diff --git a/README.md b/README.md index de48121..1ea447c 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,12 @@ nix build '.#nixosConfigurations.test-vm.config.system.build.vm' ./result/bin/run-nixos-vm # In another terminal, get the ed25519 SSH hostkey, then stop the VM with CTRL-c -ssh-keyscan -p 2222 127.0.0.1 | grep ssh-ed25519 -... -[127.0.0.1]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdCOs16W731ftPDqO+X6RZVSdwVVNw2Xfmcpk5pzbeO + +SSH_HOST_KEY=$(ssh-keyscan -p 2222 127.0.0.1 | grep '\[127.0.0.1\]:2222 ssh-ed25519' | awk '{print $2 " " $3}') # Edit secrets.nix and add the SSH hostkey to machine 'test-vm', starting with 'ssh-ed25519 ...' sed --in-place \ - 's|test-vm = .*|test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdCOs16W731ftPDqO+X6RZVSdwVVNw2Xfmcpk5pzbeO host@test-vm";|' \ + "s|test-vm = .*|test-vm = \"$SSH_HOST_KEY host@test-vm\";|" \ secrets/secrets.nix # Rekey the secrets with agenix diff --git a/flake.lock b/flake.lock index ce6440f..8a15ee8 100644 --- a/flake.lock +++ b/flake.lock @@ -6,14 +6,15 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1689334118, - "narHash": "sha256-djk5AZv1yU84xlKFaVHqFWvH73U7kIRstXwUAnDJPsk=", + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "owner": "ryantm", "repo": "agenix", - "rev": "0d8c5325fc81daf00532e3e26c6752f7bcde1143", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", "type": "github" }, "original": { @@ -30,11 +31,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -54,11 +55,11 @@ ] }, "locked": { - "lastModified": 1688380630, - "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=", + "lastModified": 1701787589, + "narHash": "sha256-ce+oQR4Zq9VOsLoh9bZT8Ip9PaMLcjjBUHVPzW5d7Cw=", "owner": "numtide", "repo": "devshell", - "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205", + "rev": "44ddedcbcfc2d52a76b64fb6122f209881bd3e1e", "type": "github" }, "original": { @@ -75,11 +76,11 @@ ] }, "locked": { - "lastModified": 1682203081, - "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -90,16 +91,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1689503327, - "narHash": "sha256-qVwzYLA8oT2oWNDXO0A3bZHOhoPOihIB9T677+Hor1E=", + "lastModified": 1704295289, + "narHash": "sha256-9WZDRfpMqCYL6g/HNWVvXF0hxdaAgwgIGeLYiOhmes8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f64b9738da8e86195766147e9752c67fccee006c", + "rev": "b0b2c5445c64191fd8d0b31f2b1a34e45a64547d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -109,7 +110,7 @@ "agenix": "agenix", "devshell": "devshell", "nixpkgs": "nixpkgs", - "systems": "systems" + "systems": "systems_2" } }, "systems": { @@ -126,6 +127,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index d5eeb9d..aca39f7 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Dev Setup"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; systems.url = "github:nix-systems/default"; @@ -26,6 +26,10 @@ self.overlays.pythonOverlay agenix.overlays.default devshell.overlays.default + # https://github.com/NixOS/nixpkgs/issues/265675#issuecomment-1846591842 + (final: prev: { + pipewire = prev.pipewire.override { ffadoSupport = false; }; + }) ]; } ); @@ -44,6 +48,7 @@ # Add additional packages you'd like to be available in your devshell # PATH here devshell.packages = with pkgs; [ + jq ]; commands = [ { diff --git a/modules/erpnext.nix b/modules/erpnext.nix index ced0bba..1a347b1 100644 --- a/modules/erpnext.nix +++ b/modules/erpnext.nix @@ -114,12 +114,6 @@ in }; }; - socketIoPort = mkOption { - type = types.port; - default = 9000; - description = lib.mdDoc "Local socket.io HTTP server port."; - }; - webserver = { bindAddress = mkOption { type = types.str; @@ -199,10 +193,8 @@ in db_port = "${toString cfg.database.port}"; db_name = "${cfg.database.name}"; db_password = "#NIXOS_ERPNEXT_DB_USER_PASSWORD#"; - redis_cache = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=1"; - redis_queue = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=2"; - redis_socketio = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=0"; - socketio_port = "${toString cfg.socketIoPort}"; + redis_cache = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=0"; + redis_queue = "redis://${cfg.redis.host}:${toString cfg.redis.port}?db=1"; }; commonSiteConfigFile = pkgs.writeText "erpnext-common_site_config.json" (builtins.toJSON commonSiteConfig); @@ -286,23 +278,6 @@ in "d '${cfg.benchDir}/sites' 0750 ${cfg.user} ${config.users.users.${cfg.user}.group}" ]; - systemd.services.erpnext-nodejs-socketio = { - enable = true; - after = [ "erpnext-web.service" ]; - wantedBy = [ "erpnext-web.service" ]; - partOf = [ "erpnext-web.service" ]; - description = "ERPNext Node.js HTTP server for socket.io "; - confinement = { - enable = true; - packages = [ pkgs.nodejs ]; - }; - serviceConfig = defaultServiceConfig // { - ExecStart = '' - ${pkgs.nodejs}/bin/node ${cfg.benchDir}/apps/frappe/socketio.js - ''; - }; - }; - services.caddy.enable = mkIf (cfg.caddy != null) true; services.caddy.virtualHosts."${cfg.domain}" = mkIf (cfg.caddy != null) (lib.mkMerge [ cfg.caddy @@ -312,12 +287,6 @@ in root * ${pkgs.frappe-erpnext-assets}/share/sites file_server } - handle /socket.io/* { - reverse_proxy :${toString cfg.socketIoPort} { - header_up X-Frappe-Site-Name "${cfg.domain}" - header_up Origin "{scheme}://${cfg.domain}" - } - } reverse_proxy :${toString cfg.webserver.bindPort} ''; @@ -330,7 +299,6 @@ in after = [ "mysql.service" "redis.service" - "redis-socketio.service" "systemd-tmpfiles-setup.service" ]; description = "ERPNext web server"; @@ -347,6 +315,9 @@ in pkgs.replace-secret ]; }; + path = [ + pkgs.mariadb-client + ]; environment = { PYTHON_PATH = "${penv}/${pkgs.python3.sitePackages}"; }; @@ -387,7 +358,7 @@ in --chdir="${cfg.benchDir}/sites" \ --bind=${cfg.webserver.bindAddress}:${toString cfg.webserver.bindPort} \ --threads=4 \ - --workers=3 \ + --workers=2 \ --worker-class=gthread \ --worker-tmp-dir=/dev/shm \ --timeout=120 \ @@ -412,22 +383,6 @@ in ''; }; }; - systemd.services.erpnext-queue-default = { - enable = true; - after = [ "erpnext-web.service" ]; - wantedBy = [ "erpnext-web.service" ]; - partOf = [ "erpnext-web.service" ]; - description = "ERPNext default queue server"; - confinement = { - enable = true; - packages = [ penv ]; - }; - serviceConfig = defaultServiceConfig // { - ExecStart = '' - ${penv}/bin/bench worker --queue default - ''; - }; - }; systemd.services.erpnext-queue-long = { enable = true; after = [ "erpnext-web.service" ]; diff --git a/python-overlay.nix b/python-overlay.nix index 4708ae2..f521d65 100644 --- a/python-overlay.nix +++ b/python-overlay.nix @@ -1,4 +1,7 @@ final: prev: { + # Without this, we may inadvertedly end up with old versions (if we happen to + # overlay a dependency for other packages) + python3Packages = final.python3.pkgs; python3 = prev.python3.override { packageOverrides = pyFinal: pyPrev: { bench = pyFinal.callPackage ./python/bench.nix {}; @@ -9,39 +12,31 @@ final: prev: { honcho = pyFinal.callPackage ./python/honcho.nix {}; # erpnext dependencies - gocardless-pro = pyFinal.callPackage ./python/gocardless-pro.nix {}; - python-youtube = pyFinal.callPackage ./python/python-youtube.nix {}; - redisearch = pyFinal.callPackage ./python/redisearch.nix {}; - taxjar = pyFinal.callPackage ./python/taxjar.nix {}; + barcodenumber = pyFinal.callPackage ./python/barcodenumber.nix {}; # frappe dependencies email-reply-parser = pyFinal.callPackage ./python/email-reply-parser.nix {}; - git-url-parse = pyFinal.callPackage ./python/git-url-parse.nix {}; maxminddb-geolite2 = pyFinal.callPackage ./python/maxminddb-geolite2.nix {}; - posthog = pyFinal.callPackage ./python/posthog.nix {}; - premailer = pyFinal.callPackage ./python/premailer.nix {}; psycopg2-binary = pyFinal.callPackage ./python/psycopg2-binary.nix {}; - pypdf2 = pyFinal.callPackage ./python/pypdf2.nix {}; - pypika = pyFinal.callPackage ./python/pypika.nix {}; - rauth = pyFinal.callPackage ./python/rauth.nix {}; traceback-with-variables = pyFinal.callPackage ./python/traceback-with-variables.nix {}; + pydantic = pyFinal.callPackage ./python/pydantic.nix {}; - # indirect dependencies - # taxjar - jsonobject = pyFinal.callPackage ./python/jsonobject.nix {}; - # redisearch - rejson = pyFinal.callPackage ./python/rejson.nix {}; - - - - bleach = pyPrev.bleach.overridePythonAttrs (oldAttrs: (rec { - version = "3.3.1"; + versioningit = pyPrev.versioningit.overridePythonAttrs (oldAttrs: (rec { + version = "2.2.1"; src = pyPrev.fetchPypi { inherit version; inherit (oldAttrs) pname; - sha256 = "sha256-MGSDpal5VHQWCtV/zj3dG1BVHpge7Y4VpYLTTO8oqvo="; + hash = "sha256-DlgkLXq9phrmNZalSUrp7WMayF2Ls8yOF24yU8pLy7U="; }; })); + + fastapi = pyPrev.fastapi.overridePythonAttrs (oldAttrs: (rec { + propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ + pyPrev.pydantic-settings + pyPrev.pydantic-extra-types + ]; + })); + plaid-python = pyPrev.plaid-python.overridePythonAttrs (oldAttrs: (rec { version = "7.2.1"; src = pyPrev.fetchPypi { @@ -54,16 +49,6 @@ final: prev: { # Integration tests require API keys and internet access checkPhase = "pyPrev.test -rxs ./tests/unit"; })); - tweepy = pyPrev.tweepy.overridePythonAttrs (oldAttrs: (rec { - version = "3.10.0"; - src = pyPrev.fetchPypi { - inherit version; - inherit (oldAttrs) pname; - sha256 = "sha256-duaVS4BspHDdqHf1fbh5L/8GoL66DtQ+/DgFdx458Go="; - }; - doCheck = false; - pythonImportsCheck = []; - })); }; }; } diff --git a/python/barcodenumber.nix b/python/barcodenumber.nix new file mode 100644 index 0000000..1dc0d58 --- /dev/null +++ b/python/barcodenumber.nix @@ -0,0 +1,15 @@ +{ + buildPythonPackage, + fetchPypi, +}: +buildPythonPackage rec { + pname = "barcodenumber"; + version = "0.2.1"; + src = fetchPypi { + inherit pname version; + sha256 = "sha256-nW8+m32i42kLR4oC4lrKoBkFYgKHgpZPGAFNJvtLMhc="; + }; + propagatedBuildInputs = [ ]; + nativeBuildInputs = [ ]; + doCheck = false; +} diff --git a/python/erpnext.nix b/python/erpnext.nix index 27f665a..093430d 100644 --- a/python/erpnext.nix +++ b/python/erpnext.nix @@ -2,21 +2,20 @@ , buildPythonPackage , fetchFromGitHub , pythonRelaxDepsHook +, flit-core # Core dependencies , pycountry -, python-stdnum , unidecode -, redisearch +, barcodenumber , rapidfuzz +, holidays # Integration dependencies -, gocardless-pro , googlemaps , plaid-python , python-youtube -, taxjar -, tweepy +, pypng }: let pinData = import ../srcs/pin.nix; @@ -34,9 +33,9 @@ buildPythonPackage rec { sha256 = erpnextSrcHash; }; - format = "flit"; + format = "pyproject"; - nativeBuildInputs = [ pythonRelaxDepsHook ]; + nativeBuildInputs = [ pythonRelaxDepsHook flit-core ]; pythonRelaxDeps = [ "pycountry" "rapidfuzz" @@ -46,17 +45,16 @@ buildPythonPackage rec { propagatedBuildInputs = [ # Core dependencies pycountry - python-stdnum unidecode - redisearch + barcodenumber rapidfuzz + holidays # Integration dependencies - gocardless-pro googlemaps plaid-python python-youtube - taxjar - tweepy + # used for QR code generation + pypng ]; } diff --git a/python/frappe.nix b/python/frappe.nix index d8a2ffc..a36e516 100644 --- a/python/frappe.nix +++ b/python/frappe.nix @@ -2,17 +2,19 @@ , buildPythonPackage , pythonRelaxDepsHook , fetchFromGitHub +, flit-core # Core dependencies , babel , click , filelock +, filetype , gitpython , jinja2 , pillow , pyjwt , pymysql -, pypdf2 +, pypdf , pypika , pyqrcode , pyyaml @@ -29,7 +31,6 @@ , cryptography , email-reply-parser , git-url-parse -, gitdb , gunicorn , html5lib , ipython @@ -46,12 +47,9 @@ , premailer , psutil , psycopg2-binary -, pyasn1 -, pycountry -, pycryptodome +, pydantic , pyopenssl , pyotp -, pypng , python-dateutil , pytz , rauth @@ -62,11 +60,11 @@ , rq , rsa , semantic-version +, sentry-sdk , sqlparse , tenacity , terminaltables , traceback-with-variables -, urllib3 , xlrd , zxcvbn , markdownify @@ -75,7 +73,6 @@ , boto3 , dropbox , google-api-python-client -, google-auth-httplib2 , google-auth-oauthlib , google-auth , posthog @@ -96,51 +93,21 @@ buildPythonPackage rec { sha256 = frappeSrcHash; }; - format = "flit"; + format = "pyproject"; - nativeBuildInputs = [ pythonRelaxDepsHook ]; - pythonRelaxDeps = [ - "Babel" - "beautifulsoup4" - "boto3" - "cairocffi" - "Click" - "croniter" - "cryptography" - "filelock" - "google-api-python-client" - "google-auth" - "hiredis" - "ipython" - "openpyxl" - "phonenumbers" - "Pillow" - "pyasn1" - "pycountry" - "pycryptodome" - "PyJWT" - "PyMySQL" - "pyOpenSSL" - "pyotp" - "pypng" - "pytz" - "redis" - "requests" - "rq" - "tenacity" - "WeasyPrint" - ]; + nativeBuildInputs = [ pythonRelaxDepsHook flit-core ]; propagatedBuildInputs = [ babel click filelock + filetype gitpython jinja2 pillow pyjwt pymysql - pypdf2 + pypdf pypika pyqrcode pyyaml @@ -157,7 +124,6 @@ buildPythonPackage rec { cryptography email-reply-parser git-url-parse - gitdb gunicorn html5lib ipython @@ -174,12 +140,9 @@ buildPythonPackage rec { premailer psutil psycopg2-binary - pyasn1 - pycountry - pycryptodome + pydantic pyopenssl pyotp - pypng python-dateutil pytz rauth @@ -190,11 +153,11 @@ buildPythonPackage rec { rq rsa semantic-version + sentry-sdk sqlparse tenacity terminaltables traceback-with-variables - urllib3 xlrd zxcvbn markdownify @@ -203,7 +166,6 @@ buildPythonPackage rec { boto3 dropbox google-api-python-client - google-auth-httplib2 google-auth-oauthlib google-auth posthog diff --git a/python/git-url-parse.nix b/python/git-url-parse.nix deleted file mode 100644 index 8a50f97..0000000 --- a/python/git-url-parse.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, pbr -}: -buildPythonPackage rec { - pname = "git-url-parse"; - version = "1.2.2"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-e19OOusdaTr+7mejvUrAY/cgbC6ORuVZ8NoNqYRF8Rc="; - }; - propagatedBuildInputs = [pbr]; - doCheck = false; -} diff --git a/python/gocardless-pro.nix b/python/gocardless-pro.nix deleted file mode 100644 index 77907d0..0000000 --- a/python/gocardless-pro.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, - requests, - six -}: -buildPythonPackage rec { - pname = "gocardless-pro"; - version = "1.22.0"; - src = fetchPypi { - pname = "gocardless_pro"; - inherit version; - sha256 = "sha256-i4gBeJvl/aCujeXGvJG+z1Wp2aczKg8clnfMyK8fz/w="; - }; - propagatedBuildInputs = [ - requests - six - ]; -} diff --git a/python/jsonobject.nix b/python/jsonobject.nix deleted file mode 100644 index 8751792..0000000 --- a/python/jsonobject.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, - cython, - six -}: -buildPythonPackage rec { - pname = "jsonobject"; - version = "2.1.0"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-UpijeVA+Q+/Aq0AC10LA/LuhqWKO3azE6lR7cThRRGY="; - }; - propagatedBuildInputs = [ six ]; - nativeBuildInputs = [ cython ]; - doCheck = false; -} diff --git a/python/posthog.nix b/python/posthog.nix deleted file mode 100644 index a746f12..0000000 --- a/python/posthog.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, backoff -, monotonic -, python-dateutil -, requests -}: -buildPythonPackage rec { - pname = "posthog"; - version = "3.0.1"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-V9J5H/V1LOVroPm7iHb688qSCPHCxs6utaJQTDRJN2c="; - }; - propagatedBuildInputs = [ - backoff - monotonic - python-dateutil - requests - ]; - doCheck = false; -} diff --git a/python/premailer.nix b/python/premailer.nix deleted file mode 100644 index 0489bc0..0000000 --- a/python/premailer.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, cssselect -, cssutils -, lxml -, mock -, nose -, requests -, cachetools -}: -buildPythonPackage rec { - pname = "premailer"; - version = "3.8.0"; - - buildInputs = [ mock nose ]; - propagatedBuildInputs = [ cachetools cssselect cssutils lxml requests ]; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-TU4VckTO6UWgDBT+qp5qOusvryYj/2qLoIr99QX6DyU="; - }; -} diff --git a/python/pydantic.nix b/python/pydantic.nix new file mode 100644 index 0000000..1370f58 --- /dev/null +++ b/python/pydantic.nix @@ -0,0 +1,85 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, pythonOlder +, hatchling +, hatch-fancy-pypi-readme +, libxcrypt +, annotated-types +, pydantic-core +, typing-extensions +, email-validator +, dirty-equals +, faker +, pytestCheckHook +, pytest-mock +}: + +buildPythonPackage rec { + pname = "pydantic"; + version = "2.3.0"; + pyproject = true; + + disabled = pythonOlder "3.7"; + + src = fetchFromGitHub { + owner = "pydantic"; + repo = "pydantic"; + rev = "refs/tags/v${version}"; + hash = "sha256-toqrWg8bYzc3UmvG/YmXawfmT8nqaA9fxy24k1cdj+M="; + }; + + buildInputs = lib.optionals (pythonOlder "3.9") [ + libxcrypt + ]; + + nativeBuildInputs = [ + hatch-fancy-pypi-readme + hatchling + ]; + + propagatedBuildInputs = [ + annotated-types + pydantic-core + typing-extensions + ]; + + passthru.optional-dependencies = { + email = [ + email-validator + ]; + }; + + nativeCheckInputs = [ + dirty-equals + faker + pytest-mock + pytestCheckHook + ] ++ lib.flatten (lib.attrValues passthru.optional-dependencies); + + preCheck = '' + export HOME=$(mktemp -d) + substituteInPlace pyproject.toml \ + --replace "'--benchmark-columns', 'min,mean,stddev,outliers,rounds,iterations'," "" \ + --replace "'--benchmark-group-by', 'group'," "" \ + --replace "'--benchmark-warmup', 'on'," "" \ + --replace "'--benchmark-disable'," "" + ''; + + disabledTestPaths = [ + "tests/benchmarks" + + # avoid cyclic dependency + "tests/test_docs.py" + ]; + + pythonImportsCheck = [ "pydantic" ]; + + meta = with lib; { + description = "Data validation and settings management using Python type hinting"; + homepage = "https://github.com/pydantic/pydantic"; + changelog = "https://github.com/pydantic/pydantic/blob/v${version}/HISTORY.md"; + license = licenses.mit; + maintainers = with maintainers; [ wd15 ]; + }; +} diff --git a/python/pypdf2.nix b/python/pypdf2.nix deleted file mode 100644 index 0a318a8..0000000 --- a/python/pypdf2.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, -}: -buildPythonPackage rec { - pname = "PyPDF2"; - version = "2.1.1"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-Vy8TFLZDMGed1vtwN4H+M9Dyi1n7LP661efrntypJzg="; - }; - propagatedBuildInputs = []; -} diff --git a/python/pypika.nix b/python/pypika.nix deleted file mode 100644 index da81dc3..0000000 --- a/python/pypika.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, -}: -buildPythonPackage rec { - pname = "pypika"; - version = "0.48.9"; - src = fetchPypi { - pname = "PyPika"; - inherit version; - sha256 = "sha256-g4g2phdH58g4DNG3/2OGlLenM1NF0PVZsEss2DKtU3g="; - }; - propagatedBuildInputs = []; - doCheck = false; -} diff --git a/python/python-youtube.nix b/python/python-youtube.nix deleted file mode 100644 index 08940f7..0000000 --- a/python/python-youtube.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, - - requests, - dataclasses-json, - isodate, - requests-oauthlib -}: -buildPythonPackage rec { - pname = "python-youtube"; - version = "0.8.0"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-Ud0Y+lmsK88SNh0uIjhOHgCgCG+SBv/FQkt3yc63tlo="; - }; - - # PyPI doesn't have test data in the source dist - doCheck = false; - - propagatedBuildInputs = [ - requests - dataclasses-json - isodate - requests-oauthlib - ]; -} diff --git a/python/rauth.nix b/python/rauth.nix deleted file mode 100644 index fb2b7f1..0000000 --- a/python/rauth.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, requests -}: -buildPythonPackage rec { - pname = "rauth"; - version = "0.7.3"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-UkzbwcKFYOrPyanUDFlSXrjQD98H+62GEH6iRBFHewo="; - }; - propagatedBuildInputs = [requests]; - doCheck = false; -} diff --git a/python/redisearch.nix b/python/redisearch.nix deleted file mode 100644 index 7c0c7a1..0000000 --- a/python/redisearch.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ buildPythonPackage -, fetchPypi -, pythonRelaxDepsHook -, unittestCheckHook -, redis -, rejson -, hiredis -}: -buildPythonPackage rec { - pname = "redisearch"; - version = "2.1.1"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-V1rNWhOhB/8AXUVyoTa1A7Evpb8mr8N70R9qkj8exzw="; - }; - nativeBuildInputs = [ pythonRelaxDepsHook ]; - pythonRelaxDeps = [ - "redis" - ]; - propagatedBuildInputs = [ - redis - rejson - hiredis - ]; - nativeCheckInputs = [ - unittestCheckHook - ]; -} diff --git a/python/rejson.nix b/python/rejson.nix deleted file mode 100644 index 3e72a45..0000000 --- a/python/rejson.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ buildPythonPackage -, pythonRelaxDepsHook -, unittestCheckHook -, fetchPypi -, redis -, six -}: -buildPythonPackage rec { - pname = "rejson"; - version = "0.5.6"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-vs3hNSAAUAi3ls5WyxKOsiUC18addIJv81HNQ79zvJc="; - }; - nativeBuildInputs = [ pythonRelaxDepsHook ]; - pythonRelaxDeps = [ - "redis" - ]; - propagatedBuildInputs = [ - redis - six - ]; - doCheck = false; -} diff --git a/python/taxjar.nix b/python/taxjar.nix deleted file mode 100644 index 611d28b..0000000 --- a/python/taxjar.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - buildPythonPackage, - fetchPypi, - jsonobject, - requests, - mock -}: -buildPythonPackage rec { - pname = "taxjar"; - version = "1.9.2"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-c8lkCLzEmNTuBYLyVNRQq4SLSveDpNKKf6NHxHpg7Ec="; - }; - propagatedBuildInputs = [ - jsonobject - requests - ]; - checkInputs = [ - mock - ]; -} diff --git a/secrets/admin-password.age b/secrets/admin-password.age index 9b4139c..e8e5753 100644 Binary files a/secrets/admin-password.age and b/secrets/admin-password.age differ diff --git a/secrets/database-root-password.age b/secrets/database-root-password.age index 598651a..6254fec 100644 --- a/secrets/database-root-password.age +++ b/secrets/database-root-password.age @@ -1,14 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q J/XqDE9oquq8xyPyMXcYtWVEeIczShbr2WZ6zpXVDFk -qsmZSC59mm8HUG72aqSdaVU2XaNMk5PumaE/r1+5Fzc --> ssh-ed25519 fLYf0Q +zjc/bQDGBgWSd3O2BugQBMx2Iq4UEUG5XauQMqzvmY -9TGVQ02H4Ofdwgju7zbRpfxanAUEbIb44nUZkFESLt4 --> ssh-ed25519 BVsyTA QE7uZCFJjDbhiQqvDgJeJevPqhYSEs6rswLdR/dU/gA -+B37NmGCNFnnDtkLkMbb9mRSvR7/6ohQTRN/VK6HCGE --> ssh-ed25519 BVsyTA QG+2eoqCbQzzQLF8uNX8Oj68SILAeWIUqcK0rtGT8nM -3NUYU+9Bv88r1VNDeZFNMnc3l9lsiWjzsYTczyntRac --> EMr"yt-grease -GNRgoRN98JvtS4Vc1CE1I0RXSwvt5RGiwxwPBVCHtU9NaBNxY7enwQKHN0cRcvku -oiA ---- lAr6xIM5wIjraqiC78485o9Od6N4ky54dCrcVc+ZECE -?bTg5'@v&4\1JZea \ No newline at end of file +-> ssh-ed25519 Wp/X/Q JjeEJchHBwo2fIN05JQaDU5kuiCK2P+t/+vKpXpqzTk +I2CWfsw1rob5uAn0TMec7UW5YgB6+ZOa8XjhW1zTN6k +-> ssh-ed25519 8U1+ng iF25EtydJLTi7ETcI/mnnwGEEgJ2jzB+H1snIlOyIn0 +EYZMaBys1Ib9+9tyDiitoJZcRiYROKalLSw3+IkTYBE +-> ssh-ed25519 oOFZcQ 3rYmvML6iYeP+TryrfY1nuKpMsE3oK3aB2VGLFG+fGM +nhGu7dEr41l2Vc4wsoWj3Iv6prFGbd3L9aTtq0OWYJ4 +-> ssh-ed25519 BVsyTA GuseCoA9Q6j4Rh652hyaHkySE3vuhhmnh00jFrnduy0 +pt54rMN3hAnrgWgEEqWvdNmmv/jJy95uuZc77QIjBzk +-> ssh-ed25519 BVsyTA yKrgTRQhuLevVctFOy8XWtaI6KYwWS70ZzlT97xSAVg +wRrgGa4lH+NPkTqnfUtZRQGni4BRumHir70hQZVAPAA +-> ssh-ed25519 +3V2lQ RqMzBa5WjiE8JbbjF23b32VZZUgiD7R9mHJLTwTCXAQ +dQHjQIIydSjJe6hDJkHTHcM142cJWUHcgqVCfWgbbu8 +--- BsXgkqdDPJP/w8BrFTMxZSQOmmdydlNig/LubpRp1j8 +$KT RQ??l rBh;. \ No newline at end of file diff --git a/secrets/database-user-password.age b/secrets/database-user-password.age index 079a004..3cbef30 100644 --- a/secrets/database-user-password.age +++ b/secrets/database-user-password.age @@ -1,14 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q XnUGBSLYyTTUjTiqQg4zZGeVvMqPocTk7uZRBhPguGk -TFf2vCef46WGwSSL9eQoWJw74fiUfymxaUxNf+Ty32Y --> ssh-ed25519 fLYf0Q rtQ/LRlEPw+V/71ptxLfhbjjKUKD3M/FitHxuIfb61I -iWDj8TXCJOf73MUcHZWhnhQjnuKqykxQ8UYYzeFs7FA --> ssh-ed25519 BVsyTA /5BemxhsClGZQAAF4apL2g37qjHjJ0VjPC1352NniFk -LCKyRK+JbZW1YFpZknB+HVCVjS2xxPwsbitJ3pztYO0 --> ssh-ed25519 BVsyTA r0UHDzJx01z6u5tC+KWvp/TrpvFaTAP6Nn2z9vv7kVU -/L+0zAITksGzHkdGneaEWgUGHcBfXUROCS8fQh1fAPg --> [>kC]3-grease -ZAw4x/KwujI8DlxyGsgjk8yu ---- LA8ePveqZ7SKE7WsfrX/dD37bU4VRgivUfSRDOpc14A -p>YxnP׺D>Fv! -~ᨀ:w \ No newline at end of file +-> ssh-ed25519 Wp/X/Q AYajVfjNpeIzQa6gJS4WQ0FxeiG+E6ubvnMpUuhqRBE +iXBt2QFOSb0maN2/S6GpfmXKMFFbL+PqA9uIcB2CheY +-> ssh-ed25519 8U1+ng 5zraJOoaFPm11JUBcFlYvE4KwCMECg8SS1RcjRtQ90s +wp/PNpwftnpmU8OVHKn7RWlVI2gUJQAWje0L7WF8POY +-> ssh-ed25519 oOFZcQ H4DlziBiXcE54Dnuk3MfiNFF6iOE5eQUVL4npUjgfEM +BYK5wXV4evqtUanzJtAgTzHjQUkv6BMNDYhqhEN+LAE +-> ssh-ed25519 BVsyTA dyZ/zUHpYNxbo3GmtHXR4XXzV2gVdaku1chxE028JTA +1VRZgmsRV1CjQCVNJhDnOYOWl1V4OxCd/mNY+QhNbIw +-> ssh-ed25519 BVsyTA h3vgd5Gm49NW8kBYZ6cCW8qjSZ8thUpvNzoRGArnK0I +fL9vlAYUFW7IRhyerc7VpYfK+4ZQvMAs+rb1KHvi0Nw +-> ssh-ed25519 +3V2lQ V3SNRpH/u017gfpyrXRavZvHEeg7UrfmVgtacFNNwxE +Hk34+oa4HAWpCyKZzwq1TTkcivfKnoabgoPI0YVujiE +--- DYEoKE9rQw/OFgEWQq+DK9seMqLovJ4JCXb8a8pBGWE +MB:9T\'y"To \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e514c6b..78b7d7d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,13 +2,15 @@ let # set ssh public keys here for your system and user machines = { dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms"; - test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7EsR4wT+bOaC/rafTZUqsR7z9SFM57Oabv+I0ar454 host@test-vm"; + ryzensun = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/l7MfEmt510BMeNjuXNPmZ0brcQidvrrpcea+qJMjX host@ryzensun"; + test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEM2z37ihd0zy9146EFDsvRhtTgBSPiB9OzhPgjmyuqX host@test-vm"; }; users = { - teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; + teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; + teutat3s-ryzensun = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAsRdVYK0077cdtavmrRr6akrI68T1EDY4Hfv4+W86J teutat3s@ryzensun"; root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf root@test-vm"; }; - allKeys = [machines.dumpyourvms machines.test-vm users.root users.teutat3s]; + allKeys = [machines.dumpyourvms machines.ryzensun machines.test-vm users.root users.teutat3s-dumpyourvms users.teutat3s-ryzensun]; in { "admin-password.age".publicKeys = allKeys; "database-root-password.age".publicKeys = allKeys; diff --git a/srcs/pin.nix b/srcs/pin.nix index cdfe786..dbb13ec 100644 --- a/srcs/pin.nix +++ b/srcs/pin.nix @@ -1,12 +1,12 @@ { - benchVersion = "5.16.4"; - erpnextVersion = "14.30.6"; - frappeVersion = "14.40.3"; + benchVersion = "5.19.0"; + erpnextVersion = "15.9.1"; + frappeVersion = "15.8.1"; hashes = { - "benchSrcHash" = "nIEFTCiyjfkCtpeeoQY+9zfoHQXZ5NOgXgLaz5ki150="; - "erpnextSrcHash" = "E+1vW73a3dp0YIVM0Ybt55DEi/7kDIKB4xTac+D49l4="; - "erpnextYarnHash" = "0rjqlw0lff1wwbzl62g8nnjlhz3km2km3vqj2dccawpi4q2kh6jn"; - "frappeSrcHash" = "byzPj4kJRgU1Fs5wyr9FZU2NyoxX0qePNY/KicEvGcY="; - "frappeYarnHash" = "0az1kdqcwmpzryrdg6ag4q5pqxy67vcns654d888l9307x9lq5rw"; + "benchSrcHash" = "sha256-y8nx4vFVQggwGv2MWQ88WczgVbPxPybZV38FF5u5aWI="; + "erpnextSrcHash" = "sha256-nkXN0PTcWt1nSy3eRdBF2h0WMdAC79qWzaj9kXRsG2I="; + "erpnextYarnHash" = "1farnqrfnzshpbpx4nyarw13g8m3389ix3hrc4661xxm887lz5fv"; + "frappeSrcHash" = "sha256-FDUUNbULPmMY6dDgbMHrxXD8pK1AP+T7kG7mY9MmMDg="; + "frappeYarnHash" = "0rj2v69siagwjz632hyaii5ni24fp434cznaxpi8978fq07qx6l9"; }; } diff --git a/srcs/update.sh b/srcs/update.sh index 4b3d313..0dceaba 100755 --- a/srcs/update.sh +++ b/srcs/update.sh @@ -1,5 +1,5 @@ #!/usr/bin/env nix-shell -#!nix-shell -i bash -p nix wget prefetch-yarn-deps nix-prefetch-github +#!nix-shell -i bash -p nix wget prefetch-yarn-deps nix-prefetch-github jq if [ "$#" -gt 3 ] || [[ "$1" == -* ]]; then echo "Regenerates packaging data for the ERPNext packages." @@ -14,13 +14,13 @@ frappe_version="$3" set -euo pipefail if [ -z "$bench_version" ]; then - bench_version="$(wget -q -O- "https://api.github.com/repos/frappe/bench/releases?per_page=1" | jq -r '.[0].tag_name')" + bench_version="$(wget --quiet --output-document=- "https://api.github.com/repos/frappe/bench/releases?per_page=1" | jq --raw-output '.[0].tag_name')" fi if [ -z "$erpnext_version" ]; then - erpnext_version="$(wget -q -O- "https://api.github.com/repos/frappe/erpnext/releases?per_page=1" | jq -r '.[0].tag_name')" + erpnext_version="$(wget --quiet --output-document=- "https://api.github.com/repos/frappe/erpnext/releases?per_page=1" | jq --raw-output '.[0].tag_name')" fi if [ -z "$frappe_version" ]; then - frappe_version="$(wget -q -O- "https://api.github.com/repos/frappe/frappe/releases?per_page=1" | jq -r '.[0].tag_name')" + frappe_version="$(wget --quiet --output-document=- "https://api.github.com/repos/frappe/frappe/releases?per_page=1" | jq --raw-output '.[0].tag_name')" fi # strip leading "v" @@ -29,32 +29,38 @@ erpnext_version="${erpnext_version#v}" frappe_version="${frappe_version#v}" # Bench -bench_src_hash=$(nix-prefetch-github frappe bench --rev "v${bench_version}" | jq -r .sha256) +echo "Prefetching bench source version $bench_version from GitHub ..." +bench_src_hash=$(nix-prefetch-github frappe bench --rev "v${bench_version}" | jq --raw-output .hash) # Erpnext +echo "Prefetching erpnext source version $erpnext_version from GitHub ..." erpnext_src="https://raw.githubusercontent.com/frappe/erpnext/v$erpnext_version" -erpnext_src_hash="$(nix-prefetch-github frappe erpnext --rev "v${erpnext_version}" | jq -r .sha256)" +erpnext_src_hash="$(nix-prefetch-github frappe erpnext --rev "v${erpnext_version}" | jq --raw-output .hash)" -erpnext_tmpdir=$(mktemp -d) +erpnext_tmpdir=$(mktemp --directory) trap 'rm -rf "$erpnext_tmpdir"' EXIT -pushd "$erpnext_tmpdir" -wget -q "$erpnext_src/yarn.lock" +pushd "$erpnext_tmpdir" &> /dev/null +wget --quiet "$erpnext_src/yarn.lock" +echo "Prefetching erpnext yarn dependencies ..." erpnext_yarn_hash=$(prefetch-yarn-deps yarn.lock) -popd +popd &> /dev/null # Frappe +echo "Prefetching frappe source version $frappe_version from GitHub ..." frappe_src="https://raw.githubusercontent.com/frappe/frappe/v$frappe_version" -frappe_src_hash="$(nix-prefetch-github frappe frappe --rev "v${frappe_version}" | jq -r .sha256)" +frappe_src_hash="$(nix-prefetch-github frappe frappe --rev "v${frappe_version}" | jq --raw-output .hash)" -frappe_tmpdir=$(mktemp -d) +frappe_tmpdir=$(mktemp --directory) trap 'rm -rf "$frappe_tmpdir"' EXIT -pushd "$frappe_tmpdir" -wget -q "$frappe_src/yarn.lock" +pushd "$frappe_tmpdir" &> /dev/null +wget --quiet "$frappe_src/yarn.lock" +echo "Prefetching frappe yarn dependencies ..." frappe_yarn_hash=$(prefetch-yarn-deps yarn.lock) -popd +popd &> /dev/null +echo "Saving updated versions and hashes to pin.nix file ..." cat > pin.nix << EOF { benchVersion = "$bench_version"; diff --git a/test-vm/configuration.nix b/test-vm/configuration.nix index da35146..a33e397 100644 --- a/test-vm/configuration.nix +++ b/test-vm/configuration.nix @@ -9,7 +9,7 @@ config = { services.qemuGuest.enable = true; - system.stateVersion = "23.05"; + system.stateVersion = "23.11"; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; @@ -50,6 +50,7 @@ users.extraUsers.root.password = ""; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAsRdVYK0077cdtavmrRr6akrI68T1EDY4Hfv4+W86J teutat3s@ryzensun" ]; users.mutableUsers = false; networking.firewall.enable = false; diff --git a/update.sh b/update.sh deleted file mode 100644 index 4a84c94..0000000 --- a/update.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -I nixpkgs=../../../../../ -i bash -p nix wget prefetch-yarn-deps nix-prefetch-github - -if [ "$#" -gt 1 ] || [[ "$1" == -* ]]; then - echo "Regenerates packaging data for the ERPNext packages." - echo "Usage: $0 [git bench release tag] $1 [git erpnext release tag] $2 [git frappe release tag]" - exit 1 -fi - -bench_version="$1" -erpnext_version="$3" -frappe_version="$2" - -set -euo pipefail - -if [ -z "$bench_version" ]; then - bench_version="$(wget -q -O- "https://api.github.com/repos/frappe/bench/releases?per_page=1" | jq -r '.[0].tag_name')" -fi -if [ -z "$erpnext_version" ]; then - erpnext_version="$(wget -q -O- "https://api.github.com/repos/frappe/erpnext/releases?per_page=1" | jq -r '.[0].tag_name')" -fi -if [ -z "$frappe_version" ]; then - frappe_version="$(wget -q -O- "https://api.github.com/repos/frappe/frappe/releases?per_page=1" | jq -r '.[0].tag_name')" -fi - -# strip leading "v" -bench_version="${bench_version#v}" -erpnext_version="${erpnext_version#v}" -frappe_version="${frappe_version#v}" - -# Bench -bench_src_hash=$(nix-prefetch-github frappe bench --rev "v${bench_version}" | jq -r .sha256) - -popd - -# Erpnext -erpnext_src="https://raw.githubusercontent.com/frappe/erpnext/v$erpnext_version" -erpnext_src_hash="$(nix-prefetch-github frappe erpnext --rev "v${erpnext_version}" | jq -r .sha256)" - -erpnext_tmpdir=$(mktemp -d) -trap 'rm -rf "$erpnext_tmpdir"' EXIT - -pushd "$erpnext_tmpdir" -wget -q "$erpnext_src/yarn.lock" -erpnext_yarn_hash=$(prefetch-yarn-deps yarn.lock) -popd - -# Frappe -frappe_src="https://raw.githubusercontent.com/frappe/frappe/v$frappe_version" -frappe_src_hash="$(nix-prefetch-github frappe frappe --rev "v${frappe_version}" | jq -r .sha256)" - -frappe_tmpdir=$(mktemp -d) -trap 'rm -rf "$frappe_tmpdir"' EXIT - -pushd "$frappe_tmpdir" -wget -q "$frappe_src/yarn.lock" -frappe_yarn_hash=$(prefetch-yarn-deps yarn.lock) -popd - -cat > pin.nix << EOF -{ - benchVersion = "$bench_version"; - erpnextVersion = "$erpnext_version"; - frappeVersion = "$frappe_version"; - hashes = { - "benchSrcHash" = "$bench_src_hash"; - "erpnextSrcHash" = "$erpnext_src_hash"; - "erpnextYarnHash" = "$erpnext_yarn_hash"; - "frappeSrcHash" = "$frappe_src_hash"; - "frappeYarnHash" = "$frappe_yarn_hash"; - }; -} -EOF