- name: Install dependencies package: name: - git - python3 - python3-dev - py3-pip - py3-virtualenv - bash # for upgrade script - build-base # to build psycopg if not available - postgresql-dev # likewise - name: Create group for web service group: name: '{{ user }}' system: yes - name: Create user for web service user: name: '{{ user }}' group: '{{ user }}' home: '/srv/{{ user }}' shell: /bin/sh system: yes register: user_info - name: Checkout repo become: yes become_user: '{{ user }}' git: repo: https://github.com/netbox-community/netbox.git dest: '{{ user_info.home }}/app' version: 'v{{ netbox_version }}' notify: run migrations - name: Copy default config copy: dest: '{{ user_info.home }}/app/netbox/netbox/configuration.py' src: '{{ user_info.home }}/app/netbox/netbox/configuration_example.py' remote_src: yes owner: '{{ user_info.uid }}' group: '{{ user_info.group }}' force: no notify: run migrations - name: Restrict access to config file: path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' mode: 0600 - name: Configure secret key lineinfile: path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' regexp: "^SECRET_KEY = ''" line: "SECRET_KEY = '{{ lookup('password', '/dev/null', length=50) }}'" backrefs: yes # don’t set if set already - name: Configure base settings and database lineinfile: path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' regexp: '{{ item.key }}' line: '{{ item.line }}' loop: - key: '^ALLOWED_HOSTS = ' line: "ALLOWED_HOSTS = ['{{ dns_name }}']" - key: 'USER.*PostgreSQL username' line: " 'USER': '{{ user }}', # PostgreSQL username" - key: 'PASSWORD.*PostgreSQL password' line: " 'PASSWORD': '{{ password.db_pass }}', # PostgreSQL password" - key: '^PLUGINS = ' line: "PLUGINS = ['netbox_topology_views']" notify: run migrations - name: Configure OIDC authentication lineinfile: path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' regexp: '{{ item.key }}' line: '{{ item.line }}' loop: - key: "^REMOTE_AUTH_ENABLED =" line: "REMOTE_AUTH_ENABLED = True" - key: "^REMOTE_AUTH_BACKEND =" line: "REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'" - key: "^SOCIAL_AUTH_OIDC_OIDC_ENDPOINT =" line: "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = '{{ password.oidc_endpoint }}'" - key: "^SOCIAL_AUTH_OIDC_KEY =" line: "SOCIAL_AUTH_OIDC_KEY = '{{ password.oidc_client_id }}'" - key: "^SOCIAL_AUTH_OIDC_SECRET =" line: "SOCIAL_AUTH_OIDC_SECRET = '{{ password.oidc_client_secret }}'" - key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY =" line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'" notify: run migrations - name: Configure various settings lineinfile: path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' regexp: '{{ item.key }}' line: '{{ item.line }}' loop: - key: "^LOGIN_REQUIRED =" line: "LOGIN_REQUIRED = True" - key: "^EXEMPT_VIEW_PERMISSIONS = \\[$" line: "EXEMPT_VIEW_PERMISSIONS = ['*'," notify: restart netbox - name: Set additional requirements become: yes become_user: '{{ user }}' copy: dest: '{{ user_info.home }}/app/' src: local_requirements.txt notify: run migrations - meta: flush_handlers - name: Create superuser become: yes become_user: '{{ user }}' command: cmd: '{{ user_info.home }}/app/venv/bin/python {{ user_info.home }}/app/netbox/manage.py shell --interface python' stdin: | import sys from users.models import User #from django.contrib.auth.models import User username = '{{ password.admin_user }}' if not User.objects.filter(username=username): User.objects.create_superuser(username, password='{{ password.admin_pass }}') sys.exit(1) register: result changed_when: result.rc != 0 - name: Set up gunicorn copy: dest: /srv/netbox/gunicorn.py src: /srv/netbox/app/contrib/gunicorn.py remote_src: yes force: no owner: netbox group: netbox - name: Set up cron job file: dest: /etc/periodic/daily/netbox-housekeeping.sh src: /srv/netbox/app/contrib/netbox-housekeeping.sh state: link - name: Install services template: dest: '/etc/init.d/{{ item }}' src: '{{ item }}.initd.j2' mode: 0755 loop: - netbox - netbox-rq - name: Enable services service: name: '{{ item }}' enabled: true state: started loop: - netbox - netbox-rq - name: Set up nginx site template: dest: '/etc/nginx/http.d/netbox.conf' src: 'netbox.conf.j2' notify: reload nginx