pretix: enable OIDC support

- add pretix-oidc plugin installation (Dockerfile, version 2.3.1 default) - configure OIDC env vars (issuer, endpoints, client ID/secret, scopes, unique attribute) - enable redis + database, add config/data volumes - switch canonical domain to ticket.<PRIMARY_DOMAIN> with pretix.<PRIMARY_DOMAIN> alias - mirror GitLab-style OIDC var structure for consistency Implements pretix authentication via Keycloak/SSO. See: https://chatgpt.com/share/68b19721-341c-800f-b372-527164474018
2025-08-30 23:38:13 +02:00 · 2025-08-29 14:04:03 +02:00
parent f4ea6c6c0f
commit 092869b29a
5 changed files with 109 additions and 26 deletions
--- a/roles/web-app-pretix/vars/main.yml
+++ b/roles/web-app-pretix/vars/main.yml
@@ -1,2 +1,30 @@
-application_id: web-app-pretix # ID of the application
-database_type:  0                    # Database type [postgres, mariadb]
+application_id:                 "web-app-pretix"
+database_type:                  "postgres"
+container_port:                 80
+
+# URLs
+PRETIX_URL:                     "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+PRETIX_HOSTNAME:                "{{ domains | get_domain(application_id) }}"
+
+# OIDC (mirrors GitLab’s pattern)
+PRETIX_OIDC_ENABLED:            "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
+PRETIX_OIDC_LABEL:              "{{ OIDC.BUTTON_TEXT }}"
+PRETIX_OIDC_CLIENT_ID:          "{{ OIDC.CLIENT.ID }}"
+PRETIX_OIDC_CLIENT_SECRET:      "{{ OIDC.CLIENT.SECRET }}"
+PRETIX_OIDC_ISSUER:             "{{ OIDC.CLIENT.ISSUER_URL }}"
+PRETIX_OIDC_AUTH_URL:           "{{ OIDC.CLIENT.AUTHORIZE_URL }}"
+PRETIX_OIDC_TOKEN_URL:          "{{ OIDC.CLIENT.TOKEN_URL }}"
+PRETIX_OIDC_USERINFO_URL:       "{{ OIDC.CLIENT.USER_INFO_URL }}"
+PRETIX_OIDC_LOGOUT_URL:         "{{ OIDC.CLIENT.LOGOUT_URL }}"
+PRETIX_OIDC_JWKS_URL:           "{{ OIDC.CLIENT.CERTS }}"
+PRETIX_OIDC_SCOPES:             "openid,email,profile"
+# Use Keycloak username claim by default (plugin default is 'sub')
+PRETIX_OIDC_UNIQUE_ATTRIBUTE:   "{{ OIDC.ATTRIBUTES.USERNAME }}"
+
+# Docker
+PRETIX_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.application.version') }}"
+PRETIX_IMAGE:                   "{{ applications | get_app_conf(application_id, 'docker.services.application.image') }}"
+PRETIX_CONTAINER:               "{{ applications | get_app_conf(application_id, 'docker.services.application.name') }}"
+PRETIX_DATA_VOLUME:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+PRETIX_CONF_VOLUME:             "{{ applications | get_app_conf(application_id, 'docker.volumes.config') }}"
+PRETIX_OIDC_PLUGIN_VERSION:     "{{ applications | get_app_conf(application_id, 'plugins.oidc.version') }}"