about summary refs log tree commit diff
path: root/nix/hosts
diff options
context:
space:
mode:
authorEmile <git@emile.space>2024-06-10 23:43:32 +0200
committerEmile <git@emile.space>2024-06-10 23:43:32 +0200
commitc33e0952e37c339cb656497b9dcde277b444b97a (patch)
tree03085b8a196e3710f4f370a1b513ce1ce2919f52 /nix/hosts
parent57c2b600a584d642d49216474f334b3a0de489af (diff)
now using the 24.05 pretix module
Diffstat (limited to 'nix/hosts')
-rw-r--r--nix/hosts/corrino/www/tickets.emile.space.nix157
1 files changed, 52 insertions, 105 deletions
diff --git a/nix/hosts/corrino/www/tickets.emile.space.nix b/nix/hosts/corrino/www/tickets.emile.space.nix
index f7d7b94..cec3331 100644
--- a/nix/hosts/corrino/www/tickets.emile.space.nix
+++ b/nix/hosts/corrino/www/tickets.emile.space.nix
@@ -1,118 +1,65 @@
 { config, pkgs, ... }:
 
-# Future People: This place is not a place of honor... no highly esteemed deed
-# is commemorated here... nothing valued is here...
-# Look at the docker volumes section: You'll have to build and fail a few
-# times... sorry
+# initially login as `admin@localhost` with the passwords `admin`
+# (yes, I've changed this, this is just a note for if I forget when reading
+# this in the future)
 
-let
-  ports = import ../ports.nix;
-  pretix_config = pkgs.writeText "pretix.cfg" ''
-    [pretix]
-    instance_name=tickets.emile.space
-    url=https://tickets.emile.space
-    currency=EUR
-    ; DO NOT change the following value, it has to be set to the location of the
-    ; directory *inside* the docker container
-    datadir=/data
-    cookie_domain=tickets.emile.space
-    trust_x_forwarded_for=on
-    trust_x_forwarded_proto=on
-
-    [database]
-    backend=sqlite3
-
-    [mail]
-    ; See config file documentation for more options
-    from=tickets@emile.space
-    ; This is the default IP address of your docker host in docker's virtual
-    ; network. Make sure postfix listens on this address.
-    host=mail.emile.space
-    user=mail
-    password=${config.age.secrets.mail_password.path}
-    port=1025
-    tls=on
-    ssl=off
-
-    [redis]
-    location=unix:///pretix/redis.sock?db=0
-    ; Remove the following line if you are unsure about your redis' security
-    ; to reduce impact if redis gets compromised.
-    sessions=true
-
-    [celery]
-    backend=redis+socket:///pretix/redis.sock?virtual_host=1
-    broker=redis+socket:///pretix/redis.sock?virtual_host=2
-  '';
-in {
+{
+  # so the default pretix module doesn't allow TLS foo by default, don't ask
+  # me why...
   services.nginx.virtualHosts."tickets.emile.space" = {
     forceSSL = true;
     enableACME = true;
-
-    # serverAliases = [
-    #   "falscher-ha.se"
-    # ];
-
-    locations = {
-      "/" = {
-        extraConfig = ''
-          proxy_pass http://127.0.0.1:${toString ports.tickets};
-
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header Host $host;
-        '';
-      };
-    };
   };
 
-  virtualisation.oci-containers.containers = {
+  services = {
     pretix = {
-      image = "pretix/standalone:stable";
-      ports = [
-        "127.0.0.1:${toString ports.tickets}:80"
-      ];
-      volumes = [
-        "/var/pretix-data:/data"
-        "/etc/pretix:/etc/pretix"
-        "/run/redis-pretix/redis.sock:/pretix/redis.sock"
-        # "/run/redis:/var/run/redis"
-
-        # update the below manually using the result from
-        # ; readlink /etc/static/pretix.cfg
-        # after building and failing once
-        # (yes, I'm so annoyed that I can't mount symlinks into docker containers)
-        # "/nix/store/vch1g88b5za1ab79cikil3n7wqrl8wxg-etc-pretix.cfg:/etc/pretix/pretix.cfg"
-        # "/nix/store/rcxvnbg7iqb1z011ybanj3982153xi70-etc-pretix.cfg:/etc/pretix/pretix.cfg"
-        "${pretix_config}:/etc/pretix/pretix.cfg"
-      ];
-      extraOptions = [
-        # "--sysctl net.core.somaxconn=4096"
+      enable = true;
+      package = pkgs.pretix;
+      plugins = with config.services.pretix.package.plugins; [ passbook pages ];
+      user = "pretix";
+      group = "pretix";
+      gunicorn.extraArgs = [
+        "--name=pretix"
+        "--workers=4"
+        "--max-requests=1200"
+        "--max-requests-jitter=50"
+        "--log-level=info"
       ];
+      nginx = {
+        enable = true;
+        domain = "tickets.emile.space";
+      };
+      settings = {
+        pretix = {
+          instance_name = "tickets.emile.space";
+          url = "https://tickets.emile.space";
+          currency = "EUR";
+          datadir = "/var/lib/pretix";
+          cookie_domain = "tickets.emile.space";
+          trust_x_forwarded_for = "on";
+          trust_x_forwarded_proto = "on";
+        };
+
+        database = {
+          backend = "sqlite3";
+        };
+
+        mail = {
+          from = "tickets@emile.space";
+          host = "mail.emile.space";
+          user = "mail";
+          password = "${config.age.secrets.mail_password.path}";
+          port = 1025;
+          tls = "on";
+          ssl = "off";
+        };
+
+        redis = {
+          location = "unix://${config.services.redis.servers.pretix.unixSocket}?db=0";
+          sessions = true;
+        };
+      };
     };
   };
-
-
-  services.redis.vmOverCommit = true;
-  services.redis.servers."pretix" = {
-    enable = true;
-    port = 0;
-    unixSocketPerm = 666;
-    user = "pretixuser";
-  };
-
-  users = {
-    groups."pretixuser" = {};
-    users."pretixuser" = {
-      isNormalUser = true; # we're setting the uid manually, nix should detect this, but whatever...
-      uid = 15371;
-      group = "pretixuser";
-      description = "The user for pretix. Created, as we need a user to set the permissions for the redis unix socket";
-    };
-  };
-
-
-  # Allow access to the unix socket for the "redis" group.
-  # services.redis.settings.unixsocketperm = "770";
-
-  # trace: warning: The option `services.redis.settings' defined in `/nix/store/ib5271hcbjqrxb0yrmrjcypvpacmnp2s-source/ops/modules/www/tickets.emile.space.nix' has been renamed to `services.redis.servers."".settings'.
 }