feat(pretix): add ansible role and playbook

README.md

@@ -29,6 +29,8 @@ concise area of concern.
 - [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
   installation using the upstream provided docker-compose setup.
 
+- [`pretix`](roles/pretix/README.md): Deploy [pretix](https://pretix.eu), the open source online ticketing solution.
+
 - [`snipe_it`](roles/snipe_it/README.md): Deploys [Snipe-IT](https://snipeitapp.com/),
   the free and open-source IT asset (and license) management with a powerful REST API
 

galaxy.yml

@@ -24,3 +24,4 @@ tags:
   - snipeit
   - docker
   - phpldapadmin
+  - pretix

playbooks/pretix.yml

@@ -1,32 +1,99 @@
 ---
+- import_playbook: finallycoffee.databases.postgresql_client
+  when: pretix_configure_postgresql | default(true)
+  vars:
+    postgresql_hosts: "{{ pretix_hosts | default('pretix') }}"
+    postgresql_become: >-2
+      {{ pretix_postgresql_client_become | default(pretix_become | default(true)) }}
+    postgresql_client_database: "{{ pretix_postgresql_database | default('pretix') }}"
+    postgresql_client_username: "{{ pretix_postgresql_user | default('pretix') }}"
+    postgresql_client_password: >-2
+      {{ pretix_postgresql_password | mandatory(msg='pretix postgresql password is required') }}
+
+- import_playbook: finallycoffee.databases.valkey
+  when: pretix_configure_valkey | default(true)
+  vars:
+    valkey_hosts: "{{ pretix_hosts | default('pretix') }}"
+    valkey_instance: "pretix"
+    valkey_secret: "{{ pretix_redis_secret | mandatory(msg='pretix valkey secret is required') }}"
+    valkey_config_user:
+      - "default on +@all -DEBUG ~* &* >{{ pretix_redis_secret }}"
+    valkey_container_ports:
+      - "{{ pretix_redis_bind_addr | default('127.0.10.1:6739') }}:{{ valkey_config_port }}"
+    valkey_config_bind:
+      - "0.0.0.0"
+      - "-::"
+
 - name: Install and configure pretix
   hosts: "{{ pretix_hosts | default('pretix') }}"
   become: "{{ pretix_become | default(true) }}"
   gather_facts: "{{ pretix_gather_facts | default(false) }}"
   roles:
-    - role: finallycoffee.databases.postgresql_client
+    - role: finallycoffee.services.pretix
       vars:
-        postgresql_become: >-2
-          {{ pretix_postgresql_client_become | default(pretix_become | default(true)) }}
-        postgresql_client_database: "{{ pretix_postgresql_database }}"
-        postgresql_client_username: "{{ pretix_postgresql_user }}"
-        postgresql_client_password: "{{ pretix_postgresql_password }}"
-    - role: finallycoffee.databases.valkey
-      vars:
-        valkey_instance: "pretix"
-        valkey_secret: "{{ pretix_redis_secret }}"
-        valkey_config_user:
-          - "default on +@all -DEBUG ~* >{{ pretix_redis_secret }}"
-        valkey_container_ports:
-          - "{{ pretix_redis_bind_addr }}:{{ valkey_config_port }}"
-    - role: pretix
-      vars:
-        pretix_config_database_name: "{{ pretix_postgresql_database }}"
-        pretix_config_database_user: "{{ pretix_postgresql_user }}"
+        pretix_config_url: "https://{{ pretix_domain }}"
+        pretix_config_database_name: "{{ pretix_postgresql_database | default('pretix') }}"
+        pretix_config_database_user: "{{ pretix_postgresql_user | default('pretix') }}"
         pretix_config_database_password: "{{ pretix_postgresql_password }}"
+        pretix_config_redis_location: >-2
+          redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/0
+        pretix_config_celery_backend: >-2
+          redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/1
+        pretix_config_celery_broker: >-2
+          redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/2
+    - role: finallycoffee.base.nginx
+      when: pretix_configure_nginx | default(true)
+      vars:
+        nginx_container_name: "nginx-pretix"
+        nginx_container_labels: "{{ pretix_nginx_container_labels | default({}, true) }}"
+        nginx_config_file: "{{ nginx_base_path }}/nginx-pretix.conf"
+        nginx_config: |+
+          server {
+              listen 80 default_server;
+              server_name {{ pretix_domain }};
+              add_header Referrer-Policy same-origin;
+              add_header X-Content-Type-Options nosniff;
+              location / {
+                  proxy_pass http://{{ pretix_config_wsgi_bind_addr }};
+                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                  proxy_set_header X-Forwarded-Proto https;
+                  proxy_set_header Host $http_host;
+              }
+              location /media/ {
+                  alias {{ pretix_media_dir }}/;
+                  expires 7d;
+                  access_log off;
+              }
+              location ^~ /media/cachedfiles {
+                  deny all;
+                  return 404;
+              }
+              location ^~ /media/invoices {
+                  deny all;
+                  return 404;
+              }
+              location /static/staticfiles.json {
+                  deny all;
+                  return 404;
+              }
+              location /static/CACHE/manifest.json {
+                  deny all;
+                  return 404;
+              }
+              location /static/ {
+                  alias {{ pretix_static_asset_dir }};
+                  access_log off;
+                  expires 365d;
+                  add_header Cache-Control "public";
+              }
+          }
+        pretix_python_version: >-2
+          python{{ ansible_python.version.major }}.{{ ansible_python.version.minor }}
+        pretix_static_asset_dir: >-2
+          {{ pretix_virtualenv_dir }}/lib/{{ pretix_python_version }}/site-packages/pretix/static.dist/
+        nginx_container_volumes:
+          - "{{ nginx_config_file }}:/etc/nginx/conf.d/nginx.conf:ro"
+          - "{{ pretix_media_dir }}:{{ pretix_media_dir }}:ro"
+          - "{{ pretix_static_asset_dir }}:{{ pretix_static_asset_dir }}:ro"
   vars:
-    pretix_postgresql_user: "pretix"
-    pretix_postgresql_password: ~
-    pretix_postgresql_database: "pretix"
-    pretix_redis_secret: ~
     pretix_redis_bind_addr: "127.0.10.1:6739"

playbooks/pretix_postgresql_valkey.yml

@@ -1,96 +0,0 @@
----
-- import_playbook: finallycoffee.databases.postgresql_client
-  vars:
-    postgresql_hosts: "{{ pretix_hosts | default('pretix') }}"
-    postgresql_become: >-2
-      {{ pretix_postgresql_client_become | default(pretix_become | default(true)) }}
-    postgresql_client_database: "{{ pretix_postgresql_database | default('pretix') }}"
-    postgresql_client_username: "{{ pretix_postgresql_user | default('pretix') }}"
-    postgresql_client_password: >-2
-      {{ pretix_postgresql_password | mandatory(msg='pretix postgresql password is required') }}
-
-- import_playbook: finallycoffee.databases.valkey
-  vars:
-    valkey_hosts: "{{ pretix_hosts | default('pretix') }}"
-    valkey_instance: "pretix"
-    valkey_secret: "{{ pretix_redis_secret | mandatory(msg='pretix valkey secret is required') }}"
-    valkey_config_user:
-      - "default on +@all -DEBUG ~* &* >{{ pretix_redis_secret }}"
-    valkey_container_ports:
-      - "{{ pretix_redis_bind_addr | default('127.0.10.1:6739') }}:{{ valkey_config_port }}"
-    valkey_config_bind:
-      - "0.0.0.0"
-      - "-::"
-
-- name: Install and configure pretix
-  hosts: "{{ pretix_hosts | default('pretix') }}"
-  become: "{{ pretix_become | default(true) }}"
-  gather_facts: "{{ pretix_gather_facts | default(false) }}"
-  roles:
-    - role: finallycoffee.services.pretix
-      vars:
-        pretix_config_url: "https://{{ pretix_domain }}"
-        pretix_config_database_name: "{{ pretix_postgresql_database | default('pretix') }}"
-        pretix_config_database_user: "{{ pretix_postgresql_user | default('pretix') }}"
-        pretix_config_database_password: "{{ pretix_postgresql_password }}"
-        pretix_config_redis_location: >-2
-          redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/0
-        pretix_config_celery_backend: >-2
-          redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/1
-        pretix_config_celery_broker: >-2
-          redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/2
-    - role: finallycoffee.base.nginx
-      vars:
-        nginx_container_name: "nginx-pretix"
-        nginx_container_labels: "{{ pretix_nginx_container_labels | default({}, true) }}"
-        nginx_config_file: "{{ nginx_base_path }}/nginx-pretix.conf"
-        nginx_config: |+
-          server {
-              listen 80 default_server;
-              server_name {{ pretix_domain }};
-              add_header Referrer-Policy same-origin;
-              add_header X-Content-Type-Options nosniff;
-              location / {
-                  proxy_pass http://{{ pretix_config_wsgi_bind_addr }};
-                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                  proxy_set_header X-Forwarded-Proto https;
-                  proxy_set_header Host $http_host;
-              }
-              location /media/ {
-                  alias {{ pretix_media_dir }}/;
-                  expires 7d;
-                  access_log off;
-              }
-              location ^~ /media/cachedfiles {
-                  deny all;
-                  return 404;
-              }
-              location ^~ /media/invoices {
-                  deny all;
-                  return 404;
-              }
-              location /static/staticfiles.json {
-                  deny all;
-                  return 404;
-              }
-              location /static/CACHE/manifest.json {
-                  deny all;
-                  return 404;
-              }
-              location /static/ {
-                  alias {{ pretix_static_asset_dir }};
-                  access_log off;
-                  expires 365d;
-                  add_header Cache-Control "public";
-              }
-          }
-        pretix_python_version: >-2
-          python{{ ansible_python.version.major }}.{{ ansible_python.version.minor }}
-        pretix_static_asset_dir: >-2
-          {{ pretix_virtualenv_dir }}/lib/{{ pretix_python_version }}/site-packages/pretix/static.dist/
-        nginx_container_volumes:
-          - "{{ nginx_config_file }}:/etc/nginx/conf.d/nginx.conf:ro"
-          - "{{ pretix_media_dir }}:{{ pretix_media_dir }}:ro"
-          - "{{ pretix_static_asset_dir }}:{{ pretix_static_asset_dir }}:ro"
-  vars:
-    pretix_redis_bind_addr: "127.0.10.1:6739"

roles/authelia/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-authelia_version: "4.39.9"
+authelia_version: "4.39.10"
 authelia_user: authelia
 authelia_base_dir: /opt/authelia
 authelia_domain: authelia.example.org

roles/keycloak/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-keycloak_version: "26.3.3"
+keycloak_version: "26.3.5"
 keycloak_container_name: keycloak
 
 keycloak_container_image_upstream_registry: quay.io

roles/phpldapadmin/defaults/main/main.yml

@@ -1,5 +1,5 @@
 ---
-phpldapadmin_version: "2.3.1"
+phpldapadmin_version: "2.3.3"
 
 phpldapadmin_state: present
 phpldapadmin_deployment_method: docker

roles/pretix/README.md

@@ -1,5 +1,43 @@
 # `finallycoffee.services.pretix` ansible role
 
+Deploy [pretix](https://pretix.eu) using ansible. Note that this
+role does not configure pretix beyond its own configuration file,
+and requires changing a default admin password after a successful
+installation.
+
+## Configuration
+
+For all available configuration options, see [`defaults/main/config.yml`](defaults/main/config.yml)
+and other supporting files in the [`defaults/main/`](defaults/main/) folder.
+
+To add custom configuration to pretix, populate them in `pretix_config`,
+where they will be (recusively) merged into the default configuration.
+
+### Required
+
+- `pretix_domain`: domain of the pretix instance
+- `pretix_postgresql_password`: password for the (default: postgresql) database
+- `pretix_config_redis_location`: connection string for the main pretix redis database
+- `pretix_config_celery_backend`: connection string for the celery backend, can be a (different!) redis database
+- `pretix_config_celery_broker`: connection string for the celery broker, can be a (yet another different) redis database
+
+For examples on how a redis server (like valkey) can be configured
+for redis, see [`playbooks/pretix.yml`](../../playbooks/pretix.yml).
+
+### Mailing
+
+Set up mails in pretix by populating the following variables:
+- `pretix_config_mail_host`: domain/IP and optional port of the SMTP server
+- `pretix_config_mail_user`: SMTP user to authenticate
+- `pretix_config_mail_password`: password for the SMTP user
+
+### Plugins
+
+To install more plugins, list the wanted `pypi` packages as a list in
+`pretix_plugins`. They will be installed in the created virtualenv, and migrations and an asset rebuild will be automatically started.
+
+If your plugin requires custom configuration (f.ex.: `pretix-oidc`),
+add the configuration into `pretix_config`.
 
 ## Troubleshooting
 

roles/pretix/defaults/main/systemd.yml

@@ -45,5 +45,6 @@ pretix_cron_systemd_timer_description: "pretix cron timer"
 pretix_cron_systemd_timer_file_path: >-2
   /etc/systemd/system/{{ pretix_cron_systemd_timer_name }}
 pretix_cron_systemd_timer_on_active_sec: 1800
-pretix_cron_systemd_timer_on_startup_sec: 1800
+pretix_cron_systemd_timer_on_startup_sec: >-2
+  {{ pretix_cron_systemd_timer_on_active_sec }}
 pretix_cron_systemd_timer_accuracy_sec: 60

roles/snipe_it/defaults/main/main.yml

@@ -1,6 +1,6 @@
 ---
 snipe_it_user: snipeit
-snipe_it_version: "8.3.1"
+snipe_it_version: "8.3.2"
 snipe_it_domain: ~
 snipe_it_state: present
 snipe_it_deployment_method: docker