feat(compute01): Deploy pretalx

2025-01-20 00:56:14 +01:00 · 2025-01-20 00:56:14 +01:00 · 8ba6cedc1b
commit 8ba6cedc1b
parent 05591252a7
8 changed files with 122 additions and 1 deletions
--- a/REUSE.toml
+++ b/REUSE.toml
@ -20,7 +20,7 @@ precedence = "closest"
 [[annotations]]
 SPDX-FileCopyrightText = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>"
 SPDX-License-Identifier = "EUPL-1.2"
-path = ["machines/nixos/compute01/ds-fr/01-smtp-tls.patch", "machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch"]
+path = ["machines/nixos/compute01/ds-fr/01-smtp-tls.patch", "machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/01-pretalx-environment-file.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch"]
 precedence = "closest"

 [[annotations]]
--- a/default.nix
+++ b/default.nix
@ -95,6 +95,7 @@ let
          "machines/nixos/web01/crabfit/*.patch"
          "machines/nixos/web02/cas-eleves/01-pytest-cas.patch"
          "patches/lix/01-disable-installChecks.patch"
+          "patches/nixpkgs/01-pretalx-environment-file.patch"
          "patches/nixpkgs/03-crabfit-karla.patch"
          "patches/nixpkgs/05-netbird-relay.patch"
        ];
--- a/machines/nixos/compute01/_configuration.nix
+++ b/machines/nixos/compute01/_configuration.nix
@ -30,6 +30,7 @@ lib.extra.mkConfig {
    "outline"
    "plausible"
    "postgresql"
+    "pretalx"
    "pretix"
    "rstudio-server"
    # "satosa"
--- a/machines/nixos/compute01/pretalx.nix
+++ b/machines/nixos/compute01/pretalx.nix
@ -0,0 +1,52 @@
+# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ config, ... }:
+
+{
+  services.nginx.virtualHosts.${config.services.pretalx.nginx.domain} = {
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  services.pretalx = {
+    enable = true;
+
+    plugins = with config.services.pretalx.package.plugins; [
+      pages
+      venueless
+    ];
+
+    nginx = {
+      enable = true;
+      domain = "pretalx.dgnum.eu";
+    };
+
+    environmentFile = config.age.secrets."pretalx-environment_file".path;
+
+    settings = {
+      files.upload_limit = 50;
+
+      mail = {
+        from = "pretalx@infra.dgnum.eu";
+        host = "kurisu.lahfa.xyz";
+        port = 465;
+        ssl = true;
+        user = "web-services@infra.dgnum.eu";
+      };
+
+      logging.email = "admins+pretalx@dgnum.eu";
+
+      locale = {
+        language_code = "fr";
+        time_zone = "Europe/Paris";
+      };
+    };
+  };
+
+  dgn-backups = {
+    postgresDatabases = [ "pretalx" ];
+    jobs.pretix.settings.paths = [ "/var/lib/pretalx" ];
+  };
+}
--- a/machines/nixos/compute01/secrets/pretalx-environment_file
+++ b/machines/nixos/compute01/secrets/pretalx-environment_file
@ -0,0 +1,30 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA nxmUrwL0YLjmyml8KcWZ6dWwV5O6w2Dlg7uqb+eSYBY
+BgVWB3Z3wJ9E68kmDbf4/NrmsZGR/goS2Kfx/nc49Vs
+-> ssh-ed25519 QlRB9Q VB75tVIpYDO9Ta0MRsfuP24TAjbyT6OWEN0SjVkGVnA
+oDn5Yal9NY2ce0p4jf0+ceBM14aF9+62J3Ich00bn60
+-> ssh-ed25519 r+nK/Q ejM5Jc8o01aaFO55KL8O2IBf6XSb84zvirAUWyWI0Ck
+UXPxGsxI+vZHPsSWirv9GTa/Etwh3GXlOxAHrBMiRZQ
+-> ssh-rsa krWCLQ
+noF/XAAr5oXO3yxHgoKlPuFSiexCG508JCHrvUK0Pkw71KASEcEAfEHb+rZTi6yA
+vtRIoU6MnAG4RaDkilp2Cz4LDfx8JvT3ucmy///0UhwUwC8keeR7r/EIGPdB3Fyc
+FyyhC0KflA0kmWsOR9EZi2YYAHRTPUMzXYdSdIGc/82WMVGEizTck8CH10GV2Bxl
+SyiaJFk//q4fZZwyYUyaSVFjMwrjU1bbAipmB24SLLCLp1J+Xxq/OX83Mctjqutl
+LlNC10GdvM1JoPFFxy9Chk63WHZXp745D5JppWKJ8FuUs89WpCspzYNgqRgyBoQA
+wNlUgSD1p815tuCDs1+wlg
+-> ssh-ed25519 /vwQcQ StDx98vbjAGhJu1o74uVBC6DhuqaZZjxIEPyyCS44Wo
+CxNrC8Pdi9HMF0atPNQutowQG60DSyWhXA3n/vOS+HA
+-> ssh-ed25519 0R97PA BfmW5ljTVp+tUs32lAMnSBz2q5jMSgwgza3pfS3L404
+GibEScHuYz0b7kt+EQRXhiY01IfZzBhmMMJ7JxstWNo
+-> ssh-ed25519 JGx7Ng hCbmKD+QH6SlFmFMM61Xv2Y8TjNZJyCYhhtFmjYQUEM
+J8CLfOvhJeSdN2W8NQsIbfA1li6V4IzZc43Rq+yNuHc
+-> ssh-ed25519 bUjjig jFfhHzfqTzuuN4IszblOGe7WFMxfFa5GvUbQ5TgWNmI
+FU6hJSW0AT5FG49oQzN7c0dDsmgbhOYLAEz4YeAus6o
+-> ssh-ed25519 tDqJRg 8DMYhpgIDvTQ+IshJCKvgFiY8J4qdVVA7nGRRc+clSA
+EfRYOKCE6zv6BqbDyN4p6QdfN5Y+2GPie2tLqISbsSQ
+-> {7;qZH-grease b'%
+/q1kVYwytu14uIpZOi643OuIU7M3xNYoe2IPCVeH7A7lsAfhEuCbUOSwVGb1yvvP
+Zuz3ZUD4ubs7a4By3LmbfYgTak2iHUMd7YCMOcWgwRJb
+--- GrGJW7DhRg2lMfi+2fs81QGOIwUVuJkLuCzynlGtvUc
+Ì©Û¼šÙô].r·@…ªÚ+ÔÅutb)ßÍÈõ^¿²É½*ñ‡;/†ˆÎçSôóš->dÚÆ™ô›šY§û¯‡ukÿ{‘œôñªsž<>±<EFBFBD>/» VÊŠ
+H¹o.
--- a/machines/nixos/compute01/secrets/secrets.nix
+++ b/machines/nixos/compute01/secrets/secrets.nix
@ -30,6 +30,7 @@
    "plausible-admin_user_password_file"
    "plausible-secret_key_base_file"
    "plausible-smtp_password_file"
+    "pretalx-environment_file"
    "pretix-environment_file"
    "satosa-env_file"
    "signal-irc-bridge-config"
--- a/patches/default.nix
+++ b/patches/default.nix
@ -27,6 +27,9 @@ in

    # Fix pretix tests
    (npr 374822 "sha256-vM6l8Pb6F5HoZrpG4Ay3DdwwHBbv8MQy2Bo4gfiQ5zM=")
+
+    # pretalx env file option
+    (local ./nixpkgs/01-pretalx-environment-file.patch)
  ];

  "nixos-unstable" = [
--- a/patches/nixpkgs/01-pretalx-environment-file.patch
+++ b/patches/nixpkgs/01-pretalx-environment-file.patch
@ -0,0 +1,33 @@
+diff --git a/nixos/modules/services/web-apps/pretalx.nix b/nixos/modules/services/web-apps/pretalx.nix
+index c7d35d029963..5a6ab7fbe083 100644
+--- a/nixos/modules/services/web-apps/pretalx.nix
+++ b/nixos/modules/services/web-apps/pretalx.nix
+@@ -53,6 +53,17 @@ in
+       description = "User under which pretalx should run.";
+     };
+ 
+    environmentFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      example = "/run/keys/pretalx-secrets.env";
+      description = ''
+        Environment file to pass secret configuration values.
+
+        Each line must follow the `PRETALX_SECTION_KEY=value` pattern.
+      '';
+    };
+
+     plugins = lib.mkOption {
+       type = with lib.types; listOf package;
+       default = [ ];
+@@ -381,6 +392,9 @@ in
+           serviceConfig = {
+             User = "pretalx";
+             Group = "pretalx";
+            EnvironmentFile = lib.optionals (cfg.environmentFile != null) [
+              cfg.environmentFile
+            ];
+             StateDirectory = [
+               "pretalx"
+               "pretalx/media"
+