Sanitized mirror from private repository - 2026-03-17 09:16:31 UTC

docs/services/individual/netbox.md

@@ -0,0 +1,120 @@
+# NetBox — DCIM / IPAM
+
+**Data Center Infrastructure Management & IP Address Management**
+
+## Service Overview
+
+| Property | Value |
+|----------|-------|
+| **Host** | homelab-vm (192.168.0.210) |
+| **Port** | 8443 (-> 8000 internal) |
+| **URL** | https://nb.vish.gg |
+| **Local URL** | http://192.168.0.210:8443 |
+| **Image** | `linuxserver/netbox:latest` |
+| **Stack** | `hosts/vms/homelab-vm/netbox.yaml` |
+| **Data** | `/home/homelab/docker/netbox/{config,db,redis}` |
+
+## Credentials
+
+| Property | Value |
+|----------|-------|
+| **Superuser Email** | your-email@example.com |
+| **Superuser Password** | Set via env var `SUPERUSER_PASSWORD` at deploy time |
+| **DB Password** | Set via env var `DB_PASSWORD` |
+| **Redis Password** | Set via env var `REDIS_PASSWORD` |
+
+## Architecture
+
+```
+              Internet
+                 |
+          Cloudflare (proxied)
+                 |
+              nb.vish.gg
+                 |
+      NPM (calypso:8443) --- SSL: *.vish.gg origin cert
+                 |
+    http://100.67.40.126:8443 (Tailscale)
+                 |
+         +-------+-------+
+         |       |       |
+    netbox-db  redis   netbox
+   (pg:16)   (redis:7) (uwsgi)
+```
+
+NPM reaches homelab-vm via its **Tailscale IP** (100.67.40.126), not the LAN IP -- calypso routes through Tailscale to reach homelab-vm services.
+
+## Components
+
+| Container | Image | Purpose |
+|-----------|-------|---------|
+| `netbox` | linuxserver/netbox:latest | Web UI + API + background worker |
+| `netbox-db` | postgres:16-alpine | PostgreSQL database |
+| `netbox-redis` | redis:7-alpine | Caching and task queue |
+
+## DNS & Reverse Proxy
+
+- **Cloudflare**: `nb.vish.gg` A record (proxied), auto-updated by DDNS
+- **DDNS**: Listed in `ddns-vish-proxied` service (`hosts/synology/atlantis/dynamicdnsupdater.yaml`)
+- **NPM**: Proxy host ID 46 -- `nb.vish.gg` -> `http://100.67.40.126:8443`
+  - SSL: Cloudflare origin certificate (`*.vish.gg`, cert ID 1)
+  - Force SSL: yes
+  - Block exploits: yes
+
+## Deployment
+
+Deployed via `docker compose` with env vars for secrets:
+
+```bash
+cd /home/homelab/organized/repos/homelab/hosts/vms/homelab-vm
+
+SUPERUSER_EMAIL=your-email@example.com \
+SUPERUSER_PASSWORD="REDACTED_PASSWORD" \
+DB_PASSWORD="REDACTED_PASSWORD" \
+REDIS_PASSWORD="REDACTED_PASSWORD" \
+docker compose -f netbox.yaml -p netbox up -d
+```
+
+First startup takes several minutes (DB migrations + static file collection).
+
+## Configuration
+
+Main config persisted at: `/home/homelab/docker/netbox/config/configuration.py`
+
+Key settings:
+- `ALLOWED_HOSTS = ['*']` -- NPM handles domain routing
+- `TIME_ZONE = 'UTC'`
+- `LOGIN_REQUIRED = False` (change to `True` to require auth for read access)
+- `SECRET_KEY` -- auto-generated on first run, do not change
+
+To edit:
+```bash
+sudo nano /home/homelab/docker/netbox/config/configuration.py
+docker restart netbox
+```
+
+## API
+
+REST API at `/api/`, GraphQL at `/graphql/`.
+
+```bash
+# Create a token: User menu -> API Tokens in the web UI
+curl -H "Authorization: Token <token>" https://nb.vish.gg/api/dcim/devices/
+```
+
+## Maintenance
+
+```bash
+# Logs
+docker logs netbox --tail 50
+
+# Restart
+docker restart netbox
+
+# Upgrade
+docker compose -f netbox.yaml -p netbox pull && \
+docker compose -f netbox.yaml -p netbox up -d
+
+# Backup database
+docker exec netbox-db pg_dump -U netbox netbox > /home/homelab/docker/netbox/backup-$(date +%Y%m%d).sql
+```