cst1/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

feat(compute01): Deploy pretalx

Browse source
This commit is contained in:
Tom Hubrecht 2025-01-20 00:56:14 +01:00
parent 05591252a7
commit 8ba6cedc1b
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
8 changed files with 122 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
REUSE.toml
View file

@ -20,7 +20,7 @@ precedence = "closest"
[[annotations]] [[annotations]]
SPDX-FileCopyrightText = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>" SPDX-FileCopyrightText = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>"
SPDX-License-Identifier = "EUPL-1.2" SPDX-License-Identifier = "EUPL-1.2"
path = ["machines/nixos/compute01/ds-fr/01-smtp-tls.patch", "machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch"] path = ["machines/nixos/compute01/ds-fr/01-smtp-tls.patch", "machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/01-pretalx-environment-file.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch"]
precedence = "closest" precedence = "closest"
[[annotations]] [[annotations]]

1
default.nix
View file

@ -95,6 +95,7 @@ let
"machines/nixos/web01/crabfit/*.patch" "machines/nixos/web01/crabfit/*.patch"
"machines/nixos/web02/cas-eleves/01-pytest-cas.patch" "machines/nixos/web02/cas-eleves/01-pytest-cas.patch"
"patches/lix/01-disable-installChecks.patch" "patches/lix/01-disable-installChecks.patch"
"patches/nixpkgs/01-pretalx-environment-file.patch"
"patches/nixpkgs/03-crabfit-karla.patch" "patches/nixpkgs/03-crabfit-karla.patch"
"patches/nixpkgs/05-netbird-relay.patch" "patches/nixpkgs/05-netbird-relay.patch"
]; ];

1
machines/nixos/compute01/_configuration.nix
View file

@ -30,6 +30,7 @@ lib.extra.mkConfig {
"outline" "outline"
"plausible" "plausible"
"postgresql" "postgresql"
"pretalx"
"pretix" "pretix"
"rstudio-server" "rstudio-server"
# "satosa" # "satosa"

52
machines/nixos/compute01/pretalx.nix Normal file
View file

@ -0,0 +1,52 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ config, ... }:
{
services.nginx.virtualHosts.${config.services.pretalx.nginx.domain} = {
enableACME = true;
forceSSL = true;
};
services.pretalx = {
enable = true;
plugins = with config.services.pretalx.package.plugins; [
pages
venueless
];
nginx = {
enable = true;
domain = "pretalx.dgnum.eu";
};
environmentFile = config.age.secrets."pretalx-environment_file".path;
settings = {
files.upload_limit = 50;
mail = {
from = "pretalx@infra.dgnum.eu";
host = "kurisu.lahfa.xyz";
port = 465;
ssl = true;
user = "web-services@infra.dgnum.eu";
};
logging.email = "admins+pretalx@dgnum.eu";
locale = {
language_code = "fr";
time_zone = "Europe/Paris";
};
};
};
dgn-backups = {
postgresDatabases = [ "pretalx" ];
jobs.pretix.settings.paths = [ "/var/lib/pretalx" ];
};
}

30
machines/nixos/compute01/secrets/pretalx-environment_file Normal file
View file

@ -0,0 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA nxmUrwL0YLjmyml8KcWZ6dWwV5O6w2Dlg7uqb+eSYBY
BgVWB3Z3wJ9E68kmDbf4/NrmsZGR/goS2Kfx/nc49Vs
-> ssh-ed25519 QlRB9Q VB75tVIpYDO9Ta0MRsfuP24TAjbyT6OWEN0SjVkGVnA
oDn5Yal9NY2ce0p4jf0+ceBM14aF9+62J3Ich00bn60
-> ssh-ed25519 r+nK/Q ejM5Jc8o01aaFO55KL8O2IBf6XSb84zvirAUWyWI0Ck
UXPxGsxI+vZHPsSWirv9GTa/Etwh3GXlOxAHrBMiRZQ
-> ssh-rsa krWCLQ
noF/XAAr5oXO3yxHgoKlPuFSiexCG508JCHrvUK0Pkw71KASEcEAfEHb+rZTi6yA
vtRIoU6MnAG4RaDkilp2Cz4LDfx8JvT3ucmy///0UhwUwC8keeR7r/EIGPdB3Fyc
FyyhC0KflA0kmWsOR9EZi2YYAHRTPUMzXYdSdIGc/82WMVGEizTck8CH10GV2Bxl
SyiaJFk//q4fZZwyYUyaSVFjMwrjU1bbAipmB24SLLCLp1J+Xxq/OX83Mctjqutl
LlNC10GdvM1JoPFFxy9Chk63WHZXp745D5JppWKJ8FuUs89WpCspzYNgqRgyBoQA
wNlUgSD1p815tuCDs1+wlg
-> ssh-ed25519 /vwQcQ StDx98vbjAGhJu1o74uVBC6DhuqaZZjxIEPyyCS44Wo
CxNrC8Pdi9HMF0atPNQutowQG60DSyWhXA3n/vOS+HA
-> ssh-ed25519 0R97PA BfmW5ljTVp+tUs32lAMnSBz2q5jMSgwgza3pfS3L404
GibEScHuYz0b7kt+EQRXhiY01IfZzBhmMMJ7JxstWNo
-> ssh-ed25519 JGx7Ng hCbmKD+QH6SlFmFMM61Xv2Y8TjNZJyCYhhtFmjYQUEM
J8CLfOvhJeSdN2W8NQsIbfA1li6V4IzZc43Rq+yNuHc
-> ssh-ed25519 bUjjig jFfhHzfqTzuuN4IszblOGe7WFMxfFa5GvUbQ5TgWNmI
FU6hJSW0AT5FG49oQzN7c0dDsmgbhOYLAEz4YeAus6o
-> ssh-ed25519 tDqJRg 8DMYhpgIDvTQ+IshJCKvgFiY8J4qdVVA7nGRRc+clSA
EfRYOKCE6zv6BqbDyN4p6QdfN5Y+2GPie2tLqISbsSQ
-> {7;qZH-grease b'%
/q1kVYwytu14uIpZOi643OuIU7M3xNYoe2IPCVeH7A7lsAfhEuCbUOSwVGb1yvvP
Zuz3ZUD4ubs7a4By3LmbfYgTak2iHUMd7YCMOcWgwRJb
--- GrGJW7DhRg2lMfi+2fs81QGOIwUVuJkLuCzynlGtvUc
Ì©Û¼šÙô].r·@…ªÚ+ÔÅutb)ßÍÈõ^¿²É½*ñ‡;/†ˆÎçSôóš->dÚÆ™ôšY§û¯‡ukÿ{œôñªsž<>±<EFBFBD> VÊŠ
H¹o.

1
machines/nixos/compute01/secrets/secrets.nix
View file

@ -30,6 +30,7 @@
"plausible-admin_user_password_file" "plausible-admin_user_password_file"
"plausible-secret_key_base_file" "plausible-secret_key_base_file"
"plausible-smtp_password_file" "plausible-smtp_password_file"
"pretalx-environment_file"
"pretix-environment_file" "pretix-environment_file"
"satosa-env_file" "satosa-env_file"
"signal-irc-bridge-config" "signal-irc-bridge-config"

3
patches/default.nix
View file

@ -27,6 +27,9 @@ in
# Fix pretix tests # Fix pretix tests
(npr 374822 "sha256-vM6l8Pb6F5HoZrpG4Ay3DdwwHBbv8MQy2Bo4gfiQ5zM=") (npr 374822 "sha256-vM6l8Pb6F5HoZrpG4Ay3DdwwHBbv8MQy2Bo4gfiQ5zM=")
# pretalx env file option
(local ./nixpkgs/01-pretalx-environment-file.patch)
]; ];
"nixos-unstable" = [ "nixos-unstable" = [

33
patches/nixpkgs/01-pretalx-environment-file.patch Normal file
View file

@ -0,0 +1,33 @@
diff --git a/nixos/modules/services/web-apps/pretalx.nix b/nixos/modules/services/web-apps/pretalx.nix
index c7d35d029963..5a6ab7fbe083 100644
--- a/nixos/modules/services/web-apps/pretalx.nix
+++ b/nixos/modules/services/web-apps/pretalx.nix
@@ -53,6 +53,17 @@ in
description = "User under which pretalx should run.";
};
+ environmentFile = lib.mkOption {
+ type = lib.types.nullOr lib.types.path;
+ default = null;
+ example = "/run/keys/pretalx-secrets.env";
+ description = ''
+ Environment file to pass secret configuration values.
+
+ Each line must follow the `PRETALX_SECTION_KEY=value` pattern.
+ '';
+ };
+
plugins = lib.mkOption {
type = with lib.types; listOf package;
default = [ ];
@@ -381,6 +392,9 @@ in
serviceConfig = {
User = "pretalx";
Group = "pretalx";
+ EnvironmentFile = lib.optionals (cfg.environmentFile != null) [
+ cfg.environmentFile
+ ];
StateDirectory = [
"pretalx"
"pretalx/media"