pretix: enable OIDC support

- add pretix-oidc plugin installation (Dockerfile, version 2.3.1 default) - configure OIDC env vars (issuer, endpoints, client ID/secret, scopes, unique attribute) - enable redis + database, add config/data volumes - switch canonical domain to ticket.<PRIMARY_DOMAIN> with pretix.<PRIMARY_DOMAIN> alias - mirror GitLab-style OIDC var structure for consistency Implements pretix authentication via Keycloak/SSO. See: https://chatgpt.com/share/68b19721-341c-800f-b372-527164474018
2025-08-30 23:38:13 +02:00 · 2025-08-29 14:04:03 +02:00
parent f4ea6c6c0f
commit 092869b29a
5 changed files with 109 additions and 26 deletions
--- a/roles/web-app-pretix/config/main.yml
+++ b/roles/web-app-pretix/config/main.yml
@@ -1,31 +1,36 @@
-
 credentials: {}
 docker:
-  images: {}                # @todo Move under services
-  versions: {}              # @todo Move under services
  services:
    redis:
-      enabled:      false   # Enable Redis 
+      enabled:  true
    database:
-      enabled:      false   # Enable the database 
+      enabled:  true
+    application:
+      image:    pretix/standalone
+      version:  stable
+      name:     pretix
+  volumes:
+    data:       "pretix_data"
+    config:     "pretix_config"
 features:
-  matomo:           true    # Enable Matomo Tracking
-  css:              true    # Enable Global CSS Styling
-  desktop:  true    # Enable loading of app in iframe
-  ldap:             false   # Enable LDAP Network
-  central_database: false   # Enable Central Database Network
-  recaptcha:        false   # Enable ReCaptcha
-  oauth2:           false   # Enable the OAuth2-Proy
-  javascript:       false   # Enables the custom JS in the javascript.js.j2 file   
+  matomo:           true
+  css:              true
+  desktop:          true
+  central_database: true
  logout:           true
+  oidc:             true
 server:
  csp:
-    whitelist:        {}      # URL's which should be whitelisted
-    flags:            {}      # Flags which should be set
+    whitelist:      {}
+    flags:          {}
  domains:
    canonical:
+      - "ticket.{{ PRIMARY_DOMAIN }}"
+    aliases:
      - "pretix.{{ PRIMARY_DOMAIN }}"
-    aliases:          []      # Alias redirections to the first element of the canonical domains
 rbac:
  roles: {}
+plugins:
+  oidc:
+    version: "2.3.1"