Merge pull request #18703 from netbox-community/release-v4.2.4

Release v4.2.4

.gitattributes

@@ -1 +1,5 @@
 *.sh text eol=lf
+# Treat compiled JS/CSS files as binary, as they're not meant to be human-readable
+netbox/project-static/dist/*.css binary
+netbox/project-static/dist/*.js binary
+netbox/project-static/dist/*.js.map binary

.github/ISSUE_TEMPLATE/01-feature_request.yaml

@@ -0,0 +1,61 @@
+---
+name: ✨ Feature Request
+type: Feature
+description: Propose a new NetBox feature or enhancement
+labels: ["type: feature", "status: needs triage"]
+body:
+  - type: markdown
+    attributes:
+      value: >
+        **NOTE:** This form is only for submitting well-formed proposals to extend or modify
+        NetBox in some way. If you're trying to solve a problem but can't figure out how, or if
+        you still need time to work on the details of a proposed new feature, please start a
+        [discussion](https://github.com/netbox-community/netbox/discussions) instead.
+  - type: input
+    attributes:
+      label: NetBox version
+      description: What version of NetBox are you currently running?
+      placeholder: v4.2.4
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Feature type
+      options:
+        - Data model extension
+        - New functionality
+        - Change to existing functionality
+        - Other
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Proposed functionality
+      description: >
+        Describe in detail the new feature or behavior you are proposing. Include any specific changes
+        to work flows, data models, and/or the user interface. The more detail you provide here, the
+        greater chance your proposal has of being discussed. Feature requests which don't include an
+        actionable implementation plan will be rejected.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Use case
+      description: >
+        Explain how adding this functionality would benefit NetBox users. What need does it address?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Database changes
+      description: >
+        Note any changes to the database schema necessary to support the new feature. For example,
+        does the proposal require adding a new model or field? (Not all new features require database
+        changes.)
+  - type: textarea
+    attributes:
+      label: External dependencies
+      description: >
+        List any new dependencies on external libraries or services that this new feature would
+        introduce. For example, does the proposal require the installation of a new Python package?
+        (Not all new features introduce new dependencies.)

.github/ISSUE_TEMPLATE/02-bug_report.yaml

@@ -0,0 +1,73 @@
+---
+name: 🐛 Bug Report
+type: Bug
+description: Report a reproducible bug in the current release of NetBox
+labels: ["type: bug", "status: needs triage"]
+body:
+  - type: markdown
+    attributes:
+      value: >
+        **NOTE:** This form is only for reporting _reproducible bugs_ in a current NetBox
+        installation. If you're having trouble with installation or just looking for
+        assistance with using NetBox, please visit our
+        [discussion forum](https://github.com/netbox-community/netbox/discussions) instead.
+  - type: dropdown
+    attributes:
+      label: Deployment Type
+      description: >
+        How are you running NetBox? (For issues with the Docker image, please go to the
+        [netbox-docker](https://github.com/netbox-community/netbox-docker) repo.)
+      options:
+        - NetBox Cloud
+        - NetBox Enterprise
+        - Self-hosted
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: NetBox Version
+      description: What version of NetBox are you currently running?
+      placeholder: v4.2.4
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Python Version
+      description: What version of Python are you currently running?
+      options:
+        - "3.10"
+        - "3.11"
+        - "3.12"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps to Reproduce
+      description: >
+        Describe in detail the exact steps that someone else can take to
+        reproduce this bug using the current stable release of NetBox. Begin with the
+        creation of any necessary database objects and call out every operation being
+        performed explicitly. If reporting a bug in the REST API, be sure to reconstruct
+        the raw HTTP request(s) being made: Don't rely on a client library such as
+        pynetbox. Additionally, **do not rely on the demo instance** for reproducing
+        suspected bugs, as its data is prone to modification or deletion at any time.
+      placeholder: |
+        1. Click on "create widget"
+        2. Set foo to 12 and bar to G
+        3. Click the "create" button
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: What did you expect to happen?
+      placeholder: A new widget should have been created with the specified attributes
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Observed Behavior
+      description: What happened instead?
+      placeholder: A TypeError exception was raised
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/03-documentation_change.yaml

@@ -0,0 +1,40 @@
+---
+name: 📖 Documentation Change
+type: Documentation
+description: Suggest an addition or modification to the NetBox documentation
+labels: ["type: documentation", "status: needs triage"]
+body:
+  - type: dropdown
+    attributes:
+      label: Change Type
+      description: What type of change are you proposing?
+      options:
+        - Addition
+        - Correction
+        - Removal
+        - Cleanup (formatting, typos, etc.)
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Area
+      description: To what section of the documentation does this change primarily pertain?
+      options:
+        - Features
+        - Installation/upgrade
+        - Getting started
+        - Configuration
+        - Customization
+        - Integrations/API
+        - Plugins
+        - Administration
+        - Development
+        - Other
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Proposed Changes
+      description: Describe the proposed changes and why they are necessary.
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/04-translation.yaml

@@ -0,0 +1,38 @@
+---
+name: 🌍 Translation
+type: Translation
+description: Request support for a new language in the user interface
+labels: ["type: translation"]
+body:
+  - type: markdown
+    attributes:
+      value: >
+        **NOTE:** This template is used only for proposing the addition of *new* languages. Please do
+        not use it to request changes to existing translations.
+  - type: input
+    attributes:
+      label: Language
+      description: What is the name of the language in English?
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: ISO 639-1 code
+      description: >
+        What is the two-letter [ISO 639-1 code](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes)
+        assigned to the language?
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Volunteer
+      description: Are you a fluent speaker of this language **and** willing to contribute a translation map?
+      options:
+        - "Yes"
+        - "No"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Comments
+      description: Any other notes you would like to share

.github/ISSUE_TEMPLATE/05-housekeeping.yaml

@@ -0,0 +1,25 @@
+---
+name: 🏡 Housekeeping
+type: Housekeeping
+description: A change pertaining to the codebase itself (developers only)
+labels: ["type: housekeeping"]
+body:
+  - type: markdown
+    attributes:
+      value: >
+        **NOTE:** This template is for use by maintainers only. Please do not submit
+        an issue using this template unless you have been specifically asked to do so.
+  - type: textarea
+    attributes:
+      label: Proposed Changes
+      description: >
+        Describe in detail the new feature or behavior you'd like to propose.
+        Include any specific changes to work flows, data models, or the user interface.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Justification
+      description: Please provide justification for the proposed change(s).
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/06-deprecation.yaml

@@ -0,0 +1,25 @@
+---
+name: 🗑️ Deprecation
+type: Deprecation
+description: The removal of an existing feature or resource
+labels: ["type: deprecation"]
+body:
+  - type: textarea
+    attributes:
+      label: Proposed Changes
+      description: >
+        Describe in detail the proposed changes. What is being removed?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Justification
+      description: Please provide justification for the proposed change(s).
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Impact
+      description: List all areas of the application that will be affected by this change.
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,43 +0,0 @@
----
-name: 🐛 Bug Report
-about: Report a reproducible bug in the current release of NetBox
-
----
-
-<!--
-    NOTE: IF YOUR ISSUE DOES NOT FOLLOW THIS TEMPLATE, IT WILL BE CLOSED.
-
-    This form is only for reproducible bugs. If you need assistance with
-    NetBox installation, or if you have a general question, DO NOT open an
-    issue. Instead, post to our mailing list:
-
-        https://groups.google.com/forum/#!forum/netbox-discuss
-
-    Please describe the environment in which you are running NetBox. Be sure
-    that you are running an unmodified instance of the latest stable release
-    before submitting a bug report, and that any plugins have been disabled.
--->
-### Environment
-* Python version: 
-* NetBox version: 
-
-<!--
-    Describe in detail the exact steps that someone else can take to reproduce
-    this bug using the current stable release of NetBox. Begin with the
-    creation of any necessary database objects and call out every operation
-    being performed explicitly. If reporting a bug in the REST API, be sure to
-    reconstruct the raw HTTP request(s) being made: Don't rely on a client
-    library such as pynetbox.
--->
-### Steps to Reproduce
-1. Disable any installed plugins by commenting out the `PLUGINS` setting in
-   `configuration.py`.
-2.
-3.
-
-<!-- What did you expect to happen? -->
-### Expected Behavior
-
-
-<!-- What happened instead? -->
-### Observed Behavior

.github/ISSUE_TEMPLATE/config.yml

@@ -2,8 +2,20 @@
 blank_issues_enabled: false
 contact_links:
   - name: 📖 Contributing Policy
-    url: https://github.com/netbox-community/netbox/blob/develop/CONTRIBUTING.md
-    about: Please read through our contributing policy before opening an issue or pull request
-  - name: 💬 Discussion Group
-    url: https://groups.google.com/forum/#!forum/netbox-discuss
-    about: Join our discussion group for assistance with installation issues and other problems
+    url: https://github.com/netbox-community/netbox/blob/main/CONTRIBUTING.md
+    about: "Please read through our contributing policy before opening an issue or pull request."
+  - name: ❓ Discussion
+    url: https://github.com/netbox-community/netbox/discussions
+    about: "If you're just looking for help, try starting a discussion instead."
+  - name: 👔 Professional Support
+    url: https://netboxlabs.com/netbox-enterprise/
+    about: "Professional support is available for NetBox Enterprise or Cloud."
+  - name: 🌎 Correct a Translation
+    url: https://explore.transifex.com/netbox-community/netbox/
+    about: "Spot an incorrect translation? You can propose a fix on Transifex."
+  - name: 💡 Plugin Idea
+    url: https://plugin-ideas.netbox.dev
+    about: "Have an idea for a plugin? Head over to the ideas board!"
+  - name: 💬 Community Slack
+    url: https://netdev.chat
+    about: "Join #netbox on the NetDev Community Slack for assistance with installation issues and other problems."

.github/ISSUE_TEMPLATE/documentation_change.md

@@ -1,28 +0,0 @@
----
-name: 📖 Documentation Change
-about: Suggest an addition or modification to the NetBox documentation
-
----
-
-<!--
-    NOTE: IF YOUR ISSUE DOES NOT FOLLOW THIS TEMPLATE, IT WILL BE CLOSED.
-
-    Please indicate the nature of the change by placing an X in one of the
-    boxes below.
--->
-### Change Type
-[ ] Addition
-[ ] Correction
-[ ] Deprecation
-[ ] Cleanup (formatting, typos, etc.)
-
-### Area
-[ ] Installation instructions
-[ ] Configuration parameters
-[ ] Functionality/features
-[ ] REST API
-[ ] Administration/development
-[ ] Other
-
-<!-- Describe the proposed change(s). -->
-### Proposed Changes

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,56 +0,0 @@
----
-name: ✨ Feature Request
-about: Propose a new NetBox feature or enhancement
-
----
-
-<!--
-    NOTE: IF YOUR ISSUE DOES NOT FOLLOW THIS TEMPLATE, IT WILL BE CLOSED.
-
-    This form is only for proposing specific new features or enhancements.
-    If you have a general idea or question, please post to our mailing list
-    instead of opening an issue:
-
-        https://groups.google.com/forum/#!forum/netbox-discuss
-
-    NOTE: Due to an excessive backlog of feature requests, we are not currently
-    accepting any proposals which significantly extend NetBox's feature scope.
-
-    Please describe the environment in which you are running NetBox. Be sure
-    that you are running an unmodified instance of the latest stable release
-    before submitting a bug report.
--->
-### Environment
-* Python version:  <!-- Example: 3.6.9 -->
-* NetBox version:  <!-- Example: 2.7.3 -->
-
-<!--
-    Describe in detail the new functionality you are proposing. Include any
-    specific changes to work flows, data models, or the user interface.
--->
-### Proposed Functionality
-
-
-<!--
-    Convey an example use case for your proposed feature. Write from the
-    perspective of a NetBox user who would benefit from the proposed
-    functionality and describe how.
---->
-### Use Case
-
-
-<!--
-    Note any changes to the database schema necessary to support the new
-    feature. For example, does the proposal require adding a new model or
-    field? (Not all new features require database changes.)
---->
-### Database Changes
-
-
-<!--
-    List any new dependencies on external libraries or services that this new
-    feature would introduce. For example, does the proposal require the
-    installation of a new Python package? (Not all new features introduce new
-    dependencies.)
--->
-### External Dependencies

.github/ISSUE_TEMPLATE/housekeeping.md

@@ -1,16 +0,0 @@
----
-name: 🏡 Housekeeping
-about: A change pertaining to the codebase itself (developers only)
-
----
-
-<!--
-    NOTE: This template is for use by maintainers only. Please do not submit
-    an issue using this template unless you have been specifically asked to
-    do so.
--->
-### Proposed Changes
-
-
-<!-- Provide justification for the proposed change(s). -->
-### Justification

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,15 +1,17 @@
 <!--
-    Thank you for your interest in contributing to NetBox! Please note
-    that our contribution policy requires that a feature request or bug
-    report be opened for approval prior to filing a pull request. This
-    helps avoid wasting time and effort on something that we might not
-    be able to accept.
+    Thank you for your interest in contributing to NetBox! Please note that
+    our contribution policy requires that a feature request or bug report be
+    approved and assigned prior to opening a pull request. This helps avoid
+    waste time and effort on a proposed change that we might not be able to
+    accept.
 
-    Please indicate the relevant feature request or bug report below.
-    IF YOUR PULL REQUEST DOES NOT REFERENCE AN ACCEPTED BUG REPORT OR
-    FEATURE REQUEST, IT WILL BE MARKED AS INVALID AND CLOSED.
+    IF YOUR PULL REQUEST DOES NOT REFERENCE AN ISSUE WHICH HAS BEEN ASSIGNED
+    TO YOU, IT WILL BE CLOSED AUTOMATICALLY.
+
+    Please specify your assigned issue number on the line below.
 -->
-### Fixes: <ISSUE NUMBER GOES HERE>
+### Fixes: #1234
+
 <!--
     Please include a summary of the proposed changes below.
 -->

.github/lock.yml

@@ -1,23 +0,0 @@
-# Configuration for Lock (https://github.com/apps/lock)
-
-# Number of days of inactivity before a closed issue or pull request is locked
-daysUntilLock: 90
-
-# Skip issues and pull requests created before a given timestamp. Timestamp must
-# follow ISO 8601 (`YYYY-MM-DD`). Set to `false` to disable
-skipCreatedBefore: false
-
-# Issues and pull requests with these labels will be ignored. Set to `[]` to disable
-exemptLabels: []
-
-# Label to add before locking, such as `outdated`. Set to `false` to disable
-lockLabel: false
-
-# Comment to post before locking. Set to `false` to disable
-lockComment: false
-
-# Assign `resolved` as the reason for locking. Set to `false` to disable
-setLockReason: true
-
-# Limit to only `issues` or `pulls`
-# only: issues

.github/stale.yml

@@ -1,33 +0,0 @@
-# Configuration for Stale (https://github.com/apps/stale)
-
-# Pull requests are exempt from being marked as stale
-only: issues
-
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 14
-
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 7
-
-# Issues with these labels will never be considered stale
-exemptLabels:
-  - "status: accepted"
-  - "status: gathering feedback"
-  - "status: blocked"
-
-# Label to use when marking an issue as stale
-staleLabel: wontfix
-
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. NetBox
-  is governed by a small group of core maintainers which means not all opened
-  issues may receive direct feedback. Please see our [contributing guide](https://github.com/netbox-community/netbox/blob/develop/CONTRIBUTING.md).
-
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: >
-  This issue has been automatically closed due to lack of activity. In an
-  effort to reduce noise, please do not comment any further. Note that the
-  core maintainers may elect to reopen this issue at a later date if deemed
-  necessary.

.github/workflows/ci.yml

@@ -0,0 +1,109 @@
+name: CI
+
+on:
+  push:
+    paths-ignore:
+      - '.github/ISSUE_TEMPLATE/**'
+      - '.github/PULL_REQUEST_TEMPLATE.md'
+      - 'contrib/**'
+      - 'docs/**'
+      - 'netbox/translations/**'
+  pull_request:
+    paths-ignore:
+      - '.github/ISSUE_TEMPLATE/**'
+      - '.github/PULL_REQUEST_TEMPLATE.md'
+      - 'contrib/**'
+      - 'docs/**'
+      - 'netbox/translations/**'
+
+permissions:
+  contents: read
+
+# Add concurrency group to control job running
+concurrency:
+  group: ${{ github.event_name }}-${{ github.ref }}-${{ github.actor }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      NETBOX_CONFIGURATION: netbox.configuration_testing
+    strategy:
+      matrix:
+        python-version: ['3.10', '3.11', '3.12']
+        node-version: ['20.x']
+    services:
+      redis:
+        image: redis
+        ports:
+          - 6379:6379
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: netbox
+          POSTGRES_PASSWORD: netbox
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+
+    steps:
+    - name: Check out repo
+      uses: actions/checkout@v4
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+    
+    - name: Install Yarn Package Manager
+      run: npm install -g yarn
+    
+    - name: Setup Node.js with Yarn Caching
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: yarn
+        cache-dependency-path: netbox/project-static/yarn.lock
+    
+    - name: Install Frontend Dependencies
+      run: yarn --cwd netbox/project-static
+
+    - name: Install dependencies & set up configuration
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install ruff coverage tblib
+
+    - name: Build documentation
+      run: mkdocs build
+
+    - name: Collect static files
+      run: python netbox/manage.py collectstatic --no-input
+
+    - name: Check for missing migrations
+      run: python netbox/manage.py makemigrations --check
+
+    - name: Check PEP8 compliance
+      run: ruff check netbox/
+
+    - name: Check UI ESLint, TypeScript, and Prettier Compliance
+      run: yarn --cwd netbox/project-static validate
+    
+    - name: Validate Static Asset Integrity
+      run: scripts/verify-bundles.sh
+
+    - name: Run tests
+      run: coverage run --source="netbox/" netbox/manage.py test netbox/ --parallel
+
+    - name: Show coverage report
+      run: coverage report --skip-covered --omit '*/migrations/*,*/tests/*'

.github/workflows/close-incomplete-issues.yml

@@ -0,0 +1,32 @@
+# close-stale-issues (https://github.com/marketplace/actions/close-stale-issues)
+name: Close incomplete issues
+
+on:
+  schedule:
+    - cron: '15 4 * * *'
+  workflow_dispatch:
+
+permissions:
+  actions: write
+  issues: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          close-issue-message: >
+            This issue is being closed as no further information has been provided. If
+            you would like to revisit this topic, please first modify your original post
+            to include all the requested detail, and then ask that the issue be reopened.
+          days-before-stale: 7
+          days-before-close: 7
+          only-issue-labels: 'status: revisions needed'
+          operations-per-run: 100
+          remove-stale-when-updated: false
+          stale-issue-label: 'pending closure'
+          stale-issue-message: >
+            This is a reminder that additional information is needed in order to further
+            triage this issue. If the requested details are not provided, the issue will
+            soon be closed automatically.

.github/workflows/close-stale-issues.yml

@@ -0,0 +1,53 @@
+# close-stale-issues (https://github.com/marketplace/actions/close-stale-issues)
+name: Close stale issues/PRs
+
+on:
+  schedule:
+    - cron: '0 4 * * *'
+  workflow_dispatch:
+
+permissions:
+  actions: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          # General parameters
+          operations-per-run: 200
+          remove-stale-when-updated: false
+
+          # Issue parameters
+          close-issue-message: >
+            This issue has been automatically closed due to lack of activity. In an
+            effort to reduce noise, please do not comment any further. Note that the
+            core maintainers may elect to reopen this issue at a later date if deemed
+            necessary.
+          days-before-issue-stale: 90
+          days-before-issue-close: 30
+          exempt-issue-labels: 'status: accepted,status: backlog,status: blocked'
+          stale-issue-label: 'pending closure'
+          stale-issue-message: >
+            This issue has been automatically marked as stale because it has not had
+            recent activity. It will be closed if no further activity occurs. NetBox
+            is governed by a small group of core maintainers which means not all opened
+            issues may receive direct feedback. **Do not** attempt to circumvent this
+            process by "bumping" the issue; doing so will result in its immediate closure
+            and you may be barred from participating in any future discussions. Please see
+            our [contributing guide](https://github.com/netbox-community/netbox/blob/main/CONTRIBUTING.md).
+
+          # Pull request parameters
+          close-pr-message: >
+            This PR has been automatically closed due to lack of activity.
+          days-before-pr-stale: 30
+          days-before-pr-close: 15
+          exempt-pr-labels: 'status: blocked'
+          stale-pr-label: 'pending closure'
+          stale-pr-message: >
+            This PR has been automatically marked as stale because it has not had
+            recent activity. It will be closed automatically if no further action is
+            taken.

.github/workflows/lock-threads.yml

@@ -0,0 +1,23 @@
+# lock-threads (https://github.com/marketplace/actions/lock-threads)
+name: Lock threads
+
+on:
+  schedule:
+    - cron: '0 3 * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+  discussions: write
+
+jobs:
+  lock:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@v5
+        with:
+          issue-inactive-days: 90
+          pr-inactive-days: 30
+          discussion-inactive-days: 180
+          issue-lock-reason: 'resolved'

.github/workflows/update-translation-strings.yml

@@ -0,0 +1,54 @@
+name: Update translation strings
+
+on:
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+env:
+  LOCALE: "en"
+
+jobs:
+  makemessages:
+    runs-on: ubuntu-latest
+    env:
+      NETBOX_CONFIGURATION: netbox.configuration_testing
+
+    steps:
+    - name: Create app token
+      uses: actions/create-github-app-token@v1
+      id: app-token
+      with:
+        app-id: 1076524
+        private-key: ${{ secrets.HOUSEKEEPING_SECRET_KEY }}
+
+    - name: Check out repo
+      uses: actions/checkout@v4
+      with:
+          token: ${{ steps.app-token.outputs.token }}
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.11
+
+    - name: Install system dependencies
+      run: sudo apt install -y gettext
+
+    - name: Install Python dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+
+    - name: Run makemessages
+      run: python netbox/manage.py makemessages -l ${{ env.LOCALE }}
+
+    - name: Commit changes
+      uses: EndBug/add-and-commit@v9
+      with:
+        add: 'netbox/translations/'
+        default_author: github_actions
+        message: 'Update source translation strings'

.gitignore

@@ -1,7 +1,14 @@
 *.pyc
 *.swp
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+/netbox/project-static/node_modules
+/netbox/project-static/docs/*
+!/netbox/project-static/docs/.info
 /netbox/netbox/configuration.py
 /netbox/netbox/ldap_config.py
+/netbox/local/*
 /netbox/reports/*
 !/netbox/reports/__init__.py
 /netbox/scripts/*
@@ -9,12 +16,16 @@
 /netbox/static
 /venv/
 /*.sh
+local_requirements.txt
+local_settings.py
 !upgrade.sh
 fabfile.py
 gunicorn.py
+uwsgi.ini
 netbox.log
 netbox.pid
 .DS_Store
 .idea
 .coverage
 .vscode
+.python-version

.pre-commit-config.yaml

@@ -0,0 +1,44 @@
+repos:
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.6.9
+  hooks:
+    - id: ruff
+      name: "Ruff linter"
+      args: [ netbox/ ]
+- repo: local
+  hooks:
+    - id: django-check
+      name: "Django system check"
+      description: "Run Django's internal check for common problems"
+      entry: python netbox/manage.py check
+      language: system
+      pass_filenames: false
+      types: [python]
+    - id: django-makemigrations
+      name: "Django migrations check"
+      description: "Check for any missing Django migrations"
+      entry: python netbox/manage.py makemigrations --check
+      language: system
+      pass_filenames: false
+      types: [python]
+    - id: mkdocs-build
+      name: "Build documentation"
+      description: "Build the documentation with mkdocs"
+      files: 'docs/'
+      entry: mkdocs build
+      language: system
+      pass_filenames: false
+    - id: yarn-validate
+      name: "Yarn validate"
+      description: "Check UI ESLint, TypeScript, and Prettier compliance"
+      files: 'netbox/project-static/'
+      entry: yarn --cwd netbox/project-static validate
+      language: system
+      pass_filenames: false
+    - id: verify-bundles
+      name: "Verify static asset bundles"
+      description: "Ensure that any modified static assets have been compiled"
+      files: 'netbox/project-static/'
+      entry: scripts/verify-bundles.sh
+      language: system
+      pass_filenames: false

.readthedocs.yaml

@@ -0,0 +1,10 @@
+version: 2
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.12"
+mkdocs:
+  configuration: mkdocs.yml
+python:
+   install:
+   - requirements: requirements.txt

.travis.yml

@@ -1,19 +0,0 @@
-sudo: required
-services:
-  - postgresql
-  - redis-server
-addons:
-  postgresql: "9.6"
-language: python
-python:
-  - "3.6"
-  - "3.7"
-install:
-  - pip install -r requirements.txt
-  - pip install pycodestyle
-  - pip install coverage
-before_script:
-  - psql --version
-  - psql -U postgres -c 'SELECT version();'
-script:
-  - ./scripts/cibuild.sh

.tx/config

@@ -0,0 +1,12 @@
+[main]
+host = https://app.transifex.com
+
+[o:netbox-community:p:netbox:r:034999968a7366ba27a8bdf1ab63bf42]
+file_filter            = netbox/translations/<lang>/LC_MESSAGES/django.po
+source_file            = netbox/translations/en/LC_MESSAGES/django.po
+type                   = PO
+minimum_perc           = 0
+resource_name          = django.po
+replace_edited_strings = false
+keep_translations      = false
+

CHANGELOG.md

@@ -1 +1 @@
-The changelog has been moved to the [project release notes](https://netbox.readthedocs.io/en/stable/release-notes/).
+The changelog has been moved to the [project release notes](https://docs.netbox.dev/en/stable/release-notes/).

CONTRIBUTING.md

@@ -1,168 +1,134 @@
-## Getting Help
+**Looking for help?** NetBox has a vast, active community of fellow users that may be able to provide assistance. Just [start a discussion](https://github.com/netbox-community/netbox/discussions/new) right here on GitHub! Or if you'd prefer to chat, join us live in the `#netbox` channel on the [NetDev Community Slack](https://netdev.chat/)!
 
-If you encounter any issues installing or using NetBox, try one of the
-following resources to get assistance. Please **do not** open a GitHub issue
-except to report bugs or request features.
+<div align="center">
+  <h3>
+    :bug: <a href="#bug-reporting-bugs">Report a bug</a> &middot;
+    :bulb: <a href="#bulb-feature-requests">Suggest a feature</a> &middot;
+    :arrow_heading_up: <a href="#arrow_heading_up-submitting-pull-requests">Submit a pull request</a>
+  </h3>
+  <h3>
+    :jigsaw: <a href="#jigsaw-creating-plugins">Create a plugin</a> &middot;
+    :rescue_worker_helmet: <a href="#rescue_worker_helmet-become-a-maintainer">Become a maintainer</a> &middot;
+    :heart: <a href="#heart-other-ways-to-contribute">Other ideas</a>
+  </h3>
+</div>
+<h3></h3>
 
-### Mailing List
+## :information_source: Welcome to the Stadium!
 
-We have established a Google Groups Mailing List for issues and general
-discussion. This is the best forum for obtaining assistance with NetBox
-installation. You can find us [here](https://groups.google.com/forum/#!forum/netbox-discuss).
+In her book [Working in Public](https://www.amazon.com/Working-Public-Making-Maintenance-Software/dp/0578675862), Nadia Eghbal defines four production models for open source projects, categorized by contributor and user growth: federations, clubs, toys, and stadiums. The NetBox project fits her definition of a stadium very well:
 
-### Slack
+> Stadiums are projects with low contributor growth and high user growth. While they may receive casual contributions, their regular contributor base does not grow proportionately to their users. As a result, they tend to be powered by one or a few developers.
 
-For real-time discussion, you can join the #netbox Slack channel on [NetworkToCode](https://slack.networktocode.com/).
+The bulk of NetBox's development is carried out by a handful of core maintainers, with occasional contributions from collaborators in the community. We find the stadium analogy very useful in conveying the roles and obligations of both contributors and users.
 
-## Reporting Bugs
+If you're a contributor, actively working on the center stage, you have an obligation to produce quality content that will benefit the project as a whole. Conversely, if you're in the audience consuming the work being produced, you have the option of making requests and suggestions, but must also recognize that contributors are under no obligation to act on them.
 
-* First, ensure that you're running the [latest stable version](https://github.com/netbox-community/netbox/releases)
-of NetBox. If you're running an older version, it's possible that the bug has
-already been fixed.
+NetBox users are welcome to participate in either role, on stage or in the crowd. We ask only that you acknowledge the role you've chosen and respect the roles of others.
 
-* Next, check the GitHub [issues list](https://github.com/netbox-community/netbox/issues)
-to see if the bug you've found has already been reported. If you think you may
-be experiencing a reported issue that hasn't already been resolved, please
-click "add a reaction" in the top right corner of the issue and add a thumbs
-up (+1). You might also want to add a comment describing how it's affecting your
-installation. This will allow us to prioritize bugs based on how many users are
-affected.
+### General Tips for Working on GitHub
 
-* When submitting an issue, please be as descriptive as possible. Be sure to
-provide all information request in the issue template, including:
+* Register for a free [GitHub account](https://github.com/signup) if you haven't already.
+* You can use [GitHub Markdown](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax) for formatting text and adding images.
+* To help mitigate notification spam, please avoid "bumping" issues with no activity. (To vote an issue up or down, use a :thumbsup: or :thumbsdown: reaction.)
+* Please avoid pinging members with `@` unless they've previously expressed interest or involvement with that particular issue.
+* Familiarize yourself with [this list of discussion anti-patterns](https://github.com/bradfitz/issue-tracker-behaviors) and make every effort to avoid them.
 
-    * The environment in which NetBox is running
-    * The exact steps that can be taken to reproduce the issue
-    * Expected and observed behavior
-    * Any error messages generated
-    * Screenshots (if applicable)
+## :bug: Reporting Bugs
 
-* Please avoid prepending any sort of tag (e.g. "[Bug]") to the issue title.
-The issue will be reviewed by a maintainer after submission and the appropriate
-labels will be applied for categorization.
+:warning: Bug reports are used to call attention to some unintended or unexpected behavior in NetBox, such as when an error occurs or when the result of taking some action is inconsistent with the documentation. **Bug reports may not be used to suggest new functionality**; please see "feature requests" below if that is your goal.
 
-* Keep in mind that we prioritize bugs based on their severity and how much
-work is required to resolve them. It may take some time for someone to address
-your issue.
+* First, ensure that you're running the [latest stable version](https://github.com/netbox-community/netbox/releases) of NetBox. If you're running an older version, it's likely that the bug has already been fixed.
+
+* Next, search our [issues list](https://github.com/netbox-community/netbox/issues?q=is%3Aissue) to see if the bug you've found has already been reported. If you come across a bug report that seems to match, please click "add a reaction" in the bottom left corner of the issue and add a thumbs up ( :thumbsup: ). This will help draw more attention to it. Any comments you can add to provide additional information or context would also be much appreciated.
+
+* If you can't find any existing issues (open or closed) that seem to match yours, you're welcome to [submit a new bug report](https://github.com/netbox-community/netbox/issues/new?label=type%3A+bug&template=bug_report.yaml). Be sure to complete the entire report template, including detailed steps that someone triaging your issue can follow to confirm the reported behavior. (If we're not able to replicate the bug based on the information provided, we'll ask for additional detail.)
+
+* Some other tips to keep in mind:
+  * Error messages and screenshots are especially helpful.
+  * Don't prepend your issue title with a label like `[Bug]`; the proper label will be assigned automatically.
+  * Ensure that your reproduction instructions don't reference data in our [demo instance](https://demo.netbox.dev/), which gets rebuilt nightly.
+  * Verify that you have GitHub notifications enabled and are subscribed to your issue after submitting.
+  * We appreciate your patience as bugs are prioritized by their severity, impact, and difficulty to resolve.
 
 * For more information on how bug reports are handled, please see our [issue
 intake policy](https://github.com/netbox-community/netbox/wiki/Issue-Intake-Policy).
 
-## Feature Requests
+## :bulb: Feature Requests
 
-* First, check the GitHub [issues list](https://github.com/netbox-community/netbox/issues)
-to see if the feature you're requesting is already listed. (Be sure to search
-closed issues as well, since some feature requests have been rejected.) If the
-feature you'd like to see has already been requested and is open, click "add a
-reaction" in the top right corner of the issue and add a thumbs up (+1). This
-ensures that the issue has a better chance of receiving attention. Also feel
-free to add a comment with any additional justification for the feature.
-(However, note that comments with no substance other than a "+1" will be
-deleted. Please use GitHub's reactions feature to indicate your support.)
+* First, check the GitHub [issues list](https://github.com/netbox-community/netbox/issues?q=is%3Aissue) to see if the feature you have in mind has already been proposed. If you happen to find an open feature request that matches your idea, click "add a reaction" in the top right corner of the issue and add a thumbs up ( :thumbsup: ). This ensures that the issue has a better chance of receiving attention. Also feel free to add a comment with any additional justification for the feature.
 
-* Due to a large backlog of feature requests, we are not currently accepting
-any proposals which substantially extend NetBox's functionality beyond its
-current feature set. This includes the introduction of any new views or models
-which have not already been proposed in an existing feature request.
+* Please don't submit duplicate issues! Sometimes we reject feature requests, for various reasons. Even if you disagree with those reasons, please **do not** submit a duplicate feature request. It is very disrepectful of the maintainers' time, and you may be barred from opening future issues.
 
-* Before filing a new feature request, consider raising your idea on the
-mailing list first. Feedback you receive there will help validate and shape the
-proposed feature before filing a formal issue.
+* If you have a rough idea that's not quite ready for formal submission yet, start a [GitHub discussion](https://github.com/netbox-community/netbox/discussions) instead. This is a great way to test the viability and narrow down the scope of a new feature prior to submitting a formal proposal, and can serve to generate interest in your idea from other community members.
 
-* Good feature requests are very narrowly defined. Be sure to thoroughly
-describe the functionality and data model(s) being proposed. The more effort
-you put into writing a feature request, the better its chance is of being
-implemented. Overly broad feature requests will be closed.
+* Once you're ready, submit a feature request [using this template](https://github.com/netbox-community/netbox/issues/new?label=type%3A+feature&template=feature_request.yaml). Be sure to provide sufficient context and detail to convey exactly what you're proposing and why. The stronger your use case, the better chance your proposal has of being accepted.
 
-* When submitting a feature request on GitHub, be sure to include all
-information requested by the issue template, including:
+* Some other tips to keep in mind:
+  * Don't prepend your issue title with a label like `[Feature]`; the proper label will be assigned automatically.
+  * Try to anticipate any likely questions about your proposal and provide that information proactively.
+  * Verify that you have GitHub notifications enabled and are subscribed to your issue after submitting.
+  * You're welcome to volunteer to implement your FR, but don't submit a pull request until it has been approved.
 
-    * A detailed description of the proposed functionality
-    * A use case for the feature; who would use it and what value it would add
-      to NetBox
-    * A rough description of changes necessary to the database schema (if
-      applicable)
-    * Any third-party libraries or other resources which would be involved
+* For more information on how feature requests are handled, please see our [issue intake policy](https://github.com/netbox-community/netbox/wiki/Issue-Intake-Policy).
 
-* Please avoid prepending any sort of tag (e.g. "[Feature]") to the issue
-title. The issue will be reviewed by a moderator after submission and the
-appropriate labels will be applied for categorization.
+## :arrow_heading_up: Submitting Pull Requests
 
-* For more information on how feature requests are handled, please see our
-[issue intake policy](https://github.com/netbox-community/netbox/wiki/Issue-Intake-Policy).
+* [Pull requests](https://docs.github.com/en/pull-requests) (a feature of GitHub) are used to propose changes to NetBox's code base. Our process generally goes like this:
+  * A user opens a new issue (bug report or feature request)
+  * A maintainer triages the issue and may mark it as needing an owner
+  * The issue's author can volunteer to own it, or someone else can
+  * A maintainer assigns the issue to whomever volunteers
+  * The issue owner submits a pull request that will resolve the issue
+  * A maintainer reviews and merges the pull request, closing the issue
 
-## Submitting Pull Requests
+* It's very important that you not submit a pull request until a relevant issue has been opened **and** assigned to you. Otherwise, you risk wasting time on work that may ultimately not be needed.
 
-* Be sure to open an issue **before** starting work on a pull request, and
-discuss your idea with the NetBox maintainers before beginning work. This will
-help prevent wasting time on something that might we might not be able to
-implement. When suggesting a new feature, also make sure it won't conflict with
-any work that's already in progress.
+* New pull requests should generally be based off of the `main` branch. This branch, in keeping with the [trunk-based development](https://trunkbaseddevelopment.com/) approach, is used for ongoing development and bug fixes and always represents the newest stable code, from which releases are periodically branched. (If you're developing for an upcoming minor release, use `feature` instead.)
 
-* Any pull request which does _not_ relate to an accepted issue will be closed.
+* In most cases, it is not necessary to add a changelog entry: A maintainer will take care of this when the PR is merged. (This helps avoid merge conflicts resulting from multiple PRs being submitted simultaneously.)
 
-* All major new functionality must include relevant tests where applicable.
-
-* When submitting a pull request, please be sure to work off of the `develop`
-branch, rather than `master`. The `develop` branch is used for ongoing
-development, while `master` is used for tagging stable releases.
-
-* All code submissions should meet the following criteria (CI will enforce
-these checks):
-
-    * Python syntax is valid
-    * All tests pass when run with `./manage.py test`
-    * PEP 8 compliance is enforced, with the exception that lines may be
+* All code submissions must meet the following criteria (CI will enforce these checks where feasible):
+  * Consist entirely of original work
+  * Python syntax is valid
+  * All tests pass when run with `./manage.py test`
+  * PEP 8 compliance is enforced, with the exception that lines may be
       greater than 80 characters in length
 
-## Commenting
+> [!CAUTION]
+> Any contributions which include AI-generated or reproduced content will be rejected.
 
-Only comment on an issue if you are sharing a relevant idea or constructive
-feedback. **Do not** comment on an issue just to show your support (give the
-top post a :+1: instead) or ask for an ETA. These comments will be deleted to
-reduce noise in the discussion.
+* Some other tips to keep in mind:
+  * If you'd like to volunteer for someone else's issue, please post a comment on that issue letting us know. (This will allow the maintainers to assign it to you.)
+  * Check out our [developer docs](https://docs.netbox.dev/en/stable/development/getting-started/) for tips on setting up your development environment.
+  * All new functionality must include relevant tests where applicable.
 
-## Issue Lifecycle
+## :jigsaw: Creating Plugins
 
-New issues are handled according to our [issue intake policy](https://github.com/netbox-community/netbox/wiki/Issue-Intake-Policy).
-Maintainers will assign label(s) and/or close new issues as the policy
-dictates. This helps ensure a productive development environment and avoid
-accumulating a large backlog of work.
+Do you have an idea for something you'd like to build in NetBox, but might not be right for the core project? NetBox includes a powerful and extensive [plugins framework](https://docs.netbox.dev/en/stable/plugins/) that enables users to develop their own custom data models and integrations.
 
-The core maintainers group has chosen to make use of GitHub's [Stale bot](https://github.com/apps/stale)
-to aid in issue management.
+Check out our [plugin development tutorial](https://github.com/netbox-community/netbox-plugin-tutorial) to get started!
 
-* Issues will be marked as stale after 14 days of no activity.
-* Then after 7 more days of inactivity, the issue will be closed.
-* Any issue bearing one of the following labels will be exempt from all Stale
-  bot actions:
-  * `status: accepted`
-  * `status: gathering feedback`
-  * `status: blocked`
+## :rescue_worker_helmet: Become a Maintainer
 
-It is natural that some new issues get more attention than others. Often this
-is a metric of an issues's overall value to the project. In other cases in
-which issues merely get lost in the shuffle, notifications from Stale bot can
-bring renewed attention to potentially meaningful issues.
+We're always looking for motivated individuals to join the maintainers team and help drive NetBox's long-term development. Some of our most sought-after skills include:
 
-## Maintainer Guidance
+* Python development with a strong focus on the [Django](https://www.djangoproject.com/) framework
+* Expertise working with PostgreSQL databases
+* Javascript & TypeScript proficiency
+* A knack for web application design (HTML & CSS)
+* Familiarity with git and software development best practices
+* Excellent attention to detail
+* Working experience in the field of network operations & engineering
 
-* Maintainers are expected to contribute at least four hours per week to the
-  project on average. This can be employer-sponsored or individual time, with
-  the understanding that all contributions are submitted under the Apache 2.0
-  license and that your employer may not make claim to any contributions.
-  Contributions include code work, issue management, and community support. All
-  development must be in accordance with our [development guidance](https://netbox.readthedocs.io/en/stable/development/).
+We generally ask that maintainers dedicate around four hours of work to the project each week on average, which includes both hands-on development and project management tasks such as issue triage. Maintainers are also encouraged (but not required) to attend our bi-weekly Zoom call to catch up on recent items.
 
-* Maintainers are expected to attend (where feasible) our biweekly ~30-minute
-  sync to review agenda items. This meeting provides opportunity to present and
-  discuss pressing topics. Meetings are held as virtual audio/video conferences.
+Interested? You can contact our lead maintainer, Jeremy Stretch, at jeremy@netbox.dev or on the [NetDev Community Slack](https://netdev.chat/). We'd love to have you on the team!
 
-* Official channels for communication include:
+## :heart: Other Ways to Contribute
 
-    * GitHub issues/pull requests
-    * The [netbox-discuss](https://groups.google.com/forum/#!forum/netbox-discuss) mailing list
-    * The **#netbox** channel on [NetworkToCode Slack](https://networktocode.slack.com/)
+You don't have to be a developer to contribute to NetBox: There are plenty of other ways you can add value to the community! Below are just a few examples:
 
-* Maintainers with no substantial recorded activity in a 60-day period will be
-  removed from the project.
+* Help answer questions and provide feedback in our [GitHub discussions](https://github.com/netbox-community/netbox/discussions) and on [Slack](https://netdev.chat/).
+* Write a blog article or record a YouTube video demonstrating how NetBox is used at your organization.
+* Help grow our [library of device & module type definitions](https://github.com/netbox-community/devicetype-library).

NOTICE

@@ -1 +1,7 @@
 Copyrighted and licensed under Apache License 2.0 by DigitalOcean, LLC.
+
+This project contains code developed expressly for NetBox, and its reuse in
+other projects may introduce issues affecting performance, data integrity,
+and security.
+
+For more information, please see https://github.com/netbox-community/netbox.

README.md

@@ -1,54 +1,117 @@
-![NetBox](docs/netbox_logo.svg "NetBox logo")
+<div align="center">
+  <img src="https://raw.githubusercontent.com/netbox-community/netbox/main/docs/netbox_logo_light.svg" width="400" alt="NetBox logo" />
+  <p><strong>The cornerstone of every automated network</strong></p>
+  <a href="https://github.com/netbox-community/netbox/releases"><img src="https://img.shields.io/github/v/release/netbox-community/netbox" alt="Latest release" /></a>
+  <a href="https://github.com/netbox-community/netbox/blob/main/LICENSE.txt"><img src="https://img.shields.io/badge/license-Apache_2.0-blue.svg" alt="License" /></a>
+  <a href="https://github.com/netbox-community/netbox/graphs/contributors"><img src="https://img.shields.io/github/contributors/netbox-community/netbox?color=blue" alt="Contributors" /></a>
+  <a href="https://github.com/netbox-community/netbox/stargazers"><img src="https://img.shields.io/github/stars/netbox-community/netbox?style=flat" alt="GitHub stars" /></a>
+  <a href="https://explore.transifex.com/netbox-community/netbox/"><img src="https://img.shields.io/badge/languages-15-blue" alt="Languages supported" /></a>
+  <a href="https://github.com/netbox-community/netbox/actions/workflows/ci.yml"><img src="https://github.com/netbox-community/netbox/workflows/CI/badge.svg?branch=main" alt="CI status" /></a>
+  <p>
+    <strong><a href="https://github.com/netbox-community/netbox/">NetBox Community</a></strong> |
+    <strong><a href="https://netboxlabs.com/netbox-cloud/">NetBox Cloud</a></strong> |
+    <strong><a href="https://netboxlabs.com/netbox-enterprise/">NetBox Enterprise</a></strong>
+  </p>
+</div>
 
-NetBox is an IP address management (IPAM) and data center infrastructure
-management (DCIM) tool. Initially conceived by the network engineering team at
-[DigitalOcean](https://www.digitalocean.com/), NetBox was developed specifically
-to address the needs of network and infrastructure engineers. It is intended to
-function as a domain-specific source of truth for network operations.
+NetBox exists to empower network engineers. Since its release in 2016, it has become the go-to solution for modeling and documenting network infrastructure for thousands of organizations worldwide. As a successor to legacy IPAM and DCIM applications, NetBox provides a cohesive, extensive, and accessible data model for all things networked. By providing a single robust user interface and programmable APIs for everything from cable maps to device configurations, NetBox serves as the central source of truth for the modern network.
 
-NetBox runs as a web application atop the [Django](https://www.djangoproject.com/)
-Python framework with a [PostgreSQL](http://www.postgresql.org/) database. For a
-complete list of requirements, see `requirements.txt`. The code is available [on GitHub](https://github.com/netbox-community/netbox).
+<p align="center">
+  <a href="#netboxs-role">NetBox's Role</a> |
+  <a href="#why-netbox">Why NetBox?</a> |
+  <a href="#getting-started">Getting Started</a> |
+  <a href="#get-involved">Get Involved</a> |
+  <a href="#screenshots">Screenshots</a>
+</p>
 
-The complete documentation for NetBox can be found at [Read the Docs](http://netbox.readthedocs.io/en/stable/).
+<p align="center">
+  <img src="docs/media/screenshots/home-light.png" width="600" alt="NetBox user interface screenshot" />
+</p>
 
-Questions? Comments? Please subscribe to [the netbox-discuss mailing list](https://groups.google.com/forum/#!forum/netbox-discuss),
-or join us in the #netbox Slack channel on [NetworkToCode](https://networktocode.slack.com/)!
+## NetBox's Role
 
-### Build Status
+NetBox functions as the **source of truth** for your network infrastructure. Its job is to define and validate the _intended state_ of all network components and resources. NetBox does not interact with network nodes directly; rather, it makes this data available programmatically to purpose-built automation, monitoring, and assurance tools. This separation of duties enables the construction of a robust yet flexible automation system.
 
-|             | status |
-|-------------|------------|
-| **master** | [![Build Status](https://travis-ci.org/netbox-community/netbox.svg?branch=master)](https://travis-ci.com/netbox-community/netbox/) |
-| **develop** | [![Build Status](https://travis-ci.org/netbox-community/netbox.svg?branch=develop)](https://travis-ci.com/netbox-community/netbox/) |
+<p align="center">
+  <img src="docs/media/misc/reference_architecture.png" alt="Reference network automation architecture" />
+</p>
 
-### Screenshots
+The diagram above illustrates the recommended deployment architecture for an automated network, leveraging NetBox as the central authority for network state. This approach allows your team to swap out individual tools to meet changing needs while retaining a predictable, modular workflow.
 
-![Screenshot of main page](docs/media/screenshot1.png "Main page")
+## Why NetBox?
 
----
+### Comprehensive Data Model
 
-![Screenshot of rack elevation](docs/media/screenshot2.png "Rack elevation")
+Racks, devices, cables, IP addresses, VLANs, circuits, power, VPNs, and lots more: NetBox is built for networks. Its comprehensive and thoroughly inter-linked data model provides for natural and highly structured modeling of myriad network primitives that just isn't possible using general-purpose tools. And there's no need to waste time contemplating how to build out a database: Everything is ready to go upon installation.
 
----
+### Focused Development
 
-![Screenshot of prefix hierarchy](docs/media/screenshot3.png "Prefix hierarchy")
+NetBox strives to meet a singular goal: Provide the best available solution for making network infrastructure programmatically accessible. Unlike "all-in-one" tools which awkwardly bolt on half-baked features in an attempt to check every box, NetBox is committed to its core function. NetBox provides the best possible solution for modeling network infrastructure, and provides rich APIs for integrating with tools that excel in other areas of network automation.
 
-## Installation
+### Extensible and Customizable
 
-Please see [the documentation](http://netbox.readthedocs.io/en/stable/) for
-instructions on installing NetBox. To upgrade NetBox, please download the [latest release](https://github.com/netbox-community/netbox/releases)
-and run `upgrade.sh`.
+No two networks are exactly the same. Users are empowered to extend NetBox's native data model with custom fields and tags to best suit their unique needs. You can even write your own plugins to introduce entirely new objects and functionality!
 
-## Providing Feedback
+### Flexible Permissions
 
-Feature requests and bug reports must be submitted as GiHub issues. (Please be
-sure to use the [appropriate template](https://github.com/netbox-community/netbox/issues/new/choose).)
-For general discussion, please consider joining our [mailing list](https://groups.google.com/forum/#!forum/netbox-discuss).
+NetBox includes a fully customizable permission system, which affords administrators incredible granularity when assigning roles to users and groups. Want to restrict certain users to working only with cabling and not be able to change IP addresses? Or maybe each team should have access only to a particular tenant? NetBox enables you to craft roles as you see fit.
 
-If you are interested in contributing to the development of NetBox, please read
-our [contributing guide](CONTRIBUTING.md) prior to beginning any work.
+### Custom Validation & Protection Rules
 
-## Related projects
+The data you put into NetBox is crucial to network operations. In addition to its robust native validation rules, NetBox provides mechanisms for administrators to define their own custom validation rules for objects. Custom validation can be used both to ensure new or modified objects adhere to a set of rules, and to prevent the deletion of objects which don't meet certain criteria. (For example, you might want to prevent the deletion of a device with an "active" status.)
 
-Please see [our wiki](https://github.com/netbox-community/netbox/wiki/Community-Contributions) for a list of relevant community projects.
+### Device Configuration Rendering
+
+NetBox can render user-created Jinja2 templates to generate device configurations from its own data. Configuration templates can be uploaded individually or pulled automatically from an external source, such as a git repository. Rendered configurations can be retrieved via the REST API for application directly to network devices via a provisioning tool such as Ansible or Salt.
+
+### Custom Scripts
+
+Complex workflows, such as provisioning a new branch office, can be tedious to carry out via the user interface. NetBox allows you to write and upload custom scripts that can be run directly from the UI. Scripts prompt users for input and then automate the necessary tasks to greatly simplify otherwise burdensome processes.
+
+### Automated Events
+
+Users can define event rules to automatically trigger a custom script or outbound webhook in response to a NetBox event. For example, you might want to automatically update a network monitoring service whenever a new device is added to NetBox, or update a DHCP server when an IP range is allocated.
+
+### Comprehensive Change Logging
+
+NetBox automatically logs the creation, modification, and deletion of all managed objects, providing a thorough change history. Changes can be attributed to the executing user, and related changes are grouped automatically by request ID.
+
+> [!NOTE]
+> A complete list of NetBox's myriad features can be found in [the introductory documentation](https://docs.netbox.dev/en/stable/introduction/).
+
+## Getting Started
+
+* Just want to explore? Check out [our public demo](https://demo.netbox.dev/) right now!
+* The [official documentation](https://docs.netbox.dev) offers a comprehensive introduction.
+* Check out [our wiki](https://github.com/netbox-community/netbox/wiki/Community-Contributions) for even more projects to get the most out of NetBox!
+
+## Get Involved
+
+* Follow [@NetBoxOfficial](https://twitter.com/NetBoxOfficial) on Twitter!
+* Join the conversation on [the discussion forum](https://github.com/netbox-community/netbox/discussions) and [Slack](https://netdev.chat/)!
+* Already a power user? You can [suggest a feature](https://github.com/netbox-community/netbox/issues/new?assignees=&labels=type%3A+feature&template=feature_request.yaml) or [report a bug](https://github.com/netbox-community/netbox/issues/new?assignees=&labels=type%3A+bug&template=bug_report.yaml) on GitHub.
+* Contributions from the community are encouraged and appreciated! Check out our [contributing guide](CONTRIBUTING.md) to get started.
+* [Share your idea](https://plugin-ideas.netbox.dev/) for a new plugin, or [learn how to build one](https://github.com/netbox-community/netbox-plugin-tutorial) yourself!
+
+## Screenshots
+
+<p align="center">
+  <strong>NetBox Dashboard (Light Mode)</strong><br />
+  <img src="docs/media/screenshots/home-light.png" width="600" alt="NetBox dashboard (light mode)" />
+</p>
+<p align="center">
+  <strong>NetBox Dashboard (Dark Mode)</strong><br />
+  <img src="docs/media/screenshots/home-dark.png" width="600" alt="NetBox dashboard (dark mode)" />
+</p>
+<p align="center">
+  <strong>Prefixes List</strong><br />
+  <img src="docs/media/screenshots/prefixes-list.png" width="600" alt="Prefixes list" />
+</p>
+<p align="center">
+  <strong>Rack View</strong><br />
+  <img src="docs/media/screenshots/rack.png" width="600" alt="Rack view" />
+</p>
+<p align="center">
+  <strong>Cable Trace</strong><br />
+  <img src="docs/media/screenshots/cable-trace.png" width="600" alt="Cable trace" />
+</p>

SECURITY.md

@@ -0,0 +1,31 @@
+# Security Policy
+
+## No Warranty
+
+Per the terms of the Apache 2 license, NetBox is offered "as is" and without any guarantee or warranty pertaining to its operation. While every reasonable effort is made by its maintainers to ensure the product remains free of security vulnerabilities, users are ultimately responsible for conducting their own evaluations of each software release.
+
+## Recommendations
+
+Administrators are encouraged to adhere to industry best practices concerning the secure operation of software, such as:
+
+* Do not expose your NetBox installation to the public Internet
+* Do not permit multiple users to share an account
+* Enforce minimum password complexity requirements for local accounts
+* Prohibit access to your database from clients other than the NetBox application
+* Keep your deployment updated to the most recent stable release
+
+## Reporting a Suspected Vulnerability
+
+If you believe you've uncovered a security vulnerability and wish to report it confidentially, you may do so by emailing `security@netboxlabs.com`. Please ensure that your report meets all the following conditions:
+
+* Affects the most recent stable release of NetBox, or a current beta release
+* Affects a NetBox instance installed and configured per the official documentation
+* Is reproducible following a prescribed set of instructions
+
+Please note that we **DO NOT** accept reports generated by automated tooling which merely suggest that a file or file(s) _may_ be vulnerable under certain conditions, as these are most often innocuous.
+
+For any security concerns regarding the community-maintained Docker image for NetBox, please see the [netbox-docker](https://github.com/netbox-community/netbox-docker) project.
+
+### Bug Bounties
+
+As NetBox is provided as free open source software, we do not offer any monetary compensation for vulnerability or bug reports, however your contributions are greatly appreciated.

base_requirements.txt

@@ -1,99 +1,149 @@
 # The Python web framework on which NetBox is built
-# https://github.com/django/django
-Django
-
-# Django caching using Redis
-# https://github.com/Suor/django-cacheops
-django-cacheops
+# https://docs.djangoproject.com/en/stable/releases/
+Django<5.2
 
 # Django middleware which permits cross-domain API requests
-# https://github.com/OttoYiu/django-cors-headers
+# https://github.com/adamchainz/django-cors-headers/blob/main/CHANGELOG.rst
 django-cors-headers
 
 # Runtime UI tool for debugging Django
-# https://github.com/jazzband/django-debug-toolbar
+# https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst
 django-debug-toolbar
 
 # Library for writing reusable URL query filters
-# https://github.com/carltongibson/django-filter
+# https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst
 django-filter
 
+# HTMX utilities for Django
+# https://django-htmx.readthedocs.io/en/latest/changelog.html
+django-htmx
+
 # Modified Preorder Tree Traversal (recursive nesting of objects)
-# https://github.com/django-mptt/django-mptt
+# https://github.com/django-mptt/django-mptt/blob/main/CHANGELOG.rst
 django-mptt
 
 # Context managers for PostgreSQL advisory locks
-# https://github.com/Xof/django-pglocks
+# https://github.com/Xof/django-pglocks/blob/master/CHANGES.txt
 django-pglocks
 
 # Prometheus metrics library for Django
-# https://github.com/korfuri/django-prometheus
+# https://github.com/korfuri/django-prometheus/blob/master/CHANGELOG.md
 django-prometheus
 
+# Django caching backend using Redis
+# https://github.com/jazzband/django-redis/blob/master/CHANGELOG.rst
+django-redis
+
+# Django extensions for Rich (terminal text rendering)
+# https://github.com/adamchainz/django-rich/blob/main/CHANGELOG.rst
+django-rich
+
 # Django integration for RQ (Reqis queuing)
-# https://github.com/rq/django-rq
+# https://github.com/rq/django-rq/blob/master/CHANGELOG.md
 django-rq
 
 # Abstraction models for rendering and paginating HTML tables
-# https://github.com/jieter/django-tables2
+# https://github.com/jieter/django-tables2/blob/master/CHANGELOG.md
 django-tables2
 
 # User-defined tags for objects
-# https://github.com/alex/django-taggit
+# https://github.com/jazzband/django-taggit/blob/master/CHANGELOG.rst
 django-taggit
 
-# A Django REST Framework serializer which represents tags
-# https://github.com/glemmaPaul/django-taggit-serializer
-django-taggit-serializer
-
 # A Django field for representing time zones
 # https://github.com/mfogel/django-timezone-field/
 django-timezone-field
 
 # A REST API framework for Django projects
-# https://github.com/encode/django-rest-framework
+# https://www.django-rest-framework.org/community/release-notes/
 djangorestframework
 
-# Swagger/OpenAPI schema generation for REST APIs
-# https://github.com/axnsan12/drf-yasg
-drf-yasg[validation]
+# Sane and flexible OpenAPI 3 schema generation for Django REST framework.
+# https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst
+drf-spectacular
+
+# Serve self-contained distribution builds of Swagger UI and Redoc with Django.
+# https://github.com/tfranzel/drf-spectacular-sidecar
+drf-spectacular-sidecar
+
+# RSS feed parser
+# https://github.com/kurtmckee/feedparser/blob/develop/CHANGELOG.rst
+feedparser
 
 # WSGI HTTP server
-# https://gunicorn.org/
+# https://docs.gunicorn.org/en/latest/news.html
 gunicorn
 
 # Platform-agnostic template rendering engine
-# https://github.com/pallets/jinja
+# https://jinja.palletsprojects.com/changes/
 Jinja2
 
 # Simple markup language for rendering HTML
-# https://github.com/Python-Markdown/markdown
+# https://python-markdown.github.io/changelog/
 Markdown
 
+# MkDocs Material theme (for documentation build)
+# https://squidfunk.github.io/mkdocs-material/changelog/
+mkdocs-material
+
+# Introspection for embedded code
+# https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md
+# See #18568
+mkdocstrings[python-legacy]==0.27.0
+
 # Library for manipulating IP prefixes and addresses
-# https://github.com/drkjam/netaddr
+# https://github.com/netaddr/netaddr/blob/master/CHANGELOG.rst
 netaddr
 
+# Python bindings to the ammonia HTML sanitization library.
+# https://github.com/messense/nh3
+nh3
+
 # Fork of PIL (Python Imaging Library) for image processing
-# https://github.com/python-pillow/Pillow
+# https://github.com/python-pillow/Pillow/releases
 Pillow
 
 # PostgreSQL database adapter for Python
-# https://github.com/psycopg/psycopg2
-psycopg2-binary
-
-# Extensive cryptographic library (fork of pycrypto)
-# https://github.com/Legrandin/pycryptodome
-pycryptodome
+# https://github.com/psycopg/psycopg/blob/master/docs/news.rst
+psycopg[c,pool]
 
 # YAML rendering library
-# https://github.com/yaml/pyyaml
+# https://github.com/yaml/pyyaml/blob/master/CHANGES
 PyYAML
 
-# In-memory key/value store used for caching and queuing
-# https://github.com/andymccurdy/redis-py
-redis
+# Requests
+# https://github.com/psf/requests/blob/main/HISTORY.md
+requests
+
+# rq
+# https://github.com/rq/rq/blob/master/CHANGES.md
+rq
+
+# Social authentication framework
+# https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md
+social-auth-core
+
+# Django app for social-auth-core
+# https://github.com/python-social-auth/social-app-django/blob/master/CHANGELOG.md
+social-auth-app-django
+
+# Strawberry GraphQL
+# https://github.com/strawberry-graphql/strawberry/blob/main/CHANGELOG.md
+strawberry-graphql
+
+# Strawberry GraphQL Django extension
+# https://github.com/strawberry-graphql/strawberry-django/releases
+# Pinned to v0.52.0 for suspected upstream bug; see #18329
+strawberry-graphql-django==0.52.0
 
 # SVG image rendering (used for rack elevations)
-# https://github.com/mozman/svgwrite
+# https://github.com/mozman/svgwrite/blob/master/NEWS.rst
 svgwrite
+
+# Tabular dataset library (for table-based exports)
+# https://github.com/jazzband/tablib/blob/master/HISTORY.md
+tablib
+
+# Timezone data (required by django-timezone-field on Python 3.9+)
+# https://github.com/python/tzdata/blob/master/NEWS.md
+tzdata

contrib/apache.conf

@@ -1,3 +1,12 @@
+<VirtualHost *:80>
+    # CHANGE THIS TO YOUR SERVER'S NAME
+    ServerName netbox.example.com
+
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
 <VirtualHost *:443>
     ProxyPreserveHost On
 
@@ -11,7 +20,7 @@
     Alias /static /opt/netbox/netbox/static
 
     <Directory /opt/netbox/netbox/static>
-        Options Indexes FollowSymLinks MultiViews
+        Options FollowSymLinks MultiViews
         AllowOverride None
         Require all granted
     </Directory>

contrib/generated_schema.json

@@ -0,0 +1,609 @@
+{
+    "type": "object",
+    "$id": "urn:devicetype-library:generated-schema",
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "additionalProperties": false,
+    "definitions": {
+        "airflow": {
+            "type": "string",
+            "enum": [
+                "front-to-rear",
+                "rear-to-front",
+                "left-to-right",
+                "right-to-left",
+                "side-to-rear",
+                "rear-to-side",
+                "bottom-to-top",
+                "top-to-bottom",
+                "passive",
+                "mixed"
+            ]
+        },
+        "weight-unit": {
+            "type": "string",
+            "enum": [
+                "kg",
+                "g",
+                "lb",
+                "oz"
+            ]
+        },
+        "subdevice-role": {
+            "type": "string",
+            "enum": [
+                "parent",
+                "child"
+            ]
+        },
+        "console-port": {
+            "type": "object",
+            "properties": {
+                "type": {
+                    "type": "string",
+                    "enum": [
+                        "de-9",
+                        "db-25",
+                        "rj-11",
+                        "rj-12",
+                        "rj-45",
+                        "mini-din-8",
+                        "usb-a",
+                        "usb-b",
+                        "usb-c",
+                        "usb-mini-a",
+                        "usb-mini-b",
+                        "usb-micro-a",
+                        "usb-micro-b",
+                        "usb-micro-ab",
+                        "other"
+                    ]
+                }
+            }
+        },
+        "console-server-port": {
+            "type": "object",
+            "properties": {
+                "type": {
+                    "type": "string",
+                    "enum": [
+                        "de-9",
+                        "db-25",
+                        "rj-11",
+                        "rj-12",
+                        "rj-45",
+                        "mini-din-8",
+                        "usb-a",
+                        "usb-b",
+                        "usb-c",
+                        "usb-mini-a",
+                        "usb-mini-b",
+                        "usb-micro-a",
+                        "usb-micro-b",
+                        "usb-micro-ab",
+                        "other"
+                    ]
+                }
+            }
+        },
+        "power-port": {
+            "type": "object",
+            "properties": {
+                "type": {
+                    "type": "string",
+                    "enum": [
+                        "iec-60320-c6",
+                        "iec-60320-c8",
+                        "iec-60320-c14",
+                        "iec-60320-c16",
+                        "iec-60320-c20",
+                        "iec-60320-c22",
+                        "iec-60309-p-n-e-4h",
+                        "iec-60309-p-n-e-6h",
+                        "iec-60309-p-n-e-9h",
+                        "iec-60309-2p-e-4h",
+                        "iec-60309-2p-e-6h",
+                        "iec-60309-2p-e-9h",
+                        "iec-60309-3p-e-4h",
+                        "iec-60309-3p-e-6h",
+                        "iec-60309-3p-e-9h",
+                        "iec-60309-3p-n-e-4h",
+                        "iec-60309-3p-n-e-6h",
+                        "iec-60309-3p-n-e-9h",
+                        "iec-60906-1",
+                        "nbr-14136-10a",
+                        "nbr-14136-20a",
+                        "nema-1-15p",
+                        "nema-5-15p",
+                        "nema-5-20p",
+                        "nema-5-30p",
+                        "nema-5-50p",
+                        "nema-6-15p",
+                        "nema-6-20p",
+                        "nema-6-30p",
+                        "nema-6-50p",
+                        "nema-10-30p",
+                        "nema-10-50p",
+                        "nema-14-20p",
+                        "nema-14-30p",
+                        "nema-14-50p",
+                        "nema-14-60p",
+                        "nema-15-15p",
+                        "nema-15-20p",
+                        "nema-15-30p",
+                        "nema-15-50p",
+                        "nema-15-60p",
+                        "nema-l1-15p",
+                        "nema-l5-15p",
+                        "nema-l5-20p",
+                        "nema-l5-30p",
+                        "nema-l5-50p",
+                        "nema-l6-15p",
+                        "nema-l6-20p",
+                        "nema-l6-30p",
+                        "nema-l6-50p",
+                        "nema-l10-30p",
+                        "nema-l14-20p",
+                        "nema-l14-30p",
+                        "nema-l14-50p",
+                        "nema-l14-60p",
+                        "nema-l15-20p",
+                        "nema-l15-30p",
+                        "nema-l15-50p",
+                        "nema-l15-60p",
+                        "nema-l21-20p",
+                        "nema-l21-30p",
+                        "nema-l22-20p",
+                        "nema-l22-30p",
+                        "cs6361c",
+                        "cs6365c",
+                        "cs8165c",
+                        "cs8265c",
+                        "cs8365c",
+                        "cs8465c",
+                        "ita-c",
+                        "ita-e",
+                        "ita-f",
+                        "ita-ef",
+                        "ita-g",
+                        "ita-h",
+                        "ita-i",
+                        "ita-j",
+                        "ita-k",
+                        "ita-l",
+                        "ita-m",
+                        "ita-n",
+                        "ita-o",
+                        "usb-a",
+                        "usb-b",
+                        "usb-c",
+                        "usb-mini-a",
+                        "usb-mini-b",
+                        "usb-micro-a",
+                        "usb-micro-b",
+                        "usb-micro-ab",
+                        "usb-3-b",
+                        "usb-3-micro-b",
+                        "molex-micro-fit-1x2",
+                        "molex-micro-fit-2x2",
+                        "molex-micro-fit-2x4",
+                        "dc-terminal",
+                        "saf-d-grid",
+                        "neutrik-powercon-20",
+                        "neutrik-powercon-32",
+                        "neutrik-powercon-true1",
+                        "neutrik-powercon-true1-top",
+                        "ubiquiti-smartpower",
+                        "hardwired",
+                        "other"
+                    ]
+                }
+            }
+        },
+        "power-outlet": {
+            "type": "object",
+            "properties": {
+                "type": {
+                    "type": "string",
+                    "enum": [
+                        "iec-60320-c5",
+                        "iec-60320-c7",
+                        "iec-60320-c13",
+                        "iec-60320-c15",
+                        "iec-60320-c19",
+                        "iec-60320-c21",
+                        "iec-60309-p-n-e-4h",
+                        "iec-60309-p-n-e-6h",
+                        "iec-60309-p-n-e-9h",
+                        "iec-60309-2p-e-4h",
+                        "iec-60309-2p-e-6h",
+                        "iec-60309-2p-e-9h",
+                        "iec-60309-3p-e-4h",
+                        "iec-60309-3p-e-6h",
+                        "iec-60309-3p-e-9h",
+                        "iec-60309-3p-n-e-4h",
+                        "iec-60309-3p-n-e-6h",
+                        "iec-60309-3p-n-e-9h",
+                        "iec-60906-1",
+                        "nbr-14136-10a",
+                        "nbr-14136-20a",
+                        "nema-1-15r",
+                        "nema-5-15r",
+                        "nema-5-20r",
+                        "nema-5-30r",
+                        "nema-5-50r",
+                        "nema-6-15r",
+                        "nema-6-20r",
+                        "nema-6-30r",
+                        "nema-6-50r",
+                        "nema-10-30r",
+                        "nema-10-50r",
+                        "nema-14-20r",
+                        "nema-14-30r",
+                        "nema-14-50r",
+                        "nema-14-60r",
+                        "nema-15-15r",
+                        "nema-15-20r",
+                        "nema-15-30r",
+                        "nema-15-50r",
+                        "nema-15-60r",
+                        "nema-l1-15r",
+                        "nema-l5-15r",
+                        "nema-l5-20r",
+                        "nema-l5-30r",
+                        "nema-l5-50r",
+                        "nema-l6-15r",
+                        "nema-l6-20r",
+                        "nema-l6-30r",
+                        "nema-l6-50r",
+                        "nema-l10-30r",
+                        "nema-l14-20r",
+                        "nema-l14-30r",
+                        "nema-l14-50r",
+                        "nema-l14-60r",
+                        "nema-l15-20r",
+                        "nema-l15-30r",
+                        "nema-l15-50r",
+                        "nema-l15-60r",
+                        "nema-l21-20r",
+                        "nema-l21-30r",
+                        "nema-l22-20r",
+                        "nema-l22-30r",
+                        "CS6360C",
+                        "CS6364C",
+                        "CS8164C",
+                        "CS8264C",
+                        "CS8364C",
+                        "CS8464C",
+                        "ita-e",
+                        "ita-f",
+                        "ita-g",
+                        "ita-h",
+                        "ita-i",
+                        "ita-j",
+                        "ita-k",
+                        "ita-l",
+                        "ita-m",
+                        "ita-n",
+                        "ita-o",
+                        "ita-multistandard",
+                        "usb-a",
+                        "usb-micro-b",
+                        "usb-c",
+                        "molex-micro-fit-1x2",
+                        "molex-micro-fit-2x2",
+                        "molex-micro-fit-2x4",
+                        "dc-terminal",
+                        "eaton-c39",
+                        "hdot-cx",
+                        "saf-d-grid",
+                        "neutrik-powercon-20a",
+                        "neutrik-powercon-32a",
+                        "neutrik-powercon-true1",
+                        "neutrik-powercon-true1-top",
+                        "ubiquiti-smartpower",
+                        "hardwired",
+                        "other"
+                    ]
+                },
+                "feed-leg": {
+                    "type": "string",
+                    "enum": [
+                        "A",
+                        "B",
+                        "C"
+                    ]
+                }
+            }
+        },
+        "interface": {
+            "type": "object",
+            "properties": {
+                "type": {
+                    "type": "string",
+                    "enum": [
+                        "virtual",
+                        "bridge",
+                        "lag",
+                        "100base-fx",
+                        "100base-lfx",
+                        "100base-tx",
+                        "100base-t1",
+                        "1000base-t",
+                        "1000base-lx",
+                        "1000base-tx",
+                        "2.5gbase-t",
+                        "5gbase-t",
+                        "10gbase-t",
+                        "10gbase-cx4",
+                        "100base-x-sfp",
+                        "1000base-x-gbic",
+                        "1000base-x-sfp",
+                        "10gbase-x-sfpp",
+                        "10gbase-x-xfp",
+                        "10gbase-x-xenpak",
+                        "10gbase-x-x2",
+                        "25gbase-x-sfp28",
+                        "50gbase-x-sfp56",
+                        "40gbase-x-qsfpp",
+                        "50gbase-x-sfp28",
+                        "100gbase-x-cfp",
+                        "100gbase-x-cfp2",
+                        "200gbase-x-cfp2",
+                        "400gbase-x-cfp2",
+                        "100gbase-x-cfp4",
+                        "100gbase-x-cxp",
+                        "100gbase-x-cpak",
+                        "100gbase-x-dsfp",
+                        "100gbase-x-sfpdd",
+                        "100gbase-x-qsfp28",
+                        "100gbase-x-qsfpdd",
+                        "200gbase-x-qsfp56",
+                        "200gbase-x-qsfpdd",
+                        "400gbase-x-qsfp112",
+                        "400gbase-x-qsfpdd",
+                        "400gbase-x-osfp",
+                        "400gbase-x-osfp-rhs",
+                        "400gbase-x-cdfp",
+                        "400gbase-x-cfp8",
+                        "800gbase-x-qsfpdd",
+                        "800gbase-x-osfp",
+                        "1000base-kx",
+                        "2.5gbase-kx",
+                        "5gbase-kr",
+                        "10gbase-kr",
+                        "10gbase-kx4",
+                        "25gbase-kr",
+                        "40gbase-kr4",
+                        "50gbase-kr",
+                        "100gbase-kp4",
+                        "100gbase-kr2",
+                        "100gbase-kr4",
+                        "ieee802.11a",
+                        "ieee802.11g",
+                        "ieee802.11n",
+                        "ieee802.11ac",
+                        "ieee802.11ad",
+                        "ieee802.11ax",
+                        "ieee802.11ay",
+                        "ieee802.11be",
+                        "ieee802.15.1",
+                        "ieee802.15.4",
+                        "other-wireless",
+                        "gsm",
+                        "cdma",
+                        "lte",
+                        "4g",
+                        "5g",
+                        "sonet-oc3",
+                        "sonet-oc12",
+                        "sonet-oc48",
+                        "sonet-oc192",
+                        "sonet-oc768",
+                        "sonet-oc1920",
+                        "sonet-oc3840",
+                        "1gfc-sfp",
+                        "2gfc-sfp",
+                        "4gfc-sfp",
+                        "8gfc-sfpp",
+                        "16gfc-sfpp",
+                        "32gfc-sfp28",
+                        "32gfc-sfpp",
+                        "64gfc-qsfpp",
+                        "64gfc-sfpdd",
+                        "64gfc-sfpp",
+                        "128gfc-qsfp28",
+                        "infiniband-sdr",
+                        "infiniband-ddr",
+                        "infiniband-qdr",
+                        "infiniband-fdr10",
+                        "infiniband-fdr",
+                        "infiniband-edr",
+                        "infiniband-hdr",
+                        "infiniband-ndr",
+                        "infiniband-xdr",
+                        "t1",
+                        "e1",
+                        "t3",
+                        "e3",
+                        "xdsl",
+                        "docsis",
+                        "bpon",
+                        "epon",
+                        "10g-epon",
+                        "gpon",
+                        "xg-pon",
+                        "xgs-pon",
+                        "ng-pon2",
+                        "25g-pon",
+                        "50g-pon",
+                        "cisco-stackwise",
+                        "cisco-stackwise-plus",
+                        "cisco-flexstack",
+                        "cisco-flexstack-plus",
+                        "cisco-stackwise-80",
+                        "cisco-stackwise-160",
+                        "cisco-stackwise-320",
+                        "cisco-stackwise-480",
+                        "cisco-stackwise-1t",
+                        "juniper-vcp",
+                        "extreme-summitstack",
+                        "extreme-summitstack-128",
+                        "extreme-summitstack-256",
+                        "extreme-summitstack-512",
+                        "other"
+                    ]
+                },
+                "poe_mode": {
+                    "type": "string",
+                    "enum": [
+                        "pd",
+                        "pse"
+                    ]
+                },
+                "poe_type": {
+                    "type": "string",
+                    "enum": [
+                        "type1-ieee802.3af",
+                        "type2-ieee802.3at",
+                        "type3-ieee802.3bt",
+                        "type4-ieee802.3bt",
+                        "passive-24v-2pair",
+                        "passive-24v-4pair",
+                        "passive-48v-2pair",
+                        "passive-48v-4pair"
+                    ]
+                }
+            }
+        },
+        "front-port": {
+            "type": "object",
+            "properties": {
+                "type": {
+                    "type": "string",
+                    "enum": [
+                        "8p8c",
+                        "8p6c",
+                        "8p4c",
+                        "8p2c",
+                        "6p6c",
+                        "6p4c",
+                        "6p2c",
+                        "4p4c",
+                        "4p2c",
+                        "gg45",
+                        "tera-4p",
+                        "tera-2p",
+                        "tera-1p",
+                        "110-punch",
+                        "bnc",
+                        "f",
+                        "n",
+                        "mrj21",
+                        "fc",
+                        "lc",
+                        "lc-pc",
+                        "lc-upc",
+                        "lc-apc",
+                        "lsh",
+                        "lsh-pc",
+                        "lsh-upc",
+                        "lsh-apc",
+                        "lx5",
+                        "lx5-pc",
+                        "lx5-upc",
+                        "lx5-apc",
+                        "mpo",
+                        "mtrj",
+                        "sc",
+                        "sc-pc",
+                        "sc-upc",
+                        "sc-apc",
+                        "st",
+                        "cs",
+                        "sn",
+                        "sma-905",
+                        "sma-906",
+                        "urm-p2",
+                        "urm-p4",
+                        "urm-p8",
+                        "splice",
+                        "usb-a",
+                        "usb-b",
+                        "usb-c",
+                        "usb-mini-a",
+                        "usb-mini-b",
+                        "usb-micro-a",
+                        "usb-micro-b",
+                        "usb-micro-ab",
+                        "other"
+                    ]
+                }
+            }
+        },
+        "rear-port": {
+            "type": "object",
+            "properties": {
+                "type": {
+                    "type": "string",
+                    "enum": [
+                        "8p8c",
+                        "8p6c",
+                        "8p4c",
+                        "8p2c",
+                        "6p6c",
+                        "6p4c",
+                        "6p2c",
+                        "4p4c",
+                        "4p2c",
+                        "gg45",
+                        "tera-4p",
+                        "tera-2p",
+                        "tera-1p",
+                        "110-punch",
+                        "bnc",
+                        "f",
+                        "n",
+                        "mrj21",
+                        "fc",
+                        "lc",
+                        "lc-pc",
+                        "lc-upc",
+                        "lc-apc",
+                        "lsh",
+                        "lsh-pc",
+                        "lsh-upc",
+                        "lsh-apc",
+                        "lx5",
+                        "lx5-pc",
+                        "lx5-upc",
+                        "lx5-apc",
+                        "mpo",
+                        "mtrj",
+                        "sc",
+                        "sc-pc",
+                        "sc-upc",
+                        "sc-apc",
+                        "st",
+                        "cs",
+                        "sn",
+                        "sma-905",
+                        "sma-906",
+                        "urm-p2",
+                        "urm-p4",
+                        "urm-p8",
+                        "splice",
+                        "usb-a",
+                        "usb-b",
+                        "usb-c",
+                        "usb-mini-a",
+                        "usb-mini-b",
+                        "usb-micro-a",
+                        "usb-micro-b",
+                        "usb-micro-ab",
+                        "other"
+                    ]
+                }
+            }
+        }
+    }
+}

contrib/gunicorn.py

@@ -1,4 +1,4 @@
-# The IP address (typically localhost) and port that the Netbox WSGI process should listen on
+# The IP address (typically localhost) and port that the NetBox WSGI process should listen on
 bind = '127.0.0.1:8001'
 
 # Number of gunicorn workers to spawn. This should typically be 2n+1, where
@@ -14,3 +14,7 @@ timeout = 120
 # The maximum number of requests a worker can handle before being respawned
 max_requests = 5000
 max_requests_jitter = 500
+
+# Uncomment this line to accept HTTP headers containing underscores, e.g. for remote
+# authentication support. See https://docs.gunicorn.org/en/stable/settings.html#header-map
+# header-map = 'dangerous'

contrib/netbox-housekeeping.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=NetBox Housekeeping Service
+Documentation=https://docs.netbox.dev/
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+
+User=netbox
+Group=netbox
+WorkingDirectory=/opt/netbox
+
+ExecStart=/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
+
+[Install]
+WantedBy=multi-user.target

contrib/netbox-housekeeping.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+# This shell script invokes NetBox's housekeeping management command, which
+# intended to be run nightly. This script can be copied into your system's
+# daily cron directory (e.g. /etc/cron.daily), or referenced directly from
+# within the cron configuration file.
+#
+# If NetBox has been installed into a nonstandard location, update the paths
+# below.
+/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping

contrib/netbox-housekeeping.timer

@@ -0,0 +1,13 @@
+[Unit]
+Description=NetBox Housekeeping Timer
+Documentation=https://docs.netbox.dev/
+After=network-online.target
+Wants=network-online.target
+
+[Timer]
+OnCalendar=daily
+AccuracySec=1h
+Persistent=true
+
+[Install]
+WantedBy=multi-user.target

contrib/netbox-rq.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=NetBox Request Queue Worker
-Documentation=https://netbox.readthedocs.io/en/stable/
+Documentation=https://docs.netbox.dev/
 After=network-online.target
 Wants=network-online.target
 
@@ -11,7 +11,7 @@ User=netbox
 Group=netbox
 WorkingDirectory=/opt/netbox
 
-ExecStart=/opt/netbox/venv/bin/python3 /opt/netbox/netbox/manage.py rqworker
+ExecStart=/opt/netbox/venv/bin/python3 /opt/netbox/netbox/manage.py rqworker high default low
 
 Restart=on-failure
 RestartSec=30

contrib/netbox.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=NetBox WSGI Service
-Documentation=https://netbox.readthedocs.io/en/stable/
+Documentation=https://docs.netbox.dev/
 After=network-online.target
 Wants=network-online.target
 
@@ -12,8 +12,12 @@ Group=netbox
 PIDFile=/var/tmp/netbox.pid
 WorkingDirectory=/opt/netbox
 
+# Remove the following line if using uWSGI instead of Gunicorn
 ExecStart=/opt/netbox/venv/bin/gunicorn --pid /var/tmp/netbox.pid --pythonpath /opt/netbox/netbox --config /opt/netbox/gunicorn.py netbox.wsgi
 
+# Uncomment the following line if using uWSGI instead of Gunicorn
+#ExecStart=/opt/netbox/venv/bin/uwsgi --ini /opt/netbox/uwsgi.ini
+
 Restart=on-failure
 RestartSec=30
 PrivateTmp=true

contrib/nginx.conf

@@ -1,5 +1,5 @@
 server {
-    listen 443 ssl;
+    listen [::]:443 ssl ipv6only=off;
 
     # CHANGE THIS TO YOUR SERVER'S NAME
     server_name netbox.example.com;
@@ -14,16 +14,26 @@ server {
     }
 
     location / {
+        # Remove these lines if using uWSGI instead of Gunicorn
         proxy_pass http://127.0.0.1:8001;
         proxy_set_header X-Forwarded-Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Uncomment these lines if using uWSGI instead of Gunicorn
+        # include uwsgi_params;
+        # uwsgi_pass  127.0.0.1:8001;
+        # uwsgi_param Host $host;
+        # uwsgi_param X-Real-IP $remote_addr;
+        # uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
+        # uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
+
     }
 }
 
 server {
     # Redirect HTTP traffic to HTTPS
-    listen 80;
+    listen [::]:80 ipv6only=off;
     server_name _;
     return 301 https://$host$request_uri;
 }

contrib/uwsgi.ini

@@ -0,0 +1,34 @@
+[uwsgi]
+; bind to the specified UNIX/TCP socket and port (usually localhost)
+socket = 127.0.0.1:8001
+
+; fail to start if any parameter in the configuration file isn’t explicitly understood by uWSGI.
+strict = true
+
+; re-spawn and pre-fork workers
+master = true
+
+; clear environment on exit
+vacuum = true
+
+; make SIGTERM stop the app (instead of reload)
+die-on-term = true
+
+; exit if no app can be loaded
+need-app = true
+
+; do not use multiple interpreters
+single-interpreter = true
+
+; change to the project directory
+chdir = netbox
+
+; specify the WSGI module to load
+module = netbox.wsgi
+
+; workaround to make uWSGI reloads work with pyuwsgi (not to be used if using uwsgi package instead)
+binary-path = venv/bin/python
+
+; only log internal messages and errors (reverse proxy already logs the requests)
+disable-logging = true
+log-5xx = true

docs/_theme/main.html

@@ -0,0 +1,9 @@
+{% extends "base.html" %}
+
+{% block site_meta %}
+  {{ super() }}
+  {# Disable search indexing unless we're building for public consumption #}
+  {% if not config.extra.build_public %}
+    <meta name="robots" content="noindex">
+  {% endif %}
+{% endblock %}

docs/_theme/partials/copyright.html

@@ -0,0 +1,18 @@
+<div class="md-copyright">
+  {% if config.copyright %}
+    <div class="md-copyright__highlight">
+      {{ config.copyright }}
+    </div>
+  {% endif %}
+  {% if not config.extra.generator == false %}
+    Made with
+    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
+      Material for MkDocs
+    </a>
+  {% endif %}
+</div>
+{% if not config.extra.build_public %}
+  <div class="md-copyright">
+    ℹ️ Documentation is being served locally
+  </div>
+{% endif %}

docs/additional-features/caching.md

@@ -1,21 +0,0 @@
-# Caching
-
-To improve performance, NetBox supports caching for most object and list views. Caching is implemented using Redis,
-and [django-cacheops](https://github.com/Suor/django-cacheops)
-
-Several management commands are avaliable for administrators to manually invalidate cache entries in extenuating circumstances.
-
-To invalidate a specifc model instance (for example a Device with ID 34):
-```
-python netbox/manage.py invalidate dcim.Device.34
-```
-
-To invalidate all instance of a model:
-```
-python netbox/manage.py invalidate dcim.Device
-```
-
-To flush the entire cache database:
-```
-python netbox/manage.py invalidate all
-```

docs/additional-features/change-logging.md

@@ -1,9 +0,0 @@
-# Change Logging
-
-Every time an object in NetBox is created, updated, or deleted, a serialized copy of that object is saved to the database, along with meta data including the current time and the user associated with the change. These records form a running changelog both for each individual object as well as NetBox as a whole (Organization > Changelog).
-
-A serialized representation is included for each object in JSON format. This is similar to how objects are conveyed within the REST API, but does not include any nested representations. For instance, the `tenant` field of a site will record only the tenant's ID, not a representation of the tenant.
-
-When a request is made, a random request ID is generated and attached to any change records resulting from the request. For example, editing multiple objects in bulk will create a change record for each object, and each of those objects will be assigned the same request ID. This makes it easy to identify all the change records associated with a particular request.
-
-Change records are exposed in the API via the read-only endpoint `/api/extras/object-changes/`. They may also be exported in CSV format.

docs/additional-features/context-data.md

@@ -1,3 +0,0 @@
-# Context Data
-
-{!docs/models/extras/configcontext.md!}

docs/additional-features/custom-fields.md

@@ -1,26 +0,0 @@
-# Custom Fields
-
-Each object in NetBox is represented in the database as a discrete table, and each attribute of an object exists as a column within its table. For example, sites are stored in the `dcim_site` table, which has columns named `name`, `facility`, `physical_address`, and so on. As new attributes are added to objects throughout the development of NetBox, tables are expanded to include new rows.
-
-However, some users might want to associate with objects attributes that are somewhat esoteric in nature, and that would not make sense to include in the core NetBox database schema. For instance, suppose your organization needs to associate each device with a ticket number pointing to the support ticket that was opened to have it installed. This is certainly a legitimate use for NetBox, but it's perhaps not a common enough need to warrant expanding the internal data schema. Instead, you can create a custom field to hold this data.
-
-Custom fields must be created through the admin UI under Extras > Custom Fields. To create a new custom field, select the object(s) to which you want it to apply, and the type of field it will be. NetBox supports six field types:
-
-* Free-form text (up to 255 characters)
-* Integer
-* Boolean (true/false)
-* Date
-* URL
-* Selection
-
-Assign the field a name. This should be a simple database-friendly string, e.g. `tps_report`. You may optionally assign the field a human-friendly label (e.g. "TPS report") as well; the label will be displayed on forms. If a description is provided, it will appear beneath the field in a form.
-
-Marking the field as required will require the user to provide a value for the field when creating a new object or when saving an existing object. A default value for the field may also be provided. Use "true" or "false" for boolean fields. (The default value has no effect for selection fields.)
-
-When creating a selection field, you should create at least two choices. These choices will be arranged first by weight, with lower weights appearing higher in the list, and then alphabetically.
-
-## Using Custom Fields
-
-When a single object is edited, the form will include any custom fields which have been defined for the object type. These fields are included in the "Custom Fields" panel. On the backend, each custom field value is saved separately from the core object as an independent database call, so it's best to avoid adding too many custom fields per object.
-
-When editing multiple objects, custom field values are saved in bulk. There is no significant difference in overhead when saving a custom field value for 100 objects versus one object. However, the bulk operation must be performed separately for each custom field.

docs/additional-features/custom-links.md

@@ -1,43 +0,0 @@
-# Custom Links
-
-Custom links allow users to place arbitrary hyperlinks within NetBox views. These are helpful for cross-referencing related records in external systems. For example, you might create a custom link on the device view which links to the current device in a network monitoring system.
-
-Custom links are created under the admin UI. Each link is associated with a particular NetBox object type (site, device, prefix, etc.) and will be displayed on relevant views. Each link is assigned text and a URL, both of which support Jinja2 templating. The text and URL are rendered with the context variable `obj` representing the current object.
-
-For example, you might define a link like this:
-
-* Text: `View NMS`
-* URL: `https://nms.example.com/nodes/?name={{ obj.name }}`
-
-When viewing a device named Router4, this link would render as:
-
-```
-<a href="https://nms.example.com/nodes/?name=Router4">View NMS</a>
-```
-
-Custom links appear as buttons at the top right corner of the page. Numeric weighting can be used to influence the ordering of links.
-
-## Conditional Rendering
-
-Only links which render with non-empty text are included on the page. You can employ conditional Jinja2 logic to control the conditions under which a link gets rendered.
-
-For example, if you only want to display a link for active devices, you could set the link text to
-
-```
-{% if obj.status == 1 %}View NMS{% endif %}
-```
-
-The link will not appear when viewing a device with any status other than "active."
-
-Another example, if you want to only show an object of a certain manufacturer, you could set the link text to:
-
-```
-{% if obj.device_type.manufacturer.name == 'Cisco' %}View NMS {% endif %}
-```
-
-The link will only appear when viewing a device with a manufacturer name of "Cisco."
-
-## Link Groups
-
-You can specify a group name to organize links into related sets. Grouped links will render as a dropdown menu beneath a
-single button bearing the name of the group.

docs/additional-features/custom-scripts.md

@@ -1,268 +0,0 @@
-# Custom Scripts
-
-Custom scripting was introduced to provide a way for users to execute custom logic from within the NetBox UI. Custom scripts enable the user to directly and conveniently manipulate NetBox data in a prescribed fashion. They can be used to accomplish myriad tasks, such as:
-
-* Automatically populate new devices and cables in preparation for a new site deployment
-* Create a range of new reserved prefixes or IP addresses
-* Fetch data from an external source and import it to NetBox
-
-Custom scripts are Python code and exist outside of the official NetBox code base, so they can be updated and changed without interfering with the core NetBox installation. And because they're written from scratch, a custom script can be used to accomplish just about anything.
-
-## Writing Custom Scripts
-
-All custom scripts must inherit from the `extras.scripts.Script` base class. This class provides the functionality necessary to generate forms and log activity.
-
-```
-from extras.scripts import Script
-
-class MyScript(Script):
-    ..
-```
-
-Scripts comprise two core components: variables and a `run()` method. Variables allow your script to accept user input via the NetBox UI. The `run()` method is where your script's execution logic lives. (Note that your script can have as many methods as needed: this is merely the point of invocation for NetBox.)
-
-```
-class MyScript(Script):
-    var1 = StringVar(...)
-    var2 = IntegerVar(...)
-    var3 = ObjectVar(...)
-
-    def run(self, data, commit):
-        ...
-```
-
-The `run()` method should accept two arguments:
-
-* `data` - A dictionary containing all of the variable data passed via the web form.
-* `commit` - A boolean indicating whether database changes will be committed.
-
-!!! note
-    The `commit` argument was introduced in NetBox v2.7.8. Backward compatibility is maintained for scripts which accept only the `data` argument, however moving forward scripts should accept both arguments.
-
-Defining variables is optional: You may create a script with only a `run()` method if no user input is needed.
-
-Returning output from your script is optional. Any raw output generated by the script will be displayed under the "output" tab in the UI.
-
-## Module Attributes
-
-### `name`
-
-You can define `name` within a script module (the Python file which contains one or more scripts) to set the module name. If `name` is not defined, the filename will be used.
-
-## Script Attributes
-
-Script attributes are defined under a class named `Meta` within the script. These are optional, but encouraged.
-
-### `name`
-
-This is the human-friendly names of your script. If omitted, the class name will be used.
-
-### `description`
-
-A human-friendly description of what your script does.
-
-### `field_order`
-
-A list of field names indicating the order in which the form fields should appear. This is optional, and should not be required on Python 3.6 and above. For example:
-
-```
-field_order = ['var1', 'var2', 'var3']
-```
-
-### `commit_default`
-
-The checkbox to commit database changes when executing a script is checked by default. Set `commit_default` to False under the script's Meta class to leave this option unchecked by default.
-
-```
-commit_default = False
-```
-
-## Accessing Request Data
-
-Details of the current HTTP request (the one being made to execute the script) are available as the instance attribute `self.request`. This can be used to infer, for example, the user executing the script and the client IP address:
-
-```python
-username = self.request.user.username
-ip_address = self.request.META.get('HTTP_X_FORWARDED_FOR') or self.request.META.get('REMOTE_ADDR')
-self.log_info("Running as user {} (IP: {})...".format(username, ip_address))
-```
-
-For a complete list of available request parameters, please see the [Django documentation](https://docs.djangoproject.com/en/stable/ref/request-response/).
-
-## Reading Data from Files
-
-The Script class provides two convenience methods for reading data from files:
-
-* `load_yaml`
-* `load_json`
-
-These two methods will load data in YAML or JSON format, respectively, from files within the local path (i.e. `SCRIPTS_ROOT`).
-
-## Logging
-
-The Script object provides a set of convenient functions for recording messages at different severity levels:
-
-* `log_debug`
-* `log_success`
-* `log_info`
-* `log_warning`
-* `log_failure`
-
-Log messages are returned to the user upon execution of the script. Markdown rendering is supported for log messages.
-
-## Variable Reference
-
-### StringVar
-
-Stores a string of characters (i.e. a line of text). Options include:
-
-* `min_length` - Minimum number of characters
-* `max_length` - Maximum number of characters
-* `regex` - A regular expression against which the provided value must match
-
-Note: `min_length` and `max_length` can be set to the same number to effect a fixed-length field.
-
-### TextVar
-
-Arbitrary text of any length. Renders as multi-line text input field.
-
-### IntegerVar
-
-Stored a numeric integer. Options include:
-
-* `min_value` - Minimum value
-* `max_value` - Maximum value
-
-### BooleanVar
-
-A true/false flag. This field has no options beyond the defaults.
-
-### ChoiceVar
-
-A set of choices from which the user can select one.
-
-* `choices` - A list of `(value, label)` tuples representing the available choices. For example:
-
-```python
-CHOICES = (
-    ('n', 'North'),
-    ('s', 'South'),
-    ('e', 'East'),
-    ('w', 'West')
-)
-
-direction = ChoiceVar(choices=CHOICES)
-```
-
-### ObjectVar
-
-A NetBox object. The list of available objects is defined by the queryset parameter. Each instance of this variable is limited to a single object type.
-
-* `queryset` - A [Django queryset](https://docs.djangoproject.com/en/stable/topics/db/queries/)
-
-### FileVar
-
-An uploaded file. Note that uploaded files are present in memory only for the duration of the script's execution: They will not be save for future use.
-
-### IPAddressVar
-
-An IPv4 or IPv6 address, without a mask. Returns a `netaddr.IPAddress` object.
-
-### IPAddressWithMaskVar
-
-An IPv4 or IPv6 address with a mask. Returns a `netaddr.IPNetwork` object which includes the mask.
-
-### IPNetworkVar
-
-An IPv4 or IPv6 network with a mask. Returns a `netaddr.IPNetwork` object. Two attributes are available to validate the provided mask:
-
-* `min_prefix_length` - Minimum length of the mask (default: none)
-* `max_prefix_length` - Maximum length of the mask (default: none)
-
-### Default Options
-
-All variables support the following default options:
-
-* `default` - The field's default value
-* `description` - A brief description of the field
-* `label` - The name of the form field
-* `required` - Indicates whether the field is mandatory (default: true)
-* `widget` - The class of form widget to use (see the [Django documentation](https://docs.djangoproject.com/en/stable/ref/forms/widgets/))
-
-## Example
-
-Below is an example script that creates new objects for a planned site. The user is prompted for three variables:
-
-* The name of the new site
-* The device model (a filtered list of defined device types)
-* The number of access switches to create
-
-These variables are presented as a web form to be completed by the user. Once submitted, the script's `run()` method is called to create the appropriate objects.
-
-```
-from django.utils.text import slugify
-
-from dcim.choices import DeviceStatusChoices, SiteStatusChoices
-from dcim.models import Device, DeviceRole, DeviceType, Site
-from extras.scripts import *
-
-
-class NewBranchScript(Script):
-
-    class Meta:
-        name = "New Branch"
-        description = "Provision a new branch site"
-        field_order = ['site_name', 'switch_count', 'switch_model']
-
-    site_name = StringVar(
-        description="Name of the new site"
-    )
-    switch_count = IntegerVar(
-        description="Number of access switches to create"
-    )
-    switch_model = ObjectVar(
-        description="Access switch model",
-        queryset = DeviceType.objects.filter(
-            manufacturer__name='Cisco',
-            model__in=['Catalyst 3560X-48T', 'Catalyst 3750X-48T']
-        )
-    )
-
-    def run(self, data, commit):
-
-        # Create the new site
-        site = Site(
-            name=data['site_name'],
-            slug=slugify(data['site_name']),
-            status=SiteStatusChoices.STATUS_PLANNED
-        )
-        site.save()
-        self.log_success("Created new site: {}".format(site))
-
-        # Create access switches
-        switch_role = DeviceRole.objects.get(name='Access Switch')
-        for i in range(1, data['switch_count'] + 1):
-            switch = Device(
-                device_type=data['switch_model'],
-                name='{}-switch{}'.format(site.slug, i),
-                site=site,
-                status=DeviceStatusChoices.STATUS_PLANNED,
-                device_role=switch_role
-            )
-            switch.save()
-            self.log_success("Created new switch: {}".format(switch))
-
-        # Generate a CSV table of new devices
-        output = [
-            'name,make,model'
-        ]
-        for switch in Device.objects.filter(site=site):
-            attrs = [
-                switch.name,
-                switch.device_type.manufacturer.name,
-                switch.device_type.model
-            ]
-            output.append(','.join(attrs))
-
-        return '\n'.join(output)
-```

docs/additional-features/export-templates.md

@@ -1,52 +0,0 @@
-# Export Templates
-
-NetBox allows users to define custom templates that can be used when exporting objects. To create an export template, navigate to Extras > Export Templates under the admin interface.
-
-Each export template is associated with a certain type of object. For instance, if you create an export template for VLANs, your custom template will appear under the "Export" button on the VLANs list.
-
-Export templates are written in [Django's template language](https://docs.djangoproject.com/en/stable/ref/templates/language/), which is very similar to Jinja2. The list of objects returned from the database is stored in the `queryset` variable, which you'll typically want to iterate through using a `for` loop. Object properties can be access by name. For example:
-
-```
-{% for rack in queryset %}
-Rack: {{ rack.name }}
-Site: {{ rack.site.name }}
-Height: {{ rack.u_height }}U
-{% endfor %}
-```
-
-To access custom fields of an object within a template, use the `cf` attribute. For example, `{{ obj.cf.color }}` will return the value (if any) for a custom field named `color` on `obj`.
-
-A MIME type and file extension can optionally be defined for each export template. The default MIME type is `text/plain`.
-
-## Example
-
-Here's an example device export template that will generate a simple Nagios configuration from a list of devices.
-
-```
-{% for device in queryset %}{% if device.status and device.primary_ip %}define host{
-        use                     generic-switch
-        host_name               {{ device.name }}
-        address                 {{ device.primary_ip.address.ip }}
-}
-{% endif %}{% endfor %}
-```
-
-The generated output will look something like this:
-
-```
-define host{
-        use                     generic-switch
-        host_name               switch1
-        address                 192.0.2.1
-}
-define host{
-        use                     generic-switch
-        host_name               switch2
-        address                 192.0.2.2
-}
-define host{
-        use                     generic-switch
-        host_name               switch3
-        address                 192.0.2.3
-}
-```

docs/additional-features/graphs.md

@@ -1,30 +0,0 @@
-# Graphs
-
-NetBox does not have the ability to generate graphs natively, but this feature allows you to embed contextual graphs from an external resources (such as a monitoring system) inside the site, provider, and interface views. Each embedded graph must be defined with the following parameters:
-
-* **Type:** Site, device, provider, or interface. This determines in which view the graph will be displayed.
-* **Weight:** Determines the order in which graphs are displayed (lower weights are displayed first). Graphs with equal weights will be ordered alphabetically by name.
-* **Name:** The title to display above the graph.
-* **Source URL:** The source of the image to be embedded. The associated object will be available as a template variable named `obj`.
-* **Link URL (optional):** A URL to which the graph will be linked. The associated object will be available as a template variable named `obj`.
-
-Graph names and links can be rendered using the Django or Jinja2 template languages.
-
-!!! warning
-    Support for the Django templating language will be removed in NetBox v2.8. Jinja2 is recommended.
-
-## Examples
-
-You only need to define one graph object for each graph you want to include when viewing an object. For example, if you want to include a graph of traffic through an interface over the past five minutes, your graph source might looks like this:
-
-```
-https://my.nms.local/graphs/?node={{ obj.device.name }}&interface={{ obj.name }}&duration=5m
-```
-
-You can define several graphs to provide multiple contexts when viewing an object. For example:
-
-```
-https://my.nms.local/graphs/?type=throughput&node={{ obj.device.name }}&interface={{ obj.name }}&duration=60m
-https://my.nms.local/graphs/?type=throughput&node={{ obj.device.name }}&interface={{ obj.name }}&duration=24h
-https://my.nms.local/graphs/?type=errors&node={{ obj.device.name }}&interface={{ obj.name }}&duration=60m
-```

docs/additional-features/napalm.md

@@ -1,65 +0,0 @@
-# NAPALM
-
-NetBox supports integration with the [NAPALM automation](https://napalm-automation.net/) library. NAPALM allows NetBox to fetch live data from devices and return it to a requester via its REST API.
-
-!!! info
-    To enable the integration, the NAPALM library must be installed. See [installation steps](../../installation/3-netbox/#napalm-automation-optional) for more information.
-
-```
-GET /api/dcim/devices/1/napalm/?method=get_environment
-
-{
-    "get_environment": {
-        ...
-    }
-}
-```
-
-## Authentication
-
-By default, the [`NAPALM_USERNAME`](../../configuration/optional-settings/#napalm_username) and [`NAPALM_PASSWORD`](../../configuration/optional-settings/#napalm_password) are used for NAPALM authentication. They can be overridden for an individual API call through the `X-NAPALM-Username` and `X-NAPALM-Password` headers.
-
-```
-$ curl "http://localhost/api/dcim/devices/1/napalm/?method=get_environment" \
--H "Authorization: Token f4b378553dacfcfd44c5a0b9ae49b57e29c552b5" \
--H "Content-Type: application/json" \
--H "Accept: application/json; indent=4" \
--H "X-NAPALM-Username: foo" \
--H "X-NAPALM-Password: bar"
-```
-
-## Method Support
-
-The list of supported NAPALM methods depends on the [NAPALM driver](https://napalm.readthedocs.io/en/latest/support/index.html#general-support-matrix) configured for the platform of a device. NetBox only supports [get](https://napalm.readthedocs.io/en/latest/support/index.html#getters-support-matrix) methods.
-
-## Multiple Methods
-
-More than one method in an API call can be invoked by adding multiple `method` parameters. For example:
-
-```
-GET /api/dcim/devices/1/napalm/?method=get_ntp_servers&method=get_ntp_peers
-
-{
-    "get_ntp_servers": {
-        ...
-    },
-    "get_ntp_peers": {
-        ...
-    }
-}
-```
-
-## Optional Arguments
-
-The behavior of NAPALM drivers can be adjusted according to the [optional arguments](https://napalm.readthedocs.io/en/latest/support/index.html#optional-arguments). NetBox exposes those arguments using headers prefixed with `X-NAPALM-`.
-
-
-For instance, the SSH port is changed to 2222 in this API call:
-
-```
-$ curl "http://localhost/api/dcim/devices/1/napalm/?method=get_environment" \
--H "Authorization: Token f4b378553dacfcfd44c5a0b9ae49b57e29c552b5" \
--H "Content-Type: application/json" \
--H "Accept: application/json; indent=4" \
--H "X-NAPALM-port: 2222"
-```

docs/additional-features/prometheus-metrics.md

@@ -1,34 +0,0 @@
-# Prometheus Metrics
-
-NetBox supports optionally exposing native Prometheus metrics from the application. [Prometheus](https://prometheus.io/) is a popular time series metric platform used for monitoring.
-
-NetBox exposes metrics at the `/metrics` HTTP endpoint, e.g. `https://netbox.local/metrics`. Metric exposition can be toggled with the `METRICS_ENABLED` configuration setting. Metrics are not exposed by default.
-
-## Metric Types
-
-NetBox makes use of the [django-prometheus](https://github.com/korfuri/django-prometheus) library to export a number of different types of metrics, including:
-
-- Per model insert, update, and delete counters
-- Per view request counters
-- Per view request latency histograms
-- Request body size histograms
-- Response body size histograms
-- Response code counters
-- Database connection, execution, and error counters
-- Cache hit, miss, and invalidation counters
-- Django middleware latency histograms
-- Other Django related metadata metrics
-
-For the exhaustive list of exposed metrics, visit the `/metrics` endpoint on your NetBox instance.
-
-## Multi Processing Notes
-
-When deploying NetBox in a multiprocess mannor--such as using Gunicorn as recomented in the installation docs--the Prometheus client library requires the use of a shared directory
-to collect metrics from all the worker processes. This can be any arbitrary directory to which the processes have read/write access. This directory is then made available by use of the
-`prometheus_multiproc_dir` environment variable.
-
-This can be setup by first creating a shared directory and then adding this line (with the appropriate directory) to the `[program:netbox]` section of the supervisor config file.
-
-```
-environment=prometheus_multiproc_dir=/tmp/prometheus_metrics
-```

docs/additional-features/reports.md

@@ -1,133 +0,0 @@
-# NetBox Reports
-
-A NetBox report is a mechanism for validating the integrity of data within NetBox. Running a report allows the user to verify that the objects defined within NetBox meet certain arbitrary conditions. For example, you can write reports to check that:
-
-* All top-of-rack switches have a console connection
-* Every router has a loopback interface with an IP address assigned
-* Each interface description conforms to a standard format
-* Every site has a minimum set of VLANs defined
-* All IP addresses have a parent prefix
-
-...and so on. Reports are completely customizable, so there's practically no limit to what you can test for.
-
-## Writing Reports
-
-Reports must be saved as files in the [`REPORTS_ROOT`](../../configuration/optional-settings/#reports_root) path (which defaults to `netbox/reports/`). Each file created within this path is considered a separate module. Each module holds one or more reports (Python classes), each of which performs a certain function. The logic of each report is broken into discrete test methods, each of which applies a small portion of the logic comprising the overall test.
-
-!!! warning
-    The reports path includes a file named `__init__.py`, which registers the path as a Python module. Do not delete this file.
-
-For example, we can create a module named `devices.py` to hold all of our reports which pertain to devices in NetBox. Within that module, we might define several reports. Each report is defined as a Python class inheriting from `extras.reports.Report`.
-
-```
-from extras.reports import Report
-
-class DeviceConnectionsReport(Report):
-    description = "Validate the minimum physical connections for each device"
-
-class DeviceIPsReport(Report):
-    description = "Check that every device has a primary IP address assigned"
-```
-
-Within each report class, we'll create a number of test methods to execute our report's logic. In DeviceConnectionsReport, for instance, we want to ensure that every live device has a console connection, an out-of-band management connection, and two power connections.
-
-```
-from dcim.choices import DeviceStatusChoices
-from dcim.constants import CONNECTION_STATUS_PLANNED
-from dcim.models import ConsolePort, Device, PowerPort
-from extras.reports import Report
-
-
-class DeviceConnectionsReport(Report):
-    description = "Validate the minimum physical connections for each device"
-
-    def test_console_connection(self):
-
-        # Check that every console port for every active device has a connection defined.
-        active = DeviceStatusChoices.STATUS_ACTIVE
-        for console_port in ConsolePort.objects.prefetch_related('device').filter(device__status=active):
-            if console_port.connected_endpoint is None:
-                self.log_failure(
-                    console_port.device,
-                    "No console connection defined for {}".format(console_port.name)
-                )
-            elif console_port.connection_status == CONNECTION_STATUS_PLANNED:
-                self.log_warning(
-                    console_port.device,
-                    "Console connection for {} marked as planned".format(console_port.name)
-                )
-            else:
-                self.log_success(console_port.device)
-
-    def test_power_connections(self):
-
-        # Check that every active device has at least two connected power supplies.
-        for device in Device.objects.filter(status=DeviceStatusChoices.STATUS_ACTIVE):
-            connected_ports = 0
-            for power_port in PowerPort.objects.filter(device=device):
-                if power_port.connected_endpoint is not None:
-                    connected_ports += 1
-                    if power_port.connection_status == CONNECTION_STATUS_PLANNED:
-                        self.log_warning(
-                            device,
-                            "Power connection for {} marked as planned".format(power_port.name)
-                        )
-            if connected_ports < 2:
-                self.log_failure(
-                    device,
-                    "{} connected power supplies found (2 needed)".format(connected_ports)
-                )
-            else:
-                self.log_success(device)
-```
-
-As you can see, reports are completely customizable. Validation logic can be as simple or as complex as needed.
-
-!!! warning
-    Reports should never alter data: If you find yourself using the `create()`, `save()`, `update()`, or `delete()` methods on objects within reports, stop and re-evaluate what you're trying to accomplish. Note that there are no safeguards against the accidental alteration or destruction of data.
-
-The following methods are available to log results within a report:
-
-* log(message)
-* log_success(object, message=None)
-* log_info(object, message)
-* log_warning(object, message)
-* log_failure(object, message)
-
-The recording of one or more failure messages will automatically flag a report as failed. It is advised to log a success for each object that is evaluated so that the results will reflect how many objects are being reported on. (The inclusion of a log message is optional for successes.) Messages recorded with `log()` will appear in a report's results but are not associated with a particular object or status.
-
-To perform additional tasks, such as sending an email or calling a webhook, after a report has been run, extend the `post_run()` method. The status of the report is available as `self.failed` and the results object is `self.result`.
-
-Once you have created a report, it will appear in the reports list. Initially, reports will have no results associated with them. To generate results, run the report.
-
-## Running Reports
-
-### Via the Web UI
-
-Reports can be run via the web UI by navigating to the report and clicking the "run report" button at top right. Note that a user must have permission to create ReportResults in order to run reports. (Permissions can be assigned through the admin UI.)
-
-Once a report has been run, its associated results will be included in the report view.
-
-### Via the API
-
-To run a report via the API, simply issue a POST request to its `run` endpoint. Reports are identified by their module and class name.
-
-```
-    POST /api/extras/reports/<module>.<name>/run/
-```
-
-Our example report above would be called as:
-
-```
-    POST /api/extras/reports/devices.DeviceConnectionsReport/run/
-```
-
-### Via the CLI
-
-Reports can be run on the CLI by invoking the management command:
-
-```
-python3 manage.py runreport <module>
-```
-
-where ``<module>`` is the name of the python file in the ``reports`` directory without the ``.py`` extension.  One or more report modules may be specified.

docs/additional-features/tags.md

@@ -1,3 +0,0 @@
-# Tagging
-
-{!docs/models/extras/tag.md!}

docs/additional-features/webhooks.md

@@ -1,106 +0,0 @@
-# Webhooks
-
-A webhook is a mechanism for conveying to some external system a change that took place in NetBox. For example, you may want to notify a monitoring system whenever a device status is changed in NetBox. This can be done by creating a webhook for the device model in NetBox. When NetBox detects a change to a device, an HTTP request containing the details of the change and who made it be sent to the specified receiver. Webhooks are configured in the admin UI under Extras > Webhooks.
-
-## Configuration
-
-* **Name** - A unique name for the webhook. The name is not included with outbound messages.
-* **Object type(s)** - The type or types of NetBox object that will trigger the webhook.
-* **Enabled** - If unchecked, the webhook will be inactive.
-* **Events** - A webhook may trigger on any combination of create, update, and delete events. At least one event type must be selected.
-* **HTTP method** - The type of HTTP request to send. Options include GET, POST, PUT, PATCH, and DELETE.
-* **URL** - The fuly-qualified URL of the request to be sent. This may specify a destination port number if needed.
-* **HTTP content type** - The value of the request's `Content-Type` header. (Defaults to `application/json`)
-* **Additional headers** - Any additional headers to include with the request (optional). Add one header per line in the format `Name: Value`. Jinja2 templating is supported for this field (see below).
-* **Body template** - The content of the request being sent (optional). Jinja2 templating is supported for this field (see below). If blank, NetBox will populate the request body with a raw dump of the webhook context. (If the HTTP cotent type is set to `application/json`, this will be formatted as a JSON object.)
-* **Secret** - A secret string used to prove authenticity of the request (optional). This will append a `X-Hook-Signature` header to the request, consisting of a HMAC (SHA-512) hex digest of the request body using the secret as the key.
-* **SSL verification** - Uncheck this option to disable validation of the receiver's SSL certificate. (Disable with caution!)
-* **CA file path** - The file path to a particular certificate authority (CA) file to use when validating the receiver's SSL certificate (optional).
-
-## Jinja2 Template Support
-
-[Jinja2 templating](https://jinja.palletsprojects.com/) is supported for the `additional_headers` and `body_template` fields. This enables the user to convey change data in the request headers as well as to craft a customized request body. Request content can be crafted to enable the direct interaction with external systems by ensuring the outgoing message is in a format the receiver expects and understands.
-
-For example, you might create a NetBox webhook to [trigger a Slack message](https://api.slack.com/messaging/webhooks) any time an IP address is created. You can accomplish this using the following configuration:
-
-* Object type: IPAM > IP address
-* HTTP method: POST
-* URL: <Slack incoming webhook URL>
-* HTTP content type: `application/json`
-* Body template: `{"text": "IP address {{ data['address'] }} was created by {{ username }}!"}`
-
-### Available Context
-
-The following data is available as context for Jinja2 templates:
-
-* `event` - The type of event which triggered the webhook: created, updated, or deleted.
-* `model` - The NetBox model which triggered the change.
-* `timestamp` - The time at which the event occurred (in [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) format).
-* `username` - The name of the user account associated with the change.
-* `request_id` - The unique request ID. This may be used to correlate multiple changes associated with a single request.
-* `data` - A serialized representation of the object _after_ the change was made. This is typically equivalent to the model's representation in NetBox's REST API.
-
-### Default Request Body
-
-If no body template is specified, the request body will be populated with a JSON object containing the context data. For example, a newly created site might appear as follows:
-
-```no-highlight
-{
-    "event": "created",
-    "timestamp": "2020-02-25 15:10:26.010582+00:00",
-    "model": "site",
-    "username": "jstretch",
-    "request_id": "fdbca812-3142-4783-b364-2e2bd5c16c6a",
-    "data": {
-        "id": 19,
-        "name": "Site 1",
-        "slug": "site-1",
-        "status": 
-            "value": "active",
-            "label": "Active",
-            "id": 1
-        },
-        "region": null,
-        ...
-    }
-}
-```
-
-## Webhook Processing
-
-When a change is detected, any resulting webhooks are placed into a Redis queue for processing. This allows the user's request to complete without needing to wait for the outgoing webhook(s) to be processed. The webhooks are then extracted from the queue by the `rqworker` process and HTTP requests are sent to their respective destinations. The current webhook queue and any failed webhooks can be inspected in the admin UI under Django RQ > Queues.
-
-A request is considered successful if the response has a 2XX status code; otherwise, the request is marked as having failed. Failed requests may be retried manually via the admin UI.
-
-## Troubleshooting
-
-To assist with verifying that the content of outgoing webhooks is rendered correctly, NetBox provides a simple HTTP listener that can be run locally to receive and display webhook requests. First, modify the target URL of the desired webhook to `http://localhost:9000/`. This will instruct NetBox to send the request to the local server on TCP port 9000. Then, start the webhook receiver service from the NetBox root directory:
-
-```no-highlight
-$ python netbox/manage.py webhook_receiver
-Listening on port http://localhost:9000. Stop with CONTROL-C.
-```
-
-You can test the receiver itself by sending any HTTP request to it. For example:
-
-```no-highlight
-$ curl -X POST http://localhost:9000 --data '{"foo": "bar"}'
-```
-
-The server will print output similar to the following:
-
-```no-highlight
-[1] Tue, 07 Apr 2020 17:44:02 GMT 127.0.0.1 "POST / HTTP/1.1" 200 -
-Host: localhost:9000
-User-Agent: curl/7.58.0
-Accept: */*
-Content-Length: 14
-Content-Type: application/x-www-form-urlencoded
-
-{"foo": "bar"}
-------------
-```
-
-Note that `webhook_receiver` does not actually _do_ anything with the information received: It merely prints the request headers and body for inspection.
-
-Now, when the NetBox webhook is triggered and processed, you should see its headers and content appear in the terminal where the webhook receiver is listening. If you don't, check that the `rqworker` process is running and that webhook events are being placed into the queue (visible under the NetBox admin UI).

docs/administration/authentication/google.md

@@ -0,0 +1,52 @@
+# Google
+
+This guide explains how to configure single sign-on (SSO) support for NetBox using [Google OAuth2](https://developers.google.com/identity/protocols/oauth2/web-server) as an authentication backend.
+
+## Google OAuth2 Configuration
+
+1. Log into [console.cloud.google.com](https://console.cloud.google.com/).
+2. Create new project for NetBox.
+3. Under "APIs and Services" click "OAuth consent screen" and enter the required information.
+4. Under "Credentials," click "Create Credentials" and select "OAuth 2.0 Client ID." Select type "Web application."
+    - "Authorized JavaScript origins" should follow the format `http[s]://<netbox>[:<port>]`
+    - "Authorized redirect URIs" should follow the format `http[s]://<netbox>[:<port>]/oauth/complete/google-oauth2/`
+5. Copy the "Client ID" and "Client Secret" values somewhere convenient.
+
+!!! note
+    Google requires the NetBox hostname to use a public top-level-domain (e.g. `.com`, `.net`). The use of IP addresses is not permitted (except `127.0.0.1`).
+
+For more information, consult [Google's documentation](https://developers.google.com/identity/protocols/oauth2/web-server#prerequisites).
+
+## NetBox Configuration
+
+### 1. Enter configuration parameters
+
+Enter the following configuration parameters in `configuration.py`, substituting your own values:
+
+```python
+REMOTE_AUTH_BACKEND = 'social_core.backends.google.GoogleOAuth2'
+SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '{CLIENT_ID}'
+SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = '{CLIENT_SECRET}'
+```
+
+### 2. Restart NetBox
+
+Restart the NetBox services so that the new configuration takes effect. This is typically done with the command below:
+
+```no-highlight
+sudo systemctl restart netbox
+```
+
+## Testing
+
+Log out of NetBox if already authenticated, and click the "Log In" button at top right. You should see the normal login form as well as an option to authenticate using Google. Click that link.
+
+![NetBox Google login form](../../media/authentication/netbox_google_login.png)
+
+You should be redirected to Google's authentication portal. Enter the username/email and password of your test account to continue. You may also be prompted to grant this application access to your account.
+
+![NetBox Google login form](../../media/authentication/google_login_portal.png)
+
+If successful, you will be redirected back to the NetBox UI, and will be logged in as the Google user. You can verify this by navigating to your profile (using the button at top right).
+
+This user account has been replicated locally to NetBox, and can now be assigned groups and permissions.

docs/administration/authentication/microsoft-entra-id.md

@@ -0,0 +1,88 @@
+# Microsoft Entra ID
+
+This guide explains how to configure single sign-on (SSO) support for NetBox using [Microsoft Entra ID](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id) as an authentication backend.
+
+## Entra ID Configuration
+
+### 1. Create a test user (optional)
+
+Create a new user in AD to be used for testing. You can skip this step if you already have a suitable account created.
+
+### 2. Create an app registration
+
+Under the Azure Active Directory dashboard, navigate to **Add > App registration**.
+
+![Add an app registration](../../media/authentication/azure_ad_add_app_registration.png)
+
+Enter a name for the registration (e.g. "NetBox") and ensure that the "single tenant" option is selected.
+
+Under "Redirect URI", select "Web" for the platform and enter the path to your NetBox installation, ending with `/oauth/complete/azuread-oauth2/`. Note that this URI **must** begin with `https://` unless you are referencing localhost (for development purposes).
+
+![App registration parameters](../../media/authentication/azure_ad_app_registration.png)
+
+Once finished, make note of the application (client) ID; this will be used when configuring NetBox.
+
+![Completed app registration](../../media/authentication/azure_ad_app_registration_created.png)
+
+!!! tip "Multitenant authentication"
+    NetBox also supports multitenant authentication via Azure AD, however it requires a different backend and an additional configuration parameter. Please see the [`python-social-auth` documentation](https://python-social-auth.readthedocs.io/en/latest/backends/azuread.html#tenant-support) for details concerning multitenant authentication.
+
+### 3. Create a secret
+
+When viewing the newly-created app registration, click the "Add a certificate or secret" link under "Client credentials". Under the "Client secrets" tab, click the "New client secret" button.
+
+![Add a client secret](../../media/authentication/azure_ad_add_client_secret.png)
+
+You can optionally specify a description and select a lifetime for the secret.
+
+![Client secret parameters](../../media/authentication/azure_ad_client_secret.png)
+
+Once finished, make note of the secret value (not the secret ID); this will be used when configuring NetBox.
+
+![Client secret parameters](../../media/authentication/azure_ad_client_secret_created.png)
+
+## NetBox Configuration
+
+### 1. Enter configuration parameters
+
+Enter the following configuration parameters in `configuration.py`, substituting your own values:
+
+```python
+REMOTE_AUTH_BACKEND = 'social_core.backends.azuread.AzureADOAuth2'
+SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = '{APPLICATION_ID}'
+SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET = '{SECRET_VALUE}'
+```
+
+### 2. Restart NetBox
+
+Restart the NetBox services so that the new configuration takes effect. This is typically done with the command below:
+
+```no-highlight
+sudo systemctl restart netbox
+```
+
+## Testing
+
+Log out of NetBox if already authenticated, and click the "Log In" button at top right. You should see the normal login form as well as an option to authenticate using Azure AD. Click that link.
+
+![NetBox Azure AD login form](../../media/authentication/netbox_azure_ad_login.png)
+
+You should be redirected to Microsoft's authentication portal. Enter the username/email and password of your test account to continue. You may also be prompted to grant this application access to your account.
+
+![NetBox Azure AD login form](../../media/authentication/azure_ad_login_portal.png)
+
+If successful, you will be redirected back to the NetBox UI, and will be logged in as the AD user. You can verify this by navigating to your profile (using the button at top right).
+
+This user account has been replicated locally to NetBox, and can now be assigned groups and permissions.
+
+## Troubleshooting
+
+### Redirect URI does not Match
+
+Azure requires that the authenticating client request a redirect URI that matches what you've configured for the app in step two. This URI **must** begin with `https://` (unless using `localhost` for the domain).
+
+If Azure complains that the requested URI starts with `http://` (not HTTPS), it's likely that your HTTP server is misconfigured or sitting behind a load balancer, so NetBox is not aware that HTTPS is being use. To force the use of an HTTPS redirect URI, set `SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` in `configuration.py` per the [python-social-auth docs](https://python-social-auth.readthedocs.io/en/latest/configuration/settings.html#processing-redirects-and-urlopen).
+
+### Not Logged in After Authenticating
+
+If you are redirected to the NetBox UI after authenticating successfully, but are _not_ logged in, double-check the configured backend and app registration. The instructions in this guide pertain only to the `azuread.AzureADOAuth2` backend using a single-tenant app registration.

docs/administration/authentication/okta.md

@@ -0,0 +1,70 @@
+# Okta
+
+This guide explains how to configure single sign-on (SSO) support for NetBox using [Okta](https://www.okta.com/) as an authentication backend.
+
+## Okta Configuration
+
+!!! tip "Okta developer account"
+    Okta offers free developer accounts at <https://developer.okta.com/>.
+
+### 1. Create a test user (optional)
+
+Create a new user in the Okta admin portal to be used for testing. You can skip this step if you already have a suitable account created.
+
+### 2. Create an app registration
+
+Within the Okta administration dashboard, navigate to  **Applications > Applications**, and click the "Create App Integration" button. Select "OIDC" as the sign-in method, and "Web application" for the application type.
+
+![Create an app registration](../../media/authentication/okta_create_app_registration.png)
+
+On the next page, give the app integration a name (e.g. "NetBox") and specify the sign-in and sign-out URIs. These URIs should follow the formats below:
+
+* Sign-in URI: `https://{netbox}/oauth/complete/okta-openidconnect/`
+* Sign-out URI: `https://{netbox}/oauth/disconnect/okta-openidconnect/`
+
+![Web app integration](../../media/authentication/okta_web_app_integration.png)
+
+Under "Assignments," select the controlled access setting most appropriate for your organization. Click "Save" to complete the creation.
+
+Once finished, note the following parameters. These will be used to configured NetBox.
+
+* Client ID
+* Client secret
+* Okta domain
+
+![Okta integration parameters](../../media/authentication/okta_integration_parameters.png)
+
+## NetBox Configuration
+
+### 1. Enter configuration parameters
+
+Enter the following configuration parameters in `configuration.py`, substituting your own values:
+
+```python
+REMOTE_AUTH_BACKEND = 'social_core.backends.okta_openidconnect.OktaOpenIdConnect'
+SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY = '{Client ID}'
+SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET = '{Client secret}'
+SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL = 'https://{Okta domain}/oauth2/'
+```
+
+### 2. Restart NetBox
+
+Restart the NetBox services so that the new configuration takes effect. This is typically done with the command below:
+
+```no-highlight
+sudo systemctl restart netbox
+```
+
+## Testing
+
+Log out of NetBox if already authenticated, and click the "Log In" button at top right. You should see the normal login form as well as an option to authenticate using Okta. Click that link.
+
+![NetBox Okta login form](../../media/authentication/netbox_okta_login.png)
+
+You should be redirected to Okta's authentication portal. Enter the username/email and password of your test account to continue. You may also be prompted to grant this application access to your account.
+
+![Okta login portal](../../media/authentication/okta_login_portal.png)
+
+If successful, you will be redirected back to the NetBox UI, and will be logged in as the Okta user. You can verify this by navigating to your profile (using the button at top right).
+
+This user account has been replicated locally to NetBox, and can now be assigned groups and permissions.

docs/administration/authentication/overview.md

@@ -0,0 +1,61 @@
+# Authentication
+
+## Local Authentication
+
+Local user accounts and groups can be created in NetBox under the "Authentication" section in the "Admin" menu. This section is available only to users with the "staff" permission enabled.
+
+At a minimum, each user account must have a username and password set. User accounts may also denote a first name, last name, and email address. [Permissions](../permissions.md) may also be assigned to individual users and/or groups as needed.
+
+## Remote Authentication
+
+NetBox may be configured to provide user authenticate via a remote backend in addition to local authentication. This is done by setting the `REMOTE_AUTH_BACKEND` configuration parameter to a suitable backend class. NetBox provides several options for remote authentication.
+
+### LDAP Authentication
+
+```python
+REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'
+```
+
+NetBox includes an authentication backend which supports LDAP. See the [LDAP installation docs](../../installation/6-ldap.md) for more detail about this backend.
+
+### HTTP Header Authentication
+
+```python
+REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
+```
+
+Another option for remote authentication in NetBox is to enable HTTP header-based user assignment. The front end HTTP server (e.g. nginx or Apache) performs client authentication as a process external to NetBox, and passes information about the authenticated user via HTTP headers. By default, the user is assigned via the `REMOTE_USER` header, but this can be customized via the `REMOTE_AUTH_HEADER` configuration parameter.
+
+Optionally, user profile information can be supplied by `REMOTE_USER_FIRST_NAME`, `REMOTE_USER_LAST_NAME` and `REMOTE_USER_EMAIL` headers. These are saved to the user's profile during the authentication process. These headers can be customized like the `REMOTE_USER` header.
+
+!!! warning Verify Header Compatibility
+    Some WSGI servers may drop headers which contain unsupported characters. For instance, gunicorn v22.0 and later silently drops HTTP headers containing underscores. This behavior can be disabled by changing gunicorn's [`header_map`](https://docs.gunicorn.org/en/stable/settings.html#header-map) setting to `dangerous`.
+
+### Single Sign-On (SSO)
+
+```python
+REMOTE_AUTH_BACKEND = 'social_core.backends.google.GoogleOAuth2'
+```
+
+NetBox supports single sign-on authentication via the [python-social-auth](https://github.com/python-social-auth) library. To enable SSO, specify the path to the desired authentication backend within the `social_core` Python package. Please see the complete list of [supported authentication backends](https://github.com/python-social-auth/social-core/tree/master/social_core/backends) for the available options.
+
+Most remote authentication backends require some additional configuration through settings prefixed with `SOCIAL_AUTH_`. These will be automatically imported from NetBox's `configuration.py` file. Additionally, the [authentication pipeline](https://python-social-auth.readthedocs.io/en/latest/pipeline.html) can be customized via the `SOCIAL_AUTH_PIPELINE` parameter. (NetBox's default pipeline is defined in `netbox/settings.py` for your reference.)
+
+#### Configuring the SSO module's appearance
+
+The way a remote authentication backend is displayed to the user on the login
+page may be adjusted via the `SOCIAL_AUTH_BACKEND_ATTRS` parameter, defaulting
+to an empty dictionary. This dictionary maps a `social_core` module's name (ie.
+`REMOTE_AUTH_BACKEND.name`) to a couple of parameters, `(display_name, icon)`.
+
+The `display_name` is the name displayed to the user on the login page. The
+icon may either be the URL of an icon; refer to a [Material Design
+Icons](https://github.com/google/material-design-icons) icon's name; or be
+`None` for no icon.
+
+For instance, the OIDC backend may be customized with
+```python
+SOCIAL_AUTH_BACKEND_ATTRS = {
+    'oidc': ("My awesome SSO", "login"),
+}
+```

docs/administration/error-reporting.md

@@ -0,0 +1,34 @@
+# Error Reporting
+
+## Sentry
+
+### Enabling Error Reporting
+
+NetBox supports native integration with [Sentry](https://sentry.io/) for automatic error reporting. To enable this functionality, set `SENTRY_ENABLED` to True and define your unique [data source name (DSN)](https://docs.sentry.io/product/sentry-basics/concepts/dsn-explainer/) in `configuration.py`.
+
+```python
+SENTRY_ENABLED = True
+SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
+```
+
+Setting `SENTRY_ENABLED` to False will disable the Sentry integration.
+
+### Assigning Tags
+
+You can optionally attach one or more arbitrary tags to the outgoing error reports if desired by setting the `SENTRY_TAGS` parameter:
+
+```python
+SENTRY_TAGS = {
+    "custom.foo": "123",
+    "custom.bar": "abc",
+}
+```
+
+!!! warning "Reserved tag prefixes"
+    Avoid using any tag names which begin with `netbox.`, as this prefix is reserved by the NetBox application.
+
+### Testing
+
+Once the configuration has been saved, restart the NetBox service.
+
+To test Sentry operation, try generating a 404 (page not found) error by navigating to an invalid URL, such as `https://netbox/404-error-testing`. (Be sure that debug mode has been disabled.) After receiving a 404 response from the NetBox server, you should see the issue appear shortly in Sentry.

docs/administration/housekeeping.md

@@ -0,0 +1,49 @@
+# Housekeeping
+
+NetBox includes a `housekeeping` management command that should be run nightly. This command handles:
+
+* Clearing expired authentication sessions from the database
+* Deleting changelog records older than the configured [retention time](../configuration/miscellaneous.md#changelog_retention)
+* Deleting job result records older than the configured [retention time](../configuration/miscellaneous.md#job_retention)
+* Check for new NetBox releases (if [`RELEASE_CHECK_URL`](../configuration/miscellaneous.md#release_check_url) is set)
+
+This command can be invoked directly, or by using the shell script provided at `/opt/netbox/contrib/netbox-housekeeping.sh`.
+
+## Scheduling
+
+### Using Cron
+
+This script can be linked from your cron scheduler's daily jobs directory (e.g. `/etc/cron.daily`) or referenced directly within the cron configuration file.
+
+```shell
+sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeeping
+```
+
+!!! note
+    On Debian-based systems, be sure to omit the `.sh` file extension when linking to the script from within a cron directory. Otherwise, the task may not run.
+
+### Using Systemd
+
+First, create symbolic links for the systemd service and timer files. Link the existing service and timer files from the `/opt/netbox/contrib/` directory to the `/etc/systemd/system/` directory:
+
+```bash
+sudo ln -s /opt/netbox/contrib/netbox-housekeeping.service /etc/systemd/system/netbox-housekeeping.service
+sudo ln -s /opt/netbox/contrib/netbox-housekeeping.timer /etc/systemd/system/netbox-housekeeping.timer
+```
+
+Then, reload the systemd configuration and enable the timer to start automatically at boot:
+
+```bash
+sudo systemctl daemon-reload
+sudo systemctl enable --now netbox-housekeeping.timer
+```
+
+Check the status of your timer by running:
+
+```bash
+sudo systemctl list-timers --all
+```
+
+This command will show a list of all timers, including your `netbox-housekeeping.timer`. Make sure the timer is active and properly scheduled.
+
+That's it! Your NetBox housekeeping service is now configured to run daily using systemd.

docs/administration/netbox-shell.md

@@ -1,17 +1,17 @@
 # The NetBox Python Shell
 
-NetBox includes a Python shell within which objects can be directly queried, created, modified, and deleted. To enter the shell, run the following command:
+NetBox includes a Python management shell within which objects can be directly queried, created, modified, and deleted. To enter the shell, run the following command:
 
 ```
 ./manage.py nbshell
 ```
 
-This will launch a customized version of [the built-in Django shell](https://docs.djangoproject.com/en/stable/ref/django-admin/#shell) with all relevant NetBox models pre-loaded. (If desired, the stock Django shell is also available by executing `./manage.py shell`.)
+This will launch a lightly customized version of [the built-in Django shell](https://docs.djangoproject.com/en/stable/ref/django-admin/#shell) with all relevant NetBox models pre-loaded. (If desired, the stock Django shell is also available by executing `./manage.py shell`.)
 
 ```
 $ ./manage.py nbshell
 ### NetBox interactive shell (localhost)
-### Python 3.6.9 | Django 2.2.11 | NetBox 2.7.10
+### Python 3.7.10 | Django 3.2.5 | NetBox 3.0
 ### lsmodels() will show available models. Use help(<model>) for more info.
 ```
 
@@ -28,13 +28,17 @@ DCIM:
   ...
 ```
 
+!!! warning
+    The NetBox shell affords direct access to NetBox data and function with very little validation in place. As such, it is crucial to ensure that only authorized, knowledgeable users are ever granted access to it. Never perform any action in the management shell without having a full backup in place.
+
 ## Querying Objects
 
-Objects are retrieved by forming a [Django queryset](https://docs.djangoproject.com/en/stable/topics/db/queries/#retrieving-objects). The base queryset for an object takes the form `<model>.objects.all()`, which will return a (truncated) list of all objects of that type.
+Objects are retrieved from the database using a [Django queryset](https://docs.djangoproject.com/en/stable/topics/db/queries/#retrieving-objects). The base queryset for an object takes the form `<model>.objects.all()`, which will return a (truncated) list of all objects of that type.
 
 ```
 >>> Device.objects.all()
-<QuerySet [<Device: TestDevice1>, <Device: TestDevice2>, <Device: TestDevice3>, <Device: TestDevice4>, <Device: TestDevice5>, '...(remaining elements truncated)...']>
+<QuerySet [<Device: TestDevice1>, <Device: TestDevice2>, <Device: TestDevice3>,
+<Device: TestDevice4>, <Device: TestDevice5>, '...(remaining elements truncated)...']>
 ```
 
 Use a `for` loop to cycle through all objects in the list:
@@ -43,11 +47,11 @@ Use a `for` loop to cycle through all objects in the list:
 >>> for device in Device.objects.all():
 ...   print(device.name, device.device_type)
 ...
-(u'TestDevice1', <DeviceType: PacketThingy 9000>)
-(u'TestDevice2', <DeviceType: PacketThingy 9000>)
-(u'TestDevice3', <DeviceType: PacketThingy 9000>)
-(u'TestDevice4', <DeviceType: PacketThingy 9000>)
-(u'TestDevice5', <DeviceType: PacketThingy 9000>)
+('TestDevice1', <DeviceType: PacketThingy 9000>)
+('TestDevice2', <DeviceType: PacketThingy 9000>)
+('TestDevice3', <DeviceType: PacketThingy 9000>)
+('TestDevice4', <DeviceType: PacketThingy 9000>)
+('TestDevice5', <DeviceType: PacketThingy 9000>)
 ...
 ```
 
@@ -67,52 +71,53 @@ To retrieve a particular object (typically by its primary key or other unique fi
 
 ### Filtering Querysets
 
-In most cases, you want to retrieve only a specific subset of objects. To filter a queryset, replace `all()` with `filter()` and pass one or more keyword arguments. For example:
+In most cases, you will want to retrieve only a specific subset of objects. To filter a queryset, replace `all()` with `filter()` and pass one or more keyword arguments. For example:
 
 ```
->>> Device.objects.filter(status=STATUS_ACTIVE)
-<QuerySet [<Device: TestDevice1>, <Device: TestDevice2>, <Device: TestDevice3>, <Device: TestDevice8>, <Device: TestDevice9>, '...(remaining elements truncated)...']>
+>>> Device.objects.filter(status="active")
+<QuerySet [<Device: TestDevice1>, <Device: TestDevice2>, <Device: TestDevice3>,
+<Device: TestDevice8>, <Device: TestDevice9>, '...(remaining elements truncated)...']>
 ```
 
 Querysets support slicing to return a specific range of objects.
 
 ```
->>> Device.objects.filter(status=STATUS_ACTIVE)[:3]
+>>> Device.objects.filter(status="active")[:3]
 <QuerySet [<Device: TestDevice1>, <Device: TestDevice2>, <Device: TestDevice3>]>
 ```
 
 The `count()` method can be appended to the queryset to return a count of objects rather than the full list.
 
 ```
->>> Device.objects.filter(status=STATUS_ACTIVE).count()
+>>> Device.objects.filter(status="active").count()
 982
 ```
 
-Relationships with other models can be traversed by concatenating field names with a double-underscore. For example, the following will return all devices assigned to the tenant named "Pied Piper."
+Relationships with other models can be traversed by concatenating attribute names with a double-underscore. For example, the following will return all devices assigned to the tenant named "Pied Piper."
 
 ```
->>> Device.objects.filter(tenant__name='Pied Piper')
+>>> Device.objects.filter(tenant__name="Pied Piper")
 ```
 
 This approach can span multiple levels of relations. For example, the following will return all IP addresses assigned to a device in North America:
 
 ```
->>> IPAddress.objects.filter(interface__device__site__region__slug='north-america')
+>>> IPAddress.objects.filter(interface__device__site__region__slug="north-america")
 ```
 
 !!! note
-    While the above query is functional, it is very inefficient. There are ways to optimize such requests, however they are out of the scope of this document. For more information, see the [Django queryset method reference](https://docs.djangoproject.com/en/stable/ref/models/querysets/) documentation.
+    While the above query is functional, it's not very efficient. There are ways to optimize such requests, however they are out of scope for this document. For more information, see the [Django queryset method reference](https://docs.djangoproject.com/en/stable/ref/models/querysets/) documentation.
 
 Reverse relationships can be traversed as well. For example, the following will find all devices with an interface named "em0":
 
 ```
->>> Device.objects.filter(interfaces__name='em0')
+>>> Device.objects.filter(interfaces__name="em0")
 ```
 
 Character fields can be filtered against partial matches using the `contains` or `icontains` field lookup (the later of which is case-insensitive).
 
 ```
->>> Device.objects.filter(name__icontains='testdevice')
+>>> Device.objects.filter(name__icontains="testdevice")
 ```
 
 Similarly, numeric fields can be filtered by values less than, greater than, and/or equal to a given value.
@@ -124,7 +129,7 @@ Similarly, numeric fields can be filtered by values less than, greater than, and
 Multiple filters can be combined to further refine a queryset.
 
 ```
->>> VLAN.objects.filter(vid__gt=2000, name__icontains='engineering')
+>>> VLAN.objects.filter(vid__gt=2000, name__icontains="engineering")
 ```
 
 To return the inverse of a filtered queryset, use `exclude()` instead of `filter()`.
@@ -132,41 +137,37 @@ To return the inverse of a filtered queryset, use `exclude()` instead of `filter
 ```
 >>> Device.objects.count()
 4479
->>> Device.objects.filter(status=STATUS_ACTIVE).count()
+>>> Device.objects.filter(status="active").count()
 4133
->>> Device.objects.exclude(status=STATUS_ACTIVE).count()
+>>> Device.objects.exclude(status="active").count()
 346
 ```
 
 !!! info
-    The examples above are intended only to provide a cursory introduction to queryset filtering. For an exhaustive list of the available filters, please consult the [Django queryset API docs](https://docs.djangoproject.com/en/stable/ref/models/querysets/).
+    The examples above are intended only to provide a cursory introduction to queryset filtering. For an exhaustive list of the available filters, please consult the [Django queryset API documentation](https://docs.djangoproject.com/en/stable/ref/models/querysets/).
 
 ## Creating and Updating Objects
 
-New objects can be created by instantiating the desired model, defining values for all required attributes, and calling `save()` on the instance.
+New objects can be created by instantiating the desired model, defining values for all required attributes, and calling `save()` on the instance. For example, we can create a new VLAN by specifying its numeric ID, name, and assigned site:
 
 ```
 >>> lab1 = Site.objects.get(pk=7)
 >>> myvlan = VLAN(vid=123, name='MyNewVLAN', site=lab1)
+>>> myvlan.full_clean()
 >>> myvlan.save()
 ```
 
-Alternatively, the above can be performed as a single operation:
-
-```
->>> VLAN(vid=123, name='MyNewVLAN', site=Site.objects.get(pk=7)).save()
-```
-
-To modify an object, retrieve it, update the desired field(s), and call `save()` again.
+To modify an existing object, we retrieve it, update the desired field(s), and call `save()` again.
 
 ```
 >>> vlan = VLAN.objects.get(pk=1280)
 >>> vlan.name
-u'MyNewVLAN'
+'MyNewVLAN'
 >>> vlan.name = 'BetterName'
+>>> vlan.full_clean()
 >>> vlan.save()
 >>> VLAN.objects.get(pk=1280).name
-u'BetterName'
+'BetterName'
 ```
 
 !!! warning
@@ -180,7 +181,7 @@ To delete an object, simply call `delete()` on its instance. This will return a
 >>> vlan
 <VLAN: 123 (BetterName)>
 >>> vlan.delete()
-(1, {u'extras.CustomFieldValue': 0, u'ipam.VLAN': 1})
+(1, {'ipam.VLAN': 1})
 ```
 
 To delete multiple objects at once, call `delete()` on a filtered queryset. It's a good idea to always sanity-check the count of selected objects _before_ deleting them.
@@ -189,8 +190,10 @@ To delete multiple objects at once, call `delete()` on a filtered queryset. It's
 >>> Device.objects.filter(name__icontains='test').count()
 27
 >>> Device.objects.filter(name__icontains='test').delete()
-(35, {u'extras.CustomFieldValue': 0, u'dcim.DeviceBay': 0, u'secrets.Secret': 0, u'dcim.InterfaceConnection': 4, u'extras.ImageAttachment': 0, u'dcim.Device': 27, u'dcim.Interface': 4, u'dcim.ConsolePort': 0, u'dcim.PowerPort': 0})
+(35, {'dcim.DeviceBay': 0, 'dcim.InterfaceConnection': 4,
+'extras.ImageAttachment': 0, 'dcim.Device': 27, 'dcim.Interface': 4,
+'dcim.ConsolePort': 0, 'dcim.PowerPort': 0})
 ```
 
 !!! warning
-    Deletions are immediate and irreversible. Always think very carefully before calling `delete()` on an instance or queryset.
+    Deletions are immediate and irreversible. Always consider the impact of deleting objects carefully before calling `delete()` on an instance or queryset.

docs/administration/permissions.md

@@ -0,0 +1,113 @@
+# Object-Based Permissions
+
+NetBox employs a new object-based permissions framework, which replaces Django's built-in permissions model. Object-based permissions enable an administrator to grant users or groups the ability to perform an action on arbitrary subsets of objects in NetBox, rather than all objects of a certain type. For example, it is possible to grant a user permission to view only sites within a particular region, or to modify only VLANs with a numeric ID within a certain range.
+
+A permission in NetBox represents a relationship shared by several components:
+
+* Object type(s) - One or more types of object in NetBox
+* User(s)/Group(s) - One or more users or groups of users
+* Action(s) - The action(s) that can be performed on an object
+* Constraints - An arbitrary filter used to limit the granted action(s) to a specific subset of objects
+
+At a minimum, a permission assignment must specify one object type, one user or group, and one action. The specification of constraints is optional: A permission without any constraints specified will apply to all instances of the selected model(s).
+
+## Actions
+
+There are four core actions that can be permitted for each type of object within NetBox, roughly analogous to the CRUD convention (create, read, update, and delete):
+
+* **View** - Retrieve an object from the database
+* **Add** - Create a new object
+* **Change** - Modify an existing object
+* **Delete** - Delete an existing object
+
+In addition to these, permissions can also grant custom actions that may be required by a specific model or plugin. For example, the `run` permission for scripts allows a user to execute custom scripts. These can be specified when granting a permission in the "additional actions" field.
+
+!!! note
+    Internally, all actions granted by a permission (both built-in and custom) are stored as strings in an array field named `actions`.
+
+## Constraints
+
+Constraints are expressed as a JSON object or list representing a [Django query filter](https://docs.djangoproject.com/en/stable/ref/models/querysets/#field-lookups). This is the same syntax that you would pass to the QuerySet `filter()` method when performing a query using the Django ORM. As with query filters, double underscores can be used to traverse related objects or invoke lookup expressions. Some example queries and their corresponding definitions are shown below.
+
+All attributes defined within a single JSON object are applied with a logical AND. For example, suppose you assign a permission for the site model with the following constraints.
+
+```json
+{
+  "status": "active",
+  "region__name": "Americas"
+}
+```
+
+The permission will grant access only to sites which have a status of "active" **and** which are assigned to the "Americas" region.
+
+To achieve a logical OR with a different set of constraints, define multiple objects within a list. For example, if you want to constrain the permission to VLANs with an ID between 100 and 199 _or_ a status of "reserved," do the following:
+
+```json
+[
+  {
+    "vid__gte": 100,
+    "vid__lt": 200
+  },
+  {
+    "status": "reserved"
+  }
+]
+```
+
+Additionally, where multiple permissions have been assigned for an object type, their collective constraints will be merged using a logical "OR" operation.
+
+### User Token
+
+When defining a permission constraint, administrators may use the special token `$user` to reference the current user at the time of evaluation. This can be helpful to restrict users to editing only their own journal entries, for example. Such a constraint might be defined as:
+
+```json
+{
+  "created_by": "$user"
+}
+```
+
+The `$user` token can be used only as a constraint value, or as an item within a list of values. It cannot be modified or extended to reference specific user attributes.
+
+### Default Permissions
+
+While permissions are typically assigned to specific groups and/or users, it is also possible to define a set of default permissions that are applied to _all_ authenticated users. This is done using the [`DEFAULT_PERMISSIONS`](../configuration/security.md#default_permissions) configuration parameter. Note that statically configuring permissions for specific users or groups is **not** supported.
+
+### Example Constraint Definitions
+
+| Constraints | Description |
+| ----------- | ----------- |
+| `{"status": "active"}` | Status is active |
+| `{"status__in": ["planned", "reserved"]}` | Status is active **OR** reserved |
+| `{"status": "active", "role": "testing"}` | Status is active **AND** role is testing |
+| `{"name__startswith": "Foo"}` | Name starts with "Foo" (case-sensitive) |
+| `{"name__iendswith": "bar"}` | Name ends with "bar" (case-insensitive) |
+| `{"vid__gte": 100, "vid__lt": 200}` | VLAN ID is greater than or equal to 100 **AND** less than 200 |
+| `[{"vid__lt": 200}, {"status": "reserved"}]` | VLAN ID is less than 200 **OR** status is reserved |
+
+## Permissions Enforcement
+
+### Viewing Objects
+
+Object-based permissions work by filtering the database query generated by a user's request to restrict the set of objects returned. When a request is received, NetBox first determines whether the user is authenticated and has been granted to perform the requested action. For example, if the requested URL is `/dcim/devices/`, NetBox will check for the `dcim.view_device` permission. If the user has not been assigned this permission (either directly or via a group assignment), NetBox will return a 403 (forbidden) HTTP response.
+
+If the permission _has_ been granted, NetBox will compile any specified constraints for the model and action. For example, suppose two permissions have been assigned to the user granting view access to the device model, with the following constraints:
+
+```json
+[
+    {"site__name__in":  ["NYC1", "NYC2"]},
+    {"status":  "offline", "tenant__isnull":  true}
+]
+```
+
+This grants the user access to view any device that is assigned to a site named NYC1 or NYC2, **or** which has a status of "offline" and has no tenant assigned. These constraints are equivalent to the following ORM query:
+
+```no-highlight
+Site.objects.filter(
+    Q(site__name__in=['NYC1', 'NYC2']),
+    Q(status='active', tenant__isnull=True)
+)
+```
+
+### Creating and Modifying Objects
+
+The same sort of logic is in play when a user attempts to create or modify an object in NetBox, with a twist. Once validation has completed, NetBox starts an atomic database transaction to facilitate the change, and the object is created or saved normally. Next, still within the transaction, NetBox issues a second query to retrieve the newly created/updated object, filtering the restricted queryset with the object's primary key. If this query fails to return the object, NetBox knows that the new revision does not match the constraints imposed by the permission. The transaction is then rolled back, leaving the database in its original state prior to the change, and the user is informed of the violation.

docs/administration/replicating-netbox.md

@@ -2,7 +2,7 @@
 
 ## Replicating the Database
 
-NetBox uses [PostgreSQL](https://www.postgresql.org/) for its database, so general PostgreSQL best practices will apply to NetBox. You can dump and restore the database using the `pg_dump` and `psql` utilities, respectively.
+NetBox employs a [PostgreSQL](https://www.postgresql.org/) database, so general PostgreSQL best practices apply here. The database can be written to a file and restored using the `pg_dump` and `psql` utilities, respectively.
 
 !!! note
     The examples below assume that your database is named `netbox`.
@@ -12,19 +12,24 @@ NetBox uses [PostgreSQL](https://www.postgresql.org/) for its database, so gener
 Use the `pg_dump` utility to export the entire database to a file:
 
 ```no-highlight
-pg_dump netbox > netbox.sql
+pg_dump --username netbox --password --host localhost netbox > netbox.sql
 ```
 
+!!! note
+    You may need to change the username, host, and/or database in the command above to match your installation.
+
 When replicating a production database for development purposes, you may find it convenient to exclude changelog data, which can easily account for the bulk of a database's size. To do this, exclude the `extras_objectchange` table data from the export. The table will still be included in the output file, but will not be populated with any data.
 
 ```no-highlight
-pg_dump --exclude-table-data=extras_objectchange netbox > netbox.sql
+pg_dump ... --exclude-table-data=extras_objectchange netbox > netbox.sql
 ```
 
 ### Load an Exported Database
 
+When restoring a database from a file, it's recommended to delete any existing database first to avoid potential conflicts.
+
 !!! warning
-    This will destroy and replace any existing instance of the database.
+    The following will destroy and replace any existing instance of the database.
 
 ```no-highlight
 psql -c 'drop database netbox'
@@ -39,19 +44,17 @@ Keep in mind that PostgreSQL user accounts and permissions are not included with
 If you want to export only the database schema, and not the data itself (e.g. for development reference), do the following:
 
 ```no-highlight
-pg_dump -s netbox > netbox_schema.sql
-```
-If you are migrating your instance of NetBox to a different machine, please make sure you invalidate the cache by performing this command:
-
-```no-highlight
-python3 manage.py invalidate all
+pg_dump --username netbox --password --host localhost -s netbox > netbox_schema.sql
 ```
 
 ---
 
-## Replicating Media
+## Replicating Uploaded Media
 
-NetBox stored uploaded files (such as image attachments) in its media directory. To fully replicate an instance of NetBox, you'll need to copy both the database and the media files.
+By default, NetBox stores uploaded files (such as image attachments) in its media directory. To fully replicate an instance of NetBox, you'll need to copy both the database and the media files.
+
+!!! note
+    These operations are not necessary if your installation is utilizing a [remote storage backend](../configuration/system.md#storage_backend).
 
 ### Archive the Media Directory
 

docs/api/authentication.md

@@ -1,53 +0,0 @@
-# REST API Authentication
-
-The NetBox API employs token-based authentication. For convenience, cookie authentication can also be used when navigating the browsable API.
-
-## Tokens
-
-A token is a unique identifier that identifies a user to the API. Each user in NetBox may have one or more tokens which he or she can use to authenticate to the API. To create a token, navigate to the API tokens page at `/user/api-tokens/`.
-
-!!! note
-    The creation and modification of API tokens can be restricted per user by an administrator. If you don't see an option to create an API token, ask an administrator to grant you access.
-
-Each token contains a 160-bit key represented as 40 hexadecimal characters. When creating a token, you'll typically leave the key field blank so that a random key will be automatically generated. However, NetBox allows you to specify a key in case you need to restore a previously deleted token to operation.
-
-By default, a token can be used for all operations available via the API. Deselecting the "write enabled" option will restrict API requests made with the token to read operations (e.g. GET) only.
-
-Additionally, a token can be set to expire at a specific time. This can be useful if an external client needs to be granted temporary access to NetBox.
-
-## Authenticating to the API
-
-By default, read operations will be available without authentication. In this case, a token may be included in the request, but is not necessary.
-
-```
-$ curl -H "Accept: application/json; indent=4" http://localhost/api/dcim/sites/
-{
-    "count": 10,
-    "next": null,
-    "previous": null,
-    "results": [...]
-}
-```
-
-However, if the [`LOGIN_REQUIRED`](../../configuration/optional-settings/#login_required) configuration setting has been set to `True`, all requests must be authenticated.
-
-```
-$ curl -H "Accept: application/json; indent=4" http://localhost/api/dcim/sites/
-{
-    "detail": "Authentication credentials were not provided."
-}
-```
-
-To authenticate to the API, set the HTTP `Authorization` header to the string `Token ` (note the trailing space) followed by the token key.
-
-```
-$ curl -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0" -H "Accept: application/json; indent=4" http://localhost/api/dcim/sites/
-{
-    "count": 10,
-    "next": null,
-    "previous": null,
-    "results": [...]
-}
-```
-
-Additionally, the browsable interface to the API (which can be seen by navigating to the API root `/api/` in a web browser) will attempt to authenticate requests using the same cookie that the normal NetBox front end uses. Thus, if you have logged into NetBox, you will be logged into the browsable API as well.

docs/api/examples.md

@@ -1,147 +0,0 @@
-# API Examples
-
-Supported HTTP methods:
-
-* `GET`: Retrieve an object or list of objects
-* `POST`: Create a new object
-* `PUT`: Update an existing object, all mandatory fields must be specified
-* `PATCH`: Updates an existing object, only specifying the field to be changed
-* `DELETE`: Delete an existing object
-
-To authenticate a request, attach your token in an `Authorization` header:
-
-```
-curl -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0"
-```
-
-## Retrieving a list of sites
-
-Send a `GET` request to the object list endpoint. The response contains a paginated list of JSON objects.
-
-```
-$ curl -H "Accept: application/json; indent=4" http://localhost/api/dcim/sites/
-{
-    "count": 14,
-    "next": null,
-    "previous": null,
-    "results": [
-        {
-            "id": 6,
-            "name": "Corporate HQ",
-            "slug": "corporate-hq",
-            "region": null,
-            "tenant": null,
-            "facility": "",
-            "asn": null,
-            "physical_address": "742 Evergreen Terrace, Springfield, USA",
-            "shipping_address": "",
-            "contact_name": "",
-            "contact_phone": "",
-            "contact_email": "",
-            "comments": "",
-            "custom_fields": {},
-            "count_prefixes": 108,
-            "count_vlans": 46,
-            "count_racks": 8,
-            "count_devices": 254,
-            "count_circuits": 6
-        },
-        ...
-    ]
-}
-```
-
-## Retrieving a single site by ID
-
-Send a `GET` request to the object detail endpoint. The response contains a single JSON object.
-
-```
-$ curl -H "Accept: application/json; indent=4" http://localhost/api/dcim/sites/6/
-{
-    "id": 6,
-    "name": "Corporate HQ",
-    "slug": "corporate-hq",
-    "region": null,
-    "tenant": null,
-    "facility": "",
-    "asn": null,
-    "physical_address": "742 Evergreen Terrace, Springfield, USA",
-    "shipping_address": "",
-    "contact_name": "",
-    "contact_phone": "",
-    "contact_email": "",
-    "comments": "",
-    "custom_fields": {},
-    "count_prefixes": 108,
-    "count_vlans": 46,
-    "count_racks": 8,
-    "count_devices": 254,
-    "count_circuits": 6
-}
-```
-
-## Creating a new site
-
-Send a `POST` request to the site list endpoint with token authentication and JSON-formatted data. Only mandatory fields are required. This example includes one non required field, "region."
-
-```
-$ curl -X POST -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0" -H "Content-Type: application/json" -H "Accept: application/json; indent=4" http://localhost:8000/api/dcim/sites/ --data '{"name": "My New Site", "slug": "my-new-site", "region": 5}'
-{
-    "id": 16,
-    "name": "My New Site",
-    "slug": "my-new-site",
-    "region": 5,
-    "tenant": null,
-    "facility": "",
-    "asn": null,
-    "physical_address": "",
-    "shipping_address": "",
-    "contact_name": "",
-    "contact_phone": "",
-    "contact_email": "",
-    "comments": ""
-}
-```
-Note that in this example we are creating a site bound to a region with the ID of 5. For write API actions (`POST`, `PUT`, and `PATCH`) the integer ID value is used for `ForeignKey` (related model) relationships, instead of the nested representation that is used in the `GET` (list) action.
-
-## Modify an existing site
-
-Make an authenticated `PUT` request to the site detail endpoint. As with a create (`POST`) request, all mandatory fields must be included.
-
-```
-$ curl -X PUT -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0" -H "Content-Type: application/json" -H "Accept: application/json; indent=4" http://localhost:8000/api/dcim/sites/16/ --data '{"name": "Renamed Site", "slug": "renamed-site"}'
-```
-
-## Modify an object by changing a field
-
-Make an authenticated `PATCH` request to the device endpoint. With `PATCH`, unlike `POST` and `PUT`, we only specify the field that is being changed. In this example, we add a serial number to a device.
-```
-$ curl -X PATCH -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0" -H "Content-Type: application/json" -H "Accept: application/json; indent=4" http://localhost:8000/api/dcim/devices/2549/ --data '{"serial": "FTX1123A090"}'
-```
-
-## Delete an existing site
-
-Send an authenticated `DELETE` request to the site detail endpoint.
-
-```
-$ curl -v -X DELETE -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0" -H "Content-Type: application/json" -H "Accept: application/json; indent=4" http://localhost:8000/api/dcim/sites/16/
-* Connected to localhost (127.0.0.1) port 8000 (#0)
-> DELETE /api/dcim/sites/16/ HTTP/1.1
-> User-Agent: curl/7.35.0
-> Host: localhost:8000
-> Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0
-> Content-Type: application/json
-> Accept: application/json; indent=4
->
-* HTTP 1.0, assume close after body
-< HTTP/1.0 204 No Content
-< Date: Mon, 20 Mar 2017 16:13:08 GMT
-< Server: WSGIServer/0.1 Python/2.7.6
-< Vary: Accept, Cookie
-< X-Frame-Options: SAMEORIGIN
-< Allow: GET, PUT, PATCH, DELETE, OPTIONS
-<
-* Closing connection 0
-```
-
-The response to a successful `DELETE` request will have code 204 (No Content); the body of the response will be empty.

docs/api/filtering.md

@@ -1,71 +0,0 @@
-# API Filtering
-
-The NetBox API supports robust filtering of results based on the fields of each model.
-Generally speaking you are able to filter based on the attributes (fields) present in
-the response body. Please note however that certain read-only or metadata fields are not
-filterable.
-
-Filtering is achieved by passing HTTP query parameters and the parameter name is the
-name of the field you wish to filter on and the value is the field value.
-
-E.g. filtering based on a device's name:
-```
-/api/dcim/devices/?name=DC-SPINE-1
-```
-
-## Multi Value Logic
-
-While you are able to filter based on an arbitrary number of fields, you are also able to
-pass multiple values for the same field. In most cases filtering on multiple values is
-implemented as a logical OR operation. A notable exception is the `tag` filter which
-is a logical AND. Passing multiple values for one field, can be combined with other fields.
-
-For example, filtering for devices with either the name of DC-SPINE-1 _or_ DC-LEAF-4:
-```
-/api/dcim/devices/?name=DC-SPINE-1&name=DC-LEAF-4
-```
-
-Filtering for devices with tag `router` and `customer-a` will return only devices with
-_both_ of those tags applied:
-```
-/api/dcim/devices/?tag=router&tag=customer-a
-```
-
-## Lookup Expressions
-
-Certain model fields also support filtering using additional lookup expressions. This allows
-for negation and other context specific filtering.
-
-These lookup expressions can be applied by adding a suffix to the desired field's name.
-E.g. `mac_address__n`. In this case, the filter expression is for negation and it is separated
-by two underscores. Below are the lookup expressions that are supported across different field
-types.
-
-### Numeric Fields
-
-Numeric based fields (ASN, VLAN ID, etc) support these lookup expressions:
-
-- `n` - not equal (negation)
-- `lt` - less than
-- `lte` - less than or equal
-- `gt` - greater than
-- `gte` - greater than or equal
-
-### String Fields
-
-String based (char) fields (Name, Address, etc) support these lookup expressions:
-
-- `n` - not equal (negation)
-- `ic` - case insensitive contains
-- `nic` - negated case insensitive contains
-- `isw` - case insensitive starts with
-- `nisw` - negated case insensitive starts with
-- `iew` - case insensitive ends with
-- `niew` - negated case insensitive ends with
-- `ie` - case sensitive exact match
-- `nie` - negated case sensitive exact match
-
-### Foreign Keys & Other Fields
-
-Certain other fields, namely foreign key relationships support just the negation
-expression: `n`.

docs/api/overview.md

@@ -1,291 +0,0 @@
-# The NetBox REST API
-
-## What is a REST API?
-
-REST stands for [representational state transfer](https://en.wikipedia.org/wiki/Representational_state_transfer). It's a particular type of API which employs HTTP to create, retrieve, update, and delete objects from a database. (This set of operations is commonly referred to as CRUD.) Each type of operation is associated with a particular HTTP verb:
-
-* `GET`: Retrieve an object or list of objects
-* `POST`: Create an object
-* `PUT` / `PATCH`: Modify an existing object. `PUT` requires all mandatory fields to be specified, while `PATCH` only expects the field that is being modified to be specified.
-* `DELETE`: Delete an existing object
-
-The NetBox API represents all objects in [JavaScript Object Notation (JSON)](http://www.json.org/). This makes it very easy to interact with NetBox data on the command line with common tools. For example, we can request an IP address from NetBox and output the JSON using `curl` and `jq`. (Piping the output through `jq` isn't strictly required but makes it much easier to read.)
-
-```
-$ curl -s http://localhost:8000/api/ipam/ip-addresses/2954/ | jq '.'
-{
-  "custom_fields": {},
-  "nat_outside": null,
-  "nat_inside": null,
-  "description": "An example IP address",
-  "id": 2954,
-  "family": 4,
-  "address": "5.101.108.132/26",
-  "vrf": null,
-  "tenant": null,
-  "status": {
-    "label": "Active",
-    "value": 1
-  },
-  "role": null,
-  "interface": null
-}
-```
-
-Each attribute of the NetBox object is expressed as a field in the dictionary. Fields may include their own nested objects, as in the case of the `status` field above. Every object includes a primary key named `id` which uniquely identifies it in the database.
-
-## Interactive Documentation
-
-Comprehensive, interactive documentation of all API endpoints is available on a running NetBox instance at `/api/docs/`. This interface provides a convenient sandbox for researching and experimenting with NetBox's various API endpoints and different request types.
-
-## URL Hierarchy
-
-NetBox's entire API is housed under the API root at `https://<hostname>/api/`. The URL structure is divided at the root level by application: circuits, DCIM, extras, IPAM, secrets, and tenancy. Within each application, each model has its own path. For example, the provider and circuit objects are located under the "circuits" application:
-
-* /api/circuits/providers/
-* /api/circuits/circuits/
-
-Likewise, the site, rack, and device objects are located under the "DCIM" application:
-
-* /api/dcim/sites/
-* /api/dcim/racks/
-* /api/dcim/devices/
-
-The full hierarchy of available endpoints can be viewed by navigating to the API root in a web browser.
-
-Each model generally has two views associated with it: a list view and a detail view. The list view is used to request a list of multiple objects or to create a new object. The detail view is used to retrieve, update, or delete an existing object. All objects are referenced by their numeric primary key (`id`).
-
-* /api/dcim/devices/ - List devices or create a new device
-* /api/dcim/devices/123/ - Retrieve, update, or delete the device with ID 123
-
-Lists of objects can be filtered using a set of query parameters. For example, to find all interfaces belonging to the device with ID 123:
-
-```
-GET /api/dcim/interfaces/?device_id=123
-```
-
-See [filtering](filtering.md) for more details.
-
-## Serialization
-
-The NetBox API employs three types of serializers to represent model data:
-
-* Base serializer
-* Nested serializer
-* Writable serializer
-
-The base serializer is used to represent the default view of a model. This includes all database table fields which comprise the model, and may include additional metadata. A base serializer includes relationships to parent objects, but **does not** include child objects. For example, the `VLANSerializer` includes a nested representation its parent VLANGroup (if any), but does not include any assigned Prefixes.
-
-```
-{
-    "id": 1048,
-    "site": {
-        "id": 7,
-        "url": "http://localhost:8000/api/dcim/sites/7/",
-        "name": "Corporate HQ",
-        "slug": "corporate-hq"
-    },
-    "group": {
-        "id": 4,
-        "url": "http://localhost:8000/api/ipam/vlan-groups/4/",
-        "name": "Production",
-        "slug": "production"
-    },
-    "vid": 101,
-    "name": "Users-Floor1",
-    "tenant": null,
-    "status": {
-        "value": 1,
-        "label": "Active"
-    },
-    "role": {
-        "id": 9,
-        "url": "http://localhost:8000/api/ipam/roles/9/",
-        "name": "User Access",
-        "slug": "user-access"
-    },
-    "description": "",
-    "display_name": "101 (Users-Floor1)",
-    "custom_fields": {}
-}
-```
-
-### Related Objects
-
-Related objects (e.g. `ForeignKey` fields) are represented using a nested serializer. A nested serializer provides a minimal representation of an object, including only its URL and enough information to display the object to a user. When performing write API actions (`POST`, `PUT`, and `PATCH`), related objects may be specified by either numeric ID (primary key), or by a set of attributes sufficiently unique to return the desired object.
-
-For example, when creating a new device, its rack can be specified by NetBox ID (PK):
-
-```
-{
-    "name": "MyNewDevice",
-    "rack": 123,
-    ...
-}
-```
-
-Or by a set of nested attributes used to identify the rack:
-
-```
-{
-    "name": "MyNewDevice",
-    "rack": {
-        "site": {
-            "name": "Equinix DC6"
-        },
-        "name": "R204"
-    },
-    ...
-}
-```
-
-Note that if the provided parameters do not return exactly one object, a validation error is raised.
-
-### Brief Format
-
-Most API endpoints support an optional "brief" format, which returns only a minimal representation of each object in the response. This is useful when you need only a list of the objects themselves without any related data, such as when populating a drop-down list in a form.
-
-For example, the default (complete) format of an IP address looks like this:
-
-```
-GET /api/ipam/prefixes/13980/
-
-{
-    "id": 13980,
-    "family": 4,
-    "prefix": "192.0.2.0/24",
-    "site": null,
-    "vrf": null,
-    "tenant": null,
-    "vlan": null,
-    "status": {
-        "value": 1,
-        "label": "Active"
-    },
-    "role": null,
-    "is_pool": false,
-    "description": "",
-    "tags": [],
-    "custom_fields": {},
-    "created": "2018-12-11",
-    "last_updated": "2018-12-11T16:27:55.073174-05:00"
-}
-```
-
-The brief format is much more terse, but includes a link to the object's full representation:
-
-```
-GET /api/ipam/prefixes/13980/?brief=1
-
-{
-    "id": 13980,
-    "url": "https://netbox/api/ipam/prefixes/13980/",
-    "family": 4,
-    "prefix": "192.0.2.0/24"
-}
-```
-
-The brief format is supported for both lists and individual objects.
-
-## Pagination
-
-API responses which contain a list of objects (for example, a request to `/api/dcim/devices/`) will be paginated to avoid unnecessary overhead. The root JSON object will contain the following attributes:
-
-* `count`: The total count of all objects matching the query
-* `next`: A hyperlink to the next page of results (if applicable)
-* `previous`: A hyperlink to the previous page of results (if applicable)
-* `results`: The list of returned objects
-
-Here is an example of a paginated response:
-
-```
-HTTP 200 OK
-Allow: GET, POST, OPTIONS
-Content-Type: application/json
-Vary: Accept
-
-{
-    "count": 2861,
-    "next": "http://localhost:8000/api/dcim/devices/?limit=50&offset=50",
-    "previous": null,
-    "results": [
-        {
-            "id": 123,
-            "name": "DeviceName123",
-            ...
-        },
-        ...
-    ]
-}
-```
-
-The default page size derives from the [`PAGINATE_COUNT`](../../configuration/optional-settings/#paginate_count) configuration setting, which defaults to 50. However, this can be overridden per request by specifying the desired `offset` and `limit` query parameters. For example, if you wish to retrieve a hundred devices at a time, you would make a request for:
-
-```
-http://localhost:8000/api/dcim/devices/?limit=100
-```
-
-The response will return devices 1 through 100. The URL provided in the `next` attribute of the response will return devices 101 through 200:
-
-```
-{
-    "count": 2861,
-    "next": "http://localhost:8000/api/dcim/devices/?limit=100&offset=100",
-    "previous": null,
-    "results": [...]
-}
-```
-
-The maximum number of objects that can be returned is limited by the [`MAX_PAGE_SIZE`](../../configuration/optional-settings/#max_page_size) setting, which is 1000 by default. Setting this to `0` or `None` will remove the maximum limit. An API consumer can then pass `?limit=0` to retrieve _all_ matching objects with a single request.
-
-!!! warning
-    Disabling the page size limit introduces a potential for very resource-intensive requests, since one API request can effectively retrieve an entire table from the database.
-
-## Filtering
-
-A list of objects retrieved via the API can be filtered by passing one or more query parameters. The same parameters used by the web UI work for the API as well. For example, to return only prefixes with a status of "Active" (identified by the slug `active`):
-
-```
-GET /api/ipam/prefixes/?status=active
-```
-
-The choices available for fixed choice fields such as `status` can be retrieved by sending an `OPTIONS` API request for the desired endpoint:
-
-```no-highlight
-$ curl -s -X OPTIONS \
--H "Authorization: Token $TOKEN" \
--H "Content-Type: application/json" \
--H "Accept: application/json; indent=4" \
-http://localhost:8000/api/ipam/prefixes/ | jq ".actions.POST.status.choices"
-[
-  {
-    "value": "container",
-    "display_name": "Container"
-  },
-  {
-    "value": "active",
-    "display_name": "Active"
-  },
-  {
-    "value": "reserved",
-    "display_name": "Reserved"
-  },
-  {
-    "value": "deprecated",
-    "display_name": "Deprecated"
-  }
-]
-```
-
-For most fields, when a filter is passed multiple times, objects matching _any_ of the provided values will be returned. For example, `GET /api/dcim/sites/?name=Foo&name=Bar` will return all sites named "Foo" _or_ "Bar". The exception to this rule is ManyToManyFields which may have multiple values assigned. Tags are the most common example of a ManyToManyField. For example, `GET /api/dcim/sites/?tag=foo&tag=bar` will return only sites tagged with both "foo" _and_ "bar".
-
-### Custom Fields
-
-To filter on a custom field, prepend `cf_` to the field name. For example, the following query will return only sites where a custom field named `foo` is equal to 123:
-
-```
-GET /api/dcim/sites/?cf_foo=123
-```
-
-!!! note
-    Full versus partial matching when filtering is configurable per custom field. Filtering can be toggled (or disabled) for a custom field in the admin UI.

docs/api/working-with-secrets.md

@@ -1,138 +0,0 @@
-# Working with Secrets
-
-As with most other objects, the NetBox API can be used to create, modify, and delete secrets. However, additional steps are needed to encrypt or decrypt secret data.
-
-## Generating a Session Key
-
-In order to encrypt or decrypt secret data, a session key must be attached to the API request. To generate a session key, send an authenticated request to the `/api/secrets/get-session-key/` endpoint with the private RSA key which matches your [UserKey](../../core-functionality/secrets/#user-keys). The private key must be POSTed with the name `private_key`.
-
-```
-$ curl -X POST http://localhost:8000/api/secrets/get-session-key/ \
--H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
--H "Accept: application/json; indent=4" \
---data-urlencode "private_key@<filename>"
-{
-    "session_key": "dyEnxlc9lnGzaOAV1dV/xqYPV63njIbdZYOgnAlGPHk="
-}
-```
-
-!!! note
-    To read the private key from a file, use the convention above. Alternatively, the private key can be read from an environment variable using `--data-urlencode "private_key=$PRIVATE_KEY"`.
-
-The request uses your private key to unlock your stored copy of the master key and generate a session key which can be attached in the `X-Session-Key` header of future API requests.
-
-## Retrieving Secrets
-
-A session key is not needed to retrieve unencrypted secrets: The secret is returned like any normal object with its `plaintext` field set to null.
-
-```
-$ curl http://localhost:8000/api/secrets/secrets/2587/ \
--H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
--H "Accept: application/json; indent=4"
-{
-    "id": 2587,
-    "device": {
-        "id": 1827,
-        "url": "http://localhost:8000/api/dcim/devices/1827/",
-        "name": "MyTestDevice",
-        "display_name": "MyTestDevice"
-    },
-    "role": {
-        "id": 1,
-        "url": "http://localhost:8000/api/secrets/secret-roles/1/",
-        "name": "Login Credentials",
-        "slug": "login-creds"
-    },
-    "name": "admin",
-    "plaintext": null,
-    "hash": "pbkdf2_sha256$1000$G6mMFe4FetZQ$f+0itZbAoUqW5pd8+NH8W5rdp/2QNLIBb+LGdt4OSKA=",
-    "created": "2017-03-21",
-    "last_updated": "2017-03-21T19:28:44.265582Z"
-}
-```
-
-To decrypt a secret, we must include our session key in the `X-Session-Key` header:
-
-```
-$ curl http://localhost:8000/api/secrets/secrets/2587/ \
--H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
--H "Accept: application/json; indent=4" \
--H "X-Session-Key: dyEnxlc9lnGzaOAV1dV/xqYPV63njIbdZYOgnAlGPHk="
-{
-    "id": 2587,
-    "device": {
-        "id": 1827,
-        "url": "http://localhost:8000/api/dcim/devices/1827/",
-        "name": "MyTestDevice",
-        "display_name": "MyTestDevice"
-    },
-    "role": {
-        "id": 1,
-        "url": "http://localhost:8000/api/secrets/secret-roles/1/",
-        "name": "Login Credentials",
-        "slug": "login-creds"
-    },
-    "name": "admin",
-    "plaintext": "foobar",
-    "hash": "pbkdf2_sha256$1000$G6mMFe4FetZQ$f+0itZbAoUqW5pd8+NH8W5rdp/2QNLIBb+LGdt4OSKA=",
-    "created": "2017-03-21",
-    "last_updated": "2017-03-21T19:28:44.265582Z"
-}
-```
-
-Lists of secrets can be decrypted in this manner as well:
-
-```
-$ curl http://localhost:8000/api/secrets/secrets/?limit=3 \
--H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
--H "Accept: application/json; indent=4" \
--H "X-Session-Key: dyEnxlc9lnGzaOAV1dV/xqYPV63njIbdZYOgnAlGPHk="
-{
-    "count": 3482,
-    "next": "http://localhost:8000/api/secrets/secrets/?limit=3&offset=3",
-    "previous": null,
-    "results": [
-        {
-            "id": 2587,
-            ...
-            "plaintext": "foobar",
-            ...
-        },
-        {
-            "id": 2588,
-            ...
-            "plaintext": "MyP@ssw0rd!",
-            ...
-        },
-        {
-            "id": 2589,
-            ...
-            "plaintext": "AnotherSecret!",
-            ...
-        },
-    ]
-}
-```
-
-## Creating Secrets
-
-Session keys are also used to decrypt new or modified secrets. This is done by setting the `plaintext` field of the submitted object:
-
-```
-$ curl -X POST http://localhost:8000/api/secrets/secrets/ \
--H "Content-Type: application/json" \
--H "Authorization: Token c639d619ecbeb1f3055c4141ba6870e20572edd7" \
--H "Accept: application/json; indent=4" \
--H "X-Session-Key: dyEnxlc9lnGzaOAV1dV/xqYPV63njIbdZYOgnAlGPHk=" \
---data '{"device": 1827, "role": 1, "name": "backup", "plaintext": "Drowssap1"}'
-{
-    "id": 2590,
-    "device": 1827,
-    "role": 1,
-    "name": "backup",
-    "plaintext": "Drowssap1"
-}
-```
-
-!!! note
-    Don't forget to include the `Content-Type: application/json` header when making a POST request.

docs/configuration/data-validation.md

@@ -0,0 +1,110 @@
+# Data & Validation Parameters
+
+## CUSTOM_VALIDATORS
+
+!!! tip "Dynamic Configuration Parameter"
+
+This is a mapping of models to [custom validators](../customization/custom-validation.md) that have been defined locally to enforce custom validation logic. An example is provided below:
+
+```python
+CUSTOM_VALIDATORS = {
+    "dcim.site": [
+        {
+            "name": {
+                "min_length": 5,
+                "max_length": 30
+            }
+        },
+        "my_plugin.validators.Validator1"
+    ],
+    "dim.device": [
+        "my_plugin.validators.Validator1"
+    ]
+}
+```
+
+---
+
+## FIELD_CHOICES
+
+Some static choice fields on models can be configured with custom values. This is done by defining `FIELD_CHOICES` as a dictionary mapping model fields to their choices. Each choice in the list must have a database value and a human-friendly label, and may optionally specify a color. (A list of available colors is provided below.)
+
+The choices provided can either replace the stock choices provided by NetBox, or append to them. To _replace_ the available choices, specify the app, model, and field name separated by dots. For example, the site model would be referenced as `dcim.Site.status`. To _extend_ the available choices, append a plus sign to the end of this string (e.g. `dcim.Site.status+`).
+
+For example, the following configuration would replace the default site status choices with the options Foo, Bar, and Baz:
+
+```python
+FIELD_CHOICES = {
+    'dcim.Site.status': (
+        ('foo', 'Foo', 'red'),
+        ('bar', 'Bar', 'green'),
+        ('baz', 'Baz', 'blue'),
+    )
+}
+```
+
+Appending a plus sign to the field identifier would instead _add_ these choices to the ones already offered:
+
+```python
+FIELD_CHOICES = {
+    'dcim.Site.status+': (
+        ...
+    )
+}
+```
+
+The following model fields support configurable choices:
+
+* `circuits.Circuit.status`
+* `dcim.Device.status`
+* `dcim.Location.status`
+* `dcim.Module.status`
+* `dcim.PowerFeed.status`
+* `dcim.Rack.status`
+* `dcim.Site.status`
+* `dcim.VirtualDeviceContext.status`
+* `extras.JournalEntry.kind`
+* `ipam.IPAddress.status`
+* `ipam.IPRange.status`
+* `ipam.Prefix.status`
+* `ipam.VLAN.status`
+* `virtualization.Cluster.status`
+* `virtualization.VirtualMachine.status`
+* `wireless.WirelessLAN.status`
+
+The following colors are supported:
+
+* `blue`
+* `indigo`
+* `purple`
+* `pink`
+* `red`
+* `orange`
+* `yellow`
+* `green`
+* `teal`
+* `cyan`
+* `gray`
+* `black`
+* `white`
+
+---
+
+## PROTECTION_RULES
+
+!!! tip "Dynamic Configuration Parameter"
+
+This is a mapping of models to [custom validators](../customization/custom-validation.md) against which an object is evaluated immediately prior to its deletion. If validation fails, the object is not deleted. An example is provided below:
+
+```python
+PROTECTION_RULES = {
+    "dcim.site": [
+        {
+            "status": {
+                "eq": "decommissioning"
+            }
+        },
+        "my_plugin.validators.Validator1",
+    ]
+}
+```

docs/configuration/default-values.md

@@ -0,0 +1,124 @@
+# Default Value Parameters
+
+## DEFAULT_DASHBOARD
+
+This parameter controls the content and layout of user's default dashboard. Once the dashboard has been created, the user is free to customize it as they please by adding, removing, and reconfiguring widgets.
+
+This parameter must specify an iterable of dictionaries, each representing a discrete dashboard widget and its configuration. The follow widget attributes are supported:
+
+* `widget`: Dotted path to the Python class (required)
+* `width`: Default widget width (between 1 and 12, inclusive)
+* `height`: Default widget height, in rows
+* `title`: Widget title
+* `color`: Color of the widget's title bar, specified by name
+* `config`: Dictionary mapping of any widget configuration parameters
+
+A brief example configuration is provided below.
+
+```python
+DEFAULT_DASHBOARD = [
+    {
+        'widget': 'extras.ObjectCountsWidget',
+        'width': 4,
+        'height': 3,
+        'title': 'Organization',
+        'config': {
+            'models': [
+                'dcim.site',
+                'tenancy.tenant',
+                'tenancy.contact',
+            ]
+        }
+    },
+    {
+        'widget': 'extras.ObjectCountsWidget',
+        'width': 4,
+        'height': 3,
+        'title': 'IPAM',
+        'color': 'blue',
+        'config': {
+            'models': [
+                'ipam.prefix',
+                'ipam.iprange',
+                'ipam.ipaddress',
+            ]
+        }
+    },
+]
+```
+
+## DEFAULT_USER_PREFERENCES
+
+!!! tip "Dynamic Configuration Parameter"
+
+This is a dictionary defining the default preferences to be set for newly-created user accounts. For example, to set the default page size for all users to 100, define the following:
+
+```python
+DEFAULT_USER_PREFERENCES = {
+    "pagination": {
+        "per_page": 100
+    }
+}
+```
+
+For a complete list of available preferences, log into NetBox and navigate to `/user/preferences/`. A period in a preference name indicates a level of nesting in the JSON data. The example above maps to `pagination.per_page`.
+
+---
+
+## PAGINATE_COUNT
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: 50
+
+The default maximum number of objects to display per page within each list of objects.
+
+---
+
+## POWERFEED_DEFAULT_AMPERAGE
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: 15
+
+The default value for the `amperage` field when creating new power feeds.
+
+---
+
+## POWERFEED_DEFAULT_MAX_UTILIZATION
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: 80
+
+The default value (percentage) for the `max_utilization` field when creating new power feeds.
+
+---
+
+## POWERFEED_DEFAULT_VOLTAGE
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: 120
+
+The default value for the `voltage` field when creating new power feeds.
+
+---
+
+## RACK_ELEVATION_DEFAULT_UNIT_HEIGHT
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: 22
+
+Default height (in pixels) of a unit within a rack elevation. For best results, this should be approximately one tenth of `RACK_ELEVATION_DEFAULT_UNIT_WIDTH`.
+
+---
+
+## RACK_ELEVATION_DEFAULT_UNIT_WIDTH
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: 220
+
+Default width (in pixels) of a unit within a rack elevation.

docs/configuration/development.md

@@ -0,0 +1,21 @@
+# Development Parameters
+
+## DEBUG
+
+Default: False
+
+This setting enables debugging. Debugging should be enabled only during development or troubleshooting. Note that only
+clients which access NetBox from a recognized [internal IP address](./system.md#internal_ips) will see debugging tools in the user
+interface.
+
+!!! warning
+    Never enable debugging on a production system, as it can expose sensitive data to unauthenticated users and impose a
+    substantial performance penalty.
+
+---
+
+## DEVELOPER
+
+Default: False
+
+This parameter serves as a safeguard to prevent some potentially dangerous behavior, such as generating new database schema migrations. Additionally, enabling this setting disables the debug warning banner in the UI. Set this to `True` **only** if you are actively developing the NetBox code base.

docs/configuration/error-reporting.md

@@ -0,0 +1,68 @@
+# Error Reporting Settings
+
+## SENTRY_DSN
+
+Default: None
+
+Defines a Sentry data source name (DSN) for automated error reporting. `SENTRY_ENABLED` must be True for this parameter to take effect. For example:
+
+```
+SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
+```
+
+---
+
+## SENTRY_ENABLED
+
+Default: False
+
+Set to True to enable automatic error reporting via [Sentry](https://sentry.io/).
+
+!!! note
+    The `sentry-sdk` Python package is required to enable Sentry integration.
+
+---
+
+## SENTRY_SAMPLE_RATE
+
+Default: 1.0 (all)
+
+The sampling rate for errors. Must be a value between 0 (disabled) and 1.0 (report on all errors).
+
+---
+
+## SENTRY_SEND_DEFAULT_PII
+
+Default: False
+
+Maps to the Sentry SDK's [`send_default_pii`](https://docs.sentry.io/platforms/python/configuration/options/#send-default-pii) parameter. If enabled, certain personally identifiable information (PII) is added.
+
+!!! warning "Sensitive data"
+    If you enable this option, be aware that sensitive data such as cookies and authentication tokens will be logged.
+
+---
+
+## SENTRY_TAGS
+
+An optional dictionary of tag names and values to apply to Sentry error reports.For example:
+
+```
+SENTRY_TAGS = {
+    "custom.foo": "123",
+    "custom.bar": "abc",
+}
+```
+
+!!! warning "Reserved tag prefixes"
+    Avoid using any tag names which begin with `netbox.`, as this prefix is reserved by the NetBox application.
+
+---
+
+## SENTRY_TRACES_SAMPLE_RATE
+
+Default: 0 (disabled)
+
+The sampling rate for transactions. Must be a value between 0 (disabled) and 1.0 (report on all transactions).
+
+!!! warning "Consider performance implications"
+    A high sampling rate for transactions can induce significant performance penalties. If transaction reporting is desired, it is recommended to use a relatively low sample rate of 10% to 20% (0.1 to 0.2).

docs/configuration/graphql-api.md

@@ -0,0 +1,17 @@
+# GraphQL API Parameters
+
+## GRAPHQL_ENABLED
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: True
+
+Setting this to False will disable the GraphQL API.
+
+---
+
+## GRAPHQL_MAX_ALIASES
+
+Default: 10
+
+The maximum number of queries that a GraphQL API request may contain.

docs/configuration/index.md

@@ -1,18 +1,49 @@
 # NetBox Configuration
 
-NetBox's local configuration is stored in `netbox/netbox/configuration.py`. An example configuration is provided at `netbox/netbox/configuration.example.py`. You may copy or rename the example configuration and make changes as appropriate. NetBox will not run without a configuration file.
+## Configuration File
 
-While NetBox has many configuration settings, only a few of them must be defined at the time of installation.
+NetBox's configuration file contains all the important parameters which control how NetBox functions: database settings, security controls, user preferences, and so on. While the default configuration suffices out of the box for most use cases, there are a few [required parameters](./required-parameters.md) which **must** be defined during installation. 
 
-## Configuration Parameters
+The configuration file is loaded from `$INSTALL_ROOT/netbox/netbox/configuration.py` by default. An example configuration is provided at `configuration_example.py`, which you may copy to use as your default config. Note that a configuration file must be defined; NetBox will not run without one.
 
-* [Required settings](required-settings.md)
-* [Optional settings](optional-settings.md)
+!!! info "Customizing the Configuration Module"
+    A custom configuration module may be specified by setting the `NETBOX_CONFIGURATION` environment variable. This must be a dotted path to the desired Python module. For example, a file named `my_config.py` in the same directory as `settings.py` would be referenced as `netbox.my_config`.
 
-## Changing the Configuration
+    To keep things simple, the NetBox documentation refers to the configuration file simply as `configuration.py`.
 
-Configuration settings may be changed at any time. However, the NetBox service must be restarted before the changes will take effect:
+Some configuration parameters may alternatively be defined either in `configuration.py` or within the administrative section of the user interface. Settings which are "hard-coded" in the configuration file take precedence over those defined via the UI.
+
+## Dynamic Configuration Parameters
+
+Some configuration parameters are primarily controlled via NetBox's admin interface (under Admin > Extras > Configuration Revisions). These are noted where applicable in the documentation. These settings may also be overridden in `configuration.py` to prevent them from being modified via the UI. A complete list of supported parameters is provided below:
+
+* [`ALLOWED_URL_SCHEMES`](./security.md#allowed_url_schemes)
+* [`BANNER_BOTTOM`](./miscellaneous.md#banner_bottom)
+* [`BANNER_LOGIN`](./miscellaneous.md#banner_login)
+* [`BANNER_TOP`](./miscellaneous.md#banner_top)
+* [`CHANGELOG_RETENTION`](./miscellaneous.md#changelog_retention)
+* [`CUSTOM_VALIDATORS`](./data-validation.md#custom_validators)
+* [`DEFAULT_USER_PREFERENCES`](./default-values.md#default_user_preferences)
+* [`ENFORCE_GLOBAL_UNIQUE`](./miscellaneous.md#enforce_global_unique)
+* [`GRAPHQL_ENABLED`](./graphql-api.md#graphql_enabled)
+* [`JOB_RETENTION`](./miscellaneous.md#job_retention)
+* [`MAINTENANCE_MODE`](./miscellaneous.md#maintenance_mode)
+* [`MAPS_URL`](./miscellaneous.md#maps_url)
+* [`MAX_PAGE_SIZE`](./miscellaneous.md#max_page_size)
+* [`PAGINATE_COUNT`](./default-values.md#paginate_count)
+* [`POWERFEED_DEFAULT_AMPERAGE`](./default-values.md#powerfeed_default_amperage)
+* [`POWERFEED_DEFAULT_MAX_UTILIZATION`](./default-values.md#powerfeed_default_max_utilization)
+* [`POWERFEED_DEFAULT_VOLTAGE`](./default-values.md#powerfeed_default_voltage)
+* [`PREFER_IPV4`](./miscellaneous.md#prefer_ipv4)
+* [`RACK_ELEVATION_DEFAULT_UNIT_HEIGHT`](./default-values.md#rack_elevation_default_unit_height)
+* [`RACK_ELEVATION_DEFAULT_UNIT_WIDTH`](./default-values.md#rack_elevation_default_unit_width)
+
+## Modifying the Configuration
+
+The configuration file may be modified at any time. However, the WSGI service (e.g. Gunicorn) must be restarted before these changes will take effect:
 
 ```no-highlight
-# sudo supervisorctl restart netbox
+$ sudo systemctl restart netbox
 ```
+
+Dynamic configuration parameters (those which can be modified via the UI) take effect immediately.

docs/configuration/miscellaneous.md

@@ -0,0 +1,235 @@
+# Miscellaneous Parameters
+
+## ADMINS
+
+NetBox will email details about critical errors to the administrators listed here. This should be a list of (name, email) tuples. For example:
+
+```python
+ADMINS = [
+    ['Hank Hill', 'hhill@example.com'],
+    ['Dale Gribble', 'dgribble@example.com'],
+]
+```
+
+---
+
+## BANNER_BOTTOM
+
+!!! tip "Dynamic Configuration Parameter"
+
+Sets content for the bottom banner in the user interface.
+
+---
+
+## BANNER_LOGIN
+
+!!! tip "Dynamic Configuration Parameter"
+
+This defines custom content to be displayed on the login page above the login form. HTML is allowed.
+
+---
+
+## BANNER_MAINTENANCE
+
+!!! tip "Dynamic Configuration Parameter"
+
+This adds a banner to the top of every page when maintenance mode is enabled. HTML is allowed.
+
+---
+
+## BANNER_TOP
+
+!!! tip "Dynamic Configuration Parameter"
+
+Sets content for the top banner in the user interface.
+
+!!! tip
+    If you'd like the top and bottom banners to match, set the following:
+    
+    ```python
+    BANNER_TOP = 'Your banner text'
+    BANNER_BOTTOM = BANNER_TOP
+    ```
+
+---
+
+## CENSUS_REPORTING_ENABLED
+
+Default: True
+
+Enables anonymous census reporting. To opt out of census reporting, set this to False.
+
+This data enables the project maintainers to estimate how many NetBox deployments exist and track the adoption of new versions over time. Census reporting effects a single HTTP request each time a worker starts. The only data reported by this function are the NetBox version, Python version, and a pseudorandom unique identifier.
+
+---
+
+## CHANGELOG_RETENTION
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: 90
+
+The number of days to retain logged changes (object creations, updates, and deletions). Set this to `0` to retain
+changes in the database indefinitely.
+
+!!! warning
+    If enabling indefinite changelog retention, it is recommended to periodically delete old entries. Otherwise, the database may eventually exceed capacity.
+
+---
+
+## CHANGELOG_SKIP_EMPTY_CHANGES
+
+Default: True
+
+If enabled, a change log record will not be created when an object is updated without any changes to its existing field values.
+
+!!! note
+    The object's `last_updated` field will always reflect the time of the most recent update, regardless of this parameter.
+
+---
+
+## DATA_UPLOAD_MAX_MEMORY_SIZE
+
+Default: `2621440` (2.5 MB)
+
+The maximum size (in bytes) of an incoming HTTP request (i.e. `GET` or `POST` data). Requests which exceed this size will raise a `RequestDataTooBig` exception.
+
+---
+
+## ENFORCE_GLOBAL_UNIQUE
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: True
+
+By default, NetBox will prevent the creation of duplicate prefixes and IP addresses in the global table (that is, those which are not assigned to any VRF). This validation can be disabled by setting `ENFORCE_GLOBAL_UNIQUE` to False.
+
+---
+
+## EVENTS_PIPELINE
+
+!!! info "This parameter was introduced in NetBox v4.2."
+
+Default: `['extras.events.process_event_queue',]`
+
+NetBox will call dotted paths to the functions listed here for events (create, update, delete) on models as well as when custom EventRules are fired.
+
+---
+
+## FILE_UPLOAD_MAX_MEMORY_SIZE
+
+Default: `2621440` (2.5 MB)
+
+The maximum amount (in bytes) of uploaded data that will be held in memory before being written to the filesystem. Changing this setting can be useful for example to be able to upload files bigger than 2.5MB to custom scripts for processing.
+
+---
+
+## JOB_RETENTION
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: 90
+
+The number of days to retain job results (scripts and reports). Set this to `0` to retain job results in the database indefinitely.
+
+!!! warning
+    If enabling indefinite job results retention, it is recommended to periodically delete old entries. Otherwise, the database may eventually exceed capacity.
+
+---
+
+## MAINTENANCE_MODE
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: False
+
+Setting this to True will display a "maintenance mode" banner at the top of every page. Additionally, NetBox will no longer update a user's "last active" time upon login. This is to allow new logins when the database is in a read-only state. Recording of login times will resume when maintenance mode is disabled.
+
+---
+
+## MAPS_URL
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: `https://maps.google.com/?q=` (Google Maps)
+
+This specifies the URL to use when presenting a map of a physical location by street address or GPS coordinates. The URL must accept either a free-form street address or a comma-separated pair of numeric coordinates appended to it. Set this to `None` to disable the "map it" button within the UI.
+
+---
+
+## MAX_PAGE_SIZE
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: 1000
+
+A web user or API consumer can request an arbitrary number of objects by appending the "limit" parameter to the URL (e.g. `?limit=1000`). This parameter defines the maximum acceptable limit. Setting this to `0` or `None` will allow a client to retrieve _all_ matching objects at once with no limit by specifying `?limit=0`.
+
+---
+
+## METRICS_ENABLED
+
+Default: False
+
+Toggle the availability Prometheus-compatible metrics at `/metrics`. See the [Prometheus Metrics](../integrations/prometheus-metrics.md) documentation for more details.
+
+---
+
+## PREFER_IPV4
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: False
+
+When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to prefer IPv4 instead.
+
+---
+
+## QUEUE_MAPPINGS
+
+Allows changing which queues are used internally for background tasks.
+
+```python
+QUEUE_MAPPINGS = {
+    'webhook': 'low',
+    'report': 'high',
+    'script': 'high',
+}
+```
+
+If no queue is defined the queue named `default` will be used.
+
+---
+
+## RELEASE_CHECK_URL
+
+Default: None (disabled)
+
+This parameter defines the URL of the repository that will be checked for new NetBox releases. When a new release is detected, a message will be displayed to administrative users on the home page. This can be set to the official repository (`'https://api.github.com/repos/netbox-community/netbox/releases'`) or a custom fork. Set this to `None` to disable automatic update checks.
+
+!!! note
+    The URL provided **must** be compatible with the [GitHub REST API](https://docs.github.com/en/rest).
+
+---
+
+## RQ_DEFAULT_TIMEOUT
+
+Default: `300`
+
+The maximum execution time of a background task (such as running a custom script), in seconds.
+
+---
+
+## RQ_RETRY_INTERVAL
+
+Default: `60`
+
+This parameter controls how frequently a failed job is retried, up to the maximum number of times specified by `RQ_RETRY_MAX`. This must be either an integer specifying the number of seconds to wait between successive attempts, or a list of such values. For example, `[60, 300, 3600]` will retry the task after 1 minute, 5 minutes, and 1 hour.
+
+---
+
+## RQ_RETRY_MAX
+
+Default: `0` (retries disabled)
+
+The maximum number of times a background task will be retried before being marked as failed.

docs/configuration/optional-settings.md

@@ -1,489 +0,0 @@
-# Optional Configuration Settings
-
-## ADMINS
-
-NetBox will email details about critical errors to the administrators listed here. This should be a list of (name, email) tuples. For example:
-
-```
-ADMINS = [
-    ['Hank Hill', 'hhill@example.com'],
-    ['Dale Gribble', 'dgribble@example.com'],
-]
-```
-
----
-
-## BANNER_TOP
-
-## BANNER_BOTTOM
-
-Setting these variables will display content in a banner at the top and/or bottom of the page, respectively. HTML is allowed. To replicate the content of the top banner in the bottom banner, set:
-
-```
-BANNER_TOP = 'Your banner text'
-BANNER_BOTTOM = BANNER_TOP
-```
-
----
-
-## BANNER_LOGIN
-
-The value of this variable will be displayed on the login page above the login form. HTML is allowed.
-
----
-
-## BASE_PATH
-
-Default: None
-
-The base URL path to use when accessing NetBox. Do not include the scheme or domain name. For example, if installed at http://example.com/netbox/, set:
-
-```
-BASE_PATH = 'netbox/'
-```
-
----
-
-## CACHE_TIMEOUT
-
-Default: 900
-
-The number of seconds to retain cache entries before automatically invalidating them.
-
----
-
-## CHANGELOG_RETENTION
-
-Default: 90
-
-The number of days to retain logged changes (object creations, updates, and deletions). Set this to `0` to retain changes in the database indefinitely. (Warning: This will greatly increase database size over time.)
-
----
-
-## CORS_ORIGIN_ALLOW_ALL
-
-Default: False
-
-If True, cross-origin resource sharing (CORS) requests will be accepted from all origins. If False, a whitelist will be used (see below).
-
----
-
-## CORS_ORIGIN_WHITELIST
-
-## CORS_ORIGIN_REGEX_WHITELIST
-
-These settings specify a list of origins that are authorized to make cross-site API requests. Use `CORS_ORIGIN_WHITELIST` to define a list of exact hostnames, or `CORS_ORIGIN_REGEX_WHITELIST` to define a set of regular expressions. (These settings have no effect if `CORS_ORIGIN_ALLOW_ALL` is True.) For example:
-
-```
-CORS_ORIGIN_WHITELIST = [
-    'https://example.com',
-]
-```
-
----
-
-## DEBUG
-
-Default: False
-
-This setting enables debugging. This should be done only during development or troubleshooting. Never enable debugging on a production system, as it can expose sensitive data to unauthenticated users.
-
----
-
-## DEVELOPER
-
-Default: False
-
-This parameter serves as a safeguard to prevent some potentially dangerous behavior, such as generating new database schema migrations. Set this to `True` **only** if you are actively developing the NetBox code base.
-
----
-
-## DOCS_ROOT
-
-Default: `$INSTALL_DIR/docs/`
-
-The file path to NetBox's documentation. This is used when presenting context-sensitive documentation in the web UI. by default, this will be the `docs/` directory within the root NetBox installation path. (Set this to `None` to disable the embedded documentation.)
-
----
-
-## EMAIL
-
-In order to send email, NetBox needs an email server configured. The following items can be defined within the `EMAIL` setting:
-
-* SERVER - Host name or IP address of the email server (use `localhost` if running locally)
-* PORT - TCP port to use for the connection (default: 25)
-* USERNAME - Username with which to authenticate
-* PASSSWORD - Password with which to authenticate
-* TIMEOUT - Amount of time to wait for a connection (seconds)
-* FROM_EMAIL - Sender address for emails sent by NetBox
-
-Email is sent from NetBox only for critical events. If you would like to test the email server configuration please use the django function [send_mail()](https://docs.djangoproject.com/en/stable/topics/email/#send-mail):
-
-```
-# python ./manage.py nbshell
->>> from django.core.mail import send_mail
->>> send_mail(
-  'Test Email Subject',
-  'Test Email Body',
-  'noreply-netbox@example.com',
-  ['users@example.com'],
-  fail_silently=False
-)
-```
-
----
-
-## EXEMPT_VIEW_PERMISSIONS
-
-Default: Empty list
-
-A list of models to exempt from the enforcement of view permissions. Models listed here will be viewable by all users and by anonymous users.
-
-List models in the form `<app>.<model>`. For example:
-
-```
-EXEMPT_VIEW_PERMISSIONS = [
-    'dcim.site',
-    'dcim.region',
-    'ipam.prefix',
-]
-```
-
-To exempt _all_ models from view permission enforcement, set the following. (Note that `EXEMPT_VIEW_PERMISSIONS` must be an iterable.)
-
-```
-EXEMPT_VIEW_PERMISSIONS = ['*']
-```
-
----
-
-## ENFORCE_GLOBAL_UNIQUE
-
-Default: False
-
-Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table (all prefixes and IP addresses not assigned to a VRF), set `ENFORCE_GLOBAL_UNIQUE` to True.
-
----
-
-## HTTP_PROXIES
-
-Default: None
-
-A dictionary of HTTP proxies to use for outbound requests originating from NetBox (e.g. when sending webhooks). Proxies should be specified by schema as per the [Python requests library documentation](https://2.python-requests.org/en/master/user/advanced/). For example:
-
-```python
-HTTP_PROXIES = {
-    'http': 'http://10.10.1.10:3128',
-    'https': 'http://10.10.1.10:1080',
-}
-```
-
----
-
-## LOGGING
-
-By default, all messages of INFO severity or higher will be logged to the console. Additionally, if `DEBUG` is False and email access has been configured, ERROR and CRITICAL messages will be emailed to the users defined in `ADMINS`.
-
-The Django framework on which NetBox runs allows for the customization of logging, e.g. to write logs to file. Please consult the [Django logging documentation](https://docs.djangoproject.com/en/stable/topics/logging/) for more information on configuring this setting. Below is an example which will write all INFO and higher messages to a file:
-
-```
-LOGGING = {
-    'version': 1,
-    'disable_existing_loggers': False,
-    'handlers': {
-        'file': {
-            'level': 'INFO',
-            'class': 'logging.FileHandler',
-            'filename': '/var/log/netbox.log',
-        },
-    },
-    'loggers': {
-        'django': {
-            'handlers': ['file'],
-            'level': 'INFO',
-        },
-    },
-}
-```
-
-### Available Loggers
-
-* `netbox.auth.*` - Authentication events
-* `netbox.api.views.*` - Views which handle business logic for the REST API
-* `netbox.reports.*` - Report execution (`module.name`)
-* `netbox.scripts.*` - Custom script execution (`module.name`)
-* `netbox.views.*` - Views which handle business logic for the web UI
-
----
-
-## LOGIN_REQUIRED
-
-Default: False
-
-Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users are permitted to access most data in NetBox (excluding secrets) but not make any changes.
-
----
-
-## LOGIN_TIMEOUT
-
-Default: 1209600 seconds (14 days)
-
-The liftetime (in seconds) of the authentication cookie issued to a NetBox user upon login.
-
----
-
-## MAINTENANCE_MODE
-
-Default: False
-
-Setting this to True will display a "maintenance mode" banner at the top of every page.
-
----
-
-## MAX_PAGE_SIZE
-
-Default: 1000
-
-An API consumer can request an arbitrary number of objects by appending the "limit" parameter to the URL (e.g. `?limit=1000`). This setting defines the maximum limit. Setting it to `0` or `None` will allow an API consumer to request all objects by specifying `?limit=0`.
-
----
-
-## MEDIA_ROOT
-
-Default: $BASE_DIR/netbox/media/
-
-The file path to the location where media files (such as image attachments) are stored. By default, this is the `netbox/media/` directory within the base NetBox installation path.
-
----
-
-## METRICS_ENABLED
-
-Default: False
-
-Toggle exposing Prometheus metrics at `/metrics`. See the [Prometheus Metrics](../../additional-features/prometheus-metrics/) documentation for more details.
-
----
-
-## NAPALM_USERNAME
-
-## NAPALM_PASSWORD
-
-NetBox will use these credentials when authenticating to remote devices via the [NAPALM library](https://napalm-automation.net/), if installed. Both parameters are optional.
-
-Note: If SSH public key authentication has been set up for the system account under which NetBox runs, these parameters are not needed.
-
----
-
-## NAPALM_ARGS
-
-A dictionary of optional arguments to pass to NAPALM when instantiating a network driver. See the NAPALM documentation for a [complete list of optional arguments](http://napalm.readthedocs.io/en/latest/support/#optional-arguments). An example:
-
-```
-NAPALM_ARGS = {
-    'api_key': '472071a93b60a1bd1fafb401d9f8ef41',
-    'port': 2222,
-}
-```
-
-Note: Some platforms (e.g. Cisco IOS) require an argument named `secret` to be passed in addition to the normal password. If desired, you can use the configured `NAPALM_PASSWORD` as the value for this argument:
-
-```
-NAPALM_USERNAME = 'username'
-NAPALM_PASSWORD = 'MySecretPassword'
-NAPALM_ARGS = {
-    'secret': NAPALM_PASSWORD,
-    # Include any additional args here
-}
-```
-
----
-
-## NAPALM_TIMEOUT
-
-Default: 30 seconds
-
-The amount of time (in seconds) to wait for NAPALM to connect to a device.
-
----
-
-## PAGINATE_COUNT
-
-Default: 50
-
-Determine how many objects to display per page within each list of objects.
-
----
-
-## PLUGINS
-
-Default: Empty
-
-A list of installed [NetBox plugins](../../plugins/) to enable. Plugins will not take effect unless they are listed here.
-
-!!! warning
-    Plugins extend NetBox by allowing external code to run with the same access and privileges as NetBox itself. Only install plugins from trusted sources. The NetBox maintainers make absolutely no guarantees about the integrity or security of your installation with plugins enabled.
-
----
-
-## PLUGINS_CONFIG
-
-Default: Empty
-
-This parameter holds configuration settings for individual NetBox plugins. It is defined as a dictionary, with each key using the name of an installed plugin. The specific parameters supported are unique to each plugin: Reference the plugin's documentation to determine the supported parameters. An example configuration is shown below:
-
-```python
-PLUGINS_CONFIG = {
-    'plugin1': {
-        'foo': 123,
-        'bar': True
-    },
-    'plugin2': {
-        'foo': 456,
-    },
-}
-```
-
-Note that a plugin must be listed in `PLUGINS` for its configuration to take effect.
-
----
-
-## PREFER_IPV4
-
-Default: False
-
-When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to prefer IPv4 instead.
-
----
-
-## REMOTE_AUTH_ENABLED
-
-Default: `False`
-
-NetBox can be configured to support remote user authentication by inferring user authentication from an HTTP header set by the HTTP reverse proxy (e.g. nginx or Apache). Set this to `True` to enable this functionality. (Local authentication will still take effect as a fallback.)
-
----
-
-## REMOTE_AUTH_BACKEND
-
-Default: `'utilities.auth_backends.RemoteUserBackend'`
-
-Python path to the custom [Django authentication backend](https://docs.djangoproject.com/en/stable/topics/auth/customizing/) to use for external user authentication, if not using NetBox's built-in backend. (Requires `REMOTE_AUTH_ENABLED`.)
-
----
-
-## REMOTE_AUTH_HEADER
-
-Default: `'HTTP_REMOTE_USER'`
-
-When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the currently authenticated user. (Requires `REMOTE_AUTH_ENABLED`.)
-
----
-
-## REMOTE_AUTH_AUTO_CREATE_USER
-
-Default: `True`
-
-If true, NetBox will automatically create local accounts for users authenticated via a remote service. (Requires `REMOTE_AUTH_ENABLED`.)
-
----
-
-## REMOTE_AUTH_DEFAULT_GROUPS
-
-Default: `[]` (Empty list)
-
-The list of groups to assign a new user account when created using remote authentication. (Requires `REMOTE_AUTH_ENABLED`.)
-
----
-
-## REMOTE_AUTH_DEFAULT_PERMISSIONS
-
-Default: `[]` (Empty list)
-
-The list of permissions to assign a new user account when created using remote authentication. (Requires `REMOTE_AUTH_ENABLED`.)
-
----
-
-## RELEASE_CHECK_TIMEOUT
-
-Default: 86,400 (24 hours)
-
-The number of seconds to retain the latest version that is fetched from the GitHub API before automatically invalidating it and fetching it from the API again. This must be set to at least one hour (3600 seconds).
-
----
-
-## RELEASE_CHECK_URL
-
-Default: None
-
-The releases of this repository are checked to detect new releases, which are shown on the home page of the web interface. You can change this to your own fork of the NetBox repository, or set it to `None` to disable the check. The URL provided **must** be compatible with the GitHub API.
-
-Use `'https://api.github.com/repos/netbox-community/netbox/releases'` to check for release in the official NetBox repository.
-
----
-
-## REPORTS_ROOT
-
-Default: $BASE_DIR/netbox/reports/
-
-The file path to the location where custom reports will be kept. By default, this is the `netbox/reports/` directory within the base NetBox installation path.
-
----
-
-## SCRIPTS_ROOT
-
-Default: $BASE_DIR/netbox/scripts/
-
-The file path to the location where custom scripts will be kept. By default, this is the `netbox/scripts/` directory within the base NetBox installation path.
-
----
-
-## SESSION_FILE_PATH
-
-Default: None
-
-Session data is used to track authenticated users when they access NetBox. By default, NetBox stores session data in the PostgreSQL database. However, this inhibits authentication to a standby instance of NetBox without write access to the database. Alternatively, a local file path may be specified here and NetBox will store session data as files instead of using the database. Note that the user as which NetBox runs must have read and write permissions to this path.
-
----
-
-## STORAGE_BACKEND
-
-Default: None (local storage)
-
-The backend storage engine for handling uploaded files (e.g. image attachments). NetBox supports integration with the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) package, which provides backends for several popular file storage services. If not configured, local filesystem storage will be used.
-
-The configuration parameters for the specified storage backend are defined under the `STORAGE_CONFIG` setting.
-
----
-
-## STORAGE_CONFIG
-
-Default: Empty
-
-A dictionary of configuration parameters for the storage backend configured as `STORAGE_BACKEND`. The specific parameters to be used here are specific to each backend; see the [`django-storages` documentation](https://django-storages.readthedocs.io/en/stable/) for more detail.
-
-If `STORAGE_BACKEND` is not defined, this setting will be ignored.
-
----
-
-## TIME_ZONE
-
-Default: UTC
-
-The time zone NetBox will use when dealing with dates and times. It is recommended to use UTC time unless you have a specific need to use a local time zone. [List of available time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
-
----
-
-## Date and Time Formatting
-
-You may define custom formatting for date and times. For detailed instructions on writing format strings, please see [the Django documentation](https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date).
-
-Defaults:
-
-```
-DATE_FORMAT = 'N j, Y'               # June 26, 2016
-SHORT_DATE_FORMAT = 'Y-m-d'          # 2016-06-27
-TIME_FORMAT = 'g:i a'                # 1:23 p.m.
-SHORT_TIME_FORMAT = 'H:i:s'          # 13:23:00
-DATETIME_FORMAT = 'N j, Y g:i a'     # June 26, 2016 1:23 p.m.
-SHORT_DATETIME_FORMAT = 'Y-m-d H:i'  # 2016-06-27 13:23
-```

docs/configuration/plugins.md

@@ -0,0 +1,35 @@
+# Plugin Parameters
+
+## PLUGINS
+
+Default: Empty
+
+A list of installed [NetBox plugins](../plugins/index.md) to enable. Plugins will not take effect unless they are listed here.
+
+!!! warning
+    Plugins extend NetBox by allowing external code to run with the same access and privileges as NetBox itself. Only install plugins from trusted sources. The NetBox maintainers make absolutely no guarantees about the integrity or security of your installation with plugins enabled.
+
+---
+
+## PLUGINS_CONFIG
+
+Default: Empty
+
+This parameter holds configuration settings for individual NetBox plugins. It is defined as a dictionary, with each key using the name of an installed plugin. The specific parameters supported are unique to each plugin: Reference the plugin's documentation to determine the supported parameters. An example configuration is shown below:
+
+```python
+PLUGINS_CONFIG = {
+    'plugin1': {
+        'foo': 123,
+        'bar': True
+    },
+    'plugin2': {
+        'foo': 456,
+    },
+}
+```
+
+Note that a plugin must be listed in `PLUGINS` for its configuration to take effect.
+
+---
+

docs/configuration/remote-authentication.md

@@ -0,0 +1,145 @@
+# Remote Authentication Settings
+
+The configuration parameters listed here control remote authentication for NetBox. Note that `REMOTE_AUTH_ENABLED` must be true in order for these settings to take effect.
+
+---
+
+## REMOTE_AUTH_AUTO_CREATE_GROUPS
+
+Default: `False`
+
+If true, NetBox will automatically create groups specified in the `REMOTE_AUTH_GROUP_HEADER` header if they don't already exist. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_AUTO_CREATE_USER
+
+Default: `False`
+
+If true, NetBox will automatically create local accounts for users authenticated via a remote service. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_BACKEND
+
+Default: `'netbox.authentication.RemoteUserBackend'`
+
+This is the Python path to the custom [Django authentication backend](https://docs.djangoproject.com/en/stable/topics/auth/customizing/) to use for external user authentication. NetBox provides two built-in backends (listed below), though custom authentication backends may also be provided by other packages or plugins. Provide a string for a single backend, or an iterable for multiple backends, which will be attempted in the order given.
+
+* `netbox.authentication.RemoteUserBackend`
+* `netbox.authentication.LDAPBackend`
+
+---
+
+## REMOTE_AUTH_DEFAULT_GROUPS
+
+Default: `[]` (Empty list)
+
+The list of groups to assign a new user account when created using remote authentication. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_DEFAULT_PERMISSIONS
+
+Default: `{}` (Empty dictionary)
+
+A mapping of permissions to assign a new user account when created using remote authentication. Each key in the dictionary should be set to a dictionary of the attributes to be applied to the permission, or `None` to allow all objects. (Requires `REMOTE_AUTH_ENABLED` as True and `REMOTE_AUTH_GROUP_SYNC_ENABLED` as False.)
+
+---
+
+## REMOTE_AUTH_ENABLED
+
+Default: `False`
+
+NetBox can be configured to support remote user authentication by inferring user authentication from an HTTP header set by the HTTP reverse proxy (e.g. nginx or Apache). Set this to `True` to enable this functionality. (Local authentication will still take effect as a fallback.) (`REMOTE_AUTH_DEFAULT_GROUPS` will not function if `REMOTE_AUTH_ENABLED` is disabled)
+
+---
+
+## REMOTE_AUTH_GROUP_HEADER
+
+Default: `'HTTP_REMOTE_USER_GROUP'`
+
+When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the currently authenticated user. For example, to use the request header `X-Remote-User-Groups` it needs to be set to `HTTP_X_REMOTE_USER_GROUPS`. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
+
+---
+
+## REMOTE_AUTH_GROUP_SEPARATOR
+
+Default: `|` (Pipe)
+
+The Separator upon which `REMOTE_AUTH_GROUP_HEADER` gets split into individual Groups. This needs to be coordinated with your authentication Proxy. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
+
+---
+
+## REMOTE_AUTH_GROUP_SYNC_ENABLED
+
+Default: `False`
+
+NetBox can be configured to sync remote user groups by inferring user authentication from an HTTP header set by the HTTP reverse proxy (e.g. nginx or Apache). Set this to `True` to enable this functionality. (Local authentication will still take effect as a fallback.) (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_HEADER
+
+Default: `'HTTP_REMOTE_USER'`
+
+When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the currently authenticated user. For example, to use the request header `X-Remote-User` it needs to be set to `HTTP_X_REMOTE_USER`. (Requires `REMOTE_AUTH_ENABLED`.)
+
+!!! warning Verify Header Compatibility
+    Some WSGI servers may drop headers which contain unsupported characters. For instance, gunicorn v22.0 and later silently drops HTTP headers containing underscores. This behavior can be disabled by changing gunicorn's [`header_map`](https://docs.gunicorn.org/en/stable/settings.html#header-map) setting to `dangerous`.
+
+---
+
+## REMOTE_AUTH_USER_EMAIL
+
+Default: `'HTTP_REMOTE_USER_EMAIL'`
+
+When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the email address of the currently authenticated user. For example, to use the request header `X-Remote-User-Email` it needs to be set to `HTTP_X_REMOTE_USER_EMAIL`. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_USER_FIRST_NAME
+
+Default: `'HTTP_REMOTE_USER_FIRST_NAME'`
+
+When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the first name of the currently authenticated user. For example, to use the request header `X-Remote-User-First-Name` it needs to be set to `HTTP_X_REMOTE_USER_FIRST_NAME`. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_USER_LAST_NAME
+
+Default: `'HTTP_REMOTE_USER_LAST_NAME'`
+
+When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the last name of the currently authenticated user. For example, to use the request header `X-Remote-User-Last-Name` it needs to be set to `HTTP_X_REMOTE_USER_LAST_NAME`. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_SUPERUSER_GROUPS
+
+Default: `[]` (Empty list)
+
+The list of groups that promote an remote User to Superuser on Login. If group isn't present on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
+
+---
+
+## REMOTE_AUTH_SUPERUSERS
+
+Default: `[]` (Empty list)
+
+The list of users that get promoted to Superuser on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
+
+---
+
+## REMOTE_AUTH_STAFF_GROUPS
+
+Default: `[]` (Empty list)
+
+The list of groups that promote an remote User to Staff on Login. If group isn't present on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
+
+---
+
+## REMOTE_AUTH_STAFF_USERS
+
+Default: `[]` (Empty list)
+
+The list of users that get promoted to Staff on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )

docs/configuration/required-parameters.md

@@ -0,0 +1,161 @@
+# Required Configuration Settings
+
+## ALLOWED_HOSTS
+
+This is a list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the NetBox service. Usually this is the same as the hostname for the NetBox server, but can also be different; for example, when using a reverse proxy serving the NetBox website under a different FQDN than the hostname of the NetBox server. To help guard against [HTTP Host header attacks](https://docs.djangoproject.com/en/3.0/topics/security/#host-headers-virtual-hosting), NetBox will not permit access to the server via any other hostnames (or IPs).
+
+!!! note
+    This parameter must always be defined as a list or tuple, even if only a single value is provided.
+
+The value of this option is also used to set `CSRF_TRUSTED_ORIGINS`, which restricts POST requests to the same set of hosts (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS)). Keep in mind that NetBox, by default, sets `USE_X_FORWARDED_HOST` to true, which means that if you're using a reverse proxy, it's the FQDN used to reach that reverse proxy which needs to be in this list (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#allowed-hosts)).
+
+Example:
+
+```
+ALLOWED_HOSTS = ['netbox.example.com', '192.0.2.123']
+```
+
+If you are not yet sure what the domain name and/or IP address of the NetBox installation will be, and are comfortable accepting the risks in doing so, you can set this to a wildcard (asterisk) to allow all host values:
+
+```
+ALLOWED_HOSTS = ['*']
+```
+
+---
+
+## DATABASE
+
+NetBox requires access to a PostgreSQL 13 or later database service to store data. This service can run locally on the NetBox server or on a remote system. The following parameters must be defined within the `DATABASE` dictionary:
+
+* `NAME` - Database name
+* `USER` - PostgreSQL username
+* `PASSWORD` - PostgreSQL password
+* `HOST` - Name or IP address of the database server (use `localhost` if running locally)
+* `PORT` - TCP port of the PostgreSQL service; leave blank for default port (TCP/5432)
+* `CONN_MAX_AGE` - Lifetime of a [persistent database connection](https://docs.djangoproject.com/en/stable/ref/databases/#persistent-connections), in seconds (300 is the default)
+* `ENGINE` - The database backend to use; must be a PostgreSQL-compatible backend (e.g. `django.db.backends.postgresql`)
+
+Example:
+
+```python
+DATABASE = {
+    'ENGINE': 'django.db.backends.postgresql',
+    'NAME': 'netbox',               # Database name
+    'USER': 'netbox',               # PostgreSQL username
+    'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
+    'HOST': 'localhost',            # Database server
+    'PORT': '',                     # Database port (leave blank for default)
+    'CONN_MAX_AGE': 300,            # Max database connection age
+}
+```
+
+!!! note
+    NetBox supports all PostgreSQL database options supported by the underlying Django framework. For a complete list of available parameters, please see [the Django documentation](https://docs.djangoproject.com/en/stable/ref/settings/#databases).
+
+!!! warning
+    Make sure to use a PostgreSQL-compatible backend for the ENGINE setting. If you don't specify an ENGINE, the default will be django.db.backends.postgresql.
+
+---
+
+## REDIS
+
+[Redis](https://redis.io/) is a lightweight in-memory data store similar to memcached. NetBox employs Redis for background task queuing and other features.
+
+Redis is configured using a configuration setting similar to `DATABASE` and these settings are the same for both of the `tasks` and `caching` subsections:
+
+* `HOST` - Name or IP address of the Redis server (use `localhost` if running locally)
+* `PORT` - TCP port of the Redis service; leave blank for default port (6379)
+* `USERNAME` - Redis username (if set)
+* `PASSWORD` - Redis password (if set)
+* `DATABASE` - Numeric database ID
+* `SSL` - Use SSL connection to Redis
+* `INSECURE_SKIP_TLS_VERIFY` - Set to `True` to **disable** TLS certificate verification (not recommended)
+
+An example configuration is provided below:
+
+```python
+REDIS = {
+    'tasks': {
+        'HOST': 'redis.example.com',
+        'PORT': 1234,
+        'USERNAME': 'netbox',
+        'PASSWORD': 'foobar',
+        'DATABASE': 0,
+        'SSL': False,
+    },
+    'caching': {
+        'HOST': 'localhost',
+        'PORT': 6379,
+        'USERNAME': '',
+        'PASSWORD': '',
+        'DATABASE': 1,
+        'SSL': False,
+    }
+}
+```
+
+!!! warning
+    It is highly recommended to keep the task and cache databases separate. Using the same database number on the
+    same Redis instance for both may result in queued background tasks being lost during cache flushing events.
+
+### UNIX Socket Support
+
+Redis may alternatively be configured by specifying a complete URL instead of individual components. This approach supports the use of a UNIX socket connection. For example:
+
+```python
+REDIS = {
+    'tasks': {
+        'URL': 'unix:///run/redis-netbox/redis.sock?db=0'
+    },
+    'caching': {
+        'URL': 'unix:///run/redis-netbox/redis.sock?db=1'
+    },
+}
+```
+
+### Using Redis Sentinel
+
+If you are using [Redis Sentinel](https://redis.io/topics/sentinel) for high-availability purposes, there is minimal 
+configuration necessary to convert NetBox to recognize it. It requires the removal of the `HOST` and `PORT` keys from 
+above and the addition of three new keys.
+
+* `SENTINELS`: List of tuples or tuple of tuples with each inner tuple containing the name or IP address 
+of the Redis server and port for each sentinel instance to connect to
+* `SENTINEL_SERVICE`: Name of the master / service to connect to
+* `SENTINEL_TIMEOUT`: Connection timeout, in seconds
+
+Example:
+
+```python
+REDIS = {
+    'tasks': {
+        'SENTINELS': [('mysentinel.redis.example.com', 6379)],
+        'SENTINEL_SERVICE': 'netbox',
+        'SENTINEL_TIMEOUT': 10,
+        'PASSWORD': '',
+        'DATABASE': 0,
+        'SSL': False,
+    },
+    'caching': {
+        'SENTINELS': [
+            ('mysentinel.redis.example.com', 6379),
+            ('othersentinel.redis.example.com', 6379)
+        ],
+        'SENTINEL_SERVICE': 'netbox',
+        'PASSWORD': '',
+        'DATABASE': 1,
+        'SSL': False,
+    }
+}
+```
+
+!!! note
+    It is permissible to use Sentinel for only one database and not the other.
+
+---
+
+## SECRET_KEY
+
+This is a secret, pseudorandom string used to assist in the creation new cryptographic hashes for passwords and HTTP cookies. The key defined here should not be shared outside the configuration file. `SECRET_KEY` can be changed at any time without impacting stored data, however be aware that doing so will invalidate all existing user sessions. NetBox deployments comprising multiple nodes must have the same secret key configured on all nodes.
+
+`SECRET_KEY` **must** be at least 50 characters in length, and should contain a mix of letters, digits, and symbols. The script located at `$INSTALL_ROOT/netbox/generate_secret_key.py` may be used to generate a suitable key. Please note that this key is **not** used directly for hashing user passwords or for the encrypted storage of secret data in NetBox.

docs/configuration/required-settings.md

@@ -1,141 +0,0 @@
-# Required Configuration Settings
-
-## ALLOWED_HOSTS
-
-This is a list of valid fully-qualified domain names (FQDNs) that is used to reach the NetBox service. Usually this is the same as the hostname for the NetBox server, but can also be different (e.g. when using a reverse proxy serving the NetBox website under a different FQDN than the hostname of the NetBox server). NetBox will not permit access to the server via any other hostnames (or IPs). The value of this option is also used to set `CSRF_TRUSTED_ORIGINS`, which restricts `HTTP POST` to the same set of hosts (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS)). Keep in mind that NetBox, by default, has `USE_X_FORWARDED_HOST = True` (in `netbox/netbox/settings.py`) which means that if you're using a reverse proxy, it's the FQDN used to reach that reverse proxy which needs to be in this list (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#allowed-hosts)).
-
-Example:
-
-```
-ALLOWED_HOSTS = ['netbox.example.com', '192.0.2.123']
-```
-
----
-
-## DATABASE
-
-NetBox requires access to a PostgreSQL database service to store data. This service can run locally or on a remote system. The following parameters must be defined within the `DATABASE` dictionary:
-
-* `NAME` - Database name
-* `USER` - PostgreSQL username
-* `PASSWORD` - PostgreSQL password
-* `HOST` - Name or IP address of the database server (use `localhost` if running locally)
-* `PORT` - TCP port of the PostgreSQL service; leave blank for default port (5432)
-* `CONN_MAX_AGE` - Lifetime of a [persistent database connection](https://docs.djangoproject.com/en/stable/ref/databases/#persistent-connections), in seconds (150-300 is recommended)
-
-Example:
-
-```python
-DATABASE = {
-    'NAME': 'netbox',               # Database name
-    'USER': 'netbox',               # PostgreSQL username
-    'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
-    'HOST': 'localhost',            # Database server
-    'PORT': '',                     # Database port (leave blank for default)
-    'CONN_MAX_AGE': 300,            # Max database connection age
-}
-```
-
-!!! note
-    NetBox supports all PostgreSQL database options supported by the underlying Django framework. For a complete list of available parameters, please see [the Django documentation](https://docs.djangoproject.com/en/stable/ref/settings/#databases).
-
----
-
-## REDIS
-
-[Redis](https://redis.io/) is an in-memory data store similar to memcached. While Redis has been an optional component of
-NetBox since the introduction of webhooks in version 2.4, it is required starting in 2.6 to support NetBox's caching
-functionality (as well as other planned features). In 2.7, the connection settings were broken down into two sections for
-task queuing and caching, allowing the user to connect to different Redis instances/databases per feature.
-
-Redis is configured using a configuration setting similar to `DATABASE` and these settings are the same for both of the `tasks` and `caching` subsections:
-
-* `HOST` - Name or IP address of the Redis server (use `localhost` if running locally)
-* `PORT` - TCP port of the Redis service; leave blank for default port (6379)
-* `PASSWORD` - Redis password (if set)
-* `DATABASE` - Numeric database ID
-* `DEFAULT_TIMEOUT` - Connection timeout in seconds
-* `SSL` - Use SSL connection to Redis
-
-Example:
-
-```python
-REDIS = {
-    'tasks': {
-        'HOST': 'redis.example.com',
-        'PORT': 1234,
-        'PASSWORD': 'foobar',
-        'DATABASE': 0,
-        'DEFAULT_TIMEOUT': 300,
-        'SSL': False,
-    },
-    'caching': {
-        'HOST': 'localhost',
-        'PORT': 6379,
-        'PASSWORD': '',
-        'DATABASE': 1,
-        'DEFAULT_TIMEOUT': 300,
-        'SSL': False,
-    }
-}
-```
-
-!!! note
-    If you are upgrading from a version prior to v2.7, please note that the Redis connection configuration settings have
-    changed. Manual modification to bring the `REDIS` section inline with the above specification is necessary
-
-!!! warning
-    It is highly recommended to keep the task and cache databases separate. Using the same database number on the
-    same Redis instance for both may result in queued background tasks being lost during cache flushing events.
-
-### Using Redis Sentinel
-
-If you are using [Redis Sentinel](https://redis.io/topics/sentinel) for high-availability purposes, there is minimal 
-configuration necessary to convert NetBox to recognize it. It requires the removal of the `HOST` and `PORT` keys from 
-above and the addition of two new keys.
-
-* `SENTINELS`: List of tuples or tuple of tuples with each inner tuple containing the name or IP address 
-of the Redis server and port for each sentinel instance to connect to
-* `SENTINEL_SERVICE`: Name of the master / service to connect to
-
-Example:
-
-```python
-REDIS = {
-    'tasks': {
-        'SENTINELS': [('mysentinel.redis.example.com', 6379)],
-        'SENTINEL_SERVICE': 'netbox',
-        'PASSWORD': '',
-        'DATABASE': 0,
-        'DEFAULT_TIMEOUT': 300,
-        'SSL': False,
-    },
-    'caching': {
-        'SENTINELS': [
-            ('mysentinel.redis.example.com', 6379),
-            ('othersentinel.redis.example.com', 6379)
-        ],
-        'SENTINEL_SERVICE': 'netbox',
-        'PASSWORD': '',
-        'DATABASE': 1,
-        'DEFAULT_TIMEOUT': 300,
-        'SSL': False,
-    }
-}
-```
-
-!!! note
-    It is possible to have only one or the other Redis configurations to use Sentinel functionality. It is possible
-    for example to have the tasks database use sentinel via `HOST`/`PORT` and for caching to use Sentinel via
-    `SENTINELS`/`SENTINEL_SERVICE`.
-
-
----
-
-## SECRET_KEY
-
-This is a secret cryptographic key is used to improve the security of cookies and password resets. The key defined here should not be shared outside of the configuration file. `SECRET_KEY` can be changed at any time, however be aware that doing so will invalidate all existing sessions.
-
-Please note that this key is **not** used for hashing user passwords or for the encrypted storage of secret data in NetBox.
-
-`SECRET_KEY` should be at least 50 characters in length and contain a random mix of letters, digits, and symbols. The script located at `netbox/generate_secret_key.py` may be used to generate a suitable key.

docs/configuration/security.md

@@ -0,0 +1,252 @@
+# Security & Authentication Parameters
+
+## ALLOW_TOKEN_RETRIEVAL
+
+Default: True
+
+If disabled, the values of API tokens will not be displayed after each token's initial creation. A user **must** record the value of a token prior to its creation, or it will be lost. Note that this affects _all_ users, regardless of assigned permissions.
+
+---
+
+## ALLOWED_URL_SCHEMES
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: `('file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp')`
+
+A list of permitted URL schemes referenced when rendering links within NetBox. Note that only the schemes specified in this list will be accepted: If adding your own, be sure to replicate all the default values as well (excluding those schemes which are not desirable).
+
+---
+
+## AUTH_PASSWORD_VALIDATORS
+
+This parameter acts as a pass-through for configuring Django's built-in password validators for local user accounts. These rules are applied whenever a user's password is created or updated to ensure that it meets minimum criteria such as length or complexity. The default configuration is shown below.
+
+```python
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+        "OPTIONS": {
+            "min_length": 12,
+        },
+    },
+    {
+        "NAME": "utilities.password_validation.AlphanumericPasswordValidator",
+    },
+]
+```
+
+The default configuration enforces the follow criteria:
+
+* A password must be at least 12 characters in length.
+* A password must have at least one uppercase letter, one lowercase letter, and one numeric digit.
+
+Although it is not recommended, the default validation rules can be disabled by setting `AUTH_PASSWORD_VALIDATORS = []` in the configuration file. For more detail on customizing password validation, please see [the Django documentation](https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation).
+
+---
+
+## CORS_ORIGIN_ALLOW_ALL
+
+Default: False
+
+If True, cross-origin resource sharing (CORS) requests will be accepted from all origins. If False, a whitelist will be used (see below).
+
+---
+
+## CORS_ORIGIN_WHITELIST
+
+## CORS_ORIGIN_REGEX_WHITELIST
+
+These settings specify a list of origins that are authorized to make cross-site API requests. Use
+`CORS_ORIGIN_WHITELIST` to define a list of exact hostnames, or `CORS_ORIGIN_REGEX_WHITELIST` to define a set of regular 
+expressions. (These settings have no effect if `CORS_ORIGIN_ALLOW_ALL` is True.) For example:
+
+```python
+CORS_ORIGIN_WHITELIST = [
+    'https://example.com',
+]
+```
+
+---
+
+## CSRF_COOKIE_NAME
+
+Default: `csrftoken`
+
+The name of the cookie to use for the cross-site request forgery (CSRF) authentication token. See the [Django documentation](https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-name) for more detail.
+
+---
+
+## CSRF_COOKIE_SECURE
+
+Default: False
+
+If true, the cookie employed for cross-site request forgery (CSRF) protection will be marked as secure, meaning that it can only be sent across an HTTPS connection.
+
+---
+
+## CSRF_TRUSTED_ORIGINS
+
+Default: `[]`
+
+Defines a list of trusted origins for unsafe (e.g. `POST`) requests. This is a pass-through to Django's [`CSRF_TRUSTED_ORIGINS`](https://docs.djangoproject.com/en/4.0/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS) setting. Note that each host listed must specify a scheme (e.g. `http://` or `https://).
+
+```python
+CSRF_TRUSTED_ORIGINS = (
+    'http://netbox.local',
+    'https://netbox.local',
+)
+```
+
+---
+
+## DEFAULT_PERMISSIONS
+
+Default:
+
+```python
+{
+    'users.view_token': ({'user': '$user'},),
+    'users.add_token': ({'user': '$user'},),
+    'users.change_token': ({'user': '$user'},),
+    'users.delete_token': ({'user': '$user'},),
+}
+```
+
+This parameter defines object permissions that are applied automatically to _any_ authenticated user, regardless of what permissions have been defined in the database. By default, this parameter is defined to allow all users to manage their own API tokens, however it can be overriden for any purpose.
+
+For example, to allow all users to create a device role beginning with the word "temp," you could configure the following:
+
+```python
+DEFAULT_PERMISSIONS = {
+    'dcim.add_devicerole': (
+        {'name__startswith': 'temp'},
+    )
+}
+```
+
+!!! warning
+    Setting a custom value for this parameter will overwrite the default permission mapping shown above. If you want to retain the default mapping, be sure to reproduce it in your custom configuration.
+
+---
+
+## EXEMPT_VIEW_PERMISSIONS
+
+Default: Empty list
+
+A list of NetBox models to exempt from the enforcement of view permissions. Models listed here will be viewable by all users, both authenticated and anonymous.
+
+List models in the form `<app>.<model>`. For example:
+
+```python
+EXEMPT_VIEW_PERMISSIONS = [
+    'dcim.site',
+    'dcim.region',
+    'ipam.prefix',
+]
+```
+
+To exempt _all_ models from view permission enforcement, set the following. (Note that `EXEMPT_VIEW_PERMISSIONS` must be an iterable.)
+
+```python
+EXEMPT_VIEW_PERMISSIONS = ['*']
+```
+
+!!! note
+    Using a wildcard will not affect certain potentially sensitive models, such as user permissions. If there is a need to exempt these models, they must be specified individually.
+
+---
+
+## LOGIN_PERSISTENCE
+
+Default: False
+
+If true, the lifetime of a user's authentication session will be automatically reset upon each valid request. For example, if [`LOGIN_TIMEOUT`](#login_timeout) is configured to 14 days (the default), and a user whose session is due to expire in five days makes a NetBox request (with a valid session cookie), the session's lifetime will be reset to 14 days.
+
+Note that enabling this setting causes NetBox to update a user's session in the database (or file, as configured per [`SESSION_FILE_PATH`](#session_file_path)) with each request, which may introduce significant overhead in very active environments. It also permits an active user to remain authenticated to NetBox indefinitely.
+
+---
+
+## LOGIN_REQUIRED
+
+Default: True
+
+When enabled, only authenticated users are permitted to access any part of NetBox. Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
+
+!!! info "Changed in NetBox v4.0.2"
+    Prior to NetBox v4.0.2, this setting was disabled by default.
+
+---
+
+## LOGIN_TIMEOUT
+
+Default: 1209600 seconds (14 days)
+
+The lifetime (in seconds) of the authentication cookie issued to a NetBox user upon login.
+
+---
+
+## LOGOUT_REDIRECT_URL
+
+Default: `'home'`
+
+The view name or URL to which a user is redirected after logging out.
+
+---
+
+## SECURE_HSTS_INCLUDE_SUBDOMAINS
+
+Default: False
+
+If true, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain.
+
+---
+
+## SECURE_HSTS_PRELOAD
+
+Default: False
+
+If true, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the site to be accessed via HTTPS even if the user types HTTP in the address bar.
+
+---
+
+## SECURE_HSTS_SECONDS
+
+Default: 0
+
+If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS, blocking any HTTP request.
+
+---
+
+## SECURE_SSL_REDIRECT
+
+Default: False
+
+If true, all non-HTTPS requests will be automatically redirected to use HTTPS.
+
+!!! warning
+    Ensure that your frontend HTTP daemon has been configured to forward the HTTP scheme correctly before enabling this option. An incorrectly configured frontend may result in a looping redirect.
+
+---
+
+## SESSION_COOKIE_NAME
+
+Default: `sessionid`
+
+The name used for the session cookie. See the [Django documentation](https://docs.djangoproject.com/en/stable/ref/settings/#session-cookie-name) for more detail.
+
+---
+
+## SESSION_COOKIE_SECURE
+
+Default: False
+
+If true, the cookie employed for session authentication will be marked as secure, meaning that it can only be sent across an HTTPS connection.
+
+---
+
+## SESSION_FILE_PATH
+
+Default: None
+
+HTTP session data is used to track authenticated users when they access NetBox. By default, NetBox stores session data in its PostgreSQL database. However, this inhibits authentication to a standby instance of NetBox without write access to the database. Alternatively, a local file path may be specified here and NetBox will store session data as files instead of using the database. Note that the NetBox system user must have read and write permissions to this path.

docs/configuration/system.md

@@ -0,0 +1,219 @@
+# System Parameters
+
+## BASE_PATH
+
+Default: None
+
+The base URL path to use when accessing NetBox. Do not include the scheme or domain name. For example, if installed at https://example.com/netbox/, set:
+
+```python
+BASE_PATH = 'netbox/'
+```
+
+---
+
+## DEFAULT_LANGUAGE
+
+Default: `en-us` (US English)
+
+Defines the default preferred language/locale for requests that do not specify one. (This parameter maps to Django's [`LANGUAGE_CODE`](https://docs.djangoproject.com/en/stable/ref/settings/#language-code) internal setting.)
+
+---
+
+## DOCS_ROOT
+
+Default: `$INSTALL_ROOT/docs/`
+
+The filesystem path to NetBox's documentation. This is used when presenting context-sensitive documentation in the web UI. By default, this will be the `docs/` directory within the root NetBox installation path. (Set this to `None` to disable the embedded documentation.)
+
+---
+
+## EMAIL
+
+In order to send email, NetBox needs an email server configured. The following items can be defined within the `EMAIL` configuration parameter:
+
+* `SERVER` - Hostname or IP address of the email server (use `localhost` if running locally)
+* `PORT` - TCP port to use for the connection (default: `25`)
+* `USERNAME` - Username with which to authenticate
+* `PASSWORD` - Password with which to authenticate
+* `USE_SSL` - Use SSL when connecting to the server (default: `False`)
+* `USE_TLS` - Use TLS when connecting to the server (default: `False`)
+* `SSL_CERTFILE` - Path to the PEM-formatted SSL certificate file (optional)
+* `SSL_KEYFILE` - Path to the PEM-formatted SSL private key file (optional)
+* `TIMEOUT` - Amount of time to wait for a connection, in seconds (default: `10`)
+* `FROM_EMAIL` - Sender address for emails sent by NetBox
+
+!!! note
+    The `USE_SSL` and `USE_TLS` parameters are mutually exclusive.
+
+Email is sent from NetBox only for critical events or if configured for [logging](#logging). If you would like to test the email server configuration, Django provides a convenient [send_mail()](https://docs.djangoproject.com/en/stable/topics/email/#send-mail) function accessible within the NetBox shell:
+
+```no-highlight
+# python ./manage.py nbshell
+>>> from django.core.mail import send_mail
+>>> send_mail(
+  'Test Email Subject',
+  'Test Email Body',
+  'noreply-netbox@example.com',
+  ['users@example.com'],
+  fail_silently=False
+)
+```
+
+---
+
+## HTTP_PROXIES
+
+Default: None
+
+A dictionary of HTTP proxies to use for outbound requests originating from NetBox (e.g. when sending webhook requests). Proxies should be specified by schema (HTTP and HTTPS) as per the [Python requests library documentation](https://requests.readthedocs.io/en/latest/user/advanced/#proxies). For example:
+
+```python
+HTTP_PROXIES = {
+    'http': 'http://10.10.1.10:3128',
+    'https': 'http://10.10.1.10:1080',
+}
+```
+
+---
+
+## INTERNAL_IPS
+
+Default: `('127.0.0.1', '::1')`
+
+A list of IP addresses recognized as internal to the system, used to control the display of debugging output. For
+example, the debugging toolbar will be viewable only when a client is accessing NetBox from one of the listed IP
+addresses (and [`DEBUG`](./development.md#debug) is true).
+
+---
+
+## ISOLATED_DEPLOYMENT
+
+Default: False
+
+Set this configuration parameter to True for NetBox deployments which do not have Internet access. This will disable miscellaneous functionality which depends on access to the Internet.
+
+!!! note
+    If Internet access is available via a proxy, set [`HTTP_PROXIES`](#http_proxies) instead.
+
+---
+
+## JINJA2_FILTERS
+
+Default: `{}`
+
+A dictionary of custom jinja2 filters with the key being the filter name and the value being a callable. For more information see the [Jinja2 documentation](https://jinja.palletsprojects.com/en/3.1.x/api/#custom-filters). For example:
+
+```python
+def uppercase(x):
+    return str(x).upper()
+
+JINJA2_FILTERS = {
+    'uppercase': uppercase,
+}
+```
+
+---
+
+## LOGGING
+
+By default, all messages of INFO severity or higher will be logged to the console. Additionally, if [`DEBUG`](./development.md#debug) is False and email access has been configured, ERROR and CRITICAL messages will be emailed to the users defined in [`ADMINS`](./miscellaneous.md#admins).
+
+The Django framework on which NetBox runs allows for the customization of logging format and destination. Please consult the [Django logging documentation](https://docs.djangoproject.com/en/stable/topics/logging/) for more information on configuring this setting. Below is an example which will write all INFO and higher messages to a local file:
+
+```python
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'handlers': {
+        'file': {
+            'level': 'INFO',
+            'class': 'logging.FileHandler',
+            'filename': '/var/log/netbox.log',
+        },
+    },
+    'loggers': {
+        'django': {
+            'handlers': ['file'],
+            'level': 'INFO',
+        },
+    },
+}
+```
+
+### Available Loggers
+
+* `netbox.<app>.<model>` - Generic form for model-specific log messages
+* `netbox.auth.*` - Authentication events
+* `netbox.api.views.*` - Views which handle business logic for the REST API
+* `netbox.reports.*` - Report execution (`module.name`)
+* `netbox.scripts.*` - Custom script execution (`module.name`)
+* `netbox.views.*` - Views which handle business logic for the web UI
+
+---
+
+## MEDIA_ROOT
+
+Default: `$INSTALL_ROOT/netbox/media/`
+
+The file path to the location where media files (such as image attachments) are stored. By default, this is the `netbox/media/` directory within the base NetBox installation path.
+
+---
+
+## REPORTS_ROOT
+
+Default: `$INSTALL_ROOT/netbox/reports/`
+
+The file path to the location where [custom reports](../customization/reports.md) will be kept. By default, this is the `netbox/reports/` directory within the base NetBox installation path.
+
+---
+
+## SCRIPTS_ROOT
+
+Default: `$INSTALL_ROOT/netbox/scripts/`
+
+The file path to the location where [custom scripts](../customization/custom-scripts.md) will be kept. By default, this is the `netbox/scripts/` directory within the base NetBox installation path.
+
+---
+
+## SEARCH_BACKEND
+
+Default: `'netbox.search.backends.CachedValueSearchBackend'`
+
+The dotted path to the desired search backend class. `CachedValueSearchBackend` is currently the only search backend provided in NetBox, however this setting can be used to enable a custom backend. 
+
+---
+
+## STORAGE_BACKEND
+
+Default: None (local storage)
+
+The backend storage engine for handling uploaded files (e.g. image attachments). NetBox supports integration with the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) and [`django-storage-swift`](https://github.com/dennisv/django-storage-swift) packages, which provide backends for several popular file storage services. If not configured, local filesystem storage will be used.
+
+The configuration parameters for the specified storage backend are defined under the `STORAGE_CONFIG` setting.
+
+---
+
+## STORAGE_CONFIG
+
+Default: Empty
+
+A dictionary of configuration parameters for the storage backend configured as `STORAGE_BACKEND`. The specific parameters to be used here are specific to each backend; see the documentation for your selected backend ([`django-storages`](https://django-storages.readthedocs.io/en/stable/) or [`django-storage-swift`](https://github.com/dennisv/django-storage-swift)) for more detail.
+
+If `STORAGE_BACKEND` is not defined, this setting will be ignored.
+
+---
+
+## TIME_ZONE
+
+Default: UTC
+
+The time zone NetBox will use when dealing with dates and times. It is recommended to use UTC time unless you have a specific need to use a local time zone. Please see the [list of available time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
+
+---
+
+## TRANSLATION_ENABLED
+
+Default: True
+
+Enables language translation for the user interface. (This parameter maps to Django's [USE_I18N](https://docs.djangoproject.com/en/stable/ref/settings/#std-setting-USE_I18N) setting.)

docs/core-functionality/circuits.md

@@ -1,9 +0,0 @@
-# Circuits
-
-{!docs/models/circuits/provider.md!}
-
----
-
-{!docs/models/circuits/circuit.md!}
-{!docs/models/circuits/circuittype.md!}
-{!docs/models/circuits/circuittermination.md!}

docs/core-functionality/device-types.md

@@ -1,40 +0,0 @@
-# Device Types
-
-{!docs/models/dcim/devicetype.md!}
-{!docs/models/dcim/manufacturer.md!}
-
----
-
-## Device Component Templates
-
-Each device type is assigned a number of component templates which define the physical components within a device. These are:
-
-* Console ports
-* Console server ports
-* Power ports
-* Power outlets
-* Network interfaces
-* Front ports
-* Rear ports
-* Device bays (which house child devices)
-
-Whenever a new device is created, its components are automatically created per the templates assigned to its device type. For example, a Juniper EX4300-48T device type might have the following component templates defined:
-
-* One template for a console port ("Console")
-* Two templates for power ports ("PSU0" and "PSU1")
-* 48 templates for 1GE interfaces ("ge-0/0/0" through "ge-0/0/47")
-* Four templates for 10GE interfaces ("xe-0/2/0" through "xe-0/2/3")
-
-Once component templates have been created, every new device that you create as an instance of this type will automatically be assigned each of the components listed above.
-
-!!! note
-    Assignment of components from templates occurs only at the time of device creation. If you modify the templates of a device type, it will not affect devices which have already been created. However, you always have the option of adding, modifying, or deleting components on existing devices.
-
-{!docs/models/dcim/consoleporttemplate.md!}
-{!docs/models/dcim/consoleserverporttemplate.md!}
-{!docs/models/dcim/powerporttemplate.md!}
-{!docs/models/dcim/poweroutlettemplate.md!}
-{!docs/models/dcim/interfacetemplate.md!}
-{!docs/models/dcim/frontporttemplate.md!}
-{!docs/models/dcim/rearporttemplate.md!}
-{!docs/models/dcim/devicebaytemplate.md!}

docs/core-functionality/devices.md

@@ -1,27 +0,0 @@
-# Devices and Cabling
-
-{!docs/models/dcim/device.md!}
-{!docs/models/dcim/devicerole.md!}
-{!docs/models/dcim/platform.md!}
-
----
-
-## Device Components
-
-{!docs/models/dcim/consoleport.md!}
-{!docs/models/dcim/consoleserverport.md!}
-{!docs/models/dcim/powerport.md!}
-{!docs/models/dcim/poweroutlet.md!}
-{!docs/models/dcim/interface.md!}
-{!docs/models/dcim/frontport.md!}
-{!docs/models/dcim/rearport.md!}
-{!docs/models/dcim/devicebay.md!}
-{!docs/models/dcim/inventoryitem.md!}
-
----
-
-{!docs/models/dcim/virtualchassis.md!}
-
----
-
-{!docs/models/dcim/cable.md!}

docs/core-functionality/ipam.md

@@ -1,16 +0,0 @@
-# IP Address Management
-
-{!docs/models/ipam/aggregate.md!}
-{!docs/models/ipam/rir.md!}
-
----
-
-{!docs/models/ipam/prefix.md!}
-
----
-
-{!docs/models/ipam/ipaddress.md!}
-
----
-
-{!docs/models/ipam/vrf.md!}

docs/core-functionality/power.md

@@ -1,38 +0,0 @@
-# Power Tracking
-
-{!docs/models/dcim/powerpanel.md!}
-{!docs/models/dcim/powerfeed.md!}
-
-# Example Power Topology
-
-Below is a simple diagram demonstrating how power is modeled in NetBox.
-
-!!! note
-    The power feeds are connected to the same power panel for illustrative purposes; usually, you would have such feeds diversely connected to panels to avoid the single point of failure.
-
-```
-          +---------------+
-          | Power panel 1 |
-          +---------------+
-            |           |
-            |           |
-+--------------+     +--------------+
-| Power feed 1 |     | Power feed 2 |
-+--------------+     +--------------+
-       |                     |
-       |                     |
-       |                     |    <-- Power ports
-     +---------+     +---------+
-     |  PDU 1  |     |  PDU 2  |
-     +---------+     +---------+
-       |       \     /       |    <-- Power outlets
-       |        \   /        |
-       |         \ /         |
-       |          X          |
-       |         / \         |
-       |        /   \        |
-       |       /     \       |    <-- Power ports
-      +--------+     +--------+
-      | Server |     | Router |
-      +--------+     +--------+
-```

docs/core-functionality/secrets.md

@@ -1,8 +0,0 @@
-# Secrets
-
-{!docs/models/secrets/secret.md!}
-{!docs/models/secrets/secretrole.md!}
-
----
-
-{!docs/models/secrets/userkey.md!}

docs/core-functionality/services.md

@@ -1,3 +0,0 @@
-# Service Mapping
-
-{!docs/models/ipam/service.md!}

docs/core-functionality/sites-and-racks.md

@@ -1,11 +0,0 @@
-# Sites and Racks
-
-{!docs/models/dcim/site.md!}
-{!docs/models/dcim/region.md!}
-
----
-
-{!docs/models/dcim/rack.md!}
-{!docs/models/dcim/rackgroup.md!}
-{!docs/models/dcim/rackrole.md!}
-{!docs/models/dcim/rackreservation.md!}

docs/core-functionality/tenancy.md

@@ -1,4 +0,0 @@
-# Tenancy Assignment
-
-{!docs/models/tenancy/tenant.md!}
-{!docs/models/tenancy/tenantgroup.md!}

docs/core-functionality/virtualization.md

@@ -1,9 +0,0 @@
-# Virtual Machines and Clusters
-
-{!docs/models/virtualization/cluster.md!}
-{!docs/models/virtualization/clustertype.md!}
-{!docs/models/virtualization/clustergroup.md!}
-
----
-
-{!docs/models/virtualization/virtualmachine.md!}

docs/core-functionality/vlans.md

@@ -1,4 +0,0 @@
-# VLAN Management
-
-{!docs/models/ipam/vlan.md!}
-{!docs/models/ipam/vlangroup.md!}

docs/customization/custom-fields.md

@@ -0,0 +1,112 @@
+# Custom Fields
+
+Each model in NetBox is represented in the database as a discrete table, and each attribute of a model exists as a column within its table. For example, sites are stored in the `dcim_site` table, which has columns named `name`, `facility`, `physical_address`, and so on. As new attributes are added to objects throughout the development of NetBox, tables are expanded to include new rows.
+
+However, some users might want to store additional object attributes that are somewhat esoteric in nature, and that would not make sense to include in the core NetBox database schema. For instance, suppose your organization needs to associate each device with a ticket number correlating it with an internal support system record. This is certainly a legitimate use for NetBox, but it's not a common enough need to warrant including a field for _every_ NetBox installation. Instead, you can create a custom field to hold this data.
+
+Within the database, custom fields are stored as JSON data directly alongside each object. This alleviates the need for complex queries when retrieving objects.
+
+## Creating Custom Fields
+
+Custom fields may be created by navigating to Customization > Custom Fields. NetBox supports many types of custom field:
+
+* Text: Free-form text (intended for single-line use)
+* Long text: Free-form of any length; supports Markdown rendering
+* Integer: A whole number (positive or negative)
+* Decimal: A fixed-precision decimal number (4 decimal places)
+* Boolean: True or false
+* Date: A date in ISO 8601 format (YYYY-MM-DD)
+* Date & time: A date and time in ISO 8601 format (YYYY-MM-DD HH:MM:SS)
+* URL: This will be presented as a link in the web UI
+* JSON: Arbitrary data stored in JSON format
+* Selection: A selection of one of several pre-defined custom choices
+* Multiple selection: A selection field which supports the assignment of multiple values
+* Object: A single NetBox object of the type defined by `object_type`
+* Multiple object: One or more NetBox objects of the type defined by `object_type`
+
+Each custom field must have a name. This should be a simple database-friendly string (e.g. `tps_report`) and may contain only alphanumeric characters and underscores. You may also assign a corresponding human-friendly label (e.g. "TPS report"); the label will be displayed on web forms. A weight is also required: Higher-weight fields will be ordered lower within a form. (The default weight is 100.) If a description is provided, it will appear beneath the field in a form.
+
+Marking a field as required will force the user to provide a value for the field when creating a new object or when saving an existing object. A default value for the field may also be provided. Use "true" or "false" for boolean fields, or the exact value of a choice for selection fields.
+
+A custom field must be assigned to one or more object types, or models, in NetBox. Once created, custom fields will automatically appear as part of these models in the web UI and REST API. Note that not all models support custom fields.
+
+### Filtering
+
+The filter logic controls how values are matched when filtering objects by the custom field. Loose filtering (the default) matches on a partial value, whereas exact matching requires a complete match of the given string to a field's value. For example, exact filtering with the string "red" will only match the exact value "red", whereas loose filtering will match on the values "red", "red-orange", or "bored". Setting the filter logic to "disabled" disables filtering by the field entirely.
+
+### Grouping
+
+Related custom fields can be grouped together within the UI by assigning each the same group name. When at least one custom field for an object type has a group defined, it will appear under the group heading within the custom fields panel under the object view. All custom fields with the same group name will appear under that heading. (Note that the group names must match exactly, or each will appear as a separate heading.)
+
+This parameter has no effect on the API representation of custom field data.
+
+### Visibility & Editing
+
+When creating a custom field, users can control the conditions under which it may be displayed and edited within the NetBox user interface. The following choices are available for controlling the display of a custom field on an object:
+
+* **Always** (default): The custom field is included when viewing an object.
+* **If Set**: The custom field is included only if a value has been defined for the object.
+* **Hidden**: The custom field will never be displayed within the UI. This option is recommended for fields which are not intended for use by human users.
+
+Additionally, the following options are available for controlling whether custom field values can be altered within the NetBox UI:
+
+* **Yes** (default): The custom field's value may be modified when editing an object.
+* **No**: The custom field is displayed for reference when editing an object, but its value may not be modified.
+* **Hidden**: The custom field is not displayed when editing an object.
+
+Note that this setting has no impact on the REST or GraphQL APIs: Custom field data will always be available via either API.
+
+### Validation
+
+NetBox supports limited custom validation for custom field values. Following are the types of validation enforced for each field type:
+
+* Text: Regular expression (optional)
+* Integer: Minimum and/or maximum value (optional)
+* Selection: Must exactly match one of the prescribed choices
+
+### Custom Selection Fields
+
+Each custom selection field must designate a [choice set](../models/extras/customfieldchoiceset.md) containing at least two choices. These are specified as a comma-separated list.
+
+If a default value is specified for a selection field, it must exactly match one of the provided choices. The value of a multiple selection field will always return a list, even if only one value is selected.
+
+### Custom Object Fields
+
+An object or multi-object custom field can be used to refer to a particular NetBox object or objects as the "value" for a custom field. These custom fields must define an `object_type`, which determines the type of object to which custom field instances point.
+
+By default, an object choice field will make all objects of that type available for selection in the drop-down. The list choices can be filtered to show only objects with certain values by providing a `query_params` dict in the Related Object Filter field, as a JSON value. More information about `query_params` can be found [here](./custom-scripts.md#objectvar).
+
+## Custom Fields in Templates
+
+Several features within NetBox, such as export templates and webhooks, utilize Jinja2 templating. For convenience, objects which support custom field assignment expose custom field data through the `cf` property. This is a bit cleaner than accessing custom field data through the actual field (`custom_field_data`).
+
+For example, a custom field named `foo123` on the Site model is accessible on an instance as `{{ site.cf.foo123 }}`.
+
+## Custom Fields and the REST API
+
+When retrieving an object via the REST API, all of its custom data will be included within the `custom_fields` attribute. For example, below is the partial output of a site with two custom fields defined:
+
+```json
+{
+    "id": 123,
+    "url": "http://localhost:8000/api/dcim/sites/123/",
+    "name": "Raleigh 42",
+    ...
+    "custom_fields": {
+        "deployed": "2018-06-19",
+        "site_code": "US-NC-RAL42"
+    },
+    ...
+```
+
+To set or change these values, simply include nested JSON data. For example:
+
+```json
+{
+    "name": "New Site",
+    "slug": "new-site",
+    "custom_fields": {
+        "deployed": "2019-03-24"
+    }
+}
+```

docs/customization/custom-links.md

@@ -0,0 +1,65 @@
+# Custom Links
+
+Custom links allow users to display arbitrary hyperlinks to external content within NetBox object views. These are helpful for cross-referencing related records in systems outside NetBox. For example, you might create a custom link on the device view which links to the current device in a Network Monitoring System (NMS).
+
+Custom links are created by navigating to Customization > Custom Links. Each link is associated with a particular NetBox object type (site, device, prefix, etc.) and will be displayed on relevant views. Each link has display text and a URL, and data from the NetBox item being viewed can be included in the link using [Jinja template code](https://jinja.palletsprojects.com/en/stable/) through the variable `object`, and custom fields through `object.cf`.
+
+For example, you might define a link like this:
+
+* Text: `View NMS`
+* URL: `https://nms.example.com/nodes/?name={{ object.name }}`
+
+When viewing a device named Router4, this link would render as:
+
+```no-highlight
+<a href="https://nms.example.com/nodes/?name=Router4">View NMS</a>
+```
+
+Custom links appear as buttons in the top right corner of the page. Numeric weighting can be used to influence the ordering of links, and each link can be enabled or disabled individually.
+
+!!! warning
+    Custom links rely on user-created code to generate arbitrary HTML output, which may be dangerous. Only grant permission to create or modify custom links to trusted users.
+
+## Context Data
+
+The following context data is available within the template when rendering a custom link's text or URL.
+
+| Variable  | Description                                                                                                       |
+|-----------|-------------------------------------------------------------------------------------------------------------------|
+| `object`  | The NetBox object being displayed                                                                                 |
+| `debug`   | A boolean indicating whether debugging is enabled                                                                 |
+| `request` | The current WSGI request                                                                                          |
+| `user`    | The current user (if authenticated)                                                                               |
+| `perms`   | The [permissions](https://docs.djangoproject.com/en/stable/topics/auth/default/#permissions) assigned to the user |
+
+While most of the context variables listed above will have consistent attributes, the object will be an instance of the specific object being viewed when the link is rendered. Different models have different fields and properties, so you may need to some research to determine the attributes available for use within your template for a specific object type.
+
+Checking the REST API representation of an object is generally a convenient way to determine what attributes are available. You can also reference the NetBox source code directly for a comprehensive list.
+
+## Conditional Rendering
+
+Only links which render with non-empty text are included on the page. You can employ conditional Jinja2 logic to control the conditions under which a link gets rendered.
+
+For example, if you only want to display a link for active devices, you could set the link text to
+
+```jinja2
+{% if object.status == 'active' %}View NMS{% endif %}
+```
+
+The link will not appear when viewing a device with any status other than "active."
+
+As another example, if you wanted to show only devices belonging to a certain manufacturer, you could do something like this:
+
+```jinja2
+{% if object.device_type.manufacturer.name == 'Cisco' %}View NMS{% endif %}
+```
+
+The link will only appear when viewing a device with a manufacturer name of "Cisco."
+
+## Link Groups
+
+Group names can be specified to organize links into groups. Links with the same group name will render as a dropdown menu beneath a single button bearing the name of the group.
+
+## Table Columns
+
+Custom links can also be included in object tables by selecting the desired links from the table configuration form. When displayed, each link will render as a hyperlink for its corresponding object. When exported (e.g. as CSV data), each link render only its URL.

docs/customization/custom-scripts.md

@@ -0,0 +1,508 @@
+# Custom Scripts
+
+Custom scripting was introduced to provide a way for users to execute custom logic from within the NetBox UI. Custom scripts enable the user to directly and conveniently manipulate NetBox data in a prescribed fashion. They can be used to accomplish myriad tasks, such as:
+
+* Automatically populate new devices and cables in preparation for a new site deployment
+* Create a range of new reserved prefixes or IP addresses
+* Fetch data from an external source and import it to NetBox
+* Update objects with invalid or incomplete data
+
+They can also be used as a mechanism for validating the integrity of data within NetBox. Script authors can define test to check object against specific rules and conditions. For example, you can write script to check that:
+
+* All top-of-rack switches have a console connection
+* Every router has a loopback interface with an IP address assigned
+* Each interface description conforms to a standard format
+* Every site has a minimum set of VLANs defined
+* All IP addresses have a parent prefix
+
+Custom scripts are Python code which exists outside the NetBox code base, so they can be updated and changed without interfering with the core NetBox installation. And because they're completely custom, there is no inherent limitation on what a script can accomplish.
+
+!!! danger "Only install trusted scripts"
+    Custom scripts have unrestricted access to change anything in the databse and are inherently unsafe and should only be installed and run from trusted sources.  You should also review and set permissions for who can run scripts if the script can modify any data.
+
+## Writing Custom Scripts
+
+All custom scripts must inherit from the `extras.scripts.Script` base class. This class provides the functionality necessary to generate forms and log activity.
+
+```python
+from extras.scripts import Script
+
+class MyScript(Script):
+    ...
+```
+
+Scripts comprise two core components: a set of variables and a `run()` method. Variables allow your script to accept user input via the NetBox UI, but they are optional: If your script does not require any user input, there is no need to define any variables.
+
+The `run()` method is where your script's execution logic lives. (Note that your script can have as many methods as needed: this is merely the point of invocation for NetBox.)
+
+```python
+class MyScript(Script):
+    var1 = StringVar(...)
+    var2 = IntegerVar(...)
+    var3 = ObjectVar(...)
+
+    def run(self, data, commit):
+        ...
+```
+
+The `run()` method should accept two arguments:
+
+* `data` - A dictionary containing all the variable data passed via the web form.
+* `commit` - A boolean indicating whether database changes will be committed.
+
+Defining script variables is optional: You may create a script with only a `run()` method if no user input is needed.
+
+Any output generated by the script during its execution will be displayed under the "output" tab in the UI.
+
+By default, scripts within a module are ordered alphabetically in the scripts list page. To return scripts in a specific order, you can define the `script_order` variable at the end of your module. The `script_order` variable is a tuple which contains each Script class in the desired order. Any scripts that are omitted from this list will be listed last.
+
+```python
+from extras.scripts import Script
+
+class MyCustomScript(Script):
+    ...
+
+class AnotherCustomScript(Script):
+    ...
+
+script_order = (MyCustomScript, AnotherCustomScript)
+```
+
+## Script Attributes
+
+Script attributes are defined under a class named `Meta` within the script. These are optional, but encouraged.
+
+!!! warning
+    These are also defined and used as properties on the base custom script class, so don't use the same names as variables or override them in your custom script.
+
+### `name`
+
+This is the human-friendly names of your script. If omitted, the class name will be used.
+
+### `description`
+
+A human-friendly description of what your script does.
+
+### `field_order`
+
+By default, script variables will be ordered in the form as they are defined in the script. `field_order` may be defined as an iterable of field names to determine the order in which variables are rendered within a default "Script Data" group. Any fields not included in this iterable be listed last. If `fieldsets` is defined, `field_order` will be ignored.  A fieldset group for "Script Execution Parameters" will be added to the end of the form by default for the user.
+
+### `fieldsets`
+
+`fieldsets` may be defined as an iterable of field groups and their field names to determine the order in which variables are group and rendered. Any fields not included in this iterable will not be displayed in the form. If `fieldsets` is defined, `field_order` will be ignored.  A fieldset group for "Script Execution Parameters" will be added to the end of the fieldsets by default for the user.
+
+An example fieldset definition is provided below:
+
+```python
+class MyScript(Script):
+    class Meta:
+        fieldsets = (
+            ('First group', ('field1', 'field2', 'field3')),
+            ('Second group', ('field4', 'field5')),
+        )
+```
+
+### `commit_default`
+
+The checkbox to commit database changes when executing a script is checked by default. Set `commit_default` to False under the script's Meta class to leave this option unchecked by default.
+
+```python
+commit_default = False
+```
+
+### `scheduling_enabled`
+
+By default, a script can be scheduled for execution at a later time. Setting `scheduling_enabled` to False disables this ability: Only immediate execution will be possible. (This also disables the ability to set a recurring execution interval.)
+
+### `job_timeout`
+
+Set the maximum allowed runtime for the script. If not set, `RQ_DEFAULT_TIMEOUT` will be used.
+
+## Accessing Request Data
+
+Details of the current HTTP request (the one being made to execute the script) are available as the instance attribute `self.request`. This can be used to infer, for example, the user executing the script and the client IP address:
+
+```python
+username = self.request.user.username
+ip_address = self.request.META.get('HTTP_X_FORWARDED_FOR') or \
+    self.request.META.get('REMOTE_ADDR')
+self.log_info(f"Running as user {username} (IP: {ip_address})...")
+```
+
+For a complete list of available request parameters, please see the [Django documentation](https://docs.djangoproject.com/en/stable/ref/request-response/).
+
+## Reading Data from Files
+
+The Script class provides two convenience methods for reading data from files:
+
+* `load_yaml`
+* `load_json`
+
+These two methods will load data in YAML or JSON format, respectively, from files within the local path (i.e. `SCRIPTS_ROOT`).
+
+## Logging
+
+The Script object provides a set of convenient functions for recording messages at different severity levels:
+
+* `log_debug(message=None, obj=None)`
+* `log_success(message=None, obj=None)`
+* `log_info(message=None, obj=None)`
+* `log_warning(message=None, obj=None)`
+* `log_failure(message=None, obj=None)`
+
+Log messages are returned to the user upon execution of the script. Markdown rendering is supported for log messages. A message may optionally be associated with a particular object by passing it as the second argument to the logging method.
+
+## Test Methods
+
+A script can define one or more test methods to report on certain conditions. All test methods must have a name beginning with `test_` and accept no arguments beyond `self`.
+
+These methods are detected and run automatically when the script is executed, unless its `run()` method has been overridden. (When overriding `run()`, `run_tests()` can be called to run all test methods present in the script.)
+
+Calling any of these logging methods without a message will increment the relevant counter, but will not generate an output line in the script's log.
+
+!!! info
+    This functionality was ported from [legacy reports](./reports.md) in NetBox v4.0.
+
+### Example
+
+```
+from dcim.choices import DeviceStatusChoices
+from dcim.models import ConsolePort, Device, PowerPort
+from extras.scripts import Script
+
+
+class DeviceConnectionsReport(Script):
+    description = "Validate the minimum physical connections for each device"
+
+    def test_console_connection(self):
+
+        # Check that every console port for every active device has a connection defined.
+        active = DeviceStatusChoices.STATUS_ACTIVE
+        for console_port in ConsolePort.objects.prefetch_related('device').filter(device__status=active):
+            if not console_port.connected_endpoints:
+                self.log_failure(
+                    f"No console connection defined for {console_port.name}",
+                    console_port.device,
+                )
+            elif not console_port.connection_status:
+                self.log_warning(
+                    f"Console connection for {console_port.name} marked as planned",
+                    console_port.device,
+                )
+            else:
+                self.log_success("Passed", console_port.device)
+
+    def test_power_connections(self):
+
+        # Check that every active device has at least two connected power supplies.
+        for device in Device.objects.filter(status=DeviceStatusChoices.STATUS_ACTIVE):
+            connected_ports = 0
+            for power_port in PowerPort.objects.filter(device=device):
+                if power_port.connected_endpoints:
+                    connected_ports += 1
+                    if not power_port.path.is_active:
+                        self.log_warning(
+                            f"Power connection for {power_port.name} marked as planned",
+                            device,
+                        )
+            if connected_ports < 2:
+                self.log_failure(
+                    f"{connected_ports} connected power supplies found (2 needed)",
+                    device,
+                )
+            else:
+                self.log_success("Passed", device)
+```
+
+## Change Logging
+
+To generate the correct change log data when editing an existing object, a snapshot of the object must be taken before making any changes to the object.
+
+```python
+if obj.pk and hasattr(obj, 'snapshot'):
+    obj.snapshot()
+
+obj.property = "New Value"
+obj.full_clean()
+obj.save()
+```
+
+## Error handling
+
+Sometimes things go wrong and a script will run into an `Exception`. If that happens and an uncaught exception is raised by the custom script, the execution is aborted and a full stack trace is reported.
+
+Although this is helpful for debugging, in some situations it might be required to cleanly abort the execution of a custom script (e.g. because of invalid input data) and thereby make sure no changes are performed on the database. In this case the script can throw an `AbortScript` exception, which will prevent the stack trace from being reported, but still terminating the script's execution and reporting a given error message.
+
+```python
+from utilities.exceptions import AbortScript
+
+if some_error:
+    raise AbortScript("Some meaningful error message")
+```
+
+## Variable Reference
+
+### Default Options
+
+All custom script variables support the following default options:
+
+* `default` - The field's default value
+* `description` - A brief user-friendly description of the field
+* `label` - The field name to be displayed in the rendered form
+* `required` - Indicates whether the field is mandatory (all fields are required by default)
+* `widget` - The class of form widget to use (see the [Django documentation](https://docs.djangoproject.com/en/stable/ref/forms/widgets/))
+
+### StringVar
+
+Stores a string of characters (i.e. text). Options include:
+
+* `min_length` - Minimum number of characters
+* `max_length` - Maximum number of characters
+* `regex` - A regular expression against which the provided value must match
+
+Note that `min_length` and `max_length` can be set to the same number to effect a fixed-length field.
+
+### TextVar
+
+Arbitrary text of any length. Renders as a multi-line text input field.
+
+### IntegerVar
+
+Stores a numeric integer. Options include:
+
+* `min_value` - Minimum value
+* `max_value` - Maximum value
+
+### BooleanVar
+
+A true/false flag. This field has no options beyond the defaults listed above.
+
+### ChoiceVar
+
+A set of choices from which the user can select one.
+
+* `choices` - A list of `(value, label)` tuples representing the available choices. For example:
+
+```python
+CHOICES = (
+    ('n', 'North'),
+    ('s', 'South'),
+    ('e', 'East'),
+    ('w', 'West')
+)
+
+direction = ChoiceVar(choices=CHOICES)
+```
+
+In the example above, selecting the choice labeled "North" will submit the value `n`.
+
+### MultiChoiceVar
+
+Similar to `ChoiceVar`, but allows for the selection of multiple choices.
+
+### ObjectVar
+
+A particular object within NetBox. Each ObjectVar must specify a particular model, and allows the user to select one of the available instances. ObjectVar accepts several arguments, listed below.
+
+* `model` - The model class
+* `query_params` - A dictionary of query parameters to use when retrieving available options (optional)
+* `context` - A custom dictionary mapping template context variables to fields, used when rendering `<option>` elements within the dropdown menu (optional; see below)
+* `null_option` - A label representing a "null" or empty choice (optional)
+
+To limit the selections available within the list, additional query parameters can be passed as the `query_params` dictionary. For example, to show only devices with an "active" status:
+
+```python
+device = ObjectVar(
+    model=Device,
+    query_params={
+        'status': 'active'
+    }
+)
+```
+
+Multiple values can be specified by assigning a list to the dictionary key. It is also possible to reference the value of other fields in the form by prepending a dollar sign (`$`) to the variable's name.
+
+```python
+region = ObjectVar(
+    model=Region
+)
+site = ObjectVar(
+    model=Site,
+    query_params={
+        'region_id': '$region'
+    }
+)
+```
+
+#### Context Variables
+
+Custom context variables can be passed to override the default attribute names or to display additional information, such as a parent object.
+
+| Name          | Default         | Description                                                                  |
+|---------------|-----------------|------------------------------------------------------------------------------|
+| `value`       | `"id"`          | The attribute which contains the option's value                              |
+| `label`       | `"display"`     | The attribute used as the option's human-friendly label                      |
+| `description` | `"description"` | The attribute to use as a description                                        |
+| `depth`[^1]   | `"_depth"`      | The attribute which indicates an object's depth within a recursive hierarchy |
+| `disabled`    | --              | The attribute which, if true, signifies that the option should be disabled   |
+| `parent`      | --              | The attribute which represents the object's parent object                    |
+| `count`[^1]   | --              | The attribute which contains a numeric count of related objects              |
+
+[^1]: The value of this attribute must be a positive integer
+
+### MultiObjectVar
+
+Similar to `ObjectVar`, but allows for the selection of multiple objects.
+
+### FileVar
+
+An uploaded file. Note that uploaded files are present in memory only for the duration of the script's execution: They will not be automatically saved for future use. The script is responsible for writing file contents to disk where necessary.
+
+### IPAddressVar
+
+An IPv4 or IPv6 address, without a mask. Returns a `netaddr.IPAddress` object.
+
+### IPAddressWithMaskVar
+
+An IPv4 or IPv6 address with a mask. Returns a `netaddr.IPNetwork` object which includes the mask.
+
+### IPNetworkVar
+
+An IPv4 or IPv6 network with a mask. Returns a `netaddr.IPNetwork` object. Two attributes are available to validate the provided mask:
+
+* `min_prefix_length` - Minimum length of the mask
+* `max_prefix_length` - Maximum length of the mask
+
+### DateVar
+
+A calendar date. Returns a `datetime.date` object.
+
+### DateTimeVar
+
+A complete date & time. Returns a `datetime.datetime` object.
+
+## Running Custom Scripts
+
+!!! note
+    To run a custom script, a user must be assigned permissions for `Extras > Script`, `Extras > Script Module`, and `Core > Managed File` objects. They must also be assigned the `extras.run_script` permission. This is achieved by assigning the user (or group) a permission on the Script object and specifying the `run` action in "Permissions" as shown below.
+
+    ![Adding the run action to a permission](../media/run_permission.png)
+
+### Via the Web UI
+
+Custom scripts can be run via the web UI by navigating to the script, completing any required form data, and clicking the "run script" button. It is possible to schedule a script to be executed at specified time in the future. A scheduled script can be canceled by deleting the associated job result object.
+
+### Via the API
+
+To run a script via the REST API, issue a POST request to the script's endpoint specifying the form data and commitment. For example, to run a script named `example.MyReport`, we would make a request such as the following:
+
+```no-highlight
+curl -X POST \
+-H "Authorization: Token $TOKEN" \
+-H "Content-Type: application/json" \
+-H "Accept: application/json; indent=4" \
+http://netbox/api/extras/scripts/example.MyReport/ \
+--data '{"data": {"foo": "somevalue", "bar": 123}, "commit": true}'
+```
+
+Optionally `schedule_at` can be passed in the form data with a datetime string to schedule a script at the specified date and time.
+
+### Via the CLI
+
+Scripts can be run on the CLI by invoking the management command:
+
+```
+python3 manage.py runscript [--commit] [--loglevel {debug,info,warning,error,critical}] [--data "<data>"] <module>.<script>
+```
+
+The required ``<module>.<script>`` argument is the script to run where ``<module>`` is the name of the python file in the ``scripts`` directory without the ``.py`` extension and ``<script>`` is the name of the script class in the ``<module>`` to run.
+
+The optional ``--data "<data>"`` argument is the data to send to the script
+
+The optional ``--loglevel`` argument is the desired logging level to output to the console.
+
+The optional ``--commit`` argument will commit any changes in the script to the database.
+
+## Example
+
+Below is an example script that creates new objects for a planned site. The user is prompted for three variables:
+
+* The name of the new site
+* The device model (a filtered list of defined device types)
+* The number of access switches to create
+
+These variables are presented as a web form to be completed by the user. Once submitted, the script's `run()` method is called to create the appropriate objects.
+
+```python
+from django.utils.text import slugify
+
+from dcim.choices import DeviceStatusChoices, SiteStatusChoices
+from dcim.models import Device, DeviceRole, DeviceType, Manufacturer, Site
+from extras.scripts import *
+
+
+class NewBranchScript(Script):
+
+    class Meta:
+        name = "New Branch"
+        description = "Provision a new branch site"
+        field_order = ['site_name', 'switch_count', 'switch_model']
+
+    site_name = StringVar(
+        description="Name of the new site"
+    )
+    switch_count = IntegerVar(
+        description="Number of access switches to create"
+    )
+    manufacturer = ObjectVar(
+        model=Manufacturer,
+        required=False
+    )
+    switch_model = ObjectVar(
+        description="Access switch model",
+        model=DeviceType,
+        query_params={
+            'manufacturer_id': '$manufacturer'
+        }
+    )
+
+    def run(self, data, commit):
+
+        # Create the new site
+        site = Site(
+            name=data['site_name'],
+            slug=slugify(data['site_name']),
+            status=SiteStatusChoices.STATUS_PLANNED
+        )
+        site.full_clean()
+        site.save()
+        self.log_success(f"Created new site: {site}")
+
+        # Create access switches
+        switch_role = DeviceRole.objects.get(name='Access Switch')
+        for i in range(1, data['switch_count'] + 1):
+            switch = Device(
+                device_type=data['switch_model'],
+                name=f'{site.slug}-switch{i}',
+                site=site,
+                status=DeviceStatusChoices.STATUS_PLANNED,
+                role=switch_role
+            )
+            switch.full_clean()
+            switch.save()
+            self.log_success(f"Created new switch: {switch}")
+
+        # Generate a CSV table of new devices
+        output = [
+            'name,make,model'
+        ]
+        for switch in Device.objects.filter(site=site):
+            attrs = [
+                switch.name,
+                switch.device_type.manufacturer.name,
+                switch.device_type.model
+            ]
+            output.append(','.join(attrs))
+
+        return '\n'.join(output)
+```

docs/customization/custom-validation.md

@@ -0,0 +1,153 @@
+# Custom Validation
+
+NetBox validates every object prior to it being written to the database to ensure data integrity. This validation includes things like checking for proper formatting and that references to related objects are valid. However, you may wish to supplement this validation with some rules of your own. For example, perhaps you require that every site's name conforms to a specific pattern.  This can be done using custom validation rules.
+
+## Custom Validation Rules
+
+Custom validation rules are expressed as a mapping of object attributes to a set of rules to which that attribute must conform. For example:
+
+```json
+{
+  "name": {
+    "min_length": 5,
+    "max_length": 30
+  }
+}
+```
+
+This defines a custom validator which checks that the length of the `name` attribute for an object is at least five characters long, and no longer than 30 characters. This validation is executed _after_ NetBox has performed its own internal validation.
+
+### Validation Types
+
+The `CustomValidator` class supports several validation types:
+
+* `min`: Minimum value
+* `max`: Maximum value
+* `min_length`: Minimum string length
+* `max_length`: Maximum string length
+* `regex`: Application of a [regular expression](https://en.wikipedia.org/wiki/Regular_expression)
+* `required`: A value must be specified
+* `prohibited`: A value must _not_ be specified
+* `eq`: A value must be equal to the specified value
+* `neq`: A value must _not_ be equal to the specified value
+
+The `min` and `max` types should be defined for numeric values, whereas `min_length`, `max_length`, and `regex` are suitable for character strings (text values). The `required` and `prohibited` validators may be used for any field, and should be passed a value of `True`.
+
+!!! warning
+    Bear in mind that these validators merely supplement NetBox's own validation: They will not override it. For example, if a certain model field is required by NetBox, setting a validator for it with `{'prohibited': True}` will not work.
+
+### Custom Validation Logic
+
+There may be instances where the provided validation types are insufficient. NetBox provides a `CustomValidator` class which can be extended to enforce arbitrary validation logic by overriding its `validate()` method, and calling `fail()` when an unsatisfactory condition is detected. The `validate()` method should accept an instance (the object being saved) as well as the current request effecting the change.
+
+```python
+from extras.validators import CustomValidator
+
+class MyValidator(CustomValidator):
+
+    def validate(self, instance, request):
+        if instance.status == 'active' and not instance.description:
+            self.fail("Active sites must have a description set!", field='status')
+```
+
+The `fail()` method may optionally specify a field with which to associate the supplied error message. If specified, the error message will appear to the user as associated with this field. If omitted, the error message will not be associated with any field.
+
+## Assigning Custom Validators
+
+Custom validators are associated with specific NetBox models under the [CUSTOM_VALIDATORS](../configuration/data-validation.md#custom_validators) configuration parameter. There are three manners by which custom validation rules can be defined:
+
+1. Plain JSON mapping (no custom logic)
+2. Dotted path to a custom validator class
+3. Direct reference to a custom validator class
+
+### Plain Data
+
+For cases where custom logic is not needed, it is sufficient to pass validation rules as plain JSON-compatible objects. This approach typically affords the most portability for your configuration. For instance:
+
+```python
+CUSTOM_VALIDATORS = {
+    "dcim.site": [
+        {
+            "name": {
+                "min_length": 5,
+                "max_length": 30,
+            }
+        }
+    ],
+    "dcim.device": [
+        {
+            "platform": {
+                "required": True,
+            }
+        }
+    ]
+}
+```
+
+#### Referencing Related Object Attributes
+
+The attributes of a related object can be referenced by specifying a dotted path. For example, to reference the name of a region to which a site is assigned, use `region.name`:
+
+```python
+CUSTOM_VALIDATORS = {
+    "dcim.site": [
+        {
+            "region.name": {
+                "neq": "New York"
+            }
+        }
+    ]
+}
+```
+
+#### Validating Request Parameters
+
+In addition to validating object attributes, custom validators can also match against parameters of the current request (where available). For example, the following rule will permit only the user named "admin" to modify an object:
+
+```json
+{
+  "request.user.username": {
+    "eq": "admin"
+  }
+}
+```
+
+!!! tip
+    Custom validation should generally not be used to enforce permissions. NetBox provides a robust [object-based permissions](../administration/permissions.md) mechanism which should be used for this purpose.
+
+### Dotted Path to Class
+
+In instances where a custom validator class is needed, it can be referenced by its Python path (relative to NetBox's working directory):
+
+```python
+CUSTOM_VALIDATORS = {
+    'dcim.site': (
+        'my_validators.Validator1',
+        'my_validators.Validator2',
+    ),
+    'dcim.device': (
+        'my_validators.Validator3',
+    )
+}
+```
+
+### Direct Class Reference
+
+This approach requires each class being instantiated to be imported directly within the Python configuration file.
+
+```python
+from my_validators import Validator1, Validator2, Validator3
+
+CUSTOM_VALIDATORS = {
+    'dcim.site': (
+        Validator1(),
+        Validator2(),
+    ),
+    'dcim.device': (
+        Validator3(),
+    )
+}
+```
+
+!!! note
+    Even if defining only a single validator, it must be passed as an iterable.

docs/customization/export-templates.md

@@ -0,0 +1,81 @@
+# Export Templates
+
+NetBox allows users to define custom templates that can be used when exporting objects. To create an export template, navigate to Customization > Export Templates.
+
+Each export template is associated with a certain type of object. For instance, if you create an export template for VLANs, your custom template will appear under the "Export" button on the VLANs list. Each export template must have a name, and may optionally designate a specific export [MIME type](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types) and/or file extension.
+
+Export templates must be written in [Jinja2](https://jinja.palletsprojects.com/).
+
+!!! note
+    The name `table` is reserved for internal use.
+
+!!! warning
+    Export templates are rendered using user-submitted code, which may pose security risks under certain conditions. Only grant permission to create or modify export templates to trusted users.
+
+The list of objects returned from the database when rendering an export template is stored in the `queryset` variable, which you'll typically want to iterate through using a `for` loop. Object properties can be access by name. For example:
+
+```jinja2
+{% for rack in queryset %}
+Rack: {{ rack.name }}
+Site: {{ rack.site.name }}
+Height: {{ rack.u_height }}U
+{% endfor %}
+```
+
+To access custom fields of an object within a template, use the `cf` attribute. For example, `{{ obj.cf.color }}` will return the value (if any) for a custom field named `color` on `obj`.
+
+If you need to use the config context data in an export template, you'll should use the function `get_config_context` to get all the config context data. For example:
+```
+{% for server in queryset %}
+{% set data = server.get_config_context() %}
+{{ data.syslog }}
+{% endfor %}
+```
+
+The `as_attachment` attribute of an export template controls its behavior when rendered. If true, the rendered content will be returned to the user as a downloadable file. If false, it will be displayed within the browser. (This may be handy e.g. for generating HTML content.)
+
+A MIME type and file extension can optionally be defined for each export template. The default MIME type is `text/plain`.
+
+
+## REST API Integration
+
+When it is necessary to provide authentication credentials (such as when [`LOGIN_REQUIRED`](../configuration/security.md#login_required) has been enabled), it is recommended to render export templates via the REST API. This allows the client to specify an authentication token. To render an export template via the REST API, make a `GET` request to the model's list endpoint and append the `export` parameter specifying the export template name. For example:
+
+```
+GET /api/dcim/sites/?export=MyTemplateName
+```
+
+Note that the body of the response will contain only the rendered export template content, as opposed to a JSON object or list.
+
+## Example
+
+Here's an example device export template that will generate a simple Nagios configuration from a list of devices.
+
+```
+{% for device in queryset %}{% if device.status and device.primary_ip %}define host{
+        use                     generic-switch
+        host_name               {{ device.name }}
+        address                 {{ device.primary_ip.address.ip }}
+}
+{% endif %}{% endfor %}
+```
+
+The generated output will look something like this:
+
+```
+define host{
+        use                     generic-switch
+        host_name               switch1
+        address                 192.0.2.1
+}
+define host{
+        use                     generic-switch
+        host_name               switch2
+        address                 192.0.2.2
+}
+define host{
+        use                     generic-switch
+        host_name               switch3
+        address                 192.0.2.3
+}
+```