From d6475504255de8f36af0995c0f028ccc8dc5a5c8 Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Sun, 19 Jul 2020 12:43:12 +0200
Subject: [PATCH] netbox: new host and role

---
 group_vars/all/vars.yml                    |   6 +
 group_vars/all/vault.yml                   | 260 +++++++++++----------
 hosts                                      |   1 +
 roles/netbox/defaults/main.yml             |   5 +
 roles/netbox/meta/main.yml                 |   5 +
 roles/netbox/tasks/main.yml                |  76 ++++++
 roles/netbox/templates/certs.j2            |  15 ++
 roles/netbox/templates/configuration.py.j2 | 254 ++++++++++++++++++++
 roles/netbox/templates/vhost.j2            |  38 +++
 site.yml                                   |   5 +
 10 files changed, 538 insertions(+), 127 deletions(-)
 create mode 100644 roles/netbox/defaults/main.yml
 create mode 100644 roles/netbox/meta/main.yml
 create mode 100644 roles/netbox/tasks/main.yml
 create mode 100644 roles/netbox/templates/certs.j2
 create mode 100644 roles/netbox/templates/configuration.py.j2
 create mode 100644 roles/netbox/templates/vhost.j2

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index e729d2b..a1d49bd 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -25,6 +25,12 @@ gre_matrix:
  - { id: 26, a: gw21, b: gw31 }
 # - { id: 33, a: gw22, b: gw31 }
 
+netbox_domain: netbox.ffrgb
+netbox_dbname: netbox
+netbox_dbuser: netbox
+netbox_dbpass: "{{ vault_netbox_dbpass }}"
+netbox_secret: "{{ vault_netbox_secret }}"
+
 node_targets:
 - gw11.regensburg.freifunk.net:9100
 - gw21.regensburg.freifunk.net:9100
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index a3996b2..36bfa2c 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,128 +1,134 @@
 $ANSIBLE_VAULT;1.1;AES256
-36303531356238623563383536313866333234626534333764393330613338323437633133333933
-6664636362396636366362363236383763653561366236370a336538353466333830326166353833
-38616339376634616533376262623839653063666633306537353065303436636130376335336631
-3432623039316431330a656664386662633362356137666661323438386333386632343864336663
-36623430663333393434393464633633376431333736396165343964663137373366343262373262
-62343237623763363961313666333364386364353732383061623937663731653037386562383339
-39623633666336356666626134333935356265303035616135303532396632323861366233373936
-61356363613161653263323737343866323538623039643230373765353337376631643362633639
-32346239353462363239393862643665373663646530343837313132616166346662326339316635
-35313465343631333939376165313661616133363565666439336163326132633137363166383831
-62613832373839383234356463323761613036666331306434353165653639616336633638396633
-61363333376239623738386262653165643335343436303634366536363338386138313235313562
-34303332626239323235613532396435646632353132613962363961383536666131306533306566
-64306364393266633635363162323133656363633862326231366161633138343765343564646236
-66666535613764613964633164333063306263353931646532346136663839646533643230666362
-65343432353838383832306331333832386363613566373461323033643963616237663165366636
-36336266353664353136323237383237663363613035653664303634633266333565303833356238
-62623538623861653135633666613034363766306263323262663631383961333932313837333339
-38313439636262313563326232323937323163373532306464333662363362613064313638353338
-34633766623962326464393564316563663764326462316232653935383463343163613532623931
-33653136636634373939386439623661383432616534333061626232303266343666383335346666
-34323336366232363563626139316666353433343236626334366138656334646338623338316439
-32323833656430373831616661613662353465376664633233333666373766356666373839336232
-65346637616539616330356138323865646433346339363130343366363731343262393538336466
-30316565303133343762666165626533343135633937323162653964626535343962653636636163
-36323066393039333531626434383830666665326563376638656238393439373033653763386131
-65316265626130643335333362363232613733633835633234316565303532623766653032303332
-33386661326362626538393033396430303564653737346339643966623337653661376633623166
-66313162316131326364393731346336626663626564343662343334616533616537633765376463
-64303939313639613665353035336536373436646436373038633233313330663965386665326234
-37326338333262313461373765306163646233303930633838636563313138646461656130666234
-33383232336333373965666630386131326137666633623231633739646435363532393432323330
-33393431616630336139393236636533383537623162376636393365663733626565306661386665
-65613536313032646636623334656266336531383733306361363536616661336236353735343535
-31353738346332643465383735636666326532623166373962376563633861376361663663393030
-31316366346531376635386335366564373530303664323934383930356530356265623530356461
-31656461663637373238303737383263353065326333383564346532376261316130346461373230
-31633939313061663235326331613061383033313131633330303238363135303637363133663637
-61653439633534633234366164313665356265323931346234646163333463366466613934333536
-36336662306531643537333437363032643433323564643736336539393634333139633631376238
-63633031646163613161626139666334623961646230366561343839653638303465323632653438
-39613364326264333131636231303031643336353663386238636561373839393834376636646534
-31383764623664363065626331363762623232336162383164396435613330303432616632306336
-64313564636433643430336333613339666536383062383932366137636432373038333134313263
-61636635613534663662353732333563366230636332326337303433356536373563663639326438
-31393664643765653365363834653936336138336261313337636363323063616261336137306662
-66663632663864366262363566393437313136373531313264323663373866663865396335666431
-33383665346634383039393334373166396230393432623934326665663931636431646330643033
-65613339623863323537626631343935333966326263323836373163633531373662393561633731
-64613237363562643164613338396436303334346234343739323137616364626433666464663133
-61306630626261376465636234613263366334626161353338323739643938323137633835653032
-66323964663965616666626138636433323736323630303832366365663436396265333033666662
-65343730336233323637356435363931346638666239363964646538343665396466646238363531
-31343535393931633830326561323437643834393430646431393765336433326236313537616532
-37363739373838383361616663633963373032646663333735663533356630626537326165666530
-61633537336437366266303463336438373137303037383761393365366365323263643239323736
-33316637643735363531643965383530643333636437363936303133373261386237386630616232
-30373861313638663639653932333532306166653462616136326365616465363436363663313430
-30306664626566643431353362383364633961306536663136396538313364656231363538363964
-37613761326365656632323034376634316430326666306330383937393963656333666437336639
-61343365343463303161336366386161363662646138316536653635383034616431356265613032
-66643937333933633932376133306465373031386334373032373261643762396637396139616638
-64313966393732383830646566306266663734356531336564393362613937646565663337353038
-31663734616536343938393638663636653532383538313137336166633632653235323833643665
-35393234633364666561653934346139353761643536313438366231646564323138393133333662
-36656164333831393061653632633830383766613638353863306663356164393665373965373237
-32363065326231393231343839633463326235316533636163356434313832343064396532613832
-33306331623364363566663463316139336134396636653264343563623339373566656134636364
-38653435333061333966396131376564386134363433643134616338343535353132633465616364
-31393266313339383233363364303731653933613632363231333965653237393962646132373761
-30643865626130343263656562653765343561636235333966363935333038383734363136633339
-65383232313633363761303063343936613765636633663866633833303938366339373635343733
-32616432343338376139313663656535373064353063643661663732633130383932373138666133
-33336262316664613936633032656234353262333633626237376636383261626331346464363261
-65396138653264636537346436636230613435376532383130666138373334643834303064303161
-38393563336564343530373362613166636639393963383539333234613734353834306135643363
-65613732376661373137353262626565613164343631336531393132333137326531353439333731
-37396434626365646565613766653930613632316632363764353330313836326436313438653836
-64613337626236323435393363626332383235326635323561633261396466623462623536306361
-65393331343664343533356462656638636638666464353037633334323363613936353266363530
-39663264356132363836343765336163653731373035653332303462383933333734363537366233
-33646333653762656534663635636634663835643730386264333738323962636266653734303239
-30336261323039386461303933633366316537303230336238636662396133353735653936313232
-63373335313162643562393131653930383566363239613063633931376536373366346331623337
-64343734333565316232356634376438306536373662316632313066336364383062653765643165
-66626465636365613064323664393163636230303664666632653938633364343136343464653735
-38376637646232333735633861356238646235616536336662353466346163616631613062303837
-32363638383838663833633532323365663531323632313534613133306336383262306530613337
-39653732323430643334366131313137653265353632643136643662626361636666326364303831
-39666166623564373133323332353337623038623737303935383036613236666339306235316166
-37643737386438623261653064643339663865366433376162373466653461313961383166663830
-35396661396664623866346661396563363564306136333137663166323362386431663835323365
-35656361353162666638626130343833303165333964613161396132613939313738396563333336
-64366533646137633166383431666366643937666139653637386535363135656432363136373134
-62396433316339366534303064636436646365373138376162333032383539373939376337643663
-62613966646361366435366361633864373066303933633039623530336236346261323335633130
-65323838323235653839656530626661343731383966623732663430313137643566343566643932
-62353936666632336532326266376438346339343030666530666261386335343566336237616639
-33353932326435393266336263363466633035653161363162376630343132383436336164643337
-66323436376265353062373166343162353334313365313462616139393430333164323539636235
-38613531393030663831663361333437313333643264353131356163313630636264313130663363
-62383166396131386133626131303163323865393832663262666434623833653861353064663062
-65623239356163656433363339386632303562333064613631383933323563663761343465306133
-32336233303461666366336466643936396366343735363934363136393738303031386339623532
-30326131383636356535343462313338303235343739623039353066653661313431333461333030
-65336166623732353432633236393233313964306435633231336534643134643834626534626131
-39303239366439303230316565373235616261633362633737646365316133616366643333343138
-31323138343838363735663835633361663036613461336135356639396334633765643764346365
-33353332326330366434313662383765653561663238653137383339626539633364336336363634
-65626465666435326566363863643064363365623361633266316137643637656537663934396663
-65633738613231326461373761626135373866326130356335653739636130366135363137646362
-37393839346634373132316434313966653730623035633933636230643765366261373839373333
-39363263376533326533663365363538383434663830646630323562333235356335373363383831
-66393361663865653238643035353138623730396363333633336261363739303264336136663638
-61646366323238373861386266353135333835353665333965306665613331393438313064303435
-36633333366637616666386531396539303630653735373163623437396161393633636435356631
-30393530323234373631393630383564306132616135646534316466336335366131663465336231
-64353136663436653637613765636234343836393262323535666232326265303333646436636531
-38313063373133383062333439363036663562623639333932386131353666373037623539316335
-39613766383631643661353238643534646464663231663166386634636330373332653963616330
-39383238386135646330336565323762326463313939386236366161356463343566376231396465
-64376661633465643864663236323961653535386362656238323730326663383138613831613633
-38373661666363666661313065356364353232333466386263383761323264363535643034326563
-61353638646463383063616365376535366232653135653430336231353633323665373438613437
-32316164643438626236613839353333316536313439306334666566623465323366633036326466
-61646263396333373063383861313033393335323263393261636265613736376361393735636130
-643939373434306635633963666533396439
+33336336363031356335646231313439663164663337323062393465653638346538613762323532
+3130356238303530316134623963616261663162393061300a653332613538633462353265353965
+63653131386233643635343732346336653164303236626666613963353963616634653939623135
+3231653165646661300a326563353632613937663137323562663364623133306338346633643832
+38613536373436643539623064386566653738316532666166333538656664623966376639363962
+63636332636331633762326539653863313233633032663063633136356562353737383365316238
+62633432363661613162616230313437306439376265623563343564343532366266616536346432
+38376465626236316434613631336465626363663263613232313662336133396434336437656464
+34323863643366326633613632636662353232323563616138356537613762666561393133383265
+65313162396434396662613131333261643966313366326435373831393338656361643733343837
+64316462393361336630623563386336323138653833636464623163343134393033303865326161
+33323461333334616333336466636436383764303362396561333830626137333462333564316364
+38393437666662346630663137643132626133383965353030663632636237663433383462326165
+30376436643137333361383839306537613535653564306164643363643330613031363630633964
+62396238396530306431633362343739633230383934373364303733366136633136363761303762
+33373165323939343063633965623733363934363330353662623134653438303337636161343132
+66393361363838323731303564653834316265333363303662376630333930346534363133363861
+62396533666365303065333330363066343238386438636661633233363831343838316131353633
+38643764386166656632313938386133366233366130626636323330326466376566613563383561
+62383038336566356533643336393430353365623932376161393438653465653962383130363433
+34393437343238383634323432633134353664386136633533383463616235326239383966633431
+36363532623932326432366330343332376264666537333234333234616638653830363633313465
+38343038666336353634633238356662666338646661646265306564633861333461336231313834
+64663166356432376564633163303636643963323032393737383537323639616333373133626264
+32303466316562666338356235376133653833623936373131373237393334393665306561366636
+66623437663334326631353132303030663236393762336639313861663962353363653831373563
+62386633306463306634633862326632313063393362353438623437376138363433623934666162
+37373662393437363965623162303934333230343962626233366630396531326665383065386161
+65663666356431366335633339366637303137353765656638316535613933343237656563663863
+65313230616338653030343034663937666134653336383732393538396337326238343761323137
+30626138666262666465393036363133356563653437376666376366613635306162653739396531
+64613664626663626462343737626266636132313366393861313436383137313765623165333734
+35333036633234303733373161626331363333393062613933623931356234363735663165386338
+61333961666638326134396431393335633435666135383738376335623135663934356437623062
+66323833353065653866613264663262653731373865656363666466303330356563356434343161
+34363564363564393132326264626134383630653437626536623166363965306363653539336461
+36366538383134376564376665336231663532656464393832346166653462306235666139633265
+34663235353765316633333865313439663736323462653232633362633333663539613934346136
+31363536303338633333393064366234643762396364356539363966623936663764353161383136
+34383432386537646566653964313731623761316161663136386532663332333262313861613932
+35356566303364326436306235323463623331613663383031343335323537346530653637663939
+34613333323738303731636362323735346561343332376137616339386163346134646566353231
+65656264626131306130663761663763336464306563313835633432333761623633666433613830
+63356265343839396162363333646630346364643661303331663236306535306465626435326662
+62313963663636363366356132616239323632623733656137316663303031356631323235353634
+64613035346633313366633138353737303565303434363139616466636163323137346238623562
+61333066633833303232333934373039623762323435333261633835356466303564666132656362
+62613939323735343163376165653634333834353334663532383866313232663533643138663766
+31353138356562386135366130373063306538633465323363313361316438366631366463323730
+62393637353931653930303230626665303066646539663338363133613431306532623865343531
+64366263653062643334336132336466383563636630323539373336343330616531323962326537
+64306535623135396537363735633039636335623561343435613864656330376631613434613866
+31393166633361633063323538623361653135306539346366383264336634353633626136663731
+35383332373338333935376438346232326236613430306533316561333438383238306666346465
+36356235373466303536346363393661393838336331313536383662353438333662366563353038
+66383237613132613636356461653037373437336264626539333763643261326239313065336463
+34323361613565663336343131613530616462633331653134613431393839303364363831303337
+39393732646234383936316637343066633761636231326639663239306231303834306631393933
+32323335666262666232363638306562353866353338646234353631323533316532383235336632
+33643934343836366631336666643730656137626466666232396535356664313132383838363832
+39613664643761653461326234643539643831616537363836656561303562633064613238383233
+33616336666462333461343766383063353361313032643230636132343631613636666636666639
+38386136656565653439323162363035623665623139326366326431343861393664636664363934
+61353761326136346636393261663335383664646531616366363436306461313063646264356561
+63393931313266633734616362376630616535396635343363326361653434353631303836326433
+64313533646331336338353533643031316638386330626362313938623736316134633062393930
+31306332623364393839313761353564313563326462313637663635663661396638373130363866
+30326263383730356135663433623138663239363765363664636133653462653262393766363966
+37303862363131646236333134366664653061343735303035383663383539353732313935313933
+37323461343530306632626631373238333636303135653535626631343862663639306136323363
+30343731356434333030303332636637363364643363666136353266383138613066353732326665
+32366234373864663333323035306334613937656666396437646335383839663336633364613338
+63306635663762373331646535373638343436376431646564666239633631376465623730353935
+66383262623838376339373735396131303434616132373832633061616132393931643830633864
+37663931613633656339383062336462383661363463323632396636633965373439383938626635
+38336330383139653365653664383934663838306531373164626136613338343861353262663431
+30653265333065663664646564376466303838373961626436396631356366363832613930346664
+34643962363862643732653631333665366134343332313863316164323465383138386262336336
+32343365386362346237656361386163323062376232346137336365363731396639346137343735
+62633436643265636262376639383635336536353131666661326238653339626666383562323763
+63373636636530306461633035616163643962633033363565323164343034633666346133343638
+37613463333461373663336630313834316333366466336539333135356338343731636231663530
+38623738636534333762376434336336326166373363643864316233343735386234616663636534
+32393838623939343536346634633339613837373735353565313138333864383632383533396264
+36363430356237636235316631313664336265633333313137373861666333663865393065393531
+30386335613531353837363738366232313036343731343566306166646466353164336136393330
+65323933613266363739363231663563656437396231316666303437633564613465313937383038
+32643465346130323738336364356331663163323236333764653566306664623164626437363465
+34333165343034633135336234633765336333623333643632353335656238393863623062623665
+39393434643538373633653630353963346132663366656532303764333838336562663735613737
+39363865353736663263303565336263643333613238336462313839323738373063393639303531
+34633739366531326666633634366230363431303663383432323463643665316136643434343839
+66313030623561366431353863633666636262336637636235326434366536393830343433336462
+34666631343862346239346434666462613836343161663234646439643562316564666632316665
+66376137313231376433333163396564343435303434326235626239336237653332316232343361
+30666531393863616132323837333931323534633561626263333534646530623433613633383061
+36393361613736393333633166346465363762336232303530393262666366303763303862383632
+30336437313339643861663635623334323330653030396432623932613433343836626238373530
+35353535366237663865333832356661613635353138356438386333323734386237626532343665
+31373061616234633336386661323164663934336464316364343036633336376234656263346530
+64333336383861396261316436636638653934643463666263346430366238663663383834313266
+65396434313161333532323036336538653830303232343364656365353339623165346164393039
+62356561366461643831656466316266616335646163303438353735393830636434386335623632
+32623835613262653566306561333835316334613633613138643235343265376238343932363264
+65666334633663366338306566346433626431656131393233393661396361366365333733303130
+38353435396462636633336238373131386562333063386235366233633030663861316161653362
+36306431663639663137313762396338323933663036343130633438326435383934633861343262
+39623431326362643833353532336233653664643733323432326466666165373333313266626565
+38656465623362323966333238336262323563353038666635666137303064663333363730633335
+31306139323831366363346331383834646635316166393334326535323339363038353365353538
+31356164656235373536323830333135333931373764636439363135316532613530333734613964
+66393233383132623536643664643862336162396630383932383731626233643966636437393461
+30356262393661623737653439633336656635323134613336626336343666363138303931323064
+36366333393330333365663965646664333561646434306463333135653130646337623035393434
+66636261346534653263356230633838633033373566623138626264656236336630373634636430
+39633136666565343332663330323937393565643338663433656466323535613064326233626637
+63393064363434393634333863363761643433326438336634306438376235393632643332346339
+63306437336431613535356138336666613862343437306330393566346332666534646230313265
+66663839333730636538343630363933353039343064316330666631646565386438613232383031
+63393963333063343437383130356331356162616266383231383535313530393264323232623934
+30363861373261303966613361336335356233306530343435313730393166383536323937373666
+33613033633530393933333265306265626632663266383834666334336364623864333735343735
+35316132636333323566666339333039653862666264353638336336356334393030663733306264
+61613661613166366238646264343239393735653437383539343731373266386238323532643739
+38643262343666656661356338623035343934383765313939363537393434623965623437363239
+61653034656535313937316639663166386432623034383864356465623032353636643737326336
+38376436343133643263336435636638356465396566623037633334643863643165663765383161
+33653530643836343334643734346335653131366439336139646131396237323862323132616339
+35383739633133643864646163616661633032666532663861393638343232323437363263663435
+65626561303137353330646162326464666236653633346636333864333366323336613638393365
+36396262306266396638613736626637633163343938366130363133303535613131383562393333
+63643830666437663931633231336432303561326231366639376130303564663564363766343834
+3934
diff --git a/hosts b/hosts
index 43f6285..56e8d98 100644
--- a/hosts
+++ b/hosts
@@ -7,3 +7,4 @@ stats.ffrgb ansible_host=10.90.224.100
 unms.ffrgb ansible_host=10.90.224.101
 unifi.ffrgb ansible_host=10.90.224.102
 tiles.ffrgb ansible_host=10.90.224.103
+netbox.ffrgb ansible_host=10.90.224.104
diff --git a/roles/netbox/defaults/main.yml b/roles/netbox/defaults/main.yml
new file mode 100644
index 0000000..d5c3805
--- /dev/null
+++ b/roles/netbox/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+netbox_group: netbox
+netbox_user: netbox
+netbox_version: 2.8.7
diff --git a/roles/netbox/meta/main.yml b/roles/netbox/meta/main.yml
new file mode 100644
index 0000000..8fcf724
--- /dev/null
+++ b/roles/netbox/meta/main.yml
@@ -0,0 +1,5 @@
+---
+
+dependencies:
+- { role: acertmgr }
+- { role: nginx, nginx_ssl: True }
diff --git a/roles/netbox/tasks/main.yml b/roles/netbox/tasks/main.yml
new file mode 100644
index 0000000..45fd6f9
--- /dev/null
+++ b/roles/netbox/tasks/main.yml
@@ -0,0 +1,76 @@
+---
+
+- name: Create group
+  group: name={{ netbox_group }}
+
+- name: Create user
+  user: name={{ netbox_user }} home=/home/{{ netbox_user }} group={{ netbox_group }}
+
+- name: Install dependencies
+  apt:
+    name:
+    - build-essential
+    - libffi-dev
+    - libpq-dev
+    - libssl-dev
+    - libxml2-dev
+    - libxslt1-dev
+    - python-setuptools
+    - python3-dev
+    - python3-pip
+    - python3-venv
+    - zlib1g-dev
+
+- name: Install PostgreSQL
+  apt:
+    name:
+    - postgresql
+    - python-psycopg2
+
+- name: Configure PostgreSQL database
+  postgresql_db: name={{ netbox_dbname }}
+  become: true
+  become_user: postgres
+
+- name: Configure PostgreSQL user
+  postgresql_user: db={{ netbox_dbname }} name={{ netbox_dbuser }} password={{ netbox_dbpass }} priv=ALL state=present
+  become: true
+  become_user: postgres
+
+- name: Install redis
+  apt: name=redis-server
+
+# TODO configure redis?
+
+- name: Unpack netbox
+  unarchive: src=https://github.com/netbox-community/netbox/archive/v{{ netbox_version }}.tar.gz dest=/opt remote_src=yes creates=/opt/netbox-{{ netbox_version }}
+  # TODO user/group/chown?
+
+- name: Configure netbox
+  template: src=configuration.py.j2 dest=/opt/netbox-{{ netbox_version }}/netbox/netbox/configuration.py owner={{ netbox_user }} group={{ netbox_group }}
+
+- name: Install venv
+  pip: requirements=/opt/netbox-{{ netbox_version }}/requirements.txt virtualenv=/opt/netbox-{{ netbox_version }}/venv virtualenv_command="/usr/bin/python3 -m venv"
+
+# TODO - still manual work
+# * Run Database Migrations
+# * Create a Super User
+# * Collect Static Files
+# * Gunicorn Configuration
+# * systemd Configuration
+
+- name: Ensure certificates are available
+  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ netbox_domain }}.key -out /etc/nginx/ssl/{{ netbox_domain }}.crt -days 730 -subj "/CN={{ netbox_domain }}" creates=/etc/nginx/ssl/{{ netbox_domain }}.crt
+  notify: Restart nginx
+
+#- name: Configure certificate manager for netbox
+#  template: src=certs.j2 dest=/etc/acertmgr/{{ netbox_domain }}.conf
+#  notify: Run acertmgr
+
+- name: Configure vhost
+  template: src=vhost.j2 dest=/etc/nginx/sites-available/netbox
+  notify: Restart nginx
+
+- name: Enable vhost
+  file: src=/etc/nginx/sites-available/netbox dest=/etc/nginx/sites-enabled/netbox state=link
+  notify: Restart nginx
diff --git a/roles/netbox/templates/certs.j2 b/roles/netbox/templates/certs.j2
new file mode 100644
index 0000000..f27f7ff
--- /dev/null
+++ b/roles/netbox/templates/certs.j2
@@ -0,0 +1,15 @@
+---
+
+{{ netbox_domain }}:
+- path: /etc/nginx/ssl/{{ netbox_domain }}.key
+  user: root
+  group: root
+  perm: '400'
+  format: key
+  action: '/usr/sbin/service nginx restart'
+- path: /etc/nginx/ssl/{{ netbox_domain }}.crt
+  user: root
+  group: root
+  perm: '400'
+  format: crt,ca
+  action: '/usr/sbin/service nginx restart'
diff --git a/roles/netbox/templates/configuration.py.j2 b/roles/netbox/templates/configuration.py.j2
new file mode 100644
index 0000000..62136ff
--- /dev/null
+++ b/roles/netbox/templates/configuration.py.j2
@@ -0,0 +1,254 @@
+#########################
+#                       #
+#   Required settings   #
+#                       #
+#########################
+
+# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
+# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
+#
+# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
+ALLOWED_HOSTS = ['{{ netbox_domain }}']
+
+# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
+#   https://docs.djangoproject.com/en/stable/ref/settings/#databases
+DATABASE = {
+    'NAME': '{{ netbox_dbname }}',               # Database name
+    'USER': '{{ netbox_dbuser }}',               # PostgreSQL username
+    'PASSWORD': '{{ netbox_dbpass }}',           # PostgreSQL password
+    'HOST': 'localhost',      # Database server
+    'PORT': '',               # Database port (leave blank for default)
+    'CONN_MAX_AGE': 300,      # Max database connection age
+}
+
+# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
+# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
+# to use two separate database IDs.
+REDIS = {
+    'tasks': {
+        'HOST': 'localhost',
+        'PORT': 6379,
+        # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
+        # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
+        # 'SENTINEL_SERVICE': 'netbox',
+        'PASSWORD': '',
+        'DATABASE': 0,
+        'DEFAULT_TIMEOUT': 300,
+        'SSL': False,
+    },
+    'caching': {
+        'HOST': 'localhost',
+        'PORT': 6379,
+        # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
+        # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
+        # 'SENTINEL_SERVICE': 'netbox',
+        'PASSWORD': '',
+        'DATABASE': 1,
+        'DEFAULT_TIMEOUT': 300,
+        'SSL': False,
+    }
+}
+
+# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
+# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
+# symbols. NetBox will not run without this defined. For more information, see
+# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
+SECRET_KEY = '{{ netbox_secret }}'
+
+
+#########################
+#                       #
+#   Optional settings   #
+#                       #
+#########################
+
+# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
+# application errors (assuming correct email settings are provided).
+ADMINS = [
+    # ['John Doe', 'jdoe@example.com'],
+]
+
+# URL schemes that are allowed within links in NetBox
+ALLOWED_URL_SCHEMES = (
+    'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
+)
+
+# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
+# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
+BANNER_TOP = ''
+BANNER_BOTTOM = ''
+
+# Text to include on the login page above the login form. HTML is allowed.
+BANNER_LOGIN = ''
+
+# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
+# BASE_PATH = 'netbox/'
+BASE_PATH = ''
+
+# Cache timeout in seconds. Set to 0 to dissable caching. Defaults to 900 (15 minutes)
+CACHE_TIMEOUT = 900
+
+# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
+CHANGELOG_RETENTION = 90
+
+# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
+# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
+# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
+CORS_ORIGIN_ALLOW_ALL = False
+CORS_ORIGIN_WHITELIST = [
+    # 'https://hostname.example.com',
+]
+CORS_ORIGIN_REGEX_WHITELIST = [
+    # r'^(https?://)?(\w+\.)?example\.com$',
+]
+
+# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
+# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
+# on a production system.
+DEBUG = False
+
+# Email settings
+EMAIL = {
+    'SERVER': 'localhost',
+    'PORT': 25,
+    'USERNAME': '',
+    'PASSWORD': '',
+    'USE_SSL': False,
+    'USE_TLS': False,
+    'TIMEOUT': 10,  # seconds
+    'FROM_EMAIL': '',
+}
+
+# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
+# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
+ENFORCE_GLOBAL_UNIQUE = False
+
+# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
+# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
+EXEMPT_VIEW_PERMISSIONS = [
+    # 'dcim.site',
+    # 'dcim.region',
+    # 'ipam.prefix',
+]
+
+# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
+# HTTP_PROXIES = {
+#     'http': 'http://10.10.1.10:3128',
+#     'https': 'http://10.10.1.10:1080',
+# }
+
+# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
+# NetBox from an internal IP.
+INTERNAL_IPS = ('127.0.0.1', '::1')
+
+# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
+#   https://docs.djangoproject.com/en/stable/topics/logging/
+LOGGING = {}
+
+# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
+# are permitted to access most data in NetBox (excluding secrets) but not make any changes.
+LOGIN_REQUIRED = True
+
+# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
+# re-authenticate. (Default: 1209600 [14 days])
+LOGIN_TIMEOUT = None
+
+# Setting this to True will display a "maintenance mode" banner at the top of every page.
+MAINTENANCE_MODE = False
+
+# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
+# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
+# all objects by specifying "?limit=0".
+MAX_PAGE_SIZE = 1000
+
+# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
+# the default value of this setting is derived from the installed location.
+# MEDIA_ROOT = '/opt/netbox/netbox/media'
+
+# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
+# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
+# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
+# STORAGE_CONFIG = {
+#     'AWS_ACCESS_KEY_ID': 'Key ID',
+#     'AWS_SECRET_ACCESS_KEY': 'Secret',
+#     'AWS_STORAGE_BUCKET_NAME': 'netbox',
+#     'AWS_S3_REGION_NAME': 'eu-west-1',
+# }
+
+# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
+METRICS_ENABLED = False
+
+# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
+NAPALM_USERNAME = ''
+NAPALM_PASSWORD = ''
+
+# NAPALM timeout (in seconds). (Default: 30)
+NAPALM_TIMEOUT = 30
+
+# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
+# be provided as a dictionary.
+NAPALM_ARGS = {}
+
+# Determine how many objects to display per page within a list. (Default: 50)
+PAGINATE_COUNT = 50
+
+# Enable installed plugins. Add the name of each plugin to the list.
+PLUGINS = []
+
+# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
+# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
+# PLUGINS_CONFIG = {
+#     'my_plugin': {
+#         'foo': 'bar',
+#         'buzz': 'bazz'
+#     }
+# }
+
+# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
+# prefer IPv4 instead.
+PREFER_IPV4 = False
+
+# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
+RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22
+RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220
+
+# Remote authentication support
+REMOTE_AUTH_ENABLED = False
+REMOTE_AUTH_BACKEND = 'utilities.auth_backends.RemoteUserBackend'
+REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
+REMOTE_AUTH_AUTO_CREATE_USER = True
+REMOTE_AUTH_DEFAULT_GROUPS = []
+REMOTE_AUTH_DEFAULT_PERMISSIONS = []
+
+# This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour.
+RELEASE_CHECK_TIMEOUT = 24 * 3600
+
+# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
+# version check or use the URL below to check for release in the official NetBox repository.
+RELEASE_CHECK_URL = None
+# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
+
+# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
+# this setting is derived from the installed location.
+# REPORTS_ROOT = '/opt/netbox/netbox/reports'
+
+# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
+# this setting is derived from the installed location.
+# SCRIPTS_ROOT = '/opt/netbox/netbox/scripts'
+
+# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
+# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
+# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
+SESSION_FILE_PATH = None
+
+# Time zone (default: UTC)
+TIME_ZONE = 'Europe/Berlin'
+
+# Date/time formatting. See the following link for supported formats:
+# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
+DATE_FORMAT = 'N j, Y'
+SHORT_DATE_FORMAT = 'Y-m-d'
+TIME_FORMAT = 'g:i a'
+SHORT_TIME_FORMAT = 'H:i:s'
+DATETIME_FORMAT = 'N j, Y g:i a'
+SHORT_DATETIME_FORMAT = 'Y-m-d H:i'
diff --git a/roles/netbox/templates/vhost.j2 b/roles/netbox/templates/vhost.j2
new file mode 100644
index 0000000..35082b5
--- /dev/null
+++ b/roles/netbox/templates/vhost.j2
@@ -0,0 +1,38 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name {{ netbox_domain }};
+
+	location /.well-known/acme-challenge {
+		default_type "text/plain";
+		alias /var/www/acme-challenge;
+	}
+
+	location / {
+		return 301 https://{{ netbox_domain }}$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name {{ netbox_domain }};
+
+	ssl_certificate_key /etc/nginx/ssl/{{ netbox_domain }}.key;
+	ssl_certificate /etc/nginx/ssl/{{ netbox_domain }}.crt;
+
+	location /static/ {
+		alias /opt/netbox-{{ netbox_version }}/netbox/static/;
+	}
+
+	location / {
+		client_max_body_size 32M;
+
+		proxy_set_header X-Forwarded-Host $http_host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_pass http://localhost:8001;
+	}
+}
diff --git a/site.yml b/site.yml
index 3358d60..563768e 100644
--- a/site.yml
+++ b/site.yml
@@ -51,3 +51,8 @@
   hosts: tiles.ffrgb
   roles:
   - tileserver
+
+- name: Setup netbox server
+  hosts: netbox.ffrgb
+  roles:
+  - netbox