1 files changed, 89 insertions, 0 deletions
diff --git a/netbox/config-patch2.diff b/netbox/config-patch2.diff
new file mode 100644
index 0000000..5983cc1
--- /dev/null
+++ b/netbox/config-patch2.diff
@@ -0,0 +1,89 @@
+--- a/opt/netbox/netbox/netbox/configuration.py
+++ b/opt/netbox/netbox/netbox/configuration.py
+@@ -4,21 +4,35 @@
+ #                       #
+ #########################
+ 
+import os
+from django.contrib.vault_client import SimpleVaultClient
+
+
+def _is_affirmative(value):
+    value = "" if not value else value
+    return value.lower() in ["yes", "true", "on", "1"]
+
+
+ # This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
+ # access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
+ #
+ # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
+-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ['*']
+ 
+ # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
+ #   https://docs.djangoproject.com/en/stable/ref/settings/#databases
+port = os.getenv("NETBOX_DB_PORT")
+ DATABASE = {
+-    'NAME': 'netbox',         # Database name
+-    'USER': '',               # PostgreSQL username
+-    'PASSWORD': '',           # PostgreSQL password
+-    'HOST': 'localhost',      # Database server
+-    'PORT': '',               # Database port (leave blank for default)
+-    'CONN_MAX_AGE': 300,      # Max database connection age
+    'NAME': os.getenv("NETBOX_DB_NAME"),
+    'HOST': os.getenv("NETBOX_DB_HOST"),
+    'PORT': int(port) if port else "",
+    'CONN_MAX_AGE': 300,
+    "VAULT_SKIP_VERIFY": os.getenv("VAULT_SKIP_VERIFY"),
+    "VAULT_ADDR": os.getenv("VAULT_ADDR"),
+    "VAULT_TOKEN": os.getenv("VAULT_TOKEN"),
+    "VAULT_DB_ROLE_NAME": os.getenv("VAULT_DB_ROLE_NAME"),
+    "VAULT_ROLE_ID": os.getenv("VAULT_ROLE_ID"),
+    "VAULT_SECRET_ID": os.getenv("VAULT_SECRET_ID"),
+ }
+ 
+ # Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
+@@ -26,23 +40,23 @@
+ # to use two separate database IDs.
+ REDIS = {
+     'tasks': {
+-        'HOST': 'localhost',
+        'HOST': os.getenv("NETBOX_REDIS_HOST"),
+         'PORT': 6379,
+         # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
+         # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
+         # 'SENTINEL_SERVICE': 'netbox',
+         'PASSWORD': '',
+-        'DATABASE': 0,
+        'DATABASE': int(os.getenv("NETBOX_REDIS_TASK_DB")),
+         'SSL': False,
+     },
+     'caching': {
+-        'HOST': 'localhost',
+        'HOST': os.getenv("NETBOX_REDIS_HOST"),
+         'PORT': 6379,
+         # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
+         # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
+         # 'SENTINEL_SERVICE': 'netbox',
+         'PASSWORD': '',
+-        'DATABASE': 1,
+        'DATABASE': int(os.getenv("NETBOX_REDIS_CACHE_DB")),
+         'SSL': False,
+     }
+ }
+@@ -51,7 +65,14 @@
+ # For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
+ # symbols. NetBox will not run without this defined. For more information, see
+ # https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
+-SECRET_KEY = ''
+vc = SimpleVaultClient(
+    os.getenv("VAULT_ADDR"),
+    os.getenv("VAULT_ROLE_ID"),
+    os.getenv("VAULT_SECRET_ID"),
+    ssl_verify=not _is_affirmative(os.getenv("VAULT_SKIP_VERIFY"))
+)
+SECRET_KEY = vc.get_kv_secret(os.getenv("NETBOX_VAULT_SECRET_NAME"), "key")
+del vc
+ 
+ 
+ #########################

diff --git a/netbox/config-patch2.diff b/netbox/config-patch2.diff new file mode 100644 index 0000000..5983cc1 --- /dev/null +++ b/netbox/config-patch2.diff
@@ -0,0 +1,89 @@
	1	--- a/opt/netbox/netbox/netbox/configuration.py
	2	+++ b/opt/netbox/netbox/netbox/configuration.py
	3	@@ -4,21 +4,35 @@
	4	# #
	5	#########################
	6
	7	+import os
	8	+from django.contrib.vault_client import SimpleVaultClient
	9	+
	10	+
	11	+def _is_affirmative(value):
	12	+ value = "" if not value else value
	13	+ return value.lower() in ["yes", "true", "on", "1"]
	14	+
	15	+
	16	# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
	17	# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
	18	#
	19	# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
	20	-ALLOWED_HOSTS = []
	21	+ALLOWED_HOSTS = ['*']
	22
	23	# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
	24	# https://docs.djangoproject.com/en/stable/ref/settings/#databases
	25	+port = os.getenv("NETBOX_DB_PORT")
	26	DATABASE = {
	27	- 'NAME': 'netbox', # Database name
	28	- 'USER': '', # PostgreSQL username
	29	- 'PASSWORD': '', # PostgreSQL password
	30	- 'HOST': 'localhost', # Database server
	31	- 'PORT': '', # Database port (leave blank for default)
	32	- 'CONN_MAX_AGE': 300, # Max database connection age
	33	+ 'NAME': os.getenv("NETBOX_DB_NAME"),
	34	+ 'HOST': os.getenv("NETBOX_DB_HOST"),
	35	+ 'PORT': int(port) if port else "",
	36	+ 'CONN_MAX_AGE': 300,
	37	+ "VAULT_SKIP_VERIFY": os.getenv("VAULT_SKIP_VERIFY"),
	38	+ "VAULT_ADDR": os.getenv("VAULT_ADDR"),
	39	+ "VAULT_TOKEN": os.getenv("VAULT_TOKEN"),
	40	+ "VAULT_DB_ROLE_NAME": os.getenv("VAULT_DB_ROLE_NAME"),
	41	+ "VAULT_ROLE_ID": os.getenv("VAULT_ROLE_ID"),
	42	+ "VAULT_SECRET_ID": os.getenv("VAULT_SECRET_ID"),
	43	}
	44
	45	# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
	46	@@ -26,23 +40,23 @@
	47	# to use two separate database IDs.
	48	REDIS = {
	49	'tasks': {
	50	- 'HOST': 'localhost',
	51	+ 'HOST': os.getenv("NETBOX_REDIS_HOST"),
	52	'PORT': 6379,
	53	# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
	54	# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
	55	# 'SENTINEL_SERVICE': 'netbox',
	56	'PASSWORD': '',
	57	- 'DATABASE': 0,
	58	+ 'DATABASE': int(os.getenv("NETBOX_REDIS_TASK_DB")),
	59	'SSL': False,
	60	},
	61	'caching': {
	62	- 'HOST': 'localhost',
	63	+ 'HOST': os.getenv("NETBOX_REDIS_HOST"),
	64	'PORT': 6379,
	65	# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
	66	# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
	67	# 'SENTINEL_SERVICE': 'netbox',
	68	'PASSWORD': '',
	69	- 'DATABASE': 1,
	70	+ 'DATABASE': int(os.getenv("NETBOX_REDIS_CACHE_DB")),
	71	'SSL': False,
	72	}
	73	}
	74	@@ -51,7 +65,14 @@
	75	# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
	76	# symbols. NetBox will not run without this defined. For more information, see
	77	# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
	78	-SECRET_KEY = ''
	79	+vc = SimpleVaultClient(
	80	+ os.getenv("VAULT_ADDR"),
	81	+ os.getenv("VAULT_ROLE_ID"),
	82	+ os.getenv("VAULT_SECRET_ID"),
	83	+ ssl_verify=not _is_affirmative(os.getenv("VAULT_SKIP_VERIFY"))
	84	+)
	85	+SECRET_KEY = vc.get_kv_secret(os.getenv("NETBOX_VAULT_SECRET_NAME"), "key")
	86	+del vc
	87
	88
	89	#########################