188 lines
5.2 KiB
YAML
188 lines
5.2 KiB
YAML
---
|
|
|
|
- name: Install dependencies
|
|
ansible.builtin.package:
|
|
name:
|
|
- acl
|
|
- podman
|
|
- postgresql
|
|
- python3-psycopg2
|
|
|
|
- name: Create pretalx group
|
|
ansible.builtin.group:
|
|
name: "{{ pretalx_system_group }}"
|
|
|
|
- name: Create pretalx user
|
|
ansible.builtin.user:
|
|
name: "{{ pretalx_system_user }}"
|
|
group: "{{ pretalx_system_group }}"
|
|
home: "{{ pretalx_system_home }}"
|
|
password: '!'
|
|
shell: /usr/sbin/nologin
|
|
comment: Pretalx
|
|
|
|
- name: Create subuid entry
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/subuid
|
|
line: "{{ pretalx_system_user }}:{{ pretalx_subuid_begin }}:{{ pretalx_subuid_count }}"
|
|
regexp: "^{{ pretalx_system_user }}:"
|
|
create: true
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Create subgid entry
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/subgid
|
|
line: "{{ pretalx_system_user }}:{{ pretalx_subgid_begin }}:{{ pretalx_subgid_count }}"
|
|
regexp: "^{{ pretalx_system_user }}:"
|
|
create: true
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Create pretalx directories
|
|
ansible.builtin.file:
|
|
path: "{{ pretalx_system_home }}/{{ item }}"
|
|
state: directory
|
|
owner: "{{ pretalx_subuid_begin + pretalx_container_uid }}"
|
|
group: "{{ pretalx_subgid_begin + pretalx_container_gid }}"
|
|
mode: "0750"
|
|
loop:
|
|
- data
|
|
- public
|
|
|
|
- name: Collect PostgreSQL version and extensions
|
|
become: true
|
|
become_user: postgres
|
|
community.postgresql.postgresql_info:
|
|
filter: ver*,ext*
|
|
register: pretalx_register_postgresql_info
|
|
|
|
- name: Create pg_hba entry
|
|
community.postgresql.postgresql_pg_hba:
|
|
dest: "/etc/postgresql/{{ pretalx_register_postgresql_info.version.major }}/main/pg_hba.conf"
|
|
owner: postgres
|
|
group: postgres
|
|
mode: "0644"
|
|
contype: local
|
|
databases: "{{ pretalx_postgresql_database }}"
|
|
users: "{{ pretalx_postgresql_username }}"
|
|
method: scram-sha-256
|
|
comment: "Ansible managed"
|
|
register: pretalx_register_pg_hba
|
|
|
|
- name: Restart PostgreSQL
|
|
ansible.builtin.systemd_service:
|
|
name: postgresql.service
|
|
state: reloaded
|
|
when: pretalx_register_pg_hba.changed # noqa no-handler
|
|
|
|
- name: Create PostgreSQL user
|
|
become: true
|
|
become_user: postgres
|
|
community.postgresql.postgresql_user:
|
|
name: "{{ pretalx_postgresql_username }}"
|
|
password: "{{ pretalx_postgresql_password }}"
|
|
no_password_changes: true
|
|
|
|
- name: Create PostgreSQL database
|
|
become: true
|
|
become_user: postgres
|
|
community.postgresql.postgresql_db:
|
|
name: "{{ pretalx_postgresql_database }}"
|
|
owner: "{{ pretalx_postgresql_username }}"
|
|
|
|
- name: Create Pretalx configuration directory
|
|
ansible.builtin.file:
|
|
path: /etc/pretalx
|
|
owner: "{{ pretalx_system_user }}"
|
|
group: "{{ pretalx_system_group }}"
|
|
mode: "0755"
|
|
state: directory
|
|
|
|
- name: Render Pretalx configuration
|
|
ansible.builtin.template:
|
|
src: etc/pretalx/pretalx.cfg.j2
|
|
dest: /etc/pretalx/pretalx.cfg
|
|
owner: "{{ pretalx_subuid_begin + pretalx_container_uid }}"
|
|
group: "{{ pretalx_subgid_begin + pretalx_container_gid }}"
|
|
mode: "0700"
|
|
notify: Restart Pretalx
|
|
|
|
- name: Render Pretalx supervisord config
|
|
ansible.builtin.template:
|
|
src: etc/pretalx/supervisord.conf.j2
|
|
dest: /etc/pretalx/supervisord.conf
|
|
owner: "{{ pretalx_subuid_begin }}"
|
|
group: "{{ pretalx_subgid_begin }}"
|
|
mode: "0644"
|
|
notify: Restart Pretalx
|
|
|
|
- name: Create pretalx network
|
|
containers.podman.podman_network:
|
|
name: pretalx
|
|
ipv6: true
|
|
|
|
- name: Create pretalx-cache container
|
|
containers.podman.podman_container:
|
|
name: pretalx-cache
|
|
image: "{{ pretalx_cache_image }}:{{ pretalx_cache_image_tag }}"
|
|
network:
|
|
- pretalx
|
|
subuidname: "{{ pretalx_system_user }}"
|
|
subgidname: "{{ pretalx_system_user }}"
|
|
generate_systemd:
|
|
path: /etc/systemd/system
|
|
|
|
- name: Create pretalx container
|
|
containers.podman.podman_container:
|
|
name: pretalx
|
|
image: "{{ pretalx_image }}:{{ pretalx_image_tag }}"
|
|
network:
|
|
- pretalx
|
|
ports:
|
|
- "{{ pretalx_http_hostaddr }}:{{ pretalx_http_hostport }}:8080"
|
|
volumes:
|
|
- "/etc/pretalx/pretalx.cfg:/etc/pretalx/pretalx.cfg:ro"
|
|
- "/etc/pretalx/supervisord.conf:/etc/supervisord.conf:ro"
|
|
- "{{ pretalx_system_home }}/data:/data"
|
|
- "{{ pretalx_system_home }}/public:/public"
|
|
- "/run/postgresql:/run/postgresql"
|
|
env:
|
|
PRETALX_FILESYSTEM_MEDIA: /public/media
|
|
PRETALX_FILESYSTEM_STATIC: /public/static
|
|
GUNICORN_BIND_ADDR: "[::]:8080"
|
|
subuidname: "{{ pretalx_system_user }}"
|
|
subgidname: "{{ pretalx_system_user }}"
|
|
generate_systemd:
|
|
path: /etc/systemd/system
|
|
|
|
- name: Run pretalx migrate
|
|
containers.podman.podman_container_exec:
|
|
name: pretalx
|
|
command: pretalx migrate
|
|
|
|
- name: Run pretalx rebuild
|
|
containers.podman.podman_container_exec:
|
|
name: pretalx
|
|
command: pretalx rebuild
|
|
|
|
# TODO: Replace with Quadlets on Debian 13
|
|
- name: Start and enable systemd-managed podman containers
|
|
ansible.builtin.systemd_service:
|
|
name: "container-{{ item }}.service"
|
|
state: started
|
|
enabled: true
|
|
daemon_reload: true
|
|
loop:
|
|
- pretalx-cache
|
|
- pretalx
|
|
|
|
- name: Render Pretalx cronjob
|
|
ansible.builtin.template:
|
|
src: etc/cron.d/pretalx.j2
|
|
dest: /etc/cron.d/pretalx
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|