pretalx: remove role (was on palladium.binary-kitchen.net)

2024-11-18 16:28:04 +01:00 · 2024-11-18 16:28:04 +01:00 · 10f7450bc6
commit 10f7450bc6
parent 9179a8a1f6
11 changed files with 1 additions and 278 deletions
--- a/1
+++ b/1
@ -36,7 +36,6 @@ zirconium.binary-kitchen.net
 molybdenum.binary-kitchen.net
 ruthenium.binary-kitchen.net
 rhodium.binary-kitchen.net
 palladium.binary-kitchen.net
 argentum.binary-kitchen.net
 cadmium.binary-kitchen.net
 indium.binary-kitchen.net
--- a/roles/pretalx/defaults/main.yml
+++ b/roles/pretalx/defaults/main.yml
@ -1,4 +0,0 @@
 ---
 pretalx_user: pretalx
 pretalx_group: pretalx
--- a/roles/pretalx/handlers/main.yml
+++ b/roles/pretalx/handlers/main.yml
@ -1,13 +0,0 @@
 ---
 - name: Run acertmgr
  command: /usr/bin/acertmgr
 - name: Reload systemd
  systemd: daemon_reload=yes
 - name: Restart pretalx-web
  service: name=pretalx-web state=restarted
 - name: Restart pretalx-worker
  service: name=pretalx-worker state=restarted
--- a/roles/pretalx/meta/main.yml
+++ b/roles/pretalx/meta/main.yml
@ -1,5 +0,0 @@
 ---
 dependencies:
 - { role: acertmgr }
 - { role: nginx, nginx_ssl: True }
--- a/roles/pretalx/tasks/main.yml
+++ b/roles/pretalx/tasks/main.yml
@ -1,125 +0,0 @@
 ---
 - name: Create group
  group: name={{ pretalx_group }}
 - name: Create user
  user: name={{ pretalx_user }} home=/home/{{ pretalx_user }} group={{ pretalx_group }}
 - name: Create pretalx directories
  file: path={{ item }} state=directory owner={{ pretalx_user }} group={{ pretalx_group }}
  with_items:
  - /etc/pretalx
  - /opt/pretalx
  - /opt/pretalx/data
  - /opt/pretalx/data/media
  - /opt/pretalx/static
 - name: Install dependencies
  apt:
    name:
    - build-essential
    - gettext
    - libssl-dev
    - nodejs
    - npm
    - python3-setuptools
    - python3-dev
    - python3-pip
    - python3-venv
 - name: Install PostgreSQL
  apt:
    name:
    - postgresql
    - python3-psycopg2
 - name: Configure PostgreSQL user
  postgresql_user: name={{ pretalx_dbuser }} password={{ pretalx_dbpass }}
  become: true
  become_user: postgres
 - name: Configure PostgreSQL database
  postgresql_db: name={{ pretalx_dbname }} owner={{ pretalx_dbuser }}
  become: true
  become_user: postgres
 - name: Install redis
  apt: name=redis-server
 - name: Install pretalx
  pip:
    name:
    - gunicorn
    - pretalx[postgres,redis]
    - psycopg2-binary
    virtualenv: /opt/pretalx/venv
    virtualenv_command: "python3 -m venv"
  become: true
  become_user: "{{ pretalx_user }}"
  register: pretalx_install
 - name: Configure pretalx
  template:
    src: pretalx.cfg.j2
    dest: /etc/pretalx/pretalx.cfg
    owner: "{{ pretalx_user }}"
    group: "{{ pretalx_group }}"
  notify:
  - Restart pretalx-web
  - Restart pretalx-worker
 - name: Run migration script
  command:
    cmd: "./venv/bin/python3 -m pretalx migrate"
    chdir: "/opt/pretalx"
  become: true
  become_user: "{{ pretalx_user }}"
  when: pretalx_install.changed
 - name: Run rebuild script
  command:
    cmd: "./venv/bin/python3 -m pretalx rebuild"
    chdir: "/opt/pretalx"
  become: true
  become_user: "{{ pretalx_user }}"
  when: pretalx_install.changed
 - name: Enable pretalx cronjob
  cron:
    user: "{{ pretalx_user }}"
    name: pretalx
    minute: "*/5"
    job: "export PATH=/opt/pretalx/venv/bin:$PATH && cd /opt/pretalx && python -m pretalx runperiodic > /dev/null"
 - name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ pretalx_domain }}.key -out /etc/nginx/ssl/{{ pretalx_domain }}.crt -days 730 -subj "/CN={{ pretalx_domain }}" creates=/etc/nginx/ssl/{{ pretalx_domain }}.crt
  notify: Restart nginx
 - name: Configure certificate manager for pretalx
  template: src=certs.j2 dest=/etc/acertmgr/{{ pretalx_domain }}.conf
  notify: Run acertmgr
 - name: Configure vhost
  template: src=vhost.j2 dest=/etc/nginx/sites-available/pretalx
  notify: Restart nginx
 - name: Enable vhost
  file: src=/etc/nginx/sites-available/pretalx dest=/etc/nginx/sites-enabled/pretalx state=link
  notify: Restart nginx
 - name: Install systemd units
  template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
  with_items:
  - pretalx-web
  - pretalx-worker
  notify:
  - Reload systemd
  - Restart pretalx-web
  - Restart pretalx-worker
 - name: Enable services
  service: name={{ item }} state=started enabled=yes
  with_items:
  - pretalx-web
  - pretalx-worker
--- a/roles/pretalx/templates/certs.j2
+++ b/roles/pretalx/templates/certs.j2
@ -1,15 +0,0 @@
 ---
 {{ pretalx_domain }}:
 - path: /etc/nginx/ssl/{{ pretalx_domain }}.key
  user: root
  group: root
  perm: '400'
  format: key
  action: '/usr/sbin/service nginx restart'
 - path: /etc/nginx/ssl/{{ pretalx_domain }}.crt
  user: root
  group: root
  perm: '400'
  format: crt,ca
  action: '/usr/sbin/service nginx restart'
--- a/roles/pretalx/templates/pretalx-web.service.j2
+++ b/roles/pretalx/templates/pretalx-web.service.j2
@ -1,18 +0,0 @@
 [Unit]
 Description=pretalx web service
 After=network.target
 [Service]
 User={{ pretalx_user }}
 Group={{ pretalx_group }}
 Environment="VIRTUAL_ENV=/opt/pretalx/venv"
 Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
 ExecStart=/opt/pretalx/venv/bin/gunicorn pretalx.wsgi \
                      --name pretalx --workers 5 \
                      --max-requests 1200  --max-requests-jitter 50 \
                      --log-level=info --bind=127.0.0.1:8345
 WorkingDirectory=/opt/pretalx
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target
--- a/roles/pretalx/templates/pretalx-worker.service.j2
+++ b/roles/pretalx/templates/pretalx-worker.service.j2
@ -1,15 +0,0 @@
 [Unit]
 Description=pretalx background worker
 After=network.target
 [Service]
 User={{ pretalx_user }}
 Group={{ pretalx_group }}
 Environment="VIRTUAL_ENV=/opt/pretalx/venv"
 Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
 ExecStart=/opt/pretalx/venv/bin/celery -A pretalx.celery_app worker -l info
 WorkingDirectory=/opt/pretalx
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target
--- a/roles/pretalx/templates/pretalx.cfg.j2
+++ b/roles/pretalx/templates/pretalx.cfg.j2
@ -1,27 +0,0 @@
 [filesystem]
 data = /opt/pretalx/data
 static = /opt/pretalx/static
 [site]
 debug = False
 url = https://{{ pretalx_domain }}
 [database]
 backend = postgresql
 name = {{ pretalx_dbname }}
 user = {{ pretalx_dbuser }}
 password = {{ pretalx_dbpass }}
 host =
 [mail]
 from={{ pretalx_mail }}
 host={{ mail_server }}
 tls = True
 [redis]
 location=redis://127.0.0.1/0
 sessions=true
 [celery]
 backend=redis://127.0.0.1/1
 broker=redis://127.0.0.1/2
--- a/roles/pretalx/templates/vhost.j2
+++ b/roles/pretalx/templates/vhost.j2
@ -1,49 +0,0 @@
 server {
 	listen 80;
 	listen [::]:80;
 	server_name {{ pretalx_domain }};
 	location /.well-known/acme-challenge {
 		default_type "text/plain";
 		alias /var/www/acme-challenge;
 	}
 	location / {
 		return 301 https://{{ pretalx_domain }}$request_uri;
 	}
 }
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name {{ pretalx_domain }};
 	ssl_certificate_key /etc/nginx/ssl/{{ pretalx_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ pretalx_domain }}.crt;
 	add_header Referrer-Policy same-origin;
 	add_header X-Content-Type-Options nosniff;
 	location / {
 		proxy_pass http://localhost:8345;
 		client_max_body_size 32M;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 		proxy_set_header X-Forwarded-Proto https;
 		proxy_set_header Host $http_host;
 	}
 	location /media/ {
 		alias /opt/pretalx/data/media/;
 		expires 7d;
 		access_log off;
 	}
 	location /static/ {
 		alias /opt/pretalx/static/;
 		access_log off;
 		expires 365d;
 		add_header Cache-Control "public";
 	}
 }
--- a/site.yml
+++ b/site.yml
@ -7,7 +7,7 @@
  - root_keys
 - name: Setup unattended updates
-  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
+  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
  roles:
  - uau
@ -153,11 +153,6 @@
  roles:
  - pretix
 - name: Setup event pretalx server
  hosts: palladium.binary-kitchen.net
  roles:
  - pretalx
 - name: Setup event netbox server
  hosts: cadmium.binary-kitchen.net
  roles: