diff --git a/options/custom/containers/netbox/Dockerfile b/options/custom/containers/netbox/Dockerfile
new file mode 100644
index 0000000..d2b24ee
--- /dev/null
+++ b/options/custom/containers/netbox/Dockerfile
@@ -0,0 +1,5 @@
+# TODO: Upgrade to v4.1 when supported by netbox-acls
+FROM docker.io/netboxcommunity/netbox:v4.0.11
+
+COPY ./plugin_requirements.txt /opt/netbox/
+RUN /opt/netbox/venv/bin/pip install --no-warn-script-location -r /opt/netbox/plugin_requirements.txt
diff --git a/options/custom/containers/netbox/default.nix b/options/custom/containers/netbox/default.nix
new file mode 100644
index 0000000..b171804
--- /dev/null
+++ b/options/custom/containers/netbox/default.nix
@@ -0,0 +1,88 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.custom.containers.netbox;
+in {
+  options.custom.containers.netbox.enable = mkOption {default = false;};
+
+  config = mkIf cfg.enable {
+    age.secrets = let
+      secret = filename: {
+        file = "${inputs.self}/secrets/${filename}";
+      };
+    in {
+      "${config.custom.profile}/netbox/.env" = secret "${config.custom.profile}/netbox/.env";
+      "${config.custom.profile}/netbox/cache.env" = secret "${config.custom.profile}/netbox/cache.env";
+      "${config.custom.profile}/netbox/db.env" = secret "${config.custom.profile}/netbox/db.env";
+    };
+
+    #?? arion-netbox pull
+    environment.shellAliases.arion-netbox = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.netbox.settings.out.dockerComposeYaml}";
+
+    # https://github.com/netbox-community/netbox-docker
+    virtualisation.arion.projects.netbox = {
+      serviceName = "netbox";
+
+      # https://github.com/netbox-community/netbox-docker/blob/release/docker-compose.yml
+      settings.services = let
+        netbox = {
+          container_name = "netbox";
+          depends_on = ["cache" "db"];
+          env_file = [config.age.secrets."${config.custom.profile}/netbox/.env".path];
+          restart = "unless-stopped";
+          volumes = ["${./extra.py}:/etc/netbox/config/extra.py"];
+
+          # https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins
+          #!! Context modifications require a rebuild
+          #?? arion-netbox build
+          build.context = "${./.}";
+        };
+      in {
+        netbox.service =
+          netbox
+          // {
+            ports = ["8585:8080"];
+          };
+
+        housekeeping.service =
+          netbox
+          // {
+            container_name = "netbox-housekeeping";
+            command = ["/opt/netbox/housekeeping.sh"];
+            depends_on = ["netbox"];
+          };
+
+        worker.service =
+          netbox
+          // {
+            container_name = "netbox-worker";
+            command = ["/opt/netbox/venv/bin/python" "/opt/netbox/netbox/manage.py" "rqworker"];
+            depends_on = ["netbox"];
+          };
+
+        cache.service = {
+          container_name = "netbox-cache";
+          command = ["sh" "-c" "valkey-server --requirepass $$REDIS_PASSWORD"];
+          env_file = [config.age.secrets."${config.custom.profile}/netbox/cache.env".path];
+          image = "docker.io/valkey/valkey:8.0";
+          restart = "unless-stopped";
+        };
+
+        db.service = {
+          container_name = "netbox-db";
+          env_file = [config.age.secrets."${config.custom.profile}/netbox/db.env".path];
+          image = "docker.io/postgres:16";
+          restart = "unless-stopped";
+
+          volumes = [
+            "${config.custom.containers.directory}/netbox/db:/var/lib/postgresql/data"
+          ];
+        };
+      };
+    };
+  };
+}
diff --git a/options/custom/containers/netbox/extra.py b/options/custom/containers/netbox/extra.py
new file mode 100644
index 0000000..b6f3f34
--- /dev/null
+++ b/options/custom/containers/netbox/extra.py
@@ -0,0 +1,32 @@
+# https://github.com/netbox-community/netbox-docker/blob/release/configuration/extra.py
+
+CENSUS_REPORTING_ENABLED = False
+LOGIN_PERSISTENCE = True
+
+# BUG: pynetbox does not send token with version requests
+# https://github.com/netbox-community/Device-Type-Library-Import/issues/134
+# https://github.com/netbox-community/pynetbox/pull/641
+LOGIN_REQUIRED = True
+
+TIME_ZONE = "America/Chicago"
+
+PLUGINS = [
+    "netbox_acls",
+    "netbox_attachments",
+    "netbox_dns",
+    "netbox_interface_synchronization",
+    "netbox_lists",
+    "netbox_otp_plugin",
+    "netbox_reorder_rack",
+    # // "netbox_routing",
+    "netbox_secrets",
+    "netbox_topology_views",
+    "slurpit_netbox",
+]
+
+PLUGINS_CONFIG = {
+    "netbox_acls": {"top_level_menu": True},
+    "netbox_otp_plugin": {"otp_required": False},
+    "netbox_secrets": {"top_level_menu": True},
+    "netbox_topology_views": {"allow_coordinates_saving": True},
+}
diff --git a/options/custom/containers/netbox/plugin_requirements.txt b/options/custom/containers/netbox/plugin_requirements.txt
new file mode 100644
index 0000000..c00a53b
--- /dev/null
+++ b/options/custom/containers/netbox/plugin_requirements.txt
@@ -0,0 +1,11 @@
+netbox-acls == 1.6.* # https://github.com/netbox-community/netbox-acls
+netbox-attachments == 5.1.* # https://github.com/Kani999/netbox-attachments
+netbox-interface-synchronization == 4.0.* # https://github.com/NetTech2001/netbox-interface-synchronization
+netbox-lists == 4.0.* # https://github.com/devon-mar/netbox-lists
+netbox-otp-plugin == 1.3.* # https://github.com/k1nky/netbox-otp-plugin
+netbox-plugin-dns == 1.1.* # https://github.com/peteeckel/netbox-plugin-dns
+netbox-reorder-rack == 1.1.* # https://github.com/netbox-community/netbox-reorder-rack
+#// netbox-routing # https://github.com/DanSheps/netbox-routing
+netbox-secrets == 2.0.* # https://github.com/Onemind-Services-LLC/netbox-secrets
+netbox-topology-views == 4.0.* # https://github.com/netbox-community/netbox-topology-views
+slurpit_netbox == 0.9.* # https://gitlab.com/slurpit.io/slurpit-netbox
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 64c8d2a..9314fc9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -75,6 +75,9 @@ in {
   "server/mastodon/.env".publicKeys = server;
   "server/mastodon/db.env".publicKeys = server;
   "server/matrix-conduit/conduwuit.toml".publicKeys = server;
+  "server/netbox/.env".publicKeys = server;
+  "server/netbox/cache.env".publicKeys = server;
+  "server/netbox/db.env".publicKeys = server;
   "server/netdata/parent.conf".publicKeys = server;
   "server/nextcloud/.env".publicKeys = server;
   "server/nextcloud/db.env".publicKeys = server;
diff --git a/secrets/server/caddy/Caddyfile b/secrets/server/caddy/Caddyfile
index a9dc3ed..79f95dd 100644
Binary files a/secrets/server/caddy/Caddyfile and b/secrets/server/caddy/Caddyfile differ
diff --git a/secrets/server/netbox/.env b/secrets/server/netbox/.env
new file mode 100644
index 0000000..d75181c
Binary files /dev/null and b/secrets/server/netbox/.env differ
diff --git a/secrets/server/netbox/cache.env b/secrets/server/netbox/cache.env
new file mode 100644
index 0000000..7533171
Binary files /dev/null and b/secrets/server/netbox/cache.env differ
diff --git a/secrets/server/netbox/db.env b/secrets/server/netbox/db.env
new file mode 100644
index 0000000..5947a9d
--- /dev/null
+++ b/secrets/server/netbox/db.env
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 8E6j8Q m8gcV7QJYaY5aXQVfwpeYhHvpRZxB7TyVAQ2PLPKEH4
+3CMDnCvJJAoWb+dsiiT+XDDga+J0A1i45ItUloYPLbs
+-> ssh-ed25519 sfxzoQ YczqBRqlP8jRn3yvCL67aBtP8l4pbvjaoYJPKXegVRo
+AdXDHkqehiUEKGiPb//PEAezWNWCd3RADBlj2s1sgVs
+-> ssh-ed25519 fEyKPw 4/iuxqm//a6g6MxWfuG6UnQTIrCJ6TxVYINWoKE2an8
+Ot52wghJyc4nwcq4yyIq9r+upVcEDuvaNi/U5uUiH/M
+--- mfhw4DBbORqU7oNviE/DNacM5wDC1QzzPxbz7Fw2T0o
+‹3:…*¼}ÅLjbÀ†`¨iÙwî§zúë\>Ü9Q¾FTYQoòÃ_Æ÷:§ùÕÉØùîc™vì¬:Ü©;öÊÓwDŒT‹R¡ôJrÊ4ó¥Js•ôIÄ¥Ãóue·Xcùá}*LzhóÄoå, :µð5†ü:u¨t,Œ¥´|‰’~Ç>—AvýÜ§4z’„í2-šáÆ/‘ÎJ…Y¥f_èñ“{[Af×í…“
\ No newline at end of file