Add pretix VM

.sops.yaml

@@ -3,6 +3,7 @@ keys:
   - &admin_jalr_tb FE170812543DF81393EA56BA5042B8317A10617E
   - &host_hafnium age1ahnfjspcpwxxk7getcxkj3fypwt37rr6p3xsmp8n2tqqqz8jtg7q2am0et
   - &host_aluminium age1ne08hny30vrkejqhh7dcx4ql6dmkx6jw9dqkf3cz7mzvt53njy0qh59w44
+  - &host_pretix age139r3v2yy7ea205pauchgnggq6qqdpgc5fy7mv49wc5cw58p6hpdqltpkzn
 creation_rules:
   - path_regex: hosts/hafnium/secrets\.yaml$
     key_groups:
@@ -16,6 +17,12 @@ creation_rules:
       - *admin_jalr
       age:
       - *host_aluminium
+  - path_regex: hosts/pretix/secrets\.yaml$
+    key_groups:
+    - pgp:
+      - *admin_jalr
+      age:
+      - *host_pretix
   - path_regex: secrets\.yaml$
     key_groups:
     - pgp:

hosts/default.nix

@@ -13,4 +13,7 @@
   hafnium = {
     system = "x86_64-linux";
   };
+  pretix = {
+    system = "x86_64-linux";
+  };
 }

hosts/pretix/configuration.nix

@@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./services
+  ];
+
+  networking.firewall.allowedTCPPorts = [ 8000 ];
+
+  networking.hostName = "pretix";
+  services.getty.autologinUser = "root";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.05"; # Did you read the comment?
+
+  services.openssh.enable = true;
+  boot.loader.grub.devices = [
+    "/dev/fd0"
+  ];
+  fileSystems."/" =
+    {
+      device = "/dev/vda";
+      fsType = "ext4";
+      options = [ "rw,relatime" ];
+    };
+
+}

hosts/pretix/secrets.yaml

@@ -0,0 +1,32 @@
+pretix-cfg: ENC[AES256_GCM,data:G3anJGQ/f441EllA7aZxcKF/ts8yxJrMGhJDMBnJQcLk4jNT5ODOs3Ws01vmxEvBuHtsBSwXhA/8viFJ/5dsv7KkRZ20telFlVsZhfJDkHi3HhQkKX8M8lsZ3lLEPBezIA==,iv:EWlnqkzNrYMwKQMykfKHWgQ96v1T+ZBOUkxzEH5rm60=,tag:nXFOC3U3N0X3DlavC7CpMg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age139r3v2yy7ea205pauchgnggq6qqdpgc5fy7mv49wc5cw58p6hpdqltpkzn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cVdPci9DSis1RVJ4c2k3
+            RnFRMU85UDRJS09laGdsUVhzQ1RmNVNWdUc4CjRZY1NEVnJCeUl1OEY5cGFOL1V4
+            eUR0amp4QjV6NW1QVW4vc1cyd0s4ZmsKLS0tIDBhYXZEcUFXaEk1dGU0WFhuRGds
+            MzVFWnVFd2RteTlPTlU3cVh1dzREemMKBRUgxNfgivCZxvF7SzeSfDBMjiDLoK2E
+            rBrg/Pf+nb8eW2+iKEQOr92W6qDclmpyW7kyPhrpKd2XH6Wv8bYNlw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-22T23:04:36Z"
+    mac: ENC[AES256_GCM,data:1TKPZtRDJ1GDZPsraYfkjQ2se45Cf3cBK+oY7UZ+Gxc8jyasLMO16e+In94vWej0FAnmIOjvIxB7e5wU6IKBf6mJi6gfAXByxyoljwRBH0YKyVRFG2ZQ6cIGkqf2tGwyasQqeRxsjDqaAqlAh82a1idhoLs6gNrzZiua+F0jLeM=,iv:q2jEezVKJ2+EA6tI1lvDdBMH5XhM7uLd03F5Nec9Fb0=,tag:zEp7r6UBiRkHFyUdJkL5+Q==,type:str]
+    pgp:
+        - created_at: "2023-02-22T22:45:23Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hF4D3ylLYNOsO+0SAQdA1GDmHtEufAAPHfV63IdRTToPc9k5g6icNG8Of12ChGgw
+            5SSsWckNxb8Pb/M4AeUlXhVdjE2NruZJWDjsiCyvTC0W8VciaHiX/1r+O6OPT+dW
+            0l4BoXqtH3Q64tpVDpwOglUuXPYadNZ2BYGCef4tRPbBSbD2KegV4fvrEFpj8HOj
+            jEWtgvD5M2M+0r9BOVHM+B4rF4JOgWVJuMXH7wIUKj77d862TbwVE+z9nREICvC0
+            =GoJv
+            -----END PGP MESSAGE-----
+          fp: 66FB54F6081375106EEBF651A222365EB448F934
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

hosts/pretix/services/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./pretix.nix
+  ];
+}

hosts/pretix/services/pretix.nix

@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+{
+  services.pretix = {
+    enable = true;
+    instanceName = "Pretix test installation";
+    domain = "pretix.example.com";
+    enableTls = false;
+    enableRegistration = true;
+    passwordReset = true;
+    locale = "de";
+    timezone = "Europe/Berlin";
+    secretsFile = ../secrets.yaml;
+  };
+}