174 lines
4.8 KiB
YAML
174 lines
4.8 KiB
YAML
---
|
|
# Group variables for NetBox deployment
|
|
# These variables apply to all hosts in the netbox group
|
|
|
|
# System Update Configuration
|
|
system_update_reboot_if_needed: false
|
|
system_update_autoremove: true
|
|
|
|
# Docker Configuration
|
|
docker_users:
|
|
- "{{ ansible_user }}"
|
|
docker_daemon_config:
|
|
log-driver: "json-file"
|
|
log-opts:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
# NetBox Configuration
|
|
netbox_install_dir: "/opt/netbox-docker"
|
|
netbox_backup_dir: "/opt/netbox-backups"
|
|
netbox_data_dir: "/opt/netbox-data"
|
|
netbox_repo_url: "https://github.com/netbox-community/netbox-docker.git"
|
|
netbox_repo_branch: "release"
|
|
netbox_repo_update: true
|
|
|
|
# Database Configuration
|
|
netbox_db_host: "postgres"
|
|
netbox_db_name: "netbox"
|
|
netbox_db_user: "netbox"
|
|
netbox_db_password: "{{ vault_netbox_db_password }}"
|
|
netbox_db_port: "5432"
|
|
|
|
# Redis Configuration
|
|
netbox_redis_host: "redis"
|
|
netbox_redis_port: "6379"
|
|
netbox_redis_password: "{{ vault_netbox_redis_password }}"
|
|
|
|
# Redis Cache Configuration
|
|
netbox_redis_cache_host: "redis-cache"
|
|
netbox_redis_cache_port: "6379"
|
|
netbox_redis_cache_password: "{{ vault_netbox_redis_cache_password | default('') }}"
|
|
|
|
# NetBox Settings
|
|
netbox_allowed_hosts: "*"
|
|
netbox_time_zone: "UTC"
|
|
netbox_language_code: "en"
|
|
netbox_debug: false
|
|
netbox_log_level: "INFO"
|
|
netbox_secret_key: "{{ vault_netbox_secret_key | default('') }}"
|
|
|
|
# Superuser Configuration
|
|
netbox_superuser_name: "admin"
|
|
netbox_superuser_email: "admin@{{ ansible_domain | default('example.com') }}"
|
|
netbox_superuser_password: "{{ vault_netbox_superuser_password | default('admin') }}"
|
|
|
|
netbox_additional_env:
|
|
DB_WAIT_DEBUG: 1
|
|
CORS_ORIGIN_ALLOW_ALL: True
|
|
EMAIL_FROM: "netbox@jeansburger.net"
|
|
EMAIL_PASSWORD: "{{ vault_netbox_email_password | default('') }}"
|
|
EMAIL_PORT: 587
|
|
EMAIL_SERVER: "smtp.postmarkapp.com"
|
|
EMAIL_TIMEOUT: 5
|
|
EMAIL_USERNAME: "{{ vault_netbox_email_username | default('') }}"
|
|
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
|
|
EMAIL_USE_SSL: False
|
|
EMAIL_USE_TLS: True
|
|
GRAPHQL_ENABLED: True
|
|
MEDIA_ROOT: "/opt/netbox/netbox/media"
|
|
METRICS_ENABLED: True
|
|
RELEASE_CHECK_URL: "https://api.github.com/repos/netbox-community/netbox/releases"
|
|
SECRET_KEY: "{{ vault_netbox_secret_key | default('') }}"
|
|
SKIP_SUPERUSER: True
|
|
WEBHOOKS_ENABLED: True
|
|
|
|
# Domain Configuration
|
|
netbox_domain: "{{ vault_netbox_domain | default('netbox.example.com') }}"
|
|
traefik_domain: "{{ vault_netbox_domain | default('traefik.example.com') }}"
|
|
|
|
# Traefik Configuration
|
|
traefik_install_dir: "/opt/traefik"
|
|
traefik_data_dir: "/opt/traefik-data"
|
|
traefik_config_dir: "/opt/traefik-config"
|
|
traefik_image: "traefik:v3.0"
|
|
traefik_dashboard_enabled: true
|
|
traefik_dashboard_port: 8080
|
|
traefik_api_insecure: false
|
|
traefik_api_dashboard: true
|
|
|
|
# ACME Configuration
|
|
traefik_acme_enabled: true
|
|
traefik_acme_email: "{{ vault_traefik_acme_email | default('admin@example.com') }}"
|
|
traefik_acme_ca_server: "{{ vault_traefik_acme_ca_server }}"
|
|
traefik_acme_storage: "/data/acme.json"
|
|
traefik_acme_key_type: "RSA4096"
|
|
|
|
# Traefik Entry Points
|
|
traefik_entrypoints:
|
|
web:
|
|
address: ":80"
|
|
http:
|
|
redirections:
|
|
- entrypoint:
|
|
to: "websecure"
|
|
scheme: "https"
|
|
permanent: true
|
|
websecure:
|
|
address: ":443"
|
|
http:
|
|
tls:
|
|
certResolver: "letsencrypt"
|
|
|
|
# Traefik Providers
|
|
traefik_providers:
|
|
docker:
|
|
endpoint: "unix:///var/run/docker.sock"
|
|
exposedByDefault: false
|
|
network: "traefik"
|
|
|
|
# Traefik Networks
|
|
traefik_networks:
|
|
- name: "traefik"
|
|
external: true
|
|
|
|
# Traefik Logging
|
|
traefik_log_level: "INFO"
|
|
traefik_access_logs: false
|
|
|
|
# Custom Root CA Configuration
|
|
traefik_custom_ca_enabled: true
|
|
traefik_custom_ca_url: "{{ vault_traefik_custom_ca_url }}"
|
|
traefik_custom_ca_path: "/etc/traefik/custom-ca.pem"
|
|
traefik_custom_ca_server_name: "jeansburger-ca.lan"
|
|
traefik_custom_ca_verify_ssl: false
|
|
|
|
# Docker Compose Overrides
|
|
netbox_docker_compose_overrides:
|
|
services:
|
|
netbox:
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.netbox.rule=Host(`{{ netbox_domain }}`)"
|
|
- "traefik.http.routers.netbox.tls.certresolver=letsencrypt"
|
|
- "traefik.http.services.netbox.loadbalancer.server.port=8080"
|
|
networks:
|
|
- "traefik"
|
|
- "netbox"
|
|
netbox-worker:
|
|
restart: unless-stopped
|
|
networks:
|
|
- "netbox"
|
|
postgres:
|
|
restart: unless-stopped
|
|
networks:
|
|
- "netbox"
|
|
volumes:
|
|
- "{{ netbox_data_dir }}/postgres:/var/lib/postgresql/data"
|
|
redis:
|
|
restart: unless-stopped
|
|
networks:
|
|
- "netbox"
|
|
volumes:
|
|
- "{{ netbox_data_dir }}/redis:/data"
|
|
redis-cache:
|
|
restart: unless-stopped
|
|
networks:
|
|
- "netbox"
|
|
volumes:
|
|
- "{{ netbox_data_dir }}/redis-cache:/data"
|
|
networks:
|
|
traefik:
|
|
external: true
|
|
netbox: {}
|