phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Dolibarr

Browse source
This commit is contained in:
Paul-Henri Froidmont 2024-09-12 15:14:15 +02:00
parent 907575739c
commit d8b1d760df
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
5 changed files with 127 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

116
modules/postgresql.nix
View file

@ -1,6 +1,13 @@
{ config, lib, pkgs, ... }:
let cfg = config.custom.services.postgresql;
in {
{
config,
lib,
pkgs,
...
}:
let
cfg = config.custom.services.postgresql;
in
{
options.custom.services.postgresql = {
enable = lib.mkEnableOption "postgresql";
};
@ -16,6 +23,7 @@ in {
root_as_others root nextcloud
root_as_others root roundcube
root_as_others root mastodon
root_as_others root dolibarr
'';
authentication = ''
local all postgres peer
@ -45,50 +53,66 @@ in {
key = "mastodon/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
};
systemd.services.postgresql-setup = let pgsql = config.services.postgresql;
in {
after = [ "postgresql.service" ];
bindsTo = [ "postgresql.service" ];
wantedBy = [ "postgresql.service" ];
path = [ pgsql.package pkgs.util-linux ];
script = ''
set -u
PSQL() {
psql --port=${toString pgsql.settings.port} "$@"
}
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "mastodon"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "mastodon" OWNER "mastodon"'
PSQL -tAc "ALTER ROLE synapse LOGIN"
PSQL -tAc "ALTER ROLE nextcloud LOGIN"
PSQL -tAc "ALTER ROLE roundcube LOGIN"
PSQL -tAc "ALTER ROLE mastodon LOGIN"
synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"
PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"
nextcloud_password="$(<'${config.sops.secrets.nextcloudDbPassword.path}')"
PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')"
PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
mastodon_password="$(<'${config.sops.secrets.mastodonDbPassword.path}')"
PSQL -tAc "ALTER ROLE mastodon WITH PASSWORD '$mastodon_password'"
'';
serviceConfig = {
User = pgsql.superUser;
Type = "oneshot";
RemainAfterExit = true;
dolibarrDbPassword = {
owner = config.services.postgresql.superUser;
key = "dolibarr/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
};
systemd.services.postgresql-setup =
let
pgsql = config.services.postgresql;
in
{
after = [ "postgresql.service" ];
bindsTo = [ "postgresql.service" ];
wantedBy = [ "postgresql.service" ];
path = [
pgsql.package
pkgs.util-linux
];
script = ''
set -u
PSQL() {
psql --port=${toString pgsql.settings.port} "$@"
}
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "mastodon"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'dolibarr'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "dolibarr"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'mastodon'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "mastodon" OWNER "mastodon"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'dolibarr'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "dolibarr" OWNER "dolibarr"'
PSQL -tAc "ALTER ROLE synapse LOGIN"
PSQL -tAc "ALTER ROLE nextcloud LOGIN"
PSQL -tAc "ALTER ROLE roundcube LOGIN"
PSQL -tAc "ALTER ROLE mastodon LOGIN"
PSQL -tAc "ALTER ROLE dolibarr LOGIN"
synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"
PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"
nextcloud_password="$(<'${config.sops.secrets.nextcloudDbPassword.path}')"
PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')"
PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
mastodon_password="$(<'${config.sops.secrets.mastodonDbPassword.path}')"
PSQL -tAc "ALTER ROLE mastodon WITH PASSWORD '$mastodon_password'"
dolibarr_password="$(<'${config.sops.secrets.dolibarrDbPassword.path}')"
PSQL -tAc "ALTER ROLE dolibarr WITH PASSWORD '$dolibarr_password'"
'';
serviceConfig = {
User = pgsql.superUser;
Type = "oneshot";
RemainAfterExit = true;
};
};
};
}

23
profiles/backend.nix
View file

@ -16,6 +16,11 @@
owner = config.services.borgbackup.jobs.data.user;
key = "borg/client_keys/backend1/private";
};
dolibarrDbPassword = {
owner = config.users.users.dolibarr.name;
key = "dolibarr/db_password";
restartUnits = [ "phpfpm-dolibarr.service" ];
};
};
custom = {
@ -124,6 +129,24 @@
};
};
services.dolibarr = {
enable = true;
domain = "dolibarr.froidmont.solutions";
stateDir = "/nix/var/data/dolibarr";
database = {
createLocally = false;
host = "10.0.1.11";
port = 5432;
name = "dolibarr";
user = "dolibarr";
passwordFile = config.sops.secrets.dolibarrDbPassword.path;
};
settings = {
dolibarr_main_db_type = lib.mkForce "pgsql";
};
nginx = { };
};
networking.firewall.allowedTCPPorts = [
80
443

20
profiles/db.nix
View file

@ -1,5 +1,15 @@
{ config, lib, pkgs, ... }: {
imports = [ ../environment.nix ../hardware/hcloud.nix ../modules ];
{
config,
lib,
pkgs,
...
}:
{
imports = [
../environment.nix
../hardware/hcloud.nix
../modules
];
networking.firewall.interfaces."eth1".allowedTCPPorts = [
config.services.prometheus.exporters.node.port
@ -17,12 +27,16 @@
services.backup-job = {
enable = true;
repoName = "db1";
readWritePaths = [ "/nix/var/data/postgresql" "/nix/var/data/backup/" ];
readWritePaths = [
"/nix/var/data/postgresql"
"/nix/var/data/backup/"
];
preHook = ''
${config.services.postgresql.package}/bin/pg_dump -U synapse synapse > /nix/var/data/postgresql/synapse.dmp
${config.services.postgresql.package}/bin/pg_dump -U nextcloud nextcloud > /nix/var/data/postgresql/nextcloud.dmp
${config.services.postgresql.package}/bin/pg_dump -U roundcube roundcube > /nix/var/data/postgresql/roundcube.dmp
${config.services.postgresql.package}/bin/pg_dump -U mastodon mastodon > /nix/var/data/postgresql/mastodon.dmp
${config.services.postgresql.package}/bin/pg_dump -U dolibarr dolibarr > /nix/var/data/postgresql/dolibarr.dmp
'';
startAt = "03:00";
sshKey = config.sops.secrets.borgSshKey.path;

8
secrets.enc.yml
View file

@ -6,7 +6,7 @@ grafana:
nix:
cache_secret_key: ENC[AES256_GCM,data:Q2mRU+EuTyqjYNvbuyGLqoDSqa/7EPlzNuCJU7QUBRSozf1D4dDzAPNU47xZ2rKcjz6Eg4OhAZLlGeFw9le8SzHOSJ65UYHoMMc6Rpvv/fPhgg2s2UMArrqyO3ultj1pVe3eIIRzBQcdoFqVDg==,iv:jhMTWEO6ahcZl+Dq6mA+mWIie8T0Dq1ZYe/HHYAD5ss=,tag:2GRmd2z96+TGI7MdvOBEdA==,type:str]
gitlab:
password: ENC[AES256_GCM,data:+DptcLNXBmI7c8TrlF2U3+4FAeg=,iv:POtL7Cu6KvgEs9SFokR1G9yviqvqUcy8KNlB42FU9PQ=,tag:yWgsuDou+R05EEe7j8r7WA==,type:str]
password: ENC[AES256_GCM,data:ellmwJv7zasbAD3hzAkSSJ4Z9qHqmlernG0=,iv:czXgy9wnDHLSrzefL+nKfbPm6DhZwpNARkUxNsBDHzM=,tag:NYXTjgaUAvOOeJlGe5fchQ==,type:str]
runner_registration_config: ENC[AES256_GCM,data:R+9UIDgrTx8xiz4DRRjB4ocyib43lIfQyxWTW+d8/UzkA87GFIraSLIjhnoDFhk57s3jQGUtmudl709z410V8+EXbLB81gl1mJqaXQ==,iv:qckhsamd24VVTB7glMcVyMsLJo9jON3Nc9JfeGOM0xI=,tag:/DOmtSrQOoIzpMHH/oBnFQ==,type:str]
synapse:
db_password: ENC[AES256_GCM,data:hy2BgTsRaZDQZULTW/csmnRy5ZjDEuPqxyuINv0ov5pFzDkozJVL1wut3HgBXjYZ8bqNjS5pCPQtkznw,iv:i41zKGwvPGIEZP0ZjhRaY4UMeOXBovQmLr1e1ewZhV4=,tag:3kKKYouH+lOrNxPJE5ul/Q==,type:str]
@ -18,6 +18,8 @@ nextcloud:
mastodon:
db_password: ENC[AES256_GCM,data:XY/C6n3T7iINN1Sk2GdhQgHK0+vltLssOVfRLA2rFmqdxLHjvpKQTPHWxDbzELVcGqgGyiMH4AG240lo,iv:8M/fLo1MjIpUIW54WgddILmcgtofeh0rIBvKQaX/Csw=,tag:Al6LjmcPOlza5iJivf0agg==,type:str]
smtp_password: ENC[AES256_GCM,data:uhtPw/1uuKsDifdPzaczWFdZm3TP3e25U69bGysJdudnjY9rjf8HrDJ1/wqXR4hbLMaJP41fVN9WXYSE,iv:VjIQCBx6BFzATuALewU6Dc7Ti+uekmAUIJ+r2iOcFHg=,tag:vhCvRbkRxuYyf/qLeoaFzA==,type:str]
dolibarr:
db_password: ENC[AES256_GCM,data:1aDUyV+JLklbbP5dJBmviPWKKxQF7xAuQ/lKIZ5M4TtHbeH9PDuEoyxJJ08k7RtJyLrBRCwBd2pgLyYs,iv:rn6aGEPG9i3Uu4xlMIDIdK8T8bPt8t1pRl4SUsgK8nI=,tag:qacpyDDsj0pYWO1Kur9Ugw==,type:str]
roundcube:
db_password: ENC[AES256_GCM,data:t2/gRhkkwd7eXKvRowNnBfOiJS4nWZlZpjtmmw+XcARbcYyf4Z3+jG6anzqxYjHHGzza23qcpfiSB4t7,iv:H7vdeBgVY3aSsMCyBBbCb0qqbDHTA/S3fwK1lDBebDI=,tag:LbeMqj3xdWz8e6XSEV+jtw==,type:str]
pg_pass_file: ENC[AES256_GCM,data:pXWi2lC3Na8K/P+F0nUW00mq2vApw/pf5stJvlfuwEdan1GKBa9jSqJE17mq7weaMkhI1vBwDdfu/P1y7hEBzRNU3CA=,iv:3bC2mKUt8jI+Avm8UQq6b15JA2F7/usfDEh6XYJ9OZA=,tag:0pYQyWDh3w00XRQe13IrCw==,type:str]
@ -69,8 +71,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-07-08T16:25:47Z"
mac: ENC[AES256_GCM,data:xQS7zypupl05ohpgmLycHFMAH46fStNk9cAV0bW7RBTdpXyO+/Crit9D+/mbMdRxbMXy1xywi65YKq8BJpg2o2ReH0tIHdN1IZIyqHtPSyUJ5IM6D9dWZBBiSLuYM8eU0jloORqTkRLUUqIHM6nuOoDdfE+SaNFhDhIQd+j+6ZI=,iv:j3ezzOn03fS4NaAUkngQnwFzDvrg4BwUAVdkYXnwIAI=,tag:FA6LeG6PfkufRtJCdl3iTg==,type:str]
lastmodified: "2024-09-11T18:58:46Z"
mac: ENC[AES256_GCM,data:NeD6/1DBlvW9vyReJJVBb8YY8qnMPZE0pobvNNdq/0dJKQfnAEndEokqWrRCuzd8oFuMbSmb4CDMX3N6r6nypGi4MMeeBAxPqlHO8aHAZ+XSrAh0XPNmcUnTYUP/zhJA9mp2fyWWgQT4gMEQslKVHDiCd68yOrj2wOr9Nx4CW8Y=,iv:eUyv6w/hXdxGg/1y2CU/WjEivzctCKO3Yw66ToEolH0=,tag:nFh240Xx1+dtLpz9P4U6gA==,type:str]
pgp:
- created_at: "2023-10-17T21:02:13Z"
enc: |

12
terraform/dns.tf
View file

@ -8,6 +8,10 @@ data "hetznerdns_zone" "banditlair_zone" {
name = "banditlair.com"
}
data "hetznerdns_zone" "froidmont_solutions_zone" {
name = "froidmont.solutions"
}
resource "hetznerdns_record" "banditlair_hcloud_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "@"
@ -88,6 +92,14 @@ resource "hetznerdns_record" "status_banditlair_a" {
ttl = 600
}
resource "hetznerdns_record" "dolibarr_a" {
zone_id = data.hetznerdns_zone.froidmont_solutions_zone.id
name = "dolibarr"
value = hcloud_server.backend1.ipv4_address
type = "A"
ttl = 600
}
resource "hetznerdns_record" "jitsi_a" {
zone_id = data.hetznerdns_zone.froidmont_zone.id
name = "jitsi"