parent
7a32fb14d7
commit
1f118a8dfc
GPG key ID:
0AA29A52FB33CFB5
7 changed files with 150 additions and 31 deletions
roles
pretalx
pretix
|
|
@ -110,11 +110,11 @@ argument_specs:
|
|||
- PostgreSQL username to be used by Pretalx.
|
||||
type: str
|
||||
default: pretalx
|
||||
# pretalx_postgresql_password:
|
||||
# description:
|
||||
# - PostgreSQL password to be used by Pretalx.
|
||||
# type: str
|
||||
# required: true
|
||||
pretalx_postgresql_password:
|
||||
description:
|
||||
- PostgreSQL password to be used by Pretalx.
|
||||
type: str
|
||||
required: true
|
||||
pretalx_postgresql_database:
|
||||
description:
|
||||
- PostgreSQL database to be used by Pretalx.
|
||||
|
|
@ -127,6 +127,11 @@ argument_specs:
|
|||
- Base URL of the Pretalx installation.
|
||||
type: str
|
||||
default: https://pretalx.example.org
|
||||
pretalx_language:
|
||||
description:
|
||||
- Language of the Pretalx instance
|
||||
type: str
|
||||
default: en
|
||||
pretalx_timezone:
|
||||
description:
|
||||
- Time zone of the Pretalx instance
|
||||
|
|
|
|||
|
|
@ -52,13 +52,39 @@
|
|||
- data
|
||||
- public
|
||||
|
||||
- name: Collect PostgreSQL version and extensions
|
||||
become: true
|
||||
become_user: postgres
|
||||
community.postgresql.postgresql_info:
|
||||
filter: ver*,ext*
|
||||
register: pretalx_register_postgresql_info
|
||||
|
||||
- name: Create pg_hba entry
|
||||
community.postgresql.postgresql_pg_hba:
|
||||
dest: "/etc/postgresql/{{ pretalx_register_postgresql_info.version.major }}/main/pg_hba.conf"
|
||||
owner: postgres
|
||||
group: postgres
|
||||
mode: "0644"
|
||||
contype: local
|
||||
databases: "{{ pretalx_postgresql_database }}"
|
||||
users: "{{ pretalx_postgresql_username }}"
|
||||
method: scram-sha-256
|
||||
comment: "Ansible managed"
|
||||
register: pretalx_register_pg_hba
|
||||
|
||||
- name: Restart PostgreSQL
|
||||
ansible.builtin.systemd_service:
|
||||
name: postgresql.service
|
||||
state: reloaded
|
||||
when: pretalx_register_pg_hba.changed
|
||||
|
||||
- name: Create PostgreSQL user
|
||||
become: true
|
||||
become_user: postgres
|
||||
community.postgresql.postgresql_user:
|
||||
name: "{{ pretalx_postgresql_username }}"
|
||||
# password: "{{ pretalx_postgresql_password }}"
|
||||
# no_password_changes: true
|
||||
password: "{{ pretalx_postgresql_password }}"
|
||||
no_password_changes: true
|
||||
|
||||
- name: Create PostgreSQL database
|
||||
become: true
|
||||
|
|
@ -84,21 +110,30 @@
|
|||
mode: "0700"
|
||||
notify: Restart Pretalx
|
||||
|
||||
- name: Create pretalx network
|
||||
containers.podman.podman_network:
|
||||
name: pretalx
|
||||
ipv6: true
|
||||
|
||||
- name: Create pretalx-cache container
|
||||
containers.podman.podman_container:
|
||||
name: pretalx-cache
|
||||
image: "{{ pretalx_cache_image }}:{{ pretalx_cache_image_tag }}"
|
||||
restart_policy: unless-stopped
|
||||
network:
|
||||
- pretalx
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "{{ pretalx_watchtower_enabled | ternary('true', 'false') }}"
|
||||
subuidname: "{{ pretix_system_user }}"
|
||||
subgidname: "{{ pretix_system_user }}"
|
||||
subuidname: "{{ pretalx_system_user }}"
|
||||
subgidname: "{{ pretalx_system_user }}"
|
||||
generate_systemd:
|
||||
path: /etc/systemd/system
|
||||
|
||||
- name: Create pretalx container
|
||||
containers.podman.podman_container:
|
||||
name: pretalx
|
||||
image: "{{ pretalx_image }}:{{ pretalx_image_tag }}"
|
||||
restart_policy: unless-stopped
|
||||
network:
|
||||
- pretalx
|
||||
ports:
|
||||
- "{{ pretalx_http_hostaddr }}:{{ pretalx_http_hostport }}:80"
|
||||
volumes:
|
||||
|
|
@ -111,5 +146,18 @@
|
|||
PRETALX_FILESYSTEM_STATIC: /public/static
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "{{ pretalx_watchtower_enabled | ternary('true', 'false') }}"
|
||||
subuidname: "{{ pretix_system_user }}"
|
||||
subgidname: "{{ pretix_system_user }}"
|
||||
subuidname: "{{ pretalx_system_user }}"
|
||||
subgidname: "{{ pretalx_system_user }}"
|
||||
generate_systemd:
|
||||
path: /etc/systemd/system
|
||||
|
||||
# TODO: Replace with Quadlets on Debian 13
|
||||
- name: Start and enable systemd-managed podman containers
|
||||
ansible.builtin.systemd_service:
|
||||
name: "container-{{ item }}.service"
|
||||
state: started
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
loop:
|
||||
- pretalx-cache
|
||||
- pretalx
|
||||
|
|
|
|||
|
|
@ -5,13 +5,13 @@ debug=false
|
|||
url={{ pretalx_url }}
|
||||
|
||||
[locale]
|
||||
time_zone={{ pretalx_timezone }}Europe/Zurich
|
||||
time_zone={{ pretalx_timezone }}
|
||||
|
||||
[database]
|
||||
backend=postgresql
|
||||
name={{ pretalx_postgresql_database }}
|
||||
user={{ pretalx_postgresql_username }}
|
||||
; password=*********
|
||||
password={{ pretalx_postgresql_password }}
|
||||
host=
|
||||
|
||||
[mail]
|
||||
|
|
@ -30,7 +30,7 @@ port={{ pretalx_mail_port or 25 }}
|
|||
tls=off
|
||||
ssl=off
|
||||
{% endif %}
|
||||
{% if pretalx_mail_username is not none and pretalx_mail_password is not none %}
|
||||
{% if pretalx_mail_username is defined and pretalx_mail_password is defined %}
|
||||
user={{ pretalx_mail_username }}
|
||||
password={{ pretalx_mail_password }}
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ argument_specs:
|
|||
- OCI Container image tag for Redis
|
||||
type: str
|
||||
default: "8"
|
||||
pretix_http_hostpaddr:
|
||||
pretix_http_hostaddr:
|
||||
description:
|
||||
- Host address to map to Pretix http port
|
||||
type: str
|
||||
|
|
@ -143,6 +143,18 @@ argument_specs:
|
|||
type: bool
|
||||
default: false
|
||||
|
||||
# pretix.cfg: locale config section
|
||||
pretix_locale_default:
|
||||
description:
|
||||
- The default locale for users that do not set their own.
|
||||
type: str
|
||||
default: en
|
||||
pretix_locale_timezone:
|
||||
description:
|
||||
- The timezone of this pretix installation.
|
||||
type: str
|
||||
default: Europe/Zurich
|
||||
|
||||
# pretix.cfg: mail config section
|
||||
pretix_mail_from:
|
||||
description:
|
||||
|
|
|
|||
|
|
@ -49,13 +49,39 @@
|
|||
group: "{{ pretix_subgid_begin + pretix_container_gid }}"
|
||||
mode: "0700"
|
||||
|
||||
- name: Collect PostgreSQL version and extensions
|
||||
become: true
|
||||
become_user: postgres
|
||||
community.postgresql.postgresql_info:
|
||||
filter: ver*,ext*
|
||||
register: pretix_register_postgresql_info
|
||||
|
||||
- name: Create pg_hba entry
|
||||
community.postgresql.postgresql_pg_hba:
|
||||
dest: "/etc/postgresql/{{ pretix_register_postgresql_info.version.major }}/main/pg_hba.conf"
|
||||
owner: postgres
|
||||
group: postgres
|
||||
mode: "0644"
|
||||
contype: local
|
||||
databases: "{{ pretix_postgresql_database }}"
|
||||
users: "{{ pretix_postgresql_username }}"
|
||||
method: scram-sha-256
|
||||
comment: "Ansible managed"
|
||||
register: pretix_register_pg_hba
|
||||
|
||||
- name: Restart PostgreSQL
|
||||
ansible.builtin.systemd_service:
|
||||
name: postgresql.service
|
||||
state: reloaded
|
||||
when: pretix_register_pg_hba.changed
|
||||
|
||||
- name: Create PostgreSQL user
|
||||
become: true
|
||||
become_user: postgres
|
||||
community.postgresql.postgresql_user:
|
||||
name: "{{ pretix_postgresql_username }}"
|
||||
# password: "{{ pretix_postgresql_password }}"
|
||||
# no_password_changes: true
|
||||
password: "{{ pretix_postgresql_password }}"
|
||||
no_password_changes: true
|
||||
|
||||
- name: Create PostgreSQL database
|
||||
become: true
|
||||
|
|
@ -76,45 +102,67 @@
|
|||
ansible.builtin.template:
|
||||
src: etc/pretix/pretix.cfg.j2
|
||||
dest: /etc/pretix/pretix.cfg
|
||||
owner: "{{ pretix_system_user }}"
|
||||
group: "{{ pretix_system_group }}"
|
||||
owner: "{{ pretix_subuid_begin + pretix_container_uid }}"
|
||||
group: "{{ pretix_subgid_begin + pretix_container_gid }}"
|
||||
mode: "0700"
|
||||
notify: Restart Pretix
|
||||
notify: Restart Pretix
|
||||
|
||||
- name: Create pretix network
|
||||
containers.podman.podman_network:
|
||||
name: pretix
|
||||
ipv6: true
|
||||
|
||||
- name: Create pretix-cache container
|
||||
containers.podman.podman_container:
|
||||
name: pretix-cache
|
||||
image: "{{ pretix_cache_image }}:{{ pretix_cache_image_tag }}"
|
||||
restart_policy: unless-stopped
|
||||
network:
|
||||
- pretix
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "{{ pretix_watchtower_enabled | ternary('true', 'false') }}"
|
||||
subuidname: "{{ pretix_system_user }}"
|
||||
subgidname: "{{ pretix_system_user }}"
|
||||
generate_systemd:
|
||||
path: /etc/systemd/system
|
||||
|
||||
- name: Create pretix container
|
||||
containers.podman.podman_container:
|
||||
name: pretix
|
||||
image: "{{ pretix_image }}:{{ pretix_image_tag }}"
|
||||
command: "all"
|
||||
restart_policy: unless-stopped
|
||||
network:
|
||||
- pretix
|
||||
ports:
|
||||
- "{{ pretix_http_hostaddr }}:{{ pretix_http_hostport }}:80"
|
||||
volumes:
|
||||
- "/etc/pretix:/etc/pretix:ro"
|
||||
- "{{ pretix_system_home }}/data:/data"
|
||||
- "/run/postgresql:/run/postgresql"
|
||||
sysctl:
|
||||
net.core.somaxconn: "4096"
|
||||
subuidname: "{{ pretix_system_user }}"
|
||||
subgidname: "{{ pretix_system_user }}"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "{{ pretix_watchtower_enabled | ternary('true', 'false') }}"
|
||||
subuidname: "{{ pretix_system_user }}"
|
||||
subgidname: "{{ pretix_system_user }}"
|
||||
generate_systemd:
|
||||
path: /etc/systemd/system
|
||||
after: container-pretix-cache.service
|
||||
requires: container-pretix-cache.service
|
||||
|
||||
- name: Run Pretix upgrade
|
||||
containers.podman.podman_container_exec:
|
||||
container: pretix
|
||||
name: pretix
|
||||
command: pretix upgrade
|
||||
|
||||
# TODO: Replace with Quadlets on Debian 13
|
||||
- name: Start and enable systemd-managed podman containers
|
||||
ansible.builtin.systemd_service:
|
||||
name: "container-{{ item }}.service"
|
||||
state: started
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
loop:
|
||||
- pretix-cache
|
||||
- pretix
|
||||
|
||||
- name: Render Pretix cronjob
|
||||
ansible.builtin.template:
|
||||
src: etc/cron.d/pretix.j2
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
{{ pretix_cron }} {{ pretix_system_user }} podmap exec pretix cron
|
||||
{{ pretix_cron }} root podman exec pretix cron
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
[pretix]
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
instance_name={{ pretix_instance_name }}
|
||||
|
|
@ -8,10 +9,15 @@ trust_x_forwarded_for=on
|
|||
trust_x_forwarded_proto=on
|
||||
registration={{ pretix_registration | ternary('on', 'off') }}
|
||||
|
||||
[locale]
|
||||
default={{ pretix_locale_default }}
|
||||
timezone={{ pretix_locale_timezone }}
|
||||
|
||||
[database]
|
||||
backend=postgresql
|
||||
name={{ pretix_postgresql_database }}
|
||||
user={{ pretix_postgresql_username }}
|
||||
password={{ pretix_postgresql_password }}
|
||||
host=
|
||||
|
||||
[mail]
|
||||
|
|
@ -30,7 +36,7 @@ port={{ pretix_mail_port or 25 }}
|
|||
tls=off
|
||||
ssl=off
|
||||
{% endif %}
|
||||
{% if pretix_mail_username is not none and pretix_mail_password is not none %}
|
||||
{% if pretix_mail_username is defined and pretix_mail_password is defined %}
|
||||
user={{ pretix_mail_username }}
|
||||
password={{ pretix_mail_password }}
|
||||
{% endif %}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue