Track docker-compose overrides

Avoid modifying the upstream compose file and track our overrides which
handle the container build using SUSE BCI base images, the loading of
environment variables from a canonical location, and the disabling of
the integrated database service.
A Traefik reverse proxy to handle TLS termination is added as well.

Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>

.gitignore

@@ -1,7 +1,6 @@
 *.sql.gz
 .netbox
 .python-version
-docker-compose.override.yml
 *.pem
 configuration/*
 !configuration/configuration.py

docker-compose.override.yml

@@ -0,0 +1,74 @@
+version: '3.4'
+
+volumes:
+  traefik-certs:
+
+services:
+  # Replace database service from upstream with dummy because we are using an external database
+  postgres:
+    image: registry.suse.com/bci/bci-minimal:latest
+    command: "true"
+    entrypoint: "true"
+    healthcheck:
+      test: ["NONE"]
+    volumes: []
+  # "Real" overrides below
+  netbox:
+    env_file: /etc/opt/netbox-docker/netbox.env
+    build:
+      args:
+        FROM: registry.suse.com/bci/python:3.11
+        NETBOX_PATH: ${NETBOX_PATH}
+      context: .
+      dockerfile: Dockerfile
+      target: main
+    image: netbox:${TAG}
+    pull_policy: never
+    ports:
+      - 8000:8080
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.frontend.rule: "Host(`${NETBOX_HOSTNAME}`)"
+      traefik.http.routers.frontend.entrypoints: web
+      traefik.http.routers.frontend.middlewares: https_redirect
+      traefik.http.routers.frontendtls.rule: "Host(`${NETBOX_HOSTNAME}`)"
+      traefik.http.routers.frontendtls.entrypoints: websecure
+      traefik.http.routers.frontendtls.tls: true
+      traefik.http.routers.frontendtls.tls.certresolver: myresolver
+      traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
+      traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
+      traefik.http.services.frontend.loadbalancer.server.port: 8080
+      traefik.http.services.frontend.loadbalancer.passhostheader: true
+  netbox-worker:
+    image: netbox:${TAG}
+    pull_policy: never
+  netbox-housekeeping:
+    image: netbox:${TAG}
+    pull_policy: never
+  traefik:
+    image: traefik:v2.8
+    container_name: traefik
+    hostname: traefik
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.caserver=${ACME_SERVER}"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/certs/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-certs:/certs
+      - /var/lib/ca-certificates/ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:ro
+    restart: unless-stopped
+  redis:
+    env_file: /etc/opt/netbox-docker/redis.env
+  redis-cache:
+    env_file: /etc/opt/netbox-docker/redis-cache.env