From 435910e5609d46a9ef14486321398781a500dfde Mon Sep 17 00:00:00 2001 From: Matthew Baggett Date: Wed, 3 Jul 2024 21:06:04 +0200 Subject: [PATCH] Provisional netbox code --- netbox.tf | 301 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 301 insertions(+) create mode 100644 netbox.tf diff --git a/netbox.tf b/netbox.tf new file mode 100644 index 0000000..2f048f9 --- /dev/null +++ b/netbox.tf @@ -0,0 +1,301 @@ +# Docker images in use +data "docker_registry_image" "netbox" { + name = "docker.io/netboxcommunity/netbox:v4.0-2.9.1" +} +data "docker_registry_image" "netbox_postgres" { + name = "docker.io/postgres:16-alpine" +} +data "docker_registry_image" "netbox_redis" { + name = "docker.io/redis:7-alpine" +} + +# Docker Network +resource "docker_network" "netbox" { + name = "netbox" +} + +# Docker Volumes +resource "docker_volume" "netbox_config" { + name = "netbox_config" +} +resource "docker_volume" "netbox_media" { + name = "netbox_media" +} +resource "docker_volume" "netbox_reports" { + name = "netbox_reports" +} +resource "docker_volume" "netbox_scripts" { + name = "netbox_scripts" +} +resource "docker_volume" "netbox_database" { + name = "netbox_database" +} +resource "docker_volume" "netbox_redis" { + name = "netbox_redis" +} +resource "docker_volume" "netbox_cache" { + name = "netbox_cache" +} + +# Configs +resource "random_password" "postgres_password" { + length = 32 + special = false +} +resource "random_password" "redis_password" { + length = 32 + special = false +} +locals { + CORS_ORIGIN_ALLOW_ALL = true + + DB_HOST=docker_service.netbox_postgres.name + DB_NAME="netbox" + DB_PASSWORD = nonsensitive(random_password.postgres_password.result) + DB_USER="netbox" + + EMAIL_FROM="netbox@bar.com" + EMAIL_PASSWORD="" + EMAIL_PORT=25 + EMAIL_SERVER="localhost" + EMAIL_SSL_CERTFILE="" + EMAIL_SSL_KEYFILE="" + EMAIL_TIMEOUT=5 + EMAIL_USERNAME="netbox" + # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`! + EMAIL_USE_SSL=false + EMAIL_USE_TLS=false + + GRAPHQL_ENABLED=true + HOUSEKEEPING_INTERVAL=86400 + MEDIA_ROOT="/opt/netbox/netbox/media" + METRICS_ENABLED=false + + REDIS_CACHE_DATABASE=1 + REDIS_CACHE_HOST=docker_service.netbox_redis_cache.name + REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false + REDIS_CACHE_PASSWORD=nonsensitive(random_password.redis_password.result) + REDIS_CACHE_SSL=false + + REDIS_DATABASE=0 + REDIS_HOST=docker_service.netbox_redis.name + REDIS_INSECURE_SKIP_TLS_VERIFY=false + REDIS_PASSWORD=nonsensitive(random_password.redis_password.result) + REDIS_SSL=false + + RELEASE_CHECK_URL="https://api.github.com/repos/netbox-community/netbox/releases" + SECRET_KEY="r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X" + SKIP_SUPERUSER=true + WEBHOOKS_ENABLED=true +} + +# Services +resource "docker_service" "netbox" { + name = "netbox-app" + task_spec { + container_spec { + image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" + user = "unit:root" + healthcheck { + test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"] + interval = "15s" + timeout = "3s" + start_period = "60s" + } + mounts { + target = "/etc/netbox/config" + type = "volume" + source = docker_volume.netbox_config.name + } + mounts { + target = "/opt/netbox/netbox/media" + type = "volume" + source = docker_volume.netbox_media.name + } + mounts { + target = "/opt/netbox/netbox/reports" + type = "volume" + source = docker_volume.netbox_reports.name + } + mounts { + target = "/opt/netbox/netbox/scripts" + type = "volume" + source = docker_volume.netbox_scripts.name + } + } + networks_advanced { + name = docker_network.loadbalancer.id + } + networks_advanced { + name = docker_network.netbox.id + } + restart_policy { + condition = "any" + delay = "0s" + window = "0s" + } + } +} +resource "docker_service" "netbox_worker" { + name = "netbox-worker" + task_spec { + container_spec { + image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" + user = "unit:root" + command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker",] + healthcheck { + test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"] + interval = "15s" + timeout = "3s" + start_period = "20s" + } + mounts { + target = "/etc/netbox/config" + type = "volume" + source = docker_volume.netbox_config.name + } + mounts { + target = "/opt/netbox/netbox/media" + type = "volume" + source = docker_volume.netbox_media.name + } + mounts { + target = "/opt/netbox/netbox/reports" + type = "volume" + source = docker_volume.netbox_reports.name + } + mounts { + target = "/opt/netbox/netbox/scripts" + type = "volume" + source = docker_volume.netbox_scripts.name + } + } + networks_advanced { + name = docker_network.netbox.id + } + restart_policy { + condition = "any" + delay = "0s" + window = "0s" + } + } +} +resource "docker_service" "netbox_housekeeping" { + name = "netbox-housekeeping" + task_spec { + container_spec { + image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" + user = "unit:root" + command = ["/opt/netbox/housekeeping.sh",] + healthcheck { + test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"] + interval = "15s" + timeout = "3s" + start_period = "20s" + } + mounts { + target = "/etc/netbox/config" + type = "volume" + source = docker_volume.netbox_config.name + } + mounts { + target = "/opt/netbox/netbox/media" + type = "volume" + source = docker_volume.netbox_media.name + } + mounts { + target = "/opt/netbox/netbox/reports" + type = "volume" + source = docker_volume.netbox_reports.name + } + mounts { + target = "/opt/netbox/netbox/scripts" + type = "volume" + source = docker_volume.netbox_scripts.name + } + } + networks_advanced { + name = docker_network.netbox.id + } + restart_policy { + condition = "any" + delay = "0s" + window = "0s" + } + } +} + +# Netbox Postgres Database +resource "docker_service" "netbox_postgres" { + name = "netbox-postgres" + task_spec { + container_spec { + image = "${data.docker_registry_image.netbox_postgres.name}@${data.docker_registry_image.netbox_postgres.sha256_digest}" + mounts { + target = "/var/lib/postgresql/data" + type = "volume" + source = docker_volume.netbox_database.name + } + env = { + POSTGRES_DB = "netbox" + POSTGRES_USER = "netbox" + POSTGRES_PASSWORD = random_password.postgres_password.result + + } + } + networks_advanced { + name = docker_network.netbox.id + } + restart_policy { + condition = "any" + delay = "0s" + window = "0s" + } + } +} + +# Netbox Redis +resource "docker_service" "netbox_redis" { + name = "netbox-redis" + task_spec { + container_spec { + image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}" + command = ["sh", "-c", "redis-server","--appendonly","yes", "--requirepass", random_password.redis_password.result, ] + mounts { + target = "/data" + type = "volume" + source = docker_volume.netbox_database.name + } + } + networks_advanced { + name = docker_network.netbox.id + } + restart_policy { + condition = "any" + delay = "0s" + window = "0s" + } + } +} +resource "docker_service" "netbox_redis_cache" { + name = "netbox-redis-cache" + task_spec { + container_spec { + image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}" + command = ["sh", "-c", "redis-server", "--requirepass", random_password.redis_password.result, ] + mounts { + target = "/data" + type = "volume" + source = docker_volume.netbox_database.name + } + } + networks_advanced { + name = docker_network.netbox.id + } + restart_policy { + condition = "any" + delay = "0s" + window = "0s" + } + } +} \ No newline at end of file