s3lph/ansible-collection-conference
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: initial commit

Browse source
This commit is contained in:
s3lph 2025-03-05 22:12:21 +01:00
commit 2d98102763
Signed by: s3lph
GPG key ID: 0AA29A52FB33CFB5
26 changed files with 1314 additions and 0 deletions

12
.ansible-lint Normal file
View file

@ -0,0 +1,12 @@
---
skip_list:
- meta-runtime[unsupported-version]
- galaxy[no-changelog]
- galaxy[version-incorrect]
- name[casing]
- var-naming[no-role-prefix]
# Exclude defaults files generated by aar-doc
exclude_paths:
- "**/defaults/"

153
.forgejo/workflows/aardoc.patch Normal file
View file

@ -0,0 +1,153 @@
--- aar_doc/defaults.py
+++ aar_doc/defaults.py
@@ -15,7 +15,7 @@
from ruamel.yaml.scalarstring import LiteralScalarString, SingleQuotedScalarString
yaml = YAML()
-yaml.indent(mapping=2, sequence=2, offset=2)
+yaml.indent(mapping=2, sequence=4, offset=2)
yaml.encoding = "utf-8"
yaml.allow_unicode = True
--- aar_doc/defaults.py
+++ aar_doc/defaults.py
@@ -73,18 +73,27 @@ def add_default(
else:
self._defaults.setdefault(name, RoleDefault(name, value, description))
+ def safe_quote_recursive(self, value):
+ if isinstance(value, list):
+ return [self.safe_quote_recursive(v) for v in value]
+ elif isinstance(value, dict):
+ return {k: self.safe_quote_recursive(v) for k, v in value.items()}
+ elif isinstance(value, str):
+ if value in ("yes", "no"):
+ return SingleQuotedScalarString(value)
+ elif "\n" in value:
+ return LiteralScalarString(value)
+ elif ":" in value:
+ return SingleQuotedScalarString(value)
+ return value
+
def to_commented_map(self) -> CommentedMap:
"""
Returns all tracked defaults as a CommentedMap.
"""
commented_defaults = CommentedMap()
for role_default in self.defaults:
- value = role_default.value
- if isinstance(value, str):
- if value in ("yes", "no"):
- value = SingleQuotedScalarString(value)
- if "\n" in value:
- value = LiteralScalarString(value)
+ value = self.safe_quote_recursive(role_default.value)
commented_defaults[role_default.name] = value
description_items = (
role_default.description
--- aar_doc/core.py
+++ aar_doc/core.py
@@ -7,6 +7,7 @@ and rendering jinja2 templates from processing data.
import json
import pathlib
+import re
from enum import Enum
import jinja2
@@ -21,6 +22,24 @@ yaml.encoding = "utf-8"
yaml.allow_unicode = True
+def ansible_doc_markup(text):
+ # Regular expressions copied from ansible-doc:
+ # https://github.com/ansible/ansible/blob/devel/lib/ansible/cli/doc.py#L436
+ out = re.sub(r'\bI\(([^)]+)\)', r'*\1*', text) # I(text) -> *text*
+ out = re.sub(r'\bB\(([^)]+)\)', r'**\1**', out) # B(text) -> **text**
+ out = re.sub(r'\bC\(([^)]+)\)', r'`\1`', out) # C(text) -> `text`
+ out = re.sub(r'\bM\(([^)]+)\)', r'`\1`', out) # M(module) -> `module`
+ out = re.sub(r'\bO\(((?:[^\\)]+|\\.)+)\)', r'`\1`', out) # O(option) -> `option`
+ out = re.sub(r'\bV\(((?:[^\\)]+|\\.)+)\)', r'`\1`', out) # V(value) -> `value`
+ out = re.sub(r'\bV\(((?:[^\\)]+|\\.)+)\)', r'`\1`', out) # E(env) -> `env`
+ out = re.sub(r'\bV\(((?:[^\\)]+|\\.)+)\)', r'`\1`', out) # RV(retval) -> `retval`
+ out = re.sub(r'\bU\(([^)]+)\)', r'[\1]', out) # U(url) -> [url]
+ out = re.sub(r'\bL\(([^)]+), *([^)]+)\)', r'[\1](\2)', out) # L(text,url) -> [text](url)
+ out = re.sub(r'\bR\(([^)]+), *([^)]+)\)', r'[\1](#\2)', out) # R(text,frag) -> [text](#frag)
+ out = re.sub(r'\bHORIZONTALLINE\b', r'\n\n---\n', out) # HORIZONTALLINE -> ---
+ return out
+
+
class OutputMode(Enum):
"""
Defines the options for the output mode.
@@ -240,6 +259,7 @@ def render_content(ctx: typer.Context, content_template: str) -> str:
autoescape=jinja2.select_autoescape(),
undefined=jinja2.StrictUndefined,
)
+ env.filters['ansible_doc_markup'] = ansible_doc_markup
role = ctx.obj["config"]["role"]
metadata = ctx.obj["data"]["metadata"]
@@ -270,12 +290,14 @@ def render_content(ctx: typer.Context, content_template: str) -> str:
keep_trailing_newline=True,
loader=jinja2.FileSystemLoader([role_path, output_template_file.parent]),
)
+ env.filters['ansible_doc_markup'] = ansible_doc_markup
template = env.get_template(output_template_file.name)
except (FileNotFoundError, OSError):
env = jinja2.Environment(
keep_trailing_newline=True,
loader=jinja2.FileSystemLoader(role_path),
)
+ env.filters['ansible_doc_markup'] = ansible_doc_markup
template = env.from_string(source=output_template)
return template.render(
--- aar_doc/templates/markdown.j2
+++ aar_doc/templates/markdown.j2
@@ -3,7 +3,7 @@
{%- if "version" in galaxy_collection %}
Version: {{ galaxy_collection.version }}
{% endif %}
-{{ metadata.galaxy_info.description }}
+{{ metadata.galaxy_info.description | ansible_doc_markup }}
{% if ("galaxy_tags" in metadata.galaxy_info) and (metadata.galaxy_info.galaxy_tags | length > 0) %}
Tags: {{ metadata.galaxy_info.galaxy_tags | join(', ') }}
{%- endif %}
@@ -22,14 +22,15 @@ Tags: {{ metadata.galaxy_info.galaxy_tags | join(', ') }}
### Entrypoint: {{ entrypoint }}
-{{ argument_specs[entrypoint].short_description }}
+{{ argument_specs[entrypoint].short_description | ansible_doc_markup }}
{% if "description" in argument_specs[entrypoint] %}
{%- if argument_specs[entrypoint].description is string -%}
-{{ argument_specs[entrypoint].description }}
+{{ argument_specs[entrypoint].description | ansible_doc_markup }}
{% else %}
{%- for line in argument_specs[entrypoint].description -%}
-{{ line }}
+{{ line | ansible_doc_markup }}
+
{% endfor -%}
{% endif -%}
{% endif -%}
@@ -39,7 +40,7 @@ Tags: {{ metadata.galaxy_info.galaxy_tags | join(', ') }}
|Option|Description|Type|Required|Default|
|---|---|---|---|---|
{%- for name, details in options.items() %}
-| {{ name }} | {{ details.display_description }} | {{ details.display_type }} | {{ details.display_required }} | {{ details.display_default }} |
+| {{ name }} | {{ details.display_description | ansible_doc_markup }} | {{ details.display_type }} | {{ details.display_required }} | {{ details.display_default }} |
{%- endfor %}
{% if entrypoint_options[entrypoint] | length > 1 -%}
@@ -49,7 +50,7 @@ Tags: {{ metadata.galaxy_info.galaxy_tags | join(', ') }}
|Option|Description|Type|Required|Default|
|---|---|---|---|---|
{%- for name, details in options.items() %}
-| {{ name }} | {{ details.display_description }} | {{ details.display_type }} | {{ details.display_required }} | {{ details.display_default }} |
+| {{ name }} | {{ details.display_description | ansible_doc_markup }} | {{ details.display_type }} | {{ details.display_required }} | {{ details.display_default }} |
{%- endfor %}
{% endfor -%}

45
.forgejo/workflows/ansible-galaxy.yml Normal file
View file

@ -0,0 +1,45 @@
---
name: Ansible Galaxy
on: # noqa yaml[truthy]
push:
tags:
- 'v*'
jobs:
deploy:
runs-on: docker
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: |
apt update; apt install --yes python3-pip patch
pip3 install --break-system-packages ansible aar-doc
- name: Patch aar-doc
run: |
cd /usr/local/lib/python3.*/dist-packages/
patch -p0 < $OLDPWD/.forgejo/workflows/aardoc.patch
- name: Set version in galaxy.yml
run: |
VERSION=${GITHUB_REF#refs/tags/v}
sed -re "s/^version:.*$/version: ${VERSION}/" -i galaxy.yml
- name: Generate metadata, readme and defaults from argument_spec
run: |
set -euo pipefail
for r in roles/*; do
aar-doc --output-mode replace $r markdown
aar-doc --output-mode replace $r defaults
done
- name: Upload collection to Ansible Galaxy
env:
GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }}
run: |
ansible-galaxy collection build
ansible-galaxy collection publish --api-key=${GALAXY_API_KEY} s3lph-conference*tar.gz

35
.forgejo/workflows/ansible-lint.yml Normal file
View file

@ -0,0 +1,35 @@
---
name: Ansible Lint
on: [push, pull_request] # noqa yaml[truthy]
jobs:
build:
runs-on: docker
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: |
apt update; apt install --yes python3-pip patch
pip3 install --break-system-packages ansible-lint aar-doc
- name: Patch aar-doc
run: |
cd /usr/local/lib/python3.*/dist-packages/
patch -p0 < $OLDPWD/.forgejo/workflows/aardoc.patch
- name: Generate metadata, readme and defaults from argument_spec
run: |
set -euo pipefail
for r in roles/*; do
aar-doc --output-mode replace $r markdown
aar-doc --output-mode replace $r defaults
done
- name: Run ansible-lint
run: |
ansible-lint

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
.ansible/
s3lph-conference*.tar.gz

9
.yamllint Normal file
View file

@ -0,0 +1,9 @@
---
extends: default
rules:
line-length: disable
ignore:
- "**/defaults/"

3
README.md Normal file
View file

@ -0,0 +1,3 @@
# Ansible Collection - s3lph.conference
Documentation for the collection.

70
galaxy.yml Normal file
View file

@ -0,0 +1,70 @@
---
# SPDX-License-Identifier: MIT-0
### REQUIRED
# The namespace of the collection. This can be a company/brand/organization or product namespace under which all
# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
# underscores or numbers and cannot contain consecutive underscores
namespace: s3lph
# The name of the collection. Has the same character restrictions as 'namespace'
name: conference
# The version of the collection. Must be compatible with semantic versioning
version: 0.0.1
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
# @nicks:irc/im.site#channel'
authors:
- s3lph <s3lph@kabelsalat.ch>
### OPTIONAL but strongly recommended
# A short summary description of the collection
description: Install Pretix and Pretalx
# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
license:
- MIT
# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
# requirements as 'namespace' and 'name'
tags:
- application
- pretix
- pretalx
# Collections that this collection requires to be installed for it to be usable. The key of the dict is the
# collection label 'namespace.name'. The value is a version range
# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
# range specifiers can be set and are separated by ','
dependencies:
community.podman: ">=1.16.2,<2.0.0"
community.postgresql: ">=3.10.2,<4.0.0"
# The URL of the originating SCM repository
repository: https://git.kabelsalat.ch/s3lph/ansible-collection-conference
# The URL to any online docs
documentation: https://git.kabelsalat.ch/s3lph/ansible-collection-conference
# The URL to the homepage of the collection/project
homepage: https://git.kabelsalat.ch/s3lph/ansible-collection-conference
# The URL to the collection issue tracker
issues: https://git.kabelsalat.ch/s3lph/ansible-collection-conference/issues
# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
# and '.git' are always filtered. Mutually exclusive with 'manifest'
build_ignore: []
# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
# list of MANIFEST.in style
# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
# with 'build_ignore'
# manifest: null

52
meta/runtime.yml Normal file
View file

@ -0,0 +1,52 @@
---
# Collections must specify a minimum required ansible version to upload
# to galaxy
requires_ansible: '>=2.15'
# Content that Ansible needs to load from another location or that has
# been deprecated/removed
# plugin_routing:
# action:
# redirected_plugin_name:
# redirect: ns.col.new_location
# deprecated_plugin_name:
# deprecation:
# removal_version: "4.0.0"
# warning_text: |
# See the porting guide on how to update your playbook to
# use ns.col.another_plugin instead.
# removed_plugin_name:
# tombstone:
# removal_version: "2.0.0"
# warning_text: |
# See the porting guide on how to update your playbook to
# use ns.col.another_plugin instead.
# become:
# cache:
# callback:
# cliconf:
# connection:
# doc_fragments:
# filter:
# httpapi:
# inventory:
# lookup:
# module_utils:
# modules:
# netconf:
# shell:
# strategy:
# terminal:
# test:
# vars:
# Python import statements that Ansible needs to load from another location
# import_redirection:
# ansible_collections.ns.col.plugins.module_utils.old_location:
# redirect: ansible_collections.ns.col.plugins.module_utils.new_location
# Groups of actions/modules that take a common set of options
# action_groups:
# group_name:
# - module1
# - module2

7
roles/pretalx/handlers/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Restart Pretalx
community.podman.podman_container:
name: pretalx
state: started
restart: true

181
roles/pretalx/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,181 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure Pretalx.
description:
- Install and configure the L(Pretalx,https://pretalx.com/p/about/) conference scheduling software.
- "Execution of this role can be limited using the following tags:"
- "C(role::pretalx:install): Install Pretalx, Valkey and PostgreSQL"
- "C(role::pretalx): Apply all of the above."
author: s3lph
options:
# Container image settings
pretalx_image:
description:
- OCI Container image name for Pretalx
type: str
default: docker.io/pretalx/standalone
pretalx_image_tag:
description:
- OCI Container image tag for Pretalx
type: str
default: "v2024.3.1"
pretalx_cache_image:
description:
- OCI Container image name for Valkey
type: str
default: docker.io/valkey/valkey
pretalx_cache_image_tag:
description:
- OCI Container image tag for Valkey
type: str
default: "8"
pretalx_http_hostaddr:
description:
- Host address to map to Pretalx http port
type: str
default: "[::1]"
pretalx_http_hostport:
description:
- Host port to map to Pretalx http port
type: int
default: 8081
pretalx_container_uid:
description:
- UID under which Pretalx runs inside the container.
- On the host, this is offset by O(pretalx_subuid_begin).
- You should not need to change this.
type: int
default: 999
pretalx_container_gid:
description:
- GID under which Pretalx runs inside the container.
- On the host, this is offset by O(pretalx_subgid_begin).
- You should not need to change this.
type: int
default: 999
pretalx_watchtower_enabled:
description:
- "Whether to enable automatic container updates through L(Watchtower,https://containrrr.dev/watchtower/)."
- "If this is true, you should set O(pretalx_image_tag) to something other than V(latest) or V(stable)."
- "See also: M(s3lph.conference.watchtower)."
type: bool
default: false
# System user settings
pretalx_system_group:
description:
- Name of the Pretalx system group.
type: str
default: pretalx
pretalx_system_user:
description:
- Name of the Pretalx system user.
type: str
default: pretalx
pretalx_system_home:
description:
- Home of the Pretalx system user.
- The persistent Pretalx data will be stored here.
type: str
default: /var/lib/pretalx
pretalx_subuid_begin:
description:
- First subordinate uid for the Pretalx system user.
type: int
default: 200000
pretalx_subuid_count:
description:
- Number of subordinate uids for the Pretalx system user.
type: int
default: 65536
pretalx_subgid_begin:
description:
- First subordinate gid for the Pretalx system user.
type: int
default: 200000
pretalx_subgid_count:
description:
- Number of subordinate gids for the Pretalx system user.
type: int
default: 65536
# Database settings
pretalx_postgresql_username:
description:
- PostgreSQL username to be used by Pretalx.
type: str
default: pretalx
#pretalx_postgresql_password:
# description:
# - PostgreSQL password to be used by Pretalx.
# type: str
# required: true
pretalx_postgresql_database:
description:
- PostgreSQL database to be used by Pretalx.
type: str
default: pretalx
# pretalx.cfg: main config section
pretalx_url:
description:
- Base URL of the Pretalx installation.
type: str
default: https://pretalx.example.org
pretalx_timezone:
description:
- Time zone of the Pretalx instance
type: str
default: UTC
# pretalx.cfg: mail config section
pretalx_mail_from:
description:
- Address from which Pretalx sends e-mail.
type: str
default: pretalx@example.org
pretalx_mail_host:
description:
- Host over which Pretalx sends e-mail.
type: str
default: 172.17.0.1
pretalx_mail_port:
description:
- Port over which Pretalx sends e-mail.
- "The default depends on the value if O(pretalx_tls_mode):"
- "O(pretalx_tls_mode=none): V(25)"
- "O(pretalx_tls_mode=tls): V(465)"
- "O(pretalx_tls_mode=starttls): V(587)"
type: int
default: 0
pretalx_mail_tls_mode:
description:
- TLS mode to use when Pretalx sends e-mail.
type: str
choices: ["none", "tls", "starttls"]
default: "none"
pretalx_mail_username:
description:
- If present, the username Pretalx uses to send e-mail.
- "Only takes effect if O(pretalx_mail_password) is set as well."
type: str
default: null
pretalx_mail_password:
description:
- If present, the password Pretalx uses to send e-mail.
- "Only takes effect if O(pretalx_mail_username) is set as well."
type: str
default: null
# pretalx.cfg: redis config section
pretalx_valkey_db_offset:
description:
- Valkey database index offset to be used by Pretalx.
- Pretalx uses this and the following two database indices.
type: int
default: 0

42
roles/pretalx/meta/main.yml Normal file
View file

@ -0,0 +1,42 @@
---
# SPDX-License-Identifier: MIT
galaxy_info:
author: s3lph
description: Install and configure Pretalx.
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
issue_tracker_url: https://git.kabelsalat.ch/s3lph/ansible-collection-conference/issues
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: MIT
min_ansible_version: "2.15"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
platforms:
- name: Debian
versions:
- bullseye
- bookworm
- trixie
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

110
roles/pretalx/tasks/install.yml Normal file
View file

@ -0,0 +1,110 @@
---
- name: Install dependencies
ansible.builtin.package:
name:
- podman
- postgresql
- python3-psycopg2
- name: Create pretalx group
ansible.builtin.group:
name: "{{ pretalx_system_group }}"
- name: Create pretalx user
ansible.builtin.user:
name: "{{ pretalx_system_user }}"
group: "{{ ptrealx_system_group }}"
home: "{{ pretalx_system_home }}"
password: '!'
shell: /usr/sbin/nologin
comment: Pretalx
- name: Create subuid entry
ansible.builtin.lineinfile:
path: /etc/subuid
line: "{{ pretalx_system_user }}:{{ pretalx_subuid_begin }}:{{ pretalx_subuid_count }}"
regexp: "^{{ pretalx_system_user }}:"
create: true
owner: root
group: root
mode: "0644"
- name: Create subgid entry
ansible.builtin.lineinfile:
path: /etc/subgid
line: "{{ pretalx_system_user }}:{{ pretalx_subgid_begin }}:{{ pretalx_subgid_count }}"
regexp: "^{{ pretalx_system_user }}:"
create: true
owner: root
group: root
mode: "0644"
- name: Create pretalx directories
ansible.builtin.file:
path: "{{ pretalx_system_home }}/{{ item }}"
state: directory
owner: "{{ pretalx_subuid_begin + pretalx_container_uid }}"
group: "{{ pretalx_subgid_begin + pretalx_container_gid }}"
mode: "0750"
loop:
- data
- public
- name: Create PostgreSQL user
community.postgresql.postgresql_user:
name: "{{ pretalx_postgresql_username }}"
#password: "{{ pretalx_postgresql_password }}"
#no_password_changes: true
- name: Create PostgreSQL database
community.postgresql.postgresql_db:
name: "{{ pretalx_postgresql_database }}"
owner: "{{ pretalx_postgresql_username }}"
- name: Create Pretalx configuration directory
ansible.builtin.file:
path: /etc/pretalx
owner: "{{ pretalx_system_user }}"
group: "{{ pretalx_system_group }}"
mode: "0755"
state: directory
- name: Render Pretalx configuration
ansible.builtin.template:
src: etc/pretalx/pretalx.cfg.j2
dest: /etc/pretalx/pretalx.cfg
owner: "{{ pretalx_system_user }}"
group: "{{ pretalx_system_group }}"
mode: "0700"
notify: Restart Pretalx
- name: Create pretalx-cache container
community.podman.podman_container:
name: pretalx-cache
image: "{{ pretalx_cache_image }}:{{ pretalx_cache_image_tag }}"
restart_policy: unless-stopped
labels:
com.centurylinklabs.watchtower.enable: "{{ pretalx_watchtower_enabled | ternary('true', 'false') }}"
subuidname: "{{ pretix_system_user }}"
subgidname: "{{ pretix_system_user }}"
- name: Create pretalx container
community.podman.podman_container:
name: pretalx
image: "{{ pretalx_image }}:{{ pretalx_image_tag }}"
restart_policy: unless-stopped
ports:
- "{{ pretalx_http_hostaddr }}:{{ pretalx_http_hostport }}:80"
volumes:
- "/etc/pretalx:/etc/pretalx:ro"
- "{{ pretalx_system_home }}/data:/data"
- "{{ pretalx_system_home }}/public:/public"
- "/run/postgresql:/run/postgresql"
env:
PRETALX_FILESYSTEM_MEDIA: /public/media
PRETALX_FILESYSTEM_STATIC: /public/static
labels:
com.centurylinklabs.watchtower.enable: "{{ pretalx_watchtower_enabled | ternary('true', 'false') }}"
subuidname: "{{ pretix_system_user }}"
subgidname: "{{ pretix_system_user }}"

7
roles/pretalx/tasks/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Install Pretalx
ansible.builtin.import_tasks: install.yml
tags:
- "role::pretalx"
- "role::pretalx:install"

47
roles/pretalx/templates/etc/pretalx/pretalx.cfg.j2 Normal file
View file

@ -0,0 +1,47 @@
{{ ansible_managed | comment }}
[site]
debug=false
url={{ pretalx_url }}
[locale]
time_zone={{ pretalx_timezone }}Europe/Zurich
[database]
backend=postgresql
name={{ pretalx_postgresql_database }}
user={{ pretalx_postgresql_user }}
; password=*********
host=
[mail]
from={{ pretalx_mail_from }}
host={{ pretalx_mail_host }}
{% if pretalx_mail_tls_mode == 'starttls' %}
port={{ pretalx_mail_port or 587 }}
tls=on
ssl=off
{% elif pretalx_mail_tls_mode == 'tls' %}
port={{ pretalx_mail_port or 465 }}
tls=off
ssl=on
{% else %}
port={{ pretalx_mail_port or 25 }}
tls=off
ssl=off
{% endif %}
{% if pretalx_mail_username is not none and pretalx_mail_password is not none %}
user={{ pretalx_mail_username }}
password={{ pretalx_mail_password }}
{% endif %}
[redis]
location=redis://pretalx-cache:6379/{{ pretalx_valkey_db_offset }}
; Remove the following line if you are unsure about your redis' security
; to reduce impact if redis gets compromised.
sessions=true
[celery]
backend=redis://pretalx-cache:6379/{{ pretalx_valkey_db_offset + 1 }}
broker=redis://pretalx-cache:6379/{{ pretalx_valkey_db_offset + 2 }}

7
roles/pretix/handlers/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Restart Pretix
community.podman.podman_container:
name: pretix
state: started
restart: true

198
roles/pretix/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,198 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure Pretix.
description:
- Install and configure the L(Pretix,https://pretix.eu) conference ticketing software.
- "Execution of this role can be limited using the following tags:"
- "C(role::pretix:install): Install Pretix, Valkey and PostgreSQL"
- "C(role::pretix): Apply all of the above."
author: s3lph
options:
# Container image settings
pretix_image:
description:
- OCI Container image name for Pretix
type: str
default: docker.io/pretix/standalone
pretix_image_tag:
description:
- OCI Container image tag for Pretix
type: str
default: "2025.2"
pretix_cache_image:
description:
- OCI Container image name for Redis
type: str
default: docker.io/valkey/valkey
pretix_cache_image_tag:
description:
- OCI Container image tag for Redis
type: str
default: "8"
pretix_http_hostpaddr:
description:
- Host address to map to Pretix http port
type: str
default: "[::1]"
pretix_http_hostport:
description:
- Host port to map to Pretix http port
type: int
default: 8080
pretix_container_uid:
description:
- UID under which Pretix runs inside the container.
- On the host, this is offset by O(pretix_subuid_begin).
- You should not need to change this.
type: int
default: 15371
pretix_container_gid:
description:
- GID under which Pretix runs inside the container.
- On the host, this is offset by O(pretix_subgid_begin).
- You should not need to change this.
type: int
default: 15371
pretix_watchtower_enabled:
description:
- "Whether to enable automatic container updates through L(Watchtower,https://containrrr.dev/watchtower/)."
- "If this is true, you should set O(pretix_image_tag) to something other than V(latest) or V(stable)."
- "See also: M(s3lph.conference.watchtower)."
type: bool
default: false
# System user settings
pretix_system_group:
description:
- Name of the Pretix system group.
type: str
default: pretix
pretix_system_user:
description:
- Name of the Pretix system user.
type: str
default: pretix
pretix_system_home:
description:
- Home of the Pretix system user.
- The persistent Pretix data will be stored here.
type: str
default: /var/lib/pretix
pretix_subuid_begin:
description:
- First subordinate uid for the Pretix system user.
type: int
default: 100000
pretix_subuid_count:
description:
- Number of subordinate uids for the Pretix system user.
type: int
default: 65536
pretix_subgid_begin:
description:
- First subordinate gid for the Pretix system user.
type: int
default: 100000
pretix_subgid_count:
description:
- Number of subordinate gids for the Pretix system user.
type: int
default: 65536
# Database settings
pretix_postgresql_username:
description:
- PostgreSQL username to be used by Pretix.
type: str
default: pretix
#pretix_postgresql_password:
# description:
# - PostgreSQL password to be used by Pretix.
# type: str
# required: true
pretix_postgresql_database:
description:
- PostgreSQL database to be used by Pretix.
type: str
default: pretix
# pretix.cfg: main config section
pretix_instance_name:
description:
- Name of the Pretix installation.
type: str
default: My pretix installation
pretix_url:
description:
- Base URL of the Pretix installation.
type: str
default: https://pretix.example.org
pretix_currency:
description:
- Currency to use in the Pretix installation.
type: str
default: EUR
pretix_registration:
description:
- Whether user signup in the Pretix installation should be enabled.
type: bool
default: false
# pretix.cfg: mail config section
pretix_mail_from:
description:
- Address from which Pretix sends e-mail.
type: str
default: pretix@example.org
pretix_mail_host:
description:
- Host over which Pretix sends e-mail.
type: str
default: 172.17.0.1
pretix_mail_port:
description:
- Port over which Pretix sends e-mail.
- "The default depends on the value if O(pretix_tls_mode):"
- "O(pretix_tls_mode=none): V(25)"
- "O(pretix_tls_mode=tls): V(465)"
- "O(pretix_tls_mode=starttls): V(587)"
type: int
default: 0
pretix_mail_tls_mode:
description:
- TLS mode to use when Pretix sends e-mail.
type: str
choices: ["none", "tls", "starttls"]
default: "none"
pretix_mail_username:
description:
- If present, the username Pretix uses to send e-mail.
- "Only takes effect if O(pretix_mail_password) is set as well."
type: str
default: null
pretix_mail_password:
description:
- If present, the password Pretix uses to send e-mail.
- "Only takes effect if O(pretix_mail_username) is set as well."
type: str
default: null
# pretix.cfg: redis config section
pretix_valkey_db_offset:
description:
- Valkey database index offset to be used by Pretix.
- Pretix uses this and the following two database indices.
type: int
default: 0
# Cronjob
pretix_cron:
description:
- The cron expression of when to execute Pretix jobs.
type: str
default: "*/15 * * * *"

42
roles/pretix/meta/main.yml Normal file
View file

@ -0,0 +1,42 @@
---
# SPDX-License-Identifier: MIT
galaxy_info:
author: s3lph
description: Install and configure Pretix.
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
issue_tracker_url: https://git.kabelsalat.ch/s3lph/ansible-collection-conference/issues
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: MIT
min_ansible_version: "2.15"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
platforms:
- name: Debian
versions:
- bullseye
- bookworm
- trixie
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

119
roles/pretix/tasks/install.yml Normal file
View file

@ -0,0 +1,119 @@
---
- name: Install dependencies
ansible.builtin.package:
name:
- podman
- postgresql
- python3-psycopg2
- name: Create pretix group
ansible.builtin.group:
name: "{{ pretix_system_group }}"
- name: Create pretix user
ansible.builtin.user:
name: "{{ pretix_system_user }}"
group: "{{ pretix_system_group }}"
home: "{{ pretix_system_home }}"
password: '!'
shell: /usr/sbin/nologin
comment: Pretix
- name: Create subuid entry
ansible.builtin.lineinfile:
path: /etc/subuid
line: "{{ pretix_system_user }}:{{ pretix_subuid_begin }}:{{ pretix_subuid_count }}"
regexp: "^{{ pretix_system_user }}:"
create: true
owner: root
group: root
mode: "0644"
- name: Create subgid entry
ansible.builtin.lineinfile:
path: /etc/subgid
line: "{{ pretix_system_user }}:{{ pretix_subgid_begin }}:{{ pretix_subgid_count }}"
regexp: "^{{ pretix_system_user }}:"
create: true
owner: root
group: root
mode: "0644"
- name: Create pretix data directory
ansible.builtin.file:
path: "{{ pretix_system_home }}/data"
state: directory
owner: "{{ pretix_subuid_begin + pretix_container_uid }}"
group: "{{ pretix_subgid_begin + pretix_container_gid }}"
mode: "0700"
- name: Create PostgreSQL user
community.postgresql.postgresql_user:
name: "{{ pretix_postgresql_username }}"
#password: "{{ pretix_postgresql_password }}"
#no_password_changes: true
- name: Create PostgreSQL database
community.postgresql.postgresql_db:
name: "{{ pretix_postgresql_database }}"
owner: "{{ pretix_postgresql_username }}"
- name: Create Pretix configuration directory
ansible.builtin.file:
path: /etc/pretix
owner: "{{ pretix_system_user }}"
group: "{{ pretix_system_group }}"
mode: "0755"
state: directory
- name: Render Pretix configuration
ansible.builtin.template:
src: etc/pretix/pretix.cfg.j2
dest: /etc/pretix/pretix.cfg
owner: "{{ pretix_system_user }}"
group: "{{ pretix_system_group }}"
mode: "0700"
notify: Restart Pretix
- name: Create pretix-cache container
containers.podman.podman_container:
name: pretix-cache
image: "{{ pretix_cache_image }}:{{ pretix_cache_image_tag }}"
restart_policy: unless-stopped
labels:
com.centurylinklabs.watchtower.enable: "{{ pretix_watchtower_enabled | ternary('true', 'false') }}"
subuidname: "{{ pretix_system_user }}"
subgidname: "{{ pretix_system_user }}"
- name: Create pretix container
containers.podman.podman_container:
name: pretix
image: "{{ pretix_image }}:{{ pretix_image_tag }}"
command: "all"
restart_policy: unless-stopped
ports:
- "{{ pretix_http_hostaddr }}:{{ pretix_http_hostport }}:80"
volumes:
- "/etc/pretix:/etc/pretix:ro"
- "{{ pretix_system_home }}/data:/data"
- "/run/postgresql:/run/postgresql"
sysctl:
net.core.somaxconn: "4096"
subuidname: "{{ pretix_system_user }}"
subgidname: "{{ pretix_system_user }}"
labels:
com.centurylinklabs.watchtower.enable: "{{ pretix_watchtower_enabled | ternary('true', 'false') }}"
- name: Run Pretix upgrade
containers.podman.podman_container_exec:
container: pretix
command: pretix upgrade
- name: Render Pretix cronjob
ansible.builtin.template:
src: etc/cron.d/pretix.j2
dest: /etc/cron.d/pretix
owner: root
group: root
mode: "0644"

7
roles/pretix/tasks/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Install Pretix
ansible.builtin.import_tasks: install.yml
tags:
- "role::pretix"
- "role::pretix:install"

3
roles/pretix/templates/etc/cron.d/pretix.j2 Normal file
View file

@ -0,0 +1,3 @@
{{ ansible_managed | comment }}
{{ pretix_cron }} {{ pretix_system_user }} podmap exec pretix cron

47
roles/pretix/templates/etc/pretix/pretix.cfg.j2 Normal file
View file

@ -0,0 +1,47 @@
{{ ansible_managed | comment }}
instance_name={{ pretix_instance_name }}
url={{ pretix_url }}
currency={{ pretix_currency }}
datadir=/data
trust_x_forwarded_for=on
trust_x_forwarded_proto=on
registration={{ pretix_registration | ternary('on', 'off') }}
[database]
backend=postgresql
name={{ pretix_postgresql_database }}
user={{ pretix_postgresql_user }}
host=
[mail]
from={{ pretix_mail_from }}
host={{ pretix_mail_host }}
{% if pretix_mail_tls_mode == 'starttls' %}
port={{ pretix_mail_port or 587 }}
tls=on
ssl=off
{% elif pretix_mail_tls_mode == 'tls' %}
port={{ pretix_mail_port or 465 }}
tls=off
ssl=on
{% else %}
port={{ pretix_mail_port or 25 }}
tls=off
ssl=off
{% endif %}
{% if pretix_mail_username is not none and pretix_mail_password is not none %}
user={{ pretix_mail_username }}
password={{ pretix_mail_password }}
{% endif %}
[redis]
location=redis://pretix-cache:6379/{{ pretix_valkey_db_offset }}
; Remove the following line if you are unsure about your redis' security
; to reduce impact if redis gets compromised.
sessions=true
[celery]
backend=redis://pretix-cache:6379/{{ pretix_valkey_db_offset + 1 }}
broker=redis://pretix-cache:6379/{{ pretix_valkey_db_offset + 2 }}

42
roles/watchtower/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,42 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure Watchtower.
description:
- Install and configure L(Watchtower,https://containrrr.dev/watchtower/).
- "Execution of this role can be limited using the following tags:"
- "C(role::watchtower:install): Install Podman and Watchtower"
- "C(role::watchtower): Apply all of the above."
author: s3lph
options:
watchtower_image:
description:
- The name of the OCI image to run.
- "See also: O(watchtower_image_tag)."
type: str
default: docker.io/containrrr/watchtower
watchtower_image_tag:
description:
- The tag of the OCI image to run
- "See also: O(watchtower_image)."
type: str
default: latest
watchtower_schedule:
description:
- Cron expression of when containers should be updated.
- If omitted, default to once every 24h without specifying a point in time.
type: str
watchtower_label_enable:
description:
- Whether Watchtower support has to be enabled explicitly via container labels.
type: bool
default: true
watchtower_update_self:
description:
- Whether Watchtower should update itself as well.
type: bool
default: true

42
roles/watchtower/meta/main.yml Normal file
View file

@ -0,0 +1,42 @@
---
# SPDX-License-Identifier: MIT
galaxy_info:
author: s3lph
description: Install and configure Watchtower.
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
issue_tracker_url: https://git.kabelsalat.ch/s3lph/ansible-collection-conference/issues
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: MIT
min_ansible_version: "2.15"
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
platforms:
- name: Debian
versions:
- bullseye
- bookworm
- trixie
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

25
roles/watchtower/tasks/install.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: Install dependencies
ansible.builtin.package:
name:
- podman
- name: Enable podman socket
ansible.builtin.systemd_service:
name: podman.socket
state: started
enabled: true
- name: Create Watchtower container
community.podman.podman_container:
name: watchtower
image: "{{ watchtower_image }}:{{ watchtower_image_tag }}"
env:
WATCHTOWER_SCHEDULE: "{{ watchtower_schedule | default(omit) }}"
WATCHTOWER_LABEL_ENABLE: "{{ watchtower_label_enable | default(omit) }}"
restart_policy: unless-stopped
volumes:
- "/run/podman/podman.sock:/var/run/docker.sock"
labels:
com.centurylinklabs.watchtower.enable: "{{ watchtower_update_self | ternary('true', 'false') }}"

7
roles/watchtower/tasks/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Install Watchtower
ansible.builtin.import_tasks: install.yml
tags:
- "role::watchtower"
- "role::watchtower:install"