Vendor Galaxy Roles and Collections

ansible_collections/debops/debops/roles/netbox/COPYRIGHT

@@ -0,0 +1,20 @@
+debops.netbox - Deploy and manage NetBox, IPAM/DCIM management tool
+
+Copyright (C) 2016-2020 Maciej Delmanowski <drybjed@gmail.com>
+Copyright (C) 2020-2022 Robin Schneider <ypid@riseup.net>
+Copyright (C) 2016-2022 DebOps <https://debops.org/>
+SPDX-License-Identifier: GPL-3.0-only
+
+This Ansible role is part of DebOps.
+
+DebOps is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 3, as
+published by the Free Software Foundation.
+
+DebOps is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with DebOps. If not, see https://www.gnu.org/licenses/.

ansible_collections/debops/debops/roles/netbox/handlers/main.yml

@@ -0,0 +1,31 @@
+---
+# Copyright (C) 2016 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2016 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# A separate handler is needed to ensure the correct order of execution
+- name: Reload systemd daemon (netbox)
+  ansible.builtin.systemd:
+    daemon_reload: True
+  when: ansible_service_mgr == 'systemd'
+
+- name: Restart gunicorn for netbox
+  ansible.builtin.service:
+    name: 'gunicorn@netbox'
+    state: 'restarted'
+  when: (not netbox__app_internal_appserver | bool and
+         ansible_local.gunicorn.installed | d() | bool)
+
+- name: Restart netbox internal appserver
+  ansible.builtin.service:
+    name: 'netbox'
+    state: 'restarted'
+    enabled: True
+  when: netbox__app_internal_appserver | bool
+
+- name: Restart netbox Request Queue Worker
+  ansible.builtin.service:
+    name: 'netbox-rq'
+    state: 'restarted'
+    enabled: True
+  when: netbox__app_internal_appserver | bool

ansible_collections/debops/debops/roles/netbox/meta/main.yml

@@ -0,0 +1,33 @@
+---
+# Copyright (C) 2016 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2016-2022 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Ensure that custom Ansible plugins and modules included in the main DebOps
+# collection are available to roles in other collections.
+collections: [ 'debops.debops' ]
+
+dependencies: []
+
+galaxy_info:
+
+  author: 'Maciej Delmanowski'
+  description: 'Deploy and manage NetBox, IPAM/DCIM management tool'
+  company: 'DebOps'
+  license: 'GPL-3.0-only'
+  min_ansible_version: '2.1.0'
+
+  platforms:
+
+    - name: 'Ubuntu'
+      versions: [ 'all' ]
+
+    - name: 'Debian'
+      versions: [ 'all' ]
+
+  galaxy_tags:
+    - ipam
+    - dcim
+    - django
+    - networking
+    - datacenter

ansible_collections/debops/debops/roles/netbox/meta/watch-netbox

@@ -0,0 +1,10 @@
+# Copyright (C) 2016 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2016,2020-2022 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Role: netbox
+# Package: netbox
+# Version: 4.4.1
+
+version=4
+https://github.com/netbox-community/netbox/tags .*/v?(\d\S+)\.tar\.gz

ansible_collections/debops/debops/roles/netbox/tasks/main.yml

@@ -0,0 +1,369 @@
+---
+# Copyright (C) 2016 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C)      2021 Robin Schneider <ypid@riseup.net>
+# Copyright (C) 2016-2021 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+- name: Import DebOps secret role
+  ansible.builtin.import_role:
+    name: 'secret'
+
+- name: Install required packages
+  ansible.builtin.package:
+    name: '{{ q("flattened", (netbox__base_packages
+                              + netbox__packages)) }}'
+    state: 'present'
+  register: netbox__register_packages
+  until: netbox__register_packages is succeeded
+
+- name: Create NetBox system group
+  ansible.builtin.group:
+    name: '{{ netbox__group }}'
+    state: 'present'
+    system: True
+
+- name: Create NetBox system user
+  ansible.builtin.user:
+    name: '{{ netbox__user }}'
+    group: '{{ netbox__group }}'
+    home: '{{ netbox__home }}'
+    comment: '{{ netbox__gecos }}'
+    shell: '{{ netbox__shell }}'
+    state: 'present'
+    system: True
+    generate_ssh_key: '{{ netbox__napalm_ssh_generate | bool }}'
+    ssh_key_bits: '{{ netbox__napalm_ssh_generate_bits }}'
+
+- name: Create additional directories used by NetBox
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: 'directory'
+    owner: '{{ netbox__user }}'
+    group: '{{ netbox__group }}'
+    mode: '0755'
+  with_items:
+    - '{{ netbox__src }}'
+    - '{{ netbox__lib }}'
+    - '{{ netbox__data }}'
+    - '{{ netbox__config_media_root }}'
+    - '{{ netbox__config_reports_root }}'
+    - '{{ netbox__config_scripts_root }}'
+
+- name: Clone NetBox source code
+  ansible.builtin.git:
+    repo: '{{ netbox__git_repo }}'
+    dest: '{{ netbox__git_dest }}'
+    version: '{{ netbox__git_version }}'
+    bare: True
+    update: True
+    verify_commit: True
+  become: True
+  become_user: '{{ netbox__user }}'
+  register: netbox__register_source
+  until: netbox__register_source is succeeded
+
+- name: Check if NetBox is installed
+  ansible.builtin.stat:
+    path: '{{ netbox__git_checkout }}'
+  register: netbox__register_installed
+
+- name: Check current virtualenv version
+  ansible.builtin.stat:
+    path: '{{ netbox__virtualenv + "/bin/python" }}'
+  register: netbox__register_virtualenv_version
+
+- name: Remove old python2 based virtualenv
+  ansible.builtin.file:
+    path: '{{ netbox__virtualenv }}'
+    state: 'absent'
+  register: netbox__register_virtalenv_deleted
+  when: (netbox__virtualenv_version == '3' and
+         netbox__register_virtualenv_version.stat.lnk_target | d() == 'python2')
+
+- name: Create NetBox checkout directory
+  ansible.builtin.file:
+    path: '{{ netbox__git_checkout }}'
+    state: 'directory'
+    owner: '{{ netbox__user }}'
+    group: '{{ netbox__group }}'
+    mode: '0755'
+
+- name: Prepare NetBox git worktree
+  ansible.builtin.copy:
+    content: 'gitdir: {{ netbox__git_dest }}'
+    dest: '{{ netbox__git_checkout + "/.git" }}'
+    owner: '{{ netbox__user }}'
+    group: '{{ netbox__group }}'
+    mode: '0644'
+
+- name: Get commit hash of target checkout
+  environment:
+    GIT_WORK_TREE: '{{ netbox__git_checkout }}'
+  ansible.builtin.command: git rev-parse {{ netbox__git_version }}  # noqa command-instead-of-module
+  args:
+    chdir: '{{ netbox__git_dest }}'
+  become: True
+  become_user: '{{ netbox__user }}'
+  register: netbox__register_target_branch
+  changed_when: netbox__register_target_branch.stdout != netbox__register_source.before
+
+- name: Checkout NetBox
+  environment:  # noqa no-handler
+    GIT_WORK_TREE: '{{ netbox__git_checkout }}'
+  ansible.builtin.command: git checkout -f {{ netbox__git_version }}  # noqa command-instead-of-module
+  args:
+    chdir: '{{ netbox__git_dest }}'
+  become: True
+  become_user: '{{ netbox__user }}'
+  register: netbox__register_checkout
+  changed_when: netbox__register_checkout.changed | bool
+  until: netbox__register_checkout is succeeded
+  notify: [ 'Restart gunicorn for netbox', 'Restart netbox internal appserver', 'Restart netbox Request Queue Worker' ]
+  when: (netbox__register_source.before is undefined or
+         (netbox__register_source.before | d() and netbox__register_target_branch.stdout | d() and
+          netbox__register_source.before != netbox__register_target_branch.stdout) or
+          not netbox__register_installed.stat.exists | bool or
+          netbox__register_virtalenv_deleted.changed | bool)
+
+- name: Create Python virtualenv for NetBox
+  ansible.builtin.pip:
+    name: [ 'pip', 'setuptools' ]
+    virtualenv: '{{ netbox__virtualenv }}'
+    virtualenv_python: '{{ "python" + netbox__virtualenv_version }}'
+    # This is required due to an issue with setuptools
+    # https://github.com/digitalocean/netbox/issues/864
+    state: 'forcereinstall'
+  become: True
+  become_user: '{{ netbox__user }}'
+  register: netbox__register_virtualenv
+  until: netbox__register_virtualenv is succeeded
+  changed_when: (netbox__register_virtualenv is success and
+                 netbox__register_virtualenv.stdout is search('New python executable in'))
+
+- name: Clean up stale Python bytecode
+  ansible.builtin.command: "find . -name '*.pyc' -delete"  # noqa no-handler
+  args:
+    chdir: '{{ netbox__git_checkout + "/netbox" }}'
+  become: True
+  become_user: '{{ netbox__user }}'
+  register: netbox__register_cleanup
+  changed_when: netbox__register_cleanup.changed | bool
+  when: netbox__register_checkout is changed
+
+- name: Install NetBox requirements in virtualenv
+  ansible.builtin.pip:  # noqa no-handler
+    virtualenv: '{{ netbox__virtualenv }}'
+    requirements: '{{ netbox__git_checkout + "/requirements.txt" }}'
+    extra_args: '--upgrade'
+  register: netbox__register_pip_install
+  until: netbox__register_pip_install is succeeded
+  become: True
+  become_user: '{{ netbox__user }}'
+  notify: [ 'Restart gunicorn for netbox', 'Restart netbox internal appserver', 'Restart netbox Request Queue Worker' ]
+  when: netbox__register_checkout is changed
+
+- name: Install additional Python modules in virtualenv
+  ansible.builtin.pip:  # noqa no-handler
+    name:       '{{ item.name | d(item) }}'
+    version:    '{{ item.version | d(omit) }}'
+    virtualenv: '{{ netbox__virtualenv }}'
+  become: True
+  become_user: '{{ netbox__user }}'
+  loop: '{{ q("flattened", netbox__virtualenv_pip_packages) }}'
+  when: netbox__register_checkout is changed and
+        item.state | d('present') not in ['absent', 'ignore']
+
+- name: Generate NetBox configuration
+  ansible.builtin.template:
+    src: 'usr/local/lib/netbox/configuration.py.j2'
+    dest: '{{ netbox__git_checkout + "/netbox/netbox/configuration.py" }}'
+    owner: '{{ netbox__user }}'
+    group: '{{ netbox__group }}'
+    mode: '0640'
+  notify: [ 'Restart gunicorn for netbox', 'Restart netbox internal appserver', 'Restart netbox Request Queue Worker' ]
+  register: netbox__register_configuration
+  tags: [ 'role::netbox:config' ]
+
+- name: Generate NetBox LDAP configuration
+  ansible.builtin.template:
+    src: 'usr/local/lib/netbox/ldap_config.py.j2'
+    dest: '{{ netbox__git_checkout + "/netbox/netbox/ldap_config.py" }}'
+    owner: '{{ netbox__user }}'
+    group: '{{ netbox__group }}'
+    mode: '0640'
+  notify: [ 'Restart gunicorn for netbox', 'Restart netbox internal appserver', 'Restart netbox Request Queue Worker' ]
+  when: netbox__ldap_enabled | bool
+  tags: [ 'role::netbox:config' ]
+  no_log: '{{ debops__no_log | d(True) }}'
+
+- name: Perform database installation or migration
+  ## Commands from upgrade.sh. We cannot directly run this script as of 3.5
+  ## because it also deals with virtualenv with different directory paths than
+  ## this role.
+  ansible.builtin.shell:  # noqa no-handler
+    cmd: |
+      set -o nounset -o pipefail -o errexit
+      ./manage.py migrate
+      ./manage.py trace_paths --no-input || :
+      (cd .. && mkdocs build)
+      ./manage.py collectstatic --no-input
+      ./manage.py remove_stale_contenttypes --no-input
+      ./manage.py reindex --lazy
+      ./manage.py clearsessions
+    chdir: '{{ netbox__git_checkout + "/netbox" }}'
+    executable: 'bash'
+  environment:
+    VIRTUAL_ENV: '{{ netbox__virtualenv }}'
+    PATH: '{{ netbox__virtualenv_env_path }}'
+  become: True
+  become_user: '{{ netbox__user }}'
+  when: (netbox__register_checkout is changed and
+         netbox__primary | bool)
+  register: netbox__register_migration
+  changed_when: netbox__register_migration.changed | bool
+
+- name: Generate static content
+  ## Since we do not run the manage.py file on secondary sites
+  ## we need to generate those files in an extra task.
+  ansible.builtin.shell:  # noqa no-handler
+    cmd: |
+      set -o nounset -o pipefail -o errexit
+      ./manage.py collectstatic --no-input
+    chdir: '{{ netbox__git_checkout + "/netbox" }}'
+    executable: 'bash'
+  environment:
+    VIRTUAL_ENV: '{{ netbox__virtualenv }}'
+    PATH: '{{ netbox__virtualenv_env_path }}'
+  become: True
+  become_user: '{{ netbox__user }}'
+  when: (netbox__register_checkout is changed and
+         not netbox__primary | bool)
+  register: netbox__register_collectstatic
+  changed_when: not netbox__register_collectstatic.stdout is search('0 static files copied')
+
+- name: Create local session directory
+  ansible.builtin.file:
+    path: '{{ netbox__data + "/sessions" }}'
+    owner: '{{ netbox__user }}'
+    group: '{{ netbox__group }}'
+    mode: '0770'
+    access_time: preserve
+    modification_time: preserve
+    state: directory
+  become: True
+  become_user: '{{ netbox__user }}'
+  when: (not netbox__primary | bool)
+
+- name: Cleanup stale contenttypes and sessions
+  ## Since we do not run the manage.py file on secondary sites
+  ## we need to run the cleanup in an extra task.
+  ansible.builtin.shell:  # noqa no-handler
+    cmd: |
+      set -o nounset -o pipefail -o errexit
+      ./manage.py remove_stale_contenttypes --no-input
+      ./manage.py clearsessions
+    chdir: '{{ netbox__git_checkout + "/netbox" }}'
+    executable: 'bash'
+  environment:
+    VIRTUAL_ENV: '{{ netbox__virtualenv }}'
+    PATH: '{{ netbox__virtualenv_env_path }}'
+  become: True
+  become_user: '{{ netbox__user }}'
+  when: (netbox__register_checkout is changed and
+         not netbox__primary | bool)
+  changed_when: false
+
+- name: Create Django superuser account
+  community.general.django_manage:
+    command: 'createsuperuser --noinput --username={{ netbox__superuser_name }} --email={{ netbox__superuser_email }}'
+    app_path: '{{ netbox__git_checkout + "/netbox" }}'
+    virtualenv: '{{ netbox__virtualenv }}'
+  environment:
+    DJANGO_SUPERUSER_PASSWORD: '{{ netbox__superuser_password }}'
+  become: True
+  become_user: '{{ netbox__user }}'
+  register: netbox__register_django_superuser
+  failed_when: ('error' in netbox__register_django_superuser.out.lower() and
+                'that username is already taken.' not in netbox__register_django_superuser.out.lower())
+  when: (netbox__primary | bool and
+         not netbox__register_installed.stat.exists | bool and
+         not netbox__register_migration.stdout is search('No migrations to apply.'))
+  no_log: '{{ debops__no_log | d(True) }}'
+
+- name: Generate systemd service unit
+  ansible.builtin.template:
+    src: 'etc/systemd/system/netbox.service.j2'
+    dest: '/etc/systemd/system/netbox.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  notify:
+    - 'Reload systemd daemon (netbox)'
+    - 'Restart gunicorn for netbox'
+    - 'Restart netbox internal appserver'
+  when: netbox__app_internal_appserver | bool
+
+- name: Generate NetBox RQ systemd service unit
+  ansible.builtin.template:
+    src: 'etc/systemd/system/netbox-rq.service.j2'
+    dest: '/etc/systemd/system/netbox-rq.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  notify:
+    - 'Reload systemd daemon (netbox)'
+    - 'Restart netbox Request Queue Worker'
+  when: netbox__app_internal_appserver | bool
+
+- name: Generate systemd NetBox Housekeeping service unit
+  ansible.builtin.template:
+    src: 'etc/systemd/system/netbox-housekeeping.service.j2'
+    dest: '/etc/systemd/system/netbox-housekeeping.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  notify:
+    - 'Reload systemd daemon (netbox)'
+
+- name: Generate systemd NetBox Housekeeping timer unit
+  ansible.builtin.template:
+    src: 'etc/systemd/system/netbox-housekeeping.timer.j2'
+    dest: '/etc/systemd/system/netbox-housekeeping.timer'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  notify:
+    - 'Reload systemd daemon (netbox)'
+
+- name: Enable systemd NetBox Housekeeping timer
+  ansible.builtin.systemd:
+    daemon_reload: True
+    name: 'netbox-housekeeping.timer'
+    enabled: True
+    state: 'started'
+  when: ansible_service_mgr == 'systemd' and not ansible_check_mode
+
+- name: Generate NetBox netbox-manage script
+  ansible.builtin.template:
+    src: 'usr/local/bin/netbox-manage.j2'
+    dest: '{{ netbox__bin + "/netbox-manage" }}'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+
+- name: Make sure that Ansible local facts directory exists
+  ansible.builtin.file:
+    path: '/etc/ansible/facts.d'
+    state: 'directory'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+
+- name: Save NetBox local facts
+  ansible.builtin.template:
+    src: 'etc/ansible/facts.d/netbox.fact.j2'
+    dest: '/etc/ansible/facts.d/netbox.fact'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+  tags: [ 'meta::facts' ]

ansible_collections/debops/debops/roles/netbox/templates/etc/ansible/facts.d/netbox.fact.j2

@@ -0,0 +1,16 @@
+#!{{ ansible_python['executable'] }}
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2016 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2016 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# {{ ansible_managed }}
+
+from __future__ import print_function
+from json import dumps
+from sys import exit
+
+output = {'installed': True}
+
+print(dumps(output, sort_keys=True, indent=4))

ansible_collections/debops/debops/roles/netbox/templates/etc/systemd/system/netbox-housekeeping.service.j2

@@ -0,0 +1,27 @@
+{# Copyright (C) 2023 Robin Schneider <ypid@riseup.net>
+ # Copyright (C) 2023 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+# {{ ansible_managed }}
+
+[Unit]
+Description=NetBox Housekeeping Service
+Documentation=https://docs.netbox.dev/
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+
+User={{ netbox__user }}
+Group={{ netbox__group }}
+WorkingDirectory={{ netbox__git_checkout + "/netbox" }}
+
+ExecStart={{ netbox__virtualenv }}/bin/python3 {{ netbox__git_checkout + "/netbox/manage.py housekeeping" }}
+
+Restart=on-failure
+RestartSec=30
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target

ansible_collections/debops/debops/roles/netbox/templates/etc/systemd/system/netbox-housekeeping.timer.j2

@@ -0,0 +1,19 @@
+{# Copyright (C) 2023 Robin Schneider <ypid@riseup.net>
+ # Copyright (C) 2023 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+# {{ ansible_managed }}
+
+[Unit]
+Description=NetBox Housekeeping Timer
+Documentation=https://docs.netbox.dev/
+After=network-online.target
+Wants=network-online.target
+
+[Timer]
+OnCalendar=daily
+AccuracySec=1h
+Persistent=true
+
+[Install]
+WantedBy=multi-user.target

ansible_collections/debops/debops/roles/netbox/templates/etc/systemd/system/netbox-rq.service.j2

@@ -0,0 +1,27 @@
+{# Copyright (C) 2020 Robin Schneider <ypid@riseup.net>
+ # Copyright (C) 2020 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+# {{ ansible_managed }}
+
+[Unit]
+Description=NetBox Request Queue Worker
+Documentation=https://netbox.readthedocs.io/en/stable/
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+
+User={{ netbox__user }}
+Group={{ netbox__group }}
+WorkingDirectory={{ netbox__git_checkout + "/netbox" }}
+
+ExecStart={{ netbox__virtualenv }}/bin/python3 {{ netbox__git_checkout + "/netbox/manage.py rqworker" }}
+
+Restart=on-failure
+RestartSec=30
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target

ansible_collections/debops/debops/roles/netbox/templates/etc/systemd/system/netbox.service.j2

@@ -0,0 +1,21 @@
+{# Copyright (C) 2016 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2016 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+# {{ ansible_managed }}
+
+[Unit]
+Description=NetBox
+Documentation=https://netbox.readthedocs.io/en/latest/
+After=network.target
+
+[Service]
+User={{ netbox__user }}
+Group={{ netbox__group }}
+RuntimeDirectory={{ netbox__app_runtime_dir }}
+RuntimeDirectoryMode=0755
+WorkingDirectory={{ netbox__git_checkout + "/netbox" }}
+ExecStart={{ netbox__virtualenv }}/bin/gunicorn {{ netbox__app_params | join(' ') }}
+
+[Install]
+WantedBy=multi-user.target

ansible_collections/debops/debops/roles/netbox/templates/lookup/netbox__config_admins.j2

@@ -0,0 +1,9 @@
+{# Copyright (C) 2016 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2016 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+{% if (ansible_local.core.admin_private_email | d()) %}
+{%   for address in ansible_local.core.admin_private_email %}
+- [ '{{ address.split("@") | first }}', '{{ address }}' ]
+{%   endfor %}
+{% endif %}

ansible_collections/debops/debops/roles/netbox/templates/usr/local/bin/netbox-manage.j2

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+# Copyright (C) 2021 Robin Schneider <ypid@riseup.net>
+# Copyright (C) 2021 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Activate virtualenv and run `manage.py` as NetBox user.
+
+# {{ ansible_managed }}
+
+set -o nounset -o pipefail -o errexit
+
+sudo -u "{{ netbox__user }}" bash -c '
+	source "{{ netbox__virtualenv }}/bin/activate"
+	"{{ netbox__git_checkout }}/netbox/manage.py" "$@"
+' "inline_script_name" "$@"

ansible_collections/debops/debops/roles/netbox/templates/usr/local/lib/netbox/configuration.py.j2

@@ -0,0 +1,315 @@
+{# Copyright (C) 2016 Jeremy Stretch <stretch@packetlife.net>
+ # Copyright (C) 2016 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2023 Robin Schneider <ypid@riseup.net>
+ # Copyright (C) 2016,2023 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: Apache-2.0
+ #}
+# {{ ansible_managed }}
+# -*- coding: utf-8 -*-
+# vim: foldmarker=[[[,]]]:foldmethod=marker
+
+import json
+
+# NetBox required settings [[[1
+#########################
+#                       #
+#   Required settings   #
+#                       #
+#########################
+
+# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
+# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
+#
+# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
+ALLOWED_HOSTS = [ '{{ ( [ netbox__config_allowed_hosts ] if netbox__config_allowed_hosts is string else netbox__config_allowed_hosts) | join("', '") }}' ]
+
+# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
+#   https://docs.djangoproject.com/en/stable/ref/settings/#databases
+DATABASE = {
+    'ENGINE': 'django.db.backends.postgresql',     # Database engine
+    'NAME': '{{ netbox__database_name }}',         # Database name
+    'USER': '{{ netbox__database_user }}',         # PostgreSQL username
+    'PASSWORD': '{{ netbox__database_password }}', # PostgreSQL password
+    'HOST': '{{ netbox__database_host }}',         # Database server
+    'PORT': '{{ netbox__database_port }}',         # Database port (leave blank for default)
+    'CONN_MAX_AGE': 300,                           # Max database connection age
+}
+
+# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
+# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
+# to use two separate database IDs.
+REDIS = {
+    'tasks': {
+        'HOST': '{{ netbox__redis_host }}',
+        'PORT': {{ netbox__redis_port }},
+        # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
+        # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
+        # 'SENTINEL_SERVICE': 'netbox',
+        'USERNAME': '',
+        'PASSWORD': '{{ netbox__redis_password }}',
+        'DATABASE': {{ netbox__redis_database }},
+        'SSL': {{ netbox__redis_ssl }},
+        # Set this to True to skip TLS certificate verification
+        # This can expose the connection to attacks, be careful
+        # 'INSECURE_SKIP_TLS_VERIFY': False,
+        # Set a path to a certificate authority, typically used with a self signed certificate.
+        # 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
+    },
+    'caching': {
+        'HOST': '{{ netbox__redis_host }}',
+        'PORT': {{ netbox__redis_port }},
+        # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
+        # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
+        # 'SENTINEL_SERVICE': 'netbox',
+        'USERNAME': '',
+        'PASSWORD': '{{ netbox__redis_password }}',
+        'DATABASE': {{ netbox__redis_cache_database }},
+        'SSL': {{ netbox__redis_ssl }},
+        # Set this to True to skip TLS certificate verification
+        # This can expose the connection to attacks, be careful
+        # 'INSECURE_SKIP_TLS_VERIFY': False,
+        # Set a path to a certificate authority, typically used with a self signed certificate.
+        # 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
+    }
+}
+
+# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
+# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
+# symbols. NetBox will not run without this defined. For more information, see
+# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
+SECRET_KEY = '{{ netbox__config_secret_key }}'
+
+# NetBox optional settings [[[1
+#########################
+#                       #
+#   Optional settings   #
+#                       #
+#########################
+
+# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
+# application errors (assuming correct email settings are provided).
+ADMINS = [
+    # ['John Doe', 'jdoe@example.com'],
+{% if netbox__config_admins %}
+{%   for element in netbox__config_admins %}
+    [ '{{ element[0] }}', '{{ element[1] }}' ],
+{%   endfor %}
+{% endif %}
+]
+
+# Permit the retrieval of API tokens after their creation.
+ALLOW_TOKEN_RETRIEVAL = False
+
+# Enable any desired validators for local account passwords below. For a list of included validators, please see the
+# Django documentation at https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation.
+AUTH_PASSWORD_VALIDATORS = [
+    # {
+    #     'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    #     'OPTIONS': {
+    #         'min_length': 10,
+    #     }
+    # },
+]
+
+# Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set:
+# BASE_PATH = 'netbox/'
+BASE_PATH = '{{ netbox__config_base_path }}'
+
+# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
+# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
+# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
+CORS_ORIGIN_ALLOW_ALL = {{ netbox__config_cors_origin_allow_all | bool }}
+CORS_ORIGIN_WHITELIST = [
+    # 'https://hostname.example.com',
+{% if netbox__config_cors_origin_whitelist %}
+{%   for element in netbox__config_cors_origin_whitelist %}
+    '{{ element }}',
+{%   endfor %}
+{% endif %}
+]
+CORS_ORIGIN_REGEX_WHITELIST = [
+    # r'^(https?://)?(\w+\.)?example\.com$',
+{% if netbox__config_cors_origin_regex_whitelist %}
+{%   for element in netbox__config_cors_origin_regex_whitelist %}
+    '{{ element }}',
+{%   endfor %}
+{% endif %}
+]
+
+# The name to use for the CSRF token cookie.
+CSRF_COOKIE_NAME = 'csrftoken'
+
+# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
+# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
+# on a production system.
+DEBUG = False
+
+# Set the default preferred language/locale
+DEFAULT_LANGUAGE = '{{ netbox__config_default_language }}'
+
+# Email settings
+EMAIL = {
+    'SERVER': '{{ netbox__config_email_server }}',
+    'PORT': {{ netbox__config_email_port }},
+    'USERNAME': '{{ netbox__config_email_username }}',
+    'PASSWORD': '{{ netbox__config_email_password }}',
+    'USE_TLS': {{ netbox__config_email_use_tls | bool }},
+    'TIMEOUT': {{ netbox__config_email_timeout }},  # seconds
+    'FROM_EMAIL': '{{ netbox__config_email_from }}',
+}
+
+# Localization
+# This should only be enabled for development or testing purposes as netbox is not yet fully localized.
+ENABLE_LOCALIZATION = False
+
+# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
+# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
+EXEMPT_VIEW_PERMISSIONS = [
+    # 'dcim.site',
+    # 'dcim.region',
+    # 'ipam.prefix',
+{% for element in netbox__config_exempt_view_permissions %}
+    '{{ element }}',
+{% endfor %}
+]
+
+# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
+# HTTP_PROXIES = {
+#     'http': 'http://10.10.1.10:3128',
+#     'https': 'http://10.10.1.10:1080',
+# }
+
+# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
+# NetBox from an internal IP.
+INTERNAL_IPS = ('127.0.0.1', '::1')
+
+# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
+#   https://docs.djangoproject.com/en/stable/topics/logging/
+LOGGING = json.loads('''{{ netbox__config_logging | to_nice_json }}''')
+
+# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
+# authenticated to NetBox indefinitely.
+LOGIN_PERSISTENCE = False
+
+# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
+# are permitted to access most data in NetBox but not make any changes.
+LOGIN_REQUIRED = {{ netbox__config_login_required | bool }}
+
+# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
+# re-authenticate. (Default: 1209600 [14 days])
+LOGIN_TIMEOUT = {{ netbox__config_login_timeout }}
+
+# The view name or URL to which users are redirected after logging out.
+LOGOUT_REDIRECT_URL = 'home'
+
+# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
+# the default value of this setting is derived from the installed location.
+MEDIA_ROOT = '{{ netbox__config_media_root }}'
+
+# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
+# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
+# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
+# STORAGE_CONFIG = {
+#     'AWS_ACCESS_KEY_ID': 'Key ID',
+#     'AWS_SECRET_ACCESS_KEY': 'Secret',
+#     'AWS_STORAGE_BUCKET_NAME': 'netbox',
+#     'AWS_S3_REGION_NAME': 'eu-west-1',
+# }
+
+# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
+METRICS_ENABLED = {{ netbox__config_metrics_enabled }}
+
+# Enable installed plugins. Add the name of each plugin to the list.
+PLUGINS = json.loads('''{{ netbox__config_plugins | to_nice_json }}''')
+
+# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
+# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
+PLUGINS_CONFIG = json.loads('''{{ netbox__config_plugins_config | to_nice_json }}''')
+
+# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
+# prefer IPv4 instead.
+PREFER_IPV4 = {{ netbox__config_prefer_ipv4 | bool }}
+
+# Remote authentication support
+REMOTE_AUTH_ENABLED = {{ netbox__ldap_enabled | bool }}
+{% if netbox__ldap_enabled | bool -%}
+REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'
+REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
+REMOTE_AUTH_USER_FIRST_NAME = 'HTTP_REMOTE_USER_FIRST_NAME'
+REMOTE_AUTH_USER_LAST_NAME = 'HTTP_REMOTE_USER_LAST_NAME'
+REMOTE_AUTH_USER_EMAIL = 'HTTP_REMOTE_USER_EMAIL'
+REMOTE_AUTH_AUTO_CREATE_USER = True
+REMOTE_AUTH_DEFAULT_GROUPS = []
+REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
+{% endif %}
+
+# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
+# this setting is derived from the installed location.
+REPORTS_ROOT = '{{ netbox__config_reports_root }}'
+
+# Maximum execution time for background tasks, in seconds.
+RQ_DEFAULT_TIMEOUT = 300
+
+# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
+# this setting is derived from the installed location.
+SCRIPTS_ROOT = '{{ netbox__config_scripts_root }}'
+
+# The name to use for the session cookie.
+SESSION_COOKIE_NAME = 'sessionid'
+
+# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
+# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
+# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
+SESSION_FILE_PATH = '{{ netbox__config_session_file_path }}'
+
+# Time zone (default: UTC)
+TIME_ZONE = '{{ netbox__config_time_zone }}'
+
+# Date/time formatting. See the following link for supported formats:
+# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
+DATE_FORMAT = '{{ netbox__config_date_format }}'
+SHORT_DATE_FORMAT = '{{ netbox__config_short_date_format }}'
+TIME_FORMAT = '{{ netbox__config_time_format }}'
+SHORT_TIME_FORMAT = '{{ netbox__config_short_time_format }}'
+DATETIME_FORMAT = '{{ netbox__config_datetime_format }}'
+SHORT_DATETIME_FORMAT = '{{ netbox__config_short_datetime_format }}'
+
+# DebOps settings that are not in the configuration_example.py file [[[1
+
+CENSUS_REPORTING_ENABLED = {{ netbox__config_census_reporting | bool }}
+
+# Dynamic Configuration Parameters [[[1
+
+# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
+# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
+BANNER_TOP = '{{ netbox__config_banner_top }}'
+BANNER_BOTTOM = '{{ netbox__config_banner_bottom }}'
+
+# Text to include on the login page above the login form. HTML is allowed.
+BANNER_LOGIN = '{{ netbox__config_banner_login }}'
+
+# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
+CHANGELOG_RETENTION = {{ netbox__config_changelog_retention }}
+
+# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
+# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
+ENFORCE_GLOBAL_UNIQUE = {{ netbox__config_enforce_global_unique | bool }}
+
+# Setting this to True will display a "maintenance mode" banner at the top of every page.
+MAINTENANCE_MODE = {{ netbox__config_maintenance_mode | bool }}
+
+# The URL to use when mapping physical addresses or GPS coordinates.
+MAPS_URL = '{{ netbox__config_maps_url }}'
+
+# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
+# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
+# all objects by specifying "?limit=0".
+MAX_PAGE_SIZE = {{ netbox__config_max_page_size }}
+
+# Determine how many objects to display per page within a list. (Default: 50)
+PAGINATE_COUNT = {{ netbox__config_paginate_count }}
+{% if netbox__config_custom != '' %}
+
+# DebOps netbox__config_custom settings [[[1
+{{ netbox__config_custom }}
+{% endif %}

ansible_collections/debops/debops/roles/netbox/templates/usr/local/lib/netbox/ldap_config.py.j2

@@ -0,0 +1,90 @@
+{# Copyright (C) 2022 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2022 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: Apache-2.0
+ #}
+# {{ ansible_managed }}
+# -*- coding: utf-8 -*-
+
+from importlib import import_module
+from os import environ
+
+import ldap
+from django_auth_ldap.config import LDAPSearch
+
+
+# Import and return the group type based on string name
+def _import_group_type(group_type_name):
+    mod = import_module('django_auth_ldap.config')
+    try:
+        return getattr(mod, group_type_name)()
+    except:
+        return None
+
+# Server URI
+AUTH_LDAP_SERVER_URI = '{{ netbox__ldap_server_uri }}'
+
+# The following may be needed if you are binding to Active Directory.
+AUTH_LDAP_CONNECTION_OPTIONS = {
+    ldap.OPT_REFERRALS: 0
+}
+
+# Set the DN and password for the NetBox service account.
+AUTH_LDAP_BIND_DN = '{{ netbox__ldap_binddn }}'
+AUTH_LDAP_BIND_PASSWORD = '{{ netbox__ldap_bindpw }}'
+
+# Set a string template that describes any user’s distinguished name based on the username.
+AUTH_LDAP_USER_DN_TEMPLATE = None
+
+# Enable STARTTLS for ldap authentication.
+AUTH_LDAP_START_TLS = {{ netbox__ldap_start_tls }}
+
+# Uncomment this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
+# Note that this is a NetBox-specific setting which sets:
+#     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+#LDAP_IGNORE_CERT_ERRORS = True
+
+AUTH_LDAP_USER_SEARCH_BASEDN = '{{ netbox__ldap_base_dn | join(",") }}'
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    AUTH_LDAP_USER_SEARCH_BASEDN,
+    ldap.SCOPE_SUBTREE,
+    "{{ netbox__ldap_user_filter }}"
+)
+
+# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
+# hierarchy.
+AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '')
+AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group')
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE,
+                                    "(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")")
+AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
+
+# Define a group required to login.
+{% if netbox__ldap_group_authentication_enabled | bool %}
+AUTH_LDAP_REQUIRE_GROUP = '{{ netbox__ldap_user_group_dn | join(",") }}'
+{% else %}
+AUTH_LDAP_REQUIRE_GROUP = None
+{% endif %}
+
+# Define special user types using groups. Exercise great caution when assigning superuser status.
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {}
+
+if AUTH_LDAP_REQUIRE_GROUP is not None:
+    AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+        "is_active": '{{ netbox__ldap_user_active_group_dn | join(",") }}',
+        "is_staff": '{{ netbox__ldap_user_staff_group_dn | join(",") }}',
+        "is_superuser": '{{ netbox__ldap_user_admin_group_dn | join(",") }}'
+    }
+
+# For more granular permissions, we can map LDAP groups to Django groups.
+AUTH_LDAP_FIND_GROUP_PERMS = environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true'
+AUTH_LDAP_MIRROR_GROUPS = environ.get('AUTH_LDAP_MIRROR_GROUPS', '').lower() == 'true'
+
+# Cache groups for one hour to reduce LDAP traffic
+AUTH_LDAP_CACHE_TIMEOUT = int(environ.get('AUTH_LDAP_CACHE_TIMEOUT', 3600))
+
+# Populate the Django user from the LDAP directory.
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": environ.get('AUTH_LDAP_ATTR_FIRSTNAME', 'givenName'),
+    "last_name": environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'),
+    "email": environ.get('AUTH_LDAP_ATTR_MAIL', 'mailAddress')
+}