iac_stack/ansible/roles/deploy_container_netbox/templates/docker-compose.yml.j2

---
services:
  postgres:
    image: postgres:${POSTGRES_VERSION:-16}
    container_name: netbox-db
    restart: unless-stopped
    networks:
      - netbox
    volumes:
      - netbox-db:/var/lib/postgresql/data
      - ./data/backup:/backup # Volume for Cronjob: 0 2 * * * /usr/bin/docker exec netbox-db /bin/bash -c 'PGPASSWORD=changeMeNow! pg_dump --username=netbox netbox > >
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    healthcheck:
      test: ["CMD-SHELL", "sh -c 'pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}'"]
      interval: 30s
      timeout: 10s
      retries: 5

  redis:
    image: redis:${NETBOX_REDIS_VERSION:-7}
    restart: unless-stopped
    networks:
      - netbox
    volumes:
      - netbox-redis:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 3s
      retries: 5

  netbox:
    build:
      context: .
      dockerfile: Dockerfile-Plugins
      args:
        NETBOX_VERSION: ${NETBOX_VERSION:-latest}
    container_name: netbox
    restart: unless-stopped
    networks:
      - traefik
      - netbox
    env_file: .env
    environment:
      DB_NAME: ${POSTGRES_DB}
      DB_USER: ${POSTGRES_USER}
      DB_PASSWORD: ${POSTGRES_PASSWORD}
      DB_HOST: postgres
      REDIS_HOST: redis
      REDIS_DATABASE: 0
      REDIS_CACHE_DATABASE: 1
      SECRET_KEY: ${NETBOX_SECRET_KEY}
      ALLOWED_HOSTS: "*"
    volumes:
      - netbox-static:/opt/netbox/netbox/static
      - netbox-media:/etc/netbox/media
      - ./data/configuration/plugins.py:/etc/netbox/config/plugins.py
      - ./data/netbox/static/img:/opt/netbox/netbox/static/netbox_topology_views/img
      - ./data/netbox/static/js:/opt/netbox/netbox/static/netbox_topology_views/js
      - ./data/netbox/static/css:/opt/netbox/netbox/static/netbox_topology_views/css
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.netbox.entrypoints=http"
      - "traefik.http.routers.netbox.rule=Host(`${NETBOX_DOMAIN:?error}`)"
      - "traefik.http.middlewares.netbox-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.netbox.middlewares=traefik-https-redirect"
      - "traefik.http.routers.netbox-secure.entrypoints=https"
      - "traefik.http.routers.netbox-secure.rule=Host(`${NETBOX_DOMAIN:?error}`)"
      - "traefik.http.routers.netbox-secure.tls=true"
      - "traefik.http.services.netbox.loadbalancer.server.port=8080"
      - "traefik.docker.network=traefik"
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    healthcheck:
      start_period: 60s
      timeout: 3s
      interval: 15s
      test: "curl -f http://localhost:8080/login/ || exit 1"

networks:
  traefik:
    external: true
  netbox:
    driver: bridge

volumes:
  netbox-db:
  netbox-redis:
  netbox-static:
  netbox-media: