diff --git a/flake.lock b/flake.lock index b591103b..c23b399a 100644 --- a/flake.lock +++ b/flake.lock @@ -89,6 +89,31 @@ "type": "github" } }, + "devshell_2": { + "inputs": { + "nixpkgs": [ + "erpnext", + "nixpkgs" + ], + "systems": [ + "erpnext", + "systems" + ] + }, + "locked": { + "lastModified": 1685972731, + "narHash": "sha256-VpwVUthxs3AFgvWxGTHu+KVDnS/zT3xkCtmjX2PjNQs=", + "owner": "numtide", + "repo": "devshell", + "rev": "6b2554d28d46bfa6e24b941e999a145760dad0e1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "digga": { "inputs": { "darwin": [ @@ -129,6 +154,30 @@ "type": "github" } }, + "erpnext": { + "inputs": { + "agenix": [ + "agenix" + ], + "devshell": "devshell_2", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1689622186, + "narHash": "sha256-6GaWBmm3B4bSNlO5h2q7C3YfXfMp8wgowClAg79JfYc=", + "ref": "main", + "rev": "28a47059b7b723f2709a4f81384015ae4e8f8562", + "revCount": 28, + "type": "git", + "url": "https://git.pub.solar/axeman/erpnext-nix" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.pub.solar/axeman/erpnext-nix" + } + }, "flake-compat": { "flake": false, "locked": { @@ -199,7 +248,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1687171271, @@ -283,6 +332,22 @@ "type": "github" } }, + "nixpkgs": { + "locked": { + "lastModified": 1689534811, + "narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1672791794, @@ -329,6 +394,7 @@ "darwin": "darwin", "deploy": "deploy", "digga": "digga", + "erpnext": "erpnext", "flake-compat": "flake-compat", "home": "home", "latest": "latest", @@ -352,6 +418,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1667395993, diff --git a/flake.nix b/flake.nix index 52402045..3b6ea490 100644 --- a/flake.nix +++ b/flake.nix @@ -38,6 +38,9 @@ nvfetcher.url = "github:berberman/nvfetcher"; nvfetcher.inputs.nixpkgs.follows = "nixos"; nvfetcher.inputs.flake-compat.follows = "flake-compat"; + + erpnext.url = "git+https://git.pub.solar/axeman/erpnext-nix?ref=main"; + erpnext.inputs.agenix.follows = "agenix"; }; outputs = { @@ -49,6 +52,7 @@ agenix, deploy, nvfetcher, + erpnext, ... } @ inputs: digga.lib.mkFlake @@ -73,7 +77,12 @@ }) ]; }; - latest = {}; + latest = { + overlays = [ + erpnext.overlays.default + erpnext.overlays.pythonOverlay + ]; + }; }; lib = import ./lib {lib = digga.lib // nixos.lib;}; @@ -124,6 +133,11 @@ #}) ]; }; + pioneer-momo-koeln = { + modules = [ + erpnext.nixosModules.erpnext + ]; + }; }; importables = rec { profiles = @@ -132,7 +146,7 @@ users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [base-user users.root users.barkeeper]; + base = [base-user cachix users.root users.barkeeper]; pioneer-momo-koeln = base; }; diff --git a/hosts/pioneer-momo-koeln/configuration.nix b/hosts/pioneer-momo-koeln/configuration.nix index 7805a18e..fe0fcf70 100644 --- a/hosts/pioneer-momo-koeln/configuration.nix +++ b/hosts/pioneer-momo-koeln/configuration.nix @@ -1,5 +1,6 @@ { config, + latestModulesPath, lib, pkgs, ... @@ -10,6 +11,12 @@ ./caddy.nix ./keycloak.nix + ./erpnext.nix + + "${latestModulesPath}/services/web-servers/caddy/default.nix" + ]; + disabledModules = [ + "services/web-servers/caddy/default.nix" ]; pub-solar.core.lite = true; diff --git a/hosts/pioneer-momo-koeln/erpnext.nix b/hosts/pioneer-momo-koeln/erpnext.nix new file mode 100644 index 00000000..965abec2 --- /dev/null +++ b/hosts/pioneer-momo-koeln/erpnext.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + inputs, + pkgs, + self, + ... +}: { + age.secrets.erpnext-admin-password = { + file = "${self}/secrets/admin-password.age"; + mode = "700"; + owner = "erpnext"; + }; + age.secrets.erpnext-db-root-password = { + file = "${self}/secrets/database-root-password.age"; + mode = "700"; + owner = "erpnext"; + }; + age.secrets.erpnext-db-user-password = { + file = "${self}/secrets/database-user-password.age"; + mode = "700"; + owner = "erpnext"; + }; + + # erpnext + services.erpnext = { + enable = true; + domain = "erp.momo.koeln"; + + # Secrets + adminPasswordFile = config.age.secrets.erpnext-admin-password.path; + database.rootPasswordFile = config.age.secrets.erpnext-db-root-password.path; + database.userPasswordFile = config.age.secrets.erpnext-db-user-password.path; + + # Required to enable caddy + caddy = {}; + }; +} diff --git a/hosts/pioneer-momo-koeln/hardware-configuration.nix b/hosts/pioneer-momo-koeln/hardware-configuration.nix index b1b7611c..6b153df6 100644 --- a/hosts/pioneer-momo-koeln/hardware-configuration.nix +++ b/hosts/pioneer-momo-koeln/hardware-configuration.nix @@ -7,7 +7,6 @@ # Use the GRUB 2 boot loader. boot.loader.systemd-boot.enable = false; boot.loader.grub.enable = true; - boot.loader.grub.version = 2; # boot.loader.grub.efiSupport = true; # boot.loader.grub.efiInstallAsRemovable = true; # boot.loader.efi.efiSysMountPoint = "/boot/efi"; diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 37a8e0e8..04c53003 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -4,6 +4,9 @@ channels: final: prev: { inherit (channels.latest) nixd + erpnext-app + frappe-app + frappe-erpnext-assets ; haskellPackages = @@ -21,4 +24,10 @@ channels: final: prev: { }); vimPlugins = prev.vimPlugins // {inherit (channels.latest.vimPlugins) nvim-lspconfig;}; + + python3 = prev.python3.override { + packageOverrides = pyfinal: pyprev: { + inherit (channels.latest.python3.pkgs) bench erpnext frappe; + }; + }; } diff --git a/profiles/cachix/default.nix b/profiles/cachix/default.nix new file mode 100644 index 00000000..843ac4da --- /dev/null +++ b/profiles/cachix/default.nix @@ -0,0 +1,12 @@ +{ + pkgs, + lib, + ... +}: let + folder = ./.; + toImport = name: value: folder + ("/" + name); + filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key && key != "default.nix"; + imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); +in { + inherit imports; +} diff --git a/profiles/cachix/pub-solar.nix b/profiles/cachix/pub-solar.nix new file mode 100644 index 00000000..a4faf653 --- /dev/null +++ b/profiles/cachix/pub-solar.nix @@ -0,0 +1,10 @@ +{ + nix.settings = { + substituters = [ + "https://pub-solar.cachix.org" + ]; + trusted-public-keys = [ + "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos=" + ]; + }; +} diff --git a/secrets/erpnext-admin-password.age b/secrets/erpnext-admin-password.age new file mode 100644 index 00000000..761c9ad2 Binary files /dev/null and b/secrets/erpnext-admin-password.age differ diff --git a/secrets/erpnext-db-root-password.age b/secrets/erpnext-db-root-password.age new file mode 100644 index 00000000..d790ea82 --- /dev/null +++ b/secrets/erpnext-db-root-password.age @@ -0,0 +1,31 @@ +age-encryption.org/v1 +-> ssh-ed25519 uYcDNw R6BTv8G6nl8CNTmjRcMm/WhL4uKh8UdteVz7jVbXJzk +fVKaNaK6BZzstSp45ONpM9/pgKADQvlnNGF/k4QUFbM +-> ssh-rsa kFDS0A +nB5/Huns9tUmb5t0Giua6sd8ACjpbMNB06gcR9CQ13vktOfSXf9ii0qjME8nycmi +fZstK5O0E+nSJoF7wX/fVM/5FIzLjZmQQvPbixgOWsr7+egDBWVscbpbxN1sf5bi +WsRzSWzDhkrgNBEyg7M5VR2RcXf2FSNjss2d0DlKwIw6HU2F9vbR/COE28kREkPM +E3JsyOZ5qkgRgkdfyD8kuYkCKF/hnkW49bJWPnCIgR/Mc3RueGljQh+Tmc5fuk3I +I47xXsbkc4AAHkXVzw/HUsQUTemnWh90aMVFITkGF2ia4I2PV90lcJ7Y4rEi32pN +JYek8I+io1CpOwNN+WEMxMGZwv1xJdDGloC8aBTZzqGnbIjDAYlQ0QqRcfes9eNb +qUkW80wbPCPZOygAbnE9Ud0d+lsOyoKbsDMuLEM6hCL8XFAvkfHfmgseOvdoQBNk ++HMmf/SkZM6eMcdO3YWNShcQM6h/WCr7zOBs9JoUO7wnSsSy4T8ZXzjrvoiBzHCB +iiOZSHhvcX2ncflwCsP8yf2+eUp26qJRKM65ZKAhV6H3P4hC848RTusj+DRe76vE +Fr36Xol2jXw8aoNZXNobgemE+uRmpDeDdNfrI7nRDzjOPuBY1vs/CeW692w8/YjZ +3ExQswGdkBKbCyJL5O/hGd019+/0wETlE5Hlrovy/O4 +-> ssh-ed25519 hPyiJw tDYF74+DRNWfAzHcCSFojlSYg4AgdthDM00UwG8LXSA +/fp2jPNxzYhCKXD5g/eqC31buMBFiel3jC+RfKit66M +-> ssh-ed25519 YFSOsg +tDnXLwW+oVgDsjI15yshcI2KaKhADgVR1oWIqYEVzY +R4pMIeQ78orCj7l5E8LD4ZSEtBhwtqcuSb6byOSuhTI +-> ssh-ed25519 iHV63A qwPRT9Sqcwfmp7KGSFXEj3RTWWiwD17wrEfwYx127TA +Od9cP3jhO0e2VI0St8m9d6P7TYib7ZNabdq808lhYsg +-> ssh-ed25519 1bbksA s8FuQCn8yQtRtwwZ0oVrTnptC31ad4eG4Hm6K/HGPgU +odI7d6qX2Om17wmsm/VdEqLGbdk6gUzprQ3i/zDxa+k +-> ssh-ed25519 BVsyTA fZB0tnkvNfiv8yY173NmhzHHlDQkScNtFE9GpE4lJAo +AYZyonEaAATvgz3OgSI4WNu2hJdDkNmhq5+0NU4+IJg +-> N-grease z=0OX_v` ,=~E +j78YWSSwlj6xEyJT5DZra8S037G4RNR3sf9hxZL5EMYlmMeaolb5B8oJN7tN5WbH +zPRZ9HIsRsA/+/76z4D8lqVJjZIfK7Hb7OoZb8EgyB0kJBycpd86IEUcfj65hEKU + +--- 3k/CdnvpyhoxyB15yBikQjtyOiAUmGEkzxsGRObsBqg +`t`T[֍zW>Aئ か^Ps聡N i#`, \ No newline at end of file diff --git a/secrets/erpnext-db-user-password.age b/secrets/erpnext-db-user-password.age new file mode 100644 index 00000000..8c77c0cd --- /dev/null +++ b/secrets/erpnext-db-user-password.age @@ -0,0 +1,31 @@ +age-encryption.org/v1 +-> ssh-ed25519 uYcDNw 5YJH2FYCKHSwNXFVrfzRTB37pmd4mL8y/I4pieU84RQ +JQKHK97WkTC9QO1GNZv/q3VZUgcisrKc1twqtLPkKOo +-> ssh-rsa kFDS0A +e0nMtUJhAAk5d36AIyS2p7N+RbO7J6oSyxPap4dIoReCEjGJej7qMuYTm7nD3DK/ +8XpTflPskKMXHXNkjyQ/H9FcTFwaHBmSoRJLo0lVFfCROzyXiTpKowdqeRRp9ss7 +9Fj0vc9tdKfHDm3h4UyBnOAL9sZ3/49VNbnARI5luUoikVtKeIGR7hwU9AvMCcIh +YXiqhQRGUZx1w+vIaiD/lr0Qwf2bVIH+w9Gg5C53ROlNDuV8plHRFKJZJAnnUn5k +4YrcCjiIL3VtwLKK/O14wOwcdSOt3Q0GnMAJMqriVHGxZqeZDAlQaacEDcLRN3wx +GCzMbGRY8JEVrrHDr/wOcbjhrKd1nX1LnKVD8yVwxFtToLFmg7Vk50B1l62sXsFa +1Dpb5t4gh3zu0GAfgALEQ88LxEk+31n59noSjgMCwSKCuU5uUx1hrEx+sDifOzYV +zlNNzkuPqzvxlmpU5q8OOiJHJ0hY7RcL9i2dO57nl1dg8r9MkhRw3d7z/zLcAmjG +rtgDib8tvnKz+azLA77J+SiijJaVM9dQQf0aWchcid3WbXv+LTYHB4SETfborujg +tYF48SFHo4c1+FGiz/kBsb9paJNoSikqcsP6rV0HVl9fwkHtMZpPlF5843Eh1XM6 +BLQMQOuabR5NQSRrDB42WQ2t08Dd7tcNf6A0seHR4GM +-> ssh-ed25519 hPyiJw 9RYiF1PRsRWNopGSVJpPe52zUNEl6Yu3q5aqoLxXWRo +L2+cuDp6S4IViqkmTR6XF7ey39cWm2xh8wQnh5OxlXQ +-> ssh-ed25519 YFSOsg pyU//r9w5oA4WqBjTivOCV0soTgM7URPcp1sB3VYiRk +G92ulppLfvGXDe2vYkgVg60s3oKxq2YEx260EzSRL80 +-> ssh-ed25519 iHV63A h04fyhCuz8JUX4Fl4uD7xDrO3Cbm4fto21BK8EFJ3FY +25NrhusX8PTjf8esrERbpMOS+OnwnGgR1oBTFp7Rync +-> ssh-ed25519 1bbksA K5FpHSD72LKfwnJcN8qKLGf+3shNVfmo2Pamh7IopEs +yDnkTUv6tRirnvdjYXVJoklLDXf6n/VBYCiCM2UaYfU +-> ssh-ed25519 BVsyTA +vWsqL/+5gpnn8ygD5RlSlJDbmvKAd7L3sk/jAOKRQc +EwuoXHYlTO+gdM7SA/TMmpXw8RGSKoRpYqjmfuYrKrw +-> ..6XqV-grease 1 #+:[Jz D v8hZh +VaqjfUTgm4UiD8LaSgxeZaLdFM8DVEnBOxG6FMgqUbf2IQUTOk3Odsb0SYfzCax8 +B4uXP5eXc8FgZAhME7Pv0eJHQ9kcP90BIf+YbbSs0PAWBp0cl9YIhadhMS4vmWA +--- kb+aOKZo3hrIIQpxxOc5bz9r0ZAPDtcHVGxdHoAfcnc + Z2m6v&R?i|_