axeman
/
erpnext-nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wip: working vm

main
teutat3s 2023-06-07 21:58:05 +02:00
parent d683e6795b
commit af3c949181
Signed by: teutat3s
GPG Key ID: 4FA1D3FA524F22C1
3 changed files with 114 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.nix
View File

@ -30,9 +30,9 @@
inherit pkgs;
run-erpnext = pkgs.run-erpnext;
pip2nix = import "${pip2nix}/default.nix" { inherit pkgs; pythonPackages = "python310Packages"; };
erpnext = pkgs.python3.pkgs.erpnext;
bench = pkgs.python3.pkgs.bench;
pythonPkgs = pkgs.python3.pkgs;
erpnext = pkgs.python3-erpnext.pkgs.erpnext;
bench = pkgs.python3-erpnext.pkgs.bench;
pythonPkgs = pkgs.python3-erpnext.pkgs;
});
nixosConfigurations = {
test-vm = nixpkgs.lib.nixosSystem {

213
nginx-erpnext-conf.nix
View File

@ -1,6 +1,7 @@
# From https://github.com/frappe/frappe_docker/blob/main/resources/nginx-template.conf
{ writeText
, nginx
, frappe-erpnext-assets
}:
let
backend = "127.0.0.1:9090";
@ -13,125 +14,119 @@ let
proxy_read_timeout = "120";
in
writeText "erpnext.conf" ''
events {
worker_connections 1024;
upstream backend-server {
server ${backend} fail_timeout=0;
}
http {
upstream backend-server {
server ${backend} fail_timeout=0;
upstream socketio-server {
server ${socketio} fail_timeout=0;
}
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $scheme;
https https;
}
server {
listen 8081;
server_name ${frappe_site_name_header};
root ${frappe-erpnext-assets}/share/sites;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
set_real_ip_from ${upstream_real_ip_address};
real_ip_header ${upstream_real_ip_header};
real_ip_recursive ${upstream_real_ip_recursive};
location /assets {
try_files $uri =404;
}
upstream socketio-server {
server ${socketio} fail_timeout=0;
location ~ ^/protected/(.*) {
internal;
try_files /${frappe_site_name_header}/$1 =404;
}
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $scheme;
https https;
location /socket.io {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
proxy_set_header Origin $scheme://${frappe_site_name_header};
proxy_set_header Host $host;
proxy_pass http://socketio-server;
}
server {
listen 8081;
server_name ${frappe_site_name_header};
root /tmp/erpnext/sites;
location / {
rewrite ^(.+)/$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
rewrite ^(.+)/index\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
rewrite ^(.+)\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location ~ ^/files/.*.(htm|html|svg|xml) {
# TODO: Figure out how to do this.
# add_header Content-disposition "attachment";
try_files /${frappe_site_name_header}/public/$uri @webserver;
}
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
set_real_ip_from ${upstream_real_ip_address};
real_ip_header ${upstream_real_ip_header};
real_ip_recursive ${upstream_real_ip_recursive};
location /assets {
try_files $uri =404;
}
location ~ ^/protected/(.*) {
internal;
try_files /${frappe_site_name_header}/$1 =404;
}
location /socket.io {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
proxy_set_header Origin $scheme://${frappe_site_name_header};
proxy_set_header Host $host;
proxy_pass http://socketio-server;
}
location / {
rewrite ^(.+)/$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
rewrite ^(.+)/index\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
rewrite ^(.+)\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
location ~ ^/files/.*.(htm|html|svg|xml) {
# TODO: Figure out how to do this.
# add_header Content-disposition "attachment";
try_files /${frappe_site_name_header}/public/$uri @webserver;
}
try_files /${frappe_site_name_header}/public/$uri @webserver;
}
location @webserver {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
proxy_set_header Host $host;
proxy_set_header X-Use-X-Accel-Redirect True;
proxy_read_timeout ${proxy_read_timeout};
proxy_redirect off;
proxy_pass http://backend-server;
}
# optimizations
sendfile on;
keepalive_timeout 15;
client_max_body_size ${client_max_body_size};
client_body_buffer_size 16K;
client_header_buffer_size 1k;
# enable gzip compression
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
gzip on;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
# text/html is always compressed by HttpGzipModule
try_files /${frappe_site_name_header}/public/$uri @webserver;
}
location @webserver {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
proxy_set_header Host $host;
proxy_set_header X-Use-X-Accel-Redirect True;
proxy_read_timeout ${proxy_read_timeout};
proxy_redirect off;
proxy_pass http://backend-server;
}
# optimizations
sendfile on;
keepalive_timeout 15;
client_max_body_size ${client_max_body_size};
client_body_buffer_size 16K;
client_header_buffer_size 1k;
# enable gzip compression
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
gzip on;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
# text/html is always compressed by HttpGzipModule
}
''

13
test-vm/configuration.nix
View File

@ -110,10 +110,9 @@
wantedBy = [ "erpnext.service" ];
partOf = [ "erpnext.service" ];
script = ''
cd /var/lib/erpnext
mkdir bench
cd bench
mkdir -p apps sites config/pids logs
for subdir in apps sites config/pids logs; do
mkdir -p /var/lib/erpnext/bench/$subdir
done
'';
serviceConfig = {
RemainAfterExit = true;
@ -124,7 +123,7 @@
services.nginx = {
enable = true;
config = builtins.readFile "${pkgs.erpnext-nginx-conf}";
appendHttpConfig = builtins.readFile "${pkgs.erpnext-nginx-conf}";
};
systemd.services.erpnext =
@ -173,7 +172,7 @@
# Upstream initializes the DB with this command
# TODO: Make this idempotent
cd /var/lib/erpnext/bench/sites
bench new-site localhost --mariadb-root-password password --admin-password admin
bench new-site localhost --mariadb-root-password password --admin-password admin || true
bench --site localhost install-app erpnext
# TODO: Run these as systemd units
@ -186,7 +185,9 @@
Type = "simple";
BindReadOnlyPaths = [
"/etc/hosts:/etc/hosts"
"${pkgs.frappe-app}:${pkgs.frappe-app}"
"${pkgs.frappe-app}/share/apps/frappe:/var/lib/erpnext/bench/apps/frappe"
"${pkgs.erpnext-app}:${pkgs.erpnext-app}"
"${pkgs.erpnext-app}/share/apps/erpnext:/var/lib/erpnext/bench/apps/erpnext"
"${pkgs.frappe-erpnext-assets}/share/sites/assets:/var/lib/erpnext/bench/sites/assets"
"${appsFile}:/var/lib/erpnext/bench/sites/apps.txt"