axeman/erpnext-nix
1
0
Fork 1
Code Issues Pull requests Packages Projects Releases Wiki Activity

module: final fixes and cleanup

Browse source
This commit is contained in:
teutat3s 2023-07-17 21:06:45 +02:00
parent aff559a20e
commit 446a2b6dea
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
7 changed files with 98 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
README.md
View file

@ -21,26 +21,29 @@ nix build --json .#run-erpnext \
``` ```
### NixOS VM ### NixOS VM
Initial setup:
``` ```
# Build the test VM # Build the test VM
nix build '.#nixosConfigurations.test-vm.config.system.build.vm' nix build '.#nixosConfigurations.test-vm.config.system.build.vm'
# Start the VM, to generate SSH host key files required for secrets # Start the VM, to generate SSH host key files required for secrets
./result/bin/run-nixos-vm ./result/bin/run-nixos-vm
# Get the ed25519 SSH hostkey # In another terminal, get the ed25519 SSH hostkey, then stop the VM with CTRL-c
ssh-keyscan -p 2222 127.0.0.1 ssh-keyscan -p 2222 127.0.0.1 | grep ssh-ed25519
...
[127.0.0.1]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdCOs16W731ftPDqO+X6RZVSdwVVNw2Xfmcpk5pzbeO
# Edit secrets.nix and add the SSH hostkey to machine 'test-vm' # Edit secrets.nix and add the SSH hostkey to machine 'test-vm', starting with 'ssh-ed25519 ...'
vim secrets/secrets.nix sed --in-place \
's|test-vm = .*|test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdCOs16W731ftPDqO+X6RZVSdwVVNw2Xfmcpk5pzbeO host@test-vm";|' \
secrets/secrets.nix
# Rekey the secrets with agenix # Rekey the secrets with agenix
cd secrets cd secrets && agenix --rekey && cd ..
agenix --rekey
cd ..
# Stop with CTRL-c & build the test VM again # Build the test VM again
nix build '.#nixosConfigurations.test-vm.config.system.build.vm' nix build '.#nixosConfigurations.test-vm.config.system.build.vm'
# Start the VM # Start the VM once more
./result/bin/run-nixos-vm ./result/bin/run-nixos-vm
# Access the VM via SSH, use an empty password (Enter) to login # Access the VM via SSH, use an empty password (Enter) to login
@ -50,13 +53,34 @@ ssh root@localhost -p 2222
# The initial startup can take a few minutes # The initial startup can take a few minutes
journalctl -fu erpnext-web.service journalctl -fu erpnext-web.service
# Open http://localhost:8081 in your browser # Open https://localhost:8081 in your browser and follow the setup wizard
# User: Administrator # User: Administrator
# Password: admin # Password: admin
```
# To reset all data for the VM After the initial setup, make changes, build and run the VM again to test the changes.
```
# Build the test VM
nix build '.#nixosConfigurations.test-vm.config.system.build.vm'
# Start the VM
./result/bin/run-nixos-vm
```
Useful for debugging, you can delete a special file in the VM to force the
ERPNext init script to run again. It will then try to initialize the DB again
and create a new site directory.
```
ssh root@localhost -p 2222
rm /var/lib/erpnext/.db-created
systemctl restart erpnext-web
```
To reset the VM's data and start fresh, run:
```
rm nixos.qcow2 rm nixos.qcow2
``` ```
Note that this will re-generate SSH host keys and you will need to do the
initial setup again.
### Docker ### Docker
``` ```

46
modules/erpnext.nix
View file

@ -90,6 +90,10 @@ in
default = true; default = true;
description = lib.mdDoc "Create the database and database user locally."; description = lib.mdDoc "Create the database and database user locally.";
}; };
automaticMigrations = mkEnableOption
(lib.mdDoc "automatic migrations for database schema and data") // {
default = true;
};
}; };
redis = { redis = {
@ -116,15 +120,6 @@ in
description = lib.mdDoc "Local socket.io HTTP server port."; description = lib.mdDoc "Local socket.io HTTP server port.";
}; };
#configJsonFile = mkOption {
# type = types.nullOr types.path;
# default = null;
# example = "/run/secrets/erpnext-config.json";
# description = lib.mdDoc ''
# A file containing the ERPNext config.
# '';
#};
webserver = { webserver = {
bindAddress = mkOption { bindAddress = mkOption {
type = types.str; type = types.str;
@ -144,19 +139,27 @@ in
example = lib.literalExpression '' example = lib.literalExpression ''
{ {
serverAliases = [ serverAliases = [
"erpnext.''${config.networking.domain}" "erpnext.your.domain"
"erp.''${config.networking.domain}" "erp.your.domain"
]; ];
enableACME = false; # Disable access logs
logFormat = ''
output discard
'';
} }
''; '';
description = lib.mdDoc '' description = lib.mdDoc ''
With this option, you can customize a caddy virtual host. With this option, you can customize a caddy virtual host.
Set to {} if you do not need any customization to the virtual host. Set to {} if you do not need any customization to the virtual host.
If enabled, then by default, the {option}`serverName` is If enabled, then by default, the {option}`hostName` is
`''${domain}`, `''${domain}`,
SSL is active, and certificates are acquired via ACME. TLS is active by default, and handled by caddy.
If this is set to null (the default), no caddy virtualHost will be configured.
Additionally, you probably want to set the caddy email option, when
enabling this: {option}`services.caddy.email
If this is set to null (the default), no caddy virtualHost will be
configured.
''; '';
}; };
@ -298,11 +301,7 @@ in
}; };
services.caddy.enable = mkIf (cfg.caddy != null) true; services.caddy.enable = mkIf (cfg.caddy != null) true;
services.caddy.email = "admins@pub.solar"; services.caddy.virtualHosts."${cfg.domain}" = mkIf (cfg.caddy != null) (lib.mkMerge [
services.caddy.globalConfig = ''
local_certs
'';
services.caddy.virtualHosts."${cfg.domain}:8081" = mkIf (cfg.caddy != null) (lib.mkMerge [
cfg.caddy cfg.caddy
({ ({
extraConfig = '' extraConfig = ''
@ -356,13 +355,18 @@ in
DB_ROOT_PASSWORD="$(cat "${cfg.database.rootPasswordFile}")" DB_ROOT_PASSWORD="$(cat "${cfg.database.rootPasswordFile}")"
# Upstream initializes the database with this command # Upstream initializes the database with this command
${penv}/bin/bench new-site localhost \ ${penv}/bin/bench new-site ${cfg.domain} \
--mariadb-root-password "$DB_ROOT_PASSWORD" \ --mariadb-root-password "$DB_ROOT_PASSWORD" \
--admin-password "$ADMIN_PASSWORD" \ --admin-password "$ADMIN_PASSWORD" \
--install-app erpnext --install-app erpnext
touch ${escapeShellArg "${cfg.workDir}/.db-created"} touch ${escapeShellArg "${cfg.workDir}/.db-created"}
fi fi
${lib.optionalString cfg.database.automaticMigrations ''
# Migrate the database
${penv}/bin/bench --site ${cfg.domain} migrate
''}
''; '';
ExecStart = '' ExecStart = ''
${penv}/bin/gunicorn \ ${penv}/bin/gunicorn \

BIN
secrets/admin-password.age
View file

Binary file not shown.

26
secrets/database-root-password.age
View file

@ -1,14 +1,14 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 Wp/X/Q uMcrhm3fS+M/P2uaEJvdRab5G4Nk6zZNAlHyRISlGg0 -> ssh-ed25519 Wp/X/Q J/XqDE9oquq8xyPyMXcYtWVEeIczShbr2WZ6zpXVDFk
9QNitHuuKYzn99Hr76+yOa51/4qfTlhUwf5cD/Px/FI qsmZSC59mm8HUG72aqSdaVU2XaNMk5PumaE/r1+5Fzc
-> ssh-ed25519 FnuwSg ukuZCjWTcyC4LiHWmrunskAk3WbNZsdAXzHi3fydJwI -> ssh-ed25519 fLYf0Q +zjc/bQDGBgWSd3O2BugQBMx2Iq4UEUG5XauQMqzvmY
k3N3F4hxw55E6C68jLoaIQfuDUaOILxbw8BYwIcI2e8 9TGVQ02H4Ofdwgju7zbRpfxanAUEbIb44nUZkFESLt4
-> ssh-ed25519 BVsyTA q+2w2O+4c8NahzHuo2KLDxa8RHB79+L+h9KOY9GdGkA -> ssh-ed25519 BVsyTA QE7uZCFJjDbhiQqvDgJeJevPqhYSEs6rswLdR/dU/gA
eWRM4yyQtefZ6tnozqg37eLLMz7rQYl3eem2jxGThwo +B37NmGCNFnnDtkLkMbb9mRSvR7/6ohQTRN/VK6HCGE
-> ssh-ed25519 BVsyTA 6qkLU9OPuBv6KlgaILTkeFsyNgm8uW2PgZvsIQ8pGwM -> ssh-ed25519 BVsyTA QG+2eoqCbQzzQLF8uNX8Oj68SILAeWIUqcK0rtGT8nM
kXBSETY11ZCJs5HZ2jH9LAw0ntrsSW2J5ES97X7FkpI 3NUYU+9Bv88r1VNDeZFNMnc3l9lsiWjzsYTczyntRac
-> }6jwb-grease ,2 {su -> EMr"yt-grease
Yypdzw8GT6HmlqgBxHAuEiKDWsH+wSYK2rMxketTP6OlWJHfmV9jc/YBMXwWNkhh GNRgoRN98JvtS4Vc1CE1I0RXSwvt5RGiwxwPBVCHtU9NaBNxY7enwQKHN0cRcvku
jcQfjmwx2Wjcn0mjiv6RUYi3tulpbkB+jctRW+vstPHTIptEMhOfs5FM oiA
--- WPd5tG8HvNuhMZfqvzaCeDz2tavijgWewAuLV+5wFuE --- lAr6xIM5wIjraqiC78485o9Od6N4ky54dCrcVc+ZECE
9öêÔ¯“áY÷%"|V`WV%l»''oKÀ$W`Ÿ!è)ŸBؘºN¥p ?bïTg5'ßõ˜@œ<>vë&¥4\¾¿ØŽ<>1€»JZ—±ea

26
secrets/database-user-password.age
View file

@ -1,14 +1,14 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 Wp/X/Q 3hW/8PTjCcRN4cj1OJlmKgGrupW/At/XcZP9mX5relM -> ssh-ed25519 Wp/X/Q XnUGBSLYyTTUjTiqQg4zZGeVvMqPocTk7uZRBhPguGk
DrYHHxhA6DDj5tkUwMEP1Diedo5ZRtdaDaytodWcRlU TFf2vCef46WGwSSL9eQoWJw74fiUfymxaUxNf+Ty32Y
-> ssh-ed25519 FnuwSg 7szTuXVOxA1gEKvXFDDpPBak5Eh2CwUGnL52wGLmogw -> ssh-ed25519 fLYf0Q rtQ/LRlEPw+V/71ptxLfhbjjKUKD3M/FitHxuIfb61I
J/no4LHtQ5FR43r6evCk4n6V/6gQ5navfvVGOc6Mnl0 iWDj8TXCJOf73MUcHZWhnhQjnuKqykxQ8UYYzeFs7FA
-> ssh-ed25519 BVsyTA cGS0ASOgef9VUxNQF0h70h9aJnctBZRc6FBQgahLn0c -> ssh-ed25519 BVsyTA /5BemxhsClGZQAAF4apL2g37qjHjJ0VjPC1352NniFk
b35sRRi+yNu2arU7yipZctcie0itomjJtc3Nr4i2nss LCKyRK+JbZW1YFpZknB+HVCVjS2xxPwsbitJ3pztYO0
-> ssh-ed25519 BVsyTA VG8SwHZkdvGwmbx/kOT5oabV+WpO5QGIJXtse4CtKgE -> ssh-ed25519 BVsyTA r0UHDzJx01z6u5tC+KWvp/TrpvFaTAP6Nn2z9vv7kVU
WiEuIMlsaW98kPB6pChEZhCNWo0pVbDMEIwfRtuKNnY /L+0zAITksGzHkdGneaEWgUGHcBfXUROCS8fQh1fAPg
-> 2IOJi1-grease s^`TsZL %{ &~L* -> [>kC]3-grease
TU4AdoaLUEYR8YQRMcUdFho/WOs9IpwM1z4t36FbM3GPFqz0IY5MCC9shj+oxhh1 ZAw4x/KwujI8DlxyGsgjk8yu
aW5/FKRXoTLG5A --- LA8ePveqZ7SKE7WsfrX/dD37bU4VRgivUfSRDOpc14A
--- 9HuacZ7Sr0o0XKFkdT4qIQSdx8Idymsb/jc3QxLOwg0 <EFBFBD><EFBFBD>p><3E><>Y<EFBFBD>x<>nP<>׺D>F<><46>v!
MÄ0H±„{ÝË»—ˆ;Ÿc”ž*$½6dŒ(ÖÕ1ÏüDÍ÷<C38D>3OÂe† <EFBFBD><EFBFBD>~ᨀ<>:<3A><><EFBFBD><EFBFBD>w<EFBFBD>

2
secrets/secrets.nix
View file

@ -2,7 +2,7 @@ let
# set ssh public keys here for your system and user # set ssh public keys here for your system and user
machines = { machines = {
dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms"; dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms";
test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILD8RziyMKgRj6MLkRjdHnNwG2+VolUl8ejjeteehVnw host@test-vm"; test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7EsR4wT+bOaC/rafTZUqsR7z9SFM57Oabv+I0ar454 host@test-vm";
}; };
users = { users = {
teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";

12
test-vm/configuration.nix
View file

@ -37,7 +37,7 @@
guest.port = 9090; guest.port = 9090;
host.port = 9090; host.port = 9090;
} { } {
guest.port = 8081; guest.port = 443;
host.port = 8081; host.port = 8081;
}]; }];
}; };
@ -53,6 +53,9 @@
]; ];
users.mutableUsers = false; users.mutableUsers = false;
networking.firewall.enable = false; networking.firewall.enable = false;
networking.hosts = {
"127.0.0.1" = [ "erp.momo.koeln" ];
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
@ -78,10 +81,17 @@
services.erpnext = { services.erpnext = {
enable = true; enable = true;
domain = "localhost";
adminPasswordFile = config.age.secrets.erpnext-admin-password.path; adminPasswordFile = config.age.secrets.erpnext-admin-password.path;
database.rootPasswordFile = config.age.secrets.erpnext-db-root-password.path; database.rootPasswordFile = config.age.secrets.erpnext-db-root-password.path;
database.userPasswordFile = config.age.secrets.erpnext-db-user-password.path; database.userPasswordFile = config.age.secrets.erpnext-db-user-password.path;
caddy = {}; caddy = {};
}; };
services.caddy = {
email = "admins@pub.solar";
globalConfig = ''
local_certs
'';
};
}; };
} }