forked from axeman/erpnext-nix
erpnext starts in the VM
This commit is contained in:
parent
cb9630c787
commit
5d27509f50
|
@ -1,5 +1,5 @@
|
|||
self: super: {
|
||||
python3 = super.python3.override {
|
||||
python3-erpnext = super.python3.override {
|
||||
packageOverrides = pyself: pysuper: {
|
||||
bench = pyself.callPackage ./python/bench.nix {};
|
||||
erpnext = pyself.callPackage ./python/erpnext.nix {};
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs, lib, config, modulesPath, ... }:
|
||||
with lib;
|
||||
{
|
||||
imports = [
|
||||
"${modulesPath}/profiles/minimal.nix"
|
||||
|
@ -9,6 +8,7 @@ with lib;
|
|||
|
||||
config = {
|
||||
services.qemuGuest.enable = true;
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
|
@ -28,6 +28,14 @@ with lib;
|
|||
# We don't want to use tmpfs, otherwise the nix store's size will be bounded
|
||||
# by a fraction of available RAM.
|
||||
writableStoreUseTmpfs = false;
|
||||
|
||||
forwardPorts = [{
|
||||
guest.port = 22;
|
||||
host.port = 2222;
|
||||
} {
|
||||
guest.port = 9090;
|
||||
host.port = 9090;
|
||||
}];
|
||||
};
|
||||
|
||||
# So that we can ssh into the VM, see e.g.
|
||||
|
@ -36,7 +44,11 @@ with lib;
|
|||
services.openssh.settings.PermitRootLogin = "yes";
|
||||
# Give root an empty password to ssh in.
|
||||
users.extraUsers.root.password = "";
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU"
|
||||
];
|
||||
users.mutableUsers = false;
|
||||
networking.firewall.enable = false;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
|
@ -47,6 +59,13 @@ with lib;
|
|||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
ensureUsers = [{
|
||||
name = "root";
|
||||
ensurePermissions = {
|
||||
"*.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
ensureDatabases = [ "root" ];
|
||||
};
|
||||
|
||||
services.redis.servers = {
|
||||
|
@ -63,69 +82,61 @@ with lib;
|
|||
description = "User to run erpnext";
|
||||
group = "erpnext";
|
||||
isSystemUser = true;
|
||||
home = "/var/lib/erpnext";
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
systemd.services.setup-mysql = {
|
||||
enable = true;
|
||||
before = [ "erpnext.service" ];
|
||||
after = [ "mysql.service" ];
|
||||
wantedBy = [ "erpnext.service" ];
|
||||
partOf = [ "erpnext.service" ];
|
||||
script = ''
|
||||
${pkgs.mariadb-client}/bin/mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('password')";
|
||||
'';
|
||||
serviceConfig = {
|
||||
RemainAfterExit = true;
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.ensure-bench-dir = {
|
||||
enable = true;
|
||||
before = [ "erpnext.service" ];
|
||||
wantedBy = [ "erpnext.service" ];
|
||||
partOf = [ "erpnext.service" ];
|
||||
script = ''
|
||||
cd /var/lib/erpnext
|
||||
mkdir bench
|
||||
cd bench
|
||||
mkdir -p apps sites config/pids logs
|
||||
'';
|
||||
serviceConfig = {
|
||||
RemainAfterExit = true;
|
||||
Type = "oneshot";
|
||||
User = "erpnext";
|
||||
};
|
||||
};
|
||||
#users = {
|
||||
# users.${user} = {
|
||||
# uid = 327;
|
||||
# group = group;
|
||||
# home = server.workDir;
|
||||
# };
|
||||
# groups.${group}.gid = 327;
|
||||
#};
|
||||
|
||||
systemd.services.erpnext =
|
||||
let
|
||||
name = "worker1";
|
||||
user = "erpnext";
|
||||
group = "erpnext";
|
||||
server = {
|
||||
bind = "127.0.0.1:9090";
|
||||
workDir = "/var/lib/erpnext";
|
||||
};
|
||||
in {
|
||||
enable = true;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "mysql.service" "redis.service" "redis-socketio.service" ];
|
||||
description = "ERPNext";
|
||||
|
||||
environment =
|
||||
let
|
||||
penv = pkgs.python3.buildEnv.override {
|
||||
penv = pkgs.python3-erpnext.buildEnv.override {
|
||||
extraLibs = [
|
||||
pkgs.python3.pkgs.frappe
|
||||
pkgs.python3.pkgs.erpnext
|
||||
pkgs.python3.pkgs.bench
|
||||
pkgs.python3-erpnext.pkgs.frappe
|
||||
pkgs.python3-erpnext.pkgs.erpnext
|
||||
pkgs.python3-erpnext.pkgs.bench
|
||||
];
|
||||
};
|
||||
in {
|
||||
PYTHONPATH = "${penv}/${pkgs.python3.sitePackages}/";
|
||||
};
|
||||
|
||||
#confinement = {
|
||||
# enable = true;
|
||||
# packages = [ ];
|
||||
#};
|
||||
serviceConfig = {
|
||||
#User = "erpnext";
|
||||
#NoNewPrivileges = true;
|
||||
Type = "simple";
|
||||
BindReadOnlyPaths = [
|
||||
"${pkgs.frappe-app}/share/apps/frappe:/frappe-bench/apps/frappe"
|
||||
"${pkgs.erpnext-app}/share/apps/erpnext:/frappe-bench/apps/erpnext"
|
||||
"${pkgs.frappe-erpnext-assets}/share/sites/assets:/frappe-bench/sites/assets"
|
||||
# "${penv}:/frappe-bench/env"
|
||||
];
|
||||
ExecStartPre = pkgs.writeScript "erpnext-server.${name}-init" ''
|
||||
#!/bin/sh
|
||||
mkdir -p ${server.workDir}/sites
|
||||
chown ${user}:${group} ${server.workDir}
|
||||
|
||||
cat > ${server.workDir}/sites/apps.txt <<EOF
|
||||
appsFile = pkgs.writeText "erpnext-apps.txt" ''
|
||||
frappe
|
||||
erpnext
|
||||
EOF
|
||||
'';
|
||||
|
||||
cat > ${server.workDir}/sites/common_site_config.json <<EOF
|
||||
# In a module, this could be provided by a use as a file as it could
|
||||
# contain secrets and we don't want this in the nix-store. But here it
|
||||
# is OK.
|
||||
commonSiteConfig = pkgs.writeText "erpnext-common_site_config.json" ''
|
||||
{
|
||||
"db_host": "localhost",
|
||||
"db_port": 3306,
|
||||
|
@ -134,32 +145,53 @@ with lib;
|
|||
"redis_cache": "redis://localhost:6379?db=0",
|
||||
"redis_queue": "redis://localhost:6379?db=1",
|
||||
"redis_socketio": "redis://localhost:6379?db=2",
|
||||
"socketio_port": 12311
|
||||
"socketio_port": 3000
|
||||
}
|
||||
EOF
|
||||
cd "${server.workDir}/sites"
|
||||
'';
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "mysql.service" "redis.service" "redis-socketio.service" ];
|
||||
description = "ERPNext";
|
||||
confinement = {
|
||||
enable = true;
|
||||
packages = [ pkgs.mariadb-client pkgs.nodejs penv ];
|
||||
};
|
||||
script = ''
|
||||
export PYTHON_PATH=${penv}/${pkgs.python3-erpnext.sitePackages}
|
||||
export PATH="${pkgs.mariadb-client}/bin:${pkgs.nodejs}/bin:${penv}/bin:$PATH"
|
||||
|
||||
cat /etc/hosts
|
||||
${pkgs.nettools}/bin/netstat -nptel
|
||||
|
||||
# Upstream initializes the DB with this command
|
||||
# TODO: Make this idempotent
|
||||
cd /var/lib/erpnext/bench/sites
|
||||
bench new-site localhost --mariadb-root-password password --admin-password admin
|
||||
bench --site localhost install-app erpnext
|
||||
node $tmp/apps/frappe/socketio.js &
|
||||
'';
|
||||
ExecStart = ''
|
||||
${pkgs.python3Packages.gunicorn}/bin/gunicorn frappe.app:application --name ${name} \
|
||||
--chdir="${server.workDir}/sites" \
|
||||
--user ${user} \
|
||||
--group ${group} \
|
||||
--bind=${server.bind} \
|
||||
--pid ${server.workDir}/gunicorn-${name}.pid \
|
||||
--threads=4 \
|
||||
--workers=2 \
|
||||
--worker-class=gthread \
|
||||
--worker-tmp-dir=/dev/shm \
|
||||
--timeout=120 \
|
||||
--preload
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
# TODO: Run these as systemd units
|
||||
node /var/lib/erpnext/bench/apps/frappe/socketio.js &
|
||||
gunicorn --chdir="/var/lib/erpnext/bench/sites" --bind=0.0.0.0:9090 --threads=4 --workers=2 --worker-class=gthread --worker-tmp-dir=/dev/shm --timeout=120 --preload frappe.app:application
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "erpnext";
|
||||
NoNewPrivileges = true;
|
||||
Type = "simple";
|
||||
BindReadOnlyPaths = [
|
||||
"/etc/hosts:/etc/hosts"
|
||||
"${pkgs.frappe-app}/share/apps/frappe:/var/lib/erpnext/bench/apps/frappe"
|
||||
"${pkgs.erpnext-app}/share/apps/erpnext:/var/lib/erpnext/bench/apps/erpnext"
|
||||
"${pkgs.frappe-erpnext-assets}/share/sites/assets:/var/lib/erpnext/bench/sites/assets"
|
||||
"${appsFile}:/var/lib/erpnext/bench/sites/apps.txt"
|
||||
"${commonSiteConfig}:/var/lib/erpnext/bench/sites/common_site_config.json"
|
||||
"${penv}:/var/lib/erpnext/bench/env"
|
||||
];
|
||||
BindPaths = [
|
||||
"/var/lib/erpnext:/var/lib/erpnext"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue