diff --git a/hosts/weinturm-pretix-prod/secrets.yaml b/hosts/weinturm-pretix-prod/secrets.yaml index 8c9cc34..bfc87bd 100644 --- a/hosts/weinturm-pretix-prod/secrets.yaml +++ b/hosts/weinturm-pretix-prod/secrets.yaml @@ -1,4 +1,5 @@ pretix-cfg: ENC[AES256_GCM,data:Cy9GDL+9VpVquV1MyQSzRoTK/20lSeFkXf91cb+zApf3wp/rQPpqc3e+/ZspSUELYTqtlitL8uECejO7/GShsItaMptDs6vfWnc/V0y2d2Aae5Fv/J0qkRFYZbgGK+/i9MH261W5DoylTbUDkssgJ23tJuiEYPnkwkQpmJ3VToEvyGHLScQNHeMtkheAf52QfyG5cpmQqw==,iv:gbvRj70A+dHNHNkz3mbEtL3JwAvOrMB9q3f5iJMtPHo=,tag:C47SUiAw9ilOMVs07CFCpA==,type:str] +pretix-banktool-cfg: ENC[AES256_GCM,data:1zxD6wfZtlFZmTOd3+BBZjD7mnLgiSzZ9K/LZ6prfB8Z0yy0X1auAOo3JmD6pNkH6JNTf/x2pRHhGKsRSZM78VNEdaCAoVMEYLkCtmOe1fLSCAz01rbaJFAJBLnzp0OXDDj0D3KhzhusUo7UIXHhCThCQ4KgkPG+GmoP8yeYuDnTbaZYy8ywOFkFrdk3m4lfZOvMeJhhmMoATLbPePT4IxGMtf7rcOVPWcdGQj+CEtMZNxBs7piCG4SoPqCeI5pos2eUh5hDOq/udea9AydeUTFnh2diyg90YOFj/AfX+bHgcu47145QfdHEM8APgsGzWWueBUknQkXuaQbp66xDL4SFo/h8J65xlljEXldC/MxUeQXfYzz4lIYc1enVnNsTUBBuidhSH97zuqm8Xw0BNnRPBBa3PSSiHm2oisT31E+H9Pn4DY10FIpfXL0DZ74Dx4oXEeGQPVgBfgBB+yFHAaQQfUxQmoFibUk2nqu7DHUBOwdwJtUbskQy4Q==,iv:5piDHFzLiSyQqDqLqSqX5utT81aDIujBjzUaZCKQ9bE=,tag:SQbQFMzVue6N6ashhWvqGg==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: N2VMRTNjR1RQVm00YnlpbVBzSmZPRkUKv7LCrjyKb4z0e4yBdzwRR5+ErQYHzZCv +j8j4EuhA6NwsTydgIjueuORbrX/c6VxcgQwRd9En+vQVYhWhlu5Xw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-23T00:33:46Z" - mac: ENC[AES256_GCM,data:dD7qZ0EwfpV0GvlzJseZLJyg0rB2hccyf+QaSDc7yeDBuEm5ERDUq/o/JB6gUnnkBlBEfLsZie6xxUFxv8tv8oVWcsWOSNUWORl3hQ/LzSHxQf4AUXH/lWmA4fHaxheNiFeUbgB40JJbNKZ+/f5Br5uRj5c5ydmZlOKkcHawo4w=,iv:BE2nNyDx1Tn24LSy4MvNRv+gaq0K8usyHBo+vZhxlBs=,tag:KOMLNKcrNj2YisVrV9SOwg==,type:str] + lastmodified: "2023-02-27T18:27:06Z" + mac: ENC[AES256_GCM,data:fxoWjoj53Kaf/zQdMbfDYPgs40FI/O1JQjJFGj8tqkeCSJZ7Kr00eWJq6qPZ44mtKeB045QmbyqmKB7tMPUanQwCrTch0bzmDmslRyFo5b48nZbxk7G+ZwR4N7VIggKSlw4UGppwa/dtjV1CPBUrru/OEbpZddHRVMFOeDC2rpo=,iv:6ioFfYHYdEERKr3RAlu9AUztRhKshcuTtLicUhE7Cmg=,tag:kqWLSMBwxKMjAocoC8y9Zg==,type:str] pgp: - created_at: "2023-02-23T00:30:25Z" enc: | diff --git a/hosts/weinturm-pretix-prod/services/pretix.nix b/hosts/weinturm-pretix-prod/services/pretix.nix index 659b1ea..35cfbd3 100644 --- a/hosts/weinturm-pretix-prod/services/pretix.nix +++ b/hosts/weinturm-pretix-prod/services/pretix.nix @@ -10,6 +10,10 @@ locale = "de"; timezone = "Europe/Berlin"; secretsFile = ../secrets.yaml; + banktool = { + enable = true; + days = 14; + }; }; security.acme = { diff --git a/pkgs/default.nix b/pkgs/default.nix index b9d4745..705970a 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -5,6 +5,7 @@ in { pretix = callPackage ./pretix/pretix.nix { }; pretix-static = callPackage ./pretix/pretix-static.nix { }; + pretix-banktool = callPackage ./pretix/pretix-banktool.nix { }; fpvout = callPackage ./fpvout { }; mute-indicator = callPackage ./mute-indicator { }; tabbed-box-maker = callPackage ./tabbed-box-maker { }; diff --git a/pkgs/pretix/module.nix b/pkgs/pretix/module.nix index 6468954..14ec8bf 100644 --- a/pkgs/pretix/module.nix +++ b/pkgs/pretix/module.nix @@ -91,12 +91,22 @@ in type = types.path; description = "Path to the sops secrets file which stores pretix.cfg settings."; }; + banktool = { + enable = mkEnableOption "Enable tool to query bank account and sync transaction data to pretix server."; + days = mkOption { + type = types.int; + description = "The timeframe of transaction to fetch from the bank in days."; + }; + }; }; config = lib.mkIf cfg.enable { sops.secrets.pretix-cfg = { sopsFile = cfg.secretsFile; }; + sops.secrets.pretix-banktool-cfg = { + sopsFile = cfg.secretsFile; + }; users.users."${user}" = { createHome = true; @@ -212,5 +222,32 @@ in unit = "pretix-runperiodic.service"; onCalendar = "*:0/5"; }; + + systemd.services.pretix-banktool = lib.mkIf cfg.banktool.enable { + description = "Tool to query bank account and sync transaction data to pretix server."; + serviceConfig = { + Type = "oneshot"; + DynamicUser = true; + CapabilityBoundingSet = null; + PrivateUsers = true; + ProtectHome = true; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + SystemCallFilter = "@system-service"; + LoadCredential = "config:${config.sops.secrets.pretix-banktool-cfg.path}"; + }; + script = "${pkgs.pretix-banktool}/bin/pretix-banktool upload \"$CREDENTIALS_DIRECTORY/config\" --days=${toString cfg.banktool.days}"; + }; + + systemd.timers.pretix-banktool = lib.mkIf cfg.banktool.enable { + description = "Run tool to query bank account and sync transaction data to pretix server."; + after = [ "network.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + Persistent = true; + OnCalendar = "*-*-* *:00:00"; + Unit = "pretix-banktool.service"; + }; + }; }; } diff --git a/pkgs/pretix/pretix-banktool-requirements.patch b/pkgs/pretix/pretix-banktool-requirements.patch new file mode 100644 index 0000000..72ca79d --- /dev/null +++ b/pkgs/pretix/pretix-banktool-requirements.patch @@ -0,0 +1,15 @@ +diff --git a/setup.py b/setup.py +index 2eba88a..7041acd 100644 +--- a/setup.py ++++ b/setup.py +@@ -19,7 +19,7 @@ setup( + author_email='mail@raphaelmichel.de', + + install_requires=[ +- 'click==6.*', ++ 'click>=6.*', + 'fints>=3.0.*', + 'requests', + 'mt-940>=4.12*', +-- +2.38.3 diff --git a/pkgs/pretix/pretix-banktool.nix b/pkgs/pretix/pretix-banktool.nix new file mode 100644 index 0000000..74d332d --- /dev/null +++ b/pkgs/pretix/pretix-banktool.nix @@ -0,0 +1,23 @@ +{ python3Packages, fetchFromGitHub }: +python3Packages.buildPythonApplication rec { + name = "pretix-banktool"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "pretix"; + repo = "pretix-banktool"; + rev = "v${version}"; + sha256 = "vYHjotx1RujPV53Ei7bXAc3kL/3cwbWQB1T3sQ15MFA="; + }; + + patches = [ + ./pretix-banktool-requirements.patch + ]; + + propagatedBuildInputs = with python3Packages; [ + click + fints + mt-940 + requests + ]; +}