Compare commits
	
		
			73 Commits
		
	
	
		
			transcaffe
			...
			0.2.1
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 3286c56929 | |||
| cd4fac6372 | |||
| 22cce2bf06 | |||
| 22c1e9d179 | |||
| acc7ae289b | |||
| 3adb3d4d6d | |||
| 86cea40cfc | |||
| 066a5f2c59 | |||
| ce14010fee | |||
| e6f0c912d5 | |||
| 8838e17624 | |||
| 5d8845c075 | |||
| c593006de1 | |||
| 55363ef3ae | |||
| 504b54f7ef | |||
| bca5e68288 | |||
| 04f62eb021 | |||
| 887fd4055f | |||
| 873dc4894a | |||
| 1b979d54d3 | |||
| a1aea3ba10 | |||
| 7360beb85d | |||
| c5d66a4bc3 | |||
| c1643a2a06 | |||
| 6b004e3477 | |||
| b6e0a88716 | |||
| ae24dcfd9b | |||
| 5457046433 | |||
| 61be252a50 | |||
| 20867e7a36 | |||
| 5fbe6325d0 | |||
| f3aa284efa | |||
| 94a73bd3a9 | |||
| b66213e29d | |||
| 79a39e1aca | |||
| 448975a12f | |||
| 9cde7b3961 | |||
| 0b1ac4957e | |||
| ef83afc453 | |||
| 4d266054d4 | |||
| 15810fd6dc | |||
| df5f37bd5a | |||
| 6a5f04f751 | |||
| 63803053dc | |||
| 0d07413608 | |||
| f46812872c | |||
| 9861de8914 | |||
| b73d10f31e | |||
| a38ded822f | |||
| 52a8630554 | |||
| d0cbff5d20 | |||
| 3a52c20914 | |||
| 017edc5ee5 | |||
| f8a5b865ae | |||
| a3f750c17d | |||
| b12a374ef1 | |||
| aa6bf10e97 | |||
| 78beaa1814 | |||
| fcbcb39e55 | |||
| a7b6189fa3 | |||
| cd0e305d34 | |||
| d09baa48fa | |||
| 3bb6928fad | |||
| bce1d4ecee | |||
| 4de87f2407 | |||
| 2984018cd2 | |||
| 536c988d64 | |||
| ef34c4de67 | |||
| f23a3538bd | |||
| 503c421b2f | |||
| 46f26900fc | |||
| 0b9bfc1646 | |||
| 79c8b6537e | 
| @@ -29,6 +29,8 @@ concise area of concern. | |||||||
| - [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org) | - [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org) | ||||||
|   installation using the upstream provided docker-compose setup. |   installation using the upstream provided docker-compose setup. | ||||||
|  |  | ||||||
|  | - [`pretix`](roles/pretix/README.md): Deploy [pretix](https://pretix.eu), the open source online ticketing solution. | ||||||
|  |  | ||||||
| - [`snipe_it`](roles/snipe_it/README.md): Deploys [Snipe-IT](https://snipeitapp.com/), | - [`snipe_it`](roles/snipe_it/README.md): Deploys [Snipe-IT](https://snipeitapp.com/), | ||||||
|   the free and open-source IT asset (and license) management with a powerful REST API |   the free and open-source IT asset (and license) management with a powerful REST API | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,13 +1,14 @@ | |||||||
| namespace: finallycoffee | namespace: finallycoffee | ||||||
| name: services | name: services | ||||||
| version: "0.1.15" | version: "0.2.1" | ||||||
| readme: README.md | readme: README.md | ||||||
| authors: | authors: | ||||||
| - transcaffeine <transcaffeine@finally.coffee> | - transcaffeine <transcaffeine@finally.coffee> | ||||||
| description: Various ansible roles useful for automating infrastructure | description: Various ansible roles useful for automating infrastructure | ||||||
| dependencies: | dependencies: | ||||||
|   "community.crypto": "^2.22.0" |   "community.general": "^11.0.0" | ||||||
|   "community.docker": "^4.0.0" |   "community.crypto": "^3.0.3" | ||||||
|  |   "community.docker": "^4.7.0" | ||||||
|   "containers.podman": "^1.16.0" |   "containers.podman": "^1.16.0" | ||||||
| license_file: LICENSE.md | license_file: LICENSE.md | ||||||
| build_ignore: | build_ignore: | ||||||
| @@ -23,3 +24,4 @@ tags: | |||||||
|   - snipeit |   - snipeit | ||||||
|   - docker |   - docker | ||||||
|   - phpldapadmin |   - phpldapadmin | ||||||
|  |   - pretix | ||||||
|   | |||||||
							
								
								
									
										99
									
								
								playbooks/pretix.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										99
									
								
								playbooks/pretix.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,99 @@ | |||||||
|  | --- | ||||||
|  | - import_playbook: finallycoffee.databases.postgresql_client | ||||||
|  |   when: pretix_configure_postgresql | default(true) | ||||||
|  |   vars: | ||||||
|  |     postgresql_hosts: "{{ pretix_hosts | default('pretix') }}" | ||||||
|  |     postgresql_become: >-2 | ||||||
|  |       {{ pretix_postgresql_client_become | default(pretix_become | default(true)) }} | ||||||
|  |     postgresql_client_database: "{{ pretix_postgresql_database | default('pretix') }}" | ||||||
|  |     postgresql_client_username: "{{ pretix_postgresql_user | default('pretix') }}" | ||||||
|  |     postgresql_client_password: >-2 | ||||||
|  |       {{ pretix_postgresql_password | mandatory(msg='pretix postgresql password is required') }} | ||||||
|  |  | ||||||
|  | - import_playbook: finallycoffee.databases.valkey | ||||||
|  |   when: pretix_configure_valkey | default(true) | ||||||
|  |   vars: | ||||||
|  |     valkey_hosts: "{{ pretix_hosts | default('pretix') }}" | ||||||
|  |     valkey_instance: "pretix" | ||||||
|  |     valkey_secret: "{{ pretix_redis_secret | mandatory(msg='pretix valkey secret is required') }}" | ||||||
|  |     valkey_config_user: | ||||||
|  |       - "default on +@all -DEBUG ~* &* >{{ pretix_redis_secret }}" | ||||||
|  |     valkey_container_ports: | ||||||
|  |       - "{{ pretix_redis_bind_addr | default('127.0.10.1:6739') }}:{{ valkey_config_port }}" | ||||||
|  |     valkey_config_bind: | ||||||
|  |       - "0.0.0.0" | ||||||
|  |       - "-::" | ||||||
|  |  | ||||||
|  | - name: Install and configure pretix | ||||||
|  |   hosts: "{{ pretix_hosts | default('pretix') }}" | ||||||
|  |   become: "{{ pretix_become | default(true) }}" | ||||||
|  |   gather_facts: "{{ pretix_gather_facts | default(false) }}" | ||||||
|  |   roles: | ||||||
|  |     - role: finallycoffee.services.pretix | ||||||
|  |       vars: | ||||||
|  |         pretix_config_url: "https://{{ pretix_domain }}" | ||||||
|  |         pretix_config_database_name: "{{ pretix_postgresql_database | default('pretix') }}" | ||||||
|  |         pretix_config_database_user: "{{ pretix_postgresql_user | default('pretix') }}" | ||||||
|  |         pretix_config_database_password: "{{ pretix_postgresql_password }}" | ||||||
|  |         pretix_config_redis_location: >-2 | ||||||
|  |           redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/0 | ||||||
|  |         pretix_config_celery_backend: >-2 | ||||||
|  |           redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/1 | ||||||
|  |         pretix_config_celery_broker: >-2 | ||||||
|  |           redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/2 | ||||||
|  |     - role: finallycoffee.base.nginx | ||||||
|  |       when: pretix_configure_nginx | default(true) | ||||||
|  |       vars: | ||||||
|  |         nginx_container_name: "nginx-pretix" | ||||||
|  |         nginx_container_labels: "{{ pretix_nginx_container_labels | default({}, true) }}" | ||||||
|  |         nginx_config_file: "{{ nginx_base_path }}/nginx-pretix.conf" | ||||||
|  |         nginx_config: |+ | ||||||
|  |           server { | ||||||
|  |               listen 80 default_server; | ||||||
|  |               server_name {{ pretix_domain }}; | ||||||
|  |               add_header Referrer-Policy same-origin; | ||||||
|  |               add_header X-Content-Type-Options nosniff; | ||||||
|  |               location / { | ||||||
|  |                   proxy_pass http://{{ pretix_config_wsgi_bind_addr }}; | ||||||
|  |                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||||
|  |                   proxy_set_header X-Forwarded-Proto https; | ||||||
|  |                   proxy_set_header Host $http_host; | ||||||
|  |               } | ||||||
|  |               location /media/ { | ||||||
|  |                   alias {{ pretix_media_dir }}/; | ||||||
|  |                   expires 7d; | ||||||
|  |                   access_log off; | ||||||
|  |               } | ||||||
|  |               location ^~ /media/cachedfiles { | ||||||
|  |                   deny all; | ||||||
|  |                   return 404; | ||||||
|  |               } | ||||||
|  |               location ^~ /media/invoices { | ||||||
|  |                   deny all; | ||||||
|  |                   return 404; | ||||||
|  |               } | ||||||
|  |               location /static/staticfiles.json { | ||||||
|  |                   deny all; | ||||||
|  |                   return 404; | ||||||
|  |               } | ||||||
|  |               location /static/CACHE/manifest.json { | ||||||
|  |                   deny all; | ||||||
|  |                   return 404; | ||||||
|  |               } | ||||||
|  |               location /static/ { | ||||||
|  |                   alias {{ pretix_static_asset_dir }}; | ||||||
|  |                   access_log off; | ||||||
|  |                   expires 365d; | ||||||
|  |                   add_header Cache-Control "public"; | ||||||
|  |               } | ||||||
|  |           } | ||||||
|  |         pretix_python_version: >-2 | ||||||
|  |           python{{ ansible_python.version.major }}.{{ ansible_python.version.minor }} | ||||||
|  |         pretix_static_asset_dir: >-2 | ||||||
|  |           {{ pretix_virtualenv_dir }}/lib/{{ pretix_python_version }}/site-packages/pretix/static.dist/ | ||||||
|  |         nginx_container_volumes: | ||||||
|  |           - "{{ nginx_config_file }}:/etc/nginx/conf.d/nginx.conf:ro" | ||||||
|  |           - "{{ pretix_media_dir }}:{{ pretix_media_dir }}:ro" | ||||||
|  |           - "{{ pretix_static_asset_dir }}:{{ pretix_static_asset_dir }}:ro" | ||||||
|  |   vars: | ||||||
|  |     pretix_redis_bind_addr: "127.0.10.1:6739" | ||||||
| @@ -1,5 +1,5 @@ | |||||||
| --- | --- | ||||||
| authelia_version: "4.39.1" | authelia_version: "4.39.13" | ||||||
| authelia_user: authelia | authelia_user: authelia | ||||||
| authelia_base_dir: /opt/authelia | authelia_base_dir: /opt/authelia | ||||||
| authelia_domain: authelia.example.org | authelia_domain: authelia.example.org | ||||||
| @@ -15,7 +15,7 @@ authelia_notification_storage_file: "{{ authelia_data_dir }}/notifications.txt" | |||||||
| authelia_user_storage_file: "{{ authelia_data_dir }}/user_database.yml" | authelia_user_storage_file: "{{ authelia_data_dir }}/user_database.yml" | ||||||
|  |  | ||||||
| authelia_container_name: authelia | authelia_container_name: authelia | ||||||
| authelia_container_image_server: docker.io | authelia_container_image_server: ghcr.io | ||||||
| authelia_container_image_namespace: authelia | authelia_container_image_namespace: authelia | ||||||
| authelia_container_image_name: authelia | authelia_container_image_name: authelia | ||||||
| authelia_container_image: >-2 | authelia_container_image: >-2 | ||||||
| @@ -92,7 +92,11 @@ authelia_config_webauthn_disable: true | |||||||
| authelia_config_webauthn_timeout: 60s | authelia_config_webauthn_timeout: 60s | ||||||
| authelia_config_webauthn_display_name: "Authelia ({{ authelia_domain }})" | authelia_config_webauthn_display_name: "Authelia ({{ authelia_domain }})" | ||||||
| authelia_config_webauthn_attestation_conveyance_preference: indirect | authelia_config_webauthn_attestation_conveyance_preference: indirect | ||||||
| authelia_config_webauthn_user_verification: preferred | authelia_config_webauthn_user_verification: "preferred" | ||||||
|  | authelia_config_webauthn_selection_criteria_user_verification: >-2 | ||||||
|  |   {{ authelia_config_webauthn_user_verification }} | ||||||
|  | authelia_config_webauthn_selection_criteria_discoverability: "preferred" | ||||||
|  | authelia_config_webauthn_selection_criteria_attachment: "" | ||||||
| authelia_config_duo_api_hostname: ~ | authelia_config_duo_api_hostname: ~ | ||||||
| authelia_config_duo_api_integration_key: ~ | authelia_config_duo_api_integration_key: ~ | ||||||
| authelia_config_duo_api_secret_key: ~ | authelia_config_duo_api_secret_key: ~ | ||||||
| @@ -107,6 +111,8 @@ authelia_config_authentication_backend_password_reset_disable: false | |||||||
| authelia_config_authentication_backend_password_reset_custom_url: ~ | authelia_config_authentication_backend_password_reset_custom_url: ~ | ||||||
| authelia_config_authentication_backend_ldap_implementation: custom | authelia_config_authentication_backend_ldap_implementation: custom | ||||||
| authelia_config_authentication_backend_ldap_url: ldap://127.0.0.1:389 | authelia_config_authentication_backend_ldap_url: ldap://127.0.0.1:389 | ||||||
|  | authelia_config_authentication_backend_ldap_address: >-2 | ||||||
|  |   {{ authelia_config_authentication_backend_ldap_url }} | ||||||
| authelia_config_authentication_backend_ldap_timeout: 5s | authelia_config_authentication_backend_ldap_timeout: 5s | ||||||
| authelia_config_authentication_backend_ldap_start_tls: false | authelia_config_authentication_backend_ldap_start_tls: false | ||||||
| authelia_config_authentication_backend_ldap_tls_skip_verify: false | authelia_config_authentication_backend_ldap_tls_skip_verify: false | ||||||
| @@ -157,6 +163,19 @@ authelia_config_session_inactivity: 5m | |||||||
| authelia_config_session_remember_me_duration: 1M | authelia_config_session_remember_me_duration: 1M | ||||||
| authelia_config_session_remember_me: >-2 | authelia_config_session_remember_me: >-2 | ||||||
|   {{ authelia_config_session_remember_me_duration }} |   {{ authelia_config_session_remember_me_duration }} | ||||||
|  | authelia_config_session_cookies: | ||||||
|  |   - "{{ authelia_config_session_cookies_default }}" | ||||||
|  | authelia_config_session_cookies_default_domain: >-2 | ||||||
|  |   {{ authelia_config_session_domain }} | ||||||
|  | authelia_config_session_cookies_default_authelia_url: >-2 | ||||||
|  |   https://{{ authelia_config_session_cookies_default_domain }} | ||||||
|  | authelia_config_session_cookies_default_default_redirection_url: >-2 | ||||||
|  |   {{ authelia_config_default_redirection_url }} | ||||||
|  | authelia_config_session_cookies_default: | ||||||
|  |   domain: "{{ authelia_config_session_cookies_default_domain }}" | ||||||
|  |   authelia_url: "{{ authelia_config_session_cookies_default_authelia_url }}" | ||||||
|  |   default_redirection_url: >-2 | ||||||
|  |     {{ authelia_config_session_cookies_default_default_redirection_url }} | ||||||
| authelia_config_session_redis_host: "{{ authelia_redis_host }}" | authelia_config_session_redis_host: "{{ authelia_redis_host }}" | ||||||
| authelia_config_session_redis_port: "{{ authelia_redis_port }}" | authelia_config_session_redis_port: "{{ authelia_redis_port }}" | ||||||
| authelia_config_session_redis_username: "{{ authelia_redis_user }}" | authelia_config_session_redis_username: "{{ authelia_redis_user }}" | ||||||
| @@ -193,7 +212,10 @@ authelia_config_notifier_smtp_disable_require_tls: false | |||||||
| authelia_config_notifier_smtp_disable_html_emails: false | authelia_config_notifier_smtp_disable_html_emails: false | ||||||
| authelia_config_notifier_smtp_tls_skip_verify: false | authelia_config_notifier_smtp_tls_skip_verify: false | ||||||
| authelia_config_notifier_smtp_tls_minimum_version: "{{ authelia_tls_minimum_version }}" | authelia_config_notifier_smtp_tls_minimum_version: "{{ authelia_tls_minimum_version }}" | ||||||
| #authelia_config_identity_provider_ | authelia_config_identity_validation_reset_password_jwt_secret: >-2 | ||||||
|  |   {{ authelia_config_jwt_secret }} | ||||||
|  | authelia_config_identity_validation_reset_password_jwt_lifespan: "5 minutes" | ||||||
|  | authelia_config_identity_validation_reset_password_jwt_algorithm: "HS256" | ||||||
|  |  | ||||||
| authelia_database_type: ~ | authelia_database_type: ~ | ||||||
| authelia_database_host: ~ | authelia_database_host: ~ | ||||||
|   | |||||||
| @@ -25,7 +25,6 @@ authelia_container_base_labels: | |||||||
| authelia_config: "{{ authelia_base_config | combine(authelia_extra_config, recursive=True) }}" | authelia_config: "{{ authelia_base_config | combine(authelia_extra_config, recursive=True) }}" | ||||||
| authelia_top_level_config: | authelia_top_level_config: | ||||||
|   theme: "{{ authelia_config_theme }}" |   theme: "{{ authelia_config_theme }}" | ||||||
|   jwt_secret: "{{ authelia_config_jwt_secret }}" |  | ||||||
|   log: "{{ authelia_config_log }}" |   log: "{{ authelia_config_log }}" | ||||||
|   telemetry: "{{ authelia_config_telemetry }}" |   telemetry: "{{ authelia_config_telemetry }}" | ||||||
|   totp: "{{ authelia_config_totp }}" |   totp: "{{ authelia_config_totp }}" | ||||||
| @@ -39,12 +38,11 @@ authelia_top_level_config: | |||||||
|   regulation: "{{ authelia_config_regulation }}" |   regulation: "{{ authelia_config_regulation }}" | ||||||
|   storage: "{{ authelia_config_storage }}" |   storage: "{{ authelia_config_storage }}" | ||||||
|   notifier: "{{ authelia_config_notifier }}" |   notifier: "{{ authelia_config_notifier }}" | ||||||
|  |   identity_validation: "{{ authelia_config_identity_validation }}" | ||||||
|  |  | ||||||
| authelia_base_config: >-2 | authelia_base_config: >-2 | ||||||
|   {{ |   {{ | ||||||
|     authelia_top_level_config |     authelia_top_level_config | ||||||
|     | combine({"default_redirection_url": authelia_config_default_redirection_url} |  | ||||||
|       if authelia_config_default_redirection_url | default(false, true) else {}) |  | ||||||
|     | combine(({"server": authelia_config_server }) |     | combine(({"server": authelia_config_server }) | ||||||
|       | combine({"tls": authelia_config_server_tls} |       | combine({"tls": authelia_config_server_tls} | ||||||
|         if authelia_config_server_tls_key | default(false, true) else {})) |         if authelia_config_server_tls_key | default(false, true) else {})) | ||||||
| @@ -99,7 +97,10 @@ authelia_config_webauthn: | |||||||
|   timeout: "{{ authelia_config_webauthn_timeout }}" |   timeout: "{{ authelia_config_webauthn_timeout }}" | ||||||
|   display_name: "{{ authelia_config_webauthn_display_name }}" |   display_name: "{{ authelia_config_webauthn_display_name }}" | ||||||
|   attestation_conveyance_preference: "{{ authelia_config_webauthn_attestation_conveyance_preference }}" |   attestation_conveyance_preference: "{{ authelia_config_webauthn_attestation_conveyance_preference }}" | ||||||
|   user_verification: "{{ authelia_config_webauthn_user_verification }}" |   selection_criteria: | ||||||
|  |     attachment: "{{ authelia_config_webauthn_selection_criteria_attachment }}" | ||||||
|  |     discoverability: "{{ authelia_config_webauthn_selection_criteria_discoverability }}" | ||||||
|  |     user_verification: "{{ authelia_config_webauthn_selection_criteria_user_verification }}" | ||||||
| authelia_config_duo_api: | authelia_config_duo_api: | ||||||
|   hostname: "{{ authelia_config_duo_api_hostname }}" |   hostname: "{{ authelia_config_duo_api_hostname }}" | ||||||
|   integration_key: "{{ authelia_config_duo_api_integration_key }}" |   integration_key: "{{ authelia_config_duo_api_integration_key }}" | ||||||
| @@ -128,7 +129,7 @@ authelia_config_authentication_backend_password_reset: | |||||||
|   disable: "{{ authelia_config_authentication_backend_password_reset_disable }}" |   disable: "{{ authelia_config_authentication_backend_password_reset_disable }}" | ||||||
| authelia_config_authentication_backend_ldap: | authelia_config_authentication_backend_ldap: | ||||||
|   implementation: "{{ authelia_config_authentication_backend_ldap_implementation }}" |   implementation: "{{ authelia_config_authentication_backend_ldap_implementation }}" | ||||||
|   url: "{{ authelia_config_authentication_backend_ldap_url }}" |   address: "{{ authelia_config_authentication_backend_ldap_address }}" | ||||||
|   timeout: "{{ authelia_config_authentication_backend_ldap_timeout }}" |   timeout: "{{ authelia_config_authentication_backend_ldap_timeout }}" | ||||||
|   start_tls: "{{ authelia_config_authentication_backend_ldap_start_tls }}" |   start_tls: "{{ authelia_config_authentication_backend_ldap_start_tls }}" | ||||||
|   tls: |   tls: | ||||||
| @@ -182,12 +183,12 @@ authelia_config_session: >-2 | |||||||
|   }} |   }} | ||||||
| authelia_config_session_base: | authelia_config_session_base: | ||||||
|   name: "{{ authelia_config_session_name }}" |   name: "{{ authelia_config_session_name }}" | ||||||
|   domain: "{{ authelia_config_session_domain }}" |  | ||||||
|   same_site: "{{ authelia_config_session_same_site }}" |   same_site: "{{ authelia_config_session_same_site }}" | ||||||
|   secret: "{{ authelia_config_session_secret }}" |   secret: "{{ authelia_config_session_secret }}" | ||||||
|   expiration: "{{ authelia_config_session_expiration }}"  |   expiration: "{{ authelia_config_session_expiration }}"  | ||||||
|   inactivity: "{{ authelia_config_session_inactivity }}" |   inactivity: "{{ authelia_config_session_inactivity }}" | ||||||
|   remember_me: "{{ authelia_config_session_remember_me }}" |   remember_me: "{{ authelia_config_session_remember_me }}" | ||||||
|  |   cookies: "{{ authelia_config_session_cookies }}" | ||||||
| authelia_config_session_redis: >-2 | authelia_config_session_redis: >-2 | ||||||
|   {{ |   {{ | ||||||
|     { |     { | ||||||
| @@ -274,3 +275,9 @@ authelia_config_notifier_smtp: | |||||||
|   tls: |   tls: | ||||||
|     skip_verify: "{{ authelia_config_notifier_smtp_tls_skip_verify }}" |     skip_verify: "{{ authelia_config_notifier_smtp_tls_skip_verify }}" | ||||||
|     minimum_version: "{{ authelia_config_notifier_smtp_tls_minimum_version }}" |     minimum_version: "{{ authelia_config_notifier_smtp_tls_minimum_version }}" | ||||||
|  | authelia_config_identity_validation: | ||||||
|  |   reset_password: "{{ authelia_config_identity_validation_reset_password }}" | ||||||
|  | authelia_config_identity_validation_reset_password: | ||||||
|  |   jwt_secret: "{{ authelia_config_identity_validation_reset_password_jwt_secret }}" | ||||||
|  |   jwt_lifespan: "{{ authelia_config_identity_validation_reset_password_jwt_lifespan }}" | ||||||
|  |   jwt_algorithm: "{{ authelia_config_identity_validation_reset_password_jwt_algorithm }}" | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| --- | --- | ||||||
| ghost_domain: ~ | ghost_domain: ~ | ||||||
| ghost_version: "5.117.0" | ghost_version: "6.5.1" | ||||||
| ghost_user: ghost | ghost_user: ghost | ||||||
| ghost_user_group: ghost | ghost_user_group: ghost | ||||||
| ghost_base_path: /opt/ghost | ghost_base_path: /opt/ghost | ||||||
|   | |||||||
| @@ -1,5 +1,5 @@ | |||||||
| --- | --- | ||||||
| gitea_version: "1.23.7" | gitea_version: "1.24.6" | ||||||
| gitea_user: git | gitea_user: git | ||||||
| gitea_run_user: "{{ gitea_user }}" | gitea_run_user: "{{ gitea_user }}" | ||||||
| gitea_base_path: "/opt/gitea" | gitea_base_path: "/opt/gitea" | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| --- | --- | ||||||
| jellyfin_user: jellyfin | jellyfin_user: jellyfin | ||||||
| jellyfin_version: "10.10.7" | jellyfin_version: "10.11.0" | ||||||
| jellyfin_state: present | jellyfin_state: present | ||||||
| jellyfin_deployment_method: docker | jellyfin_deployment_method: docker | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,5 +1,5 @@ | |||||||
| --- | --- | ||||||
| keycloak_version: "26.2.2" | keycloak_version: "26.4.2" | ||||||
| keycloak_container_name: keycloak | keycloak_container_name: keycloak | ||||||
|  |  | ||||||
| keycloak_container_image_upstream_registry: quay.io | keycloak_container_image_upstream_registry: quay.io | ||||||
|   | |||||||
| @@ -1,5 +1,5 @@ | |||||||
| --- | --- | ||||||
| phpldapadmin_version: "2.1.2" | phpldapadmin_version: "2.3.4" | ||||||
|  |  | ||||||
| phpldapadmin_state: present | phpldapadmin_state: present | ||||||
| phpldapadmin_deployment_method: docker | phpldapadmin_deployment_method: docker | ||||||
|   | |||||||
							
								
								
									
										54
									
								
								roles/pretix/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										54
									
								
								roles/pretix/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,54 @@ | |||||||
|  | # `finallycoffee.services.pretix` ansible role | ||||||
|  |  | ||||||
|  | Deploy [pretix](https://pretix.eu) using ansible. Note that this | ||||||
|  | role does not configure pretix beyond its own configuration file, | ||||||
|  | and requires changing a default admin password after a successful | ||||||
|  | installation. | ||||||
|  |  | ||||||
|  | ## Configuration | ||||||
|  |  | ||||||
|  | For all available configuration options, see [`defaults/main/config.yml`](defaults/main/config.yml) | ||||||
|  | and other supporting files in the [`defaults/main/`](defaults/main/) folder. | ||||||
|  |  | ||||||
|  | To add custom configuration to pretix, populate them in `pretix_config`, | ||||||
|  | where they will be (recusively) merged into the default configuration. | ||||||
|  |  | ||||||
|  | ### Required | ||||||
|  |  | ||||||
|  | - `pretix_domain`: domain of the pretix instance | ||||||
|  | - `pretix_postgresql_password`: password for the (default: postgresql) database | ||||||
|  | - `pretix_config_redis_location`: connection string for the main pretix redis database | ||||||
|  | - `pretix_config_celery_backend`: connection string for the celery backend, can be a (different!) redis database | ||||||
|  | - `pretix_config_celery_broker`: connection string for the celery broker, can be a (yet another different) redis database | ||||||
|  |  | ||||||
|  | For examples on how a redis server (like valkey) can be configured | ||||||
|  | for redis, see [`playbooks/pretix.yml`](../../playbooks/pretix.yml). | ||||||
|  |  | ||||||
|  | ### Mailing | ||||||
|  |  | ||||||
|  | Set up mails in pretix by populating the following variables: | ||||||
|  | - `pretix_config_mail_host`: domain/IP and optional port of the SMTP server | ||||||
|  | - `pretix_config_mail_user`: SMTP user to authenticate | ||||||
|  | - `pretix_config_mail_password`: password for the SMTP user | ||||||
|  |  | ||||||
|  | ### Plugins | ||||||
|  |  | ||||||
|  | To install more plugins, list the wanted `pypi` packages as a list in | ||||||
|  | `pretix_plugins`. They will be installed in the created virtualenv, and migrations and an asset rebuild will be automatically started. | ||||||
|  |  | ||||||
|  | If your plugin requires custom configuration (f.ex.: `pretix-oidc`), | ||||||
|  | add the configuration into `pretix_config`. | ||||||
|  |  | ||||||
|  | ## Troubleshooting | ||||||
|  |  | ||||||
|  | ### virtualenv | ||||||
|  |  | ||||||
|  | By default, the virtualenv is located in `/var/lib/pretix/virtualenv`. | ||||||
|  | This can be controlled by setting `pretix_virtualenv_dir`. | ||||||
|  |  | ||||||
|  | NOTE: To fix a broken virtualenv, try setting `pretix_virtualenv_state` to `forcereinstall` (see | ||||||
|  | [`ansible.builtin.pip` on docs.ansible.com](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/pip_module.html)). | ||||||
|  |  | ||||||
|  | NOTE: To install pip packages or execute migrations in the virtualenv, ansible | ||||||
|  | needs to become the unprivilated `pretix_user` (default: `pretix`). This might | ||||||
|  | require having the `acl` system package installed. | ||||||
							
								
								
									
										86
									
								
								roles/pretix/defaults/main/config.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										86
									
								
								roles/pretix/defaults/main/config.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,86 @@ | |||||||
|  | --- | ||||||
|  | pretix_config_instance_name: "My pretix installation" | ||||||
|  | pretix_config_url: "https://pretix.example.org" | ||||||
|  | pretix_config_currency: "EUR" | ||||||
|  | pretix_config_data_dir: "{{ pretix_data_dir }}" | ||||||
|  | pretix_config_trust_x_forwarded_for: "on" | ||||||
|  | pretix_config_trust_x_forwarded_proto: "on" | ||||||
|  |  | ||||||
|  | pretix_config_wsgi_name: "pretix" | ||||||
|  | pretix_config_wsgi_workers: 4 | ||||||
|  | pretix_config_wsgi_max_requests: 100 | ||||||
|  | pretix_config_wsgi_log_level: "info" | ||||||
|  | pretix_config_wsgi_bind_addr: "127.0.0.1:8345" | ||||||
|  | pretix_config_worker_log_level: "{{ pretix_config_wsgi_log_level }}" | ||||||
|  |  | ||||||
|  | pretix_config_database_backend: postgresql | ||||||
|  | pretix_config_database_name: pretix | ||||||
|  | pretix_config_database_user: pretix | ||||||
|  | pretix_config_database_password: ~ | ||||||
|  | pretix_config_database_host: "" | ||||||
|  |  | ||||||
|  | pretix_config_mail_host: ~ | ||||||
|  | pretix_config_mail_from: "tickets@example.org" | ||||||
|  | pretix_config_mail_user: ~ | ||||||
|  | pretix_config_mail_password: ~ | ||||||
|  | pretix_config_mail_tls: true | ||||||
|  | pretix_config_mail_ssl: false | ||||||
|  |  | ||||||
|  | pretix_config_redis_location: ~ | ||||||
|  | pretix_config_redis_sessions: true | ||||||
|  |  | ||||||
|  | pretix_config_celery_backend: ~ | ||||||
|  | pretix_config_celery_broker: ~ | ||||||
|  |  | ||||||
|  | pretix_app_config: | ||||||
|  |   url: "{{ pretix_config_url }}" | ||||||
|  |   instance_name: "{{ pretix_config_instance_name }}" | ||||||
|  |   datadir: "{{ pretix_config_data_dir }}" | ||||||
|  |   trust_x_forwarded_for: "{{ pretix_config_trust_x_forwarded_for }}" | ||||||
|  |   trust_x_forwarded_proto: "{{ pretix_config_trust_x_forwarded_proto }}" | ||||||
|  |   currency: "{{ pretix_config_currency }}" | ||||||
|  |  | ||||||
|  | pretix_database_config: | ||||||
|  |   backend: "{{ pretix_config_database_backend }}" | ||||||
|  |   name: "{{ pretix_config_database_name }}" | ||||||
|  |   user: "{{ pretix_config_database_user }}" | ||||||
|  |   password: "{{ pretix_config_database_password }}" | ||||||
|  |   host: "{{ pretix_config_database_host }}" | ||||||
|  |  | ||||||
|  | pretix_mail_minimal_config: | ||||||
|  |   host: "{{ pretix_config_mail_host }}" | ||||||
|  |   from: "{{ pretix_config_mail_from }}" | ||||||
|  | pretix_mail_config: >-2 | ||||||
|  |   {{ pretix_mail_minimal_config | ||||||
|  |     | combine({'user': pretix_config_mail_user} if pretix_config_mail_user else {}) | ||||||
|  |     | combine({'password': pretix_config_mail_password} if pretix_config_mail_password else {}) | ||||||
|  |     | combine({'ssl': pretix_config_mail_ssl | bool | ternary('on', 'off')} if pretix_config_mail_ssl else {}) | ||||||
|  |     | combine({'tls': pretix_config_mail_tls | bool | ternary('on', 'off')} if pretix_config_mail_tls else {}) | ||||||
|  |   }} | ||||||
|  |  | ||||||
|  | pretix_redis_config: | ||||||
|  |   location: "{{ pretix_config_redis_location }}" | ||||||
|  |   sessions: "{{ pretix_config_redis_sessions | bool | ternary('true', 'false') }}" | ||||||
|  |  | ||||||
|  | pretix_celery_config: | ||||||
|  |   backend: "{{ pretix_config_celery_backend }}" | ||||||
|  |   broker: "{{ pretix_config_celery_broker }}" | ||||||
|  |  | ||||||
|  | pretix_config: {} | ||||||
|  | pretix_default_config: | ||||||
|  |   pretix: "{{ pretix_app_config }}" | ||||||
|  |   database: "{{ pretix_database_config }}" | ||||||
|  |   mail: "{{ pretix_mail_config }}" | ||||||
|  |   redis: "{{ pretix_redis_config }}" | ||||||
|  |   celery: "{{ pretix_celery_config }}" | ||||||
|  |  | ||||||
|  | pretix_config_merged: >-2 | ||||||
|  |   {{ pretix_default_config | combine(pretix_config | default({}), recursive=True) }} | ||||||
|  |  | ||||||
|  | pretix_config_file_content: |+2 | ||||||
|  |   {% for kv in (pretix_config_merged | dict2items) %} | ||||||
|  |   [{{ kv.key }}] | ||||||
|  |   {% for entry in ((kv.value | default({}, true)) | dict2items) %} | ||||||
|  |   {{ entry.key }}={{ entry.value }} | ||||||
|  |   {% endfor %} | ||||||
|  |   {% endfor %} | ||||||
							
								
								
									
										16
									
								
								roles/pretix/defaults/main/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								roles/pretix/defaults/main/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | |||||||
|  | --- | ||||||
|  | pretix_version: "2025.8.0" | ||||||
|  | pretix_state: "present" | ||||||
|  | pretix_deployment_method: "systemd" | ||||||
|  |  | ||||||
|  | pretix_config_file: "/etc/pretix/pretix.cfg" | ||||||
|  | pretix_config_file_owner: "{{ pretix_user_id }}" | ||||||
|  | pretix_config_file_group: "{{ pretix_group_id }}" | ||||||
|  | pretix_config_file_mode: "0640" | ||||||
|  | pretix_config_dir: "{{ pretix_config_file | dirname }}" | ||||||
|  | pretix_install_dir: "/var/lib/pretix" | ||||||
|  | pretix_virtualenv_dir: "{{ pretix_install_dir }}/virtualenv" | ||||||
|  | pretix_data_dir: "{{ pretix_install_dir }}/data" | ||||||
|  | pretix_media_dir: "{{ pretix_data_dir }}/media" | ||||||
|  |  | ||||||
|  | pretix_plugins: [] | ||||||
							
								
								
									
										22
									
								
								roles/pretix/defaults/main/system_packages.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								roles/pretix/defaults/main/system_packages.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,22 @@ | |||||||
|  | --- | ||||||
|  | pretix_debian_packages: | ||||||
|  |   - "git" | ||||||
|  |   - "build-essential" | ||||||
|  |   - "python3-dev" | ||||||
|  |   - "python3-venv" | ||||||
|  |   - "python3" | ||||||
|  |   - "python3-pip" | ||||||
|  |   - "libxml2-dev" | ||||||
|  |   - "libxslt1-dev" | ||||||
|  |   - "libffi-dev" | ||||||
|  |   - "zlib1g-dev" | ||||||
|  |   - "libssl-dev" | ||||||
|  |   - "gettext" | ||||||
|  |   - "libpq-dev" | ||||||
|  |   - "libjpeg-dev" | ||||||
|  |   - "libopenjp2-7-dev" | ||||||
|  |   - "nodejs" | ||||||
|  |  | ||||||
|  | pretix_packages: | ||||||
|  |   "debian": | ||||||
|  |     "12": "{{ pretix_debian_packages }}" | ||||||
							
								
								
									
										50
									
								
								roles/pretix/defaults/main/systemd.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										50
									
								
								roles/pretix/defaults/main/systemd.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,50 @@ | |||||||
|  | --- | ||||||
|  | pretix_systemd_unit_description: "pretix web service" | ||||||
|  | pretix_systemd_unit_after: "network.target" | ||||||
|  | pretix_systemd_unit_file_path: >-2 | ||||||
|  |   /etc/systemd/system/{{ pretix_systemd_service_name }} | ||||||
|  |  | ||||||
|  | pretix_systemd_service_name: "pretix.service" | ||||||
|  | pretix_systemd_service_user: "{{ pretix_user }}" | ||||||
|  | pretix_systemd_service_group: "{{ pretix_user }}" | ||||||
|  | pretix_systemd_service_environment: | ||||||
|  |   VIRTUAL_ENV: "{{ pretix_virtualenv_dir }}" | ||||||
|  |   PATH: "{{ pretix_virtualenv_dir }}/bin:/usr/local/bin:/usr/bin:/bin" | ||||||
|  | pretix_systemd_service_working_directory: "{{ pretix_install_dir }}" | ||||||
|  | pretix_systemd_service_exec_start: >-2 | ||||||
|  |   {{ pretix_virtualenv_dir }}/bin/gunicorn pretix.wsgi | ||||||
|  |   --name {{ pretix_config_wsgi_name }} | ||||||
|  |   --workers {{ pretix_config_wsgi_workers }} | ||||||
|  |   --max-requests {{ pretix_config_wsgi_max_requests }} | ||||||
|  |   --log-level={{ pretix_config_wsgi_log_level }} | ||||||
|  |   --bind={{ pretix_config_wsgi_bind_addr }} | ||||||
|  | pretix_systemd_service_restart: "on-failure" | ||||||
|  |  | ||||||
|  | pretix_systemd_install_wanted_by: "multi-user.target" | ||||||
|  |  | ||||||
|  | # pretix worker | ||||||
|  | pretix_worker_systemd_service_name: "pretix-worker.service" | ||||||
|  | pretix_worker_systemd_service_description: "pretix worker service" | ||||||
|  | pretix_worker_systemd_unit_file_path: >-2 | ||||||
|  |   /etc/systemd/system/{{ pretix_worker_systemd_service_name }} | ||||||
|  | pretix_worker_systemd_service_exec_start: >-2 | ||||||
|  |   {{ pretix_virtualenv_dir }}/bin/celery | ||||||
|  |   -A pretix.celery_app worker | ||||||
|  |   -l  {{ pretix_config_worker_log_level }} | ||||||
|  |  | ||||||
|  | # pretix cron | ||||||
|  | pretix_cron_systemd_service_name: "pretix-cron.service" | ||||||
|  | pretix_cron_systemd_service_description: "pretix cron service" | ||||||
|  | pretix_cron_systemd_unit_file_path: >-2 | ||||||
|  |   /etc/systemd/system/{{ pretix_cron_systemd_service_name }} | ||||||
|  | pretix_cron_systemd_service_exec_start: >-2 | ||||||
|  |   python3 -m pretix runperiodic | ||||||
|  |  | ||||||
|  | pretix_cron_systemd_timer_name: "pretix-cron.timer" | ||||||
|  | pretix_cron_systemd_timer_description: "pretix cron timer" | ||||||
|  | pretix_cron_systemd_timer_file_path: >-2 | ||||||
|  |   /etc/systemd/system/{{ pretix_cron_systemd_timer_name }} | ||||||
|  | pretix_cron_systemd_timer_on_active_sec: 1800 | ||||||
|  | pretix_cron_systemd_timer_on_startup_sec: >-2 | ||||||
|  |   {{ pretix_cron_systemd_timer_on_active_sec }} | ||||||
|  | pretix_cron_systemd_timer_accuracy_sec: 60 | ||||||
							
								
								
									
										7
									
								
								roles/pretix/defaults/main/user.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								roles/pretix/defaults/main/user.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | --- | ||||||
|  | pretix_user: "pretix" | ||||||
|  | pretix_user_system: true | ||||||
|  | pretix_user_create_home: false | ||||||
|  |  | ||||||
|  | pretix_user_id: "{{ pretix_user_info.uid | default(pretix_user) }}" | ||||||
|  | pretix_group_id: "{{ pretix_user_info.group | default(pretix_user) }}" | ||||||
							
								
								
									
										11
									
								
								roles/pretix/defaults/main/virtualenv.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								roles/pretix/defaults/main/virtualenv.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | |||||||
|  | --- | ||||||
|  | pretix_virtualenv_state: "{{ pretix_state }}" | ||||||
|  | pretix_virtualenv_packages: | ||||||
|  |   - "pip" | ||||||
|  |   - "setuptools" | ||||||
|  |   - "wheel" | ||||||
|  |   - "gunicorn" | ||||||
|  |   - "pretix=={{ pretix_version }}" | ||||||
|  |  | ||||||
|  | pretix_virtualenv_site_packages: false | ||||||
|  | pretix_virtualenv_command: "python3 -m venv" | ||||||
							
								
								
									
										6
									
								
								roles/pretix/handlers/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								roles/pretix/handlers/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | |||||||
|  | --- | ||||||
|  | - name: Ensure pretix systemd service is restarted | ||||||
|  |   listen: pretix_restart | ||||||
|  |   ansible.builtin.systemd_service: | ||||||
|  |     name: "{{ pretix_systemd_service_name }}" | ||||||
|  |     state: "restarted" | ||||||
							
								
								
									
										9
									
								
								roles/pretix/meta/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								roles/pretix/meta/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | |||||||
|  | --- | ||||||
|  | allow_duplicates: true | ||||||
|  | dependencies: [] | ||||||
|  | galaxy_info: | ||||||
|  |   role_name: pretix | ||||||
|  |   description: Ansible role to deploy pretix (https://pretix.eu) | ||||||
|  |   galaxy_tags: | ||||||
|  |     - pretix | ||||||
|  |     - ticketing | ||||||
							
								
								
									
										14
									
								
								roles/pretix/tasks/check.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								roles/pretix/tasks/check.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | |||||||
|  | --- | ||||||
|  | - name: Ensure 'pretix_state' is valid | ||||||
|  |   ansible.builtin.fail: | ||||||
|  |     msg: >-2 | ||||||
|  |       Unsupported pretix_state '{{ pretix_state }}'. | ||||||
|  |       Supported states are {{ pretix_states | join(', ') }} | ||||||
|  |   when: pretix_state not in pretix_states | ||||||
|  |  | ||||||
|  | - name: Ensure 'pretix_deployment_method' is valid | ||||||
|  |   ansible.builtin.fail: | ||||||
|  |     msg: >-2 | ||||||
|  |       Unsupported pretix_state '{{ pretix_deployment_method }}'. | ||||||
|  |       Supported states are {{ pretix_deployment_methods | join(', ') }} | ||||||
|  |   when: pretix_deployment_method not in pretix_deployment_methods | ||||||
							
								
								
									
										10
									
								
								roles/pretix/tasks/configure.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								roles/pretix/tasks/configure.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | |||||||
|  | --- | ||||||
|  | - name: Ensure configuration file is written | ||||||
|  |   ansible.builtin.copy: | ||||||
|  |     dest: "{{ pretix_config_file }}" | ||||||
|  |     content: "{{ pretix_config_file_content }}" | ||||||
|  |     owner: "{{ pretix_config_file_owner }}" | ||||||
|  |     group: "{{ pretix_config_file_group }}" | ||||||
|  |     mode: "{{ pretix_config_file_mode }}" | ||||||
|  |   when: pretix_state == 'present' | ||||||
|  |   register: pretix_config_file_info | ||||||
							
								
								
									
										64
									
								
								roles/pretix/tasks/deploy-systemd.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										64
									
								
								roles/pretix/tasks/deploy-systemd.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,64 @@ | |||||||
|  | --- | ||||||
|  | - name: Ensure virtualenv in {{ pretix_virtualenv_dir }} is present | ||||||
|  |   ansible.builtin.pip: | ||||||
|  |     name: "{{ pretix_virtualenv_packages + pretix_plugins }}" | ||||||
|  |     state: "{{ pretix_virtualenv_state }}" | ||||||
|  |     chdir: "{{ pretix_install_dir }}" | ||||||
|  |     virtualenv: "{{ pretix_virtualenv_dir }}" | ||||||
|  |     virtualenv_command: "{{ pretix_virtualenv_command | default(omit, true) }}" | ||||||
|  |     virtualenv_site_packages: "{{ pretix_virtualenv_site_packages }}" | ||||||
|  |   become: true | ||||||
|  |   become_user: "{{ pretix_user }}" | ||||||
|  |   register: pretix_virtualenv_info | ||||||
|  |  | ||||||
|  | # TODO: determine to only do this on a) upgrades or b) initial deployis | ||||||
|  | - name: Ensure pretix database migrations are run | ||||||
|  |   ansible.builtin.command: | ||||||
|  |     cmd: "{{ pretix_virtualenv_dir }}/bin/python -m pretix migrate" | ||||||
|  |     chdir: "{{ pretix_install_dir }}" | ||||||
|  |   environment: | ||||||
|  |     VIRTUAL_ENV: "{{ pretix_virtualenv_dir }}" | ||||||
|  |   become: true | ||||||
|  |   become_user: "{{ pretix_user }}" | ||||||
|  |   notify: pretix_restart | ||||||
|  |   when: | ||||||
|  |     - pretix_state == 'present' | ||||||
|  |     - pretix_virtualenv_info.changed or pretix_config_file_info.changed | ||||||
|  |  | ||||||
|  | # TODO: determine to only do this on a) upgrades or b) initial deployis | ||||||
|  | - name: Ensure pretix static assets are built | ||||||
|  |   ansible.builtin.command: | ||||||
|  |     cmd: "{{ pretix_virtualenv_dir }}/bin/python -m pretix rebuild" | ||||||
|  |     chdir: "{{ pretix_install_dir }}" | ||||||
|  |   environment: | ||||||
|  |     VIRTUAL_ENV: "{{ pretix_virtualenv_dir }}" | ||||||
|  |   become: true | ||||||
|  |   become_user: "{{ pretix_user }}" | ||||||
|  |   notify: pretix_restart | ||||||
|  |   when: | ||||||
|  |     - pretix_state == 'present' | ||||||
|  |     - pretix_virtualenv_info.changed or pretix_config_file_info.changed | ||||||
|  |  | ||||||
|  | - name: Ensure pretix systemd service is enabled | ||||||
|  |   ansible.builtin.systemd_service: | ||||||
|  |     name: "{{ _service }}" | ||||||
|  |     enabled: true | ||||||
|  |   when: pretix_state == 'present' | ||||||
|  |   loop: | ||||||
|  |     - "{{ pretix_systemd_service_name }}" | ||||||
|  |     - "{{ pretix_worker_systemd_service_name }}" | ||||||
|  |     - "{{ pretix_cron_systemd_service_name }}" | ||||||
|  |     - "{{ pretix_cron_systemd_timer_name }}" | ||||||
|  |   loop_control: | ||||||
|  |     loop_var: _service | ||||||
|  |  | ||||||
|  | - name: Ensure pretix systemd service is {{ pretix_state }} | ||||||
|  |   ansible.builtin.systemd_service: | ||||||
|  |     name: "{{ _service }}" | ||||||
|  |     state: "{{ (pretix_state == 'present') | ternary('started', 'stopped') }}" | ||||||
|  |   loop: | ||||||
|  |     - "{{ pretix_systemd_service_name }}" | ||||||
|  |     - "{{ pretix_worker_systemd_service_name }}" | ||||||
|  |     - "{{ pretix_cron_systemd_timer_name }}" | ||||||
|  |   loop_control: | ||||||
|  |     loop_var: _service | ||||||
							
								
								
									
										5
									
								
								roles/pretix/tasks/deploy.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								roles/pretix/tasks/deploy.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | |||||||
|  | --- | ||||||
|  | - name: Ensure pretix is deployed using {{ pretix_deployment_method }} | ||||||
|  |   ansible.builtin.include_tasks: | ||||||
|  |     file: "deploy-{{ pretix_deployment_method }}.yml" | ||||||
|  |   when: pretix_state == 'present' | ||||||
							
								
								
									
										16
									
								
								roles/pretix/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								roles/pretix/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | |||||||
|  | --- | ||||||
|  | - name: Ensure preconditions are met | ||||||
|  |   ansible.builtin.include_tasks: | ||||||
|  |     file: "check.yml" | ||||||
|  |  | ||||||
|  | - name: Ensure deployment preparations are done | ||||||
|  |   ansible.builtin.include_tasks: | ||||||
|  |     file: "prepare.yml" | ||||||
|  |  | ||||||
|  | - name: Ensure pretix is configured | ||||||
|  |   ansible.builtin.include_tasks: | ||||||
|  |     file: "configure.yml" | ||||||
|  |  | ||||||
|  | - name: Ensure pretix is deployed | ||||||
|  |   ansible.builtin.include_tasks: | ||||||
|  |     file: "deploy.yml" | ||||||
							
								
								
									
										61
									
								
								roles/pretix/tasks/prepare-systemd.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										61
									
								
								roles/pretix/tasks/prepare-systemd.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,61 @@ | |||||||
|  | --- | ||||||
|  | - name: Ensure ansible facts are collected | ||||||
|  |   ansible.builtin.setup: | ||||||
|  |     gather_subset: | ||||||
|  |       - "!all" | ||||||
|  |       - "pkg_mgr" | ||||||
|  |       - "distribution" | ||||||
|  |       - "distribution_release" | ||||||
|  |       - "distribution_version" | ||||||
|  |       - "distribution_major_version" | ||||||
|  |  | ||||||
|  | - name: Ensure system packages are present (apt) | ||||||
|  |   ansible.builtin.apt: | ||||||
|  |     name: "{{ package }}" | ||||||
|  |     state: "{{ pretix_state }}" | ||||||
|  |   loop: "{{ pretix_packages[ansible_distribution | lower][ansible_distribution_major_version] }}" | ||||||
|  |   loop_control: | ||||||
|  |     loop_var: "package" | ||||||
|  |   when: ansible_facts['pkg_mgr'] == 'apt' | ||||||
|  |  | ||||||
|  | # TODO: add pretix worker and cron | ||||||
|  | - name: Ensure systemd unit {{ pretix_systemd_unit_name }} is {{ pretix_state }} | ||||||
|  |   ansible.builtin.template: | ||||||
|  |     src: "pretix.service.j2" | ||||||
|  |     dest: "{{ pretix_systemd_unit_file_path }}" | ||||||
|  |   register: pretix_systemd_unit_info | ||||||
|  |   notify: | ||||||
|  |     - pretix_restart | ||||||
|  |  | ||||||
|  | - name: Ensure systemd unit {{ pretix_worker_systemd_unit_name }} is {{ pretix_state }} | ||||||
|  |   ansible.builtin.template: | ||||||
|  |     src: "pretix.service.j2" | ||||||
|  |     dest: "{{ pretix_worker_systemd_unit_file_path }}" | ||||||
|  |   register: pretix_worker_systemd_unit_info | ||||||
|  |   vars: | ||||||
|  |     pretix_systemd_service_exec_start: "{{ pretix_worker_systemd_service_exec_start }}" | ||||||
|  |     pretix_systemd_service_description: "{{ pretix_worker_systemd_service_description }}" | ||||||
|  |  | ||||||
|  | - name: Ensure systemd unit {{ pretix_cron_systemd_service_name }} is {{ pretix_state }} | ||||||
|  |   ansible.builtin.template: | ||||||
|  |     src: "pretix.service.j2" | ||||||
|  |     dest: "{{ pretix_cron_systemd_unit_file_path }}" | ||||||
|  |   register: pretix_cron_systemd_unit_info | ||||||
|  |   vars: | ||||||
|  |     pretix_systemd_service_exec_start: "{{ pretix_cron_systemd_service_exec_start }}" | ||||||
|  |     pretix_systemd_service_description: "{{ pretix_cron_systemd_service_description }}" | ||||||
|  |  | ||||||
|  | - name: Ensure systemd timer unit {{ pretix_cron_systemd_timer_name }} is {{ pretix_state }} | ||||||
|  |   ansible.builtin.template: | ||||||
|  |     src: "pretix-cron.timer.j2" | ||||||
|  |     dest: "{{ pretix_cron_systemd_timer_file_path }}" | ||||||
|  |   register: pretix_cron_systemd_timer_info | ||||||
|  |  | ||||||
|  | - name: Ensure systemd is reloaded | ||||||
|  |   ansible.builtin.systemd_service: | ||||||
|  |     daemon_reload: true | ||||||
|  |   when: >-2 | ||||||
|  |     pretix_systemd_unit_info.changed | ||||||
|  |     or pretix_worker_systemd_unit_info.changed | ||||||
|  |     or pretix_cron_systemd_unit_info.changed | ||||||
|  |     or pretix_cron_systemd_timer_info.changed | ||||||
							
								
								
									
										29
									
								
								roles/pretix/tasks/prepare.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								roles/pretix/tasks/prepare.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | |||||||
|  | --- | ||||||
|  | - name: Ensure pretix user '{{ pretix_user }}' is {{ pretix_state }} | ||||||
|  |   ansible.builtin.user: | ||||||
|  |     name: "{{ pretix_user }}" | ||||||
|  |     state: "{{ pretix_state }}" | ||||||
|  |     system: "{{ pretix_user_system }}" | ||||||
|  |     create_home: "{{ pretix_user_create_home }}" | ||||||
|  |   register: pretix_user_info | ||||||
|  |  | ||||||
|  | - name: Ensure host directories are {{ pretix_state }} | ||||||
|  |   ansible.builtin.file: | ||||||
|  |     path: "{{ item.path }}" | ||||||
|  |     owner: "{{ item.owner | default(pretix_user_id) }}" | ||||||
|  |     group: "{{ item.group | default(pretix_group_id) }}" | ||||||
|  |     mode: "{{ item.mode | default('0750') }}" | ||||||
|  |     state: "directory" | ||||||
|  |   loop: | ||||||
|  |     - path: "{{ pretix_config_dir }}" | ||||||
|  |     - path: "{{ pretix_virtualenv_dir }}" | ||||||
|  |     - path: "{{ pretix_data_dir }}" | ||||||
|  |     - path: "{{ pretix_media_dir }}" | ||||||
|  |   when: pretix_state == 'present' | ||||||
|  |  | ||||||
|  | - name: Ensure deployment-type specific preparations for '{{ pretix_deployment_method }}' are run | ||||||
|  |   ansible.builtin.include_tasks: | ||||||
|  |     file: "prepare-{{ pretix_deployment_method }}.yml" | ||||||
|  |   when: | ||||||
|  |     - pretix_state == 'present' | ||||||
|  |     - pretix_deployment_method in ['systemd'] | ||||||
							
								
								
									
										10
									
								
								roles/pretix/templates/pretix-cron.timer.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								roles/pretix/templates/pretix-cron.timer.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | |||||||
|  | [Unit] | ||||||
|  | Description={{ pretix_cron_systemd_timer_description }} | ||||||
|  |  | ||||||
|  | [Timer] | ||||||
|  | OnActiveSec={{ pretix_cron_systemd_timer_on_active_sec }} | ||||||
|  | OnStartupSec={{ pretix_cron_systemd_timer_on_startup_sec }} | ||||||
|  | AccuracySec={{ pretix_cron_systemd_timer_accuracy_sec }} | ||||||
|  |  | ||||||
|  | [Install] | ||||||
|  | WantedBy=timers.target | ||||||
							
								
								
									
										16
									
								
								roles/pretix/templates/pretix.service.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								roles/pretix/templates/pretix.service.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | |||||||
|  | [Unit] | ||||||
|  | Description={{ pretix_systemd_unit_description }} | ||||||
|  | After={{ pretix_systemd_unit_after }} | ||||||
|  |  | ||||||
|  | [Service] | ||||||
|  | User={{ pretix_systemd_service_user }} | ||||||
|  | Group={{ pretix_systemd_service_group }} | ||||||
|  | {% for kv in pretix_systemd_service_environment | dict2items %} | ||||||
|  | Environment="{{ kv.key }}={{ kv.value }}" | ||||||
|  | {% endfor %} | ||||||
|  | WorkingDirectory={{ pretix_systemd_service_working_directory }} | ||||||
|  | ExecStart={{ pretix_systemd_service_exec_start }} | ||||||
|  | Restart={{ pretix_systemd_service_restart }} | ||||||
|  |  | ||||||
|  | [Install] | ||||||
|  | WantedBy={{ pretix_systemd_install_wanted_by }} | ||||||
							
								
								
									
										7
									
								
								roles/pretix/vars/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								roles/pretix/vars/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | --- | ||||||
|  | pretix_states: | ||||||
|  |   - "present" | ||||||
|  |   - "absent" | ||||||
|  |  | ||||||
|  | pretix_deployment_methods: | ||||||
|  |   - "systemd" | ||||||
| @@ -1,6 +1,6 @@ | |||||||
| --- | --- | ||||||
| snipe_it_container_image_registry: docker.io | snipe_it_container_image_registry: docker.io | ||||||
| snipe_it_container_image_namespace: 'grokability' | snipe_it_container_image_namespace: 'snipe' | ||||||
| snipe_it_container_image_name: 'snipe-it' | snipe_it_container_image_name: 'snipe-it' | ||||||
| snipe_it_container_image_tag: ~ | snipe_it_container_image_tag: ~ | ||||||
| snipe_it_container_image_flavour: alpine | snipe_it_container_image_flavour: alpine | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| --- | --- | ||||||
| snipe_it_user: snipeit | snipe_it_user: snipeit | ||||||
| snipe_it_version: "8.1.2" | snipe_it_version: "8.3.4" | ||||||
| snipe_it_domain: ~ | snipe_it_domain: ~ | ||||||
| snipe_it_state: present | snipe_it_state: present | ||||||
| snipe_it_deployment_method: docker | snipe_it_deployment_method: docker | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| --- | --- | ||||||
| vaultwarden_user: vaultwarden | vaultwarden_user: vaultwarden | ||||||
| vaultwarden_version: "1.33.2" | vaultwarden_version: "1.34.3" | ||||||
|  |  | ||||||
| vaultwarden_config_file: "/etc/vaultwarden/config.json" | vaultwarden_config_file: "/etc/vaultwarden/config.json" | ||||||
| vaultwarden_config_directory: "{{ vaultwarden_config_file | dirname }}" | vaultwarden_config_directory: "{{ vaultwarden_config_file | dirname }}" | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| --- | --- | ||||||
| vouch_proxy_user: vouch-proxy | vouch_proxy_user: vouch-proxy | ||||||
| vouch_proxy_version: "0.41.0" | vouch_proxy_version: "0.45.1" | ||||||
| vouch_proxy_base_path: /opt/vouch-proxy | vouch_proxy_base_path: /opt/vouch-proxy | ||||||
| vouch_proxy_config_path: "{{ vouch_proxy_base_path }}/config" | vouch_proxy_config_path: "{{ vouch_proxy_base_path }}/config" | ||||||
| vouch_proxy_config_file: "{{ vouch_proxy_config_path }}/config.yaml" | vouch_proxy_config_file: "{{ vouch_proxy_config_path }}/config.yaml" | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user