAULT_GROUPS:-[]}
+NETBOX_CONF[REMOTE_AUTH_DEFAULT_PERMISSIONS]=${REMOTE_AUTH_DEFAULT_PERMISSIONS:-{}}
+
+cd /app/netbox/netbox/netbox
+NETBOX_CONF[SECRET_KEY]=${SECRET_KEY:-$(python3 ../generate_secret_key.py)}
+
+if [ ! -f "/config/configuration.py" ]; then
+	cp /defaults/configuration.py /config/configuration.py
+
+	# sed in values or skip if value not set
+	for KEY in "${!NETBOX_CONF[@]}"; do \
+		sed -i 's|{{'$KEY'}}|'${NETBOX_CONF[$KEY]}'|g' /config/configuration.py
+	done
+fi
+
+[[ ! -e "/config/media" ]] && \
+	mv /app/netbox/netbox/media /config/media
+
+rm -rf /app/netbox/netbox/media
+ln -sf /config/media /app/netbox/netbox/media
+
+ln -sf /config/configuration.py /app/netbox/netbox/netbox/configuration.py
+
+mv /defaults/uwsgi.ini /app/netbox/netbox/uwsgi.ini > /dev/null 2>&1
+
+# permissions
+chown -R abc:abc \
+	/app/netbox \
+	/config
+
+cd /app/netbox || exit
+
+s6-setuidgid abc /usr/bin/python3 netbox/manage.py migrate
+
+if [ -n "$SUPERUSER_EMAIL" ] && [ -n "$SUPERUSER_PASSWORD" ];
+then
+cat << EOF | s6-setuidgid abc python3 /app/netbox/netbox/manage.py shell
+from django.contrib.auth.models import User;
+
+username = 'admin';
+password = '$SUPERUSER_PASSWORD';
+email = '$SUPERUSER_EMAIL';
+
+if User.objects.filter(username=username).count()==0:
+    User.objects.create_superuser(username, email, password);
+    print('Superuser created.');
+else:
+    print('Superuser creation skipped. Already exists.');
+EOF
+fi

root/etc/services.d/netbox/run

@@ -0,0 +1,6 @@
+#!/usr/bin/with-contenv bash
+
+cd /app/netbox/netbox || exit
+
+exec \
+	s6-setuidgid abc /usr/sbin/uwsgi uwsgi.ini