99 lines
3 KiB
Nix
99 lines
3 KiB
Nix
{ config, pkgs, lib, ...}:
|
|
|
|
let
|
|
pretixOverrideAttrs = _oa: {
|
|
# The tests seem to fail when building on szalotka. Just, uh, ignore that.
|
|
doCheck = false;
|
|
patches = [
|
|
# Needed for pretix-ldap, otherwise because it imports settings twice we
|
|
# will end up with duplicate app labels and cause Django to freak out.
|
|
./pretix/plugin-build.patch
|
|
# Fix up translations issues.
|
|
./pretix/translations.patch
|
|
];
|
|
};
|
|
pretix = (pkgs.pretix.overridePythonAttrs pretixOverrideAttrs) // {
|
|
# services.pretix attempts to .override the given package, but
|
|
# .overridePythonArgs actually removes that overridability :/
|
|
#
|
|
# This might fix it some day:
|
|
# https://github.com/NixOS/nixpkgs/pull/267296
|
|
#
|
|
# The following is a terrible hack to allow the configuration to build.
|
|
override = args: (pkgs.pretix.override args).overridePythonAttrs pretixOverrideAttrs;
|
|
};
|
|
|
|
in {
|
|
services.pretix = {
|
|
enable = true;
|
|
package = pretix;
|
|
plugins = with pretix.plugins; [
|
|
(pretix.python.pkgs.buildPythonPackage rec {
|
|
pname = "pretix-ldap";
|
|
version = "0.2.5";
|
|
src = pkgs.fetchFromGitHub {
|
|
owner = "Sohalt";
|
|
repo = "pretix-ldap";
|
|
rev = "v${version}";
|
|
hash = "sha256-+BD+rqLTjcpoNPiwZD4Z6+QhzGRiDbPJLPjSyisNLkw=";
|
|
};
|
|
patches = [
|
|
# authentik ldap compat, see
|
|
# https://github.com/Sohalt/pretix-ldap/pull/18. Also adds
|
|
# mailRoutingAddress to the used-but-not-typechecked fields.
|
|
./pretix/ldap-attrs.patch ];
|
|
|
|
propagatedBuildInputs = with pretix.python.pkgs; [
|
|
ldap3
|
|
];
|
|
|
|
build-system = with pretix.python.pkgs; [
|
|
pretix-plugin-build
|
|
setuptools
|
|
|
|
# for import check
|
|
pretix
|
|
];
|
|
|
|
pythonImportsCheck = [
|
|
"pretix_ldap"
|
|
];
|
|
})
|
|
];
|
|
environmentFile = "/var/secrets/pretix";
|
|
settings = {
|
|
pretix = {
|
|
url = "https://tickets.cebula.camp";
|
|
instance_name = "tickets.cebula.camp";
|
|
auth_backends = "pretix_ldap.LDAPAuthBackend";
|
|
};
|
|
ldap = {
|
|
bind_url = "ldap://10.88.0.1:389";
|
|
bind_dn = "cn=ldap-access,ou=users,dc=cebula,dc=camp";
|
|
search_base = "ou=users,dc=cebula,dc=camp";
|
|
search_filter = "(&(memberOf=cn=orga-core,ou=groups,dc=cebula,dc=camp)(cn={username}))";
|
|
email_attr = "mailRoutingAddress";
|
|
# Seemingly nothing else works because of a bug in pretix-ldap (this
|
|
# value should be added to the list of fetched attrs, but is not, and
|
|
# dn is special cased).
|
|
unique_attr = "dn";
|
|
};
|
|
mail = {
|
|
host = "mail.orga.cebula.camp";
|
|
from = "pretix@cebula.camp";
|
|
user = "pretix";
|
|
ssl = true;
|
|
port = 465;
|
|
};
|
|
};
|
|
nginx = {
|
|
enable = true;
|
|
domain = "tickets.cebula.camp";
|
|
};
|
|
};
|
|
services.nginx.virtualHosts."tickets.cebula.camp" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
}
|