doni/netbox-ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: doni:99bfb97ee76e450a59ec62cc3a58a830b4b8ffde
Branches Tags
doni:main
...
compare: doni:7ab2b719dc6fe9ed6656a402c8554c031fe5fbdc
Branches Tags
doni:main

2 commits
99bfb97ee7 ... 7ab2b719dc

Author SHA1 Message Date
Doni Crosby
7ab2b719dc feat: deployable playbook 2025-09-27 13:36:00 -04:00
Doni Crosby
f8e1de4f0a feat: initial playbook 2025-09-25 19:24:11 -04:00
35 changed files with 1675 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.cursorignore Normal file
View file

@ -0,0 +1 @@
.vault-password

2
.gitignore vendored
View file

@ -1,3 +1,5 @@
# ---> Ansible
*.retry
ansible.log
.vault-password

57
Makefile Normal file
View file

@ -0,0 +1,57 @@
# NetBox Ansible Deployment Makefile
.PHONY: help install-collections deploy update backup check-syntax encrypt-vault decrypt-vault traefik-status traefik-logs traefik-access-logs traefik-restart traefik-update-ca
help: ## Show this help message
@echo "NetBox Ansible Deployment"
@echo "========================"
@echo ""
@echo "Available commands:"
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf " %-20s %s\n", $$1, $$2}' $(MAKEFILE_LIST)
install-collections: ## Install required Ansible collections
ansible-galaxy collection install -r requirements.yml
deploy: ## Deploy NetBox (requires vault password)
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --vault-password-file .vault-password
update: ## Update NetBox
ansible-playbook -i inventory/hosts.yml playbooks/update-netbox.yml
backup: ## Backup NetBox
ansible-playbook -i inventory/hosts.yml playbooks/backup-netbox.yml
check-syntax: ## Check Ansible playbook syntax
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --syntax-check
ansible-playbook -i inventory/hosts.yml playbooks/update-netbox.yml --syntax-check
ansible-playbook -i inventory/hosts.yml playbooks/backup-netbox.yml --syntax-check
encrypt-vault: ## Encrypt vault file
ansible-vault encrypt inventory/group_vars/netbox_servers_vault
decrypt-vault: ## Decrypt vault file
ansible-vault decrypt inventory/group_vars/netbox_servers_vault
edit-vault: ## Edit encrypted vault file
ansible-vault edit inventory/group_vars/netbox_servers_vault
dry-run: ## Run playbook in check mode (dry run)
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --check --vault-password-file .vault-password
test-connection: ## Test connection to hosts
ansible netbox -i inventory/hosts.yml -m ping
traefik-status: ## Check Traefik container status
ansible netbox -i inventory/hosts.yml -m shell -a "docker compose ps" --args "chdir=/opt/traefik"
traefik-logs: ## Show Traefik container logs
ansible netbox -i inventory/hosts.yml -m shell -a "docker compose logs traefik" --args "chdir=/opt/traefik"
traefik-access-logs: ## Show Traefik access logs (JSON format)
ansible netbox -i inventory/hosts.yml -m shell -a "docker compose logs traefik | grep -E '^traefik.*access' | tail -50"
traefik-restart: ## Restart Traefik container
ansible netbox -i inventory/hosts.yml -m shell -a "docker compose restart traefik" --args "chdir=/opt/traefik"
traefik-update-ca: ## Update custom root CA certificate
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --tags "custom-ca" --vault-password-file .vault-password

354
README.md
View file

@ -1,3 +1,353 @@
# netbox-ansible
# NetBox Ansible Deployment
Ansible playbook for managing the netbox server
This Ansible project deploys NetBox using Docker Compose on Ubuntu servers. It follows Ansible best practices with modular roles, idempotent operations, and comprehensive configuration management.
## Features
- **Modular Design**: Separate roles for system updates, Docker installation, Traefik reverse proxy, and NetBox deployment
- **Idempotent**: Safe to run multiple times without side effects
- **Ubuntu Only**: Specifically designed for Ubuntu distributions (Focal, Jammy, Noble)
- **Docker Compose**: Uses the official NetBox Docker repository
- **Traefik Integration**: Automatic reverse proxy with ACME TLS certificate management
- **HTTPS by Default**: Automatic HTTP to HTTPS redirection with Let's Encrypt certificates
- **Configuration Management**: Templated environment files with Ansible variables
- **Security**: Support for Ansible Vault for sensitive data
- **Backup Support**: Built-in backup playbook for data protection
## Project Structure
```
netbox-ansible/
├── ansible.cfg # Ansible configuration
├── inventory/
│ └── hosts.yml # Inventory file
├── group_vars/
│ ├── netbox.yml # Group variables
│ └── netbox/
│ └── vault.yml # Encrypted sensitive variables
├── playbooks/
│ ├── deploy-netbox.yml # Main deployment playbook
│ ├── update-netbox.yml # Update NetBox playbook
│ └── backup-netbox.yml # Backup NetBox playbook
├── roles/
│ ├── system-update/ # System package updates
│ ├── docker-install/ # Docker and Docker Compose installation
│ ├── traefik/ # Traefik reverse proxy with ACME TLS
│ └── netbox-deploy/ # NetBox deployment and configuration
└── templates/ # Additional templates if needed
```
## Prerequisites
- Ansible 2.9 or later
- Target servers running Ubuntu (Focal, Jammy, or Noble)
- SSH access to target servers with sudo privileges
- Python 3 on target servers
## Quick Start
1. **Configure Inventory**
```bash
# Edit inventory/hosts.yml
vim inventory/hosts.yml
```
Add your server(s):
```yaml
[netbox]
netbox-server ansible_host=192.168.1.100 ansible_user=ubuntu
```
2. **Configure Variables**
```bash
# Edit group variables
vim group_vars/netbox.yml
# Edit vault variables (domains, ACME email, etc.)
vim group_vars/netbox/vault.yml
# Encrypt sensitive variables
ansible-vault encrypt group_vars/netbox/vault.yml
```
3. **Deploy NetBox with Traefik**
```bash
# Run the deployment playbook (includes Traefik)
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --ask-vault-pass
```
4. **Access Your Services**
- NetBox: `https://your-domain.com`
- Traefik Dashboard: `https://traefik.your-domain.com:8080`
## Configuration
### Group Variables (`group_vars/netbox.yml`)
Key configuration options:
- `netbox_install_dir`: Directory for NetBox installation (default: `/opt/netbox-docker`)
- `netbox_data_dir`: Directory for persistent data (default: `/opt/netbox-data`)
- `netbox_backup_dir`: Directory for backups (default: `/opt/netbox-backups`)
- `netbox_domain`: Domain name for NetBox (configured in vault)
- `netbox_allowed_hosts`: Allowed hosts for NetBox
- `netbox_superuser_*`: Superuser configuration
- `netbox_db_*`: Database configuration
- `netbox_redis_*`: Redis configuration
- `traefik_*`: Traefik reverse proxy configuration
### Vault Variables (`group_vars/netbox/vault.yml`)
Sensitive data should be encrypted:
```bash
# Encrypt vault file
ansible-vault encrypt group_vars/netbox/vault.yml
# Edit encrypted vault file
ansible-vault edit group_vars/netbox/vault.yml
```
### Docker Compose Overrides
NetBox is now configured to work with Traefik labels instead of port forwarding:
```yaml
netbox_docker_compose_overrides:
services:
netbox:
labels:
- "traefik.enable=true"
- "traefik.http.routers.netbox.rule=Host(`{{ netbox_domain }}`)"
- "traefik.http.routers.netbox.entrypoints=websecure"
- "traefik.http.routers.netbox.tls.certresolver=letsencrypt"
- "traefik.http.services.netbox.loadbalancer.server.port=8080"
networks:
- "traefik"
```
## Playbooks
### Main Deployment (`deploy-netbox.yml`)
Deploys NetBox with Traefik reverse proxy:
- Updates system packages
- Installs Docker and Docker Compose
- Deploys Traefik reverse proxy with ACME TLS
- Clones NetBox Docker repository
- Configures environment files
- Starts NetBox services behind Traefik
- Creates superuser account
### Update NetBox (`update-netbox.yml`)
Updates existing NetBox installation:
- Updates repository
- Pulls latest Docker images
- Restarts services
### Backup NetBox (`backup-netbox.yml`)
Creates comprehensive backup:
- Database dump
- Media files
- Configuration files
## Roles
### system-update
- Updates apt package cache
- Upgrades all packages
- Installs required packages
- Optional reboot if needed
### docker-install
- Adds Docker GPG key and repository
- Installs Docker CE and Docker Compose
- Configures Docker daemon
- Adds users to docker group
### traefik
- Creates Traefik directories and configuration
- Sets up ACME certificate resolver for Let's Encrypt
- Configures Docker provider for automatic service discovery
- Deploys Traefik reverse proxy with HTTPS redirection
- Creates external network for service communication
### netbox-deploy
- Creates necessary directories
- Clones NetBox Docker repository
- Generates configuration files
- Starts NetBox services with Traefik labels
- Creates superuser account
## Usage Examples
### Deploy NetBox with Traefik
```bash
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --ask-vault-pass
```
### Update NetBox
```bash
ansible-playbook -i inventory/hosts.yml playbooks/update-netbox.yml
```
### Backup NetBox
```bash
ansible-playbook -i inventory/hosts.yml playbooks/backup-netbox.yml
```
### Run with Vault
```bash
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --ask-vault-pass
```
### Run Specific Tags
```bash
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --tags "traefik"
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --tags "netbox-deploy"
```
### Traefik Management
```bash
# Check Traefik status
make traefik-status
# View Traefik logs
make traefik-logs
# View access logs (JSON format for auditing)
make traefik-access-logs
# Restart Traefik
make traefik-restart
# Update custom root CA certificate
make traefik-update-ca
```
## Security Considerations
1. **Encrypt Sensitive Data**: Use `ansible-vault` for passwords and secrets
2. **SSH Key Authentication**: Use SSH keys instead of passwords
3. **Firewall Rules**: Configure appropriate firewall rules (ports 80, 443)
4. **TLS Certificates**: ACME certificates are automatically managed by Traefik
5. **Custom Root CA**: Support for custom certificate authorities alongside system CAs
6. **Access Logging**: Comprehensive JSON-formatted access logs for auditing
7. **Regular Updates**: Keep NetBox and dependencies updated
8. **Backup Strategy**: Implement regular backup procedures
## Troubleshooting
### Common Issues
1. **Permission Denied**: Ensure user has sudo privileges
2. **Docker Not Found**: Check Docker installation and user group membership
3. **Port Conflicts**: Verify ports 80 and 443 are available
4. **Database Connection**: Check database configuration and connectivity
5. **TLS Certificate Issues**: Check ACME configuration and domain DNS
6. **Traefik Not Starting**: Check Docker network and configuration
### Logs and Debugging
```bash
# Enable verbose output
ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml -vvv
# Check Docker Compose logs
ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/netbox-docker && docker compose logs"
# Check Traefik logs
ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs traefik"
```
## Logging and Auditing
### Access Logs
Traefik is configured with comprehensive access logging in JSON format for easy parsing and auditing:
- **Format**: JSON structured logs
- **Fields**: Includes request details, response codes, timing, and headers
- **Security**: Authorization headers are automatically dropped from logs
- **Headers Tracked**: User-Agent, Content-Type, X-Forwarded-For, X-Real-IP, etc.
### Log Management Commands
```bash
# View recent access logs
make traefik-access-logs
# View all Traefik logs
make traefik-logs
# Follow logs in real-time
ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs -f traefik"
```
### Log Analysis Examples
```bash
# Count requests by status code
ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs traefik | grep access | jq '.DownstreamStatus' | sort | uniq -c"
# Find failed requests
ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs traefik | grep access | jq 'select(.DownstreamStatus >= 400)'"
# Analyze by IP address
ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs traefik | grep access | jq '.ClientHost' | sort | uniq -c"
```
## Custom Root CA Configuration
Traefik can be configured to trust custom root certificate authorities while maintaining trust for system root CAs. This is useful for internal PKI environments or corporate certificate authorities.
### Configuration
Set the custom CA URL in your vault file:
```yaml
# Custom Root CA Configuration
vault_traefik_custom_ca_url: "https://your-ca-server.com/root-ca.pem"
```
### Features
- **Dual Trust**: Trusts both custom CA and system root CAs
- **Automatic Download**: Downloads CA certificate from web server during deployment
- **Certificate Validation**: Verifies certificate format using OpenSSL
- **Secure Storage**: CA certificate stored with appropriate permissions
- **Easy Updates**: Update CA certificate without full redeployment
### Management Commands
```bash
# Update custom root CA certificate
make traefik-update-ca
# Verify CA certificate manually
ansible netbox -i inventory/hosts.yml -m shell -a "openssl x509 -in /etc/traefik/custom-ca.pem -text -noout"
```
### Requirements
- Custom CA certificate must be accessible via HTTP/HTTPS GET request
- Certificate must be in PEM format
- Web server must be accessible from the deployment server
- Certificate validation can be disabled if needed (`traefik_custom_ca_verify_ssl: false`)
## Contributing
1. Follow Ansible best practices
2. Ensure idempotency
3. Add appropriate tags
4. Update documentation
5. Test on multiple Ubuntu versions
## License
MIT License - see LICENSE file for details.
## Support
For issues and questions:
- Check NetBox documentation: https://docs.netbox.dev/
- NetBox Community: https://github.com/netbox-community/netbox
- NetBox Docker: https://github.com/netbox-community/netbox-docker

29
ansible.cfg Normal file
View file

@ -0,0 +1,29 @@
[defaults]
# Basic configuration
inventory = inventory/
roles_path = roles/
timeout = 30
forks = 10
gathering = smart
fact_caching = memory
# Logging
log_path = ./ansible.log
bin_ansible_callbacks = True
# SSH settings
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
pipelining = True
# Performance
host_key_checking = False
retry_files_enabled = False
# Colors
force_color = 1
[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False

169
inventory/group_vars/netbox_servers.yml Normal file
View file

@ -0,0 +1,169 @@
---
# Group variables for NetBox deployment
# These variables apply to all hosts in the netbox group
# System Update Configuration
system_update_reboot_if_needed: false
system_update_autoremove: true
# Docker Configuration
docker_users:
- "{{ ansible_user }}"
docker_daemon_config:
log-driver: "json-file"
log-opts:
max-size: "10m"
max-file: "3"
# NetBox Configuration
netbox_install_dir: "/opt/netbox-docker"
netbox_backup_dir: "/opt/netbox-backups"
netbox_data_dir: "/opt/netbox-data"
netbox_repo_url: "https://github.com/netbox-community/netbox-docker.git"
netbox_repo_branch: "release"
netbox_repo_update: true
# Database Configuration
netbox_db_host: "postgres"
netbox_db_name: "netbox"
netbox_db_user: "netbox"
netbox_db_password: "{{ vault_netbox_db_password }}"
netbox_db_port: "5432"
# Redis Configuration
netbox_redis_host: "redis"
netbox_redis_port: "6379"
netbox_redis_password: "{{ vault_netbox_redis_password }}"
# Redis Cache Configuration
netbox_redis_cache_host: "redis-cache"
netbox_redis_cache_port: "6379"
netbox_redis_cache_password: "{{ vault_netbox_redis_cache_password | default('') }}"
# NetBox Settings
netbox_allowed_hosts: "*"
netbox_time_zone: "UTC"
netbox_language_code: "en"
netbox_debug: false
netbox_log_level: "INFO"
netbox_secret_key: "{{ vault_netbox_secret_key | default('') }}"
# Superuser Configuration
netbox_superuser_name: "admin"
netbox_superuser_email: "admin@{{ ansible_domain | default('example.com') }}"
netbox_superuser_password: "{{ vault_netbox_superuser_password | default('admin') }}"
netbox_additional_env:
DB_WAIT_DEBUG: 1
CORS_ORIGIN_ALLOW_ALL: True
EMAIL_FROM: "netbox@jeansburger.net"
EMAIL_PASSWORD: "{{ vault_netbox_email_password | default('') }}"
EMAIL_PORT: 587
EMAIL_SERVER: "smtp.postmarkapp.com"
EMAIL_TIMEOUT: 5
EMAIL_USERNAME: "{{ vault_netbox_email_username | default('') }}"
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
EMAIL_USE_SSL: False
EMAIL_USE_TLS: True
GRAPHQL_ENABLED: True
MEDIA_ROOT: "/opt/netbox/netbox/media"
METRICS_ENABLED: True
RELEASE_CHECK_URL: "https://api.github.com/repos/netbox-community/netbox/releases"
SECRET_KEY: "{{ vault_netbox_secret_key | default('') }}"
SKIP_SUPERUSER: True
WEBHOOKS_ENABLED: True
# Domain Configuration
netbox_domain: "{{ vault_netbox_domain | default('netbox.example.com') }}"
traefik_domain: "{{ vault_netbox_domain | default('traefik.example.com') }}"
# Traefik Configuration
traefik_install_dir: "/opt/traefik"
traefik_data_dir: "/opt/traefik-data"
traefik_config_dir: "/opt/traefik-config"
traefik_image: "traefik:v3.0"
traefik_dashboard_enabled: true
traefik_dashboard_port: 8080
traefik_api_insecure: false
traefik_api_dashboard: true
# ACME Configuration
traefik_acme_enabled: true
traefik_acme_email: "{{ vault_traefik_acme_email | default('admin@example.com') }}"
traefik_acme_ca_server: "{{ vault_traefik_acme_ca_server }}"
traefik_acme_storage: "/data/acme.json"
traefik_acme_key_type: "RSA4096"
# Traefik Entry Points
traefik_entrypoints:
web:
address: ":80"
http:
redirections:
- entrypoint:
to: "websecure"
scheme: "https"
permanent: true
websecure:
address: ":443"
http:
tls:
certResolver: "letsencrypt"
# Traefik Providers
traefik_providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: "traefik"
# Traefik Networks
traefik_networks:
- name: "traefik"
external: true
# Traefik Logging
traefik_log_level: "INFO"
traefik_access_logs: false
# Custom Root CA Configuration
traefik_custom_ca_enabled: true
traefik_custom_ca_url: "{{ vault_traefik_custom_ca_url }}"
traefik_custom_ca_path: "/etc/traefik/custom-ca.pem"
traefik_custom_ca_server_name: "jeansburger-ca.lan"
traefik_custom_ca_verify_ssl: false
# Docker Compose Overrides
netbox_docker_compose_overrides:
services:
netbox:
labels:
- "traefik.enable=true"
- "traefik.http.routers.netbox.rule=Host(`{{ netbox_domain }}`)"
- "traefik.http.routers.netbox.tls.certresolver=letsencrypt"
- "traefik.http.services.netbox.loadbalancer.server.port=8080"
networks:
- "traefik"
- "netbox"
netbox-worker:
networks:
- "netbox"
postgres:
networks:
- "netbox"
volumes:
- "{{ netbox_data_dir }}/postgres:/var/lib/postgresql/data"
redis:
networks:
- "netbox"
volumes:
- "{{ netbox_data_dir }}/redis:/data"
redis-cache:
networks:
- "netbox"
volumes:
- "{{ netbox_data_dir }}/redis-cache:/data"
networks:
traefik:
external: true
netbox: {}

67
inventory/group_vars/netbox_servers_vault Normal file
View file

@ -0,0 +1,67 @@
$ANSIBLE_VAULT;1.1;AES256
37623935373466373531313732383935343638313038323037613064663465303362643636336438
3962616234303265666235303266383539386462376431330a336336363966623533623730393962
31313935633433636635356434393338626538333965386539373530363065393166656163343266
6238396131613235610a356537393638613731333163376638656466636630383730663633363431
35646665626564383136653863333762313637613934643437383335336566643830396131336431
33626663636636636633326538343262393165623664313161643930656531323765313835343332
63623837363763386165613438303762323432653064663066636163323962613632636531313430
39303961373537303061666434303430323063393464363662653866373131666236646637326337
65393836613831343765363266653737613161336133613939613234333664653066333864373536
64633461303862363739393834306230336332363163303432663338663765363263633433613763
31393963376164616566383566386562346265393963643530636561663063353738303934303363
62663039333838323231313137386637663832373466333136323134626133653762373631623033
66383964643439653262386438623933356532336235663866353137316639613266303839336566
38373765316238303230353938643463366264306230303433363863616364383965343837346634
32643135613032373163353632626439643266613633623662646161623237313364616331353861
37396534396335346239363031373264323264326334636564333862353434396138313132643631
65656136363031363534626638313830386666653235333131646265376366393235663264393065
65386135353533313236333038376165346139306431643064373734343066333462616364613764
39353439303362623938353338353666323063343533616262353563613064333835626331666233
61656232613835313736373134373131306364663066366461376335373662386264363234373731
32633166323030363237663761396638303837363138666365343533653638666461303138396435
31666132353866376161323362343963366536646530346237633236323532383433343965666464
31303666653665323161346239396133373234316665643436383362313436326139653264303637
63656166306162336462656262386437353165636262303334363538366338653734346333393763
66323435303262343336306630623864343731633762376135356563373266396563656430663764
38303766363235346264656231643863333533313765393338333235353034653836393733333065
36663864663838663334393232313036656534326363663066666335656432366538643562656263
31393866353731616662313432393335636436396335356537376166326136666136323661326664
36303562303339323264343365613535393037383038396131346161396539353936666133303562
32373530616237306264626361613864633561343163303262313034616662663034393830626330
30363462363264386234373763653438666232353235656139633463363265613231346639653461
65353861353035663763313262663863633761333462356463613737633430373736366136393666
36353139376431376566383761613538383133323563653336653835393037343562373738333361
35613862383062336263626261646638633033393763336238333864656663613638353362353030
66636465383032393434636665613664323331326131653234653766616563323833623739393631
62363732613764313036366531363130313438396261376232333738376235346136346162333037
34613966636261353237616664663666383364623262396363333365306661663933366431636430
62316363313662326338653163306431383132333739303365393938616436396166386639313339
36333962393063633630386162613232626431303064346662313865363032326465303163646238
61333638613839333239653537373564363966633836376335613637643961323530626366393263
34336633316438326432333537396636663063626339383630613965643238376362326432336366
34313934323361386262336162363261613363353866393464316164636464393330613237643936
65336431343037376163326433373566363663346635386162366137313165373431643863366134
34343735393532656161626466343061623439663064343661396230393764663764363139383532
32346662616235626365323663313430343130356563313335323635653863373565633235386130
39353735646661393164393133303666316263643933393336613563623637386139633765386238
65663439623036383436356361313062343632306232633363376235393634623438616462393733
36313130386135346631656638663037373238643330333364633061316261393031353130316234
30633737356564333231353237366637623930653333616536383331363762393461343533353765
64356237376432643064626662393836346138633465363561333035623331373931353833663764
38336266386236643531633135313833666336396231316231653666356339623262353234333537
64393863396165616261616132613561386664646262333965636663396564313235623032663839
62656630313031326232613962336636636433326639643534646664313062393135323164643631
37353464666232653333636236343264386264303136613636393664323139306631393666663636
32656261636635623261356365616163303665613462323131346466306661303233643566396631
61636363323536383464616363666537343438363632333638623130613233376538346332303033
31646164353735656162613863633630343537666232373036323337646564653338643762643464
30633336653030613333613761646538303466636662386362373235623166643464393130623466
64373234353765313339333261363366633766623861336663633131643161353238636663643235
34333638363131626534653932363965353737653434326265353864383233316335393264633861
33373365643239663161343361356430303437656264663735636164373862323135656530373463
37656461653736633437353864366530373037633861646132376263613035616561366366643435
64643036303563323466643937373232303736373966636239383766323439663264393631383562
35656234343131353132366262623962313066313464656631383465613630666136356266333636
38663065656336373561373563313161643362386339363730666434663930633861666266346162
3631303764363237623466326266366131323065326163393962

14
inventory/hosts.yml Normal file
View file

@ -0,0 +1,14 @@
# NetBox Deployment Inventory
# Example inventory file for NetBox deployment
netbox_servers:
hosts:
netbox:
ansible_host: netbox.lan
ansible_user: scrappy
# Uncomment and modify the following line to add your server:
# netbox-server ansible_host=YOUR_SERVER_IP ansible_user=YOUR_USERNAME

69
playbooks/backup-netbox.yml Normal file
View file

@ -0,0 +1,69 @@
---
- name: Backup NetBox Data
hosts: netbox
become: yes
gather_facts: no
tasks:
- name: Create backup directory with timestamp
file:
path: "{{ netbox_backup_dir }}/{{ ansible_date_time.iso8601_basic_short }}"
state: directory
mode: '0755'
register: backup_dir
tags:
- backup
- name: Backup PostgreSQL database
community.docker.docker_compose_v2:
project_src: "{{ netbox_install_dir }}"
command: "db pg_dump -U {{ netbox_db_user }} {{ netbox_db_name }}"
register: db_backup
tags:
- backup
- name: Save database backup to file
copy:
content: "{{ db_backup.stdout }}"
dest: "{{ backup_dir.path }}/netbox_db_backup.sql"
mode: '0644'
tags:
- backup
- name: Backup Redis data
archive:
path: "{{ netbox_data_dir }}/redis"
dest: "{{ backup_dir.path }}/redis-data.tar.gz"
format: gz
ignore_errors: yes
tags:
- backup
- name: Backup Redis Cache data
archive:
path: "{{ netbox_data_dir }}/redis-cache"
dest: "{{ backup_dir.path }}/redis-cache-data.tar.gz"
format: gz
ignore_errors: yes
tags:
- backup
- name: Backup Docker Compose configuration
copy:
src: "{{ netbox_install_dir }}/"
dest: "{{ backup_dir.path }}/docker-compose-config/"
mode: '0644'
tags:
- backup
- name: Display backup information
debug:
msg:
- "Backup completed successfully!"
- "Backup location: {{ backup_dir.path }}"
- "Database backup: {{ backup_dir.path }}/netbox_db_backup.sql"
- "Redis data backup: {{ backup_dir.path }}/redis-data.tar.gz"
- "Redis Cache data backup: {{ backup_dir.path }}/redis-cache-data.tar.gz"
- "Config backup: {{ backup_dir.path }}/docker-compose-config/"
tags:
- backup

78
playbooks/deploy-netbox.yml Normal file
View file

@ -0,0 +1,78 @@
---
- name: Deploy NetBox with Docker Compose
hosts: netbox
become: yes
gather_facts: yes
pre_tasks:
- name: Include vault variables
include_vars: ../inventory/group_vars/netbox_servers_vault
- name: Verify Ubuntu distribution
fail:
msg: "This playbook only supports Ubuntu distributions"
when: ansible_distribution != "Ubuntu"
tags: always
- name: Display deployment information
debug:
msg:
- "Deploying NetBox to {{ inventory_hostname }}"
- "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}"
- "Architecture: {{ ansible_architecture }}"
- "Installation directory: {{ netbox_install_dir }}"
tags: always
roles:
- role: system-update
tags:
- system-update
- updates
- packages
- role: docker-install
tags:
- docker-install
- docker
- containers
- role: traefik
tags:
- traefik-deploy
- traefik
- reverse-proxy
- role: netbox-deploy
tags:
- netbox-deploy
- netbox
- application
post_tasks:
- name: Display NetBox access information
debug:
msg:
- "NetBox deployment completed successfully!"
- "Access NetBox at: https://{{ netbox_domain }}"
- "Traefik Dashboard at: https://{{ traefik_domain }}:{{ traefik_dashboard_port }}"
- "Default admin credentials:"
- " Username: {{ netbox_superuser_name }}"
- " Email: {{ netbox_superuser_email }}"
- " Password: {{ netbox_superuser_password }}"
- "Installation directory: {{ netbox_install_dir }}"
- "Data directory: {{ netbox_data_dir }}"
- "Traefik installation directory: {{ traefik_install_dir }}"
tags: always
- name: Show Docker Compose status
command: docker compose ps
args:
chdir: "{{ netbox_install_dir }}"
register: docker_compose_status
changed_when: false
tags: always
- name: Display Docker Compose status
debug:
var: docker_compose_status.stdout_lines
tags: always

44
playbooks/update-netbox.yml Normal file
View file

@ -0,0 +1,44 @@
---
- name: Update NetBox Docker Repository
hosts: netbox
become: yes
gather_facts: no
tasks:
- name: Update NetBox Docker repository
git:
repo: "{{ netbox_repo_url }}"
dest: "{{ netbox_install_dir }}"
version: "{{ netbox_repo_branch }}"
update: yes
force: yes
tags:
- update-repo
- name: Pull latest Docker images
community.docker.docker_compose_v2:
project_src: "{{ netbox_install_dir }}"
pull: yes
tags:
- pull-images
- name: Restart NetBox services
community.docker.docker_compose_v2:
project_src: "{{ netbox_install_dir }}"
state: present
recreate: yes
tags:
- restart-services
- name: Wait for NetBox to be ready
uri:
url: "https://{{ netbox_domain }}/"
method: GET
status_code: 200
validate_certs: false
register: netbox_ready
until: netbox_ready.status == 200
retries: 30
delay: 10
tags:
- health-check

7
requirements.yml Normal file
View file

@ -0,0 +1,7 @@
---
# Ansible Collections Requirements
collections:
- name: community.docker
version: ">=3.0.0"
- name: ansible.posix
version: ">=1.0.0"

7
roles/docker-install/defaults/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
# Default variables for docker-install role
docker_compose_version: "2.24.0"
docker_compose_install_path: "/usr/local/bin/docker-compose"
docker_users: []
docker_daemon_config: {}
docker_install_compose: true

5
roles/docker-install/handlers/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: restart docker
systemd:
name: docker
state: restarted

19
roles/docker-install/meta/main.yml Normal file
View file

@ -0,0 +1,19 @@
---
galaxy_info:
author: NetBox Ansible Deployment
description: Installs Docker and Docker Compose on Ubuntu
company: Internal
license: MIT
min_ansible_version: 2.9
platforms:
- name: Ubuntu
versions:
- focal
- jammy
- noble
galaxy_tags:
- docker
- ubuntu
- containers
dependencies: []

70
roles/docker-install/tasks/main.yml Normal file
View file

@ -0,0 +1,70 @@
---
- name: Add Docker GPG key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
tags:
- docker-install
- gpg-key
- name: Add Docker repository
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
tags:
- docker-install
- repository
- name: Install Docker packages
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
state: present
tags:
- docker-install
- packages
- name: Start and enable Docker service
systemd:
name: docker
state: started
enabled: yes
tags:
- docker-install
- service
- name: Add users to docker group
user:
name: "{{ item }}"
groups: docker
append: yes
loop: "{{ docker_users }}"
tags:
- docker-install
- users
- name: Install Docker Compose standalone (if enabled)
get_url:
url: "https://github.com/docker/compose/releases/download/v{{ docker_compose_version }}/docker-compose-linux-x86_64"
dest: "{{ docker_compose_install_path }}"
mode: '0755'
when: docker_install_compose
tags:
- docker-install
- compose
- name: Configure Docker daemon (if config provided)
copy:
content: "{{ docker_daemon_config | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: '0644'
when: docker_daemon_config is defined and docker_daemon_config | length > 0
notify: restart docker
tags:
- docker-install
- daemon-config

7
roles/docker-install/vars/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
# Variables for docker-install role
docker_compose_version: "2.24.0"
docker_compose_install_path: "/usr/local/bin/docker-compose"
docker_users: []
docker_daemon_config: {}
docker_install_compose: true

45
roles/netbox-deploy/defaults/main.yml Normal file
View file

@ -0,0 +1,45 @@
---
# Default variables for netbox-deploy role
netbox_install_dir: "/opt/netbox-docker"
netbox_repo_url: "https://github.com/netbox-community/netbox-docker.git"
netbox_repo_branch: "release"
netbox_repo_update: true
netbox_backup_dir: "/opt/netbox-backups"
netbox_data_dir: "/opt/netbox-data"
# NetBox configuration
netbox_superuser_name: "admin"
netbox_superuser_email: "admin@example.com"
netbox_superuser_password: "admin"
netbox_secret_key: ""
# Database configuration
netbox_db_host: "db"
netbox_db_name: "netbox"
netbox_db_user: "netbox"
netbox_db_password: "netbox"
netbox_db_port: "5432"
# Redis configuration
netbox_redis_host: "redis"
netbox_redis_port: "6379"
netbox_redis_password: ""
# Redis Cache configuration
netbox_redis_cache_host: "redis-cache"
netbox_redis_cache_port: "6379"
netbox_redis_cache_password: ""
# NetBox settings
netbox_allowed_hosts: "localhost,127.0.0.1"
netbox_time_zone: "UTC"
netbox_language_code: "en"
netbox_debug: false
netbox_log_level: "INFO"
# Docker Compose overrides
netbox_docker_compose_overrides:
services:
netbox:
ports:
- "8000:8080"

19
roles/netbox-deploy/meta/main.yml Normal file
View file

@ -0,0 +1,19 @@
---
galaxy_info:
author: NetBox Ansible Deployment
description: Deploys NetBox using Docker Compose
company: Internal
license: MIT
min_ansible_version: 2.9
platforms:
- name: Ubuntu
versions:
- focal
- jammy
- noble
galaxy_tags:
- netbox
- docker
- deployment
dependencies: []

127
roles/netbox-deploy/tasks/main.yml Normal file
View file

@ -0,0 +1,127 @@
---
- name: Create NetBox installation directory
file:
path: "{{ netbox_install_dir }}"
state: directory
owner: root
group: root
mode: '0755'
tags:
- netbox-deploy
- directories
- name: Create NetBox data directory
file:
path: "{{ netbox_data_dir }}"
state: directory
owner: root
group: root
mode: '0755'
tags:
- netbox-deploy
- directories
- name: Create NetBox backup directory
file:
path: "{{ netbox_backup_dir }}"
state: directory
owner: root
group: root
mode: '0755'
tags:
- netbox-deploy
- directories
- name: Clone NetBox Docker repository
git:
repo: "{{ netbox_repo_url }}"
dest: "{{ netbox_install_dir }}"
version: "{{ netbox_repo_branch }}"
update: "{{ netbox_repo_update }}"
force: yes
tags:
- netbox-deploy
- git-clone
- name: Generate NetBox secret key
set_fact:
netbox_secret_key: "{{ netbox_secret_key | default(ansible.builtin.random_string(length=128)) }}"
when: netbox_secret_key == ""
tags:
- netbox-deploy
- config
- name: Create NetBox environment file
template:
src: netbox.env.j2
dest: "{{ netbox_install_dir }}/env/netbox.env"
mode: '0644'
tags:
- netbox-deploy
- config
- name: Create PostgreSQL environment file
template:
src: postgres.env.j2
dest: "{{ netbox_install_dir }}/env/postgres.env"
mode: '0644'
tags:
- netbox-deploy
- config
- name: Create Redis environment file
template:
src: redis.env.j2
dest: "{{ netbox_install_dir }}/env/redis.env"
mode: '0644'
tags:
- netbox-deploy
- config
- name: Create Redis Cache environment file
template:
src: redis-cache.env.j2
dest: "{{ netbox_install_dir }}/env/redis-cache.env"
mode: '0644'
tags:
- netbox-deploy
- config
- name: Create Docker Compose override file
template:
src: docker-compose.override.yml.j2
dest: "{{ netbox_install_dir }}/docker-compose.override.yml"
mode: '0644'
tags:
- netbox-deploy
- config
- name: Pull Docker images
community.docker.docker_compose_v2:
project_src: "{{ netbox_install_dir }}"
pull: always
tags:
- netbox-deploy
- docker-pull
- name: Start NetBox services
community.docker.docker_compose_v2:
project_src: "{{ netbox_install_dir }}"
state: present
tags:
- netbox-deploy
- docker-start
- name: Wait for NetBox to be ready
uri:
url: "https://{{ netbox_domain }}/"
method: GET
status_code: 200
validate_certs: false
register: netbox_ready
until: netbox_ready.status == 200
retries: 30
delay: 10
tags:
- netbox-deploy
- health-check

4
roles/netbox-deploy/templates/docker-compose.override.yml.j2 Normal file
View file

@ -0,0 +1,4 @@
# Docker Compose Override Configuration
# Generated by Ansible - DO NOT EDIT MANUALLY
{{ netbox_docker_compose_overrides | to_nice_yaml }}

43
roles/netbox-deploy/templates/netbox.env.j2 Normal file
View file

@ -0,0 +1,43 @@
# NetBox Configuration
# Generated by Ansible - DO NOT EDIT MANUALLY
# Database Configuration
DB_HOST={{ netbox_db_host }}
DB_NAME={{ netbox_db_name }}
DB_USER={{ netbox_db_user }}
DB_PASSWORD={{ netbox_db_password }}
DB_PORT={{ netbox_db_port }}
# Redis Configuration (Main Redis)
REDIS_HOST={{ netbox_redis_host }}
REDIS_PORT={{ netbox_redis_port }}
{% if netbox_redis_password %}
REDIS_PASSWORD={{ netbox_redis_password }}
{% endif %}
# Redis Cache Configuration
REDIS_CACHE_HOST={{ netbox_redis_cache_host }}
REDIS_CACHE_PORT={{ netbox_redis_cache_port }}
{% if netbox_redis_cache_password %}
REDIS_CACHE_PASSWORD={{ netbox_redis_cache_password }}
{% endif %}
# NetBox Settings
SECRET_KEY={{ netbox_secret_key }}
ALLOWED_HOSTS={{ netbox_allowed_hosts }}
TIME_ZONE={{ netbox_time_zone }}
LANGUAGE_CODE={{ netbox_language_code }}
DEBUG={{ netbox_debug | lower }}
LOG_LEVEL={{ netbox_log_level }}
# Superuser Configuration
SUPERUSER_NAME={{ netbox_superuser_name }}
SUPERUSER_EMAIL={{ netbox_superuser_email }}
SUPERUSER_PASSWORD={{ netbox_superuser_password }}
# Additional NetBox Configuration
{% if netbox_additional_env is defined %}
{% for key, value in netbox_additional_env.items() %}
{{ key }}={{ value }}
{% endfor %}
{% endif %}

14
roles/netbox-deploy/templates/postgres.env.j2 Normal file
View file

@ -0,0 +1,14 @@
# PostgreSQL Configuration
# Generated by Ansible - DO NOT EDIT MANUALLY
POSTGRES_DB={{ netbox_db_name }}
POSTGRES_USER={{ netbox_db_user }}
POSTGRES_PASSWORD={{ netbox_db_password }}
POSTGRES_PORT={{ netbox_db_port }}
# Additional PostgreSQL Configuration
{% if netbox_postgres_additional_env is defined %}
{% for key, value in netbox_postgres_additional_env.items() %}
{{ key }}={{ value }}
{% endfor %}
{% endif %}

13
roles/netbox-deploy/templates/redis-cache.env.j2 Normal file
View file

@ -0,0 +1,13 @@
# Redis Cache Configuration
# Generated by Ansible - DO NOT EDIT MANUALLY
{% if netbox_redis_cache_password %}
REDIS_PASSWORD={{ netbox_redis_cache_password }}
{% endif %}
# Additional Redis Cache Configuration
{% if netbox_redis_cache_additional_env is defined %}
{% for key, value in netbox_redis_cache_additional_env.items() %}
{{ key }}={{ value }}
{% endfor %}
{% endif %}

13
roles/netbox-deploy/templates/redis.env.j2 Normal file
View file

@ -0,0 +1,13 @@
# Redis Configuration (Main Redis)
# Generated by Ansible - DO NOT EDIT MANUALLY
{% if netbox_redis_password %}
REDIS_PASSWORD={{ netbox_redis_password }}
{% endif %}
# Additional Redis Configuration
{% if netbox_redis_additional_env is defined %}
{% for key, value in netbox_redis_additional_env.items() %}
{{ key }}={{ value }}
{% endfor %}
{% endif %}

12
roles/system-update/defaults/main.yml Normal file
View file

@ -0,0 +1,12 @@
---
# Default variables for system-update role
system_update_packages:
- apt-transport-https
- ca-certificates
- curl
- gnupg
- lsb-release
- software-properties-common
system_update_reboot_if_needed: false
system_update_autoremove: true

19
roles/system-update/meta/main.yml Normal file
View file

@ -0,0 +1,19 @@
---
galaxy_info:
author: NetBox Ansible Deployment
description: Updates Ubuntu system packages
company: Internal
license: MIT
min_ansible_version: 2.9
platforms:
- name: Ubuntu
versions:
- focal
- jammy
- noble
galaxy_tags:
- system
- ubuntu
- updates
dependencies: []

47
roles/system-update/tasks/main.yml Normal file
View file

@ -0,0 +1,47 @@
---
- name: Update apt package cache
apt:
update_cache: yes
cache_valid_time: 3600
tags:
- system-update
- apt-update
- name: Upgrade all packages
apt:
upgrade: dist
autoremove: "{{ system_update_autoremove }}"
register: apt_upgrade_result
tags:
- system-update
- apt-upgrade
- name: Install required packages
apt:
name: "{{ system_update_packages }}"
state: present
tags:
- system-update
- packages
- name: Check if reboot is required
stat:
path: /var/run/reboot-required
register: reboot_required
tags:
- system-update
- reboot-check
- name: Reboot if required and enabled
reboot:
msg: "Reboot initiated by Ansible for system updates"
connect_timeout: 5
reboot_timeout: 600
pre_reboot_delay: 0
post_reboot_delay: 30
when:
- reboot_required.stat.exists
- system_update_reboot_if_needed
tags:
- system-update
- reboot

9
roles/system-update/vars/main.yml Normal file
View file

@ -0,0 +1,9 @@
---
# Variables for system-update role
system_update_packages:
- apt-transport-https
- ca-certificates
- curl
- gnupg
- lsb-release
- software-properties-common

56
roles/traefik/defaults/main.yml Normal file
View file

@ -0,0 +1,56 @@
---
# Default variables for traefik role
# Traefik Configuration
traefik_install_dir: "/opt/traefik"
traefik_data_dir: "/opt/traefik-data"
traefik_config_dir: "/opt/traefik-config"
# Traefik Image
traefik_image: "traefik:v3.0"
traefik_image_tag: "v3.0"
# Traefik Configuration
traefik_dashboard_enabled: true
traefik_dashboard_port: 8080
traefik_api_insecure: false
traefik_api_dashboard: true
# ACME Configuration
traefik_acme_enabled: true
traefik_acme_email: "admin@example.com"
# traefik_acme_ca_server should be defined in group_vars or host_vars
traefik_acme_storage: "/data/acme.json"
traefik_acme_key_type: "RSA4096"
# Entry Points
traefik_entrypoints:
web:
address: ":80"
websecure:
address: ":443"
traefik:
address: ":8080"
# Providers
traefik_providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: "traefik"
# Networks
traefik_networks:
- name: "traefik"
external: false
# Logging
traefik_log_level: "INFO"
traefik_access_logs: false
# Custom Root CA Configuration
# Users should define these in their group_vars or host_vars
# traefik_custom_ca_enabled: false
# traefik_custom_ca_url: "https://your-ca-server.com/root-ca.pem"
traefik_custom_ca_path: "/etc/traefik/custom-ca.pem"
traefik_custom_ca_verify_ssl: true

10
roles/traefik/handlers/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: restart traefik
community.docker.docker_compose_v2:
project_src: "{{ traefik_install_dir }}"
state: present
recreate: always
pull: always
tags:
- traefik-deploy
- handlers

19
roles/traefik/meta/main.yml Normal file
View file

@ -0,0 +1,19 @@
---
galaxy_info:
author: NetBox Ansible Deployment
description: Traefik reverse proxy with ACME TLS support
company:
license: MIT
min_ansible_version: 2.9
platforms:
- name: Ubuntu
versions:
- focal
- jammy
galaxy_tags:
- traefik
- reverse-proxy
- tls
- acme
dependencies: []

101
roles/traefik/tasks/main.yml Normal file
View file

@ -0,0 +1,101 @@
---
- name: Create Traefik installation directory
file:
path: "{{ traefik_install_dir }}"
state: directory
owner: root
group: root
mode: '0755'
tags:
- traefik-deploy
- directories
- name: Create Traefik data directory
file:
path: "{{ traefik_data_dir }}"
state: directory
owner: root
group: root
mode: '0755'
tags:
- traefik-deploy
- directories
- name: Create Traefik config directory
file:
path: "{{ traefik_config_dir }}"
state: directory
owner: root
group: root
mode: '0755'
tags:
- traefik-deploy
- directories
- name: Create ACME storage file
file:
path: "{{ traefik_data_dir }}/acme.json"
state: touch
owner: root
group: root
mode: '0600'
tags:
- traefik-deploy
- config
- name: Download custom root CA certificate
get_url:
url: "{{ traefik_custom_ca_url }}"
dest: "{{ traefik_custom_ca_path }}"
mode: '0644'
owner: root
group: root
validate_certs: "{{ traefik_custom_ca_verify_ssl }}"
timeout: 30
when: traefik_custom_ca_enabled | default(false) and traefik_custom_ca_url | default('') != ''
notify: restart traefik
tags:
- traefik-deploy
- custom-ca
- name: Create Traefik static configuration
template:
src: traefik.yml.j2
dest: "{{ traefik_config_dir }}/traefik.yml"
mode: '0644'
notify: restart traefik
tags:
- traefik-deploy
- config
- name: Create Traefik Docker Compose file
template:
src: docker-compose.yml.j2
dest: "{{ traefik_install_dir }}/docker-compose.yml"
mode: '0644'
notify: restart traefik
tags:
- traefik-deploy
- config
- name: Start Traefik services
community.docker.docker_compose_v2:
project_src: "{{ traefik_install_dir }}"
state: present
tags:
- traefik-deploy
- docker-start
- name: Wait for Traefik to be ready
uri:
url: "https://traefik.{{ traefik_domain | default('localhost') }}/api/rawdata"
method: GET
status_code: 200
ca_path: "{{ traefik_custom_ca_path }}"
register: traefik_ready
until: traefik_ready.status == 200
retries: 30
delay: 5
tags:
- traefik-deploy
- health-check

41
roles/traefik/templates/docker-compose.yml.j2 Normal file
View file

@ -0,0 +1,41 @@
name: traefik
services:
traefik:
image: "{{ traefik_image }}"
container_name: traefik
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- "{{ traefik_config_dir }}/traefik.yml:/etc/traefik/traefik.yml:ro"
- "{{ traefik_data_dir }}:/data"
{% if traefik_custom_ca_enabled | default(false) %}
- "{{ traefik_custom_ca_path }}:/etc/ssl/certs/custom-ca.pem:ro"
{% endif %}
networks:
{% for network in traefik_networks %}
- "{{ network.name }}"
{% endfor %}
{% if traefik_custom_ca_enabled | default(false) %}
environment:
- LEGO_CA_CERTIFICATES=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/custom-ca.pem
{% endif %}
command:
- --configfile=/etc/traefik/traefik.yml
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.{{ traefik_domain | default('localhost') }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.traefik-dashboard.service=api@internal"
networks:
{% for network in traefik_networks %}
{{ network.name }}:
{% if network.external | default(false) %}
external: true
{% else %}
driver: bridge
{% endif %}
{% endfor %}

86
roles/traefik/templates/traefik.yml.j2 Normal file
View file

@ -0,0 +1,86 @@
# Traefik Static Configuration
# Generated by Ansible - DO NOT EDIT MANUALLY
# Global Configuration
global:
checkNewVersion: false
sendAnonymousUsage: false
# API Configuration
api:
dashboard: true
insecure: false
# Entry Points
entryPoints:
{% for name, config in traefik_entrypoints.items() %}
{{ name }}:
address: "{{ config.address }}"
{% if config.http is defined %}
http:
{% if config.http.tls is defined %}
tls:
{% if config.http.tls.certResolver is defined %}
certResolver: {{ config.http.tls.certResolver }}
{% endif %}
{% endif %}
{% if config.http.redirections is defined %}
redirections:
{% for redirection in config.http.redirections %}
entryPoint:
to: "{{ redirection.entrypoint.to }}"
scheme: "{{ redirection.entrypoint.scheme }}"
permanent: {{ redirection.entrypoint.permanent | lower }}
{% endfor %}
{% endif %}
{% endif %}
{% endfor %}
# Providers
providers:
{% for name, config in traefik_providers.items() %}
{{ name }}:
{% for key, value in config.items() %}
{{ key }}: {{ value | to_json if value is mapping else (value | lower if value is boolean else value) }}
{% endfor %}
{% endfor %}
{% if traefik_acme_enabled %}
# Certificate Resolvers
certificatesResolvers:
letsencrypt:
acme:
email: "{{ traefik_acme_email }}"
storage: "{{ traefik_acme_storage }}"
{% if traefik_acme_ca_server is defined %}
caServer: "{{ traefik_acme_ca_server }}"
{% endif %}
httpChallenge:
entryPoint: web
{% endif %}
# Logging
log:
level: "{{ traefik_log_level }}"
{% if traefik_access_logs %}
accessLog:
{% if traefik_access_logs_format is defined %}
format: "{{ traefik_access_logs_format }}"
{% endif %}
{% if traefik_access_logs_fields is defined %}
fields:
defaultMode: "{{ traefik_access_logs_fields.defaultMode }}"
{% if traefik_access_logs_fields.headers is defined %}
headers:
defaultMode: "{{ traefik_access_logs_fields.headers.defaultMode }}"
{% if traefik_access_logs_fields.headers.names is defined %}
names:
{% for header, mode in traefik_access_logs_fields.headers.names.items() %}
"{{ header }}": "{{ mode }}"
{% endfor %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}