From b656aef36dff08983156a78659177550708a5b9f Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Fri, 15 Sep 2023 12:08:32 +0200 Subject: [PATCH] pretalx: deploy on palladium --- group_vars/all/vars.yml | 6 + group_vars/all/vault.yml | 234 +++++++++--------- hosts | 1 + roles/pretalx/defaults/main.yml | 4 + roles/pretalx/handlers/main.yml | 13 + roles/pretalx/meta/main.yml | 5 + roles/pretalx/tasks/main.yml | 124 ++++++++++ roles/pretalx/templates/certs.j2 | 15 ++ .../pretalx/templates/pretalx-web.service.j2 | 18 ++ .../templates/pretalx-worker.service.j2 | 15 ++ roles/pretalx/templates/pretalx.cfg.j2 | 26 ++ roles/pretalx/templates/vhost.j2 | 48 ++++ site.yml | 7 +- 13 files changed, 399 insertions(+), 117 deletions(-) create mode 100644 roles/pretalx/defaults/main.yml create mode 100644 roles/pretalx/handlers/main.yml create mode 100644 roles/pretalx/meta/main.yml create mode 100644 roles/pretalx/tasks/main.yml create mode 100644 roles/pretalx/templates/certs.j2 create mode 100644 roles/pretalx/templates/pretalx-web.service.j2 create mode 100644 roles/pretalx/templates/pretalx-worker.service.j2 create mode 100644 roles/pretalx/templates/pretalx.cfg.j2 create mode 100644 roles/pretalx/templates/vhost.j2 diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 003ed89..4ff65bd 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -143,6 +143,12 @@ nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de +pretalx_domain: pretalx.events.binary-kitchen.de +pretalx_dbname: pretalx +pretalx_dbuser: pretalx +pretalx_dbpass: "{{ vault_pretalx_dbpass }}" +pretalx_mail: pretalx@binary-kitchen.de + pretix_domain: pretix.events.binary-kitchen.de pretix_dbname: pretix pretix_dbuser: pretix diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index c23a9ef..db93f86 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,117 +1,119 @@ $ANSIBLE_VAULT;1.1;AES256 -64323333366663656333326437323631376336393635306431396265363564303536343435306334 -6133343737336133373736303534653062636532653734380a323839353631663132613566303838 -31393839303266323430346465666331366536323362326632313266636462386534646438313438 -3439623866616632390a643234613336643732353232613134336233396462323535393638613031 -36303236386538323762663661646162346564313335633432666166653935336162623637613636 -39323364383232363963393433333565626331363131343765663865396166303834376163646431 -33366634383733663836313630343236663438323364643038623336323431666335343963376335 -36383934386238303034366336656630646134646337363734396639326434393630396530356332 -62613362346531643032636366633438323739323730663934626433653732386565663766623164 -32336230313935313331336438616563623830633931653638626162636664383230343261623639 -62333334393934343035373736343333623664656339656537313266633964306564653565616362 -30386536656430666339393666323463366334623538653166323233316230623533643763343236 -64663132393534393338373130343537666435376337656439653331336664303936656563323961 -37353235313434376333306231623736393539656539636164363630666264343862616530663334 -33613663643066336161656366636233646438626436343863373362613334333434343531626338 -63363832333865376337633162346564306564386536373439643738366335336466663935333762 -30633734333938333039633363323035316534663166623439303365393938306431623739633435 -31653062376236643838336232376432623130663063326462356662323863313334333430636535 -37626561616438376466326666393163373432396635333230353132363466636663316232633931 -31336330356238353434623934333232363032323738626431653130376138356439613264643732 -38366231373661613736353665613334343964326130613562636365326233616538303039653438 -32326637316236623162346664666366396263366231333337666662366662386532323237356562 -65356132626331373531363436316562643633366361626135616238656134376335326537313066 -65323337303536346264663661396133613063343761633364393130373935323435383738623539 -61343131636464373363333737633732313135663063663839313365303166663833376237333666 -34396333653036616639373133363631356362663238336539386463363236356339663037386532 -63306562333534353337323537616562663638623134373662653039306231316166356239643862 -32333234383231626537383638643237613565333831396435316231646161393462306137663566 -31303262643233333533333735653637313334336635653232623763653132663536303134336533 -66373566343463313030663731323663633635306564316638366136643062333134323965613064 -35303733366366623465393433386336643637363533376232616437343864386635393930346464 -66343738663866303237653661346133646336396633643838653561356133373864353938336362 -65326562306237383436336534626434316631613166653234396432333262666634646330306466 -62363161396630343132396335383136353366383261316636333138656632643038393038643463 -64323037313035323836666263366162623162653632393433353831653064316562313935643464 -33326163653131353938666265323662356461353865373737333639663262643463623266383834 -37643833656266666630333234653565363361326133303137396630363062363030356532333438 -66653238323139363033356566656634656361636661386232653735633639313339363533643331 -34623737393836333730653335636637363766383261633364383864666536623436653832613063 -32646235613138303163316536383034363465623566356135326561623466346633623030376335 -37633962363861613339633934356362373361356633313538373362633462303539313162393434 -35383234383332393939336638353663383662633261383131303938613137356335343234663864 -63303731373934386266326536336130636431666339653430643832616562646137373134333233 -38383635336433666437313764303133633836306464383637356537306664313065323164363533 -38613535653562326264626363396332313031656438356331316663643134366663316630366564 -63636437663962353331353963353331333863636462383664633532383662323432376535343763 -32666231646465303239336538613837626239616361623363333637636136303836326136643263 -32623766636662663764613663353232373835393735656532356239643136303632303665656566 -62363732386337373266313337306261616131376163363832653436643638326339343035386334 -66346466376636343530653733356565336637653163376461343938386436313261346539333236 -66636439626435383836366631636439626235323863653933353332653134363235303033356264 -62653833376261363439396333383131653333613264633634323965636539353265656539396535 -36303833386134666539313535333237663231363162373063613233363766303933333734333838 -38333333333466353463383164623533333732353963646562323135633764316365346438623136 -38633963653332623663663434646536386637313061333131363065303639376362353732616266 -38656537393532383861333062393166633765333439343362386239633166346464303230376430 -64666134643532323731626635643235666665316131643265613038373034353964333337663137 -62636565626632613931323536653634633262343538366538616665373134326334386365386538 -33613334303831663362633234613538343962646633356661303736336136663731393661363738 -32626165303063653830613735616434636134353936613761393239666238336132393634376463 -37346363363835353133653639333637616164613236396463316163636463303433623165343231 -64623733646635326232663235343337613633316639633661646535333366393438643734666637 -38656531623631623437653032363366306630346666663033643233613066393139333936666162 -62343032636665363830323634373437313766643933383035663065343961656235653338636130 -37393364636531353164386134633736636134313966633238633038346264313233623034376538 -37663137626162383238383132326433633064366532653033653061316336383663366135343662 -63663064373136366231353633643831656462613061383732353635326432323235386435613166 -37323235636638653031336363383761306631613265616665346233336539653661303430323636 -33646161353936363337623230386239666363313936313733643638363766313035613365373333 -31386535633464326635333333653163636432383739623266616464336432383665346362366465 -64616362376233653031633333366262623566373565313635313461646563386665356533306638 -39336635313034306562323364313039323666623964386361643764373232366436323935353833 -66653030376536613530613163633733653536393964633462666261343265653535666636633838 -61316639653030313964363266386366303833623866343265656164326435313565656362366138 -65636566333431633362306237633232386132366439333936646436306463663834353237313061 -38343461386636323939653739353635316538363561326131633331336638393063353937353730 -66373864326461346165623831306162636632343331366332306531326435393538666263383465 -66656438633534326364366235353130343130323163653936653139343962336361646164306430 -36613931656461646261373133363430643030623031646662663235326539343131333366616165 -31386236313132303164633566393237306365613062363065313333643166656431393533366562 -36333537376535373939636365346366393533393861616566313733643866616538343239643762 -39613863663761636137383931373665353465326539386463643530343237643061333439613137 -66313866643133646361323666643764313666626465393235653965653664653962386464333539 -31343836656237333634633963396564623566363835363466636635623232663834643638333131 -30356631333136643466313230376365613731313863613163346435363534336663376362343034 -63376662616431353564373832366464306361616239383837663737653836663564616635646663 -35313031663537363838633838393664336634633961616162303364386362336535666463336336 -61636637326665313464643333663530393463346265323564623162616330636166316330323438 -64663832333964333938313336326236383935303465373663616638383332363366636234383131 -66656664646662393935363531343536623231346539373232353466386264303337373031373365 -37356663343130366564356366343966376366383237306533376634343766643761373039616664 -38343535316131313764643130613030613061333631653537356635633230363335653931353463 -36383161336236303330356533306431653736343635666239623234653462653330383037383334 -32613437613036333236633664623938356332636432356663663062623234363237393932316462 -66323030393832326133623037303436656535306335613430326666393664616535376332346632 -63373564623534646465313866326430386238396163353165626534366164306231653633613663 -39306133633736646234613535303763323235373639663964363666376634323763396565386537 -33616164663235653363613135643465366137366330643138333338636536663730363963666239 -61666432313437336265383237333930376365356165613935383461373765363965623335373965 -61643461373036643164393366326664383233343939336436623661323662353137303430663533 -66353037663836383037393863333130313337343530336636366535653432343166396462623338 -61663464363437336262303161653433303639363737316530656265663737616164366138383761 -32326531333832623839323832323364623637636330663139316131383534623263663334626234 -66643661643766636566313635663230333837613332616366353931376262616433393532646636 -32646434323534636236633932616361363336653039353737333034346165303533323066393232 -32336266373163386161326131373834613936356362346563616466623233303263653730616363 -36383332653236646339633136376462626431616231323465636464663838323739316562386438 -61373736376263336334313066643131306637383465616266383765623432343537383162643630 -63343532303235373030343562656565666464666437356337643335363364306138336535386461 -65663435643866356639656236306463613333633833353932646665623839663635383266323132 -36363063333833383437356632333562366564633365626331396333333439646165663365353636 -39393136656439333735663065353232666539663433326364323734333461353465656537363339 -35316635346164663037343331343164396561656530636332356637333930313931376239393961 -33353532323137363239653664326436346330326361616161373432363134613437643562313939 -63643133306534396236383866333135306137316632336235666463363165353830313839383531 -66616265316534393635 +39666135633235396538666436663736616531633830653365383833386364353631613361383063 +3163363832383139333937666162363533656238313063650a646536336664666636666461323031 +36656434616237323734623163646162303932316338313334333739643933653064656234336535 +3533643334666333310a303262373731333061343561633138316165623162653539353535366165 +30393863343633613463333432383831626631333830613331653763643237646534333465333234 +32356436363135636537373230343166336235623137323065636435356335643435346264633035 +35343661333737326631303635643537613234346630643034646561343037343734383131646662 +33336565633961366533346266396636623036646231643730363964666137333433633563303464 +31616666363864303033306431366566633334333034373439636531393535306534303930353637 +61376465373130663461663432353838613166306361663865333063306661353966356662613562 +36386331653736393864653837613939323266663431666265306237366530623337346235383933 +61343262633932373863353434653266313161316266343230613135643634616632346464393034 +35356266323666363964353666633461643433613033333934626239653766643635656438356361 +66346236626537343638376639626237643761376531633237633837393965633038643563393931 +32363235383732626162656265353963666434323961373035376163333439626262366561626331 +63633663313838663533313830646638303532323962376231613665343866313362336537633564 +35313862396363663935623639633263393466633233343837623035653161623962396639653238 +33386665303966366362316333396665663761316436383833343439616565303033636539633630 +66643463386266613230303765323431316631666465366464353338366566653338366130353266 +61346362656661616266656264663430616565633037613037313434613466343433386635633865 +32303831616562663139616163636266643738666366633165356339633266616635646531663665 +37363536643765383935306531656665393863343330326366633061303361363930353062346637 +30643466656366353839303366383237623136336536656464653936306566393432633265386465 +61336365383638633930363133343332643066376136383537376366376530373532616163376266 +64626633333435383533353564386431643363363939353637363661353137373138643436303232 +36663233373935616133303136623163333237656565366566353266303362356436393963643064 +64366339323837343038343963613137316533396266313130323738396263363765633734636637 +31373530383163636133393539643731346335653435653265313866653138393164393938396531 +36653537666631643536396134626232623766363062323062393538393961653838616336396162 +61393936393663633034613863643864386363316237633464636262633064623666363164663661 +35613662336361386563326361386232653539313634663665636665353663666136326639353134 +62616262333036336332373634393339396162663135353136396438386263323537373531383561 +64313439646666366333353161323431343834353565633762396363383338336166323664346630 +35613562633035393439326132623135666431383835383962636430363731326466363932346164 +65663634636637613232626366613730343262633136333131333539353465326138323230333336 +31393530306538363966373866626161353631383336613863386533643065656462656264633432 +34383533396137336234326131346462336565343461363234626637326636353430376435356466 +62333630323334666630386566306539353233663333356263633034366235396364616563363066 +63383565626639613130663233393961333333336234666264333936623666316130393130353735 +30666465366132383033363765643732306231633938303039323466613833643431316131346639 +33306263386562343030633539666336306266303739376464326665636264373339393762623937 +61366131616564316432346566623332613738336332623964383763333533396235623166666663 +65306566353363643139373031616438613964636563623533396637363738333439616435303762 +39666565343934306130663537383963626463393961613236326261633166323263346439323862 +33393335323865393036303931363330623036303837343038306566386139306639313235396433 +39386365626166623763333033396334306265353037363337386437353161653261373763343236 +38373531633639303234303437386261323061633263663864393333303637373536646532306339 +36393134373732623965323165613130333861643636396564323434666433336536373565373935 +30663066353538396136666435613330653232616361656639373565353139653831373962393561 +63393131353763613936663839333234393061353438643335656432653638336166356230646636 +64613636646361616438386562396535313763316563396463326364356139383434653636376635 +63373032343561636165646266393831326230363863313134326566623437653437303263376639 +32363038663933623163643964363464653561396633666666636361363164383163363465336561 +65343238313434373837633263333162393435373537663230653139303865393938396338373339 +33346363616630383933366233303930613532656339346432376534623835643033326235653963 +61663061613764646563356364353538343466363962633839613538363463633661303438613362 +32623731633538636333376463666166303063666238626264303639376132333537626236316665 +66313161346662313135396136336364653139336665363465313935613633343535346534623863 +61306561303732386662636365653963353933323564316436633735613738303565326561663339 +37633363353162306135623833363438316439326233386566363162353661316465333166366633 +37616262313934303862343231366462306231646331653765393262393637393464633763653036 +61383863396431666633653934366432653237363661663335373637666530643134373238633634 +34373230383536333064626166313335363530383937626666393834326134353863363132643337 +36623035653037653937336265326338643734303236363537646339653231326162323830393333 +34393237303430303630373739623663646138613837386261376532333234326230383835343364 +65353833613632396430363338366362633834353765306661623036353263623336633434656432 +39306631663932623761353531333831656539313438646466636230306237633531633832303835 +34623165386663323765333831646533613762373432333761326233636438663335623335363930 +34353230346162336562303766616236333936313263313163623366636639393637363437336538 +38653632366430356433316633326232393364656236643137336565356465646665363961626632 +39346465306131626438663966613861373339363436363134316536326132313834373033393335 +34356331613634326134393365623165366136333232623163643564396461303637623237626436 +30343739326133616530626330376136306661396561346335643439663764303361636162386134 +33363364353863376133386238656436363835326531336335393335343138396132333032613466 +62306539643663373437353939653462643136343961303636333865373731633537356539663332 +33326335363439373462643063633031626337373833326433383864346431366665626635373231 +35656638653333363932663837386334666664333933633031363231633134336235373163353033 +30643065653266383937656162353664386262313932386532363537343861663834656536373764 +36663733373035613266663165393934323263636334386135393430666461363435346236386565 +31313766336134333239336639326562396439613862623065623933326562363133313938623962 +31346630313363643833366563376632613566373966333234633039653136623161386664313133 +30353433366432336464663563626338613564666531663531363434626339336466306537396130 +64346538353132383539656333613461333161333937663335613463373263363134316533353861 +36313664663634383133636633616138383664643164313635636330316633396538376163356638 +61373332396662326434333366316334336533663033396532333530363934396635303839383138 +37303363383830626132343964626232646631636233383237343463356130626463323634626135 +36323665626266333831656434393136623837303235366464646166353930363435343164336163 +64633231383330346436396438643436633032313433306536636630616263653234666466626466 +39316165363338633464656364656430666664336136363535623236363264396439386438356434 +34323663333938323362386233336364313566353337333564363963666635373461353461326136 +62313663353339343535363062376662636631366637376265303035616533386135643361646164 +65393334623266383564306330373132323032316564343132646635313563653431373963376536 +38353235343633363361313964633361616537353436353464336436313934393631626431356137 +39363062386538623334303834333466616139356638623436316130323763613933386138613563 +36373263633639316137396164343638386638623465393930663065313537633733326130376461 +39636662633430303631323062343236613737396131613032613337323566316365383333613737 +33373332386137326538343462396362336235396532366536393637666638313165666633336130 +61353330636161623739383330613866363263386261616237363834393631363839396466333631 +65613931353663323830313736646366653337343334303535353039306261346364616636396665 +39666636363866626265386438393837393766666533373164383463626664383266336463336639 +39616562306264336461353033623531656430346631393833353865343962643132623239653932 +65346438616165353933306263616165316565613166636436313462303864306237623734613166 +39626466626132333562376362303733326534633230623565353937643436653836663438333963 +35636137663961383363613339316135346230393931366439616665626265666562393862396365 +62383664363538393134636231613338656236383431663438396365336161363534623236623162 +62646463646133633363333339626363636438653432653564613636343133393563373430353638 +62383632663335666464313134316262333265663962373638303561336437393833343135656562 +36393561616636613333626362333233396631616539353565326233393438343839366362353135 +39363365356231393066663738666364633965653864383137613862323638626464383538383065 +63646430353462353765623431653431663838323664663162373034373863663331393761343034 +62666663653762656536636161396330616434353164396662653965626439626239316439363031 +63626337306461613336353662363561373238383864363739633630643239326463336131356636 +62373936616561386431653139656239653666643938626464343262363335613862396430383763 +31323239383663393666366631633334643530383061656338666237373664316539376534633163 +64653864376161316366633132373563333935333736303933656165373936366461393061643734 +34653964323533303532653230336265346639663831313563643536663539613733666564363364 +32646534343362343034653934316166356265623734663166336631626638646262626630373764 +3437353830323832643732666163353165393362373334636437 diff --git a/hosts b/hosts index 2b52ef7..652d6ba 100644 --- a/hosts +++ b/hosts @@ -35,4 +35,5 @@ zirconium.binary-kitchen.net molybdenum.binary-kitchen.net ruthenium.binary-kitchen.net rhodium.binary-kitchen.net +palladium.binary-kitchen.net barium.binary-kitchen.net diff --git a/roles/pretalx/defaults/main.yml b/roles/pretalx/defaults/main.yml new file mode 100644 index 0000000..452e60e --- /dev/null +++ b/roles/pretalx/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +pretalx_user: pretalx +pretalx_group: pretalx diff --git a/roles/pretalx/handlers/main.yml b/roles/pretalx/handlers/main.yml new file mode 100644 index 0000000..db29023 --- /dev/null +++ b/roles/pretalx/handlers/main.yml @@ -0,0 +1,13 @@ +--- + +- name: Run acertmgr + command: /usr/bin/acertmgr + +- name: Reload systemd + systemd: daemon_reload=yes + +- name: Restart pretalx-web + service: name=pretalx-web state=restarted + +- name: Restart pretalx-worker + service: name=pretalx-worker state=restarted diff --git a/roles/pretalx/meta/main.yml b/roles/pretalx/meta/main.yml new file mode 100644 index 0000000..8fcf724 --- /dev/null +++ b/roles/pretalx/meta/main.yml @@ -0,0 +1,5 @@ +--- + +dependencies: +- { role: acertmgr } +- { role: nginx, nginx_ssl: True } diff --git a/roles/pretalx/tasks/main.yml b/roles/pretalx/tasks/main.yml new file mode 100644 index 0000000..94a67f6 --- /dev/null +++ b/roles/pretalx/tasks/main.yml @@ -0,0 +1,124 @@ +--- + +- name: Create group + group: name={{ pretalx_group }} + +- name: Create user + user: name={{ pretalx_user }} home=/home/{{ pretalx_user }} group={{ pretalx_group }} + +- name: Create pretalx directories + file: path={{ item }} state=directory owner={{ pretalx_user }} group={{ pretalx_group }} + with_items: + - /etc/pretalx + - /opt/pretalx + - /opt/pretalx/data + - /opt/pretalx/data/media + +- name: Install dependencies + apt: + name: + - build-essential + - gettext + - libssl-dev + - nodejs + - npm + - python3-setuptools + - python3-dev + - python3-pip + - python3-venv + +- name: Install PostgreSQL + apt: + name: + - postgresql + - python3-psycopg2 + +- name: Configure PostgreSQL user + postgresql_user: name={{ pretalx_dbuser }} password={{ pretalx_dbpass }} + become: true + become_user: postgres + +- name: Configure PostgreSQL database + postgresql_db: name={{ pretalx_dbname }} owner={{ pretalx_dbuser }} + become: true + become_user: postgres + +- name: Install redis + apt: name=redis-server + +- name: Install pretalx + pip: + name: + - gunicorn + - pretalx[postgres,redis] + - psycopg2-binary + virtualenv: /opt/pretalx/venv + virtualenv_command: "python3 -m venv" + become: true + become_user: "{{ pretalx_user }}" + register: pretalx_install + +- name: Configure pretalx + template: + src: pretalx.cfg.j2 + dest: /etc/pretalx/pretalx.cfg + owner: "{{ pretalx_user }}" + group: "{{ pretalx_group }}" + notify: + - Restart pretalx-web + - Restart pretalx-worker + +- name: Run migration script + command: + cmd: "./venv/bin/python3 -m pretalx migrate" + chdir: "/opt/pretalx" + become: true + become_user: "{{ pretalx_user }}" + when: pretalx_install.changed + +- name: Run rebuild script + command: + cmd: "./venv/bin/python3 -m pretalx rebuild" + chdir: "/opt/pretalx" + become: true + become_user: "{{ pretalx_user }}" + when: pretalx_install.changed + +- name: Enable pretalx cronjob + cron: + user: "{{ pretalx_user }}" + name: pretalx + minute: "*/5" + job: "export PATH=/opt/pretalx/venv/bin:$PATH && cd /opt/pretalx && python -m pretalx runperiodic" + +- name: Ensure certificates are available + command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ pretalx_domain }}.key -out /etc/nginx/ssl/{{ pretalx_domain }}.crt -days 730 -subj "/CN={{ pretalx_domain }}" creates=/etc/nginx/ssl/{{ pretalx_domain }}.crt + notify: Restart nginx + +- name: Configure certificate manager for pretalx + template: src=certs.j2 dest=/etc/acertmgr/{{ pretalx_domain }}.conf + notify: Run acertmgr + +- name: Configure vhost + template: src=vhost.j2 dest=/etc/nginx/sites-available/pretalx + notify: Restart nginx + +- name: Enable vhost + file: src=/etc/nginx/sites-available/pretalx dest=/etc/nginx/sites-enabled/pretalx state=link + notify: Restart nginx + +- name: Install systemd units + template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service + with_items: + - pretalx-web + - pretalx-worker + notify: + - Reload systemd + - Restart pretalx-web + - Restart pretalx-worker + +- name: Enable services + service: name={{ item }} state=started enabled=yes + with_items: + - pretalx-web + - pretalx-worker diff --git a/roles/pretalx/templates/certs.j2 b/roles/pretalx/templates/certs.j2 new file mode 100644 index 0000000..843fa6b --- /dev/null +++ b/roles/pretalx/templates/certs.j2 @@ -0,0 +1,15 @@ +--- + +{{ pretalx_domain }}: +- path: /etc/nginx/ssl/{{ pretalx_domain }}.key + user: root + group: root + perm: '400' + format: key + action: '/usr/sbin/service nginx restart' +- path: /etc/nginx/ssl/{{ pretalx_domain }}.crt + user: root + group: root + perm: '400' + format: crt,ca + action: '/usr/sbin/service nginx restart' diff --git a/roles/pretalx/templates/pretalx-web.service.j2 b/roles/pretalx/templates/pretalx-web.service.j2 new file mode 100644 index 0000000..699d81c --- /dev/null +++ b/roles/pretalx/templates/pretalx-web.service.j2 @@ -0,0 +1,18 @@ +[Unit] +Description=pretalx web service +After=network.target + +[Service] +User={{ pretalx_user }} +Group={{ pretalx_group }} +Environment="VIRTUAL_ENV=/opt/pretalx/venv" +Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin" +ExecStart=/opt/pretalx/venv/bin/gunicorn pretalx.wsgi \ + --name pretalx --workers 5 \ + --max-requests 1200 --max-requests-jitter 50 \ + --log-level=info --bind=127.0.0.1:8345 +WorkingDirectory=/opt/pretalx +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/roles/pretalx/templates/pretalx-worker.service.j2 b/roles/pretalx/templates/pretalx-worker.service.j2 new file mode 100644 index 0000000..44a38ce --- /dev/null +++ b/roles/pretalx/templates/pretalx-worker.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=pretalx background worker +After=network.target + +[Service] +User={{ pretalx_user }} +Group={{ pretalx_group }} +Environment="VIRTUAL_ENV=/opt/pretalx/venv" +Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin" +ExecStart=/opt/pretalx/venv/bin/celery -A pretalx.celery_app worker -l info +WorkingDirectory=/opt/pretalx +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/roles/pretalx/templates/pretalx.cfg.j2 b/roles/pretalx/templates/pretalx.cfg.j2 new file mode 100644 index 0000000..aa14544 --- /dev/null +++ b/roles/pretalx/templates/pretalx.cfg.j2 @@ -0,0 +1,26 @@ +[filesystem] +data = /opt/pretalx/data + +[site] +debug = False +url = https://{{ pretalx_domain }} + +[database] +backend = postgresql +name = {{ pretalx_dbname }} +user = {{ pretalx_dbuser }} +password = {{ pretalx_dbpass }} +host = + +[mail] +from={{ pretalx_mail }} +host={{ mail_server }} +tls = True + +[redis] +location=redis://127.0.0.1/0 +sessions=true + +[celery] +backend=redis://127.0.0.1/1 +broker=redis://127.0.0.1/2 diff --git a/roles/pretalx/templates/vhost.j2 b/roles/pretalx/templates/vhost.j2 new file mode 100644 index 0000000..5b1045f --- /dev/null +++ b/roles/pretalx/templates/vhost.j2 @@ -0,0 +1,48 @@ +server { + listen 80; + listen [::]:80; + + server_name {{ pretalx_domain }}; + + location /.well-known/acme-challenge { + default_type "text/plain"; + alias /var/www/acme-challenge; + } + + location / { + return 301 https://{{ pretalx_domain }}$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ pretalx_domain }}; + + ssl_certificate_key /etc/nginx/ssl/{{ pretalx_domain }}.key; + ssl_certificate /etc/nginx/ssl/{{ pretalx_domain }}.crt; + + add_header Referrer-Policy same-origin; + add_header X-Content-Type-Options nosniff; + + location / { + proxy_pass http://localhost:8345; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $http_host; + } + + location /media/ { + alias /opt/pretalx/data/media/; + expires 7d; + access_log off; + } + + location /static/ { + alias /opt/pretalx/venv/lib/python3.11/site-packages/pretalx/static.dist/; + access_log off; + expires 365d; + add_header Cache-Control "public"; + } +} diff --git a/site.yml b/site.yml index 02bd699..d053205 100644 --- a/site.yml +++ b/site.yml @@ -7,7 +7,7 @@ - root_keys - name: Setup unattended updates - hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, barium.binary-kitchen.net] + hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, barium.binary-kitchen.net] roles: - uau @@ -144,6 +144,11 @@ roles: - pretix +- name: Setup event pretalx host + hosts: palladium.binary-kitchen.net + roles: + - pretalx + - name: Setup WorkAdventure host hosts: barium.binary-kitchen.net roles: