feat: deployable playbook

inventory/group_vars/netbox_servers.yml

@@ -0,0 +1,169 @@
+---
+# Group variables for NetBox deployment
+# These variables apply to all hosts in the netbox group
+
+# System Update Configuration
+system_update_reboot_if_needed: false
+system_update_autoremove: true
+
+# Docker Configuration
+docker_users:
+  - "{{ ansible_user }}"
+docker_daemon_config:
+  log-driver: "json-file"
+  log-opts:
+    max-size: "10m"
+    max-file: "3"
+
+# NetBox Configuration
+netbox_install_dir: "/opt/netbox-docker"
+netbox_backup_dir: "/opt/netbox-backups"
+netbox_data_dir: "/opt/netbox-data"
+netbox_repo_url: "https://github.com/netbox-community/netbox-docker.git"
+netbox_repo_branch: "release"
+netbox_repo_update: true
+
+# Database Configuration
+netbox_db_host: "postgres"
+netbox_db_name: "netbox"
+netbox_db_user: "netbox"
+netbox_db_password: "{{ vault_netbox_db_password }}"
+netbox_db_port: "5432"
+
+# Redis Configuration
+netbox_redis_host: "redis"
+netbox_redis_port: "6379"
+netbox_redis_password: "{{ vault_netbox_redis_password }}"
+
+# Redis Cache Configuration
+netbox_redis_cache_host: "redis-cache"
+netbox_redis_cache_port: "6379"
+netbox_redis_cache_password: "{{ vault_netbox_redis_cache_password | default('') }}"
+
+# NetBox Settings
+netbox_allowed_hosts: "*"
+netbox_time_zone: "UTC"
+netbox_language_code: "en"
+netbox_debug: false
+netbox_log_level: "INFO"
+netbox_secret_key: "{{ vault_netbox_secret_key | default('') }}"
+
+# Superuser Configuration
+netbox_superuser_name: "admin"
+netbox_superuser_email: "admin@{{ ansible_domain | default('example.com') }}"
+netbox_superuser_password: "{{ vault_netbox_superuser_password | default('admin') }}"
+
+netbox_additional_env:
+  DB_WAIT_DEBUG: 1
+  CORS_ORIGIN_ALLOW_ALL: True
+  EMAIL_FROM: "netbox@jeansburger.net"
+  EMAIL_PASSWORD: "{{ vault_netbox_email_password | default('') }}"
+  EMAIL_PORT: 587
+  EMAIL_SERVER: "smtp.postmarkapp.com"
+  EMAIL_TIMEOUT: 5
+  EMAIL_USERNAME: "{{ vault_netbox_email_username | default('') }}"
+  # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
+  EMAIL_USE_SSL: False
+  EMAIL_USE_TLS: True
+  GRAPHQL_ENABLED: True
+  MEDIA_ROOT: "/opt/netbox/netbox/media"
+  METRICS_ENABLED: True
+  RELEASE_CHECK_URL: "https://api.github.com/repos/netbox-community/netbox/releases"
+  SECRET_KEY: "{{ vault_netbox_secret_key | default('') }}"
+  SKIP_SUPERUSER: True
+  WEBHOOKS_ENABLED: True
+
+# Domain Configuration
+netbox_domain: "{{ vault_netbox_domain | default('netbox.example.com') }}"
+traefik_domain: "{{ vault_netbox_domain | default('traefik.example.com') }}"
+
+# Traefik Configuration
+traefik_install_dir: "/opt/traefik"
+traefik_data_dir: "/opt/traefik-data"
+traefik_config_dir: "/opt/traefik-config"
+traefik_image: "traefik:v3.0"
+traefik_dashboard_enabled: true
+traefik_dashboard_port: 8080
+traefik_api_insecure: false
+traefik_api_dashboard: true
+
+# ACME Configuration
+traefik_acme_enabled: true
+traefik_acme_email: "{{ vault_traefik_acme_email | default('admin@example.com') }}"
+traefik_acme_ca_server: "{{ vault_traefik_acme_ca_server }}"
+traefik_acme_storage: "/data/acme.json"
+traefik_acme_key_type: "RSA4096"
+
+# Traefik Entry Points
+traefik_entrypoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        - entrypoint:
+            to: "websecure"
+            scheme: "https"
+            permanent: true
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        certResolver: "letsencrypt"
+
+# Traefik Providers
+traefik_providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    network: "traefik"
+
+# Traefik Networks
+traefik_networks:
+  - name: "traefik"
+    external: true
+
+# Traefik Logging
+traefik_log_level: "INFO"
+traefik_access_logs: false
+
+# Custom Root CA Configuration
+traefik_custom_ca_enabled: true
+traefik_custom_ca_url: "{{ vault_traefik_custom_ca_url }}"
+traefik_custom_ca_path: "/etc/traefik/custom-ca.pem"
+traefik_custom_ca_server_name: "jeansburger-ca.lan"
+traefik_custom_ca_verify_ssl: false
+
+# Docker Compose Overrides
+netbox_docker_compose_overrides:
+  services:
+    netbox:
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.netbox.rule=Host(`{{ netbox_domain }}`)"
+        - "traefik.http.routers.netbox.tls.certresolver=letsencrypt"
+        - "traefik.http.services.netbox.loadbalancer.server.port=8080"
+      networks:
+        - "traefik"
+        - "netbox"
+    netbox-worker:
+      networks:
+        - "netbox"
+    postgres:
+      networks:
+        - "netbox"
+      volumes:
+        - "{{ netbox_data_dir }}/postgres:/var/lib/postgresql/data"
+    redis:
+      networks:
+        - "netbox"
+      volumes:
+        - "{{ netbox_data_dir }}/redis:/data"
+    redis-cache:
+      networks:
+        - "netbox"
+      volumes:
+        - "{{ netbox_data_dir }}/redis-cache:/data"
+  networks:
+    traefik:
+      external: true
+    netbox: {}