fix: remove languages from set

.drone.yml

@@ -6,7 +6,7 @@ steps:
     image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
-      stack: {{ .Name }}
+      stack: pretix
       generate_secrets: true
       purge: true
       deploy_key:
@@ -14,9 +14,17 @@ steps:
       networks:
         - proxy
     environment:
-      DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
-      STACK_NAME: {{ .Name }}
+      DOMAIN: pretix.swarm-test.autonomic.zone
+      STACK_NAME: pretix
       LETS_ENCRYPT_ENV: production
+      CRON_ENTRYPOINT_VERSION: v1
+      DB_ENTRYPOINT_VERSION: v1
+      SECRET_DB_PASSWORD_VERSION: v1
+      SECRET_DJANGO_SECRET_KEY_VERSION: v1
+      SECRET_SMTP_PASSWORD_VERSION: v1
+      PRETIX_CONFIG_VERSION: v1
+      PG_BACKUP_VERSION: v1
+      SECRET_ADMIN_PASS_VERSION: v1
 trigger:
   branch:
     - main
@@ -32,7 +40,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -6,9 +6,12 @@ DOMAIN=pretix.example.com
 #EXTRA_DOMAINS=', `www.pretix.example.com`'
 
 LETS_ENCRYPT_ENV=production
+ENABLE_BACKUPS=true
+POST_DEPLOY_CMDS="app change_admin_pass"
 
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_DJANGO_SECRET_KEY_VERSION=v1
+SECRET_ADMIN_PASS_VERSION=v1
 
 SECRET_SMTP_PASSWORD_VERSION=v1
 SMTP_FROM=hello@localhost

README.md

@@ -1,17 +1,17 @@
 # pretix
 
-> One line description of the recipe
+> Ticket shop application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, barcamps, etc.
 
 <!-- metadata -->
 
 * **Category**: Apps
 * **Status**: 0
 * **Image**: [`pretix`](https://hub.docker.com/r/pretix), 4, upstream
-* **Healthcheck**: No
-* **Backups**: No
-* **Email**: No
+* **Healthcheck**: Yes
+* **Backups**: Yes
+* **Email**: Yes
 * **Tests**: No
-* **SSO**: No
+* **SSO**: Only supported for customer accounts, see [documentation](https://docs.pretix.eu/en/latest/user/customers/index.html)
 
 <!-- endmetadata -->
 
@@ -21,6 +21,8 @@
 * `abra app config <app-name>`
 * `abra app deploy <app-name>`
 * If you get an internal server error, try running `pretix migrate` inside the app container
+* Initial admin is `admin@localhost` with password `admin`
+* Change immediately via gui or `abra app cmd <DOMAIN> app change_adminpass`
 
 For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
 
@@ -28,7 +30,7 @@ For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
 ## TODO
 
 * [X] mail
-* [ ] healthchecks
-* [ ] cronjob: 15,45 * * * * /usr/bin/docker exec pretix.service pretix cron
-* [ ] backups https://docs.pretix.eu/en/latest/admin/maintainance.html#maintainance
+* [x] healthchecks
+* [x] cronjob: 15,45 * * * * /usr/bin/docker exec pretix.service pretix cron
+* [x] backups https://docs.pretix.eu/en/latest/admin/maintainance.html#maintainance
 * [ ] plugins

abra.sh

@@ -1 +1,16 @@
-export PRETIX_CONFIG_VERSION=v1
+export PRETIX_CONFIG_VERSION=v2
+export CRON_ENTRYPOINT_VERSION=v1
+export DB_ENTRYPOINT_VERSION=v2
+export PG_BACKUP_VERSION=v1
+
+change_adminpass(){
+    password=$(cat /run/secrets/admin_pass)
+    ~/src/manage.py shell -c """
+from django.contrib.auth import get_user_model
+UserModel = get_user_model()
+u = UserModel.objects.get(email='admin@localhost')
+u.set_password('$password')
+u.save()
+"""
+echo "Changed admin password"
+}

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: 'pretix/standalone:2024.10.0'
+    image: 'pretix/standalone:2025.5.0'
     networks:
       - proxy
       - internal
@@ -16,6 +16,7 @@ services:
       - db_password
       - smtp_password
       - django_secret_key
+      - admin_pass
     deploy:
       restart_policy:
         condition: on-failure
@@ -25,16 +26,16 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=1.1.0+2024.10.0"
-    # healthcheck:
-    #   test: ["CMD", "curl", "-f", "http://localhost"]
-    #   interval: 30s
-    #   timeout: 10s
-    #   retries: 10
-    #   start_period: 1m
+        - "coop-cloud.${STACK_NAME}.version=2.1.0+2025.5.0"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/healthcheck"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
 
   db:
-    image: postgres:12
+    image: postgres:16
     volumes:
       - "postgres:/var/lib/postgresql/data"
     networks:
@@ -45,19 +46,28 @@ services:
       POSTGRES_DB: pretix
     secrets:
       - db_password
+    configs:
+      - source: pg_backup
+        target: /pg_backup.sh
+        mode: 0555
+      - source: db_entrypoint
+        target: /docker-entrypoint.sh
+        mode: 0555
+    entrypoint: /docker-entrypoint.sh
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      test: ["CMD-SHELL", "[ -f $${HEALTHCHECK_MARKER} ] || pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
       interval: 10s
       timeout: 5s
       retries: 5
     deploy:
       labels:
-            backupbot.backup: "true"
-            backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
-            backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup" 
+        backupbot.backup.volumes.postgres.path: "backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
 
   redis:
-    image: redis:7.0.10-alpine
+    image: redis:8.0.2-alpine
     volumes:
       - "redis:/data"
     healthcheck:
@@ -68,6 +78,19 @@ services:
     networks:
       - internal
 
+  cron:
+    image: alpinelinux/docker-cli:latest
+    environment:
+      - STACK_NAME=${STACK_NAME}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    entrypoint:
+      /entrypoint.sh
+    configs:
+      - source: cron_entrypoint
+        target: /entrypoint.sh
+        mode: 0555
+
 volumes:
   app:
   postgres:
@@ -78,6 +101,16 @@ configs:
     name: ${STACK_NAME}_pretix_config_${PRETIX_CONFIG_VERSION}
     file: pretix.cfg.tmpl
     template_driver: golang
+  cron_entrypoint:
+    name: ${STACK_NAME}_cron_entrypoint_${CRON_ENTRYPOINT_VERSION}
+    file: entrypoint.cron.sh
+  db_entrypoint:
+    name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION}
+    file: entrypoint.postgres.sh.tmpl
+    template_driver: golang
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh
 
 networks:
   proxy:
@@ -95,3 +128,6 @@ secrets:
   django_secret_key:
     external: true
     name: ${STACK_NAME}_django_secret_key_${SECRET_DJANGO_SECRET_KEY_VERSION}
+  admin_pass:
+    external: true
+    name: ${STACK_NAME}_admin_pass_${SECRET_ADMIN_PASS_VERSION}

entrypoint.cron.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo '15,45 * * * * docker exec $(docker ps -qf 'name=${STACK_NAME}_app') pretix runperiodic' | crontab - && crond -f -d 8

entrypoint.postgres.sh.tmpl

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+set -e
+
+HEALTHCHECK_MARKER=/tmp/skip_healthcheck
+touch $HEALTHCHECK_MARKER
+MIGRATION_MARKER=$PGDATA/migration_in_progress
+OLDDATA=$PGDATA/old_data
+NEWDATA=$PGDATA/new_data
+
+install_old_postgres_debian() {
+  ## TODO: Replace with script from outline entrypoint
+  apt-get update
+  apt-get install -y git
+  git clone https://github.com/theory/pgenv.git /tmp/pgenv
+  cd /tmp/pgenv
+  export PATH="/tmp/pgenv/bin:/tmp/pgenv/pgsql/bin:$PATH"
+
+  # Install missing packages
+  apt-get install -y make curl patch gcc sudo libreadline-dev zlib1g-dev build-essential
+  pgenv check
+  LATEST_OLD_VERSION=$(pgenv available $DATA_VERSION | grep -oE "$DATA_VERSION\.[0-9]+" | tail -n 1)
+  pgenv build $LATEST_OLD_VERSION
+}
+
+install_old_postgres_alpine() {
+  apk add git
+  git clone https://github.com/theory/pgenv.git /tmp/pgenv
+  cd /tmp/pgenv
+  export PATH="/tmp/pgenv/bin:/tmp/pgenv/pgsql/bin:$PATH"
+
+  #Install Missing pagckages:
+  apk add make curl make patch gcc alpine-sdk sudo readline-dev build-base zlib-dev linux-headers
+  pgenv check
+  LATEST_OLD_VERSION=$(pgenv available $DATA_VERSION | grep -oE "$DATA_VERSION\.[0-9]+" | tail -n 1)
+  pgenv build $LATEST_OLD_VERSION
+}
+
+if [ -e $MIGRATION_MARKER ]; then
+  echo "FATAL: migration was started but did not complete in a previous run. manual recovery necessary"
+  exit 1
+fi
+
+if [ -f $PGDATA/PG_VERSION ]; then
+  DATA_VERSION=$(cat $PGDATA/PG_VERSION)
+
+  if [ -n "$DATA_VERSION" -a "$PG_MAJOR" != "$DATA_VERSION" ]; then
+    echo "postgres data version $DATA_VERSION found, but need $PG_MAJOR. Starting migration"
+    echo "Installing postgres $DATA_VERSION"
+    if [ -f /etc/alpine-release ]; then
+      install_old_postgres_alpine
+    else
+      install_old_postgres_debian
+    fi
+    echo "shuffling around"
+    gosu postgres mkdir $OLDDATA
+    chmod 700 $OLDDATA
+    mv $PGDATA/* $OLDDATA/ || true
+    gosu postgres mkdir $NEWDATA
+    chmod 700 $NEWDATA
+    touch $MIGRATION_MARKER
+    echo "running initdb"
+    # abuse entrypoint script for initdb by making server error out
+    gosu postgres bash -c "export PGDATA=$NEWDATA ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true"
+    echo "running pg_upgrade"
+    cd /tmp
+    sleep 5
+    gosu postgres pg_upgrade --link -b /tmp/pgenv/pgsql-$LATEST_OLD_VERSION/bin -d $OLDDATA -D $NEWDATA -U $POSTGRES_USER
+    cp $OLDDATA/pg_hba.conf $NEWDATA/
+    mv $NEWDATA/* $PGDATA
+    rm -rf $OLDDATA
+    rmdir $NEWDATA
+    rm $MIGRATION_MARKER
+    echo "migration complete"
+  fi
+fi
+
+rm $HEALTHCHECK_MARKER
+
+/usr/local/bin/docker-entrypoint.sh postgres

pg_backup.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+
+function backup {
+  export PGPASSWORD=$(cat /run/secrets/db_password)
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+}
+
+function restore {
+    cd /var/lib/postgresql/data/
+    restore_config(){
+        # Restore allowed connections
+        cat pg_hba.conf.bak > pg_hba.conf
+        su postgres -c 'pg_ctl reload'
+    }
+    # Don't allow any other connections than local
+    cp pg_hba.conf pg_hba.conf.bak
+    echo "local all all trust" > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+    trap restore_config EXIT INT TERM
+
+    # Recreate Database
+    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
+    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
+    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+
+    trap - EXIT INT TERM
+    restore_config
+}
+
+$@

pretix.cfg.tmpl

@@ -42,9 +42,6 @@ debug=off
 location=redis://redis:6379/1
 sessions=true
 
-[languages]
-enabled=en,de
-
 [celery]
 backend=redis://redis:6379/1
 broker=redis://redis:6379/2

release/1.5.0+2024.11.0

@@ -0,0 +1 @@
+New major postgres version with automated update script! Make sure to backup your database before.

release/2.0.0+2025.1.0

@@ -0,0 +1 @@
+New secret ADMIN_PASS which will be used to automatically replace the insecure default password