axeman/erpnext-nix
1
0
Fork 1
Code Issues Pull requests Packages Projects Releases Wiki Activity

wip: working vm

Browse source
This commit is contained in:
teutat3s 2023-06-07 21:58:05 +02:00
parent d683e6795b
commit af3c949181
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
3 changed files with 114 additions and 118 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.nix
View file

@ -30,9 +30,9 @@
inherit pkgs; inherit pkgs;
run-erpnext = pkgs.run-erpnext; run-erpnext = pkgs.run-erpnext;
pip2nix = import "${pip2nix}/default.nix" { inherit pkgs; pythonPackages = "python310Packages"; }; pip2nix = import "${pip2nix}/default.nix" { inherit pkgs; pythonPackages = "python310Packages"; };
erpnext = pkgs.python3.pkgs.erpnext; erpnext = pkgs.python3-erpnext.pkgs.erpnext;
bench = pkgs.python3.pkgs.bench; bench = pkgs.python3-erpnext.pkgs.bench;
pythonPkgs = pkgs.python3.pkgs; pythonPkgs = pkgs.python3-erpnext.pkgs;
}); });
nixosConfigurations = { nixosConfigurations = {
test-vm = nixpkgs.lib.nixosSystem { test-vm = nixpkgs.lib.nixosSystem {

213
nginx-erpnext-conf.nix
View file

@ -1,6 +1,7 @@
# From https://github.com/frappe/frappe_docker/blob/main/resources/nginx-template.conf # From https://github.com/frappe/frappe_docker/blob/main/resources/nginx-template.conf
{ writeText { writeText
, nginx , nginx
, frappe-erpnext-assets
}: }:
let let
backend = "127.0.0.1:9090"; backend = "127.0.0.1:9090";
@ -13,125 +14,119 @@ let
proxy_read_timeout = "120"; proxy_read_timeout = "120";
in in
writeText "erpnext.conf" '' writeText "erpnext.conf" ''
events { upstream backend-server {
worker_connections 1024; server ${backend} fail_timeout=0;
} }
http { upstream socketio-server {
upstream backend-server { server ${socketio} fail_timeout=0;
server ${backend} fail_timeout=0; }
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $scheme;
https https;
}
server {
listen 8081;
server_name ${frappe_site_name_header};
root ${frappe-erpnext-assets}/share/sites;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
set_real_ip_from ${upstream_real_ip_address};
real_ip_header ${upstream_real_ip_header};
real_ip_recursive ${upstream_real_ip_recursive};
location /assets {
try_files $uri =404;
} }
upstream socketio-server { location ~ ^/protected/(.*) {
server ${socketio} fail_timeout=0; internal;
try_files /${frappe_site_name_header}/$1 =404;
} }
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme. location /socket.io {
map $http_x_forwarded_proto $proxy_x_forwarded_proto { proxy_http_version 1.1;
default $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
https https; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
proxy_set_header Origin $scheme://${frappe_site_name_header};
proxy_set_header Host $host;
proxy_pass http://socketio-server;
} }
server { location / {
listen 8081; rewrite ^(.+)/$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
server_name ${frappe_site_name_header}; rewrite ^(.+)/index\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
root /tmp/erpnext/sites; rewrite ^(.+)\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
proxy_buffer_size 128k; location ~ ^/files/.*.(htm|html|svg|xml) {
proxy_buffers 4 256k; # TODO: Figure out how to do this.
proxy_busy_buffers_size 256k; # add_header Content-disposition "attachment";
try_files /${frappe_site_name_header}/public/$uri @webserver;
}
add_header X-Frame-Options "SAMEORIGIN"; try_files /${frappe_site_name_header}/public/$uri @webserver;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
set_real_ip_from ${upstream_real_ip_address};
real_ip_header ${upstream_real_ip_header};
real_ip_recursive ${upstream_real_ip_recursive};
location /assets {
try_files $uri =404;
}
location ~ ^/protected/(.*) {
internal;
try_files /${frappe_site_name_header}/$1 =404;
}
location /socket.io {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
proxy_set_header Origin $scheme://${frappe_site_name_header};
proxy_set_header Host $host;
proxy_pass http://socketio-server;
}
location / {
rewrite ^(.+)/$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
rewrite ^(.+)/index\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
rewrite ^(.+)\.html$ $proxy_x_forwarded_proto://${frappe_site_name_header}$1 permanent;
location ~ ^/files/.*.(htm|html|svg|xml) {
# TODO: Figure out how to do this.
# add_header Content-disposition "attachment";
try_files /${frappe_site_name_header}/public/$uri @webserver;
}
try_files /${frappe_site_name_header}/public/$uri @webserver;
}
location @webserver {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
proxy_set_header Host $host;
proxy_set_header X-Use-X-Accel-Redirect True;
proxy_read_timeout ${proxy_read_timeout};
proxy_redirect off;
proxy_pass http://backend-server;
}
# optimizations
sendfile on;
keepalive_timeout 15;
client_max_body_size ${client_max_body_size};
client_body_buffer_size 16K;
client_header_buffer_size 1k;
# enable gzip compression
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
gzip on;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
# text/html is always compressed by HttpGzipModule
} }
location @webserver {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frappe-Site-Name ${frappe_site_name_header};
proxy_set_header Host $host;
proxy_set_header X-Use-X-Accel-Redirect True;
proxy_read_timeout ${proxy_read_timeout};
proxy_redirect off;
proxy_pass http://backend-server;
}
# optimizations
sendfile on;
keepalive_timeout 15;
client_max_body_size ${client_max_body_size};
client_body_buffer_size 16K;
client_header_buffer_size 1k;
# enable gzip compression
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
gzip on;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
# text/html is always compressed by HttpGzipModule
} }
'' ''

13
test-vm/configuration.nix
View file

@ -110,10 +110,9 @@
wantedBy = [ "erpnext.service" ]; wantedBy = [ "erpnext.service" ];
partOf = [ "erpnext.service" ]; partOf = [ "erpnext.service" ];
script = '' script = ''
cd /var/lib/erpnext for subdir in apps sites config/pids logs; do
mkdir bench mkdir -p /var/lib/erpnext/bench/$subdir
cd bench done
mkdir -p apps sites config/pids logs
''; '';
serviceConfig = { serviceConfig = {
RemainAfterExit = true; RemainAfterExit = true;
@ -124,7 +123,7 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
config = builtins.readFile "${pkgs.erpnext-nginx-conf}"; appendHttpConfig = builtins.readFile "${pkgs.erpnext-nginx-conf}";
}; };
systemd.services.erpnext = systemd.services.erpnext =
@ -173,7 +172,7 @@
# Upstream initializes the DB with this command # Upstream initializes the DB with this command
# TODO: Make this idempotent # TODO: Make this idempotent
cd /var/lib/erpnext/bench/sites cd /var/lib/erpnext/bench/sites
bench new-site localhost --mariadb-root-password password --admin-password admin bench new-site localhost --mariadb-root-password password --admin-password admin || true
bench --site localhost install-app erpnext bench --site localhost install-app erpnext
# TODO: Run these as systemd units # TODO: Run these as systemd units
@ -186,7 +185,9 @@
Type = "simple"; Type = "simple";
BindReadOnlyPaths = [ BindReadOnlyPaths = [
"/etc/hosts:/etc/hosts" "/etc/hosts:/etc/hosts"
"${pkgs.frappe-app}:${pkgs.frappe-app}"
"${pkgs.frappe-app}/share/apps/frappe:/var/lib/erpnext/bench/apps/frappe" "${pkgs.frappe-app}/share/apps/frappe:/var/lib/erpnext/bench/apps/frappe"
"${pkgs.erpnext-app}:${pkgs.erpnext-app}"
"${pkgs.erpnext-app}/share/apps/erpnext:/var/lib/erpnext/bench/apps/erpnext" "${pkgs.erpnext-app}/share/apps/erpnext:/var/lib/erpnext/bench/apps/erpnext"
"${pkgs.frappe-erpnext-assets}/share/sites/assets:/var/lib/erpnext/bench/sites/assets" "${pkgs.frappe-erpnext-assets}/share/sites/assets:/var/lib/erpnext/bench/sites/assets"
"${appsFile}:/var/lib/erpnext/bench/sites/apps.txt" "${appsFile}:/var/lib/erpnext/bench/sites/apps.txt"