diff --git a/machines/nixos/compute01/_configuration.nix b/machines/nixos/compute01/_configuration.nix index 9bfd8bf..e36bee4 100644 --- a/machines/nixos/compute01/_configuration.nix +++ b/machines/nixos/compute01/_configuration.nix @@ -30,6 +30,7 @@ lib.extra.mkConfig { "outline" "plausible" "postgresql" + "pretix" "rstudio-server" # "satosa" "signal-irc-bridge" diff --git a/machines/nixos/compute01/pretix.nix b/machines/nixos/compute01/pretix.nix new file mode 100644 index 0000000..9f56c23 --- /dev/null +++ b/machines/nixos/compute01/pretix.nix @@ -0,0 +1,55 @@ +# SPDX-FileCopyrightText: 2024 Tom Hubrecht +# +# SPDX-License-Identifier: EUPL-1.2 + +{ config, ... }: + +{ + services.nginx.virtualHosts.${config.services.pretix.nginx.domain} = { + enableACME = true; + forceSSL = true; + }; + + services.pretix = { + enable = true; + + plugins = with config.services.pretix.package.plugins; [ + pages + passbook + ]; + + nginx = { + enable = true; + domain = "pretix.dgnum.eu"; + }; + + environmentFile = config.age.secrets."pretix-environment_file".path; + + settings = { + pretix = { + instance_name = "pretix.dgnum.eu"; + url = "https://${config.services.pretix.nginx.domain}"; + }; + + mail = { + from = "pretix@infra.dgnum.eu"; + host = "kurisu.lahfa.xyz"; + port = 465; + user = "web-services@infra.dgnum.eu"; + ssl = "on"; + + admins = "admins+pretix@dgnum.eu"; + }; + + locale = { + default = "fr"; + timezone = "Europe/Paris"; + }; + }; + }; + + dgn-backups = { + postgresDatabases = [ "pretix" ]; + jobs.pretix.settings.paths = [ "/var/lib/pretix" ]; + }; +} diff --git a/machines/nixos/compute01/secrets/pretix-environment_file b/machines/nixos/compute01/secrets/pretix-environment_file new file mode 100644 index 0000000..28b9a01 --- /dev/null +++ b/machines/nixos/compute01/secrets/pretix-environment_file @@ -0,0 +1,30 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA Rns+GrvYIYGr2bkT5PGqRYgVjiDYx5bZePFwX5n84z8 ++vmlrK5mS00BLpJukWoHHDvJVOuHS/dfWSfPRqiiK2A +-> ssh-ed25519 QlRB9Q RKtrm6jKvSbOSBU8Lnd6Saui6yXHMuSgNcoYgGpwPEE +cU1kLd9jZ2qaeKcQEVaxxra2le1MwGMZNuDQBui76CU +-> ssh-ed25519 r+nK/Q J3IwXYXujMKTIDTW+zoP3kTlxd+WRWwrHo/uvH7y6Tg +YimrLo0a6W2baGbCx6WIw7PBnI/cBioMtiZhU4dcT8k +-> ssh-rsa krWCLQ +sX+yb3LCSr+PpOx/VHB6RCnlT2iARoPdoTlNhtz8DYGKY/UTNtqGtgHd0rV9cefh +MHdBlpjUnxpPkCuP2EwIEMTqyjGbPoq/AdpxklXNquMxWyeYD7Pe5ABbEx4vpAgH ++d3A+X3sJXV+lGqPtwIbRBBMCSYxffrS68V5DYfUWNG0rAF7xknfTE4IFNgg1yzR +4LJRpI/j77wlOn/8cH8jGtBrKtRPTq1z6a8MLU36bmBEpmS3EGMvOrfGrMnenhFr +vt6WEsEcHON5C57WyvfEV/qeLhkzaRBOcq3LnYGN4qc0EqVvWCLRqTHeMMJEWhK3 +n6qGjzhE5n1FMPoxox83ig +-> ssh-ed25519 /vwQcQ brE7F9GWBMVcmBJskPLZYp2tD80LAWvQFWGxw5asvC0 +aOsMTgH17u16P2oUzrIgvv3d70uYkMjAqBJDmmUYPq8 +-> ssh-ed25519 0R97PA Ni0DxmzYhSN/mwgKs8AFNwcEMLGDBH2R7mxwyGqyRxg +EmtSYAQ7wwYWqNLu8CmOhEhZq09UvPE8mTL9xRlXq0A +-> ssh-ed25519 JGx7Ng 0iDIiH3slqmumi41n1xKDlxH4UG3TvN+apOZCBCC2B0 +4uejPMfD2Qg9P9DPXr6kk06SdYIREc9/w5tId9ZkmjI +-> ssh-ed25519 bUjjig v0d0b2QdvJhiIlrYMRtfjvCWERTXyGIYmmocNTzFFBg +B+o4ZPftYBmc5CxdTqHSjIzyx5X6lCJ88M+XRj5ddrA +-> ssh-ed25519 tDqJRg I67xye4YEG7fRzMeSqmyY7g99YwBFG4TyIiABHnEd3k +Cj95yZeQZwGLFNnw4gK5pzS7Rvr/v0sIfNHoj/FWerU +-> 84t6-grease X| +ylGgBiG/KYc0vDvMho+lPMBe+2kZZ3DvlF5JHgtMRUAMy9ugXbwDYu5qq7GyPL38 +aBw8Jx13iIRkJA9CisyygX7l2P5sOdaa/IE5fTABjL6EGkLbP1uI0OFTH9Dd1tYy +ww +--- qbaLv0BDEw2uSR1ccqH5HOinQSQeynDl0IFU9VwD3Ag +?lBۆiI ]4x5hMsDz{pT}GU C]Qh~fvoQGj(j \ No newline at end of file diff --git a/machines/nixos/compute01/secrets/secrets.nix b/machines/nixos/compute01/secrets/secrets.nix index 421be13..be0bbf5 100644 --- a/machines/nixos/compute01/secrets/secrets.nix +++ b/machines/nixos/compute01/secrets/secrets.nix @@ -30,6 +30,7 @@ "plausible-admin_user_password_file" "plausible-secret_key_base_file" "plausible-smtp_password_file" + "pretix-environment_file" "satosa-env_file" "signal-irc-bridge-config" "telegraf-environment_file" diff --git a/meta/dns.nix b/meta/dns.nix index 40a9000..cd2602c 100644 --- a/meta/dns.nix +++ b/meta/dns.nix @@ -74,6 +74,7 @@ let "pads" # Hedgedoc "pass" # Vaultwarden "pdf" # Stirling PDF + "pretix" # Pretix "saml-idp" # Satosa "search.infra" # Extranix "social" # Mastodon