grey/iac
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Provisional netbox code
Some checks failed
Trunk Check / Trunk Check Runner (push) Failing after 1s
Details

Browse source
This commit is contained in:
Greyscale 2024-07-03 21:06:04 +02:00
parent 4c077e9475
commit 435910e560
1 changed files with 301 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

301
netbox.tf Normal file
View file

@ -0,0 +1,301 @@
# Docker images in use
data "docker_registry_image" "netbox" {
name = "docker.io/netboxcommunity/netbox:v4.0-2.9.1"
}
data "docker_registry_image" "netbox_postgres" {
name = "docker.io/postgres:16-alpine"
}
data "docker_registry_image" "netbox_redis" {
name = "docker.io/redis:7-alpine"
}
# Docker Network
resource "docker_network" "netbox" {
name = "netbox"
}
# Docker Volumes
resource "docker_volume" "netbox_config" {
name = "netbox_config"
}
resource "docker_volume" "netbox_media" {
name = "netbox_media"
}
resource "docker_volume" "netbox_reports" {
name = "netbox_reports"
}
resource "docker_volume" "netbox_scripts" {
name = "netbox_scripts"
}
resource "docker_volume" "netbox_database" {
name = "netbox_database"
}
resource "docker_volume" "netbox_redis" {
name = "netbox_redis"
}
resource "docker_volume" "netbox_cache" {
name = "netbox_cache"
}
# Configs
resource "random_password" "postgres_password" {
length = 32
special = false
}
resource "random_password" "redis_password" {
length = 32
special = false
}
locals {
CORS_ORIGIN_ALLOW_ALL = true
DB_HOST=docker_service.netbox_postgres.name
DB_NAME="netbox"
DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
DB_USER="netbox"
EMAIL_FROM="netbox@bar.com"
EMAIL_PASSWORD=""
EMAIL_PORT=25
EMAIL_SERVER="localhost"
EMAIL_SSL_CERTFILE=""
EMAIL_SSL_KEYFILE=""
EMAIL_TIMEOUT=5
EMAIL_USERNAME="netbox"
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
EMAIL_USE_SSL=false
EMAIL_USE_TLS=false
GRAPHQL_ENABLED=true
HOUSEKEEPING_INTERVAL=86400
MEDIA_ROOT="/opt/netbox/netbox/media"
METRICS_ENABLED=false
REDIS_CACHE_DATABASE=1
REDIS_CACHE_HOST=docker_service.netbox_redis_cache.name
REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
REDIS_CACHE_PASSWORD=nonsensitive(random_password.redis_password.result)
REDIS_CACHE_SSL=false
REDIS_DATABASE=0
REDIS_HOST=docker_service.netbox_redis.name
REDIS_INSECURE_SKIP_TLS_VERIFY=false
REDIS_PASSWORD=nonsensitive(random_password.redis_password.result)
REDIS_SSL=false
RELEASE_CHECK_URL="https://api.github.com/repos/netbox-community/netbox/releases"
SECRET_KEY="r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X"
SKIP_SUPERUSER=true
WEBHOOKS_ENABLED=true
}
# Services
resource "docker_service" "netbox" {
name = "netbox-app"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root"
healthcheck {
test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
interval = "15s"
timeout = "3s"
start_period = "60s"
}
mounts {
target = "/etc/netbox/config"
type = "volume"
source = docker_volume.netbox_config.name
}
mounts {
target = "/opt/netbox/netbox/media"
type = "volume"
source = docker_volume.netbox_media.name
}
mounts {
target = "/opt/netbox/netbox/reports"
type = "volume"
source = docker_volume.netbox_reports.name
}
mounts {
target = "/opt/netbox/netbox/scripts"
type = "volume"
source = docker_volume.netbox_scripts.name
}
}
networks_advanced {
name = docker_network.loadbalancer.id
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
}
resource "docker_service" "netbox_worker" {
name = "netbox-worker"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root"
command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker",]
healthcheck {
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
interval = "15s"
timeout = "3s"
start_period = "20s"
}
mounts {
target = "/etc/netbox/config"
type = "volume"
source = docker_volume.netbox_config.name
}
mounts {
target = "/opt/netbox/netbox/media"
type = "volume"
source = docker_volume.netbox_media.name
}
mounts {
target = "/opt/netbox/netbox/reports"
type = "volume"
source = docker_volume.netbox_reports.name
}
mounts {
target = "/opt/netbox/netbox/scripts"
type = "volume"
source = docker_volume.netbox_scripts.name
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
}
resource "docker_service" "netbox_housekeeping" {
name = "netbox-housekeeping"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root"
command = ["/opt/netbox/housekeeping.sh",]
healthcheck {
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
interval = "15s"
timeout = "3s"
start_period = "20s"
}
mounts {
target = "/etc/netbox/config"
type = "volume"
source = docker_volume.netbox_config.name
}
mounts {
target = "/opt/netbox/netbox/media"
type = "volume"
source = docker_volume.netbox_media.name
}
mounts {
target = "/opt/netbox/netbox/reports"
type = "volume"
source = docker_volume.netbox_reports.name
}
mounts {
target = "/opt/netbox/netbox/scripts"
type = "volume"
source = docker_volume.netbox_scripts.name
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
}
# Netbox Postgres Database
resource "docker_service" "netbox_postgres" {
name = "netbox-postgres"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox_postgres.name}@${data.docker_registry_image.netbox_postgres.sha256_digest}"
mounts {
target = "/var/lib/postgresql/data"
type = "volume"
source = docker_volume.netbox_database.name
}
env = {
POSTGRES_DB = "netbox"
POSTGRES_USER = "netbox"
POSTGRES_PASSWORD = random_password.postgres_password.result
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
}
# Netbox Redis
resource "docker_service" "netbox_redis" {
name = "netbox-redis"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
command = ["sh", "-c", "redis-server","--appendonly","yes", "--requirepass", random_password.redis_password.result, ]
mounts {
target = "/data"
type = "volume"
source = docker_volume.netbox_database.name
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
}
resource "docker_service" "netbox_redis_cache" {
name = "netbox-redis-cache"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
command = ["sh", "-c", "redis-server", "--requirepass", random_password.redis_password.result, ]
mounts {
target = "/data"
type = "volume"
source = docker_volume.netbox_database.name
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
}