pretix: new role
This commit is contained in:
parent
966e96f2f9
commit
933fa6387e
@ -127,6 +127,12 @@ nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de
|
||||
nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de
|
||||
nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de
|
||||
|
||||
pretix_domain: pretix.rc3.binary-kitchen.de
|
||||
pretix_dbname: pretix
|
||||
pretix_dbuser: pretix
|
||||
pretix_dbpass: "{{ vault_pretix_dbpass }}"
|
||||
pretix_mail: rc3@binary-kitchen.de
|
||||
|
||||
prometheus_pve_user: prometheus@pve
|
||||
prometheus_pve_pass: "{{ vault_prometheus_pve_pass }}"
|
||||
|
||||
|
@ -1,70 +1,70 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39316232613634343830643461396530306634313466313837613964663431373865373035653433
|
||||
6265376565646564306666623636313130666437343230640a663762663137333466343732666635
|
||||
63666363393037316430393738636462313162346465316237666566613337306538366432326462
|
||||
6631323763636237350a613837366362386663356463333161643837666664353938633432623662
|
||||
33656566633435343964313966333063313432666531633962636533326262346166356237373261
|
||||
35323463323364643734356630366539346534323838653237383632363861633434306166306363
|
||||
37363362656337623966323933653266393835346136306337663030336266336261366465393465
|
||||
36336530633334356435616639623935313437663435366464663462393465336461313236633461
|
||||
63303436393361326163396636386137393261366266363066623633383734376435636666356663
|
||||
61663730623332356636643434393466356265383136656562633035616232613662353063643138
|
||||
64323665366438306339623064393661633939306136313235643465653635623363376239393965
|
||||
31623039373330333534396133363663316364316463653733393539633439653934613035626366
|
||||
39636164633061303665353732363038643435393430666438646633383638343839633336313338
|
||||
32316163663838323730356336636666336165643636313665363032303765653435633831356338
|
||||
36626666333432323031373131396466663233373266333635336566313837366137376536376138
|
||||
64333764366536343137613532616431643532653364343763343138633735303030393066383938
|
||||
36626633323634613538383762666239653865363033303338666638323839386461393037313562
|
||||
31643365303833363265353663383365336231636562626536663330623163633063623961346139
|
||||
39353432366235663033623930656463323032333034326562343139376439366230356261616233
|
||||
34363464376133623232666334663366333833326531313363393935356666323739353030613666
|
||||
36383861323664613833613034616264636538353762376661336431373735376563343137376230
|
||||
37383066373439336564353639633736373161346465323965323330616233386366633366356636
|
||||
39663361313865346634313764636137363265343466626437643434633266316137613233383138
|
||||
66313634303164643662386339396163313335373863656462323561666464636632616436346230
|
||||
35376536393235366134363234333638396134633635636132643031346461343266643137666365
|
||||
34666165623837343865313265653762363531646230333033373730623866343539663030306563
|
||||
38353761656162623561643038653461323361323362383335316562323036373564623632353061
|
||||
31363337316131323561633264353233666135393633623962346464653261653065316337333835
|
||||
38656233316532336336353331303131353033386233633862316561343563326636303539663866
|
||||
64373563666463616335393865623063653462626133643763366239623239663430616539336637
|
||||
64333866623733363930313562346231346238623132393862623130393637343265343835383133
|
||||
63643037333531666366323965333333643133663330666434316536306165396365623063356530
|
||||
62383638616630333163353833376239633839653565346531366539383339376464326437326337
|
||||
66363238336462336634613163303037646138323865613237656163386162353666616334323435
|
||||
33343133366138636538613939363434343930333265663861346366353863383830313231333938
|
||||
62323962333433303539646661363930393136616635343262383739623162616561393335313865
|
||||
36643536633466656635653836636161356365303239343036363335326232353931343138353263
|
||||
36396331643930663731656432353462613933623733343333343338323831343232393139323664
|
||||
34393634323437313162613465376563616636326639643061386362373365323637343262333238
|
||||
31383438663933373765646561666233636263373561656336313133616334373766356436303863
|
||||
36643730383330633561313131396635653330663837316662383762373932306164336637396530
|
||||
63666639366136646364333039373630643662613837356335653334383836373862636539336261
|
||||
33663462316666306662323161373161653664333566623437383865373862323836633436636238
|
||||
64376661363731306330326631663130366365373564313435633962353137343738363835336464
|
||||
61303963386130353230393733663937613336616161353438623531613662363930616433343535
|
||||
62633963623037343831353531306537613437663339383064376566366463363461336262633131
|
||||
38633031346666393235666464613066353537323134386163333965376638613534623764396635
|
||||
34633339663234386562663636626661383839306333616362316264366132343634363761633438
|
||||
61616432326465306366333962626164383238373161306533323737326532616166616636393735
|
||||
37303032653630666537643238613637626261386536306534643734623430376231633939376263
|
||||
35396235633538386632383166653865653535643663353431366361633661306561346137383930
|
||||
36626262346165396238626336616437636332386335306135396665333639363165383563616538
|
||||
38623330643661646162613734656630633337353638343666613939353063316434656530386262
|
||||
65393439333663323063356633616665666535386539323536366535356466353938663035326333
|
||||
61303265373136333536653732306231636263343831323532306132653465383732303931386161
|
||||
36393564313039336636613562363066373461336439343434333937343664373437386236633332
|
||||
33376136613837336365396339396463363665373865323265653438656537613566616531373536
|
||||
30313834396564323861386335383863353730663831373262653636373734323232343866303061
|
||||
62613534326261383263613535363364663739393836393963346562366339323338373237636661
|
||||
61393032366362373236626536663231343566313739386531656434386635336237396632663231
|
||||
36303135356539323665333037386237663730643737653962633161663834306538326532303566
|
||||
61316563373632643836613831613362613936633630623263363963373132356437303934333035
|
||||
35323039386231363265303738643638643864313037386632386539346465643539383533366131
|
||||
30313565613161663730626433383334623939323161393061353062333931643930353832626561
|
||||
32643134306533386139633837316134653239656334306662653061646331353865343864343730
|
||||
38623035376631646662626131333061306331336538636230626535393631343038323962346137
|
||||
39346561646361373735326565363936366263376330326334616231636232343862303564383237
|
||||
65363334663734313532393338363933646432396434613665316163373838613064663331373536
|
||||
3465
|
||||
34303237313431646264363034353637613836633432633638333963363037663435626166663630
|
||||
6338393164366434386334313664386166373031326538350a396639373163646666376462373662
|
||||
36623863356436356635303263643239666162333863613831326630303363346137653234323838
|
||||
3639623464303131350a653162336338626665393534623063623330323162373935353939303631
|
||||
64333363373563343336643764306563376461393430643631366133353836646363363166653233
|
||||
38323331386165366334656630626138383131323664333266353164323164373364303161653365
|
||||
30333339646139626434636365653666636534346266636262613938656665343634363563663366
|
||||
32306663653930613762663534613635616663613130613933626331663861643439323664353739
|
||||
31316531653562646363376233636464396262313132343234303933343066373862633235383333
|
||||
31313431336464663163343835646430323664373166363465343037333130343636646363393231
|
||||
34613162386637306539663431636137353039383037333937613035393332353933333134346335
|
||||
31616561636533383639366634316164343466613634643130353437393664336332316132363934
|
||||
61333961613530333536613034386332646136313939356339633334353333326661393231343261
|
||||
62653463316662376134663965383030636639356637393237653362616561616238653637623039
|
||||
65653139373633323766356362613239316165393966623932346561363363393138653032366439
|
||||
64303463306132363261333936653763353833386337303763316362666134306264306464306362
|
||||
30343364393539636565633861386261373661623061333733353635336133373162636465376137
|
||||
61316465306534623337383631663538336632383832343132333862316336323961623637383838
|
||||
65363832646138376233653264373535633437376162326361313863333839343236343966393839
|
||||
32323361666264373466396130666465303032393364633134343264643731323438646562333361
|
||||
63376266616430643135326430366266633332633333646134313736316139386232333965346331
|
||||
61663964653931333730643435303637666563316133373831336566303361383736666139626562
|
||||
38623031303533396632613361323533313334333631316434646232383136393433323466383330
|
||||
65666530616466623933393936613963663766653361643733326330643162346635613835633736
|
||||
64393064326233313035316130353563623639303665623064303831376332353264633930363364
|
||||
33623137353130353962323964396130646230393335386434346130663064613434643136656466
|
||||
63623666376165653961666539383335356163316131353966613036643530663835313766366533
|
||||
31656633633331636535316234653561326465623562393632623062383935336530383133626236
|
||||
66323366306366623631373861346635303063376264613734643039363137613837333534616362
|
||||
37633462373538313562666639613031343866383234633438373936623437333666343731633735
|
||||
33386666313531613734643431333332346439386465303531306365386537613933623636643237
|
||||
35653434303433633533356662623965383133383838613361303832326130343938393561393935
|
||||
38313533643830633432303464306561643233303866316130616531623230393366323264626165
|
||||
33653230366138376533376166393466656233353061343338393433386332333361353063323634
|
||||
66366561646466616566336265363037616433616231353739613538633765343235323637303535
|
||||
34373739306130313536633338353130656632666536356535636265333335303730333031323436
|
||||
39633466353139663361646265656334633461346564616633643030383662353762643237333761
|
||||
31326435313361366163353836633535303462623533373363376433613139373135393566333937
|
||||
64313838373366383432376430643236633030623736643435363038616261333364366139666435
|
||||
66623661643032633931623539383136373138636333323737323165333831333764363137393562
|
||||
62663335353265353535643666356632663736343039333965653639653764646261323736313430
|
||||
39656366356130326363363133383062333530316165643430383161306135346663623861313030
|
||||
65346430353230363561633239623330623265666336616133326263323063333132323764343735
|
||||
63346230373339343062393035356565376265643463326366326535313130663163366435323339
|
||||
62363339313332663333653336633331343161363432393639316630633365643037653739613132
|
||||
63316662336630626366363662333061353539333133653732646330643065333430316333316131
|
||||
33363662653465306531666435363932663432373932353466383364383634643634313736303931
|
||||
63353632353836663263616137353031643238663632363563656137313961656534663137613061
|
||||
37636530306334613639326363383665373061383634326630653366386632636634653638653330
|
||||
32366438623635363833343566353365373762646162393637326433656438663066663766333761
|
||||
65363136666238623439663764363266363731613261326566653035303265623736353331376562
|
||||
36646435353134613363316236383938613032626562646237366337376433326334386330646266
|
||||
66333365323133616466646164353262653830313764376562636164326163623463373863373630
|
||||
31623264373330386136396130626133323762363262336337396562613166646132386362383635
|
||||
61333637373462316463303962396162383039373265303939306132323533393236343965613835
|
||||
32646361383938383337653264323766363130613264613463386432306238316531653437323939
|
||||
39353866313834393933623630303539633334663239343865313264616664656464646631623934
|
||||
33623230643633353361343965396236393939343765653161643530626133663236383135343934
|
||||
37353231626339323866613237663463656239326335643035313730363133616538613866386162
|
||||
65623335393462633130353965343533616261636261656162626639323231623934663765386166
|
||||
37353665643363386662646538306530326161653461393236616531343935393639386432633437
|
||||
63643561646337616138633063646261323937333262333535626235373561336339346661353365
|
||||
30396365376566616538353866383266666436636131656535363062633237313266366639373536
|
||||
64316435316234313365306332383637636263376563393464303566313566636238626434393364
|
||||
62316263353733636136393034616362643764346536373533363937633938383037376261656330
|
||||
30333738616232616566643335353161636466643830393464643263653633373662623437643332
|
||||
61396430636631396134393064633131636233653664373363386638366138343435613438303330
|
||||
61366234663461333331623961393834643233623862323861346163343934303838666232626639
|
||||
6139
|
||||
|
4
roles/pretix/defaults/main.yml
Normal file
4
roles/pretix/defaults/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
|
||||
pretix_user: pretix
|
||||
pretix_group: pretix
|
13
roles/pretix/handlers/main.yml
Normal file
13
roles/pretix/handlers/main.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart pretix-web
|
||||
service: name=pretix-web state=restarted
|
||||
|
||||
- name: Restart pretix-worker
|
||||
service: name=pretix-worker state=restarted
|
5
roles/pretix/meta/main.yml
Normal file
5
roles/pretix/meta/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
dependencies:
|
||||
- { role: acertmgr }
|
||||
- { role: nginx, nginx_ssl: True }
|
127
roles/pretix/tasks/main.yml
Normal file
127
roles/pretix/tasks/main.yml
Normal file
@ -0,0 +1,127 @@
|
||||
---
|
||||
|
||||
- name: Create group
|
||||
group: name={{ pretix_group }}
|
||||
|
||||
- name: Create user
|
||||
user: name={{ pretix_user }} home=/home/{{ pretix_user }} group={{ pretix_group }}
|
||||
|
||||
- name: Create pretix directories
|
||||
file: path={{ item }} state=directory owner={{ pretix_user }} group={{ pretix_group }}
|
||||
with_items:
|
||||
- /etc/pretix
|
||||
- /opt/pretix
|
||||
- /opt/pretix/data
|
||||
- /opt/pretix/data/media
|
||||
|
||||
- name: Install dependencies
|
||||
apt:
|
||||
name:
|
||||
- build-essential
|
||||
- gettext
|
||||
- libffi-dev
|
||||
- libpq-dev
|
||||
- libssl-dev
|
||||
- libxml2-dev
|
||||
- libxslt1-dev
|
||||
- nodejs
|
||||
- python3-setuptools
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- python3-venv
|
||||
- zlib1g-dev
|
||||
|
||||
- name: Install PostgreSQL
|
||||
apt:
|
||||
name:
|
||||
- postgresql
|
||||
- python3-psycopg2
|
||||
|
||||
- name: Configure PostgreSQL database
|
||||
postgresql_db: name={{ pretix_dbname }}
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Configure PostgreSQL user
|
||||
postgresql_user: db={{ pretix_dbname }} name={{ pretix_dbuser }} password={{ pretix_dbpass }} priv=ALL state=present
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Install redis
|
||||
apt: name=redis-server
|
||||
|
||||
- name: Install pretix
|
||||
pip:
|
||||
name:
|
||||
- gunicorn
|
||||
- pretix
|
||||
virtualenv: /opt/pretix/venv
|
||||
virtualenv_command: "python3 -m venv"
|
||||
become: true
|
||||
become_user: "{{ pretix_user }}"
|
||||
register: pretix_install
|
||||
|
||||
- name: Configure pretix
|
||||
template:
|
||||
src: pretix.cfg.j2
|
||||
dest: /etc/pretix/pretix.cfg
|
||||
owner: "{{ pretix_user }}"
|
||||
group: "{{ pretix_group }}"
|
||||
notify:
|
||||
- Restart pretix-web
|
||||
- Restart pretix-worker
|
||||
|
||||
- name: Run migration script
|
||||
command:
|
||||
cmd: "./venv/bin/python3 -m pretix migrate"
|
||||
chdir: "/opt/pretix"
|
||||
become: true
|
||||
become_user: "{{ pretix_user }}"
|
||||
when: pretix_install.changed
|
||||
|
||||
- name: Run rebuild script
|
||||
command:
|
||||
cmd: "./venv/bin/python3 -m pretix rebuild"
|
||||
chdir: "/opt/pretix"
|
||||
become: true
|
||||
become_user: "{{ pretix_user }}"
|
||||
when: pretix_install.changed
|
||||
|
||||
- name: Enable pretix cronjob
|
||||
cron:
|
||||
user: "{{ pretix_user }}"
|
||||
name: pretix
|
||||
minute: "*/5"
|
||||
job: "export PATH=/opt/pretix/venv/bin:$PATH && cd /opt/pretix && python -m pretix runperiodic"
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ pretix_domain }}.key -out /etc/nginx/ssl/{{ pretix_domain }}.crt -days 730 -subj "/CN={{ pretix_domain }}" creates=/etc/nginx/ssl/{{ pretix_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager for pretix
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ pretix_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/pretix
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/pretix dest=/etc/nginx/sites-enabled/pretix state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Install systemd units
|
||||
template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
|
||||
with_items:
|
||||
- pretix-web
|
||||
- pretix-worker
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart pretix-web
|
||||
- Restart pretix-worker
|
||||
|
||||
- name: Enable services
|
||||
service: name={{ item }} state=started enabled=yes
|
||||
with_items:
|
||||
- pretix-web
|
||||
- pretix-worker
|
15
roles/pretix/templates/certs.j2
Normal file
15
roles/pretix/templates/certs.j2
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
{{ pretix_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ pretix_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ pretix_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
18
roles/pretix/templates/pretix-web.service.j2
Normal file
18
roles/pretix/templates/pretix-web.service.j2
Normal file
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=pretix web service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User={{ pretix_user }}
|
||||
Group={{ pretix_group }}
|
||||
Environment="VIRTUAL_ENV=/opt/pretix/venv"
|
||||
Environment="PATH=/opt/pretix/venv/bin:/usr/local/bin:/usr/bin:/bin"
|
||||
ExecStart=/opt/pretix/venv/bin/gunicorn pretix.wsgi \
|
||||
--name pretix --workers 5 \
|
||||
--max-requests 1200 --max-requests-jitter 50 \
|
||||
--log-level=info --bind=127.0.0.1:8345
|
||||
WorkingDirectory=/opt/pretix
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
15
roles/pretix/templates/pretix-worker.service.j2
Normal file
15
roles/pretix/templates/pretix-worker.service.j2
Normal file
@ -0,0 +1,15 @@
|
||||
[Unit]
|
||||
Description=pretix background worker
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User={{ pretix_user }}
|
||||
Group={{ pretix_group }}
|
||||
Environment="VIRTUAL_ENV=/opt/pretix/venv"
|
||||
Environment="PATH=/opt/pretix/venv/bin:/usr/local/bin:/usr/bin:/bin"
|
||||
ExecStart=/opt/pretix/venv/bin/celery -A pretix.celery_app worker -l info
|
||||
WorkingDirectory=/opt/pretix
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
34
roles/pretix/templates/pretix.cfg.j2
Normal file
34
roles/pretix/templates/pretix.cfg.j2
Normal file
@ -0,0 +1,34 @@
|
||||
[pretix]
|
||||
instance_name=Binary Kitchen RC3 Pretix
|
||||
url=https://pretix.rc3.binary-kitchen.de
|
||||
currency=EUR
|
||||
datadir=/opt/pretix/data
|
||||
trust_x_forwarded_for=on
|
||||
trust_x_forwarded_proto=on
|
||||
|
||||
[database]
|
||||
; For MySQL, replace with "mysql"
|
||||
backend=postgresql
|
||||
name={{ pretix_dbname }}
|
||||
user={{ pretix_dbuser }}
|
||||
; For MySQL, enter the user password. For PostgreSQL on the same host,
|
||||
; we don't need one because we can use peer authentification if our
|
||||
; PostgreSQL user matches our unix user.
|
||||
password={{ pretix_dbpass }}
|
||||
; For MySQL, use local socket, e.g. /var/run/mysqld/mysqld.sock
|
||||
; For a remote host, supply an IP address
|
||||
; For local postgres authentication, you can leave it empty
|
||||
host=
|
||||
|
||||
[mail]
|
||||
; See config file documentation for more options
|
||||
from={{ pretix_mail }}
|
||||
host={{ mail_server }}
|
||||
|
||||
[redis]
|
||||
location=redis://127.0.0.1/0
|
||||
sessions=true
|
||||
|
||||
[celery]
|
||||
backend=redis://127.0.0.1/1
|
||||
broker=redis://127.0.0.1/2
|
58
roles/pretix/templates/vhost.j2
Normal file
58
roles/pretix/templates/vhost.j2
Normal file
@ -0,0 +1,58 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ pretix_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ pretix_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ pretix_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ pretix_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ pretix_domain }}.crt;
|
||||
|
||||
add_header Referrer-Policy same-origin;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8345;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
location /media/ {
|
||||
alias /var/pretix/data/media/;
|
||||
expires 7d;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ^~ /media/cachedfiles {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location ^~ /media/invoices {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location /static/ {
|
||||
alias /opt/pretix/venv/lib/python3.9/site-packages/pretix/static.dist/;
|
||||
access_log off;
|
||||
expires 365d;
|
||||
add_header Cache-Control "public";
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user