Remove pretix

2025-05-03 00:18:51 +02:00 · 2025-05-03 00:18:51 +02:00 · 2fe63eab34
commit 2fe63eab34
parent 391e4dd825
12 changed files with 0 additions and 376 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -10,10 +10,6 @@ in
  cadmium = {
    system = "x86_64-linux";
  };
-  weinturm-pretix-prod = {
-    system = "aarch64";
-    targetHost = "142.132.185.70";
-  };
  iron = {
    system = "x86_64-linux";
    #targetHost = "192.168.42.1";
--- a/hosts/weinturm-pretix-prod/configuration.nix
+++ b/hosts/weinturm-pretix-prod/configuration.nix
@ -1,54 +0,0 @@
-{ ... }: {
-  imports = [
-    ./hardware-configuration.nix
-    ../../users/jalr
-    ./services
-    ./ports.nix
-  ];
-
-  networking.hostName = "weinturm-pretix-prod";
-
-  networking.useDHCP = false;
-
-  systemd.network = {
-    enable = true;
-    networks."10-wan" = {
-      matchConfig.Name = "enp1s0";
-      networkConfig.DHCP = "no";
-      address = [
-        "142.132.185.70/32"
-        "2a01:4f8:c012:edd::/64"
-      ];
-      routes = [
-        {
-          Destination = "172.31.1.1";
-        }
-        {
-          Gateway = "172.31.1.1";
-          GatewayOnLink = true;
-        }
-        {
-          Gateway = "fe80::1";
-        }
-      ];
-    };
-  };
-
-  zramSwap = {
-    enable = true;
-    algorithm = "zstd";
-    memoryPercent = 60;
-    priority = 1;
-  };
-
-  security.sudo.wheelNeedsPassword = false;
-
-  services.netdata.enable = true;
-
-  jalr = {
-    bootloader = "systemd-boot";
-    uefi.enable = true;
-  };
-
-  system.stateVersion = "24.05";
-}
--- a/hosts/weinturm-pretix-prod/hardware-configuration.nix
+++ b/hosts/weinturm-pretix-prod/hardware-configuration.nix
@ -1,64 +0,0 @@
-{ lib, modulesPath, ... }:
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
-  boot = {
-    initrd = {
-      availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ];
-      kernelModules = [ ];
-    };
-    kernelModules = [ ];
-    extraModulePackages = [ ];
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/766739e7-2c5c-4c28-b6ee-4bf9f91e6b1f";
-      fsType = "btrfs";
-      options = [
-        "subvol=root"
-        "compress=zstd"
-      ];
-    };
-    "/proc" = {
-      device = "/proc";
-      options = [ "nosuid" "noexec" "nodev" "hidepid=2" ];
-    };
-    "/home" = {
-      device = "/dev/disk/by-uuid/766739e7-2c5c-4c28-b6ee-4bf9f91e6b1f";
-      fsType = "btrfs";
-      options = [
-        "subvol=home"
-        "compress=zstd"
-        "nodev"
-        "nosuid"
-      ];
-    };
-    "/nix" = {
-      device = "/dev/disk/by-uuid/766739e7-2c5c-4c28-b6ee-4bf9f91e6b1f";
-      fsType = "btrfs";
-      options = [
-        "subvol=nix"
-        "compress=zstd"
-        "noatime"
-        "nodev"
-      ];
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/A586-15AC";
-      fsType = "vfat";
-      options = [ "nodev" "nosuid" "noexec" ];
-    };
-  };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}
--- a/hosts/weinturm-pretix-prod/ports.nix
+++ b/hosts/weinturm-pretix-prod/ports.nix
@ -1,10 +0,0 @@
-{ custom-utils, ... }:
-
-{
-  config.networking.ports = custom-utils.validatePortAttrset {
-    nginx-http.tcp = 80;
-    nginx-https.tcp = 443;
-    postfix-relay.tcp = 25;
-    postfix-submission.tcp = 465;
-  };
-}
--- a/hosts/weinturm-pretix-prod/secrets.yaml
+++ b/hosts/weinturm-pretix-prod/secrets.yaml
@ -1,33 +0,0 @@
-pretix-cfg: ENC[AES256_GCM,data:sfgKDr9aNOdwlumoltRuD7u1ksykFdEKtzt3MldjQnG0b4iAEspEhjcxqaNvPpXYm8EZKtsLBBQgdd1ifyQgs3k69c/GfzQ/jZ/yQ2OUkCO7U9A=,iv:FADYpPbGEEM/pD6EI85s9wVMv8yMrGJa+miE25XQ+t8=,tag:WJ9LHCNFHSr9RmmUi6hxnw==,type:str]
-pretix-banktool-cfg: ENC[AES256_GCM,data:qHo4qfjDAe1wwdMa/HH5vgySO1XSBLQBouY8mUFlZiSI2lLCQgjQRzBu0C/p3FPqFkydtz2LEkQ6Cs/Zu0NbYB36CSinISZbGJABaNcF8mGJYKkohXF8GDYRNe7g5gxrKQlHWuPjChzxWRVLEV7VypYXE7Iad2tiiz4ZTxWZr8ylBLIbvCT1lWQU6rN4H6DjdI3gL0wmvHBg027xoelUME/g1bZvvkG3hw94Z8UKrFdZ9/DWqQ9G/VHRk0hVuBW6/b1VWooq3EF/JDEFO2oi7xW/TnwF5YMMkBQGS0b+pxK/rT6ir1DQywfFhSU09nWnRT/jw270QAwk762359e8+jl+p43dp6o+Ll1kzDQ9jbi5e2uXZrBaZGtnjDNLJHEFDJWpHtYmXNRIq4AQs/8cKaYx8uAXOTANE45GUiVpoA+m3clc02ABpBrHBENeKmJw/smGSbUKFnsu6WgigEyme8TxIMqiHghpppTzLDCZYXpBH+2n+eXNX2ovNA==,iv:kihK0wFCwvUUQg5+aKqQ6YNRyJjPvYllh0oVxJnee2w=,tag:InZaflGdiz7lXP2V+ZsyoA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1djjxl3lcvzs85nj0met6w8ujsz8pvr6ngmmdwlxfh0k9d5lkrpdqlzzehf
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MjRZRzI5WDNSYXNNOXBE
-            enNUdi9aWjRzMlU3THVMcGd2eC9zb0wwMFFZCnRQbUh6L3lxS1FKS2pqdUQ0aHg1
-            K3dlNDhSK2VvYjdjRGppNTV5SE8zbUUKLS0tIHN0QldlNXJtRmRLL2c3SEU3eWkr
-            MGh3UVh2R05WWDU3SDVFKzdvODRGQVUKo1u58Ra1dhAfBmv3xwLk/6+6/mFPJn0Z
-            FyL7yjU6JMWzR/8FUv5lJAubudiZ8MnuH+10deGvQnT5AxG9fNzi5w==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-28T13:17:03Z"
-    mac: ENC[AES256_GCM,data:Ytsc+CdGosiIkIS/Ck6YIYMFgSArM9o6VR9Hx4B1xlWUQV9DfUuJ+5Ev6SuAPfIhXLfBEpbAzmfqZaYq81M+tERQxYXEuOiz9+l/5j9hOTlrfporscz4Jb8wrPDOTj8kTVbWF9K73uB08zla4T+y5N735DBb+YOpztDouoLO1rw=,iv:vu78iCIv6M5vO4mLhlBTRl7cpys4BBsdPWnRUqd+Fmo=,tag:/GlbV2/IhRZuXNkzSVwOMQ==,type:str]
-    pgp:
-        - created_at: "2024-01-31T01:20:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4DY/xpNY5WhB0SAQdAj+5TReNbi6wBP+ftlrJK9jfrHor2FveQMlmHsfHGkjMw
-            lGlhoHuDnRbVCWC4ruHGFtOclvw2Kjja7ZWbc+7CX34KREAETN89Jic2tGmQKY9q
-            0l4B2gqyXsnrpD/n+gOJlnpZcxlUX0iriO5POEf9czTsFKRFnTdZcAX+7Dgv7Iqn
-            TkJJLYo64mpV3TPvcj2UlejcANcNV82gDWwIbLdKs2UPdFVJqfpP2z6V5bQCML/y
-            =4iJS
-            -----END PGP MESSAGE-----
-          fp: 3044E71E3DEFF49B586CF5809BF4FCCB90854DA9
-    unencrypted_suffix: _unencrypted
-    version: 3.9.4
--- a/hosts/weinturm-pretix-prod/services/default.nix
+++ b/hosts/weinturm-pretix-prod/services/default.nix
@ -1,5 +0,0 @@
-{
-  imports = [
-    ./pretix.nix
-  ];
-}
--- a/hosts/weinturm-pretix-prod/services/pretix.nix
+++ b/hosts/weinturm-pretix-prod/services/pretix.nix
@ -1,110 +0,0 @@
-{ config, lib, ... }:
-
-let
-  cfg = config.services.pretix;
-  inherit (config.networking) ports;
-  domain = "tickets.weinturm-open-air.de";
-  extraDomains = [
-    "tickets.weinturm.jalr.de"
-    "tickets.wasted-openair.de"
-    "oel.wasted-openair.de"
-    "tickets.buendnis-gegen-rechts-nea.de"
-  ];
-  gunicornWorkers = 4;
-  secretsFile = ../secrets.yaml;
-in
-{
-  sops.secrets = {
-    pretix-cfg = {
-      sopsFile = secretsFile;
-    };
-    pretix-banktool-cfg = {
-      sopsFile = secretsFile;
-    };
-  };
-
-  # Add user to `redis-pretix` group
-  # to grant access to /run/redis-pretix/redis.sock
-  users.users.pretix.extraGroups = [ "redis-pretix" ];
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = lib.mkForce "helfer@weinturm-open-air.de";
-  };
-
-  jalr.mailserver = {
-    enable = true;
-    fqdn = "tickets.weinturm-open-air.de";
-    relayPort = ports.postfix-relay.tcp;
-    domains = [
-      {
-        domain = "tickets.weinturm-open-air.de";
-        enableDKIM = false;
-      }
-    ];
-    messageSizeLimit = 10 * 1024 * 1024;
-    users = [ ];
-    spam.enable = false;
-  };
-
-  services = {
-    pretix = {
-      enable = true;
-      settings = {
-        pretix = {
-          instance_name = "Digitaler Dienst GmbH";
-          url = "https://${domain}";
-          registration = false;
-          password_reset = true;
-        };
-        locale = {
-          default = "de";
-          timezone = "Europe/Berlin";
-        };
-        mail = {
-          from = "no-reply@tickets.weinturm-open-air.de";
-        };
-        redis.location = "unix:///run/redis-pretix/redis.sock?db=0";
-        celery.backend = "redis+socket:///run/redis-pretix/redis.sock?virtual_host=2";
-        celery.broker = "redis+socket:///run/redis-pretix/redis.sock?virtual_host=1";
-      };
-      nginx = {
-        enable = true;
-        inherit domain;
-      };
-      gunicorn = {
-        extraArgs = [
-          "--workers=${toString gunicornWorkers}"
-        ];
-      };
-    };
-
-    pretix-banktool = {
-      enable = true;
-      days = 14;
-      secretsFile = config.sops.secrets.pretix-banktool-cfg.path;
-    };
-
-    nginx = lib.mkIf cfg.nginx.enable {
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-      virtualHosts = {
-        "${cfg.nginx.domain}" = {
-          enableACME = true;
-          forceSSL = true;
-          kTLS = true;
-          extraConfig = ''
-            add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
-            more_set_headers Referrer-Policy same-origin;
-            more_set_headers X-Content-Type-Options nosniff;
-          '';
-          serverAliases = extraDomains;
-        };
-      };
-    };
-  };
-}
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -23,7 +23,6 @@ in
    inherit poetry2nix;
  };
  pomodoro-timer = callPackage ./pomodoro-timer { };
-  pretix-banktool = callPackage ./pretix-banktool { };
  tabbed-box-maker = callPackage ./tabbed-box-maker { };
  vesc-firmware = callPackage ./vesc-tool/firmware.nix { };
  vesc-tool = callPackage ./vesc-tool/tool.nix { };
--- a/pkgs/modules.nix
+++ b/pkgs/modules.nix
@ -3,6 +3,5 @@
    ./asterisk-sounds-de/module.nix
    ./ksoloti/module.nix
    ./myintercom-doorbell/module.nix
-    ./pretix-banktool/module.nix
  ];
 }
--- a/pkgs/pretix-banktool/default.nix
+++ b/pkgs/pretix-banktool/default.nix
@ -1,27 +0,0 @@
-{ python3Packages, fetchFromGitHub }:
-python3Packages.buildPythonApplication rec {
-  name = "pretix-banktool";
-  version = "1.0.0";
-
-  src = fetchFromGitHub {
-    owner = "pretix";
-    repo = "pretix-banktool";
-    rev = "v${version}";
-    sha256 = "vYHjotx1RujPV53Ei7bXAc3kL/3cwbWQB1T3sQ15MFA=";
-  };
-
-  patches = [
-    ./requirements.patch
-  ];
-
-  buildInputs = with python3Packages; [
-    pip
-  ];
-
-  propagatedBuildInputs = with python3Packages; [
-    click
-    fints
-    mt-940
-    requests
-  ];
-}
--- a/pkgs/pretix-banktool/module.nix
+++ b/pkgs/pretix-banktool/module.nix
@ -1,49 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  cfg = config.services.pretix-banktool;
-in
-{
-  options.services.pretix-banktool = with lib; with lib.types; {
-    enable = mkEnableOption "Enable tool to query bank account and sync transaction data to pretix server.";
-    days = mkOption {
-      type = types.int;
-      description = "The timeframe of transaction to fetch from the bank in days.";
-    };
-    secretsFile = mkOption {
-      type = types.path;
-      description = ''
-        Path of file containing secrets for pretix banktool.
-      '';
-    };
-  };
-  config = {
-    systemd.services.pretix-banktool = lib.mkIf cfg.enable {
-      description = "Tool to query bank account and sync transaction data to pretix server.";
-      serviceConfig = {
-        Type = "oneshot";
-        DynamicUser = true;
-        CapabilityBoundingSet = null;
-        PrivateUsers = true;
-        ProtectHome = true;
-        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
-        RestrictNamespaces = true;
-        SystemCallFilter = "@system-service";
-        LoadCredential = "config:${cfg.secretsFile}";
-      };
-      script = "${pkgs.pretix-banktool}/bin/pretix-banktool upload \"$CREDENTIALS_DIRECTORY/config\" --days=${toString cfg.days}";
-    };
-
-    systemd.timers.pretix-banktool = lib.mkIf cfg.enable {
-      description = "Run tool to query bank account and sync transaction data to pretix server.";
-      after = [ "network.target" ];
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        Persistent = true;
-        OnCalendar = "*-*-* *:00:00";
-        Unit = "pretix-banktool.service";
-      };
-    };
-  };
-}
-
--- a/pkgs/pretix-banktool/requirements.patch
+++ b/pkgs/pretix-banktool/requirements.patch
@ -1,18 +0,0 @@
-diff --git a/setup.py b/setup.py
-index 2eba88a..7041acd 100644
--- a/setup.py
-+++ b/setup.py
-@@ -19,8 +19,8 @@ setup(
-     author_email='mail@raphaelmichel.de',
-
-     install_requires=[
-        'click==6.*',
-        'fints>=3.0.*',
-+        'click>=6,<8.2',
-+        'fints>=3,<4.1',
-         'requests',
-        'mt-940>=4.12*',
-+        'mt-940==4.30.0',
-     ],
--
-2.38.3