149 lines
4.7 KiB
YAML
149 lines
4.7 KiB
YAML
---
|
|
services:
|
|
netbox: &netbox
|
|
image: netboxcommunity/netbox:${NETBOX_VERSION}-${NETBOX_DOCKER_VERSION}
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- netbox-worker
|
|
- postgres
|
|
- redis
|
|
- redis-cache
|
|
environment:
|
|
- CORS_ORIGIN_ALLOW_ALL=True
|
|
- DB_HOST=postgres
|
|
- DB_NAME=${PSQL_NAME}
|
|
- DB_USER=${PSQL_USER}
|
|
- DB_PASSWORD=${PSQL_PASS}
|
|
- EMAIL_SERVER=${NETBOX_EMAIL_SERVER}
|
|
- EMAIL_PORT=${NETBOX_EMAIL_PORT}
|
|
- EMAIL_SSL_CERTFILE=${NETBOX_EMAIL_SSLCER}
|
|
- EMAIL_SSL_KEYFILE=${NETBOX_EMAIL_SSLKEY}
|
|
- EMAIL_TIMEOUT=${NETBOX_EMAIL_TIMEOUT}
|
|
- EMAIL_USE_SSL=${NETBOX_EMAIL_SSL}
|
|
- EMAIL_USE_TLS=${NETBOX_EMAIL_TLS}
|
|
- EMAIL_FROM=${NETBOX_EMAIL_FROM}
|
|
- EMAIL_USERNAME=${NETBOX_EMAIL_USER}
|
|
- EMAIL_PASSWORD=${NETBOX_EMAIL_PASS}
|
|
- GRAPHQL_ENABLED=${NETBOX_GRAPHQL}
|
|
- HOUSEKEEPING_INTERVAL=86400
|
|
- MAX_PAGE_SIZE=1000
|
|
- MEDIA_ROOT=/opt/netbox/netbox/media
|
|
- METRICS_ENABLED=${NETBOX_METRICS}
|
|
- NAPALM_USERNAME=${NETBOX_NAPALM_USER}
|
|
- NAPALM_PASSWORD=${NETBOX_NAPALM_PASS}
|
|
- NAPALM_TIMEOUT=10
|
|
- REDIS_HOST=redis
|
|
- REDIS_DATABASE=0
|
|
- REDIS_PASSWORD=${REDIS_PASS}
|
|
- REDIS_SSL=false
|
|
- REDIS_INSECURE_SKIP_TLS_VERIFY=false
|
|
- REDIS_CACHE_HOST=redis-cache
|
|
- REDIS_CACHE_DATABASE=1
|
|
- REDIS_CACHE_PASSWORD=${REDIS_CACHE_PASS}
|
|
- REDIS_CACHE_SSL=false
|
|
- REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
|
|
- RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
|
|
- SECRET_KEY=${NETBOX_SECRET_KEY}
|
|
- SKIP_STARTUP_SCRIPTS=${NETBOX_SKIP_SCRIPTS}
|
|
- SKIP_SUPERUSER=${NETBOX_SKIP_SUPERUSER}
|
|
- SUPERUSER_API_TOKEN=${NETBOX_SUPERUSER_TOKEN}
|
|
- SUPERUSER_EMAIL=${NETBOX_SUPERUSER_EMAIL}
|
|
- SUPERUSER_NAME=${NETBOX_SUPERUSER_NAME}
|
|
- SUPERUSER_PASSWORD=${NETBOX_SUPERUSER_PASS}
|
|
- WEBHOOKS_ENABLED=${NETBOX_WEBHOOKS}
|
|
labels:
|
|
- traefik.enable=${TRAEFIK_ENABLED}
|
|
- traefik.docker.network=${TRAEFIK_NETWORK}
|
|
### Section HTTP
|
|
- traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
|
|
# redirect to HTTPS only
|
|
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
|
|
- traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
|
|
### Section HTTPS
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
|
|
# configure the exposed service
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=hsts
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
|
|
# of course, enable TLS and it's certificate provider
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=${TRAEFIK_TLSENABLED}
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=${TRAEFIK_CERTRESOLVER}
|
|
# specify a service so a custom port can be used
|
|
- traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=${TRAEFIK_SERVICE_PORT}
|
|
user: unit:root
|
|
volumes:
|
|
- ${NETBOX_DATA}/configuration:/etc/netbox/config:z,ro
|
|
- ${NETBOX_DATA}/initializers:/opt/netbox/initializers:z,ro
|
|
- ${NETBOX_DATA}/media:/opt/netbox/netbox/media:z
|
|
- ${NETBOX_DATA}/reports:/etc/netbox/reports:z,ro
|
|
- ${NETBOX_DATA}/scripts:/etc/netbox/scripts:z,ro
|
|
- ${NETBOX_DATA}/startup_scripts:/opt/netbox/startup_scripts:z,ro
|
|
|
|
netbox-worker:
|
|
<<: *netbox
|
|
command:
|
|
- /opt/netbox/venv/bin/python
|
|
- /opt/netbox/netbox/manage.py
|
|
- rqworker
|
|
depends_on:
|
|
- postgres
|
|
- redis
|
|
labels:
|
|
- traefik.enable=false
|
|
networks:
|
|
- internal
|
|
|
|
netbox-housekeeping:
|
|
<<: *netbox
|
|
command:
|
|
- /opt/netbox/housekeeping.sh
|
|
depends_on:
|
|
- postgres
|
|
- redis
|
|
labels:
|
|
- traefik.enable=false
|
|
networks:
|
|
- internal
|
|
|
|
postgres:
|
|
image: postgres:${PSQL_VERSION}
|
|
restart: unless-stopped
|
|
environment:
|
|
- POSTGRES_DB=${PSQL_NAME}
|
|
- POSTGRES_USER=${PSQL_USER}
|
|
- POSTGRES_PASSWORD=${PSQL_PASS}
|
|
networks:
|
|
- internal
|
|
volumes:
|
|
- ${PSQL_DATA}:/var/lib/postgresql/data
|
|
|
|
redis:
|
|
image: redis:${REDIS_VERSION}
|
|
restart: unless-stopped
|
|
command:
|
|
- sh
|
|
- -c
|
|
- redis-server --appendonly yes --requirepass $$REDIS_PASSWORD
|
|
environment:
|
|
- REDIS_PASSWORD=${REDIS_PASS}
|
|
networks:
|
|
- internal
|
|
volumes:
|
|
- ${REDIS_DATA}:/data
|
|
|
|
redis-cache:
|
|
image: redis:${REDIS_VERSION}
|
|
command:
|
|
- sh
|
|
- -c
|
|
- redis-server --requirepass $$REDIS_PASSWORD
|
|
environment:
|
|
- REDIS_PASSWORD=${REDIS_CACHE_PASS}
|
|
networks:
|
|
- internal
|
|
|
|
networks:
|
|
internal:
|
|
traefik:
|
|
external: true
|
|
name: ${TRAEFIK_NETWORK}
|