wip: working vm
This commit is contained in:
parent
d683e6795b
commit
af3c949181
|
@ -30,9 +30,9 @@
|
|||
inherit pkgs;
|
||||
run-erpnext = pkgs.run-erpnext;
|
||||
pip2nix = import "${pip2nix}/default.nix" { inherit pkgs; pythonPackages = "python310Packages"; };
|
||||
erpnext = pkgs.python3.pkgs.erpnext;
|
||||
bench = pkgs.python3.pkgs.bench;
|
||||
pythonPkgs = pkgs.python3.pkgs;
|
||||
erpnext = pkgs.python3-erpnext.pkgs.erpnext;
|
||||
bench = pkgs.python3-erpnext.pkgs.bench;
|
||||
pythonPkgs = pkgs.python3-erpnext.pkgs;
|
||||
});
|
||||
nixosConfigurations = {
|
||||
test-vm = nixpkgs.lib.nixosSystem {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# From https://github.com/frappe/frappe_docker/blob/main/resources/nginx-template.conf
|
||||
{ writeText
|
||||
, nginx
|
||||
, frappe-erpnext-assets
|
||||
}:
|
||||
let
|
||||
backend = "127.0.0.1:9090";
|
||||
|
@ -13,125 +14,119 @@ let
|
|||
proxy_read_timeout = "120";
|
||||
in
|
||||
writeText "erpnext.conf" ''
|
||||
events {
|
||||
worker_connections 1024;
|
||||
upstream backend-server {
|
||||
server ${backend} fail_timeout=0;
|
||||
}
|
||||
|
||||
http {
|
||||
upstream backend-server {
|
||||
server ${backend} fail_timeout=0;
|
||||
upstream socketio-server {
|
||||
server ${socketio} fail_timeout=0;
|
||||
}
|
||||
|
||||
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
|
||||
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
|
||||
default $scheme;
|
||||
https https;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8081;
|
||||
server_name ${frappe_site_name_header};
|
||||
root ${frappe-erpnext-assets}/share/sites;
|
||||
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
|
||||
|
||||
set_real_ip_from ${upstream_real_ip_address};
|
||||
real_ip_header ${upstream_real_ip_header};
|
||||
real_ip_recursive ${upstream_real_ip_recursive};
|
||||
|
||||
location /assets {
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
upstream socketio-server {
|
||||
server ${socketio} fail_timeout=0;
|
||||
location ~ ^/protected/(.*) {
|
||||
internal;
|
||||
try_files /${frappe_site_name_header}/$1 =404;
|
||||
}
|
||||
|
||||
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
|
||||
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
|
||||
default $scheme;
|
||||
https https;
|
||||
location /socket.io {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
|
||||
proxy_set_header Origin $scheme://${frappe_site_name_header};
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_pass http://socketio-server;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8081;
|
||||
server_name ${frappe_site_name_header};
|
||||
root /tmp/erpnext/sites;
|
||||
location / {
|
||||
rewrite ^(.+)/$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
|
||||
rewrite ^(.+)/index\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
|
||||
rewrite ^(.+)\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
|
||||
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
location ~ ^/files/.*.(htm|html|svg|xml) {
|
||||
# TODO: Figure out how to do this.
|
||||
# add_header Content-disposition "attachment";
|
||||
try_files /${frappe_site_name_header}/public/$uri @webserver;
|
||||
}
|
||||
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
|
||||
|
||||
set_real_ip_from ${upstream_real_ip_address};
|
||||
real_ip_header ${upstream_real_ip_header};
|
||||
real_ip_recursive ${upstream_real_ip_recursive};
|
||||
|
||||
location /assets {
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location ~ ^/protected/(.*) {
|
||||
internal;
|
||||
try_files /${frappe_site_name_header}/$1 =404;
|
||||
}
|
||||
|
||||
location /socket.io {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
|
||||
proxy_set_header Origin $scheme://${frappe_site_name_header};
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_pass http://socketio-server;
|
||||
}
|
||||
|
||||
location / {
|
||||
rewrite ^(.+)/$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
|
||||
rewrite ^(.+)/index\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
|
||||
rewrite ^(.+)\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
|
||||
|
||||
location ~ ^/files/.*.(htm|html|svg|xml) {
|
||||
# TODO: Figure out how to do this.
|
||||
# add_header Content-disposition "attachment";
|
||||
try_files /${frappe_site_name_header}/public/$uri @webserver;
|
||||
}
|
||||
|
||||
try_files /${frappe_site_name_header}/public/$uri @webserver;
|
||||
}
|
||||
|
||||
location @webserver {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Use-X-Accel-Redirect True;
|
||||
proxy_read_timeout ${proxy_read_timeout};
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_pass http://backend-server;
|
||||
}
|
||||
|
||||
# optimizations
|
||||
sendfile on;
|
||||
keepalive_timeout 15;
|
||||
client_max_body_size ${client_max_body_size};
|
||||
client_body_buffer_size 16K;
|
||||
client_header_buffer_size 1k;
|
||||
|
||||
# enable gzip compression
|
||||
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
|
||||
gzip on;
|
||||
gzip_http_version 1.1;
|
||||
gzip_comp_level 5;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied any;
|
||||
gzip_vary on;
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/font-woff
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/plain
|
||||
text/x-component;
|
||||
# text/html is always compressed by HttpGzipModule
|
||||
try_files /${frappe_site_name_header}/public/$uri @webserver;
|
||||
}
|
||||
|
||||
location @webserver {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Use-X-Accel-Redirect True;
|
||||
proxy_read_timeout ${proxy_read_timeout};
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_pass http://backend-server;
|
||||
}
|
||||
|
||||
# optimizations
|
||||
sendfile on;
|
||||
keepalive_timeout 15;
|
||||
client_max_body_size ${client_max_body_size};
|
||||
client_body_buffer_size 16K;
|
||||
client_header_buffer_size 1k;
|
||||
|
||||
# enable gzip compression
|
||||
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
|
||||
gzip on;
|
||||
gzip_http_version 1.1;
|
||||
gzip_comp_level 5;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied any;
|
||||
gzip_vary on;
|
||||
gzip_types
|
||||
application/atom+xml
|
||||
application/javascript
|
||||
application/json
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/font-woff
|
||||
application/x-web-app-manifest+json
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
font/opentype
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/css
|
||||
text/plain
|
||||
text/x-component;
|
||||
# text/html is always compressed by HttpGzipModule
|
||||
}
|
||||
''
|
||||
|
|
|
@ -110,10 +110,9 @@
|
|||
wantedBy = [ "erpnext.service" ];
|
||||
partOf = [ "erpnext.service" ];
|
||||
script = ''
|
||||
cd /var/lib/erpnext
|
||||
mkdir bench
|
||||
cd bench
|
||||
mkdir -p apps sites config/pids logs
|
||||
for subdir in apps sites config/pids logs; do
|
||||
mkdir -p /var/lib/erpnext/bench/$subdir
|
||||
done
|
||||
'';
|
||||
serviceConfig = {
|
||||
RemainAfterExit = true;
|
||||
|
@ -124,7 +123,7 @@
|
|||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
config = builtins.readFile "${pkgs.erpnext-nginx-conf}";
|
||||
appendHttpConfig = builtins.readFile "${pkgs.erpnext-nginx-conf}";
|
||||
};
|
||||
|
||||
systemd.services.erpnext =
|
||||
|
@ -173,7 +172,7 @@
|
|||
# Upstream initializes the DB with this command
|
||||
# TODO: Make this idempotent
|
||||
cd /var/lib/erpnext/bench/sites
|
||||
bench new-site localhost --mariadb-root-password password --admin-password admin
|
||||
bench new-site localhost --mariadb-root-password password --admin-password admin || true
|
||||
bench --site localhost install-app erpnext
|
||||
|
||||
# TODO: Run these as systemd units
|
||||
|
@ -186,7 +185,9 @@
|
|||
Type = "simple";
|
||||
BindReadOnlyPaths = [
|
||||
"/etc/hosts:/etc/hosts"
|
||||
"${pkgs.frappe-app}:${pkgs.frappe-app}"
|
||||
"${pkgs.frappe-app}/share/apps/frappe:/var/lib/erpnext/bench/apps/frappe"
|
||||
"${pkgs.erpnext-app}:${pkgs.erpnext-app}"
|
||||
"${pkgs.erpnext-app}/share/apps/erpnext:/var/lib/erpnext/bench/apps/erpnext"
|
||||
"${pkgs.frappe-erpnext-assets}/share/sites/assets:/var/lib/erpnext/bench/sites/assets"
|
||||
"${appsFile}:/var/lib/erpnext/bench/sites/apps.txt"
|
||||
|
|
Loading…
Reference in a new issue