diff --git a/hosts b/hosts index 13a2334..5ea911c 100644 --- a/hosts +++ b/hosts @@ -36,7 +36,6 @@ zirconium.binary-kitchen.net molybdenum.binary-kitchen.net ruthenium.binary-kitchen.net rhodium.binary-kitchen.net -palladium.binary-kitchen.net argentum.binary-kitchen.net cadmium.binary-kitchen.net indium.binary-kitchen.net diff --git a/roles/pretalx/defaults/main.yml b/roles/pretalx/defaults/main.yml deleted file mode 100644 index 452e60e..0000000 --- a/roles/pretalx/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -pretalx_user: pretalx -pretalx_group: pretalx diff --git a/roles/pretalx/handlers/main.yml b/roles/pretalx/handlers/main.yml deleted file mode 100644 index db29023..0000000 --- a/roles/pretalx/handlers/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Run acertmgr - command: /usr/bin/acertmgr - -- name: Reload systemd - systemd: daemon_reload=yes - -- name: Restart pretalx-web - service: name=pretalx-web state=restarted - -- name: Restart pretalx-worker - service: name=pretalx-worker state=restarted diff --git a/roles/pretalx/meta/main.yml b/roles/pretalx/meta/main.yml deleted file mode 100644 index 8fcf724..0000000 --- a/roles/pretalx/meta/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -dependencies: -- { role: acertmgr } -- { role: nginx, nginx_ssl: True } diff --git a/roles/pretalx/tasks/main.yml b/roles/pretalx/tasks/main.yml deleted file mode 100644 index 8e5ac74..0000000 --- a/roles/pretalx/tasks/main.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- - -- name: Create group - group: name={{ pretalx_group }} - -- name: Create user - user: name={{ pretalx_user }} home=/home/{{ pretalx_user }} group={{ pretalx_group }} - -- name: Create pretalx directories - file: path={{ item }} state=directory owner={{ pretalx_user }} group={{ pretalx_group }} - with_items: - - /etc/pretalx - - /opt/pretalx - - /opt/pretalx/data - - /opt/pretalx/data/media - - /opt/pretalx/static - -- name: Install dependencies - apt: - name: - - build-essential - - gettext - - libssl-dev - - nodejs - - npm - - python3-setuptools - - python3-dev - - python3-pip - - python3-venv - -- name: Install PostgreSQL - apt: - name: - - postgresql - - python3-psycopg2 - -- name: Configure PostgreSQL user - postgresql_user: name={{ pretalx_dbuser }} password={{ pretalx_dbpass }} - become: true - become_user: postgres - -- name: Configure PostgreSQL database - postgresql_db: name={{ pretalx_dbname }} owner={{ pretalx_dbuser }} - become: true - become_user: postgres - -- name: Install redis - apt: name=redis-server - -- name: Install pretalx - pip: - name: - - gunicorn - - pretalx[postgres,redis] - - psycopg2-binary - virtualenv: /opt/pretalx/venv - virtualenv_command: "python3 -m venv" - become: true - become_user: "{{ pretalx_user }}" - register: pretalx_install - -- name: Configure pretalx - template: - src: pretalx.cfg.j2 - dest: /etc/pretalx/pretalx.cfg - owner: "{{ pretalx_user }}" - group: "{{ pretalx_group }}" - notify: - - Restart pretalx-web - - Restart pretalx-worker - -- name: Run migration script - command: - cmd: "./venv/bin/python3 -m pretalx migrate" - chdir: "/opt/pretalx" - become: true - become_user: "{{ pretalx_user }}" - when: pretalx_install.changed - -- name: Run rebuild script - command: - cmd: "./venv/bin/python3 -m pretalx rebuild" - chdir: "/opt/pretalx" - become: true - become_user: "{{ pretalx_user }}" - when: pretalx_install.changed - -- name: Enable pretalx cronjob - cron: - user: "{{ pretalx_user }}" - name: pretalx - minute: "*/5" - job: "export PATH=/opt/pretalx/venv/bin:$PATH && cd /opt/pretalx && python -m pretalx runperiodic > /dev/null" - -- name: Ensure certificates are available - command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ pretalx_domain }}.key -out /etc/nginx/ssl/{{ pretalx_domain }}.crt -days 730 -subj "/CN={{ pretalx_domain }}" creates=/etc/nginx/ssl/{{ pretalx_domain }}.crt - notify: Restart nginx - -- name: Configure certificate manager for pretalx - template: src=certs.j2 dest=/etc/acertmgr/{{ pretalx_domain }}.conf - notify: Run acertmgr - -- name: Configure vhost - template: src=vhost.j2 dest=/etc/nginx/sites-available/pretalx - notify: Restart nginx - -- name: Enable vhost - file: src=/etc/nginx/sites-available/pretalx dest=/etc/nginx/sites-enabled/pretalx state=link - notify: Restart nginx - -- name: Install systemd units - template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service - with_items: - - pretalx-web - - pretalx-worker - notify: - - Reload systemd - - Restart pretalx-web - - Restart pretalx-worker - -- name: Enable services - service: name={{ item }} state=started enabled=yes - with_items: - - pretalx-web - - pretalx-worker diff --git a/roles/pretalx/templates/certs.j2 b/roles/pretalx/templates/certs.j2 deleted file mode 100644 index 843fa6b..0000000 --- a/roles/pretalx/templates/certs.j2 +++ /dev/null @@ -1,15 +0,0 @@ ---- - -{{ pretalx_domain }}: -- path: /etc/nginx/ssl/{{ pretalx_domain }}.key - user: root - group: root - perm: '400' - format: key - action: '/usr/sbin/service nginx restart' -- path: /etc/nginx/ssl/{{ pretalx_domain }}.crt - user: root - group: root - perm: '400' - format: crt,ca - action: '/usr/sbin/service nginx restart' diff --git a/roles/pretalx/templates/pretalx-web.service.j2 b/roles/pretalx/templates/pretalx-web.service.j2 deleted file mode 100644 index 699d81c..0000000 --- a/roles/pretalx/templates/pretalx-web.service.j2 +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=pretalx web service -After=network.target - -[Service] -User={{ pretalx_user }} -Group={{ pretalx_group }} -Environment="VIRTUAL_ENV=/opt/pretalx/venv" -Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin" -ExecStart=/opt/pretalx/venv/bin/gunicorn pretalx.wsgi \ - --name pretalx --workers 5 \ - --max-requests 1200 --max-requests-jitter 50 \ - --log-level=info --bind=127.0.0.1:8345 -WorkingDirectory=/opt/pretalx -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/roles/pretalx/templates/pretalx-worker.service.j2 b/roles/pretalx/templates/pretalx-worker.service.j2 deleted file mode 100644 index 44a38ce..0000000 --- a/roles/pretalx/templates/pretalx-worker.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=pretalx background worker -After=network.target - -[Service] -User={{ pretalx_user }} -Group={{ pretalx_group }} -Environment="VIRTUAL_ENV=/opt/pretalx/venv" -Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin" -ExecStart=/opt/pretalx/venv/bin/celery -A pretalx.celery_app worker -l info -WorkingDirectory=/opt/pretalx -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/roles/pretalx/templates/pretalx.cfg.j2 b/roles/pretalx/templates/pretalx.cfg.j2 deleted file mode 100644 index aec05f4..0000000 --- a/roles/pretalx/templates/pretalx.cfg.j2 +++ /dev/null @@ -1,27 +0,0 @@ -[filesystem] -data = /opt/pretalx/data -static = /opt/pretalx/static - -[site] -debug = False -url = https://{{ pretalx_domain }} - -[database] -backend = postgresql -name = {{ pretalx_dbname }} -user = {{ pretalx_dbuser }} -password = {{ pretalx_dbpass }} -host = - -[mail] -from={{ pretalx_mail }} -host={{ mail_server }} -tls = True - -[redis] -location=redis://127.0.0.1/0 -sessions=true - -[celery] -backend=redis://127.0.0.1/1 -broker=redis://127.0.0.1/2 diff --git a/roles/pretalx/templates/vhost.j2 b/roles/pretalx/templates/vhost.j2 deleted file mode 100644 index 9906605..0000000 --- a/roles/pretalx/templates/vhost.j2 +++ /dev/null @@ -1,49 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name {{ pretalx_domain }}; - - location /.well-known/acme-challenge { - default_type "text/plain"; - alias /var/www/acme-challenge; - } - - location / { - return 301 https://{{ pretalx_domain }}$request_uri; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name {{ pretalx_domain }}; - - ssl_certificate_key /etc/nginx/ssl/{{ pretalx_domain }}.key; - ssl_certificate /etc/nginx/ssl/{{ pretalx_domain }}.crt; - - add_header Referrer-Policy same-origin; - add_header X-Content-Type-Options nosniff; - - location / { - proxy_pass http://localhost:8345; - client_max_body_size 32M; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header Host $http_host; - } - - location /media/ { - alias /opt/pretalx/data/media/; - expires 7d; - access_log off; - } - - location /static/ { - alias /opt/pretalx/static/; - access_log off; - expires 365d; - add_header Cache-Control "public"; - } -} diff --git a/site.yml b/site.yml index 942fcc7..ee97449 100644 --- a/site.yml +++ b/site.yml @@ -7,7 +7,7 @@ - root_keys - name: Setup unattended updates - hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net] + hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net] roles: - uau @@ -153,11 +153,6 @@ roles: - pretix -- name: Setup event pretalx server - hosts: palladium.binary-kitchen.net - roles: - - pretalx - - name: Setup event netbox server hosts: cadmium.binary-kitchen.net roles: