phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Odoo config

Browse source
This commit is contained in:
Paul-Henri Froidmont 2024-09-20 03:55:11 +02:00
parent 22d5e09f3c
commit 0dd50bde59
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
6 changed files with 122 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

114
flake.nix
View file

@ -5,29 +5,41 @@
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
simple-nixos-mailserver.url = simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
"gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
foundryvtt.url = "github:reckenrode/nix-foundryvtt"; foundryvtt.url = "github:reckenrode/nix-foundryvtt";
}; };
outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, deploy-rs, sops-nix outputs =
, simple-nixos-mailserver, foundryvtt }: inputs@{
self,
nixpkgs,
nixpkgs-unstable,
deploy-rs,
sops-nix,
simple-nixos-mailserver,
foundryvtt,
}:
let let
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
pkgs-unstable = nixpkgs-unstable.legacyPackages.x86_64-linux; pkgs-unstable = nixpkgs-unstable.legacyPackages.x86_64-linux;
defaultModuleArgs = { pkgs, ... }: {
_module.args.pkgs-unstable = import nixpkgs-unstable {
inherit (pkgs.stdenv.targetPlatform) system;
config.allowUnfreePredicate = pkg:
builtins.elem (pkgs.lib.getName pkg) [ "minecraft-server" ];
};
};
in {
devShells.x86_64-linux.default = pkgs.mkShell {
sopsPGPKeyDirs = [ "./keys/hosts" "./keys/users" ];
nativeBuildInputs = defaultModuleArgs =
[ (pkgs.callPackage sops-nix { }).sops-import-keys-hook ]; { pkgs, ... }:
{
_module.args.pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "minecraft-server" ];
};
};
in
{
devShells.x86_64-linux.default = pkgs.mkShell {
sopsPGPKeyDirs = [
"./keys/hosts"
"./keys/users"
];
nativeBuildInputs = [ (pkgs.callPackage sops-nix { }).sops-import-keys-hook ];
buildInputs = with pkgs-unstable; [ buildInputs = with pkgs-unstable; [
nixpkgs-fmt nixpkgs-fmt
@ -41,81 +53,87 @@
nixosConfigurations = { nixosConfigurations = {
db1 = nixpkgs.lib.nixosSystem { db1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit nixpkgs; }; specialArgs = {
inherit nixpkgs;
};
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/db.nix ./profiles/db.nix
({ {
sops.defaultSopsFile = ./secrets.enc.yml; sops.defaultSopsFile = ./secrets.enc.yml;
networking.hostName = "db1"; networking.hostName = "db1";
networking.domain = "banditlair.com"; networking.domain = "banditlair.com";
nix.registry.nixpkgs.flake = nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;
system.stateVersion = "21.05"; system.stateVersion = "21.05";
}) }
]; ];
}; };
backend1 = nixpkgs.lib.nixosSystem { backend1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit nixpkgs; }; specialArgs = {
inherit nixpkgs;
};
modules = [ modules = [
defaultModuleArgs
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./profiles/backend.nix ./profiles/backend.nix
({ {
sops.defaultSopsFile = ./secrets.enc.yml; sops.defaultSopsFile = ./secrets.enc.yml;
networking.hostName = "backend1"; networking.hostName = "backend1";
networking.domain = "banditlair.com"; networking.domain = "banditlair.com";
nix.registry.nixpkgs.flake = nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;
system.stateVersion = "21.05"; system.stateVersion = "21.05";
}) }
]; ];
}; };
storage1 = nixpkgs.lib.nixosSystem { storage1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit nixpkgs inputs; }; specialArgs = {
inherit nixpkgs inputs;
};
modules = [ modules = [
defaultModuleArgs defaultModuleArgs
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
simple-nixos-mailserver.nixosModule simple-nixos-mailserver.nixosModule
foundryvtt.nixosModules.foundryvtt foundryvtt.nixosModules.foundryvtt
./profiles/storage.nix ./profiles/storage.nix
({ {
sops.defaultSopsFile = ./secrets.enc.yml; sops.defaultSopsFile = ./secrets.enc.yml;
networking.hostName = "storage1"; networking.hostName = "storage1";
networking.domain = "banditlair.com"; networking.domain = "banditlair.com";
nix.registry.nixpkgs.flake = nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;
system.stateVersion = "21.05"; system.stateVersion = "21.05";
}) }
]; ];
}; };
}; };
deploy.nodes = let deploy.nodes =
createSystemProfile = configuration: { let
user = "root"; createSystemProfile = configuration: {
sshUser = "root"; user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos configuration; sshUser = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos configuration;
};
in
{
db1 = {
hostname = "db1.banditlair.com";
profiles.system = createSystemProfile self.nixosConfigurations.db1;
};
backend1 = {
hostname = "backend1.banditlair.com";
profiles.system = createSystemProfile self.nixosConfigurations.backend1;
};
storage1 = {
hostname = "78.46.96.243";
profiles.system = createSystemProfile self.nixosConfigurations.storage1;
};
}; };
in {
db1 = {
hostname = "db1.banditlair.com";
profiles.system = createSystemProfile self.nixosConfigurations.db1;
};
backend1 = {
hostname = "backend1.banditlair.com";
profiles.system =
createSystemProfile self.nixosConfigurations.backend1;
};
storage1 = {
hostname = "78.46.96.243";
profiles.system =
createSystemProfile self.nixosConfigurations.storage1;
};
};
checks = builtins.mapAttrs checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
}; };
} }

5
modules/postgresql.nix
View file

@ -24,6 +24,7 @@ in
root_as_others root roundcube root_as_others root roundcube
root_as_others root mastodon root_as_others root mastodon
root_as_others root dolibarr root_as_others root dolibarr
root_as_others root odoo
''; '';
authentication = '' authentication = ''
local all postgres peer local all postgres peer
@ -83,18 +84,21 @@ in
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"' PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "mastodon"' PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "mastodon"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'dolibarr'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "dolibarr"' PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'dolibarr'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "dolibarr"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'odoo'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "odoo"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "mastodon" OWNER "mastodon"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "mastodon" OWNER "mastodon"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'dolibarr'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "dolibarr" OWNER "dolibarr"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'dolibarr'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "dolibarr" OWNER "dolibarr"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'odoo'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "odoo" OWNER "odoo"'
PSQL -tAc "ALTER ROLE synapse LOGIN" PSQL -tAc "ALTER ROLE synapse LOGIN"
PSQL -tAc "ALTER ROLE nextcloud LOGIN" PSQL -tAc "ALTER ROLE nextcloud LOGIN"
PSQL -tAc "ALTER ROLE roundcube LOGIN" PSQL -tAc "ALTER ROLE roundcube LOGIN"
PSQL -tAc "ALTER ROLE mastodon LOGIN" PSQL -tAc "ALTER ROLE mastodon LOGIN"
PSQL -tAc "ALTER ROLE dolibarr LOGIN" PSQL -tAc "ALTER ROLE dolibarr LOGIN"
PSQL -tAc "ALTER ROLE odoo LOGIN"
synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')" synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"
PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'" PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"
@ -106,6 +110,7 @@ in
PSQL -tAc "ALTER ROLE mastodon WITH PASSWORD '$mastodon_password'" PSQL -tAc "ALTER ROLE mastodon WITH PASSWORD '$mastodon_password'"
dolibarr_password="$(<'${config.sops.secrets.dolibarrDbPassword.path}')" dolibarr_password="$(<'${config.sops.secrets.dolibarrDbPassword.path}')"
PSQL -tAc "ALTER ROLE dolibarr WITH PASSWORD '$dolibarr_password'" PSQL -tAc "ALTER ROLE dolibarr WITH PASSWORD '$dolibarr_password'"
PSQL -tAc "ALTER ROLE odoo WITH PASSWORD 'odoo'"
''; '';
serviceConfig = { serviceConfig = {

37
profiles/backend.nix
View file

@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-unstable,
... ...
}: }:
{ {
@ -156,6 +157,42 @@
}; };
}; };
nixpkgs.config.permittedInsecurePackages = [ "qtwebkit-5.212.0-alpha4" ];
services.odoo = {
enable = false;
package = pkgs-unstable.odoo.override {
python310 = pkgs.python310.override {
packageOverrides = final: prev: {
furl = prev.furl.overridePythonAttrs (old: {
doCheck = false;
});
};
};
};
domain = "odoo.froidmont.solutions";
settings = {
options = {
db_host = "10.0.1.11";
db_port = 5432;
db_name = "odoo";
db_user = "odoo";
db_password = "odoo";
data_dir = "/var/lib/private/odoo/data";
};
};
};
services.nginx.virtualHosts = {
${config.services.odoo.domain} = {
forceSSL = true;
enableACME = true;
};
};
services.postgresql.enable = lib.mkForce false;
# systemd.services.odoo = {
# after = lib.mkForce [ "network.target" ];
# requires = lib.mkForce [ ];
# };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 80
443 443

1
profiles/db.nix
View file

@ -37,6 +37,7 @@
${config.services.postgresql.package}/bin/pg_dump -U roundcube roundcube > /nix/var/data/postgresql/roundcube.dmp ${config.services.postgresql.package}/bin/pg_dump -U roundcube roundcube > /nix/var/data/postgresql/roundcube.dmp
${config.services.postgresql.package}/bin/pg_dump -U mastodon mastodon > /nix/var/data/postgresql/mastodon.dmp ${config.services.postgresql.package}/bin/pg_dump -U mastodon mastodon > /nix/var/data/postgresql/mastodon.dmp
${config.services.postgresql.package}/bin/pg_dump -U dolibarr dolibarr > /nix/var/data/postgresql/dolibarr.dmp ${config.services.postgresql.package}/bin/pg_dump -U dolibarr dolibarr > /nix/var/data/postgresql/dolibarr.dmp
${config.services.postgresql.package}/bin/pg_dump -U odoo odoo > /nix/var/data/postgresql/odoo.dmp
''; '';
startAt = "03:00"; startAt = "03:00";
sshKey = config.sops.secrets.borgSshKey.path; sshKey = config.sops.secrets.borgSshKey.path;

5
profiles/storage.nix
View file

@ -316,6 +316,11 @@
upnp = false; upnp = false;
}; };
services.rustdesk-server = {
enable = true;
openFirewall = true;
};
services.nginx.virtualHosts."vtt.${config.networking.domain}" = { services.nginx.virtualHosts."vtt.${config.networking.domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

8
terraform/dns.tf
View file

@ -100,6 +100,14 @@ resource "hetznerdns_record" "dolibarr_a" {
ttl = 600 ttl = 600
} }
resource "hetznerdns_record" "odoo_a" {
zone_id = data.hetznerdns_zone.froidmont_solutions_zone.id
name = "odoo"
value = hcloud_server.backend1.ipv4_address
type = "A"
ttl = 600
}
resource "hetznerdns_record" "jitsi_a" { resource "hetznerdns_record" "jitsi_a" {
zone_id = data.hetznerdns_zone.froidmont_zone.id zone_id = data.hetznerdns_zone.froidmont_zone.id
name = "jitsi" name = "jitsi"