diff options
Diffstat (limited to 'netbox/config-patch2.diff')
-rw-r--r-- | netbox/config-patch2.diff | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/netbox/config-patch2.diff b/netbox/config-patch2.diff new file mode 100644 index 0000000..5983cc1 --- /dev/null +++ b/netbox/config-patch2.diff | |||
@@ -0,0 +1,89 @@ | |||
1 | --- a/opt/netbox/netbox/netbox/configuration.py | ||
2 | +++ b/opt/netbox/netbox/netbox/configuration.py | ||
3 | @@ -4,21 +4,35 @@ | ||
4 | # # | ||
5 | ######################### | ||
6 | |||
7 | +import os | ||
8 | +from django.contrib.vault_client import SimpleVaultClient | ||
9 | + | ||
10 | + | ||
11 | +def _is_affirmative(value): | ||
12 | + value = "" if not value else value | ||
13 | + return value.lower() in ["yes", "true", "on", "1"] | ||
14 | + | ||
15 | + | ||
16 | # This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write | ||
17 | # access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. | ||
18 | # | ||
19 | # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] | ||
20 | -ALLOWED_HOSTS = [] | ||
21 | +ALLOWED_HOSTS = ['*'] | ||
22 | |||
23 | # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters: | ||
24 | # https://docs.djangoproject.com/en/stable/ref/settings/#databases | ||
25 | +port = os.getenv("NETBOX_DB_PORT") | ||
26 | DATABASE = { | ||
27 | - 'NAME': 'netbox', # Database name | ||
28 | - 'USER': '', # PostgreSQL username | ||
29 | - 'PASSWORD': '', # PostgreSQL password | ||
30 | - 'HOST': 'localhost', # Database server | ||
31 | - 'PORT': '', # Database port (leave blank for default) | ||
32 | - 'CONN_MAX_AGE': 300, # Max database connection age | ||
33 | + 'NAME': os.getenv("NETBOX_DB_NAME"), | ||
34 | + 'HOST': os.getenv("NETBOX_DB_HOST"), | ||
35 | + 'PORT': int(port) if port else "", | ||
36 | + 'CONN_MAX_AGE': 300, | ||
37 | + "VAULT_SKIP_VERIFY": os.getenv("VAULT_SKIP_VERIFY"), | ||
38 | + "VAULT_ADDR": os.getenv("VAULT_ADDR"), | ||
39 | + "VAULT_TOKEN": os.getenv("VAULT_TOKEN"), | ||
40 | + "VAULT_DB_ROLE_NAME": os.getenv("VAULT_DB_ROLE_NAME"), | ||
41 | + "VAULT_ROLE_ID": os.getenv("VAULT_ROLE_ID"), | ||
42 | + "VAULT_SECRET_ID": os.getenv("VAULT_SECRET_ID"), | ||
43 | } | ||
44 | |||
45 | # Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate | ||
46 | @@ -26,23 +40,23 @@ | ||
47 | # to use two separate database IDs. | ||
48 | REDIS = { | ||
49 | 'tasks': { | ||
50 | - 'HOST': 'localhost', | ||
51 | + 'HOST': os.getenv("NETBOX_REDIS_HOST"), | ||
52 | 'PORT': 6379, | ||
53 | # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel | ||
54 | # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], | ||
55 | # 'SENTINEL_SERVICE': 'netbox', | ||
56 | 'PASSWORD': '', | ||
57 | - 'DATABASE': 0, | ||
58 | + 'DATABASE': int(os.getenv("NETBOX_REDIS_TASK_DB")), | ||
59 | 'SSL': False, | ||
60 | }, | ||
61 | 'caching': { | ||
62 | - 'HOST': 'localhost', | ||
63 | + 'HOST': os.getenv("NETBOX_REDIS_HOST"), | ||
64 | 'PORT': 6379, | ||
65 | # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel | ||
66 | # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], | ||
67 | # 'SENTINEL_SERVICE': 'netbox', | ||
68 | 'PASSWORD': '', | ||
69 | - 'DATABASE': 1, | ||
70 | + 'DATABASE': int(os.getenv("NETBOX_REDIS_CACHE_DB")), | ||
71 | 'SSL': False, | ||
72 | } | ||
73 | } | ||
74 | @@ -51,7 +65,14 @@ | ||
75 | # For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and | ||
76 | # symbols. NetBox will not run without this defined. For more information, see | ||
77 | # https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY | ||
78 | -SECRET_KEY = '' | ||
79 | +vc = SimpleVaultClient( | ||
80 | + os.getenv("VAULT_ADDR"), | ||
81 | + os.getenv("VAULT_ROLE_ID"), | ||
82 | + os.getenv("VAULT_SECRET_ID"), | ||
83 | + ssl_verify=not _is_affirmative(os.getenv("VAULT_SKIP_VERIFY")) | ||
84 | +) | ||
85 | +SECRET_KEY = vc.get_kv_secret(os.getenv("NETBOX_VAULT_SECRET_NAME"), "key") | ||
86 | +del vc | ||
87 | |||
88 | |||
89 | ######################### | ||