From db38131076a94b2776f72a392bae1bf34c5f9ecf Mon Sep 17 00:00:00 2001 From: Marc Debureaux Date: Wed, 3 Apr 2024 21:26:47 +0200 Subject: [PATCH] Pretalx role files --- roles/pretalx | 1 - roles/pretalx/.ansible-lint | 7 + roles/pretalx/Vagrantfile | 23 ++ roles/pretalx/defaults/main.yml | 66 +++++ roles/pretalx/handlers/main.yml | 86 ++++++ roles/pretalx/meta/main.yml | 23 ++ roles/pretalx/tasks/main.yml | 22 ++ roles/pretalx/tasks/package.yml | 269 ++++++++++++++++++ roles/pretalx/tasks/requirements.yml | 3 + .../pretalx/tasks/requirements_archlinux.yml | 43 +++ roles/pretalx/tasks/requirements_debian.yml | 40 +++ roles/pretalx/templates/nginx.conf | 81 ++++++ .../templates/pretalx-worker.service.j2 | 15 + roles/pretalx/templates/pretalx.cfg.j2 | 51 ++++ roles/pretalx/templates/pretalx.service.j2 | 12 + roles/pretalx/templates/pretalx.socket.j2 | 8 + 16 files changed, 749 insertions(+), 1 deletion(-) delete mode 160000 roles/pretalx create mode 100644 roles/pretalx/.ansible-lint create mode 100644 roles/pretalx/Vagrantfile create mode 100644 roles/pretalx/defaults/main.yml create mode 100644 roles/pretalx/handlers/main.yml create mode 100644 roles/pretalx/meta/main.yml create mode 100644 roles/pretalx/tasks/main.yml create mode 100644 roles/pretalx/tasks/package.yml create mode 100644 roles/pretalx/tasks/requirements.yml create mode 100644 roles/pretalx/tasks/requirements_archlinux.yml create mode 100644 roles/pretalx/tasks/requirements_debian.yml create mode 100644 roles/pretalx/templates/nginx.conf create mode 100644 roles/pretalx/templates/pretalx-worker.service.j2 create mode 100644 roles/pretalx/templates/pretalx.cfg.j2 create mode 100644 roles/pretalx/templates/pretalx.service.j2 create mode 100644 roles/pretalx/templates/pretalx.socket.j2 diff --git a/roles/pretalx b/roles/pretalx deleted file mode 160000 index f8e87d1..0000000 --- a/roles/pretalx +++ /dev/null @@ -1 +0,0 @@ -Subproject commit f8e87d121b30ab92896c7cad30bd7093a28414ee diff --git a/roles/pretalx/.ansible-lint b/roles/pretalx/.ansible-lint new file mode 100644 index 0000000..b48edce --- /dev/null +++ b/roles/pretalx/.ansible-lint @@ -0,0 +1,7 @@ +skip_list: + - fqcn[action] + - fqcn[action-core] + - yaml[line-length] + +exclude_paths: + - .github diff --git a/roles/pretalx/Vagrantfile b/roles/pretalx/Vagrantfile new file mode 100644 index 0000000..0653c2f --- /dev/null +++ b/roles/pretalx/Vagrantfile @@ -0,0 +1,23 @@ +Vagrant.configure("2") do |config| + config.vm.provider :virtualbox do |v| + v.name = "pretalx" + v.memory = 2048 + v.cpus = 2 + v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] + v.customize ["modifyvm", :id, "--ioapic", "on"] + end + + config.vm.define :pretalx do |pretalx| + pretalx.vm.hostname = "pretalx.local" + pretalx.vm.box = "debian/bookworm64" + pretalx.vm.network :private_network, ip: "192.168.56.10" + pretalx.vm.network :forwarded_port, guest: "80", host: "8000" + pretalx.vm.network :forwarded_port, guest: "443", host: "8443" + + pretalx.vm.provision "ansible" do |ansible| + ansible.compatibility_mode = "2.0" + ansible.playbook = "pretalx.yml" + ansible.become = true + end + end +end diff --git a/roles/pretalx/defaults/main.yml b/roles/pretalx/defaults/main.yml new file mode 100644 index 0000000..554b1e0 --- /dev/null +++ b/roles/pretalx/defaults/main.yml @@ -0,0 +1,66 @@ +--- +# Use if you have more than one instance on your server, for example for +# seamless updates (sharing a database) or separate instances. +pretalx_instance_identifier: "main" + +pretalx_system_user: "pretalx" +pretalx_system_home: "/home/{{ pretalx_system_user }}" +pretalx_database_backend: postgresql +pretalx_database_name: pretalx_{{ pretalx_instance_identifier }} +pretalx_database_user: pretalx_{{ pretalx_instance_identifier }} +pretalx_database_password: false +pretalx_database_host: localhost +pretalx_database_port: 5432 + +pretalx_staticfiles_directory: "{{ pretalx_system_home }}/pretalx_{{ pretalx_instance_identifier }}/static" +pretalx_data_dir: "{{ pretalx_system_home }}/pretalx_{{ pretalx_instance_identifier }}/data" +pretalx_media_dir: "{{ pretalx_system_home }}/pretalx_{{ pretalx_instance_identifier }}/media" +pretalx_virtualenv: "{{ pretalx_system_home }}/pretalx_{{ pretalx_instance_identifier }}/venv" +pretalx_python: "{{ pretalx_virtualenv }}/bin/python" +pretalx_webserver_group: www-data +pretalx_domain: localhost +pretalx_url: https://{{ pretalx_domain }} +pretalx_core_modules: "" + +pretalx_admin_mail: "" +pretalx_mail_from: admin@localhost +pretalx_mail_host: localhost +pretalx_mail_port: 25 + +pretalx_mail_tls: "False" +pretalx_mail_ssl: "True" +pretalx_mail_user: None # if set to None do not use authentication +pretalx_mail_password: None + +pretalx_service_workers: 4 # https://docs.gunicorn.org/en/stable/settings.html?highlight=max-requests#workers +pretalx_service_workers_max_requests: 1200 # https://docs.gunicorn.org/en/stable/settings.html?highlight=max-requests#max-requests +pretalx_service_workers_max_requests_jitter: 50 # https://docs.gunicorn.org/en/stable/settings.html?highlight=max-requests#max-requests-jitter + +pretalx_nginx: false +pretalx_nginx_path: false +pretalx_nginx_force_https: false # Set to true if you want this role to take care of HTTPS upgrades, leave false if your nginx configuration handles this already +pretalx_cert_root: /etc/ssl/letsencrypt/certs # for Nginx configuration +pretalx_nginx_http_only: false + +pretalx_redis: false + +pretalx_celery: true +pretalx_celery_backend: "redis://127.0.0.1:6379/1" +pretalx_celery_broker: "redis://127.0.0.1:6379/2" + +pretalx_version: latest +pretalx_git_version: "" +pretalx_git_url: "https://github.com/pretalx/pretalx.git" + +pretalx_plugins: null + +pretalx_cron: true + +pretalx_alternate_domains: null # can be a string like "location1 location2" + +pretalx_additional_config: null # string that will be appended to the cfg file without further modifications + +pretalx_admin_email: "" +pretalx_admin_password: "" +pretalx_orga_name: "" +pretalx_orga_slug: "" diff --git a/roles/pretalx/handlers/main.yml b/roles/pretalx/handlers/main.yml new file mode 100644 index 0000000..f325ad3 --- /dev/null +++ b/roles/pretalx/handlers/main.yml @@ -0,0 +1,86 @@ +--- +- name: Reload systemd services + systemd: + daemon_reload: true + +- name: Install pretalx plugins + shell: cd {{ pretalx_system_home }}/plugins/{{ item.name }} && {{ pretalx_python }} setup.py develop --user + with_items: "{{ pretalx_plugins }}" + become: true + become_user: "{{ pretalx_system_user }}" + changed_when: true + +- name: Run pretalx migrations + command: "{{ pretalx_python }} -m pretalx migrate" + become: true + become_user: "{{ pretalx_system_user }}" + changed_when: true + +- name: Run pretalx static collection + command: "{{ pretalx_python }} -m pretalx collectstatic --noinput" + become: true + become_user: "{{ pretalx_system_user }}" + changed_when: true + +- name: Compile pretalx styles + command: "{{ pretalx_python }} -m pretalx regenerate_css" + become: true + become_user: "{{ pretalx_system_user }}" + changed_when: true + +- name: Copy static manifest + shell: "cp -f {{ pretalx_staticfiles_directory }}/staticfiles.json {{ pretalx_staticfiles_directory }}/pretalx-manifest.json" + become: true + become_user: "{{ pretalx_system_user }}" + changed_when: true + +- name: Compile messages for plugins + shell: cd {{ pretalx_system_home }}/plugins/{{ item.name }} && make + with_items: "{{ pretalx_plugins }}" + become: true + become_user: "{{ pretalx_system_user }}" + changed_when: true + +- name: Rebuild pretalx files + command: "{{ pretalx_python }} -m pretalx rebuild --npm-install" + become: true + become_user: "{{ pretalx_system_user }}" + changed_when: true + +- name: Initialize pretalx + command: "{{ pretalx_python }} -m pretalx init --noinput" + become: true + become_user: "{{ pretalx_system_user }}" + changed_when: true + environment: + - DJANGO_SUPERUSER_EMAIL: "{{ pretalx_admin_email }}" + - DJANGO_SUPERUSER_PASSWORD: "{{ pretalx_admin_password }}" + - PRETALX_INIT_ORGANISER_NAME: "{{ pretalx_orga_name }}" + - PRETALX_INIT_ORGANISER_SLUG: "{{ pretalx_orga_slug }}" + +- name: Restart pretalx service + service: + name: pretalx@{{ pretalx_instance_identifier }} + state: restarted + +- name: Restart worker service + service: + name: pretalx-worker@{{ pretalx_instance_identifier }} + state: restarted + when: pretalx_celery + +- name: Restart redis + service: + name: redis + state: restarted + when: pretalx_redis + +- name: Reload nginx + service: + name: nginx + state: reloaded + +- name: Restart pretalx socket + service: + name: pretalx@{{ pretalx_instance_identifier }}.socket + state: restarted diff --git a/roles/pretalx/meta/main.yml b/roles/pretalx/meta/main.yml new file mode 100644 index 0000000..e26fe74 --- /dev/null +++ b/roles/pretalx/meta/main.yml @@ -0,0 +1,23 @@ +--- +galaxy_info: + namespace: pretalx + role_name: pretalx + author: Tobias Kunze + description: Ansible role to install pretalx in a production environment + company: pretalx + issue_tracker_url: https://github.com/pretalx/ansible-pretalx + license: Apache + min_ansible_version: "2.4" + galaxy_tags: + - pretalx + - conference + - schedule + - program + - cfp + platforms: + - name: ArchLinux + versions: + - all + - name: Debian + versions: + - bullseye diff --git a/roles/pretalx/tasks/main.yml b/roles/pretalx/tasks/main.yml new file mode 100644 index 0000000..1b74bb1 --- /dev/null +++ b/roles/pretalx/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: Install system requirements + import_tasks: requirements.yml + +- name: Detect installed system Python version + command: | + python3 -c "import sys; (major, minor) = sys.version_info[0:2]; print(f'{major}.{minor}')" + args: + creates: nothing + changed_when: false + # become: true + # become_user: "{{ pretalx_system_user }}" + when: pretalx_system_python_version is not defined + register: pretalx_python_version_info_major_minor + +- name: Define installed system Python version variable + set_fact: + pretalx_system_python_version: "{{ pretalx_python_version_info_major_minor.stdout }}" + when: pretalx_system_python_version is not defined + +- name: Install pretalx itself + import_tasks: package.yml diff --git a/roles/pretalx/tasks/package.yml b/roles/pretalx/tasks/package.yml new file mode 100644 index 0000000..444c57c --- /dev/null +++ b/roles/pretalx/tasks/package.yml @@ -0,0 +1,269 @@ +--- +- name: Create a pretalx user + user: + name: "{{ pretalx_system_user }}" + state: present + system: true + tags: + - pretalx + +- name: Create required directories + file: + path: "{{ item }}" + state: directory + owner: "{{ pretalx_system_user }}" + group: "{{ pretalx_webserver_group }}" + mode: "0750" + recurse: true + with_items: + - "{{ pretalx_staticfiles_directory }}" + - "{{ pretalx_data_dir }}" + - "{{ pretalx_media_dir }}" + - "{{ pretalx_virtualenv }}" + tags: + - pretalx + +- name: Install redis client + pip: + name: django_redis + state: latest # noqa package-latest + virtualenv: "{{ pretalx_virtualenv }}" + become: true + become_user: "{{ pretalx_system_user }}" + when: pretalx_redis or pretalx_celery + tags: + - pretalx + - pretalx-install + +- name: Install gunicorn + pip: + name: gunicorn + state: latest # noqa package-latest + virtualenv: "{{ pretalx_virtualenv }}" + become: true + become_user: "{{ pretalx_system_user }}" + tags: + - pretalx + - pretalx-install + +- name: Configure pretalx + template: + src: pretalx.cfg.j2 + dest: "{{ pretalx_system_home }}/.pretalx.cfg" + mode: "0600" + notify: + - Restart pretalx service + - Restart worker service + - Run pretalx migrations + - Rebuild pretalx files + - Compile pretalx styles + become: true + become_user: "{{ pretalx_system_user }}" + tags: + - pretalx + - pretalxupdate + +- name: Set pretalx_extra to "[postgres]" if using postgresql database + set_fact: + pretalx_extra: "[postgres]" + when: pretalx_database_backend == 'postgresql' + tags: + - pretalx + - pretalxupdate + +- name: Set pretalx_extra to "[mysql]" if using mysql database + set_fact: + pretalx_extra: "[mysql]" + when: pretalx_database_backend == 'mysql' + tags: + - pretalx + - pretalxupdate + +- name: Set pretalx_extra to "" if using other database + set_fact: + pretalx_extra: "" + when: pretalx_extra is not defined + tags: + - pretalx + - pretalxupdate + +- name: Install pretalx (latest) + pip: + name: "pretalx{{ pretalx_extra }}" + state: latest # noqa package-latest + virtualenv: "{{ pretalx_virtualenv }}" + notify: + - Restart pretalx service + - Restart worker service + - Run pretalx migrations + - Run pretalx static collection + - Copy static manifest + - Rebuild pretalx files + - Compile pretalx styles + - Initialize pretalx + when: (pretalx_version == 'latest') and not (pretalx_git_version) + become: true + become_user: "{{ pretalx_system_user }}" + tags: + - pretalx + - pretalxupdate + +- name: Install pretalx (versioned) + pip: + name: "pretalx{{ pretalx_extra }}" + version: "{{ pretalx_version }}" # noqa package-lastest + virtualenv: "{{ pretalx_virtualenv }}" + notify: + - Restart pretalx service + - Restart worker service + - Run pretalx migrations + - Run pretalx static collection + - Copy static manifest + - Rebuild pretalx files + - Compile pretalx styles + - Initialize pretalx + when: (pretalx_version != 'latest') and not pretalx_git_version + become: true + become_user: "{{ pretalx_system_user }}" + tags: + - pretalx + - pretalxupdate + +- name: Install pretalx (git) + pip: + name: "git+{{ pretalx_git_url }}@{{ pretalx_git_version }}#egg=pretalx{{ pretalx_extra }}" + state: forcereinstall + virtualenv: "{{ pretalx_virtualenv }}" + notify: + - Restart pretalx service + - Restart worker service + - Run pretalx migrations + - Run pretalx static collection + - Copy static manifest + - Rebuild pretalx files + - Compile pretalx styles + - Initialize pretalx + when: pretalx_git_version | length > 0 + become: true + become_user: "{{ pretalx_system_user }}" + changed_when: true + tags: + - pretalx + - pretalxupdate + +- name: Make sure plugin directory exists + file: + path: "{{ pretalx_system_home }}/plugins" + state: directory + owner: "{{ pretalx_system_user }}" + recurse: true + when: pretalx_plugins + tags: + - pretalx + +- name: Install pretalx plugins + git: + repo: "{{ item.repository }}" + dest: "{{ pretalx_system_home }}/plugins/{{ item.name }}" + version: "{{ item.version if item.version is defined else 'main' }}" + key_file: "{{ pretalx_system_home }}/.ssh/id_rsa" + accept_hostkey: true + become: true + become_user: "{{ pretalx_system_user }}" + with_items: "{{ pretalx_plugins }}" + when: pretalx_plugins + notify: + - Restart pretalx service + - Restart worker service + - Run pretalx migrations + - Run pretalx static collection + - Copy static manifest + - Rebuild pretalx files + - Compile pretalx styles + - Install pretalx plugins + tags: + - pretalx + - pretalxupdate + +- name: Install systemd socket + template: + src: pretalx.socket.j2 + dest: /etc/systemd/system/pretalx@{{ pretalx_instance_identifier }}.socket + mode: "0644" + notify: + - Reload systemd services + - Restart pretalx socket + tags: + - pretalx + +- name: Install systemd service + template: + src: pretalx.service.j2 + dest: /etc/systemd/system/pretalx@{{ pretalx_instance_identifier }}.service + mode: "0644" + notify: + - Reload systemd services + - Restart pretalx service + - Restart worker service + tags: + - pretalx + +- name: Install worker service + template: + src: pretalx-worker.service.j2 + dest: /etc/systemd/system/pretalx-worker@{{ pretalx_instance_identifier }}.service + mode: "0644" + notify: + - Reload systemd services + - Restart worker service + when: pretalx_celery + tags: + - pretalx + +- name: Start pretalx socket + service: + name: pretalx@{{ pretalx_instance_identifier }}.socket + state: started + enabled: true + tags: + - pretalx + +- name: Start systemd service + service: + name: pretalx@{{ pretalx_instance_identifier }} + state: started + enabled: true + tags: + - pretalx + +- name: Start worker service + service: + name: pretalx-worker@{{ pretalx_instance_identifier }} + state: started + enabled: true + when: pretalx_celery + tags: + - pretalx + +- name: Install nginx config + template: + src: nginx.conf + dest: "{{ pretalx_nginx_path }}/pretalx_{{ pretalx_instance_identifier }}.conf" + mode: "0644" + when: pretalx_nginx + notify: + - Reload nginx + tags: + - nginx + - pretalx + - pretalxnginx + +- name: Install runperiodic cronjob + cron: + minute: "40" + name: Run pretalx{{ pretalx_instance_identifier }} periodic task + user: "{{ pretalx_system_user }}" + job: "{{ pretalx_python }} -m pretalx runperiodic" + when: pretalx_cron + tags: + - pretalx diff --git a/roles/pretalx/tasks/requirements.yml b/roles/pretalx/tasks/requirements.yml new file mode 100644 index 0000000..c5d3854 --- /dev/null +++ b/roles/pretalx/tasks/requirements.yml @@ -0,0 +1,3 @@ +--- +- name: Install system requirements + include_tasks: requirements_{{ ansible_os_family | lower }}.yml diff --git a/roles/pretalx/tasks/requirements_archlinux.yml b/roles/pretalx/tasks/requirements_archlinux.yml new file mode 100644 index 0000000..567663b --- /dev/null +++ b/roles/pretalx/tasks/requirements_archlinux.yml @@ -0,0 +1,43 @@ +--- +- name: Install dependencies + pacman: + name: + - python + - git + - npm + state: present + notify: + - Reload systemd services + tags: + - pretalx + +- name: Install sqlite + pacman: + name: + - sqlite + state: present + notify: + - Reload systemd services + when: pretalx_database_backend != 'postgresql' and pretalx_database_backend != 'mysql' + tags: + - pretalx + +- name: Install redis + pacman: + name: + - redis + state: present + notify: + - Restart redis + when: pretalx_redis + tags: + - pretalx + +- name: Start and enable redis + service: + name: redis + state: started + enabled: true + when: pretalx_redis + tags: + - pretalx diff --git a/roles/pretalx/tasks/requirements_debian.yml b/roles/pretalx/tasks/requirements_debian.yml new file mode 100644 index 0000000..856fb45 --- /dev/null +++ b/roles/pretalx/tasks/requirements_debian.yml @@ -0,0 +1,40 @@ +--- +- name: Install Python 3 + apt: + name: + - python3 + - python3-dev + - python3-wheel + - virtualenv + state: present + tags: + - pretalx + +- name: Install other dependencies + apt: + name: + - gcc + - gettext + - git + - npm + state: present + tags: + - pretalx + +- name: Install sqlite + apt: + name: + - sqlite3 + state: present + when: pretalx_database_backend != 'postgresql' and pretalx_database_backend != 'mysql' + tags: + - pretalx + +- name: Install redis + apt: + name: + - redis-server + state: present + when: pretalx_redis + tags: + - pretalx diff --git a/roles/pretalx/templates/nginx.conf b/roles/pretalx/templates/nginx.conf new file mode 100644 index 0000000..d99042b --- /dev/null +++ b/roles/pretalx/templates/nginx.conf @@ -0,0 +1,81 @@ +upstream pretalx_{{ pretalx_instance_identifier }}_server { + server unix:/run/gunicorn/pretalx_{{ pretalx_instance_identifier }} fail_timeout=0; +} + +proxy_cache_path /tmp/nginx-pretalx-{{ pretalx_instance_identifier }} levels=1:2 keys_zone=pretalx_static_{{ pretalx_instance_identifier }}:10m inactive=60m max_size=250m; + +{% if pretalx_nginx_force_https and not pretalx_nginx_http_only %} +server { + listen 80; + listen [::]:80; + + server_name {{ pretalx_domain }}{% if pretalx_alternate_domains %} {{ pretalx_alternate_domains }}{% endif %}; + return 301 https://$host$request_uri; +} +{% endif %} + +{% if pretalx_nginx_http_only %} +server { + listen 80; + listen [::]:80; + + server_name {{ pretalx_domain }}{% if pretalx_alternate_domains %} {{ pretalx_alternate_domains }}{% endif %}; + +{% else %} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ pretalx_domain }}{% if pretalx_alternate_domains %} {{ pretalx_alternate_domains }}{% endif %}; + + # ssl on; + # ssl_certificate {{ pretalx_cert_root }}/{{ pretalx_domain }}/fullchain.pem; + # ssl_certificate_key {{ pretalx_cert_root }}/{{ pretalx_domain }}/privkey.pem; + # proxy_set_header X-Forwarded-Proto https; + include snippets/letsencrypt-{{ pretalx_domain }}.conf; + +{% endif %} + + access_log /var/log/nginx/pretalx_{{ pretalx_instance_identifier }}.access.log; + error_log /var/log/nginx/pretalx_{{ pretalx_instance_identifier }}.error.log; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # If you decide to turn gzip on, turn it off explicitly for ~ (*.)/schedule/export/(*.) + # or your export pages won't show their (working, existing) etags. + # You'd think that gzip_proxied no_etag; would work. It doesn't. + gzip off; + + location /static/ { + access_log off; + alias {{ pretalx_staticfiles_directory }}/; + } + + location /static/CACHE/ { + gzip on; + expires 30d; + add_header Cache-Control public; + add_header Pragma public; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + proxy_cache pretalx_static_{{ pretalx_instance_identifier }}; + proxy_ignore_headers Cache-Control; + proxy_cache_valid any 60m; + add_header X-Proxy-Cache $upstream_cache_status; + alias {{ pretalx_staticfiles_directory }}/CACHE/; + } + + location /media/ { + gzip on; + alias {{ pretalx_media_dir }}/; + add_header Content-Disposition 'attachment'; + } + + location / { + proxy_pass http://pretalx_{{ pretalx_instance_identifier }}_server; + } + + client_max_body_size 32M; +} diff --git a/roles/pretalx/templates/pretalx-worker.service.j2 b/roles/pretalx/templates/pretalx-worker.service.j2 new file mode 100644 index 0000000..68a9f10 --- /dev/null +++ b/roles/pretalx/templates/pretalx-worker.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=pretalx %I background worker +After=network.target + +[Service] +User={{ pretalx_system_user }} +Group={{ pretalx_system_user }} +ExecStart={{ pretalx_virtualenv }}/bin/celery -A pretalx.celery_app worker -l info +WorkingDirectory={{ pretalx_virtualenv }}/lib/python{{ pretalx_system_python_version }}/site-packages/pretalx +Restart=on-failure +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s TERM $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/roles/pretalx/templates/pretalx.cfg.j2 b/roles/pretalx/templates/pretalx.cfg.j2 new file mode 100644 index 0000000..b81fec2 --- /dev/null +++ b/roles/pretalx/templates/pretalx.cfg.j2 @@ -0,0 +1,51 @@ +[filesystem] +static = {{ pretalx_staticfiles_directory }} +media = {{ pretalx_media_dir }} +data = {{ pretalx_data_dir }} + +[database] +backend = {{ pretalx_database_backend }} +name = {{ pretalx_database_name }} +user = {{ pretalx_database_user }} +password = {{ pretalx_database_password }} +host = {{ pretalx_database_host }} +port = {{ pretalx_database_port }} + +[site] +url = {{ pretalx_url }} + +{% if pretalx_secret_key %}secret = {{ pretalx_secret_key }}{% endif %} + +{% if pretalx_core_modules %}core_modules = {{ pretalx_core_modules }}{% endif %} + + +[mail] +from = {{ pretalx_mail_from }} +host = {{ pretalx_mail_host }} +port = {{ pretalx_mail_port }} + +{% if pretalx_mail_user %}user = {{ pretalx_mail_user }}{% endif %} + +{% if pretalx_mail_password %}password = {{ pretalx_mail_password }}{% endif %} + +tls = {{ pretalx_mail_tls }} +ssl = {{ pretalx_mail_ssl }} + +{% if pretalx_celery -%} +[celery] +backend = {{ pretalx_celery_backend }} +broker = {{ pretalx_celery_broker }} +{%- endif %} + +{% if pretalx_redis %} +[redis] +location = {{ pretalx_redis }} +session = True +{% endif %} + +{% if pretalx_admin_mail %} +[logging] +email = {{ pretalx_admin_mail }} +{% endif %} + +{% if pretalx_additional_config %}{{ pretalx_additional_config }}{% endif %} diff --git a/roles/pretalx/templates/pretalx.service.j2 b/roles/pretalx/templates/pretalx.service.j2 new file mode 100644 index 0000000..975f661 --- /dev/null +++ b/roles/pretalx/templates/pretalx.service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=pretalx %I server application +Requires=pretalx@%i.socket +After=network.target + +[Service] +User={{ pretalx_system_user }} +Group={{ pretalx_system_user }} +WorkingDirectory={{ pretalx_virtualenv }}/lib/python{{ pretalx_system_python_version }}/site-packages/pretalx +ExecStart={{ pretalx_virtualenv }}/bin/gunicorn --bind unix:/run/gunicorn/pretalx_%i --workers {{ pretalx_service_workers }} --max-requests {{ pretalx_service_workers_max_requests }} --max-requests-jitter {{ pretalx_service_workers_max_requests_jitter }} pretalx.wsgi +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s TERM $MAINPID diff --git a/roles/pretalx/templates/pretalx.socket.j2 b/roles/pretalx/templates/pretalx.socket.j2 new file mode 100644 index 0000000..0df8197 --- /dev/null +++ b/roles/pretalx/templates/pretalx.socket.j2 @@ -0,0 +1,8 @@ +[Unit] +Description=pretalx_%I gunicorn socket + +[Socket] +ListenStream=/run/gunicorn/pretalx_%i + +[Install] +WantedBy=sockets.target