2025-12-10 13:52:38 +00:00
19 changed files with 94 additions and 88 deletions
--- a/.editorconfig-checker.json
+++ b/.editorconfig-checker.json
@ -2,12 +2,17 @@
  "Verbose": false,
  "Debug": false,
  "IgnoreDefaults": false,
-  "SpacesAfterTabs": false,
+  "SpacesAftertabs": false,
  "NoColor": false,
-  "Exclude": ["LICENSE", "\\.initializers", "\\.vscode"],
+  "Exclude": [
+    "LICENSE",
+    "\\.initializers",
+    "\\.vscode"
+  ],
  "AllowedContentTypes": [],
  "PassedFiles": [],
  "Disable": {
+    // set these options to true to disable specific checks
    "EndOfLine": false,
    "Indentation": false,
    "InsertFinalNewline": false,
--- a/.editorconfig
+++ b/.editorconfig
@ -9,6 +9,3 @@ indent_size = 2

 [*.py]
 indent_size = 4
-
-[VERSION]
-insert_final_newline = false
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@ -23,28 +23,25 @@ jobs:
      packages: read
      statuses: write
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
        with:
          # Full git history is needed to get a proper
          # list of changed files within `super-linter`
          fetch-depth: 0
      - name: Lint Code Base
-        uses: super-linter/super-linter@v8
+        uses: super-linter/super-linter@v7
        env:
          DEFAULT_BRANCH: develop
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SUPPRESS_POSSUM: true
          LINTER_RULES_PATH: /
          VALIDATE_ALL_CODEBASE: false
-          VALIDATE_BIOME_FORMAT: false
          VALIDATE_CHECKOV: false
          VALIDATE_DOCKERFILE: false
-          VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
          VALIDATE_GITLEAKS: false
          VALIDATE_JSCPD: false
-          VALIDATE_TRIVY: false
          FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*)
-          EDITORCONFIG_FILE_NAME: .editorconfig-checker.json
+          EDITORCONFIG_FILE_NAME: .ecrc
          DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml
          MARKDOWN_CONFIG_FILE: .markdown-lint.yml
          PYTHON_BLACK_CONFIG_FILE: pyproject.toml
@ -73,7 +70,7 @@ jobs:
    steps:
      - id: git-checkout
        name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
      - id: buildx-setup
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -13,13 +13,11 @@ jobs:
  build:
    strategy:
      matrix:
-        build:
-          - { "cmd": "./build-latest.sh", "branch": "release" }
-          - { "cmd": "./build.sh main", "branch": "release" }
-          # Build pre release images from our develop branch
-          # This is used to test the latest changes before they are merged into the main branch
-          - { "cmd": "PRERELEASE=true ./build-latest.sh", "branch": "develop" }
-          - { "cmd": "./build.sh feature", "branch": "develop" }
+        build_cmd:
+          - ./build-latest.sh
+          - PRERELEASE=true ./build-latest.sh
+          - ./build.sh feature
+          - ./build.sh main
        platform:
          - linux/amd64,linux/arm64
      fail-fast: false
@ -32,18 +30,16 @@ jobs:
    steps:
      - id: source-checkout
        name: Checkout
-        uses: actions/checkout@v5
-        with:
-          ref: ${{ matrix.build.branch }}
+        uses: actions/checkout@v4
      - id: set-netbox-docker-version
        name: Get Version of NetBox Docker
        run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT"
        shell: bash
      - id: check-build-needed
-        name: Check if the build is needed for '${{ matrix.build.cmd }}'
+        name: Check if the build is needed for '${{ matrix.build_cmd }}'
        env:
          CHECK_ONLY: "true"
-        run: ${{ matrix.build.cmd }}
+        run: ${{ matrix.build_cmd }}
      # docker.io
      - id: docker-io-login
        name: Login to docker.io
@ -81,7 +77,7 @@ jobs:
        if: steps.check-build-needed.outputs.skipped != 'true'
      - id: build-and-push
        name: Push the image
-        run: ${{ matrix.build.cmd }} --push
+        run: ${{ matrix.build_cmd }} --push
        if: steps.check-build-needed.outputs.skipped != 'true'
        env:
          BUILDX_PLATFORM: ${{ matrix.platform }}
--- a/20
+++ b/20
@ -1,7 +1,7 @@
 ARG FROM
 FROM ${FROM} AS builder

-COPY --from=ghcr.io/astral-sh/uv:0.9 /uv /usr/local/bin/
+COPY --from=ghcr.io/astral-sh/uv:0.5 /uv /usr/local/bin/
 RUN export DEBIAN_FRONTEND=noninteractive \
    && apt-get update -qq \
    && apt-get upgrade \
@ -33,8 +33,6 @@ RUN \
    # we have potential version conflicts and the build will fail.
    # That's why we just replace it in the original requirements.txt.
    sed -i -e 's/social-auth-core/social-auth-core\[all\]/g' /requirements.txt && \
-    # The same is true for 'django-storages'
-    sed -i -e 's/django-storages/django-storages\[azure,boto3,dropbox,google,libcloud,sftp\]/g' /requirements.txt && \
    /usr/local/bin/uv pip install \
      -r /requirements.txt \
      -r /requirements-container.txt
@ -46,8 +44,6 @@ RUN \
 ARG FROM
 FROM ${FROM} AS main

-COPY docker/unit.list /etc/apt/sources.list.d/unit.list
-ADD --chmod=444 --chown=0:0 https://unit.nginx.org/keys/nginx-keyring.gpg /usr/share/keyrings/nginx-keyring.gpg
 RUN export DEBIAN_FRONTEND=noninteractive \
    && apt-get update -qq \
    && apt-get upgrade \
@ -64,8 +60,15 @@ RUN export DEBIAN_FRONTEND=noninteractive \
      openssl \
      python3 \
      tini \
-      unit-python3.12=1.34.2-1~noble \
-      unit=1.34.2-1~noble \
+    && curl --silent --output /usr/share/keyrings/nginx-keyring.gpg \
+      https://unit.nginx.org/keys/nginx-keyring.gpg \
+    && echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ noble unit" \
+      > /etc/apt/sources.list.d/unit.list \
+    && apt-get update -qq \
+    && apt-get install \
+      --yes -qq --no-install-recommends \
+      unit=1.34.1-1~noble \
+      unit-python3.12=1.34.1-1~noble \
    && rm -rf /var/lib/apt/lists/*

 # Copy the modified 'requirements*.txt' files, to have the files actually used during installation
@ -79,6 +82,7 @@ COPY ${NETBOX_PATH} /opt/netbox
 COPY docker/configuration.docker.py /opt/netbox/netbox/netbox/configuration.py
 COPY docker/ldap_config.docker.py /opt/netbox/netbox/netbox/ldap_config.py
 COPY docker/docker-entrypoint.sh /opt/netbox/docker-entrypoint.sh
+COPY docker/housekeeping.sh /opt/netbox/housekeeping.sh
 COPY docker/launch-netbox.sh /opt/netbox/launch-netbox.sh
 COPY configuration/ /etc/netbox/config/
 COPY docker/nginx-unit.json /etc/unit/
@ -88,7 +92,7 @@ WORKDIR /opt/netbox/netbox

 # Must set permissions for '/opt/netbox/netbox/media' directory
 # to g+w so that pictures can be uploaded to netbox.
-RUN mkdir -p static media /opt/unit/state/ /opt/unit/tmp/ \
+RUN mkdir -p static /opt/unit/state/ /opt/unit/tmp/ \
      && chown -R unit:root /opt/unit/ media reports scripts \
      && chmod -R g+w /opt/unit/ media reports scripts \
      && cd /opt/netbox/ && SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python -m mkdocs build \
--- a/README.md
+++ b/README.md
@ -39,9 +39,12 @@ There is a more complete [_Getting Started_ guide on our wiki][wiki-getting-star
 ```bash
 git clone -b release https://github.com/netbox-community/netbox-docker.git
 cd netbox-docker
-# Copy the example override file
-cp docker-compose.override.yml.example docker-compose.override.yml
-# Read and edit the file to your liking
+tee docker-compose.override.yml <<EOF
+services:
+  netbox:
+    ports:
+      - 8000:8080
+EOF
 docker compose pull
 docker compose up
 ```
--- a/2
+++ b/2
@ -1 +1 @@
-3.4.2
+3.2.1
--- a/build.sh
+++ b/build.sh
@ -62,7 +62,7 @@ DOCKERFILE  The name of Dockerfile to use.
 DOCKER_FROM The base image to use.
            ${_GREEN}Default:${_CLEAR} 'ubuntu:24.04'

-BUILDX_PLATFORM
+BUILDX_PLATFORMS
            Specifies the platform(s) to build the image for.
            ${_CYAN}Example:${_CLEAR} 'linux/amd64,linux/arm64'
            ${_GREEN}Default:${_CLEAR} 'linux/amd64'
@ -223,7 +223,7 @@ fi
 ###
 # Variables for labelling the docker image
 ###
-BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%S+00:00')"
+BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M+00:00')"

 if [ -d ".git" ] && [ -z "${SKIP_GIT}" ]; then
  GIT_REF="$(git rev-parse HEAD)"
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@ -64,21 +64,19 @@ if '*' not in ALLOWED_HOSTS and 'localhost' not in ALLOWED_HOSTS:

 # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
 #   https://docs.djangoproject.com/en/stable/ref/settings/#databases
-DATABASES = {
-    'default': {
-        'NAME': environ.get('DB_NAME', 'netbox'),       # Database name
-        'USER': environ.get('DB_USER', ''),             # PostgreSQL username
-        'PASSWORD': _read_secret('db_password', environ.get('DB_PASSWORD', '')),
-                                                        # PostgreSQL password
-        'HOST': environ.get('DB_HOST', 'localhost'),    # Database server
-        'PORT': environ.get('DB_PORT', ''),             # Database port (leave blank for default)
-        'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')},
-                                                        # Database connection SSLMODE
-        'CONN_MAX_AGE': _environ_get_and_map('DB_CONN_MAX_AGE', '300', _AS_INT),
-                                                        # Max database connection age
-        'DISABLE_SERVER_SIDE_CURSORS': _environ_get_and_map('DB_DISABLE_SERVER_SIDE_CURSORS', 'False', _AS_BOOL),
-                                                        # Disable the use of server-side cursors transaction pooling
-    }
+DATABASE = {
+    'NAME': environ.get('DB_NAME', 'netbox'),       # Database name
+    'USER': environ.get('DB_USER', ''),             # PostgreSQL username
+    'PASSWORD': _read_secret('db_password', environ.get('DB_PASSWORD', '')),
+                                                    # PostgreSQL password
+    'HOST': environ.get('DB_HOST', 'localhost'),    # Database server
+    'PORT': environ.get('DB_PORT', ''),             # Database port (leave blank for default)
+    'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')},
+                                                    # Database connection SSLMODE
+    'CONN_MAX_AGE': _environ_get_and_map('DB_CONN_MAX_AGE', '300', _AS_INT),
+                                                    # Max database connection age
+    'DISABLE_SERVER_SIDE_CURSORS': _environ_get_and_map('DB_DISABLE_SERVER_SIDE_CURSORS', 'False', _AS_BOOL),
+                                                    # Disable the use of server-side cursors transaction pooling
 }

 # Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
@ -116,11 +114,6 @@ REDIS = {
 # https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
 SECRET_KEY = _read_secret('secret_key', environ.get('SECRET_KEY', ''))

-API_TOKEN_PEPPERS = {}
-if api_token_pepper := _read_secret('api_token_pepper_1', environ.get('API_TOKEN_PEPPER_1', '')):
-    API_TOKEN_PEPPERS.update({1: api_token_pepper})
-
-

 #########################
 #                       #
--- a/configuration/ldap/ldap_config.py
+++ b/configuration/ldap/ldap_config.py
@ -109,6 +109,3 @@ AUTH_LDAP_USER_ATTR_MAP = {
    "last_name": environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'),
    "email": environ.get('AUTH_LDAP_ATTR_MAIL', 'mail')
 }
-
-# Update user object with the latest values from the LDAP directory every time the user logs in.
-AUTH_LDAP_ALWAYS_UPDATE_USER = environ.get('AUTH_LDAP_ALWAYS_UPDATE_USER', 'True').lower() == 'true'
--- a/docker-compose.test.yml
+++ b/docker-compose.test.yml
@ -28,6 +28,15 @@ services:
      start_period: 40s
      timeout: 3s
      interval: 15s
+  netbox-housekeeping:
+    <<: *netbox
+    command:
+      - /opt/netbox/housekeeping.sh
+    healthcheck:
+      test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
+      start_period: 40s
+      timeout: 3s
+      interval: 15s

  postgres:
    image: docker.io/postgres:17-alpine
@ -40,7 +49,7 @@ services:
      retries: 5

  redis: &redis
-    image: docker.io/valkey/valkey:8.1-alpine
+    image: docker.io/valkey/valkey:8.0-alpine
    command:
      - sh
      - -c # this is to evaluate the $REDIS_PASSWORD from the env
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,6 +1,6 @@
 services:
  netbox: &netbox
-    image: docker.io/netboxcommunity/netbox:${VERSION-v4.4-3.4.1}
+    image: docker.io/netboxcommunity/netbox:${VERSION-v4.2-3.2.1}
    depends_on:
      - postgres
      - redis
@ -31,6 +31,18 @@ services:
      start_period: 20s
      timeout: 3s
      interval: 15s
+  netbox-housekeeping:
+    <<: *netbox
+    depends_on:
+      netbox:
+        condition: service_healthy
+    command:
+      - /opt/netbox/housekeeping.sh
+    healthcheck:
+      test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
+      start_period: 20s
+      timeout: 3s
+      interval: 15s

  # postgres
  postgres:
@ -47,7 +59,7 @@ services:

  # redis
  redis:
-    image: docker.io/valkey/valkey:8.1-alpine
+    image: docker.io/valkey/valkey:8.0-alpine
    command:
      - sh
      - -c # this is to evaluate the $REDIS_PASSWORD from the env
@ -62,7 +74,7 @@ services:
    volumes:
      - netbox-redis-data:/data
  redis-cache:
-    image: docker.io/valkey/valkey:8.1-alpine
+    image: docker.io/valkey/valkey:8.0-alpine
    command:
      - sh
      - -c # this is to evaluate the $REDIS_PASSWORD from the env
--- a/docker/housekeeping.sh
+++ b/docker/housekeeping.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+SLEEP_SECONDS=${HOUSEKEEPING_INTERVAL:=86400}
+echo "Interval set to ${SLEEP_SECONDS} seconds"
+while true; do
+  date
+  /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
+  sleep "${SLEEP_SECONDS}s"
+done
--- a/docker/launch-netbox.sh
+++ b/docker/launch-netbox.sh
@ -36,7 +36,7 @@ load_configuration() {
      http://localhost/config
  )
  if [ "$RESP_CODE" != "200" ]; then
-    echo "⚠️ Could not load Unit configuration"
+    echo "⚠️ Could no load Unit configuration"
    kill "$(cat /opt/unit/unit.pid)"
    return 1
  fi
--- a/docker/nginx-unit.json
+++ b/docker/nginx-unit.json
@ -73,10 +73,5 @@
      }
    }
  },
-  "access_log": "/dev/stdout",
-  "settings": {
-    "http": {
-      "max_body_size": 104857600
-    }
-  }
+  "access_log": "/dev/stdout"
 }
--- a/docker/unit.list
+++ b/docker/unit.list
@ -1 +0,0 @@
-deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] http://packages.nginx.org/unit/ubuntu/ noble unit
--- a/env/netbox.env
+++ b/env/netbox.env
@ -1,4 +1,3 @@
-API_TOKEN_PEPPER_1=Qy+F=OTeGskWQ(wTMgjc+NPPlz6YwFXY=KHIIg=wpYXT&e(6u8
 CORS_ORIGIN_ALLOW_ALL=True
 DB_HOST=postgres
 DB_NAME=netbox
@ -16,6 +15,7 @@ EMAIL_USERNAME=netbox
 EMAIL_USE_SSL=false
 EMAIL_USE_TLS=false
 GRAPHQL_ENABLED=true
+HOUSEKEEPING_INTERVAL=86400
 MEDIA_ROOT=/opt/netbox/netbox/media
 METRICS_ENABLED=false
 REDIS_CACHE_DATABASE=1
--- a/requirements-container.txt
+++ b/requirements-container.txt
@ -1,6 +1,7 @@
-django-auth-ldap==5.2.0
-dulwich==0.24.8
+django-auth-ldap==5.1.0
+django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.6
+dulwich==0.22.7
 python3-saml==1.16.0
 --no-binary lxml
 --no-binary xmlsec
-sentry-sdk[django]==2.43.0
+sentry-sdk[django]==2.27.0
--- a/test-configuration/test_config.py
+++ b/test-configuration/test_config.py
@ -3,14 +3,4 @@ LOGGING = {
    'disable_existing_loggers': True
 }

-PLUGINS = [
-    'netbox.tests.dummy_plugin',
-]
-
-ALLOW_TOKEN_RETRIEVAL = True
-
 DEFAULT_PERMISSIONS = {}
-
-API_TOKEN_PEPPERS = {
-    1: 'TEST-VALUE-DO-NOT-USE-TEST-VALUE-DO-NOT-USE-TEST-VALUE-DO-NOT-USE',
-}
 @ -1 +1 @@
 .4.2
 .2.1
				`@ -1 +0,0 @@`
				`deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] http://packages.nginx.org/unit/ubuntu/ noble unit`