pretalx: remove role (was on palladium.binary-kitchen.net)

2024-11-18 16:28:04 +01:00 · 2024-11-18 16:28:04 +01:00 · 10f7450bc6
commit 10f7450bc6
parent 9179a8a1f6
11 changed files with 1 additions and 278 deletions
--- a/1
+++ b/1
@ -36,7 +36,6 @@ zirconium.binary-kitchen.net
 molybdenum.binary-kitchen.net
 ruthenium.binary-kitchen.net
 rhodium.binary-kitchen.net
-palladium.binary-kitchen.net
 argentum.binary-kitchen.net
 cadmium.binary-kitchen.net
 indium.binary-kitchen.net
--- a/roles/pretalx/defaults/main.yml
+++ b/roles/pretalx/defaults/main.yml
@ -1,4 +0,0 @@
---
-
-pretalx_user: pretalx
-pretalx_group: pretalx
--- a/roles/pretalx/handlers/main.yml
+++ b/roles/pretalx/handlers/main.yml
@ -1,13 +0,0 @@
---
-
- name: Run acertmgr
-  command: /usr/bin/acertmgr
-
- name: Reload systemd
-  systemd: daemon_reload=yes
-
- name: Restart pretalx-web
-  service: name=pretalx-web state=restarted
-
- name: Restart pretalx-worker
-  service: name=pretalx-worker state=restarted
--- a/roles/pretalx/meta/main.yml
+++ b/roles/pretalx/meta/main.yml
@ -1,5 +0,0 @@
---
-
-dependencies:
- { role: acertmgr }
- { role: nginx, nginx_ssl: True }
--- a/roles/pretalx/tasks/main.yml
+++ b/roles/pretalx/tasks/main.yml
@ -1,125 +0,0 @@
---
-
- name: Create group
-  group: name={{ pretalx_group }}
-
- name: Create user
-  user: name={{ pretalx_user }} home=/home/{{ pretalx_user }} group={{ pretalx_group }}
-
- name: Create pretalx directories
-  file: path={{ item }} state=directory owner={{ pretalx_user }} group={{ pretalx_group }}
-  with_items:
-  - /etc/pretalx
-  - /opt/pretalx
-  - /opt/pretalx/data
-  - /opt/pretalx/data/media
-  - /opt/pretalx/static
-
- name: Install dependencies
-  apt:
-    name:
-    - build-essential
-    - gettext
-    - libssl-dev
-    - nodejs
-    - npm
-    - python3-setuptools
-    - python3-dev
-    - python3-pip
-    - python3-venv
-
- name: Install PostgreSQL
-  apt:
-    name:
-    - postgresql
-    - python3-psycopg2
-
- name: Configure PostgreSQL user
-  postgresql_user: name={{ pretalx_dbuser }} password={{ pretalx_dbpass }}
-  become: true
-  become_user: postgres
-
- name: Configure PostgreSQL database
-  postgresql_db: name={{ pretalx_dbname }} owner={{ pretalx_dbuser }}
-  become: true
-  become_user: postgres
-
- name: Install redis
-  apt: name=redis-server
-
- name: Install pretalx
-  pip:
-    name:
-    - gunicorn
-    - pretalx[postgres,redis]
-    - psycopg2-binary
-    virtualenv: /opt/pretalx/venv
-    virtualenv_command: "python3 -m venv"
-  become: true
-  become_user: "{{ pretalx_user }}"
-  register: pretalx_install
-
- name: Configure pretalx
-  template:
-    src: pretalx.cfg.j2
-    dest: /etc/pretalx/pretalx.cfg
-    owner: "{{ pretalx_user }}"
-    group: "{{ pretalx_group }}"
-  notify:
-  - Restart pretalx-web
-  - Restart pretalx-worker
-
- name: Run migration script
-  command:
-    cmd: "./venv/bin/python3 -m pretalx migrate"
-    chdir: "/opt/pretalx"
-  become: true
-  become_user: "{{ pretalx_user }}"
-  when: pretalx_install.changed
-
- name: Run rebuild script
-  command:
-    cmd: "./venv/bin/python3 -m pretalx rebuild"
-    chdir: "/opt/pretalx"
-  become: true
-  become_user: "{{ pretalx_user }}"
-  when: pretalx_install.changed
-
- name: Enable pretalx cronjob
-  cron:
-    user: "{{ pretalx_user }}"
-    name: pretalx
-    minute: "*/5"
-    job: "export PATH=/opt/pretalx/venv/bin:$PATH && cd /opt/pretalx && python -m pretalx runperiodic > /dev/null"
-
- name: Ensure certificates are available
-  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ pretalx_domain }}.key -out /etc/nginx/ssl/{{ pretalx_domain }}.crt -days 730 -subj "/CN={{ pretalx_domain }}" creates=/etc/nginx/ssl/{{ pretalx_domain }}.crt
-  notify: Restart nginx
-
- name: Configure certificate manager for pretalx
-  template: src=certs.j2 dest=/etc/acertmgr/{{ pretalx_domain }}.conf
-  notify: Run acertmgr
-
- name: Configure vhost
-  template: src=vhost.j2 dest=/etc/nginx/sites-available/pretalx
-  notify: Restart nginx
-
- name: Enable vhost
-  file: src=/etc/nginx/sites-available/pretalx dest=/etc/nginx/sites-enabled/pretalx state=link
-  notify: Restart nginx
-
- name: Install systemd units
-  template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
-  with_items:
-  - pretalx-web
-  - pretalx-worker
-  notify:
-  - Reload systemd
-  - Restart pretalx-web
-  - Restart pretalx-worker
-
- name: Enable services
-  service: name={{ item }} state=started enabled=yes
-  with_items:
-  - pretalx-web
-  - pretalx-worker
--- a/roles/pretalx/templates/certs.j2
+++ b/roles/pretalx/templates/certs.j2
@ -1,15 +0,0 @@
---
-
-{{ pretalx_domain }}:
- path: /etc/nginx/ssl/{{ pretalx_domain }}.key
-  user: root
-  group: root
-  perm: '400'
-  format: key
-  action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ pretalx_domain }}.crt
-  user: root
-  group: root
-  perm: '400'
-  format: crt,ca
-  action: '/usr/sbin/service nginx restart'
--- a/roles/pretalx/templates/pretalx-web.service.j2
+++ b/roles/pretalx/templates/pretalx-web.service.j2
@ -1,18 +0,0 @@
-[Unit]
-Description=pretalx web service
-After=network.target
-
-[Service]
-User={{ pretalx_user }}
-Group={{ pretalx_group }}
-Environment="VIRTUAL_ENV=/opt/pretalx/venv"
-Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
-ExecStart=/opt/pretalx/venv/bin/gunicorn pretalx.wsgi \
-                      --name pretalx --workers 5 \
-                      --max-requests 1200  --max-requests-jitter 50 \
-                      --log-level=info --bind=127.0.0.1:8345
-WorkingDirectory=/opt/pretalx
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/pretalx/templates/pretalx-worker.service.j2
+++ b/roles/pretalx/templates/pretalx-worker.service.j2
@ -1,15 +0,0 @@
-[Unit]
-Description=pretalx background worker
-After=network.target
-
-[Service]
-User={{ pretalx_user }}
-Group={{ pretalx_group }}
-Environment="VIRTUAL_ENV=/opt/pretalx/venv"
-Environment="PATH=/opt/pretalx/venv/bin:/usr/local/bin:/usr/bin:/bin"
-ExecStart=/opt/pretalx/venv/bin/celery -A pretalx.celery_app worker -l info
-WorkingDirectory=/opt/pretalx
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/pretalx/templates/pretalx.cfg.j2
+++ b/roles/pretalx/templates/pretalx.cfg.j2
@ -1,27 +0,0 @@
-[filesystem]
-data = /opt/pretalx/data
-static = /opt/pretalx/static
-
-[site]
-debug = False
-url = https://{{ pretalx_domain }}
-
-[database]
-backend = postgresql
-name = {{ pretalx_dbname }}
-user = {{ pretalx_dbuser }}
-password = {{ pretalx_dbpass }}
-host =
-
-[mail]
-from={{ pretalx_mail }}
-host={{ mail_server }}
-tls = True
-
-[redis]
-location=redis://127.0.0.1/0
-sessions=true
-
-[celery]
-backend=redis://127.0.0.1/1
-broker=redis://127.0.0.1/2
--- a/roles/pretalx/templates/vhost.j2
+++ b/roles/pretalx/templates/vhost.j2
@ -1,49 +0,0 @@
-server {
-	listen 80;
-	listen [::]:80;
-
-	server_name {{ pretalx_domain }};
-
-	location /.well-known/acme-challenge {
-		default_type "text/plain";
-		alias /var/www/acme-challenge;
-	}
-
-	location / {
-		return 301 https://{{ pretalx_domain }}$request_uri;
-	}
-}
-
-server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
-
-	server_name {{ pretalx_domain }};
-
-	ssl_certificate_key /etc/nginx/ssl/{{ pretalx_domain }}.key;
-	ssl_certificate /etc/nginx/ssl/{{ pretalx_domain }}.crt;
-
-	add_header Referrer-Policy same-origin;
-	add_header X-Content-Type-Options nosniff;
-
-	location / {
-		proxy_pass http://localhost:8345;
-		client_max_body_size 32M;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header X-Forwarded-Proto https;
-		proxy_set_header Host $http_host;
-	}
-
-	location /media/ {
-		alias /opt/pretalx/data/media/;
-		expires 7d;
-		access_log off;
-	}
-
-	location /static/ {
-		alias /opt/pretalx/static/;
-		access_log off;
-		expires 365d;
-		add_header Cache-Control "public";
-	}
-}
--- a/site.yml
+++ b/site.yml
@ -7,7 +7,7 @@
  - root_keys

 - name: Setup unattended updates
-  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
+  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
  roles:
  - uau

@ -153,11 +153,6 @@
  roles:
  - pretix

- name: Setup event pretalx server
-  hosts: palladium.binary-kitchen.net
-  roles:
-  - pretalx
-
 - name: Setup event netbox server
  hosts: cadmium.binary-kitchen.net
  roles: