Add pretix-banktool

2023-02-27 23:24:39 +00:00 · 2023-02-27 23:24:39 +00:00 · 6e7c26ec00
commit 6e7c26ec00
parent 45872f9bdc
6 changed files with 83 additions and 2 deletions
--- a/hosts/weinturm-pretix-prod/secrets.yaml
+++ b/hosts/weinturm-pretix-prod/secrets.yaml
@ -1,4 +1,5 @@
 pretix-cfg: ENC[AES256_GCM,data:Cy9GDL+9VpVquV1MyQSzRoTK/20lSeFkXf91cb+zApf3wp/rQPpqc3e+/ZspSUELYTqtlitL8uECejO7/GShsItaMptDs6vfWnc/V0y2d2Aae5Fv/J0qkRFYZbgGK+/i9MH261W5DoylTbUDkssgJ23tJuiEYPnkwkQpmJ3VToEvyGHLScQNHeMtkheAf52QfyG5cpmQqw==,iv:gbvRj70A+dHNHNkz3mbEtL3JwAvOrMB9q3f5iJMtPHo=,tag:C47SUiAw9ilOMVs07CFCpA==,type:str]
+pretix-banktool-cfg: ENC[AES256_GCM,data:1zxD6wfZtlFZmTOd3+BBZjD7mnLgiSzZ9K/LZ6prfB8Z0yy0X1auAOo3JmD6pNkH6JNTf/x2pRHhGKsRSZM78VNEdaCAoVMEYLkCtmOe1fLSCAz01rbaJFAJBLnzp0OXDDj0D3KhzhusUo7UIXHhCThCQ4KgkPG+GmoP8yeYuDnTbaZYy8ywOFkFrdk3m4lfZOvMeJhhmMoATLbPePT4IxGMtf7rcOVPWcdGQj+CEtMZNxBs7piCG4SoPqCeI5pos2eUh5hDOq/udea9AydeUTFnh2diyg90YOFj/AfX+bHgcu47145QfdHEM8APgsGzWWueBUknQkXuaQbp66xDL4SFo/h8J65xlljEXldC/MxUeQXfYzz4lIYc1enVnNsTUBBuidhSH97zuqm8Xw0BNnRPBBa3PSSiHm2oisT31E+H9Pn4DY10FIpfXL0DZ74Dx4oXEeGQPVgBfgBB+yFHAaQQfUxQmoFibUk2nqu7DHUBOwdwJtUbskQy4Q==,iv:5piDHFzLiSyQqDqLqSqX5utT81aDIujBjzUaZCKQ9bE=,tag:SQbQFMzVue6N6ashhWvqGg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -14,8 +15,8 @@ sops:
            N2VMRTNjR1RQVm00YnlpbVBzSmZPRkUKv7LCrjyKb4z0e4yBdzwRR5+ErQYHzZCv
            +j8j4EuhA6NwsTydgIjueuORbrX/c6VxcgQwRd9En+vQVYhWhlu5Xw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-23T00:33:46Z"
-    mac: ENC[AES256_GCM,data:dD7qZ0EwfpV0GvlzJseZLJyg0rB2hccyf+QaSDc7yeDBuEm5ERDUq/o/JB6gUnnkBlBEfLsZie6xxUFxv8tv8oVWcsWOSNUWORl3hQ/LzSHxQf4AUXH/lWmA4fHaxheNiFeUbgB40JJbNKZ+/f5Br5uRj5c5ydmZlOKkcHawo4w=,iv:BE2nNyDx1Tn24LSy4MvNRv+gaq0K8usyHBo+vZhxlBs=,tag:KOMLNKcrNj2YisVrV9SOwg==,type:str]
+    lastmodified: "2023-02-27T18:27:06Z"
+    mac: ENC[AES256_GCM,data:fxoWjoj53Kaf/zQdMbfDYPgs40FI/O1JQjJFGj8tqkeCSJZ7Kr00eWJq6qPZ44mtKeB045QmbyqmKB7tMPUanQwCrTch0bzmDmslRyFo5b48nZbxk7G+ZwR4N7VIggKSlw4UGppwa/dtjV1CPBUrru/OEbpZddHRVMFOeDC2rpo=,iv:6ioFfYHYdEERKr3RAlu9AUztRhKshcuTtLicUhE7Cmg=,tag:kqWLSMBwxKMjAocoC8y9Zg==,type:str]
    pgp:
        - created_at: "2023-02-23T00:30:25Z"
          enc: |
--- a/hosts/weinturm-pretix-prod/services/pretix.nix
+++ b/hosts/weinturm-pretix-prod/services/pretix.nix
@ -10,6 +10,10 @@
    locale = "de";
    timezone = "Europe/Berlin";
    secretsFile = ../secrets.yaml;
+    banktool = {
+      enable = true;
+      days = 14;
+    };
  };

  security.acme = {
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -5,6 +5,7 @@ in
 {
  pretix = callPackage ./pretix/pretix.nix { };
  pretix-static = callPackage ./pretix/pretix-static.nix { };
+  pretix-banktool = callPackage ./pretix/pretix-banktool.nix { };
  fpvout = callPackage ./fpvout { };
  mute-indicator = callPackage ./mute-indicator { };
  tabbed-box-maker = callPackage ./tabbed-box-maker { };
--- a/pkgs/pretix/module.nix
+++ b/pkgs/pretix/module.nix
@ -91,12 +91,22 @@ in
      type = types.path;
      description = "Path to the sops secrets file which stores pretix.cfg settings.";
    };
+    banktool = {
+      enable = mkEnableOption "Enable tool to query bank account and sync transaction data to pretix server.";
+      days = mkOption {
+        type = types.int;
+        description = "The timeframe of transaction to fetch from the bank in days.";
+      };
+    };
  };

  config = lib.mkIf cfg.enable {
    sops.secrets.pretix-cfg = {
      sopsFile = cfg.secretsFile;
    };
+    sops.secrets.pretix-banktool-cfg = {
+      sopsFile = cfg.secretsFile;
+    };

    users.users."${user}" = {
      createHome = true;
@ -212,5 +222,32 @@ in
      unit = "pretix-runperiodic.service";
      onCalendar = "*:0/5";
    };
+
+    systemd.services.pretix-banktool = lib.mkIf cfg.banktool.enable {
+      description = "Tool to query bank account and sync transaction data to pretix server.";
+      serviceConfig = {
+        Type = "oneshot";
+        DynamicUser = true;
+        CapabilityBoundingSet = null;
+        PrivateUsers = true;
+        ProtectHome = true;
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+        RestrictNamespaces = true;
+        SystemCallFilter = "@system-service";
+        LoadCredential = "config:${config.sops.secrets.pretix-banktool-cfg.path}";
+      };
+      script = "${pkgs.pretix-banktool}/bin/pretix-banktool upload \"$CREDENTIALS_DIRECTORY/config\" --days=${toString cfg.banktool.days}";
+    };
+
+    systemd.timers.pretix-banktool = lib.mkIf cfg.banktool.enable {
+      description = "Run tool to query bank account and sync transaction data to pretix server.";
+      after = [ "network.target" ];
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        Persistent = true;
+        OnCalendar = "*-*-* *:00:00";
+        Unit = "pretix-banktool.service";
+      };
+    };
  };
 }
--- a/pkgs/pretix/pretix-banktool-requirements.patch
+++ b/pkgs/pretix/pretix-banktool-requirements.patch
@ -0,0 +1,15 @@
+diff --git a/setup.py b/setup.py
+index 2eba88a..7041acd 100644
+--- a/setup.py
+++ b/setup.py
+@@ -19,7 +19,7 @@ setup(
+     author_email='mail@raphaelmichel.de',
+
+     install_requires=[
+-        'click==6.*',
+        'click>=6.*',
+         'fints>=3.0.*',
+         'requests',
+         'mt-940>=4.12*',
+--
+2.38.3
--- a/pkgs/pretix/pretix-banktool.nix
+++ b/pkgs/pretix/pretix-banktool.nix
@ -0,0 +1,23 @@
+{ python3Packages, fetchFromGitHub }:
+python3Packages.buildPythonApplication rec {
+  name = "pretix-banktool";
+  version = "1.0.0";
+
+  src = fetchFromGitHub {
+    owner = "pretix";
+    repo = "pretix-banktool";
+    rev = "v${version}";
+    sha256 = "vYHjotx1RujPV53Ei7bXAc3kL/3cwbWQB1T3sQ15MFA=";
+  };
+
+  patches = [
+    ./pretix-banktool-requirements.patch
+  ];
+
+  propagatedBuildInputs = with python3Packages; [
+    click
+    fints
+    mt-940
+    requests
+  ];
+}