reorganize (config) files and templates into one "resources" dir
All checks were successful
/ Ansible Lint (push) Successful in 1m39s
All checks were successful
/ Ansible Lint (push) Successful in 1m39s
This groups the files and templates for each host together and therefore makes it easier to see all the (config) files for a host. Also clean up incorrect, unused docker_compose config for mumble and clean up unused engelsystem configs.
This commit is contained in:
parent
af4abdc50b
commit
d0a28589c6
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
83 changed files with 62 additions and 121 deletions
48
resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
Normal file
48
resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
services:
|
||||
database:
|
||||
image: docker.io/library/postgres:15-alpine
|
||||
environment:
|
||||
- "POSTGRES_USER=pretix"
|
||||
- "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}"
|
||||
- "POSTGRES_DB=pretix"
|
||||
volumes:
|
||||
- database:/var/lib/postgresql/data
|
||||
networks:
|
||||
backend:
|
||||
restart: unless-stopped
|
||||
|
||||
redis:
|
||||
image: docker.io/library/redis:7
|
||||
ports:
|
||||
- "6379:6379"
|
||||
volumes:
|
||||
- redis:/rdata
|
||||
# run redis-server, save a snapshot every 60 seconds if there has been at least 1 write
|
||||
command: ["redis-server", "--save", "60", "1"]
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
backend:
|
||||
|
||||
pretix:
|
||||
image: docker.io/pretix/standalone:2024.8
|
||||
command: ["all"]
|
||||
ports:
|
||||
- "8345:80"
|
||||
volumes:
|
||||
- ./configs/pretix.cfg:/etc/pretix/pretix.cfg
|
||||
- pretix:/data
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
backend:
|
||||
frontend:
|
||||
|
||||
volumes:
|
||||
database: {}
|
||||
pretix: {}
|
||||
redis: {}
|
||||
|
||||
networks:
|
||||
backend:
|
||||
internal: true
|
||||
frontend:
|
||||
26
resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
Normal file
26
resources/chaosknoten/tickets/docker_compose/pretix.cfg.j2
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
[pretix]
|
||||
instance_name=CCCHH Tickets
|
||||
url=https://tickets.hamburg.ccc.de
|
||||
currency=EUR
|
||||
datadir=/data
|
||||
trust_x_forwarded_for=on
|
||||
trust_x_forwarded_proto=on
|
||||
|
||||
[database]
|
||||
backend=postgresql
|
||||
name=pretix
|
||||
user=pretix
|
||||
password={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}
|
||||
host=database
|
||||
|
||||
[mail]
|
||||
from=tickets@hamburg.ccc.de
|
||||
host=cow-intern.hamburg.ccc.de
|
||||
|
||||
[redis]
|
||||
location=redis://redis/0
|
||||
sessions=true
|
||||
|
||||
[celery]
|
||||
backend=redis://redis/0
|
||||
broker=redis://redis/1
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
server {
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
server_name tickets.hamburg.ccc.de;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/tickets.hamburg.ccc.de/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/tickets.hamburg.ccc.de/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/tickets.hamburg.ccc.de/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
# Hide the X-Forwarded header.
|
||||
proxy_hide_header X-Forwarded;
|
||||
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
|
||||
# is transparent).
|
||||
# Also provide "_hidden" for by, since it's not relevant.
|
||||
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
|
||||
|
||||
location = / {
|
||||
#return 302 https://wiki.hamburg.ccc.de/infrastructure:service-overview#tickets_pretix;
|
||||
return 302 https://tickets.hamburg.ccc.de/hackertours/38c3/;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8345/;
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue