From 437b841312a3a33714d566850b9b7a219b3b02ac Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Mon, 17 Jul 2023 22:40:52 +0200
Subject: [PATCH] pioneer: Add erpnext
---
flake.lock | 83 +++++++++++++++++-
flake.nix | 18 +++-
hosts/pioneer-momo-koeln/configuration.nix | 7 ++
hosts/pioneer-momo-koeln/erpnext.nix | 38 ++++++++
.../hardware-configuration.nix | 1 -
overlays/overrides.nix | 9 ++
profiles/cachix/default.nix | 12 +++
profiles/cachix/pub-solar.nix | 10 +++
secrets/erpnext-admin-password.age | Bin 0 -> 1566 bytes
secrets/erpnext-db-root-password.age | 31 +++++++
secrets/erpnext-db-user-password.age | 31 +++++++
secrets/secrets.nix | 3 +
12 files changed, 239 insertions(+), 4 deletions(-)
create mode 100644 hosts/pioneer-momo-koeln/erpnext.nix
create mode 100644 profiles/cachix/default.nix
create mode 100644 profiles/cachix/pub-solar.nix
create mode 100644 secrets/erpnext-admin-password.age
create mode 100644 secrets/erpnext-db-root-password.age
create mode 100644 secrets/erpnext-db-user-password.age
diff --git a/flake.lock b/flake.lock
index b591103b..c23b399a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -89,6 +89,31 @@
"type": "github"
}
},
+ "devshell_2": {
+ "inputs": {
+ "nixpkgs": [
+ "erpnext",
+ "nixpkgs"
+ ],
+ "systems": [
+ "erpnext",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1685972731,
+ "narHash": "sha256-VpwVUthxs3AFgvWxGTHu+KVDnS/zT3xkCtmjX2PjNQs=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "6b2554d28d46bfa6e24b941e999a145760dad0e1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
"digga": {
"inputs": {
"darwin": [
@@ -129,6 +154,30 @@
"type": "github"
}
},
+ "erpnext": {
+ "inputs": {
+ "agenix": [
+ "agenix"
+ ],
+ "devshell": "devshell_2",
+ "nixpkgs": "nixpkgs",
+ "systems": "systems"
+ },
+ "locked": {
+ "lastModified": 1689622186,
+ "narHash": "sha256-6GaWBmm3B4bSNlO5h2q7C3YfXfMp8wgowClAg79JfYc=",
+ "ref": "main",
+ "rev": "28a47059b7b723f2709a4f81384015ae4e8f8562",
+ "revCount": 28,
+ "type": "git",
+ "url": "https://git.pub.solar/axeman/erpnext-nix"
+ },
+ "original": {
+ "ref": "main",
+ "type": "git",
+ "url": "https://git.pub.solar/axeman/erpnext-nix"
+ }
+ },
"flake-compat": {
"flake": false,
"locked": {
@@ -199,7 +248,7 @@
},
"flake-utils_3": {
"inputs": {
- "systems": "systems"
+ "systems": "systems_2"
},
"locked": {
"lastModified": 1687171271,
@@ -283,6 +332,22 @@
"type": "github"
}
},
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1689534811,
+ "narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1672791794,
@@ -329,6 +394,7 @@
"darwin": "darwin",
"deploy": "deploy",
"digga": "digga",
+ "erpnext": "erpnext",
"flake-compat": "flake-compat",
"home": "home",
"latest": "latest",
@@ -352,6 +418,21 @@
"type": "github"
}
},
+ "systems_2": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
"utils": {
"locked": {
"lastModified": 1667395993,
diff --git a/flake.nix b/flake.nix
index 52402045..3b6ea490 100644
--- a/flake.nix
+++ b/flake.nix
@@ -38,6 +38,9 @@
nvfetcher.url = "github:berberman/nvfetcher";
nvfetcher.inputs.nixpkgs.follows = "nixos";
nvfetcher.inputs.flake-compat.follows = "flake-compat";
+
+ erpnext.url = "git+https://git.pub.solar/axeman/erpnext-nix?ref=main";
+ erpnext.inputs.agenix.follows = "agenix";
};
outputs = {
@@ -49,6 +52,7 @@
agenix,
deploy,
nvfetcher,
+ erpnext,
...
} @ inputs:
digga.lib.mkFlake
@@ -73,7 +77,12 @@
})
];
};
- latest = {};
+ latest = {
+ overlays = [
+ erpnext.overlays.default
+ erpnext.overlays.pythonOverlay
+ ];
+ };
};
lib = import ./lib {lib = digga.lib // nixos.lib;};
@@ -124,6 +133,11 @@
#})
];
};
+ pioneer-momo-koeln = {
+ modules = [
+ erpnext.nixosModules.erpnext
+ ];
+ };
};
importables = rec {
profiles =
@@ -132,7 +146,7 @@
users = digga.lib.rakeLeaves ./users;
};
suites = with profiles; rec {
- base = [base-user users.root users.barkeeper];
+ base = [base-user cachix users.root users.barkeeper];
pioneer-momo-koeln = base;
};
diff --git a/hosts/pioneer-momo-koeln/configuration.nix b/hosts/pioneer-momo-koeln/configuration.nix
index 7805a18e..fe0fcf70 100644
--- a/hosts/pioneer-momo-koeln/configuration.nix
+++ b/hosts/pioneer-momo-koeln/configuration.nix
@@ -1,5 +1,6 @@
{
config,
+ latestModulesPath,
lib,
pkgs,
...
@@ -10,6 +11,12 @@
./caddy.nix
./keycloak.nix
+ ./erpnext.nix
+
+ "${latestModulesPath}/services/web-servers/caddy/default.nix"
+ ];
+ disabledModules = [
+ "services/web-servers/caddy/default.nix"
];
pub-solar.core.lite = true;
diff --git a/hosts/pioneer-momo-koeln/erpnext.nix b/hosts/pioneer-momo-koeln/erpnext.nix
new file mode 100644
index 00000000..965abec2
--- /dev/null
+++ b/hosts/pioneer-momo-koeln/erpnext.nix
@@ -0,0 +1,38 @@
+{
+ config,
+ lib,
+ inputs,
+ pkgs,
+ self,
+ ...
+}: {
+ age.secrets.erpnext-admin-password = {
+ file = "${self}/secrets/admin-password.age";
+ mode = "700";
+ owner = "erpnext";
+ };
+ age.secrets.erpnext-db-root-password = {
+ file = "${self}/secrets/database-root-password.age";
+ mode = "700";
+ owner = "erpnext";
+ };
+ age.secrets.erpnext-db-user-password = {
+ file = "${self}/secrets/database-user-password.age";
+ mode = "700";
+ owner = "erpnext";
+ };
+
+ # erpnext
+ services.erpnext = {
+ enable = true;
+ domain = "erp.momo.koeln";
+
+ # Secrets
+ adminPasswordFile = config.age.secrets.erpnext-admin-password.path;
+ database.rootPasswordFile = config.age.secrets.erpnext-db-root-password.path;
+ database.userPasswordFile = config.age.secrets.erpnext-db-user-password.path;
+
+ # Required to enable caddy
+ caddy = {};
+ };
+}
diff --git a/hosts/pioneer-momo-koeln/hardware-configuration.nix b/hosts/pioneer-momo-koeln/hardware-configuration.nix
index b1b7611c..6b153df6 100644
--- a/hosts/pioneer-momo-koeln/hardware-configuration.nix
+++ b/hosts/pioneer-momo-koeln/hardware-configuration.nix
@@ -7,7 +7,6 @@
# Use the GRUB 2 boot loader.
boot.loader.systemd-boot.enable = false;
boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
diff --git a/overlays/overrides.nix b/overlays/overrides.nix
index 37a8e0e8..04c53003 100644
--- a/overlays/overrides.nix
+++ b/overlays/overrides.nix
@@ -4,6 +4,9 @@ channels: final: prev: {
inherit
(channels.latest)
nixd
+ erpnext-app
+ frappe-app
+ frappe-erpnext-assets
;
haskellPackages =
@@ -21,4 +24,10 @@ channels: final: prev: {
});
vimPlugins = prev.vimPlugins // {inherit (channels.latest.vimPlugins) nvim-lspconfig;};
+
+ python3 = prev.python3.override {
+ packageOverrides = pyfinal: pyprev: {
+ inherit (channels.latest.python3.pkgs) bench erpnext frappe;
+ };
+ };
}
diff --git a/profiles/cachix/default.nix b/profiles/cachix/default.nix
new file mode 100644
index 00000000..843ac4da
--- /dev/null
+++ b/profiles/cachix/default.nix
@@ -0,0 +1,12 @@
+{
+ pkgs,
+ lib,
+ ...
+}: let
+ folder = ./.;
+ toImport = name: value: folder + ("/" + name);
+ filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key && key != "default.nix";
+ imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
+in {
+ inherit imports;
+}
diff --git a/profiles/cachix/pub-solar.nix b/profiles/cachix/pub-solar.nix
new file mode 100644
index 00000000..a4faf653
--- /dev/null
+++ b/profiles/cachix/pub-solar.nix
@@ -0,0 +1,10 @@
+{
+ nix.settings = {
+ substituters = [
+ "https://pub-solar.cachix.org"
+ ];
+ trusted-public-keys = [
+ "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos="
+ ];
+ };
+}
diff --git a/secrets/erpnext-admin-password.age b/secrets/erpnext-admin-password.age
new file mode 100644
index 0000000000000000000000000000000000000000..761c9ad27abd843926fea6bb191e23bf79af3eb4
GIT binary patch
literal 1566
zcmZXUxz6l_8HVXVmZ+%E5n_adf;9Y$J+{X-L;>&i*dDJlUV@NpkJs_O+e)fjK(2ry
zsSpwkLPEKL(9)(tX=vz@l!=r-#c58i;L-a%@B8^l^b}QLw>CpoS0B|~a+o0C={LK+
zPoJXu5k(<lH@YEnnRm<H#*?zkQYJB)&O$Fm${!Y$B-pv{SfQeoa*(#uc@_|0y7jIO
zGLenwaIzBRcCZutdXKr2e8`zo%?;JQ?~{|&lP_sq@9!QQV}c~$;+Uy~XSV~{GpgSE
zMLrvGZ%@ljt1YBKahH0mpdt>nEZ~!T9Sylil><SRbTbGY3)Dx>78?T1=@F^b^~6h#
zQYy)1t3`QLd?X2iRg+mrTbBvJn!vLfj5=iP$Uo5IB=rCumw6hAn0N>ZP?|Oqy}}o)
zj}pP>lyhzKh_}C`(RFFAY!u-a%9pMi7nXChULNa80756K`Q~|xEnh(g?Go~6W`>^=
zaUyG(nhNJ~M5^L4>BB@7f}FRSz-Z(`Lnn+siYjo_ydY;tdQdk_=P(eRSV!qPWX&hr
zDA?nstX)oVQqZd?rPRm>(VDdcp$JRf=|bHA$@F|4PVh^>2lZ04lTwCq!hwBwrp<D2
zv%5?6kG4R|nXJ8(STSq5v%NufbXv-`22`QFD8yhGA>$NjsL7~RR~nf47h*k&(`<pu
zx#+4?N5+~w8WjN{P{6i?Ba$(GTLQq25SR;1J!LuO00x6mnjKRdL-c0cG16Hhg=&bC
z*Cd5HNaTnytyJN+N75-0&G(502(7~^v{9WKumM@QF43+BkK%?L*yEMJkag^brHxP1
z0!c>~_6yy{M!GAyZPc<}Wr2V$uI-V95vQ7Y({T2eJriuVnr>Fw6A(YUc3td(kpjj^
za0fxYM~7$i!dyj-bZ{F$qDm?u6-*q?4`FsG7V)CZ^WB;gxRSQvC6iTwL6BksU-tOr
zYEo^@&ht(Uhskv;=Du-rx5OQBxk2)=%4|jCjS^CcJ&{0!C3ThpEDYPYcX+UkxDHli
z9M_^{a(P@Od0UhsPMmS@+9CEP_f?w9nQEWxD&H_fZw&AL7LF(pReM8Es`l)+vAyzl
zw9;Hcp+nB19)Oo;oL)(}-n#uPSGj{J1An3LgHMB?yuUlog30A3soLXJS|;31Fu5~Z
zlH%lT71v896A^Bu7$!f~!XL?^Y3jB2o&{1;lo|;zP6`w8s4R@L&n02i;fE{_V8N%^
z>b&^5F)Nk1S5@j++bjPE3W7&Z?)IYTEU;iSlemsi2E!aXvFd<Q?93H%)8h``<6y*|
z1Q!rIg7qE~J}Tv+`s5(#stxTQdW#F|nj1=X--y#GuO#dLvQf8wwaDFb*`1ML#x&e?
zX4wR&^PMfm+Ua3?kYQSf?Hofi;oXD;xWK`L+Y67lJh>esPJzS9yPagl;tpsasZ1I3
z$flScI{z=*XP=+mZ+@>lC0*qA(e9Hkln)YU1dNn3F7$PL-ZX_@=l=N~L%z-rRPX{_
zQXJsv>1nsOY_}&OScnhK$<$G@BhLoy^?YM5{&mmJ*Ur}ThTPx~NZ$SDzu)`om)nQG
z`$wh!=gsfR=tcH|{Pz1d{zSd?XXTv_e*UWe@<--xKm6*`Km2R>^-ttqEc3U&y#4hz
QfB)%^uYLUDb@AK(0?lR#zyJUM
literal 0
HcmV?d00001
diff --git a/secrets/erpnext-db-root-password.age b/secrets/erpnext-db-root-password.age
new file mode 100644
index 00000000..d790ea82
--- /dev/null
+++ b/secrets/erpnext-db-root-password.age
@@ -0,0 +1,31 @@
+age-encryption.org/v1
+-> ssh-ed25519 uYcDNw R6BTv8G6nl8CNTmjRcMm/WhL4uKh8UdteVz7jVbXJzk
+fVKaNaK6BZzstSp45ONpM9/pgKADQvlnNGF/k4QUFbM
+-> ssh-rsa kFDS0A
+nB5/Huns9tUmb5t0Giua6sd8ACjpbMNB06gcR9CQ13vktOfSXf9ii0qjME8nycmi
+fZstK5O0E+nSJoF7wX/fVM/5FIzLjZmQQvPbixgOWsr7+egDBWVscbpbxN1sf5bi
+WsRzSWzDhkrgNBEyg7M5VR2RcXf2FSNjss2d0DlKwIw6HU2F9vbR/COE28kREkPM
+E3JsyOZ5qkgRgkdfyD8kuYkCKF/hnkW49bJWPnCIgR/Mc3RueGljQh+Tmc5fuk3I
+I47xXsbkc4AAHkXVzw/HUsQUTemnWh90aMVFITkGF2ia4I2PV90lcJ7Y4rEi32pN
+JYek8I+io1CpOwNN+WEMxMGZwv1xJdDGloC8aBTZzqGnbIjDAYlQ0QqRcfes9eNb
+qUkW80wbPCPZOygAbnE9Ud0d+lsOyoKbsDMuLEM6hCL8XFAvkfHfmgseOvdoQBNk
++HMmf/SkZM6eMcdO3YWNShcQM6h/WCr7zOBs9JoUO7wnSsSy4T8ZXzjrvoiBzHCB
+iiOZSHhvcX2ncflwCsP8yf2+eUp26qJRKM65ZKAhV6H3P4hC848RTusj+DRe76vE
+Fr36Xol2jXw8aoNZXNobgemE+uRmpDeDdNfrI7nRDzjOPuBY1vs/CeW692w8/YjZ
+3ExQswGdkBKbCyJL5O/hGd019+/0wETlE5Hlrovy/O4
+-> ssh-ed25519 hPyiJw tDYF74+DRNWfAzHcCSFojlSYg4AgdthDM00UwG8LXSA
+/fp2jPNxzYhCKXD5g/eqC31buMBFiel3jC+RfKit66M
+-> ssh-ed25519 YFSOsg +tDnXLwW+oVgDsjI15yshcI2KaKhADgVR1oWIqYEVzY
+R4pMIeQ78orCj7l5E8LD4ZSEtBhwtqcuSb6byOSuhTI
+-> ssh-ed25519 iHV63A qwPRT9Sqcwfmp7KGSFXEj3RTWWiwD17wrEfwYx127TA
+Od9cP3jhO0e2VI0St8m9d6P7TYib7ZNabdq808lhYsg
+-> ssh-ed25519 1bbksA s8FuQCn8yQtRtwwZ0oVrTnptC31ad4eG4Hm6K/HGPgU
+odI7d6qX2Om17wmsm/VdEqLGbdk6gUzprQ3i/zDxa+k
+-> ssh-ed25519 BVsyTA fZB0tnkvNfiv8yY173NmhzHHlDQkScNtFE9GpE4lJAo
+AYZyonEaAATvgz3OgSI4WNu2hJdDkNmhq5+0NU4+IJg
+-> N-grease z=0OX_v` ,=~E
+j78YWSSwlj6xEyJT5DZra8S037G4RNR3sf9hxZL5EMYlmMeaolb5B8oJN7tN5WbH
+zPRZ9HIsRsA/+/76z4D8lqVJjZIfK7Hb7OoZb8EgyB0kJBycpd86IEUcfj65hEKU
+
+--- 3k/CdnvpyhoxyB15yBikQjtyOiAUmGEkzxsGRObsBqg
+�`����t�`T�[��֍���zW�������>�Aئ�����か�^Ps聡N�� i���#�`��,
\ No newline at end of file
diff --git a/secrets/erpnext-db-user-password.age b/secrets/erpnext-db-user-password.age
new file mode 100644
index 00000000..8c77c0cd
--- /dev/null
+++ b/secrets/erpnext-db-user-password.age
@@ -0,0 +1,31 @@
+age-encryption.org/v1
+-> ssh-ed25519 uYcDNw 5YJH2FYCKHSwNXFVrfzRTB37pmd4mL8y/I4pieU84RQ
+JQKHK97WkTC9QO1GNZv/q3VZUgcisrKc1twqtLPkKOo
+-> ssh-rsa kFDS0A
+e0nMtUJhAAk5d36AIyS2p7N+RbO7J6oSyxPap4dIoReCEjGJej7qMuYTm7nD3DK/
+8XpTflPskKMXHXNkjyQ/H9FcTFwaHBmSoRJLo0lVFfCROzyXiTpKowdqeRRp9ss7
+9Fj0vc9tdKfHDm3h4UyBnOAL9sZ3/49VNbnARI5luUoikVtKeIGR7hwU9AvMCcIh
+YXiqhQRGUZx1w+vIaiD/lr0Qwf2bVIH+w9Gg5C53ROlNDuV8plHRFKJZJAnnUn5k
+4YrcCjiIL3VtwLKK/O14wOwcdSOt3Q0GnMAJMqriVHGxZqeZDAlQaacEDcLRN3wx
+GCzMbGRY8JEVrrHDr/wOcbjhrKd1nX1LnKVD8yVwxFtToLFmg7Vk50B1l62sXsFa
+1Dpb5t4gh3zu0GAfgALEQ88LxEk+31n59noSjgMCwSKCuU5uUx1hrEx+sDifOzYV
+zlNNzkuPqzvxlmpU5q8OOiJHJ0hY7RcL9i2dO57nl1dg8r9MkhRw3d7z/zLcAmjG
+rtgDib8tvnKz+azLA77J+SiijJaVM9dQQf0aWchcid3WbXv+LTYHB4SETfborujg
+tYF48SFHo4c1+FGiz/kBsb9paJNoSikqcsP6rV0HVl9fwkHtMZpPlF5843Eh1XM6
+BLQMQOuabR5NQSRrDB42WQ2t08Dd7tcNf6A0seHR4GM
+-> ssh-ed25519 hPyiJw 9RYiF1PRsRWNopGSVJpPe52zUNEl6Yu3q5aqoLxXWRo
+L2+cuDp6S4IViqkmTR6XF7ey39cWm2xh8wQnh5OxlXQ
+-> ssh-ed25519 YFSOsg pyU//r9w5oA4WqBjTivOCV0soTgM7URPcp1sB3VYiRk
+G92ulppLfvGXDe2vYkgVg60s3oKxq2YEx260EzSRL80
+-> ssh-ed25519 iHV63A h04fyhCuz8JUX4Fl4uD7xDrO3Cbm4fto21BK8EFJ3FY
+25NrhusX8PTjf8esrERbpMOS+OnwnGgR1oBTFp7Rync
+-> ssh-ed25519 1bbksA K5FpHSD72LKfwnJcN8qKLGf+3shNVfmo2Pamh7IopEs
+yDnkTUv6tRirnvdjYXVJoklLDXf6n/VBYCiCM2UaYfU
+-> ssh-ed25519 BVsyTA +vWsqL/+5gpnn8ygD5RlSlJDbmvKAd7L3sk/jAOKRQc
+EwuoXHYlTO+gdM7SA/TMmpXw8RGSKoRpYqjmfuYrKrw
+-> ..6XqV-grease 1 #+:[Jz D v8hZh
+VaqjfUTgm4UiD8LaSgxeZaLdFM8DVEnBOxG6FMgqUbf2IQUTOk3Odsb0SYfzCax8
+B4uXP5eXc8FgZAhME7Pv0eJHQ9kcP90BIf+YbbSs0PAWBp0cl9YIhadhMS4vmWA
+--- kb+aOKZo3hrIIQpxxOc5bz9r0ZAPDtcHVGxdHoAfcnc
+ �����Z2�m����6�v&������R�?�i|�_<�cqt����S�ѯ�G�02��Ȓ
+;$�a���~�Y
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index d7251820..0e9faf62 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -18,4 +18,7 @@ let
];
in {
"keycloak-database-password.age".publicKeys = allKeys;
+ "erpnext-admin-password.age".publicKeys = allKeys;
+ "erpnext-db-root-password.age".publicKeys = allKeys;
+ "erpnext-db-user-password.age".publicKeys = allKeys;
}