netbox-deployment/README.md

# Netbox Deployment

GitOps deployment for Netbox with Tailscale HTTPS access.

## Prerequisites

### PostgreSQL Database

Connect to your PostgreSQL server and create the database:

```sql
CREATE DATABASE netbox;
CREATE USER netbox WITH PASSWORD 'your-secure-password';
GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox;
ALTER DATABASE netbox OWNER TO netbox;
```

### Host Configuration

Download configuration files to `/opt/netbox` (first time only):

```bash
sudo mkdir -p /opt/netbox/{tailscale,app}
sudo curl -o /opt/netbox/tailscale/serve-config.json https://gitea.arnodo.fr/Damien/netbox-deployment/raw/branch/main/serve-config.json
sudo curl -o /opt/netbox/app/configuration.py https://gitea.arnodo.fr/Damien/netbox-deployment/raw/branch/main/configuration.py
sudo curl -o /opt/netbox/app/plugins.py https://gitea.arnodo.fr/Damien/netbox-deployment/raw/branch/main/plugins.py
```

### Generate Secret Key

```bash
python3 -c "import secrets; print(secrets.token_urlsafe(50))"
```

## Deployment

1. Create a new stack in Portainer
2. Select "Repository" and point to this repository
3. Portainer will load `stack.env` automatically
4. Override sensitive values (`CHANGE_ME`) in the environment variables section:
   - `TS_AUTHKEY` - Tailscale auth key (reusable recommended)
   - `DB_PASSWORD` - PostgreSQL password
   - `SECRET_KEY` - Django secret key
   - `SUPERUSER_PASSWORD` - Initial admin password
5. Deploy

### After First Deployment

Set `SKIP_SUPERUSER=true` to prevent superuser recreation on redeploy.

## Access

Once deployed: https://netbox.taila5ad8.ts.net

## Directory Structure

```
/opt/netbox/
├── tailscale/
│   └── serve-config.json    # Tailscale HTTPS configuration
└── app/
    ├── configuration.py     # Database config with DynamicSchemaDict
    └── plugins.py           # Plugins activation and settings
```