132 changed files with 3738 additions and 1032 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,10 +1,10 @@
-.git*
+.git
 .github
 .travis.yml
 *.md
 build*
 docker-compose*
 env
-test-configuration
+build*
 docker-compose.override.yml
 .netbox/.git*
-.netbox/contrib
+.netbox/.travis.yml
 .netbox/scripts
 .netbox/upgrade.sh
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,8 +1,8 @@
 # These are supported funding model platforms
 github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
-  - cimnine
+- cimnine
-  - tobiasge
+- tobiasge
 patreon: # Replace with a single Patreon username
 open_collective: # Replace with a single Open Collective username
 ko_fi: # Replace with a single Ko-fi username
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -1,7 +1,7 @@
 name: Bug report
 description: Create a report about a malfunction of the Docker setup
 body:
-  - type: markdown
+- type: markdown
  attributes:
    value: |
      Please only raise an issue if you're certain that you've found a bug.
@ -28,7 +28,7 @@ body:
      Please don't open an issue to open a PR.
      Just submit the PR, that's good enough.
-  - type: textarea
+- type: textarea
  id: current-behavior
  attributes:
    label: Current Behavior
@ -36,7 +36,7 @@ body:
    placeholder: I tried to … by doing …, but it …
  validations:
    required: true
-  - type: textarea
+- type: textarea
  id: expected-behavior
  attributes:
    label: Expected Behavior
@ -44,7 +44,7 @@ body:
    placeholder: I expected that … when I do …
  validations:
    required: true
-  - type: input
+- type: input
  id: docker-compose-version
  attributes:
    label: Docker Compose Version
@ -52,7 +52,7 @@ body:
    placeholder: Docker Compose version vX.Y.Z
  validations:
    required: true
-  - type: textarea
+- type: textarea
  id: docker-version
  attributes:
    label: Docker Version
@ -90,14 +90,14 @@ body:
        GitCommit:        de40ad0
  validations:
    required: true
-  - type: input
+- type: input
  id: git-rev
  attributes:
    label: The git Revision
    description: Please paste the output of `git rev-parse HEAD`
  validations:
    required: true
-  - type: textarea
+- type: textarea
  id: git-status
  attributes:
    label: The git Status
@ -108,7 +108,7 @@ body:
      nothing to commit, working tree clean
  validations:
    required: true
-  - type: input
+- type: input
  id: run-command
  attributes:
    label: Startup Command
@ -116,7 +116,7 @@ body:
    placeholder: docker compose up
  validations:
    required: true
-  - type: textarea
+- type: textarea
  id: netbox-logs
  attributes:
    label: NetBox Logs
@ -132,7 +132,7 @@ body:
      ...
  validations:
    required: true
-  - type: textarea
+- type: textarea
  id: docker-compose-override-yml
  attributes:
    label: Content of docker-compose.override.yml
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -6,7 +6,7 @@ contact_links:
  - name: Chat
    url: https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
-    about: "Usually the quickest way to seek help with small issues is to join our #netbox-docker Slack channel."
+    about: 'Usually the quickest way to seek help with small issues is to join our #netbox-docker Slack channel.'
  - name: Community Wiki
    url: https://github.com/netbox-community/netbox-docker/wiki
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@ -1,7 +1,7 @@
 name: Feature or Change Request
 description: Request a new feature or a change of the current behavior
 body:
-  - type: markdown
+- type: markdown
  attributes:
    value: |
      This issue type is to propose new features for the Docker setup.
@ -30,7 +30,7 @@ body:
      Please don't open an issue to open a PR.
      Just submit the PR, that's good enough.
-  - type: textarea
+- type: textarea
  id: desired-behavior
  attributes:
    label: Desired Behavior
@ -38,7 +38,7 @@ body:
    placeholder: To me, it would be useful, if … because …
  validations:
    required: true
-  - type: textarea
+- type: textarea
  id: contrast-to-current
  attributes:
    label: Contrast to Current Behavior
@ -46,7 +46,7 @@ body:
    placeholder: The current behavior is …, but this lacks …
  validations:
    required: true
-  - type: textarea
+- type: textarea
  id: required-changes
  attributes:
    label: Required Changes
@ -54,10 +54,10 @@ body:
    placeholder: I suggest to change the file …
  validations:
    required: false
-  - type: textarea
+- type: textarea
  id: discussion
  attributes:
-      label: "Discussion: Benefits and Drawbacks"
+    label: 'Discussion: Benefits and Drawbacks'
    description: |
      Please make your case here:
      - Why do you think this project and the community will benefit from your suggestion?
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -80,6 +80,6 @@ into the release notes.
 Please put an x into the brackets (like `[x]`) if you've completed that task.
 -->
- [ ] I have read the comments and followed the PR template.
+* [ ] I have read the comments and followed the PR template.
- [ ] I have explained my PR according to the information in the comments.
+* [ ] I have explained my PR according to the information in the comments.
- [ ] My PR targets the `develop` branch.
+* [ ] My PR targets the `develop` branch.
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@ -5,40 +5,32 @@ on:
  push:
    branches-ignore:
      - release
      - renovate/**
  pull_request:
    branches-ignore:
      - release
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true
 jobs:
  lint:
    runs-on: ubuntu-latest
    name: Checks syntax of our code
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
        with:
          # Full git history is needed to get a proper
          # list of changed files within `super-linter`
          fetch-depth: 0
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v4
        with:
-          python-version: "3.9"
+          python-version: '3.9'
      - name: Lint Code Base
-        uses: github/super-linter@v7
+        uses: github/super-linter@v4
        env:
          DEFAULT_BRANCH: develop
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SUPPRESS_POSSUM: true
          LINTER_RULES_PATH: /
          VALIDATE_ALL_CODEBASE: false
          VALIDATE_CHECKOV: false
          VALIDATE_DOCKERFILE: false
          VALIDATE_GITLEAKS: false
          VALIDATE_JSCPD: false
          FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*)
          EDITORCONFIG_FILE_NAME: .ecrc
          DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml
@ -56,38 +48,31 @@ jobs:
          - PRERELEASE=true ./build-latest.sh
          - ./build.sh feature
          - ./build.sh develop
-        os:
+        platform:
-          - ubuntu-latest
+          - linux/amd64
-          - self-hosted
+          - linux/arm64
      fail-fast: false
    env:
      GH_ACTION: enable
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      IMAGE_NAMES: docker.io/netboxcommunity/netbox
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
    name: Builds new NetBox Docker Images
    steps:
      - id: git-checkout
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - id: qemu-setup
        name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - id: buildx-setup
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
      - id: arm-buildx-platform
        name: Set BUILDX_PLATFORM to ARM64
        if: matrix.os == 'self-hosted'
        run: |
          echo "BUILDX_PLATFORM=linux/arm64" >>"${GITHUB_ENV}"
      - id: docker-build
-        name: Build the image for '${{ matrix.os }}' with '${{ matrix.build_cmd }}'
+        name: Build the image for '${{ matrix.platform }}' with '${{ matrix.build_cmd }}'
        run: ${{ matrix.build_cmd }}
        env:
          BUILDX_PLATFORM: ${{ matrix.platform }}
          BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }}
      - id: arm-time-limit
        name: Set Netbox container start_period higher on ARM64
        if: matrix.os == 'self-hosted'
        run: |
          echo "NETBOX_START_PERIOD=240s" >>"${GITHUB_ENV}"
      - id: docker-test
        name: Test the image
        run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -6,7 +6,7 @@ on:
    types:
      - published
  schedule:
-    - cron: "45 5 * * *"
+    - cron: '45 5 * * *'
  workflow_dispatch:
 jobs:
@ -25,60 +25,59 @@ jobs:
    name: Builds new NetBox Docker Images
    env:
      GH_ACTION: enable
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      IMAGE_NAMES: docker.io/netboxcommunity/netbox quay.io/netboxcommunity/netbox ghcr.io/netbox-community/netbox
    steps:
      - id: source-checkout
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - id: set-netbox-docker-version
        name: Get Version of NetBox Docker
-        run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT"
+        run: echo "::set-output name=version::$(cat VERSION)"
        shell: bash
-      - id: check-build-needed
+      - id: qemu-setup
-        name: Check if the build is needed for '${{ matrix.build_cmd }}'
+        name: Set up QEMU
-        env:
+        uses: docker/setup-qemu-action@v2
-          CHECK_ONLY: "true"
+      - id: buildx-setup
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - id: docker-build
        name: Build the image with '${{ matrix.build_cmd }}'
        run: ${{ matrix.build_cmd }}
      - id: test-image
        name: Test the image
        run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh
        if: steps.docker-build.outputs.skipped != 'true'
      # docker.io
      - id: docker-io-login
        name: Login to docker.io
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
        with:
          registry: docker.io
          username: ${{ secrets.dockerhub_username }}
          password: ${{ secrets.dockerhub_password }}
-        if: steps.check-build-needed.outputs.skipped != 'true'
+        if: steps.docker-build.outputs.skipped != 'true'
      - id: buildx-setup
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: "lab:latest"
          driver: cloud
          endpoint: "netboxcommunity/netbox-default"
        if: steps.check-build-needed.outputs.skipped != 'true'
      # quay.io
      - id: quay-io-login
        name: Login to Quay.io
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
        with:
          registry: quay.io
          username: ${{ secrets.quayio_username }}
          password: ${{ secrets.quayio_password }}
-        if: steps.check-build-needed.outputs.skipped != 'true'
+        if: steps.docker-build.outputs.skipped != 'true'
      # ghcr.io
      - id: ghcr-io-login
        name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
-        if: steps.check-build-needed.outputs.skipped != 'true'
+        if: steps.docker-build.outputs.skipped != 'true'
      - id: build-and-push
        name: Push the image
        run: ${{ matrix.build_cmd }} --push
-        if: steps.check-build-needed.outputs.skipped != 'true'
+        if: steps.docker-build.outputs.skipped != 'true'
        env:
          BUILDX_PLATFORM: ${{ matrix.platform }}
          BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }}
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,7 @@
 *.sql.gz
 .netbox
-.python-version
+.initializers
 docker-compose.override.yml
 *.pem
 configuration/*
 !configuration/configuration.py
@ -10,4 +11,5 @@ configuration/ldap/*
 !configuration/ldap/ldap_config.py
 !configuration/logging.py
 !configuration/plugins.py
 prometheus.yml
 super-linter.log
--- a/.yamllint.yaml
+++ b/.yamllint.yaml
@ -1,4 +1,5 @@
 ---
 rules:
  line-length:
-    max: 160
+    max: 120
--- a/47
+++ b/47
@ -1,5 +1,5 @@
 ARG FROM
-FROM ${FROM} AS builder
+FROM ${FROM} as builder
 RUN export DEBIAN_FRONTEND=noninteractive \
    && apt-get update -qq \
@ -13,12 +13,6 @@ RUN export DEBIAN_FRONTEND=noninteractive \
      libpq-dev \
      libsasl2-dev \
      libssl-dev \
      libxml2-dev \
      libxmlsec1 \
      libxmlsec1-dev \
      libxmlsec1-openssl \
      libxslt-dev \
      pkg-config \
      python3-dev \
      python3-pip \
      python3-venv \
@ -30,14 +24,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \
 ARG NETBOX_PATH
 COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt /
-RUN \
+RUN /opt/netbox/venv/bin/pip install \
    # Gunicorn is not needed because we use Nginx Unit
    sed -i -e '/gunicorn/d' /requirements.txt && \
    # We need 'social-auth-core[all]' in the Docker image. But if we put it in our own requirements-container.txt
    # we have potential version conflicts and the build will fail.
    # That's why we just replace it in the original requirements.txt.
    sed -i -e 's/social-auth-core/social-auth-core\[all\]/g' /requirements.txt && \
    /opt/netbox/venv/bin/pip install \
      -r /requirements.txt \
      -r /requirements-container.txt
@ -46,7 +33,7 @@ RUN \
 ###
 ARG FROM
-FROM ${FROM} AS main
+FROM ${FROM} as main
 RUN export DEBIAN_FRONTEND=noninteractive \
    && apt-get update -qq \
@ -54,39 +41,37 @@ RUN export DEBIAN_FRONTEND=noninteractive \
      --yes -qq --no-install-recommends \
    && apt-get install \
      --yes -qq --no-install-recommends \
      bzip2 \
      ca-certificates \
      curl \
      libldap-common \
      libpq5 \
      libxmlsec1-openssl \
      openssh-client \
      openssl \
      python3 \
      python3-distutils \
      tini \
-    && curl --silent --output /usr/share/keyrings/nginx-keyring.gpg \
+    && curl -sL https://nginx.org/keys/nginx_signing.key \
-      https://unit.nginx.org/keys/nginx-keyring.gpg \
+      > /etc/apt/trusted.gpg.d/nginx.asc && \
-    && echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ noble unit" \
+    echo "deb https://packages.nginx.org/unit/ubuntu/ jammy unit" \
      > /etc/apt/sources.list.d/unit.list \
    && apt-get update -qq \
    && apt-get install \
      --yes -qq --no-install-recommends \
-      unit=1.33.0-1~noble \
+      unit=1.27.0-1~jammy \
-      unit-python3.12=1.33.0-1~noble \
+      unit-python3.10=1.27.0-1~jammy \
    && rm -rf /var/lib/apt/lists/*
 COPY --from=builder /opt/netbox/venv /opt/netbox/venv
 ARG NETBOX_PATH
 COPY ${NETBOX_PATH} /opt/netbox
 # Copy the modified 'requirements*.txt' files, to have the files actually used during installation
 COPY --from=builder /requirements.txt /requirements-container.txt /opt/netbox/
 COPY docker/configuration.docker.py /opt/netbox/netbox/netbox/configuration.py
 COPY docker/ldap_config.docker.py /opt/netbox/netbox/netbox/ldap_config.py
 COPY docker/docker-entrypoint.sh /opt/netbox/docker-entrypoint.sh
 COPY docker/housekeeping.sh /opt/netbox/housekeeping.sh
 COPY docker/launch-netbox.sh /opt/netbox/launch-netbox.sh
 COPY startup_scripts/ /opt/netbox/startup_scripts/
 COPY initializers/ /opt/netbox/initializers/
 COPY configuration/ /etc/netbox/config/
 COPY docker/nginx-unit.json /etc/unit/
@ -95,13 +80,13 @@ WORKDIR /opt/netbox/netbox
 # Must set permissions for '/opt/netbox/netbox/media' directory
 # to g+w so that pictures can be uploaded to netbox.
 RUN mkdir -p static /opt/unit/state/ /opt/unit/tmp/ \
-      && chown -R unit:root /opt/unit/ media reports scripts \
+      && chown -R unit:root media /opt/unit/ \
-      && chmod -R g+w /opt/unit/ media reports scripts \
+      && chmod -R g+w media /opt/unit/ \
-      && cd /opt/netbox/ && SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python -m mkdocs build \
+      && cd /opt/netbox/ && SECRET_KEY="dummy" /opt/netbox/venv/bin/python -m mkdocs build \
          --config-file /opt/netbox/mkdocs.yml --site-dir /opt/netbox/netbox/project-static/docs/ \
-      && SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input
+      && SECRET_KEY="dummy" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input
-ENV LANG=C.utf8 PATH=/opt/netbox/venv/bin:$PATH
+ENV LANG=C.UTF-8 PATH=/opt/netbox/venv/bin:$PATH
 ENTRYPOINT [ "/usr/bin/tini", "--" ]
 CMD [ "/opt/netbox/docker-entrypoint.sh", "/opt/netbox/launch-netbox.sh" ]
--- a/README.md
+++ b/README.md
@ -3,11 +3,11 @@
 [![GitHub release (latest by date)](https://img.shields.io/github/v/release/netbox-community/netbox-docker)][github-release]
 [![GitHub stars](https://img.shields.io/github/stars/netbox-community/netbox-docker)][github-stargazers]
 ![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed-raw/netbox-community/netbox-docker)
-![Github release workflow](https://img.shields.io/github/actions/workflow/status/netbox-community/netbox-docker/release.yml?branch=release)
+![Github release workflow](https://img.shields.io/github/workflow/status/netbox-community/netbox-docker/release)
 ![Docker Pulls](https://img.shields.io/docker/pulls/netboxcommunity/netbox)
 [![GitHub license](https://img.shields.io/github/license/netbox-community/netbox-docker)][netbox-docker-license]
-[The GitHub repository][netbox-docker-github] houses the components needed to build NetBox as a container.
+[The GitHub repository](netbox-docker-github) houses the components needed to build NetBox as a container.
 Images are built regularly using the code in that repository and are pushed to [Docker Hub][netbox-dockerhub], [Quay.io][netbox-quayio] and [GitHub Container Registry][netbox-ghcr].
 Do you have any questions?
@ -16,6 +16,7 @@ please join [our Slack][netbox-docker-slack] and ask for help in the [`#netbox-d
 [github-stargazers]: https://github.com/netbox-community/netbox-docker/stargazers
 [github-release]: https://github.com/netbox-community/netbox-docker/releases
 [netbox-docker-microbadger]: https://microbadger.com/images/netboxcommunity/netbox
 [netbox-dockerhub]: https://hub.docker.com/r/netboxcommunity/netbox/
 [netbox-quayio]: https://quay.io/repository/netboxcommunity/netbox
 [netbox-ghcr]: https://github.com/netbox-community/netbox-docker/pkgs/container/netbox
@ -34,28 +35,28 @@ There is a more complete [_Getting Started_ guide on our wiki][wiki-getting-star
 git clone -b release https://github.com/netbox-community/netbox-docker.git
 cd netbox-docker
 tee docker-compose.override.yml <<EOF
 version: '3.4'
 services:
  netbox:
    ports:
      - 8000:8080
 EOF
-docker compose pull
+docker-compose pull
-docker compose up
+docker-compose up
 ```
 The whole application will be available after a few minutes.
 Open the URL `http://0.0.0.0:8000/` in a web-browser.
 You should see the NetBox homepage.
 In the top-right corner you can login.
 The default credentials are:
-To create the first admin user run this command:
+* Username: **admin**
-
+* Password: **admin**
-```bash
+* API Token: **0123456789abcdef0123456789abcdef01234567**
 docker compose exec netbox /opt/netbox/netbox/manage.py createsuperuser
 ```
 If you need to restart Netbox from an empty database often, you can also set the `SUPERUSER_*` variables in your `docker-compose.override.yml` as shown in the example.
 [wiki-getting-started]: https://github.com/netbox-community/netbox-docker/wiki/Getting-Started
 [docker-reception]: https://github.com/nxt-engineering/reception
 ## Container Image Tags
@ -91,14 +92,22 @@ For each of the above tag, there is an extra tag:
  This is the same version as `snapshot-a.b.c`.
  It always points to the latest version of _NetBox Docker_.
 Then there is currently one extra tags for each of the above tags:
 * `-ldap`:
  These container images contain additional dependencies and configuration files for connecting NetBox to an LDAP directory.
  [Learn more about that in our wiki][netbox-docker-ldap].
 [netbox-releases]: https://github.com/netbox-community/netbox/releases
 [netbox-master]: https://github.com/netbox-community/netbox/tree/master
 [netbox-develop]: https://github.com/netbox-community/netbox/tree/develop
 [netbox-branches]: https://github.com/netbox-community/netbox/branches
 [netbox-docker-ldap]: https://github.com/netbox-community/netbox-docker/wiki/LDAP
 ## Documentation
 Please refer [to our wiki on GitHub][netbox-docker-wiki] for further information on how to use the NetBox Docker image properly.
-The wiki covers advanced topics such as using files for secrets, configuring TLS, deployment to Kubernetes, monitoring and configuring LDAP.
+The wiki covers advanced topics such as using files for secrets, configuring TLS, deployment to Kubernetes, monitoring and configuring NAPALM and LDAP.
 Our wiki is a community effort.
 Feel free to correct errors, update outdated information or provide additional guides and insights.
@ -118,13 +127,12 @@ you may find [the `#netbox` channel][netbox-slack-channel] on the same Slack ins
 ## Dependencies
-This project relies only on _Docker_ and _docker-compose_ meeting these requirements:
+This project relies only on *Docker* and *docker-compose* meeting these requirements:
-* The _Docker version_ must be at least `20.10.10`.
+* The *Docker version* must be at least `19.03`.
-* The _containerd version_ must be at least `1.5.6`.
+* The *docker-compose version* must be at least `1.28.0`.
 * The _docker-compose version_ must be at least `1.28.0`.
-To check the version installed on your system run `docker --version` and `docker compose version`.
+To check the version installed on your system run `docker --version` and `docker-compose --version`.
 ## Updating
--- a/2
+++ b/2
@ -1 +1 @@
-3.0.2
+2.1.0
--- a/build-functions/check-commands.sh
+++ b/build-functions/check-commands.sh
@ -1,9 +0,0 @@
 #!/bin/bash
 NEEDED_COMMANDS="curl jq docker skopeo"
 for c in $NEEDED_COMMANDS; do
  if ! command -v "$c" &>/dev/null; then
    echo "⚠️  '$c' is not installed. Can't proceed with build."
    exit 1
  fi
 done
--- a/build-functions/get-public-image-config.sh
+++ b/build-functions/get-public-image-config.sh
@ -1,18 +1,82 @@
 #!/bin/bash
-
+# Retrieves image configuration from public images in DockerHub
-check_if_tags_exists() {
+# Functions from https://gist.github.com/cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1
-  local image=$1
+# Optimised for our use case
  local tag=$2
  skopeo list-tags "docker://$image" | jq -r ".Tags | contains([\"$tag\"])"
 }
 get_image_label() {
  local label=$1
  local image=$2
-  skopeo inspect "docker://$image" | jq -r ".Labels[\"$label\"]"
+  local tag=$3
  local token
  token=$(_get_token "$image")
  local digest
  digest=$(_get_digest "$image" "$tag" "$token")
  local retval="null"
  if [ "$digest" != "null" ]; then
    retval=$(_get_image_configuration "$image" "$token" "$digest" "$label")
  fi
  echo "$retval"
 }
 get_image_layers() {
  local image=$1
  local tag=$2
  local token
  token=$(_get_token "$image")
  _get_layers "$image" "$tag" "$token"
 }
 get_image_last_layer() {
  local image=$1
-  skopeo inspect "docker://$image" | jq -r ".Layers | last"
+  local tag=$2
  local token
  token=$(_get_token "$image")
  local layers
  mapfile -t layers < <(_get_layers "$image" "$tag" "$token")
  echo "${layers[-1]}"
 }
 _get_image_configuration() {
  local image=$1
  local token=$2
  local digest=$3
  local label=$4
  curl \
    --silent \
    --location \
    --header "Authorization: Bearer $token" \
    "https://registry-1.docker.io/v2/$image/blobs/$digest" |
    jq -r ".config.Labels.\"$label\""
 }
 _get_token() {
  local image=$1
  curl \
    --silent \
    "https://auth.docker.io/token?scope=repository:$image:pull&service=registry.docker.io" |
    jq -r '.token'
 }
 _get_digest() {
  local image=$1
  local tag=$2
  local token=$3
  curl \
    --silent \
    --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
    --header "Authorization: Bearer $token" \
    "https://registry-1.docker.io/v2/$image/manifests/$tag" |
    jq -r '.config.digest'
 }
 _get_layers() {
  local image=$1
  local tag=$2
  local token=$3
  curl \
    --silent \
    --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
    --header "Authorization: Bearer $token" \
    "https://registry-1.docker.io/v2/$image/manifests/$tag" |
    jq -r '.layers[].digest'
 }
--- a/build-functions/gh-functions.sh
+++ b/build-functions/gh-functions.sh
@ -19,14 +19,3 @@ gh_env() {
    echo "${@}" >>"${GITHUB_ENV}"
  fi
 }
 ###
 # Prints the output to the file defined in ${GITHUB_OUTPUT}.
 # Only executes if ${GH_ACTION} is defined.
 # Example Usage: gh_env "FOO_VAR=bar_value"
 ###
 gh_out() {
  if [ -n "${GH_ACTION}" ]; then
    echo "${@}" >>"$GITHUB_OUTPUT"
  fi
 }
--- a/build-latest.sh
+++ b/build-latest.sh
@ -1,27 +1,26 @@
 #!/bin/bash
 # Builds the latest released version
 # Check if we have everything needed for the build
 source ./build-functions/check-commands.sh
 source ./build-functions/gh-functions.sh
 echo "▶️ $0 $*"
-CURL_ARGS=(
+###
-  --silent
+# Check for the jq library needed for parsing JSON
-)
+###
 if ! command -v jq; then
  echo "⚠️  jq command missing from \$PATH!"
  exit 1
 fi
 ###
-# Checking for the presence of GITHUB_TOKEN
+# Checking for the presence of GITHUB_OAUTH_CLIENT_ID
 # and GITHUB_OAUTH_CLIENT_SECRET
 ###
-if [ -n "${GITHUB_TOKEN}" ]; then
+if [ -n "${GITHUB_OAUTH_CLIENT_ID}" ] && [ -n "${GITHUB_OAUTH_CLIENT_SECRET}" ]; then
  echo "🗝 Performing authenticated Github API calls."
-  CURL_ARGS+=(
+  GITHUB_OAUTH_PARAMS="client_id=${GITHUB_OAUTH_CLIENT_ID}&client_secret=${GITHUB_OAUTH_CLIENT_SECRET}"
    --header "Authorization: Bearer ${GITHUB_TOKEN}"
  )
 else
  echo "🕶 Performing unauthenticated Github API calls. This might result in lower Github rate limits!"
  GITHUB_OAUTH_PARAMS=""
 fi
 ###
@ -43,27 +42,31 @@ fi
 ###
 ORIGINAL_GITHUB_REPO="netbox-community/netbox"
 GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}"
-URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases"
+URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases?${GITHUB_OAUTH_PARAMS}"
 # Composing the JQ commans to extract the most recent version number
 JQ_LATEST="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==${PRERELEASE-false}) | .tag_name"
-CURL="curl"
+CURL="curl -sS"
 # Querying the Github API to fetch the most recent version number
-VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_LATEST}" 2>/dev/null)
+VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_LATEST}")
 ###
 # Check if the prerelease version is actually higher than stable version
 ###
 if [ "${PRERELEASE}" == "true" ]; then
  JQ_STABLE="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==false) | .tag_name"
-  STABLE_VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_STABLE}" 2>/dev/null)
+  STABLE_VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_STABLE}")
-  MAJOR_STABLE=$(expr "${STABLE_VERSION}" : 'v\([0-9]\+\)')
+  # shellcheck disable=SC2003
-  MINOR_STABLE=$(expr "${STABLE_VERSION}" : 'v[0-9]\+\.\([0-9]\+\)')
+  MAJOR_STABLE=$(expr match "${STABLE_VERSION}" 'v\([0-9]\+\)')
-  MAJOR_UNSTABLE=$(expr "${VERSION}" : 'v\([0-9]\+\)')
+  # shellcheck disable=SC2003
-  MINOR_UNSTABLE=$(expr "${VERSION}" : 'v[0-9]\+\.\([0-9]\+\)')
+  MINOR_STABLE=$(expr match "${STABLE_VERSION}" 'v[0-9]\+\.\([0-9]\+\)')
  # shellcheck disable=SC2003
  MAJOR_UNSTABLE=$(expr match "${VERSION}" 'v\([0-9]\+\)')
  # shellcheck disable=SC2003
  MINOR_UNSTABLE=$(expr match "${VERSION}" 'v[0-9]\+\.\([0-9]\+\)')
  if {
    [ "${MAJOR_STABLE}" -eq "${MAJOR_UNSTABLE}" ] &&
@ -72,7 +75,10 @@ if [ "${PRERELEASE}" == "true" ]; then
    echo "❎ Latest unstable version '${VERSION}' is not higher than the latest stable version '$STABLE_VERSION'."
    if [ -z "$DEBUG" ]; then
-      gh_out "skipped=true"
+      if [ -n "${GH_ACTION}" ]; then
        echo "::set-output name=skipped::true"
      fi
      exit 0
    else
      echo "⚠️ Would exit here with code '0', but DEBUG is enabled."
--- a/build.sh
+++ b/build.sh
@ -6,131 +6,96 @@ echo "▶️ $0 $*"
 set -e
 if [ "${1}x" == "x" ] || [ "${1}" == "--help" ] || [ "${1}" == "-h" ]; then
-  _BOLD=$(tput bold)
+  echo "Usage: ${0} <branch> [--push]"
-  _GREEN=$(tput setaf 2)
+  echo "  branch       The branch or tag to build. Required."
-  _CYAN=$(tput setaf 6)
+  echo "  --push       Pushes the built Docker image to the registry."
-  _CLEAR=$(tput sgr0)
+  echo ""
-
+  echo "You can use the following ENV variables to customize the build:"
-  cat <<END_OF_HELP
+  echo "  SRC_ORG     Which fork of netbox to use (i.e. github.com/\${SRC_ORG}/\${SRC_REPO})."
-${_BOLD}Usage:${_CLEAR} ${0} <branch> [--push]
+  echo "              Default: netbox-community"
-
+  echo "  SRC_REPO    The name of the repository to use (i.e. github.com/\${SRC_ORG}/\${SRC_REPO})."
-branch       The branch or tag to build. Required.
+  echo "              Default: netbox"
--push       Pushes the built container image to the registry.
+  echo "  URL         Where to fetch the code from."
-
+  echo "              Must be a git repository. Can be private."
-${_BOLD}You can use the following ENV variables to customize the build:${_CLEAR}
+  echo "              Default: https://github.com/\${SRC_ORG}/\${SRC_REPO}.git"
-
+  echo "  NETBOX_PATH The path where netbox will be checkout out."
-SRC_ORG     Which fork of netbox to use (i.e. github.com/\${SRC_ORG}/\${SRC_REPO}).
+  echo "              Must not be outside of the netbox-docker repository (because of Docker)!"
-            ${_GREEN}Default:${_CLEAR} netbox-community
+  echo "              Default: .netbox"
-            
+  echo "  SKIP_GIT    If defined, git is not invoked and \${NETBOX_PATH} will not be altered."
-SRC_REPO    The name of the repository to use (i.e. github.com/\${SRC_ORG}/\${SRC_REPO}).
+  echo "              This may be useful, if you are manually managing the NETBOX_PATH."
-            ${_GREEN}Default:${_CLEAR} netbox
+  echo "              Default: undefined"
-            
+  echo "  TAG         The version part of the docker tag."
-URL         Where to fetch the code from.
+  echo "              Default:"
-            Must be a git repository. Can be private.
+  echo "                When <branch>=master:  latest"
-            ${_GREEN}Default:${_CLEAR} https://github.com/\${SRC_ORG}/\${SRC_REPO}.git
+  echo "                When <branch>=develop: snapshot"
-
+  echo "                Else:                  same as <branch>"
-NETBOX_PATH The path where netbox will be checkout out.
+  echo "  IMAGE_NAMES The names used for the image including the registry"
-            Must not be outside of the netbox-docker repository (because of Docker)!
+  echo "              Used for tagging the image."
-            ${_GREEN}Default:${_CLEAR} .netbox
+  echo "              Default: docker.io/netboxcommunity/netbox"
-
+  echo "              Example: 'docker.io/netboxcommunity/netbox quay.io/netboxcommunity/netbox'"
-SKIP_GIT    If defined, git is not invoked and \${NETBOX_PATH} will not be altered.
+  echo "  DOCKER_TAG  The name of the tag which is applied to the image."
-            This may be useful, if you are manually managing the NETBOX_PATH.
+  echo "              Useful for pushing into another registry than hub.docker.com."
-            ${_GREEN}Default:${_CLEAR} undefined
+  echo "              Default: \${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}:\${TAG}"
-
+  echo "  DOCKER_SHORT_TAG The name of the short tag which is applied to the"
-TAG         The version part of the image tag.
+  echo "              image. This is used to tag all patch releases to their"
-            ${_GREEN}Default:${_CLEAR}
+  echo "              containing version e.g. v2.5.1 -> v2.5"
-              When <branch>=master:  latest
+  echo "              Default: \${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}:<MAJOR>.<MINOR>"
-              When <branch>=develop: snapshot
+  echo "  DOCKERFILE  The name of Dockerfile to use."
-              Else:                  same as <branch>
+  echo "              Default: Dockerfile"
-
+  echo "  DOCKER_FROM The base image to use."
-IMAGE_NAMES The names used for the image including the registry
+  echo "              Default: 'ubuntu:22.04'"
-            Used for tagging the image.
+  echo "  BUILDX_PLATFORMS"
-            ${_GREEN}Default:${_CLEAR} docker.io/netboxcommunity/netbox
+  echo "            Specifies the platform(s) to build the image for."
-            ${_CYAN}Example:${_CLEAR} 'docker.io/netboxcommunity/netbox quay.io/netboxcommunity/netbox'
+  echo "            Example: 'linux/amd64,linux/arm64'"
-
+  echo "            Default: 'linux/amd64'"
-DOCKER_TAG  The name of the tag which is applied to the image.
+  echo "  BUILDX_BUILDER_NAME"
-            Useful for pushing into another registry than hub.docker.com.
+  echo "              If defined, the image build will be assigned to the given builder."
-            ${_GREEN}Default:${_CLEAR} \${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}:\${TAG}
+  echo "              If you specify this variable, make sure that the builder exists."
-
+  echo "              If this value is not defined, a new builx builder with the directory name of the"
-DOCKER_SHORT_TAG The name of the short tag which is applied to the
+  echo "              current directory (i.e. '$(basename "${PWD}")') is created."
-            image. This is used to tag all patch releases to their
+  echo "              Example: 'clever_lovelace'"
-            containing version e.g. v2.5.1 -> v2.5
+  echo "              Default: undefined"
-            ${_GREEN}Default:${_CLEAR} \${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}:<MAJOR>.<MINOR>
+  echo "  BUILDX_REMOVE_BUILDER"
-
+  echo "              If defined (and only if BUILDX_BUILDER_NAME is undefined),"
-DOCKERFILE  The name of Dockerfile to use.
+  echo "              then the buildx builder created by this script will be removed after use."
-            ${_GREEN}Default:${_CLEAR} Dockerfile
+  echo "              This is useful if you build NetBox Docker on an automated system that does"
-
+  echo "              not manage the builders for you."
-DOCKER_FROM The base image to use.
+  echo "              Example: 'on'"
-            ${_GREEN}Default:${_CLEAR} 'ubuntu:24.04'
+  echo "              Default: undefined"
-
+  echo "  HTTP_PROXY  The proxy to use for http requests."
-BUILDX_PLATFORMS
+  echo "              Example: http://proxy.domain.tld:3128"
-            Specifies the platform(s) to build the image for.
+  echo "              Default: undefined"
-            ${_CYAN}Example:${_CLEAR} 'linux/amd64,linux/arm64'
+  echo "  NO_PROXY    Comma-separated list of domain extensions proxy should not be used for."
-            ${_GREEN}Default:${_CLEAR} 'linux/amd64'
+  echo "              Example: .domain1.tld,.domain2.tld"
-
+  echo "              Default: undefined"
-BUILDX_BUILDER_NAME
+  echo "  DEBUG       If defined, the script does not stop when certain checks are unsatisfied."
-            If defined, the image build will be assigned to the given builder.
+  echo "              Default: undefined"
-            If you specify this variable, make sure that the builder exists.
+  echo "  DRY_RUN     Prints all build statements instead of running them."
-            If this value is not defined, a new builx builder with the directory name of the
+  echo "              Default: undefined"
-            current directory (i.e. '$(basename "${PWD}")') is created."
+  echo "  GH_ACTION   If defined, special 'echo' statements are enabled that set the"
-            ${_CYAN}Example:${_CLEAR} 'clever_lovelace'
+  echo "              following environment variables in Github Actions:"
-            ${_GREEN}Default:${_CLEAR} undefined
+  echo "              - FINAL_DOCKER_TAG: The final value of the DOCKER_TAG env variable"
-
+  echo "              Default: undefined"
-BUILDX_REMOVE_BUILDER
+  echo ""
-            If defined (and only if BUILDX_BUILDER_NAME is undefined),
+  echo "Examples:"
-            then the buildx builder created by this script will be removed after use.
+  echo "  ${0} master"
-            This is useful if you build NetBox Docker on an automated system that does
+  echo "              This will fetch the latest 'master' branch, build a Docker Image and tag it"
-            not manage the builders for you.
+  echo "              'netboxcommunity/netbox:latest'."
-            ${_CYAN}Example:${_CLEAR} 'on'
+  echo "  ${0} develop"
-            ${_GREEN}Default:${_CLEAR} undefined
+  echo "              This will fetch the latest 'develop' branch, build a Docker Image and tag it"
-
+  echo "              'netboxcommunity/netbox:snapshot'."
-HTTP_PROXY  The proxy to use for http requests.
+  echo "  ${0} v2.6.6"
-            ${_CYAN}Example:${_CLEAR} http://proxy.domain.tld:3128
+  echo "              This will fetch the 'v2.6.6' tag, build a Docker Image and tag it"
-            ${_GREEN}Default:${_CLEAR} undefined
+  echo "              'netboxcommunity/netbox:v2.6.6' and 'netboxcommunity/netbox:v2.6'."
-
+  echo "  ${0} develop-2.7"
-NO_PROXY    Comma-separated list of domain extensions proxy should not be used for.
+  echo "              This will fetch the 'develop-2.7' branch, build a Docker Image and tag it"
-            ${_CYAN}Example:${_CLEAR} .domain1.tld,.domain2.tld
+  echo "              'netboxcommunity/netbox:develop-2.7'."
-            ${_GREEN}Default:${_CLEAR} undefined
+  echo "  SRC_ORG=cimnine ${0} feature-x"
-
+  echo "              This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,"
-DEBUG       If defined, the script does not stop when certain checks are unsatisfied.
+  echo "              build a Docker Image and tag it 'netboxcommunity/netbox:feature-x'."
-            ${_GREEN}Default:${_CLEAR} undefined
+  echo "  SRC_ORG=cimnine DOCKER_ORG=cimnine ${0} feature-x"
-
+  echo "              This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,"
-DRY_RUN     Prints all build statements instead of running them.
+  echo "              build a Docker Image and tag it 'cimnine/netbox:feature-x'."
            ${_GREEN}Default:${_CLEAR} undefined
 GH_ACTION   If defined, special 'echo' statements are enabled that set the
            following environment variables in Github Actions:
            - FINAL_DOCKER_TAG: The final value of the DOCKER_TAG env variable
            ${_GREEN}Default:${_CLEAR} undefined
 CHECK_ONLY  Only checks if the build is needed and sets the GH Action output.
 ${_BOLD}Examples:${_CLEAR}
 ${0} master
            This will fetch the latest 'master' branch, build a Docker Image and tag it
            'netboxcommunity/netbox:latest'.
 ${0} develop
            This will fetch the latest 'develop' branch, build a Docker Image and tag it
            'netboxcommunity/netbox:snapshot'.
 ${0} v2.6.6
            This will fetch the 'v2.6.6' tag, build a Docker Image and tag it
            'netboxcommunity/netbox:v2.6.6' and 'netboxcommunity/netbox:v2.6'.
 ${0} develop-2.7
            This will fetch the 'develop-2.7' branch, build a Docker Image and tag it
            'netboxcommunity/netbox:develop-2.7'.
 SRC_ORG=cimnine ${0} feature-x
            This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,
            build a Docker Image and tag it 'netboxcommunity/netbox:feature-x'.
 SRC_ORG=cimnine DOCKER_ORG=cimnine ${0} feature-x
            This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,
            build a Docker Image and tag it 'cimnine/netbox:feature-x'.
 END_OF_HELP
  if [ "${1}x" == "x" ]; then
    exit 1
@ -139,10 +104,6 @@ END_OF_HELP
  fi
 fi
 # Check if we have everything needed for the build
 source ./build-functions/check-commands.sh
 # Load all build functions
 source ./build-functions/get-public-image-config.sh
 source ./build-functions/gh-functions.sh
 IMAGE_NAMES="${IMAGE_NAMES-docker.io/netboxcommunity/netbox}"
@ -176,7 +137,7 @@ if [ "${2}" != "--push-only" ] && [ -z "${SKIP_GIT}" ]; then
  REMOTE_EXISTS=$(git ls-remote --heads --tags "${URL}" "${NETBOX_BRANCH}" | wc -l)
  if [ "${REMOTE_EXISTS}" == "0" ]; then
    echo "❌ Remote branch '${NETBOX_BRANCH}' not found in '${URL}'; Nothing to do"
-    gh_out "skipped=true"
+    gh_echo "::set-output name=skipped::true"
    exit 0
  fi
  echo "🌐 Checking out '${NETBOX_BRANCH}' of NetBox from the url '${URL}' into '${NETBOX_PATH}'"
@ -221,7 +182,7 @@ fi
 # Determining the value for DOCKER_FROM
 ###
 if [ -z "$DOCKER_FROM" ]; then
-  DOCKER_FROM="docker.io/ubuntu:24.04"
+  DOCKER_FROM="ubuntu:22.04"
 fi
 ###
@ -306,37 +267,39 @@ if [ -n "${TARGET_DOCKER_SHORT_TAG}" ]; then
  done
 fi
 FINAL_DOCKER_TAG="${IMAGE_NAME_TAGS[0]}"
 gh_env "FINAL_DOCKER_TAG=${IMAGE_NAME_TAGS[0]}"
 ###
 # Checking if the build is necessary,
 # meaning build only if one of those values changed:
 # - a new tag is beeing created
 # - base image digest
 # - netbox git ref (Label: netbox.git-ref)
 # - netbox-docker git ref (Label: org.opencontainers.image.revision)
 ###
-# Load information from registry (only for first registry in "IMAGE_NAMES")
+# Load information from registry (only for docker.io)
 SHOULD_BUILD="false"
 BUILD_REASON=""
 if [ -z "${GH_ACTION}" ]; then
  # Asuming non Github builds should always proceed
  SHOULD_BUILD="true"
  BUILD_REASON="${BUILD_REASON} interactive"
-elif [ "false" == "$(check_if_tags_exists "${IMAGE_NAMES[0]}" "$TARGET_DOCKER_TAG")" ]; then
+elif [[ "${IMAGE_NAME_TAGS[0]}" = docker.io* ]]; then
-  SHOULD_BUILD="true"
+  source ./build-functions/get-public-image-config.sh
-  BUILD_REASON="${BUILD_REASON} newtag"
+  IFS=':' read -ra DOCKER_FROM_SPLIT <<<"${DOCKER_FROM}"
-else
+  if ! [[ ${DOCKER_FROM_SPLIT[0]} =~ .*/.* ]]; then
-  echo "Checking labels for '${FINAL_DOCKER_TAG}'"
+    # Need to use "library/..." for images the have no two part name
-  BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM}")
+    DOCKER_FROM_SPLIT[0]="library/${DOCKER_FROM_SPLIT[0]}"
-  OLD_BASE_LAST_LAYER=$(get_image_label netbox.last-base-image-layer "${FINAL_DOCKER_TAG}")
+  fi
-  NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${FINAL_DOCKER_TAG}")
+  IFS='/' read -ra ORG_REPO <<<"${IMAGE_NAMES[0]}"
-  GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${FINAL_DOCKER_TAG}")
+  echo "Checking labels for '${ORG_REPO[1]}' and '${ORG_REPO[2]}'"
  BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM_SPLIT[0]}" "${DOCKER_FROM_SPLIT[1]}")
  mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
  NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
  GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
-  if [ "${BASE_LAST_LAYER}" != "${OLD_BASE_LAST_LAYER}" ]; then
+  if ! printf '%s\n' "${IMAGES_LAYERS_OLD[@]}" | grep -q -P "^${BASE_LAST_LAYER}\$"; then
    SHOULD_BUILD="true"
-    BUILD_REASON="${BUILD_REASON} ubuntu"
+    BUILD_REASON="${BUILD_REASON} debian"
  fi
  if [ "${NETBOX_GIT_REF}" != "${NETBOX_GIT_REF_OLD}" ]; then
    SHOULD_BUILD="true"
@ -346,22 +309,20 @@ else
    SHOULD_BUILD="true"
    BUILD_REASON="${BUILD_REASON} netbox-docker"
  fi
 else
  SHOULD_BUILD="true"
  BUILD_REASON="${BUILD_REASON} no-check"
 fi
 if [ "${SHOULD_BUILD}" != "true" ]; then
  echo "Build skipped because sources didn't change"
-  gh_out "skipped=true"
+  echo "::set-output name=skipped::true"
  exit 0 # Nothing to do -> exit
 else
-  gh_out "skipped=false"
+  gh_echo "::set-output name=skipped::false"
 fi
 gh_echo "::endgroup::"
 if [ "${CHECK_ONLY}" = "true" ]; then
  echo "Only check if build needed was requested. Exiting"
  exit 0
 fi
 ###
 # Build the image
 ###
@ -399,7 +360,6 @@ fi
 if [ -n "${BUILD_REASON}" ]; then
  BUILD_REASON=$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' <<<"$BUILD_REASON")
  DOCKER_BUILD_ARGS+=(--label "netbox.build-reason=${BUILD_REASON}")
  DOCKER_BUILD_ARGS+=(--label "netbox.last-base-image-layer=${BASE_LAST_LAYER}")
 fi
 # --build-arg
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@ -7,17 +7,12 @@
 import re
 from os import environ
 from os.path import abspath, dirname, join
 from typing import Any, Callable, Tuple
-# For reference see https://docs.netbox.dev/en/stable/configuration/
+# For reference see https://netbox.readthedocs.io/en/stable/configuration/
-# Based on https://github.com/netbox-community/netbox/blob/develop/netbox/netbox/configuration_example.py
+# Based on https://github.com/netbox-community/netbox/blob/master/netbox/netbox/configuration.example.py
 ###
 # NetBox-Docker Helper functions
 ###
 # Read secret from file
-def _read_secret(secret_name: str, default: str | None = None) -> str | None:
+def _read_secret(secret_name, default = None):
    try:
        f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
    except EnvironmentError:
@ -26,25 +21,6 @@ def _read_secret(secret_name: str, default: str | None = None) -> str | None:
        with f:
            return f.readline().strip()
 # If the `map_fn` isn't defined, then the value that is read from the environment (or the default value if not found) is returned.
 # If the `map_fn` is defined, then `map_fn` is invoked and the value (that was read from the environment or the default value if not found)
 # is passed to it as a parameter. The value returned from `map_fn` is then the return value of this function.
 # The `map_fn` is not invoked, if the value (that was read from the environment or the default value if not found) is None.
 def _environ_get_and_map(variable_name: str, default: str | None = None, map_fn: Callable[[str], Any | None] = None) -> Any | None:
    env_value = environ.get(variable_name, default)
    if env_value == None:
        return env_value
    if not map_fn:
        return env_value
    return map_fn(env_value)
 _AS_BOOL = lambda value : value.lower() == 'true'
 _AS_INT = lambda value : int(value)
 _AS_LIST = lambda value : list(filter(None, value.split(' ')))
 _BASE_DIR = dirname(dirname(abspath(__file__)))
 #########################
@ -58,9 +34,6 @@ _BASE_DIR = dirname(dirname(abspath(__file__)))
 #
 # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
 ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ')
 # ensure that '*' or 'localhost' is always in ALLOWED_HOSTS (needed for health checks)
 if '*' not in ALLOWED_HOSTS and 'localhost' not in ALLOWED_HOSTS:
    ALLOWED_HOSTS.append('localhost')
 # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
 #   https://docs.djangoproject.com/en/stable/ref/settings/#databases
@ -73,9 +46,9 @@ DATABASE = {
    'PORT': environ.get('DB_PORT', ''),             # Database port (leave blank for default)
    'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')},
                                                    # Database connection SSLMODE
-    'CONN_MAX_AGE': _environ_get_and_map('DB_CONN_MAX_AGE', '300', _AS_INT),
+    'CONN_MAX_AGE': int(environ.get('DB_CONN_MAX_AGE', '300')),
                                                    # Max database connection age
-    'DISABLE_SERVER_SIDE_CURSORS': _environ_get_and_map('DB_DISABLE_SERVER_SIDE_CURSORS', 'False', _AS_BOOL),
+    'DISABLE_SERVER_SIDE_CURSORS': environ.get('DB_DISABLE_SERVER_SIDE_CURSORS', 'False').lower() == 'true',
                                                    # Disable the use of server-side cursors transaction pooling
 }
@ -85,26 +58,19 @@ DATABASE = {
 REDIS = {
    'tasks': {
        'HOST': environ.get('REDIS_HOST', 'localhost'),
-        'PORT': _environ_get_and_map('REDIS_PORT', 6379, _AS_INT),
+        'PORT': int(environ.get('REDIS_PORT', 6379)),
        'SENTINELS': [tuple(uri.split(':')) for uri in _environ_get_and_map('REDIS_SENTINELS', '', _AS_LIST) if uri != ''],
        'SENTINEL_SERVICE': environ.get('REDIS_SENTINEL_SERVICE', 'default'),
        'SENTINEL_TIMEOUT': _environ_get_and_map('REDIS_SENTINEL_TIMEOUT', 10, _AS_INT),
        'USERNAME': environ.get('REDIS_USERNAME', ''),
        'PASSWORD': _read_secret('redis_password', environ.get('REDIS_PASSWORD', '')),
-        'DATABASE': _environ_get_and_map('REDIS_DATABASE', 0, _AS_INT),
+        'DATABASE': int(environ.get('REDIS_DATABASE', 0)),
-        'SSL': _environ_get_and_map('REDIS_SSL', 'False', _AS_BOOL),
+        'SSL': environ.get('REDIS_SSL', 'False').lower() == 'true',
-        'INSECURE_SKIP_TLS_VERIFY': _environ_get_and_map('REDIS_INSECURE_SKIP_TLS_VERIFY', 'False', _AS_BOOL),
+        'INSECURE_SKIP_TLS_VERIFY': environ.get('REDIS_INSECURE_SKIP_TLS_VERIFY', 'False').lower() == 'true',
    },
    'caching': {
        'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')),
-        'PORT': _environ_get_and_map('REDIS_CACHE_PORT', environ.get('REDIS_PORT', '6379'), _AS_INT),
+        'PORT': int(environ.get('REDIS_CACHE_PORT', environ.get('REDIS_PORT', 6379))),
        'SENTINELS': [tuple(uri.split(':')) for uri in _environ_get_and_map('REDIS_CACHE_SENTINELS', '', _AS_LIST) if uri != ''],
        'SENTINEL_SERVICE': environ.get('REDIS_CACHE_SENTINEL_SERVICE', environ.get('REDIS_SENTINEL_SERVICE', 'default')),
        'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', '')),
        'PASSWORD': _read_secret('redis_cache_password', environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))),
-        'DATABASE': _environ_get_and_map('REDIS_CACHE_DATABASE', '1', _AS_INT),
+        'DATABASE': int(environ.get('REDIS_CACHE_DATABASE', 1)),
-        'SSL': _environ_get_and_map('REDIS_CACHE_SSL', environ.get('REDIS_SSL', 'False'), _AS_BOOL),
+        'SSL': environ.get('REDIS_CACHE_SSL', environ.get('REDIS_SSL', 'False')).lower() == 'true',
-        'INSECURE_SKIP_TLS_VERIFY': _environ_get_and_map('REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY', environ.get('REDIS_INSECURE_SKIP_TLS_VERIFY', 'False'), _AS_BOOL),
+        'INSECURE_SKIP_TLS_VERIFY': environ.get('REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY', environ.get('REDIS_INSECURE_SKIP_TLS_VERIFY', 'False')).lower() == 'true',
    },
 }
@ -121,230 +87,170 @@ SECRET_KEY = _read_secret('secret_key', environ.get('SECRET_KEY', ''))
 #                       #
 #########################
-# # Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
+# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
-# # application errors (assuming correct email settings are provided).
+# application errors (assuming correct email settings are provided).
-# ADMINS = [
+ADMINS = [
-#    # ['John Doe', 'jdoe@example.com'],
+    # ['John Doe', 'jdoe@example.com'],
-# ]
+]
-if 'ALLOWED_URL_SCHEMES' in environ:
+# URL schemes that are allowed within links in NetBox
-    ALLOWED_URL_SCHEMES = _environ_get_and_map('ALLOWED_URL_SCHEMES', None, _AS_LIST)
+ALLOWED_URL_SCHEMES = (
    'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
 )
 # Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
 # content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
-if 'BANNER_TOP' in environ:
+BANNER_TOP = environ.get('BANNER_TOP', '')
-    BANNER_TOP = environ.get('BANNER_TOP', None)
+BANNER_BOTTOM = environ.get('BANNER_BOTTOM', '')
 if 'BANNER_BOTTOM' in environ:
    BANNER_BOTTOM = environ.get('BANNER_BOTTOM', None)
 # Text to include on the login page above the login form. HTML is allowed.
-if 'BANNER_LOGIN' in environ:
+BANNER_LOGIN = environ.get('BANNER_LOGIN', '')
-    BANNER_LOGIN = environ.get('BANNER_LOGIN', None)
+
 # Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
 # BASE_PATH = 'netbox/'
 BASE_PATH = environ.get('BASE_PATH', '')
 # Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
-if 'CHANGELOG_RETENTION' in environ:
+CHANGELOG_RETENTION = int(environ.get('CHANGELOG_RETENTION', 90))
    CHANGELOG_RETENTION = _environ_get_and_map('CHANGELOG_RETENTION', None, _AS_INT)
 # Maximum number of days to retain job results (scripts and reports). Set to 0 to retain job results in the database indefinitely. (Default: 90)
 if 'JOB_RETENTION' in environ:
    JOB_RETENTION = _environ_get_and_map('JOB_RETENTION', None, _AS_INT)
 # JOBRESULT_RETENTION was renamed to JOB_RETENTION in the v3.5.0 release of NetBox. For backwards compatibility, map JOBRESULT_RETENTION to JOB_RETENTION
 elif 'JOBRESULT_RETENTION' in environ:
    JOB_RETENTION = _environ_get_and_map('JOBRESULT_RETENTION', None, _AS_INT)
 # API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
 # allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
 # CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
-CORS_ORIGIN_ALLOW_ALL = _environ_get_and_map('CORS_ORIGIN_ALLOW_ALL', 'False', _AS_BOOL)
+CORS_ORIGIN_ALLOW_ALL = environ.get('CORS_ORIGIN_ALLOW_ALL', 'False').lower() == 'true'
-CORS_ORIGIN_WHITELIST = _environ_get_and_map('CORS_ORIGIN_WHITELIST', 'https://localhost', _AS_LIST)
+CORS_ORIGIN_WHITELIST = list(filter(None, environ.get('CORS_ORIGIN_WHITELIST', 'https://localhost').split(' ')))
-CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r in _environ_get_and_map('CORS_ORIGIN_REGEX_WHITELIST', '', _AS_LIST)]
+CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r in list(filter(None, environ.get('CORS_ORIGIN_REGEX_WHITELIST', '').split(' ')))]
 # Cross-Site-Request-Forgery-Attack settings. If Netbox is sitting behind a reverse proxy, you might need to set the CSRF_TRUSTED_ORIGINS flag.
 # Django 4.0 requires to specify the URL Scheme in this setting. An example environment variable could be specified like:
 # CSRF_TRUSTED_ORIGINS=https://demo.netbox.dev http://demo.netbox.dev
 CSRF_TRUSTED_ORIGINS = list(filter(None, environ.get('CSRF_TRUSTED_ORIGINS', '').split(' ')))
 # Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
-# sensitive information about your installation. Only enable debugging while performing testing.
+# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
-# Never enable debugging on a production system.
+# on a production system.
-DEBUG = _environ_get_and_map('DEBUG', 'False', _AS_BOOL)
+DEBUG = environ.get('DEBUG', 'False').lower() == 'true'
 # This parameter serves as a safeguard to prevent some potentially dangerous behavior,
 # such as generating new database schema migrations.
 # Set this to True only if you are actively developing the NetBox code base.
 DEVELOPER = _environ_get_and_map('DEVELOPER', 'False', _AS_BOOL)
 # Email settings
 EMAIL = {
    'SERVER': environ.get('EMAIL_SERVER', 'localhost'),
-    'PORT': _environ_get_and_map('EMAIL_PORT', 25, _AS_INT),
+    'PORT': int(environ.get('EMAIL_PORT', 25)),
    'USERNAME': environ.get('EMAIL_USERNAME', ''),
    'PASSWORD': _read_secret('email_password', environ.get('EMAIL_PASSWORD', '')),
-    'USE_SSL': _environ_get_and_map('EMAIL_USE_SSL', 'False', _AS_BOOL),
+    'USE_SSL': environ.get('EMAIL_USE_SSL', 'False').lower() == 'true',
-    'USE_TLS': _environ_get_and_map('EMAIL_USE_TLS', 'False', _AS_BOOL),
+    'USE_TLS': environ.get('EMAIL_USE_TLS', 'False').lower() == 'true',
    'SSL_CERTFILE': environ.get('EMAIL_SSL_CERTFILE', ''),
    'SSL_KEYFILE': environ.get('EMAIL_SSL_KEYFILE', ''),
-    'TIMEOUT': _environ_get_and_map('EMAIL_TIMEOUT', 10, _AS_INT),  # seconds
+    'TIMEOUT': int(environ.get('EMAIL_TIMEOUT', 10)),  # seconds
    'FROM_EMAIL': environ.get('EMAIL_FROM', ''),
 }
 # Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
 # (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
-if 'ENFORCE_GLOBAL_UNIQUE' in environ:
+ENFORCE_GLOBAL_UNIQUE = environ.get('ENFORCE_GLOBAL_UNIQUE', 'False').lower() == 'true'
    ENFORCE_GLOBAL_UNIQUE = _environ_get_and_map('ENFORCE_GLOBAL_UNIQUE', None, _AS_BOOL)
 # By default, netbox sends census reporting data using a single HTTP request each time a worker starts.
 # This data enables the project maintainers to estimate how many NetBox deployments exist and track the adoption of new versions over time.
 # The only data reported by this function are the NetBox version, Python version, and a pseudorandom unique identifier.
 # To opt out of census reporting, set CENSUS_REPORTING_ENABLED to False.
 if 'CENSUS_REPORTING_ENABLED' in environ:
    CENSUS_REPORTING_ENABLED = _environ_get_and_map('CENSUS_REPORTING_ENABLED', None, _AS_BOOL)
 # Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
 # by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
-EXEMPT_VIEW_PERMISSIONS = _environ_get_and_map('EXEMPT_VIEW_PERMISSIONS', '', _AS_LIST)
+EXEMPT_VIEW_PERMISSIONS = list(filter(None, environ.get('EXEMPT_VIEW_PERMISSIONS', '').split(' ')))
 # HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
 HTTP_PROXIES = {
    'http': environ.get('HTTP_PROXY', None),
    'https': environ.get('HTTPS_PROXY', None),
 }
 # IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
 # NetBox from an internal IP.
 INTERNAL_IPS = _environ_get_and_map('INTERNAL_IPS', '127.0.0.1 ::1', _AS_LIST)
 # Enable GraphQL API.
-if 'GRAPHQL_ENABLED' in environ:
+GRAPHQL_ENABLED = environ.get('GRAPHQL_ENABLED', 'True').lower() == 'true'
    GRAPHQL_ENABLED = _environ_get_and_map('GRAPHQL_ENABLED', None, _AS_BOOL)
-# # Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
+# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
-# #   https://docs.djangoproject.com/en/stable/topics/logging/
+#   https://docs.djangoproject.com/en/stable/topics/logging/
-# LOGGING = {}
+LOGGING = {}
-# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
+# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
-# authenticated to NetBox indefinitely.
+# are permitted to access most data in NetBox (excluding secrets) but not make any changes.
-LOGIN_PERSISTENCE = _environ_get_and_map('LOGIN_PERSISTENCE', 'False', _AS_BOOL)
+LOGIN_REQUIRED = environ.get('LOGIN_REQUIRED', 'False').lower() == 'true'
 # When enabled, only authenticated users are permitted to access any part of NetBox.
 # Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
 LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'True', _AS_BOOL)
 # The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
 # re-authenticate. (Default: 1209600 [14 days])
-LOGIN_TIMEOUT = _environ_get_and_map('LOGIN_TIMEOUT', 1209600, _AS_INT)
+LOGIN_TIMEOUT = int(environ.get('LOGIN_TIMEOUT', 1209600))
 # Setting this to True will display a "maintenance mode" banner at the top of every page.
-if 'MAINTENANCE_MODE' in environ:
+MAINTENANCE_MODE = environ.get('MAINTENANCE_MODE', 'False').lower() == 'true'
    MAINTENANCE_MODE = _environ_get_and_map('MAINTENANCE_MODE', None, _AS_BOOL)
 # Maps provider
-if 'MAPS_URL' in environ:
+MAPS_URL = environ.get('MAPS_URL', None)
    MAPS_URL = environ.get('MAPS_URL', None)
 # An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
 # "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
 # all objects by specifying "?limit=0".
-if 'MAX_PAGE_SIZE' in environ:
+MAX_PAGE_SIZE = int(environ.get('MAX_PAGE_SIZE', 1000))
    MAX_PAGE_SIZE = _environ_get_and_map('MAX_PAGE_SIZE', None, _AS_INT)
 # The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
 # the default value of this setting is derived from the installed location.
 MEDIA_ROOT = environ.get('MEDIA_ROOT', join(_BASE_DIR, 'media'))
 # Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
-METRICS_ENABLED = _environ_get_and_map('METRICS_ENABLED', 'False', _AS_BOOL)
+METRICS_ENABLED = environ.get('METRICS_ENABLED', 'False').lower() == 'true'
 # Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
 NAPALM_USERNAME = environ.get('NAPALM_USERNAME', '')
 NAPALM_PASSWORD = _read_secret('napalm_password', environ.get('NAPALM_PASSWORD', ''))
 # NAPALM timeout (in seconds). (Default: 30)
 NAPALM_TIMEOUT = int(environ.get('NAPALM_TIMEOUT', 30))
 # NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
 # be provided as a dictionary.
 NAPALM_ARGS = {}
 # Determine how many objects to display per page within a list. (Default: 50)
-if 'PAGINATE_COUNT' in environ:
+PAGINATE_COUNT = int(environ.get('PAGINATE_COUNT', 50))
    PAGINATE_COUNT = _environ_get_and_map('PAGINATE_COUNT', None, _AS_INT)
-# # Enable installed plugins. Add the name of each plugin to the list.
+# Enable installed plugins. Add the name of each plugin to the list.
-# PLUGINS = []
+PLUGINS = []
-# # Plugins configuration settings. These settings are used by various plugins that the user may have installed.
+# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
-# # Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
+# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
-# PLUGINS_CONFIG = {
+PLUGINS_CONFIG = {
-# }
+}
 # When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
 # prefer IPv4 instead.
-if 'PREFER_IPV4' in environ:
+PREFER_IPV4 = environ.get('PREFER_IPV4', 'False').lower() == 'true'
    PREFER_IPV4 = _environ_get_and_map('PREFER_IPV4', None, _AS_BOOL)
 # The default value for the amperage field when creating new power feeds.
 if 'POWERFEED_DEFAULT_AMPERAGE' in environ:
    POWERFEED_DEFAULT_AMPERAGE = _environ_get_and_map('POWERFEED_DEFAULT_AMPERAGE', None, _AS_INT)
 # The default value (percentage) for the max_utilization field when creating new power feeds.
 if 'POWERFEED_DEFAULT_MAX_UTILIZATION' in environ:
    POWERFEED_DEFAULT_MAX_UTILIZATION = _environ_get_and_map('POWERFEED_DEFAULT_MAX_UTILIZATION', None, _AS_INT)
 # The default value for the voltage field when creating new power feeds.
 if 'POWERFEED_DEFAULT_VOLTAGE' in environ:
    POWERFEED_DEFAULT_VOLTAGE = _environ_get_and_map('POWERFEED_DEFAULT_VOLTAGE', None, _AS_INT)
 # Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
-if 'RACK_ELEVATION_DEFAULT_UNIT_HEIGHT' in environ:
+RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = int(environ.get('RACK_ELEVATION_DEFAULT_UNIT_HEIGHT', 22))
-    RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_HEIGHT', None, _AS_INT)
+RACK_ELEVATION_DEFAULT_UNIT_WIDTH = int(environ.get('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', 220))
 if 'RACK_ELEVATION_DEFAULT_UNIT_WIDTH' in environ:
    RACK_ELEVATION_DEFAULT_UNIT_WIDTH = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', None, _AS_INT)
 # Remote authentication support
-REMOTE_AUTH_AUTO_CREATE_GROUPS = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_GROUPS', 'False', _AS_BOOL)
+REMOTE_AUTH_ENABLED = environ.get('REMOTE_AUTH_ENABLED', 'False').lower() == 'true'
-REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL)
+REMOTE_AUTH_BACKEND = environ.get('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend')
 REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST)
 REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST)
 # REMOTE_AUTH_DEFAULT_PERMISSIONS = {} # dicts can't be configured via environment variables. See extra.py instead.
 REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL)
 REMOTE_AUTH_GROUP_HEADER = _environ_get_and_map('REMOTE_AUTH_GROUP_HEADER', 'HTTP_REMOTE_USER_GROUP')
 REMOTE_AUTH_GROUP_SEPARATOR = _environ_get_and_map('REMOTE_AUTH_GROUP_SEPARATOR', '|')
 REMOTE_AUTH_GROUP_SYNC_ENABLED = _environ_get_and_map('REMOTE_AUTH_GROUP_SYNC_ENABLED', 'False', _AS_BOOL)
 REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER')
-REMOTE_AUTH_USER_EMAIL = environ.get('REMOTE_AUTH_USER_EMAIL', 'HTTP_REMOTE_USER_EMAIL')
+REMOTE_AUTH_AUTO_CREATE_USER = environ.get('REMOTE_AUTH_AUTO_CREATE_USER', 'True').lower() == 'true'
-REMOTE_AUTH_USER_FIRST_NAME = environ.get('REMOTE_AUTH_USER_FIRST_NAME', 'HTTP_REMOTE_USER_FIRST_NAME')
+REMOTE_AUTH_DEFAULT_GROUPS = list(filter(None, environ.get('REMOTE_AUTH_DEFAULT_GROUPS', '').split(' ')))
 REMOTE_AUTH_USER_LAST_NAME = environ.get('REMOTE_AUTH_USER_LAST_NAME', 'HTTP_REMOTE_USER_LAST_NAME')
 REMOTE_AUTH_SUPERUSER_GROUPS = _environ_get_and_map('REMOTE_AUTH_SUPERUSER_GROUPS', '', _AS_LIST)
 REMOTE_AUTH_SUPERUSERS = _environ_get_and_map('REMOTE_AUTH_SUPERUSERS', '', _AS_LIST)
 REMOTE_AUTH_STAFF_GROUPS = _environ_get_and_map('REMOTE_AUTH_STAFF_GROUPS', '', _AS_LIST)
 REMOTE_AUTH_STAFF_USERS = _environ_get_and_map('REMOTE_AUTH_STAFF_USERS', '', _AS_LIST)
 # This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
 # version check or use the URL below to check for release in the official NetBox repository.
 # https://api.github.com/repos/netbox-community/netbox/releases
 RELEASE_CHECK_URL = environ.get('RELEASE_CHECK_URL', None)
-# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
+
 # The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
 # this setting is derived from the installed location.
 REPORTS_ROOT = environ.get('REPORTS_ROOT', '/etc/netbox/reports')
 # Maximum execution time for background tasks, in seconds.
-RQ_DEFAULT_TIMEOUT = _environ_get_and_map('RQ_DEFAULT_TIMEOUT', 300, _AS_INT)
+RQ_DEFAULT_TIMEOUT = int(environ.get('RQ_DEFAULT_TIMEOUT', 300))
-# The name to use for the csrf token cookie.
+# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
-CSRF_COOKIE_NAME = environ.get('CSRF_COOKIE_NAME', 'csrftoken')
+# this setting is derived from the installed location.
-
+SCRIPTS_ROOT = environ.get('SCRIPTS_ROOT', '/etc/netbox/scripts')
 # Cross-Site-Request-Forgery-Attack settings. If Netbox is sitting behind a reverse proxy, you might need to set the CSRF_TRUSTED_ORIGINS flag.
 # Django 4.0 requires to specify the URL Scheme in this setting. An example environment variable could be specified like:
 # CSRF_TRUSTED_ORIGINS=https://demo.netbox.dev http://demo.netbox.dev
 CSRF_TRUSTED_ORIGINS = _environ_get_and_map('CSRF_TRUSTED_ORIGINS', '', _AS_LIST)
 # The name to use for the session cookie.
 SESSION_COOKIE_NAME = environ.get('SESSION_COOKIE_NAME', 'sessionid')
 # If true, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header.
 # This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain.
 SECURE_HSTS_INCLUDE_SUBDOMAINS = _environ_get_and_map('SECURE_HSTS_INCLUDE_SUBDOMAINS', 'False', _AS_BOOL)
 # If true, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header.
 # This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the
 # site to be accessed via HTTPS even if the user types HTTP in the address bar.
 SECURE_HSTS_PRELOAD = _environ_get_and_map('SECURE_HSTS_PRELOAD', 'False', _AS_BOOL)
 # If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all
 # responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS,
 # blocking any HTTP request.
 SECURE_HSTS_SECONDS = _environ_get_and_map('SECURE_HSTS_SECONDS', 0, _AS_INT)
 # If true, all non-HTTPS requests will be automatically redirected to use HTTPS.
 SECURE_SSL_REDIRECT = _environ_get_and_map('SECURE_SSL_REDIRECT', 'False', _AS_BOOL)
 # By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
 # local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
 # database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
-SESSION_FILE_PATH = environ.get('SESSION_FILE_PATH', environ.get('SESSIONS_ROOT', None))
+SESSION_FILE_PATH = environ.get('SESSIONS_ROOT', None)
 # Time zone (default: UTC)
 TIME_ZONE = environ.get('TIME_ZONE', 'UTC')
 # Date/time formatting. See the following link for supported formats:
 # https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
 DATE_FORMAT = environ.get('DATE_FORMAT', 'N j, Y')
 SHORT_DATE_FORMAT = environ.get('SHORT_DATE_FORMAT', 'Y-m-d')
 TIME_FORMAT = environ.get('TIME_FORMAT', 'g:i a')
 SHORT_TIME_FORMAT = environ.get('SHORT_TIME_FORMAT', 'H:i:s')
 DATETIME_FORMAT = environ.get('DATETIME_FORMAT', 'N j, Y g:i a')
 SHORT_DATETIME_FORMAT = environ.get('SHORT_DATETIME_FORMAT', 'Y-m-d H:i')
--- a/configuration/extra.py
+++ b/configuration/extra.py
@ -15,6 +15,12 @@
 #     'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
 # )
 ## NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
 ## be provided as a dictionary.
 # NAPALM_ARGS = {}
 ## Enable installed plugins. Add the name of each plugin to the list.
 # from netbox.configuration.configuration import PLUGINS
 # PLUGINS.append('my_plugin')
--- a/configuration/ldap/ldap_config.py
+++ b/configuration/ldap/ldap_config.py
@ -31,12 +31,9 @@ AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_REFERRALS: 0
 }
-AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = environ.get('AUTH_LDAP_BIND_AS_AUTHENTICATING_USER', 'False').lower() == 'true'
+# Set the DN and password for the NetBox service account.
-
+AUTH_LDAP_BIND_DN = environ.get('AUTH_LDAP_BIND_DN', '')
-# Set the DN and password for the NetBox service account if needed.
+AUTH_LDAP_BIND_PASSWORD = _read_secret('auth_ldap_bind_password', environ.get('AUTH_LDAP_BIND_PASSWORD', ''))
 if not AUTH_LDAP_BIND_AS_AUTHENTICATING_USER:
    AUTH_LDAP_BIND_DN = environ.get('AUTH_LDAP_BIND_DN', '')
    AUTH_LDAP_BIND_PASSWORD = _read_secret('auth_ldap_bind_password', environ.get('AUTH_LDAP_BIND_PASSWORD', ''))
 # Set a string template that describes any user’s distinguished name based on the username.
 AUTH_LDAP_USER_DN_TEMPLATE = environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None)
@ -49,38 +46,20 @@ AUTH_LDAP_START_TLS = environ.get('AUTH_LDAP_START_TLS', 'False').lower() == 'tr
 #     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
 LDAP_IGNORE_CERT_ERRORS = environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true'
 # Include this setting if you want to validate the LDAP server certificates against a CA certificate directory on your server
 # Note that this is a NetBox-specific setting which sets:
 #     ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, LDAP_CA_CERT_DIR)
 LDAP_CA_CERT_DIR = environ.get('LDAP_CA_CERT_DIR', None)
 # Include this setting if you want to validate the LDAP server certificates against your own CA.
 # Note that this is a NetBox-specific setting which sets:
 #     ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_CERT_FILE)
 LDAP_CA_CERT_FILE = environ.get('LDAP_CA_CERT_FILE', None)
 AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '')
 AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName')
 AUTH_LDAP_USER_SEARCH_FILTER: str = environ.get(
    'AUTH_LDAP_USER_SEARCH_FILTER', f'({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)'
 )
 AUTH_LDAP_USER_SEARCH = LDAPSearch(
-    AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER
+    AUTH_LDAP_USER_SEARCH_BASEDN,
    ldap.SCOPE_SUBTREE,
    "(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)"
 )
 # This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
 # heirarchy.
 AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '')
 AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group')
-
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE,
-AUTH_LDAP_GROUP_SEARCH_FILTER: str = environ.get(
+                                    "(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")")
    'AUTH_LDAP_GROUP_SEARCH_FILTER', f'(objectclass={AUTH_LDAP_GROUP_SEARCH_CLASS})'
 )
 AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
 )
 AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
 # Define a group required to login.
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@ -1,21 +0,0 @@
 services:
  netbox:
    ports:
      - "8000:8080"
    # If you want the Nginx unit status page visible from the
    # outside of the container add the following port mapping:
    # - "8001:8081"
    # healthcheck:
      # Time for which the health check can fail after the container is started.
      # This depends mostly on the performance of your database. On the first start,
      # when all tables need to be created the start_period should be higher than on
      # subsequent starts. For the first start after major version upgrades of NetBox
      # the start_period might also need to be set higher.
      # Default value in our docker-compose.yml is 60s
      # start_period: 90s
    # environment:
      # SKIP_SUPERUSER: "false"
      # SUPERUSER_API_TOKEN: ""
      # SUPERUSER_EMAIL: ""
      # SUPERUSER_NAME: ""
      # SUPERUSER_PASSWORD: ""
--- a/docker-compose.override.yml.example
+++ b/docker-compose.override.yml.example
@ -1,22 +1,5 @@
 version: '3.4'
 services:
  netbox:
    ports:
-      - "8000:8080"
+      - 8000:8080
    # If you want the Nginx unit status page visible from the
    # outside of the container add the following port mapping:
    # - "8001:8081"
    # healthcheck:
      # Time for which the health check can fail after the container is started.
      # This depends mostly on the performance of your database. On the first start,
      # when all tables need to be created the start_period should be higher than on
      # subsequent starts. For the first start after major version upgrades of NetBox
      # the start_period might also need to be set higher.
      # Default value in our docker-compose.yml is 60s
      # start_period: 90s
    # environment:
      # SKIP_SUPERUSER: "false"
      # SUPERUSER_API_TOKEN: ""
      # SUPERUSER_EMAIL: ""
      # SUPERUSER_NAME: ""
      # SUPERUSER_PASSWORD: ""
--- a/docker-compose.test.override.yml
+++ b/docker-compose.test.override.yml
@ -1,5 +0,0 @@
 services:
  netbox:
    ports:
      - "127.0.0.1:8000:8080"
--- a/docker-compose.test.yml
+++ b/docker-compose.test.yml
@ -1,70 +1,39 @@
 version: '3.4'
 services:
-  netbox: &netbox
+  netbox:
-    image: ${IMAGE-docker.io/netboxcommunity/netbox:latest}
+    image: ${IMAGE-netboxcommunity/netbox:latest}
    depends_on:
-      postgres:
+    - postgres
-        condition: service_healthy
+    - redis
-      redis:
+    - redis-cache
        condition: service_healthy
      redis-cache:
        condition: service_healthy
    env_file: env/netbox.env
    environment:
      SKIP_STARTUP_SCRIPTS: ${SKIP_STARTUP_SCRIPTS-false}
    user: 'unit:root'
    volumes:
-    - ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro
+    - ./startup_scripts:/opt/netbox/startup_scripts:z,ro
-    healthcheck:
+    - ./${INITIALIZERS_DIR-initializers}:/opt/netbox/initializers:z,ro
-      test: curl -f http://localhost:8080/login/ || exit 1
+    - ./configuration:/etc/netbox/config:z,ro
-      start_period: ${NETBOX_START_PERIOD-120s}
+    - ./reports:/etc/netbox/reports:z,ro
-      timeout: 3s
+    - ./scripts:/etc/netbox/scripts:z,ro
-      interval: 15s
+    - netbox-media-files:/opt/netbox/netbox/media:z
  netbox-worker:
    <<: *netbox
    command:
    - /opt/netbox/venv/bin/python
    - /opt/netbox/netbox/manage.py
    - rqworker
    healthcheck:
      test: ps -aux | grep -v grep | grep -q rqworker || exit 1
      start_period: 40s
      timeout: 3s
      interval: 15s
  netbox-housekeeping:
    <<: *netbox
    command:
    - /opt/netbox/housekeeping.sh
    healthcheck:
      test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
      start_period: 40s
      timeout: 3s
      interval: 15s
  postgres:
-    image: docker.io/postgres:16-alpine
+    image: postgres:14-alpine
    env_file: env/postgres.env
-    healthcheck:
+  redis:
-      test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER ## $$ because of docker-compose
+    image: redis:7-alpine
      start_period: 20s
      interval: 1s
      timeout: 5s
      retries: 5
  redis: &redis
    image: docker.io/valkey/valkey:8.0-alpine
    command:
    - sh
    - -c # this is to evaluate the $REDIS_PASSWORD from the env
-    - valkey-server --save "" --appendonly no --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
    env_file: env/redis.env
    healthcheck:
      test: "[ $$(valkey-cli --pass \"$${REDIS_PASSWORD}\" ping) = 'PONG' ]"
      start_period: 5s
      timeout: 3s
      interval: 1s
      retries: 5
  redis-cache:
-    <<: *redis
+    image: redis:7-alpine
    command:
    - sh
    - -c # this is to evaluate the $REDIS_PASSWORD from the env
    - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
    env_file: env/redis-cache.env
 volumes:
  netbox-media-files:
    driver: local
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,99 +1,67 @@
 version: '3.4'
 services:
  netbox: &netbox
-    image: docker.io/netboxcommunity/netbox:${VERSION-v4.1-3.0.2}
+    image: netboxcommunity/netbox:${VERSION-v3.2-2.1.0}
    depends_on:
    - postgres
    - redis
    - redis-cache
    - netbox-worker
    env_file: env/netbox.env
-    user: "unit:root"
+    user: 'unit:root'
    healthcheck:
      test: curl -f http://localhost:8080/login/ || exit 1
      start_period: 90s
      timeout: 3s
      interval: 15s
    volumes:
    - ./startup_scripts:/opt/netbox/startup_scripts:z,ro
    - ./initializers:/opt/netbox/initializers:z,ro
    - ./configuration:/etc/netbox/config:z,ro
-      - netbox-media-files:/opt/netbox/netbox/media:rw
+    - ./reports:/etc/netbox/reports:z,ro
-      - netbox-reports-files:/opt/netbox/netbox/reports:rw
+    - ./scripts:/etc/netbox/scripts:z,ro
-      - netbox-scripts-files:/opt/netbox/netbox/scripts:rw
+    - netbox-media-files:/opt/netbox/netbox/media:z
  netbox-worker:
    <<: *netbox
    depends_on:
-      netbox:
+    - redis
-        condition: service_healthy
+    - postgres
    command:
    - /opt/netbox/venv/bin/python
    - /opt/netbox/netbox/manage.py
    - rqworker
    healthcheck:
      test: ps -aux | grep -v grep | grep -q rqworker || exit 1
      start_period: 20s
      timeout: 3s
      interval: 15s
  netbox-housekeeping:
    <<: *netbox
    depends_on:
-      netbox:
+    - redis
-        condition: service_healthy
+    - postgres
    command:
    - /opt/netbox/housekeeping.sh
    healthcheck:
      test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
      start_period: 20s
      timeout: 3s
      interval: 15s
  # postgres
  postgres:
-    image: docker.io/postgres:16-alpine
+    image: postgres:14-alpine
    healthcheck:
      test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
      start_period: 20s
      timeout: 30s
      interval: 10s
      retries: 5
    env_file: env/postgres.env
    volumes:
    - netbox-postgres-data:/var/lib/postgresql/data
  # redis
  redis:
-    image: docker.io/valkey/valkey:8.0-alpine
+    image: redis:7-alpine
    command:
    - sh
    - -c # this is to evaluate the $REDIS_PASSWORD from the env
-      - valkey-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
    healthcheck: &redis-healthcheck
      test: '[ $$(valkey-cli --pass "$${REDIS_PASSWORD}" ping) = ''PONG'' ]'
      start_period: 5s
      timeout: 3s
      interval: 1s
      retries: 5
    env_file: env/redis.env
    volumes:
    - netbox-redis-data:/data
  redis-cache:
-    image: docker.io/valkey/valkey:8.0-alpine
+    image: redis:7-alpine
    command:
    - sh
    - -c # this is to evaluate the $REDIS_PASSWORD from the env
-      - valkey-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
    healthcheck: *redis-healthcheck
    env_file: env/redis-cache.env
    volumes:
      - netbox-redis-cache-data:/data
 volumes:
  netbox-media-files:
    driver: local
  netbox-postgres-data:
    driver: local
  netbox-redis-cache-data:
    driver: local
  netbox-redis-data:
    driver: local
  netbox-reports-files:
    driver: local
  netbox-scripts-files:
    driver: local
--- a/docker/docker-entrypoint.sh
+++ b/docker/docker-entrypoint.sh
@ -46,8 +46,6 @@ if ! ./manage.py migrate --check >/dev/null 2>&1; then
  ./manage.py remove_stale_contenttypes --no-input
  echo "⚙️ Removing expired user sessions"
  ./manage.py clearsessions
  echo "⚙️ Building search index (lazy)"
  ./manage.py reindex --lazy
 fi
 # Create Superuser if required
@ -72,24 +70,22 @@ else
  fi
  ./manage.py shell --interface python <<END
-from users.models import Token, User
+from django.contrib.auth.models import User
 from users.models import Token
 if not User.objects.filter(username='${SUPERUSER_NAME}'):
-    u = User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
+    u=User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
    Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')
 END
  echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}"
 fi
-./manage.py shell --interface python <<END
+# Run the startup scripts (and initializers)
-from users.models import Token
+if [ "$SKIP_STARTUP_SCRIPTS" == "true" ]; then
-try:
+  echo "↩️ Skipping startup scripts"
-    old_default_token = Token.objects.get(key="0123456789abcdef0123456789abcdef01234567")
+else
-    if old_default_token:
+  echo "import runpy; runpy.run_path('../startup_scripts')" | ./manage.py shell --interface python
-        print("⚠️ Warning: You have the old default admin API token in your database. This token is widely known; please remove it. Log in as your superuser and check API Tokens in your user menu.")
+fi
 except Token.DoesNotExist:
    pass
 END
 echo "✅ Initialisation is done."
--- a/docker/housekeeping.sh
+++ b/docker/housekeeping.sh
@ -1,8 +1,8 @@
 #!/bin/bash
-SLEEP_SECONDS=${HOUSEKEEPING_INTERVAL:=86400}
+SECONDS=${HOUSEKEEPING_INTERVAL:=86400}
-echo "Interval set to ${SLEEP_SECONDS} seconds"
+echo "Interval set to ${SECONDS} seconds"
 while true; do
  date
  /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
-  sleep "${SLEEP_SECONDS}s"
+  sleep "${SECONDS}s"
 done
--- a/docker/launch-netbox.sh
+++ b/docker/launch-netbox.sh
@ -1,7 +1,6 @@
 #!/bin/bash
 UNIT_CONFIG="${UNIT_CONFIG-/etc/unit/nginx-unit.json}"
 # Also used in "nginx-unit.json"
 UNIT_SOCKET="/opt/unit/unit.sock"
 load_configuration() {
@ -51,7 +50,7 @@ exec unitd \
  --control unix:$UNIT_SOCKET \
  --pid /opt/unit/unit.pid \
  --log /dev/stdout \
-  --statedir /opt/unit/state/ \
+  --state /opt/unit/state/ \
-  --tmpdir /opt/unit/tmp/ \
+  --tmp /opt/unit/tmp/ \
  --user unit \
  --group root
--- a/docker/nginx-unit.json
+++ b/docker/nginx-unit.json
@ -1,20 +1,11 @@
 {
  "listeners": {
-    "0.0.0.0:8080": {
+    "*:8080": {
-      "pass": "routes/main"
+      "pass": "routes"
    },
    "[::]:8080": {
      "pass": "routes/main"
    },
    "0.0.0.0:8081": {
      "pass": "routes/status"
    },
    "[::]:8081": {
      "pass": "routes/status"
    }
  },
-  "routes": {
+
-    "main": [
+  "routes": [
    {
      "match": {
        "uri": "/static/*"
@ -23,23 +14,14 @@
        "share": "/opt/netbox/netbox${uri}"
      }
    },
    {
      "action": {
        "pass": "applications/netbox"
      }
    }
  ],
-    "status": [
+
      {
        "match": {
          "uri": "/status/*"
        },
        "action": {
          "proxy": "http://unix:/opt/unit/unit.sock"
        }
      }
    ]
  },
  "applications": {
    "netbox": {
      "type": "python 3",
@ -53,5 +35,6 @@
      }
    }
  },
  "access_log": "/dev/stdout"
 }
--- a/env/netbox.env
+++ b/env/netbox.env
@ -16,8 +16,12 @@ EMAIL_USE_SSL=false
 EMAIL_USE_TLS=false
 GRAPHQL_ENABLED=true
 HOUSEKEEPING_INTERVAL=86400
 MAX_PAGE_SIZE=1000
 MEDIA_ROOT=/opt/netbox/netbox/media
 METRICS_ENABLED=false
 NAPALM_PASSWORD=
 NAPALM_TIMEOUT=10
 NAPALM_USERNAME=
 REDIS_CACHE_DATABASE=1
 REDIS_CACHE_HOST=redis-cache
 REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
@ -29,6 +33,11 @@ REDIS_INSECURE_SKIP_TLS_VERIFY=false
 REDIS_PASSWORD=H733Kdjndks81
 REDIS_SSL=false
 RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
-SECRET_KEY='r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X'
+SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj
-SKIP_SUPERUSER=true
+SKIP_STARTUP_SCRIPTS=false
 SKIP_SUPERUSER=false
 SUPERUSER_API_TOKEN=0123456789abcdef0123456789abcdef01234567
 SUPERUSER_EMAIL=admin@example.com
 SUPERUSER_NAME=admin
 SUPERUSER_PASSWORD=admin
 WEBHOOKS_ENABLED=true
--- a/initializers/aggregates.yml
+++ b/initializers/aggregates.yml
@ -0,0 +1,7 @@
 # - prefix: 10.0.0.0/16
 #   rir: RFC1918
 #   tenant: tenant1
 # - prefix: fd00:ccdd::/32
 #   rir: RFC4193 ULA
 # - prefix: 2001:db8::/32
 #   rir: RFC3849
--- a/initializers/asns.yml
+++ b/initializers/asns.yml
@ -0,0 +1,7 @@
 # - asn: 1
 #   rir: RFC1918
 #   tenant: tenant1
 # - asn: 2
 #   rir: RFC4193 ULA
 # - asn: 3
 #   rir: RFC3849
--- a/initializers/cables.yml
+++ b/initializers/cables.yml
@ -0,0 +1,71 @@
 # # Required parameters for termination X ('a' or 'b'):
 # #
 # # ```
 # #   termination_x_name -> name of interface
 # #   termination_x_device -> name of the device interface belongs to
 # #   termination_x_class -> required if different than 'Interface' which is the default
 # # ```
 # #
 # # Supported termination classes: Interface, ConsolePort, ConsoleServerPort, FrontPort, RearPort, PowerPort, PowerOutlet
 # #
 # #
 # # If a termination is a circuit then the required parameter is termination_x_circuit.
 # # Required parameters for a circuit termination:
 # #
 # # ```
 # # termination_x_circuit:
 # #   term_side -> termination side of a circuit. Must be A or B
 # #   cid -> circuit ID value
 # #   site OR provider_network -> name of Site or ProviderNetwork respectively. If both provided, Site takes precedence
 # # ```
 # #
 # # If a termination is a power feed then the required parameter is termination_x_feed.
 # #
 # # ```
 # #   termination_x_feed:
 # #     name -> name of the PowerFeed object
 # #     power_panel:
 # #       name -> name of the PowerPanel the PowerFeed is attached to
 # #       site -> name of the Site in which the PowerPanel is present
 # # ```
 # #
 # # Any other Cable parameters supported by Netbox are supported as the top level keys, e.g. 'type', 'status', etc.
 # #
 # # - termination_a_name: console
 # #   termination_a_device: spine
 # #   termination_a_class: ConsolePort
 # #   termination_b_name: tty9
 # #   termination_b_device: console-server
 # #   termination_b_class: ConsoleServerPort
 # #   type: cat6
 # #
 # - termination_a_name: to-server02
 #   termination_a_device: server01
 #   termination_b_name: to-server01
 #   termination_b_device: server02
 #   status: planned
 #   type: mmf
 # - termination_a_name: eth0
 #   termination_a_device: server02
 #   termination_b_circuit:
 #     term_side: A
 #     cid: Circuit_ID-1
 #     site: AMS 1
 #   type: cat6
 # - termination_a_name: psu0
 #   termination_a_device: server04
 #   termination_a_class: PowerPort
 #   termination_b_feed:
 #     name: power feed 1
 #     power_panel:
 #       name: power panel AMS 1
 #       site: AMS 1
 # - termination_a_name: outlet1
 #   termination_a_device: server04
 #   termination_a_class: PowerOutlet
 #   termination_b_name: psu1
 #   termination_b_device: server04
 #   termination_b_class: PowerPort
--- a/initializers/circuit_types.yml
+++ b/initializers/circuit_types.yml
@ -0,0 +1,6 @@
 # - name: VPLS
 #   slug: vpls
 # - name: MPLS
 #   slug: mpls
 # - name: Internet
 #   slug: internet
--- a/initializers/circuits.yml
+++ b/initializers/circuits.yml
@ -0,0 +1,7 @@
 # - cid: Circuit_ID-1
 #   provider: Provider1
 #   type: Internet
 #   tenant: tenant1
 # - cid: Circuit_ID-2
 #   provider: Provider2
 #   type: MPLS
--- a/initializers/cluster_groups.yml
+++ b/initializers/cluster_groups.yml
@ -0,0 +1,4 @@
 # - name: Group 1
 #   slug: group-1
 # - name: Group 2
 #   slug: group-2
--- a/initializers/cluster_types.yml
+++ b/initializers/cluster_types.yml
@ -0,0 +1,2 @@
 # - name: Hyper-V
 #   slug: hyper-v
--- a/initializers/clusters.yml
+++ b/initializers/clusters.yml
@ -0,0 +1,7 @@
 # - name: cluster1
 #   type: Hyper-V
 #   group: Group 1
 #   tenant: tenant1
 # - name: cluster2
 #   type: Hyper-V
 #   site: SING 1
--- a/initializers/contact_groups.yml
+++ b/initializers/contact_groups.yml
@ -0,0 +1,7 @@
 # - name: Network-Team
 #   slug: network-team
 #   description: This is a new contact group for the Network-Team
 # - name: New Contact Group
 #   slug: new-contact-group
 #   description: This is a new contact group sub under of Network-Team
 #   parent: Network-Team
--- a/initializers/contact_roles.yml
+++ b/initializers/contact_roles.yml
@ -0,0 +1,3 @@
 # - name: New Contact Role
 #   slug: new-contact-role
 #   description: This is a new contact role description
--- a/initializers/contacts.yml
+++ b/initializers/contacts.yml
@ -0,0 +1,20 @@
 # - name: Lee Widget
 #   title: CEO of Widget Corp
 #   phone: 221-555-1212
 #   email: widgetCEO@widgetcorp.com
 #   address: 1200 Nowhere Blvd, Scranton NJ, 555111
 #   comments: This is a very important contact
 # - name: Ali Gator
 #   group: Network-Team
 #   title: Consultant for Widget Corp
 #   phone: 221-555-1213
 #   email: Consultant@widgetcorp.com
 #   address: 1200 Nowhere Blvd, Scranton NJ, 555111
 #   comments: This is a very important contact
 # - name: Karlchen Maier
 #   group: New Contact Group
 #   title: COO of Widget Corp
 #   phone: 221-555-1214
 #   email: Karlchen@widgetcorp.com
 #   address: 1200 Nowhere Blvd, Scranton NJ, 555111
 #   comments: This is a very important contact
--- a/initializers/custom_fields.yml
+++ b/initializers/custom_fields.yml
@ -0,0 +1,93 @@
 ## Possible Choices:
 ##   type:
 ##   - text
 ##   - integer
 ##   - boolean
 ##   - date
 ##   - url
 ##   - select
 ##   filter_logic:
 ##   - disabled
 ##   - loose
 ##   - exact
 ##
 ## Examples:
 # text_field:
 #   type: text
 #   label: Custom Text
 #   description: Enter text in a text field.
 #   required: false
 #   weight: 0
 #   on_objects:
 #   - dcim.models.Device
 #   - dcim.models.Rack
 #   - dcim.models.Site
 #   - dcim.models.DeviceType
 #   - ipam.models.IPAddress
 #   - ipam.models.Prefix
 #   - tenancy.models.Tenant
 #   - virtualization.models.VirtualMachine
 # integer_field:
 #   type: integer
 #   label: Custom Number
 #   description: Enter numbers into an integer field.
 #   required: true
 #   filter_logic: loose
 #   weight: 10
 #   on_objects:
 #   - tenancy.models.Tenant
 # select_field:
 #   type: select
 #   label: Choose between items
 #   required: false
 #   filter_logic: exact
 #   weight: 30
 #   default: First Item
 #   on_objects:
 #   - dcim.models.Device
 #   choices:
 #   - First Item
 #   - Second Item
 #   - Third Item
 #   - Fifth Item
 #   - Fourth Item
 # select_field_legacy_format:
 #   type: select
 #   label: Choose between items
 #   required: false
 #   filter_logic: loose
 #   weight: 30
 #   on_objects:
 #   - dcim.models.Device
 #   choices:
 #   - value: A # this is the deprecated format.
 #   - value: B # we only use it for the tests.
 #   - value: C # please see above for the new format.
 #   - value: "D like deprecated"
 #     weight: 999
 #   - value: E
 # boolean_field:
 #   type: boolean
 #   label: Yes Or No?
 #   required: true
 #   filter_logic: loose
 #   default: "false" # important: put "false" in quotes!
 #   weight: 90
 #   on_objects:
 #   - dcim.models.Device
 # url_field:
 #   type: url
 #   label: Hyperlink
 #   description: Link to something nice.
 #   required: true
 #   filter_logic: disabled
 #   on_objects:
 #   - tenancy.models.Tenant
 # date_field:
 #   type: date
 #   label: Important Date
 #   required: false
 #   filter_logic: disabled
 #   on_objects:
 #   - dcim.models.Device
--- a/initializers/custom_links.yml
+++ b/initializers/custom_links.yml
@ -0,0 +1,21 @@
 ## Possible Choices:
 ##   new_window:
 ##   - True
 ##   - False
 ##   content_type:
 ##   - device
 ##   - site
 ##   - any-other-content-type
 ##
 ## Examples:
 # - name: link_to_repo
 #   link_text: 'Link to Netbox Docker'
 #   link_url: 'https://github.com/netbox-community/netbox-docker'
 #   new_window: False
 #   content_type: device
 # - name: link_to_localhost
 #   link_text: 'Link to localhost'
 #   link_url: 'http://localhost'
 #   new_window: True
 #   content_type: device
--- a/initializers/dcim_interfaces.yml
+++ b/initializers/dcim_interfaces.yml
@ -0,0 +1,35 @@
 ## Possible Choices:
 ##   type:
 ##   - virtual
 ##   - lag
 ##   - 1000base-t
 ##   - ... and many more. See for yourself:
 ##     https://github.com/netbox-community/netbox/blob/295d4f0394b431351c0cb2c3ecc791df68c6c2fb/netbox/dcim/choices.py#L510
 ##
 ## Examples:
 # - device: server01
 #   name: ath0
 #   type: 1000base-t
 #   lag: ae0
 #   bridge: br0
 # - device: server01
 #   name: ath1
 #   type: 1000base-t
 #   parent: ath0
 # - device: server01
 #   enabled: true
 #   type: 1000base-x-sfp
 #   name: to-server02
 # - device: server02
 #   enabled: true
 #   type: 1000base-x-sfp
 #   name: to-server01
 # - device: server02
 #   enabled: true
 #   type: 1000base-t
 #   name: eth0
 # - device: server02
 #   enabled: true
 #   type: virtual
 #   name: loopback
--- a/initializers/device_roles.yml
+++ b/initializers/device_roles.yml
@ -0,0 +1,15 @@
 # - name: switch
 #   slug: switch
 #   color: Grey
 # - name: router
 #   slug: router
 #   color: Cyan
 # - name: load-balancer
 #   slug: load-balancer
 #   color: Red
 # - name: server
 #   slug: server
 #   color: Blue
 # - name: patchpanel
 #   slug: patchpanel
 #   color: Black
--- a/initializers/device_types.yml
+++ b/initializers/device_types.yml
@ -0,0 +1,57 @@
 # - model: Model 1
 #   manufacturer: Manufacturer 1
 #   slug: model-1
 #   u_height: 2
 #   custom_field_data:
 #     text_field: Description
 # - model: Model 2
 #   manufacturer: Manufacturer 1
 #   slug: model-2
 #   custom_field_data:
 #     text_field: Description
 # - model: Model 3
 #   manufacturer: Manufacturer 1
 #   slug: model-3
 #   is_full_depth: false
 #   u_height: 0
 #   custom_field_data:
 #     text_field: Description
 # - model: Other
 #   manufacturer: No Name
 #   slug: other
 #   custom_field_data:
 #     text_field: Description
 #   interfaces:
 #     - name: eth0
 #       type: 1000base-t
 #       mgmt_only: True
 #     - name: eth1
 #       type: 1000base-t
 #   console_server_ports:
 #     - name_template: ttyS[1-48]
 #       type: rj-45
 #   power_ports:
 #     - name_template: psu[0,1]
 #       type: iec-60320-c14
 #       maximum_draw: 35
 #       allocated_draw: 35
 #   front_ports:
 #     - name_template: front[1,2]
 #       type: 8p8c
 #       rear_port_template: rear[0,1]
 #       rear_port_position_template: "[1,2]"
 #   rear_ports:
 #     - name_template: rear[0,1]
 #       type: 8p8c
 #       positions_template: "[3,2]"
 #   device_bays:
 #     - name: bay0 # both non-template and template field specified; non-template field takes precedence
 #       name_template: bay[0-9]
 #       label: test0
 #       label_template: test[0-5,9,6-8]
 #       description: Test description
 #   power_outlets:
 #     - name_template: outlet[0,1]
 #       type: iec-60320-c5
 #       power_port: psu0
 #       feed_leg: B
--- a/initializers/devices.yml
+++ b/initializers/devices.yml
@ -0,0 +1,53 @@
 ## Possible Choices:
 ##   face:
 ##   - front
 ##   - rear
 ##   status:
 ##   - offline
 ##   - active
 ##   - planned
 ##   - staged
 ##   - failed
 ##   - inventory
 ##   - decommissioning
 ##
 ## Examples:
 # - name: server01
 #   device_role: server
 #   device_type: Other
 #   site: AMS 1
 #   rack: rack-01
 #   face: front
 #   position: 1
 #   custom_field_data:
 #     text_field: Description
 # - name: server02
 #   device_role: server
 #   device_type: Other
 #   site: AMS 2
 #   rack: rack-02
 #   face: front
 #   position: 2
 #   primary_ip4: 10.1.1.2/24
 #   primary_ip6: 2001:db8:a000:1::2/64
 #   custom_field_data:
 #     text_field: Description
 # - name: server03
 #   device_role: server
 #   device_type: Other
 #   site: SING 1
 #   rack: rack-03
 #   face: front
 #   position: 3
 #   custom_field_data:
 #     text_field: Description
 # - name: server04
 #   device_role: server
 #   device_type: Other
 #   site: SING 1
 #   location: cage 101
 #   face: front
 #   position: 3
 #   custom_field_data:
 #     text_field: Description
--- a/initializers/groups.yml
+++ b/initializers/groups.yml
@ -0,0 +1,9 @@
 # applications:
 #   users:
 #     - technical_user
 # readers:
 #   users:
 #     - reader
 # writers:
 #   users:
 #     - writer
--- a/initializers/ip_addresses.yml
+++ b/initializers/ip_addresses.yml
@ -0,0 +1,44 @@
 ## Possible Choices:
 ##   status:
 ##   - active
 ##   - reserved
 ##   - deprecated
 ##   - dhcp
 ##   role:
 ##   - loopback
 ##   - secondary
 ##   - anycast
 ##   - vip
 ##   - vrrp
 ##   - hsrp
 ##   - glbp
 ##   - carp
 ##
 ## Examples:
 # - address: 10.1.1.1/24
 #   device: server01
 #   interface: to-server02
 #   status: active
 #   vrf: vrf1
 # - address: 2001:db8:a000:1::1/64
 #   device: server01
 #   interface: to-server02
 #   status: active
 #   vrf: vrf1
 # - address: 10.1.1.2/24
 #   device: server02
 #   interface: to-server01
 #   status: active
 # - address: 2001:db8:a000:1::2/64
 #   device: server02
 #   interface: to-server01
 #   status: active
 # - address: 10.1.1.10/24
 #   description: reserved IP
 #   status: reserved
 #   tenant: tenant1
 # - address: 2001:db8:a000:1::10/64
 #   description: reserved IP
 #   status: reserved
 #   tenant: tenant1
--- a/initializers/locations.yml
+++ b/initializers/locations.yml
@ -0,0 +1,3 @@
 # - name: cage 101
 #   slug: cage-101
 #   site: SING 1
--- a/initializers/manufacturers.yml
+++ b/initializers/manufacturers.yml
@ -0,0 +1,6 @@
 # - name: Manufacturer 1
 #   slug: manufacturer-1
 # - name: Manufacturer 2
 #   slug: manufacturer-2
 # - name: No Name
 #   slug: no-name
--- a/initializers/object_permissions.yml
+++ b/initializers/object_permissions.yml
@ -0,0 +1,48 @@
 # all.ro:
 #   actions:
 #     - view
 #   description: 'Read Only for All Objects'
 #   enabled: true
 #   groups:
 #     - applications
 #     - readers
 #   object_types: all
 #   users:
 #     - jdoe
 # all.rw:
 #   actions:
 #     - add
 #     - change
 #     - delete
 #     - view
 #   description: 'Read/Write for All Objects'
 #   enabled: true
 #   groups:
 #     - writers
 #   object_types: all
 # network_team.rw:
 #   actions:
 #     - add
 #     - change
 #     - delete
 #     - view
 #   description: "Network Team Permissions"
 #   enabled: true
 #   object_types:
 #     circuits:
 #       - circuit
 #       - circuittermination
 #       - circuittype
 #       - provider
 #     dcim: all
 #     ipam:
 #       - aggregate
 #       - ipaddress
 #       - prefix
 #       - rir
 #       - role
 #       - routetarget
 #       - service
 #       - vlan
 #       - vlangroup
 #       - vrf
--- a/initializers/platforms.yml
+++ b/initializers/platforms.yml
@ -0,0 +1,15 @@
 # - name: Platform 1
 #   slug: platform-1
 #   manufacturer: Manufacturer 1
 #   napalm_driver: driver1
 #   napalm_args: "{'arg1': 'value1', 'arg2': 'value2'}"
 # - name: Platform 2
 #   slug: platform-2
 #   manufacturer: Manufacturer 2
 #   napalm_driver: driver2
 #   napalm_args: "{'arg1': 'value1', 'arg2': 'value2'}"
 # - name: Platform 3
 #   slug: platform-3
 #   manufacturer: No Name
 #   napalm_driver: driver3
 #   napalm_args: "{'arg1': 'value1', 'arg2': 'value2'}"
--- a/initializers/power_feeds.yml
+++ b/initializers/power_feeds.yml
@ -0,0 +1,14 @@
 # - name: power feed 1
 #   power_panel: power panel AMS 1
 #   voltage: 208
 #   amperage: 50
 #   max_utilization: 80
 #   phase: Single phase
 #   rack: rack-01
 # - name: power feed 2
 #   power_panel: power panel SING 1
 #   voltage: 208
 #   amperage: 50
 #   max_utilization: 80
 #   phase: Three-phase
 #   rack: rack-03
--- a/initializers/power_panels.yml
+++ b/initializers/power_panels.yml
@ -0,0 +1,5 @@
 # - name: power panel AMS 1
 #   site: AMS 1   
 # - name: power panel SING 1
 #   site: SING 1 
 #   location: cage 101
--- a/initializers/prefix_vlan_roles.yml
+++ b/initializers/prefix_vlan_roles.yml
@ -0,0 +1,2 @@
 # - name: Main Management
 #   slug: main-management
--- a/initializers/prefixes.yml
+++ b/initializers/prefixes.yml
@ -0,0 +1,29 @@
 ## Possible Choices:
 ##   status:
 ##   - container
 ##   - active
 ##   - reserved
 ##   - deprecated
 ##
 ## Examples:
 # - description: prefix1
 #   prefix: 10.1.1.0/24
 #   site: AMS 1
 #   status: active
 #   tenant: tenant1
 #   vlan: vlan1
 # - description: prefix2
 #   prefix: 10.1.2.0/24
 #   site: AMS 2
 #   status: active
 #   tenant: tenant2
 #   vlan: vlan2
 #   is_pool: true
 #   vrf: vrf2
 # - description: ipv6 prefix1
 #   prefix: 2001:db8:a000:1::/64
 #   site: AMS 2
 #   status: active
 #   tenant: tenant2
 #   vlan: vlan2
--- a/initializers/providers.yml
+++ b/initializers/providers.yml
@ -0,0 +1,6 @@
 # - name: Provider1
 #   slug: provider1
 #   asn: 121
 # - name: Provider2
 #   slug: provider2
 #   asn: 122
--- a/initializers/rack_roles.yml
+++ b/initializers/rack_roles.yml
@ -0,0 +1,12 @@
 # - name: Role 1
 #   slug: role-1
 #   color: Pink
 # - name: Role 2
 #   slug: role-2
 #   color: Cyan
 # - name: Role 3
 #   slug: role-3
 #   color: Grey
 # - name: Role 4
 #   slug: role-4
 #   color: Teal
--- a/initializers/racks.yml
+++ b/initializers/racks.yml
@ -0,0 +1,41 @@
 ## Possible Choices:
 ##   width:
 ##   - 19
 ##   - 23
 ##   types:
 ##   - 2-post-frame
 ##   - 4-post-frame
 ##   - 4-post-cabinet
 ##   - wall-frame
 ##   - wall-cabinet
 ##   outer_unit:
 ##   - mm
 ##   - in
 ##
 ## Examples:
 # - site: AMS 1
 #   name: rack-01
 #   role: Role 1
 #   type: 4-post-cabinet
 #   width: 19
 #   u_height: 47
 #   custom_field_data:
 #     text_field: Description
 # - site: AMS 2
 #   name: rack-02
 #   role: Role 2
 #   type: 4-post-cabinet
 #   width: 19
 #   u_height: 47
 #   custom_field_data:
 #     text_field: Description
 # - site: SING 1
 #   name: rack-03
 #   location: cage 101
 #   role: Role 3
 #   type: 4-post-cabinet
 #   width: 19
 #   u_height: 47
 #   custom_field_data:
 #     text_field: Description
--- a/initializers/regions.yml
+++ b/initializers/regions.yml
@ -0,0 +1,10 @@
 # - name: Singapore
 #   slug: singapore
 # - name: Amsterdam
 #   slug: amsterdam
 # - name: Downtown
 #   slug: downtown
 #   parent: Amsterdam
 # - name: Suburbs
 #   slug: suburbs
 #   parent: Amsterdam
--- a/initializers/rirs.yml
+++ b/initializers/rirs.yml
@ -0,0 +1,9 @@
 # - is_private: true
 #   name: RFC1918
 #   slug: rfc1918
 # - is_private: true
 #   name: RFC4193 ULA
 #   slug: rfc4193-ula
 # - is_private: true
 #   name: RFC3849
 #   slug: rfc3849
--- a/initializers/route_targets.yml
+++ b/initializers/route_targets.yml
@ -0,0 +1,3 @@
 # - name: 65000:1001
 #   tenant: tenant1
 # - name: 65000:1002
--- a/initializers/services.yml
+++ b/initializers/services.yml
@ -0,0 +1,15 @@
 # - name: DNS
 #   protocol: TCP
 #   ports:
 #     - 53
 #   virtual_machine: virtual machine 1
 # - name: DNS
 #   protocol: UDP
 #   ports:
 #     - 53
 #   virtual_machine: virtual machine 1
 # - name: MISC
 #   protocol: UDP
 #   ports: 
 #     - 4000
 #   device: server01
--- a/initializers/sites.yml
+++ b/initializers/sites.yml
@ -0,0 +1,30 @@
 # - name: AMS 1
 #   slug: ams1
 #   region: Downtown
 #   status: active
 #   facility: Amsterdam 1
 #   custom_field_data:
 #     text_field: Description for AMS1
 # - name: AMS 2
 #   slug: ams2
 #   region: Downtown
 #   status: active
 #   facility: Amsterdam 2
 #   custom_field_data:
 #     text_field: Description for AMS2
 # - name: AMS 3
 #   slug: ams3
 #   region: Suburbs
 #   status: active
 #   facility: Amsterdam 3
 #   tenant: tenant1
 #   custom_field_data:
 #     text_field: Description for AMS3
 # - name: SING 1
 #   slug: sing1
 #   region: Singapore
 #   status: active
 #   facility: Singapore 1
 #   tenant: tenant2
 #   custom_field_data:
 #     text_field: Description for SING1
--- a/initializers/tags.yml
+++ b/initializers/tags.yml
@ -0,0 +1,12 @@
 # - name: Tag 1
 #   slug: tag-1
 #   color: Pink
 # - name: Tag 2
 #   slug: tag-2
 #   color: Cyan
 # - name: Tag 3
 #   slug: tag-3
 #   color: Grey
 # - name: Tag 4
 #   slug: tag-4
 #   color: Teal
--- a/initializers/tenant_groups.yml
+++ b/initializers/tenant_groups.yml
@ -0,0 +1,4 @@
 # - name: Tenant Group 1
 #   slug: tenant-group-1
 # - name: Tenant Group 2
 #   slug: tenant-group-2
--- a/initializers/tenants.yml
+++ b/initializers/tenants.yml
@ -0,0 +1,5 @@
 # - name: tenant1
 #   slug: tenant1
 # - name: tenant2
 #   slug: tenant2
 #   group: Tenant Group 2
--- a/initializers/users.yml
+++ b/initializers/users.yml
@ -0,0 +1,15 @@
 # technical_user:
 #   api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
 # reader:
 #   password: reader
 # writer:
 #   password: writer
 #   api_token: "" # a token is generated automatically unless the value is explicity set to empty
 # jdoe:
 #   first_name: John
 #   last_name: Doe
 #   api_token: 0123456789jdoe789abcdef01234567jdoe
 #   is_active: True
 #   is_superuser: False
 #   is_staff: False
 #   email: john.doe@example.com
--- a/initializers/virtual_machines.yml
+++ b/initializers/virtual_machines.yml
@ -0,0 +1,28 @@
 ## Possible Choices:
 ##   status:
 ##   - active
 ##   - offline
 ##   - staged
 ##
 ## Examples:
 # - cluster: cluster1
 #   comments: VM1
 #   disk: 200
 #   memory: 4096
 #   name: virtual machine 1
 #   platform: Platform 2
 #   status: active
 #   tenant: tenant1
 #   vcpus: 8
 # - cluster: cluster1
 #   comments: VM2
 #   disk: 100
 #   memory: 2048
 #   name: virtual machine 2
 #   platform: Platform 2
 #   primary_ip4: 10.1.1.10/24
 #   primary_ip6: 2001:db8:a000:1::10/64
 #   status: active
 #   tenant: tenant1
 #   vcpus: 8
--- a/initializers/virtualization_interfaces.yml
+++ b/initializers/virtualization_interfaces.yml
@ -0,0 +1,12 @@
 # - description: Network Interface 1
 #   enabled: true
 #   mac_address: 00:77:77:77:77:77
 #   mtu: 1500
 #   name: Network Interface 1
 #   virtual_machine: virtual machine 1
 # - description: Network Interface 2
 #   enabled: true
 #   mac_address: 00:55:55:55:55:55
 #   mtu: 1500
 #   name: Network Interface 2
 #   virtual_machine: virtual machine 1
--- a/initializers/vlan_groups.yml
+++ b/initializers/vlan_groups.yml
@ -0,0 +1,24 @@
 # - name: VLAN group 1
 #   scope_type: dcim.region
 #   scope: Amsterdam
 #   slug: vlan-group-1
 # - name: VLAN group 2
 #   scope_type: dcim.site
 #   scope: AMS 1
 #   slug: vlan-group-2
 # - name: VLAN group 3
 #   scope_type: dcim.location
 #   scope: cage 101
 #   slug: vlan-group-3
 # - name: VLAN group 4
 #   scope_type: dcim.rack
 #   scope: rack-01
 #   slug: vlan-group-4
 # - name: VLAN group 5
 #   scope_type: virtualization.cluster
 #   scope: cluster1
 #   slug: vlan-group-5
 # - name: VLAN group 6
 #   scope_type: virtualization.clustergroup
 #   scope: Group 1
 #   slug: vlan-group-6
--- a/initializers/vlans.yml
+++ b/initializers/vlans.yml
@ -0,0 +1,19 @@
 ## Possible Choices:
 ##   status:
 ##   - active
 ##   - reserved
 ##   - deprecated
 ##
 ## Examples:
 # - name: vlan1
 #   site: AMS 1
 #   status: active
 #   vid: 5
 #   role: Main Management
 #   description: VLAN 5 for MGMT
 # - group: VLAN group 2
 #   name: vlan2
 #   site: AMS 1
 #   status: active
 #   vid: 1300
--- a/initializers/vrfs.yml
+++ b/initializers/vrfs.yml
@ -0,0 +1,8 @@
 # - enforce_unique: true
 #   name: vrf1
 #   tenant: tenant1
 #   description: main VRF
 # - enforce_unique: true
 #   name: vrf2
 #   rd: "6500:6500"
 #   tenant: tenant2
--- a/initializers/webhooks.yml
+++ b/initializers/webhooks.yml
@ -0,0 +1,27 @@
 ## Possible Choices:
 ##   object_types:
 ##   - device
 ##   - site
 ##   - any-other-content-type
 ##   types:
 ##   - type_create
 ##   - type_update
 ##   - type_delete
 ## Examples:
 # - name: device_creation
 #   payload_url: 'http://localhost:8080'
 #   object_types:
 #     - device
 #     - cable
 #   type_create: True
 # - name: device_update
 #   payload_url: 'http://localhost:8080'
 #   object_types:
 #     - device
 #   type_update: True
 # - name: device_delete
 #   payload_url: 'http://localhost:8080'
 #   object_types:
 #     - device
 #   type_delete: True
--- a/reports/devices.py.example
+++ b/reports/devices.py.example
@ -0,0 +1,46 @@
 from dcim.choices import DeviceStatusChoices
 from dcim.models import ConsolePort, Device, PowerPort
 from extras.reports import Report
 class DeviceConnectionsReport(Report):
    description = "Validate the minimum physical connections for each device"
    def test_console_connection(self):
        # Check that every console port for every active device has a connection defined.
        active = DeviceStatusChoices.STATUS_ACTIVE
        for console_port in ConsolePort.objects.prefetch_related('device').filter(device__status=active):
            if console_port.connected_endpoint is None:
                self.log_failure(
                    console_port.device,
                    "No console connection defined for {}".format(console_port.name)
                )
            elif not console_port.connection_status:
                self.log_warning(
                    console_port.device,
                    "Console connection for {} marked as planned".format(console_port.name)
                )
            else:
                self.log_success(console_port.device)
    def test_power_connections(self):
        # Check that every active device has at least two connected power supplies.
        for device in Device.objects.filter(status=DeviceStatusChoices.STATUS_ACTIVE):
            connected_ports = 0
            for power_port in PowerPort.objects.filter(device=device):
                if power_port.connected_endpoint is not None:
                    connected_ports += 1
                    if not power_port.connection_status:
                        self.log_warning(
                            device,
                            "Power connection for {} marked as planned".format(power_port.name)
                        )
            if connected_ports < 2:
                self.log_failure(
                    device,
                    "{} connected power supplies found (2 needed)".format(connected_ports)
                )
            else:
                self.log_success(device)
--- a/requirements-container.txt
+++ b/requirements-container.txt
@ -1,5 +1,6 @@
-django-auth-ldap==4.8.0
+django-auth-ldap==4.1.0
-django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.4
+django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.12.3
-dulwich==0.22.1
+napalm==4.0.0
-python3-saml==1.16.0 --no-binary lxml,xmlsec
+psycopg2==2.9.3
-sentry-sdk[django]==2.14.0
+social-auth-core[openidconnect]==4.3.0
 ruamel.yaml==0.17.21
--- a/scripts/init.py
+++ b/scripts/init.py
--- a/startup_scripts/000_users.py
+++ b/startup_scripts/000_users.py
@ -0,0 +1,25 @@
 import sys
 from django.contrib.auth.models import User
 from startup_script_utils import load_yaml
 from users.models import Token
 users = load_yaml("/opt/netbox/initializers/users.yml")
 if users is None:
    sys.exit()
 for username, user_details in users.items():
    api_token = user_details.pop("api_token", Token.generate_key())
    password = user_details.pop("password", User.objects.make_random_password())
    user, created = User.objects.get_or_create(username=username, defaults=user_details)
    if created:
        user.set_password(password)
        user.save()
        if api_token:
            Token.objects.get_or_create(user=user, key=api_token)
        print("👤 Created user", username)
--- a/startup_scripts/010_groups.py
+++ b/startup_scripts/010_groups.py
@ -0,0 +1,23 @@
 import sys
 from startup_script_utils import load_yaml
 from users.models import AdminGroup, AdminUser
 groups = load_yaml("/opt/netbox/initializers/groups.yml")
 if groups is None:
    sys.exit()
 for groupname, group_details in groups.items():
    group, created = AdminGroup.objects.get_or_create(name=groupname)
    if created:
        print("👥 Created group", groupname)
    for username in group_details.get("users", []):
        user = AdminUser.objects.get(username=username)
        if user:
            group.user_set.add(user)
            print(" 👤 Assigned user %s to group %s" % (username, group.name))
    group.save()
--- a/startup_scripts/020_object_permissions.py
+++ b/startup_scripts/020_object_permissions.py
@ -0,0 +1,68 @@
 import sys
 from django.contrib.contenttypes.models import ContentType
 from startup_script_utils import load_yaml
 from users.models import AdminGroup, AdminUser, ObjectPermission
 object_permissions = load_yaml("/opt/netbox/initializers/object_permissions.yml")
 if object_permissions is None:
    sys.exit()
 for permission_name, permission_details in object_permissions.items():
    object_permission, created = ObjectPermission.objects.get_or_create(
        name=permission_name,
        defaults={
            "description": permission_details["description"],
            "enabled": permission_details["enabled"],
            "actions": permission_details["actions"],
        },
    )
    if permission_details.get("object_types", 0):
        object_types = permission_details["object_types"]
        if object_types == "all":
            object_permission.object_types.set(ContentType.objects.all())
        else:
            for app_label, models in object_types.items():
                if models == "all":
                    app_models = ContentType.objects.filter(app_label=app_label)
                    for app_model in app_models:
                        object_permission.object_types.add(app_model.id)
                else:
                    # There is
                    for model in models:
                        object_permission.object_types.add(
                            ContentType.objects.get(app_label=app_label, model=model)
                        )
    print("🔓 Created object permission", object_permission.name)
    if permission_details.get("groups", 0):
        for groupname in permission_details["groups"]:
            group = AdminGroup.objects.filter(name=groupname).first()
            if group:
                object_permission.groups.add(group)
                print(
                    " 👥 Assigned group %s object permission of %s"
                    % (groupname, object_permission.name)
                )
    if permission_details.get("users", 0):
        for username in permission_details["users"]:
            user = AdminUser.objects.filter(username=username).first()
            if user:
                object_permission.users.add(user)
                print(
                    " 👤 Assigned user %s object permission of %s"
                    % (username, object_permission.name)
                )
    object_permission.save()
--- a/startup_scripts/030_custom_fields.py
+++ b/startup_scripts/030_custom_fields.py
@ -0,0 +1,67 @@
 import sys
 from extras.models import CustomField
 from startup_script_utils import load_yaml
 def get_class_for_class_path(class_path):
    import importlib
    from django.contrib.contenttypes.models import ContentType
    module_name, class_name = class_path.rsplit(".", 1)
    module = importlib.import_module(module_name)
    clazz = getattr(module, class_name)
    return ContentType.objects.get_for_model(clazz)
 customfields = load_yaml("/opt/netbox/initializers/custom_fields.yml")
 if customfields is None:
    sys.exit()
 for cf_name, cf_details in customfields.items():
    custom_field, created = CustomField.objects.get_or_create(name=cf_name)
    if created:
        if cf_details.get("default", False):
            custom_field.default = cf_details["default"]
        if cf_details.get("description", False):
            custom_field.description = cf_details["description"]
        if cf_details.get("label", False):
            custom_field.label = cf_details["label"]
        for object_type in cf_details.get("on_objects", []):
            custom_field.content_types.add(get_class_for_class_path(object_type))
        if cf_details.get("required", False):
            custom_field.required = cf_details["required"]
        if cf_details.get("type", False):
            custom_field.type = cf_details["type"]
        if cf_details.get("filter_logic", False):
            custom_field.filter_logic = cf_details["filter_logic"]
        if cf_details.get("weight", -1) >= 0:
            custom_field.weight = cf_details["weight"]
        if cf_details.get("choices", False):
            custom_field.choices = []
            for choice_detail in cf_details.get("choices", []):
                if isinstance(choice_detail, dict) and "value" in choice_detail:
                    # legacy mode
                    print(
                        f"⚠️ Please migrate the choice '{choice_detail['value']}' of '{cf_name}'"
                        + " to the new format, as 'weight' is no longer supported!"
                    )
                    custom_field.choices.append(choice_detail["value"])
                else:
                    custom_field.choices.append(choice_detail)
        custom_field.save()
        print("🔧 Created custom field", cf_name)
--- a/startup_scripts/040_custom_links.py
+++ b/startup_scripts/040_custom_links.py
@ -0,0 +1,35 @@
 import sys
 from django.contrib.contenttypes.models import ContentType
 from extras.models import CustomLink
 from startup_script_utils import load_yaml, split_params
 custom_links = load_yaml("/opt/netbox/initializers/custom_links.yml")
 if custom_links is None:
    sys.exit()
 def get_content_type_id(content_type):
    try:
        return ContentType.objects.get(model=content_type).id
    except ContentType.DoesNotExist:
        pass
 for link in custom_links:
    content_type = link.pop("content_type")
    link["content_type_id"] = get_content_type_id(content_type)
    if link["content_type_id"] is None:
        print(
            "⚠️ Unable to create Custom Link '{0}': The content_type '{1}' is unknown".format(
                link.get("name"), content_type
            )
        )
        continue
    matching_params, defaults = split_params(link)
    custom_link, created = CustomLink.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🔗 Created Custom Link '{0}'".format(custom_link.name))
--- a/startup_scripts/050_tags.py
+++ b/startup_scripts/050_tags.py
@ -0,0 +1,24 @@
 import sys
 from extras.models import Tag
 from startup_script_utils import load_yaml, split_params
 from utilities.choices import ColorChoices
 tags = load_yaml("/opt/netbox/initializers/tags.yml")
 if tags is None:
    sys.exit()
 for params in tags:
    if "color" in params:
        color = params.pop("color")
        for color_tpl in ColorChoices:
            if color in color_tpl:
                params["color"] = color_tpl[0]
    matching_params, defaults = split_params(params)
    tag, created = Tag.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🎨 Created Tag", tag.name)
--- a/startup_scripts/060_webhooks.py
+++ b/startup_scripts/060_webhooks.py
@ -0,0 +1,36 @@
 import sys
 from django.contrib.contenttypes.models import ContentType
 from extras.models import Webhook
 from startup_script_utils import load_yaml, split_params
 webhooks = load_yaml("/opt/netbox/initializers/webhooks.yml")
 if webhooks is None:
    sys.exit()
 def get_content_type_id(hook_name, content_type):
    try:
        return ContentType.objects.get(model=content_type).id
    except ContentType.DoesNotExist as ex:
        print("⚠️ Webhook '{0}': The object_type '{1}' is unknown.".format(hook_name, content_type))
        raise ex
 for hook in webhooks:
    obj_types = hook.pop("object_types")
    try:
        obj_type_ids = [get_content_type_id(hook["name"], obj) for obj in obj_types]
    except ContentType.DoesNotExist:
        continue
    matching_params, defaults = split_params(hook)
    webhook, created = Webhook.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        webhook.content_types.set(obj_type_ids)
        webhook.save()
        print("🪝 Created Webhook {0}".format(webhook.name))
--- a/startup_scripts/070_tenant_groups.py
+++ b/startup_scripts/070_tenant_groups.py
@ -0,0 +1,16 @@
 import sys
 from startup_script_utils import load_yaml, split_params
 from tenancy.models import TenantGroup
 tenant_groups = load_yaml("/opt/netbox/initializers/tenant_groups.yml")
 if tenant_groups is None:
    sys.exit()
 for params in tenant_groups:
    matching_params, defaults = split_params(params)
    tenant_group, created = TenantGroup.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🔳 Created Tenant Group", tenant_group.name)
--- a/startup_scripts/080_tenants.py
+++ b/startup_scripts/080_tenants.py
@ -0,0 +1,34 @@
 import sys
 from startup_script_utils import (
    load_yaml,
    pop_custom_fields,
    set_custom_fields_values,
    split_params,
 )
 from tenancy.models import Tenant, TenantGroup
 tenants = load_yaml("/opt/netbox/initializers/tenants.yml")
 if tenants is None:
    sys.exit()
 optional_assocs = {"group": (TenantGroup, "name")}
 for params in tenants:
    custom_field_data = pop_custom_fields(params)
    for assoc, details in optional_assocs.items():
        if assoc in params:
            model, field = details
            query = {field: params.pop(assoc)}
            params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params)
    tenant, created = Tenant.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("👩‍💻 Created Tenant", tenant.name)
    set_custom_fields_values(tenant, custom_field_data)
--- a/startup_scripts/090_regions.py
+++ b/startup_scripts/090_regions.py
@ -0,0 +1,26 @@
 import sys
 from dcim.models import Region
 from startup_script_utils import load_yaml, split_params
 regions = load_yaml("/opt/netbox/initializers/regions.yml")
 if regions is None:
    sys.exit()
 optional_assocs = {"parent": (Region, "name")}
 for params in regions:
    for assoc, details in optional_assocs.items():
        if assoc in params:
            model, field = details
            query = {field: params.pop(assoc)}
            params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params)
    region, created = Region.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🌐 Created region", region.name)
--- a/startup_scripts/110_sites.py
+++ b/startup_scripts/110_sites.py
@ -0,0 +1,35 @@
 import sys
 from dcim.models import Region, Site
 from startup_script_utils import (
    load_yaml,
    pop_custom_fields,
    set_custom_fields_values,
    split_params,
 )
 from tenancy.models import Tenant
 sites = load_yaml("/opt/netbox/initializers/sites.yml")
 if sites is None:
    sys.exit()
 optional_assocs = {"region": (Region, "name"), "tenant": (Tenant, "name")}
 for params in sites:
    custom_field_data = pop_custom_fields(params)
    for assoc, details in optional_assocs.items():
        if assoc in params:
            model, field = details
            query = {field: params.pop(assoc)}
            params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params)
    site, created = Site.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("📍 Created site", site.name)
    set_custom_fields_values(site, custom_field_data)
--- a/startup_scripts/120_locations.py
+++ b/startup_scripts/120_locations.py
@ -0,0 +1,25 @@
 import sys
 from dcim.models import Location, Site
 from startup_script_utils import load_yaml, split_params
 rack_groups = load_yaml("/opt/netbox/initializers/locations.yml")
 if rack_groups is None:
    sys.exit()
 match_params = ["name", "slug", "site"]
 required_assocs = {"site": (Site, "name")}
 for params in rack_groups:
    for assoc, details in required_assocs.items():
        model, field = details
        query = {field: params.pop(assoc)}
        params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params, match_params)
    location, created = Location.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🎨 Created location", location.name)
--- a/startup_scripts/130_rack_roles.py
+++ b/startup_scripts/130_rack_roles.py
@ -0,0 +1,24 @@
 import sys
 from dcim.models import RackRole
 from startup_script_utils import load_yaml, split_params
 from utilities.choices import ColorChoices
 rack_roles = load_yaml("/opt/netbox/initializers/rack_roles.yml")
 if rack_roles is None:
    sys.exit()
 for params in rack_roles:
    if "color" in params:
        color = params.pop("color")
        for color_tpl in ColorChoices:
            if color in color_tpl:
                params["color"] = color_tpl[0]
    matching_params, defaults = split_params(params)
    rack_role, created = RackRole.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🎨 Created rack role", rack_role.name)
--- a/startup_scripts/140_racks.py
+++ b/startup_scripts/140_racks.py
@ -0,0 +1,47 @@
 import sys
 from dcim.models import Location, Rack, RackRole, Site
 from startup_script_utils import (
    load_yaml,
    pop_custom_fields,
    set_custom_fields_values,
    split_params,
 )
 from tenancy.models import Tenant
 racks = load_yaml("/opt/netbox/initializers/racks.yml")
 if racks is None:
    sys.exit()
 match_params = ["name", "site"]
 required_assocs = {"site": (Site, "name")}
 optional_assocs = {
    "role": (RackRole, "name"),
    "tenant": (Tenant, "name"),
    "location": (Location, "name"),
 }
 for params in racks:
    custom_field_data = pop_custom_fields(params)
    for assoc, details in required_assocs.items():
        model, field = details
        query = {field: params.pop(assoc)}
        params[assoc] = model.objects.get(**query)
    for assoc, details in optional_assocs.items():
        if assoc in params:
            model, field = details
            query = {field: params.pop(assoc)}
            params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params, match_params)
    rack, created = Rack.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🔳 Created rack", rack.site, rack.name)
    set_custom_fields_values(rack, custom_field_data)
--- a/startup_scripts/150_power_panels.py
+++ b/startup_scripts/150_power_panels.py
@ -0,0 +1,42 @@
 import sys
 from dcim.models import Location, PowerPanel, Site
 from startup_script_utils import (
    load_yaml,
    pop_custom_fields,
    set_custom_fields_values,
    split_params,
 )
 power_panels = load_yaml("/opt/netbox/initializers/power_panels.yml")
 if power_panels is None:
    sys.exit()
 match_params = ["name", "site"]
 required_assocs = {"site": (Site, "name")}
 optional_assocs = {"location": (Location, "name")}
 for params in power_panels:
    custom_field_data = pop_custom_fields(params)
    for assoc, details in required_assocs.items():
        model, field = details
        query = {field: params.pop(assoc)}
        params[assoc] = model.objects.get(**query)
    for assoc, details in optional_assocs.items():
        if assoc in params:
            model, field = details
            query = {field: params.pop(assoc)}
            params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params, match_params)
    power_panel, created = PowerPanel.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("⚡ Created Power Panel", power_panel.site, power_panel.name)
    set_custom_fields_values(power_panel, custom_field_data)
--- a/startup_scripts/160_power_feeds.py
+++ b/startup_scripts/160_power_feeds.py
@ -0,0 +1,42 @@
 import sys
 from dcim.models import PowerFeed, PowerPanel, Rack
 from startup_script_utils import (
    load_yaml,
    pop_custom_fields,
    set_custom_fields_values,
    split_params,
 )
 power_feeds = load_yaml("/opt/netbox/initializers/power_feeds.yml")
 if power_feeds is None:
    sys.exit()
 match_params = ["name", "power_panel"]
 required_assocs = {"power_panel": (PowerPanel, "name")}
 optional_assocs = {"rack": (Rack, "name")}
 for params in power_feeds:
    custom_field_data = pop_custom_fields(params)
    for assoc, details in required_assocs.items():
        model, field = details
        query = {field: params.pop(assoc)}
        params[assoc] = model.objects.get(**query)
    for assoc, details in optional_assocs.items():
        if assoc in params:
            model, field = details
            query = {field: params.pop(assoc)}
            params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params, match_params)
    power_feed, created = PowerFeed.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("⚡ Created Power Feed", power_feed.name)
    set_custom_fields_values(power_feed, custom_field_data)
--- a/startup_scripts/170_manufacturers.py
+++ b/startup_scripts/170_manufacturers.py
@ -0,0 +1,16 @@
 import sys
 from dcim.models import Manufacturer
 from startup_script_utils import load_yaml, split_params
 manufacturers = load_yaml("/opt/netbox/initializers/manufacturers.yml")
 if manufacturers is None:
    sys.exit()
 for params in manufacturers:
    matching_params, defaults = split_params(params)
    manufacturer, created = Manufacturer.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🏭 Created Manufacturer", manufacturer.name)
--- a/startup_scripts/180_device_roles.py
+++ b/startup_scripts/180_device_roles.py
@ -0,0 +1,25 @@
 import sys
 from dcim.models import DeviceRole
 from startup_script_utils import load_yaml, split_params
 from utilities.choices import ColorChoices
 device_roles = load_yaml("/opt/netbox/initializers/device_roles.yml")
 if device_roles is None:
    sys.exit()
 for params in device_roles:
    if "color" in params:
        color = params.pop("color")
        for color_tpl in ColorChoices:
            if color in color_tpl:
                params["color"] = color_tpl[0]
    matching_params, defaults = split_params(params)
    device_role, created = DeviceRole.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🎨 Created device role", device_role.name)
--- a/startup_scripts/190_device_types.py
+++ b/startup_scripts/190_device_types.py
@ -0,0 +1,139 @@
 import sys
 from typing import List
 from dcim.models import DeviceType, Manufacturer, Region
 from dcim.models.device_component_templates import (
    ConsolePortTemplate,
    ConsoleServerPortTemplate,
    DeviceBayTemplate,
    FrontPortTemplate,
    InterfaceTemplate,
    PowerOutletTemplate,
    PowerPortTemplate,
    RearPortTemplate,
 )
 from startup_script_utils import (
    load_yaml,
    pop_custom_fields,
    set_custom_fields_values,
    split_params,
 )
 from tenancy.models import Tenant
 from utilities.forms.utils import expand_alphanumeric_pattern
 def expand_templates(params: List[dict], device_type: DeviceType) -> List[dict]:
    templateable_fields = ["name", "label", "positions", "rear_port", "rear_port_position"]
    expanded = []
    for param in params:
        param["device_type"] = device_type
        expanded_fields = {}
        has_plain_fields = False
        for field in templateable_fields:
            template_value = param.pop(f"{field}_template", None)
            if field in param:
                has_plain_fields = True
            elif template_value:
                expanded_fields[field] = list(expand_alphanumeric_pattern(template_value))
        if expanded_fields and has_plain_fields:
            raise ValueError(f"Mix of plain and template keys provided for {templateable_fields}")
        elif not expanded_fields:
            expanded.append(param)
            continue
        elements = list(expanded_fields.values())
        master_len = len(elements[0])
        if not all([len(elem) == master_len for elem in elements]):
            raise ValueError(
                f"Number of elements in template fields "
                f"{list(expanded_fields.keys())} must be equal"
            )
        for idx in range(master_len):
            tmp = param.copy()
            for field, value in expanded_fields.items():
                if field in nested_assocs:
                    model, match_key = nested_assocs[field]
                    query = {match_key: value[idx], "device_type": device_type}
                    tmp[field] = model.objects.get(**query)
                else:
                    tmp[field] = value[idx]
            expanded.append(tmp)
    return expanded
 device_types = load_yaml("/opt/netbox/initializers/device_types.yml")
 if device_types is None:
    sys.exit()
 match_params = ["manufacturer", "model", "slug"]
 required_assocs = {"manufacturer": (Manufacturer, "name")}
 optional_assocs = {"region": (Region, "name"), "tenant": (Tenant, "name")}
 nested_assocs = {"rear_port": (RearPortTemplate, "name"), "power_port": (PowerPortTemplate, "name")}
 supported_components = {
    "interfaces": (InterfaceTemplate, ["name"]),
    "console_ports": (ConsolePortTemplate, ["name"]),
    "console_server_ports": (ConsoleServerPortTemplate, ["name"]),
    "power_ports": (PowerPortTemplate, ["name"]),
    "power_outlets": (PowerOutletTemplate, ["name"]),
    "rear_ports": (RearPortTemplate, ["name"]),
    "front_ports": (FrontPortTemplate, ["name"]),
    "device_bays": (DeviceBayTemplate, ["name"]),
 }
 for params in device_types:
    custom_field_data = pop_custom_fields(params)
    components = [(v[0], v[1], params.pop(k, [])) for k, v in supported_components.items()]
    for assoc, details in required_assocs.items():
        model, field = details
        query = {field: params.pop(assoc)}
        params[assoc] = model.objects.get(**query)
    for assoc, details in optional_assocs.items():
        if assoc in params:
            model, field = details
            query = {field: params.pop(assoc)}
            params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params, match_params)
    device_type, created = DeviceType.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🔡 Created device type", device_type.manufacturer, device_type.model)
    set_custom_fields_values(device_type, custom_field_data)
    for component in components:
        c_model, c_match_params, c_params = component
        c_match_params.append("device_type")
        if not c_params:
            continue
        expanded_c_params = expand_templates(c_params, device_type)
        for n_assoc, n_details in nested_assocs.items():
            n_model, n_field = n_details
            for c_param in expanded_c_params:
                if n_assoc in c_param:
                    n_query = {n_field: c_param[n_assoc], "device_type": device_type}
                    c_param[n_assoc] = n_model.objects.get(**n_query)
        for new_param in expanded_c_params:
            new_matching_params, new_defaults = split_params(new_param, c_match_params)
            new_obj, new_obj_created = c_model.objects.get_or_create(
                **new_matching_params, defaults=new_defaults
            )
            if new_obj_created:
                print(
                    f"🧷  Created {c_model._meta} {new_obj} component for device type {device_type}"
                )
--- a/startup_scripts/200_devices.py
+++ b/startup_scripts/200_devices.py
@ -0,0 +1,58 @@
 import sys
 from dcim.models import Device, DeviceRole, DeviceType, Location, Platform, Rack, Site
 from startup_script_utils import (
    load_yaml,
    pop_custom_fields,
    set_custom_fields_values,
    split_params,
 )
 from tenancy.models import Tenant
 from virtualization.models import Cluster
 devices = load_yaml("/opt/netbox/initializers/devices.yml")
 if devices is None:
    sys.exit()
 match_params = ["device_type", "name", "site"]
 required_assocs = {
    "device_role": (DeviceRole, "name"),
    "device_type": (DeviceType, "model"),
    "site": (Site, "name"),
 }
 optional_assocs = {
    "tenant": (Tenant, "name"),
    "platform": (Platform, "name"),
    "rack": (Rack, "name"),
    "cluster": (Cluster, "name"),
    "location": (Location, "name"),
 }
 for params in devices:
    custom_field_data = pop_custom_fields(params)
    # primary ips are handled later in `380_primary_ips.py`
    params.pop("primary_ip4", None)
    params.pop("primary_ip6", None)
    for assoc, details in required_assocs.items():
        model, field = details
        query = {field: params.pop(assoc)}
        params[assoc] = model.objects.get(**query)
    for assoc, details in optional_assocs.items():
        if assoc in params:
            model, field = details
            query = {field: params.pop(assoc)}
            params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params, match_params)
    device, created = Device.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print("🖥️  Created device", device.name)
    set_custom_fields_values(device, custom_field_data)
--- a/startup_scripts/210_dcim_interfaces.py
+++ b/startup_scripts/210_dcim_interfaces.py
@ -0,0 +1,70 @@
 import sys
 from dcim.models import Device, Interface
 from startup_script_utils import (
    load_yaml,
    pop_custom_fields,
    set_custom_fields_values,
    split_params,
 )
 interfaces = load_yaml("/opt/netbox/initializers/dcim_interfaces.yml")
 if interfaces is None:
    sys.exit()
 match_params = ["device", "name"]
 required_assocs = {"device": (Device, "name")}
 related_assocs = {
    "bridge": (Interface, "name"),
    "lag": (Interface, "name"),
    "parent": (Interface, "name"),
 }
 for params in interfaces:
    custom_field_data = pop_custom_fields(params)
    related_interfaces = {k: params.pop(k, None) for k in related_assocs}
    for assoc, details in required_assocs.items():
        model, field = details
        query = {field: params.pop(assoc)}
        params[assoc] = model.objects.get(**query)
    matching_params, defaults = split_params(params, match_params)
    interface, created = Interface.objects.get_or_create(**matching_params, defaults=defaults)
    if created:
        print(f"🧷 Created interface {interface} on {interface.device}")
    set_custom_fields_values(interface, custom_field_data)
    for related_field, related_value in related_interfaces.items():
        if not related_value:
            continue
        r_model, r_field = related_assocs[related_field]
        if related_field == "parent" and not interface.parent_id:
            query = {r_field: related_value, "device": interface.device}
            try:
                related_obj = r_model.objects.get(**query)
            except Interface.DoesNotExist:
                print(f"⚠️ Could not find parent interface with: {query} for interface {interface}")
                raise
            interface.parent_id = related_obj.id
            interface.save()
            print(
                f"🧷 Attached interface {interface} on {interface.device} "
                f"to parent {related_obj}"
            )
        else:
            query = {r_field: related_value, "device": interface.device, "type": related_field}
            related_obj, rel_obj_created = r_model.objects.get_or_create(**query)
            if rel_obj_created:
                setattr(interface, f"{related_field}_id", related_obj.id)
                interface.save()
                print(f"🧷 Created {related_field} interface {interface} on {interface.device}")
--- a/Show More
+++ b/Show More
		`@ -0,0 +1,2 @@`
							`# - name: Main Management`
							`# slug: main-management`