From b91c52c079166eb359543132ddcfe0402ab018b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Deckert?= Date: Fri, 2 Apr 2021 18:18:54 +0200 Subject: [PATCH] tryton: new appliance --- ejabberd/appliance/cert-renew.sh | 10 +- tryton/Makefile | 37 +++++++ tryton/appliance/02firstboot.start | 75 ++++++++++++++ tryton/appliance/cert-renew.sh | 66 +++++++++++++ tryton/nginx/nginx.conf | 81 +++++++++++++++ tryton/package.accept_keywords | 154 +++++++++++++++++++++++++++++ tryton/package.use | 8 ++ tryton/tryton.cfg | 2 + tryton/trytond/trytond.service | 10 ++ tryton/world | 135 +++++++++++++++++++++++++ 10 files changed, 574 insertions(+), 4 deletions(-) create mode 100644 tryton/Makefile create mode 100755 tryton/appliance/02firstboot.start create mode 100755 tryton/appliance/cert-renew.sh create mode 100644 tryton/nginx/nginx.conf create mode 100644 tryton/package.accept_keywords create mode 100644 tryton/package.use create mode 100644 tryton/tryton.cfg create mode 100644 tryton/trytond/trytond.service create mode 100644 tryton/world diff --git a/ejabberd/appliance/cert-renew.sh b/ejabberd/appliance/cert-renew.sh index 4553df9..8672a2a 100755 --- a/ejabberd/appliance/cert-renew.sh +++ b/ejabberd/appliance/cert-renew.sh @@ -49,8 +49,8 @@ then chown root:jabber $CERT_EJABBERD/server.* chmod 444 $CERT_EJABBERD/server.pem chmod 440 $CERT_EJABBERD/server.key - echo "Restart Ejabberd..." - systemctl restart ejabberd + echo "Restarting Ejabberd..." + systemctl is-active --quiet ejabberd && systemctl restart ejabberd echo "Update Nginx certificate..." mkdir -p $CERT_NGINX @@ -59,6 +59,8 @@ then chown nginx:nginx $CERT_NGINX/nginx.* chmod 444 $CERT_NGINX/nginx.pem chmod 400 $CERT_NGINX/nginx.key - echo "Restart Nginx..." - systemctl restart nginx + echo "Restarting Nginx..." + systemctl is-active --quiet nginx && systemctl restart nginx fi + +exit 0 diff --git a/tryton/Makefile b/tryton/Makefile new file mode 100644 index 0000000..7f741d1 --- /dev/null +++ b/tryton/Makefile @@ -0,0 +1,37 @@ +02firstboot = $(CHROOT)/etc/local.d/02firstboot.start +cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh +nginx_conf = $(CHROOT)/etc/nginx/nginx.conf.orig +trytond.conf = $(CHROOT)/etc/trytond/trytond.conf +trytond.service = $(CHROOT)/lib/systemd/system/trytond.service + +$(02firstboot): appliance/02firstboot.start + mkdir -p $(CHROOT)/etc/local.d + cp $< $@ + touch $(CHROOT)/02firstboot + +$(cert-renew.sh): appliance/cert-renew.sh + mkdir -p $(CHROOT)/etc/ssl + cp $< $@ + +$(nginx_conf): nginx/nginx.conf + mv $(CHROOT)/etc/nginx/nginx.conf $@ + cp $< $(CHROOT)/etc/nginx/nginx.conf + +$(trytond.conf): + mkdir -p $(CHROOT)/etc/trytond + echo "[database]" > $(CHROOT)/etc/trytond/trytond.conf + echo "uri = postgresql://trytond:trytond@/" >> $(CHROOT)/etc/trytond/trytond.conf + echo "" >> $(CHROOT)/etc/trytond/trytond.conf + echo "[web]" >> $(CHROOT)/etc/trytond/trytond.conf + echo "root=/usr/share/sao" >> $(CHROOT)/etc/trytond/trytond.conf + +$(trytond.service): trytond/trytond.service + cp $< $@ + +preinstall: + +postinstall: $(02firstboot) $(cert-renew.sh) $(nginx_conf) $(trytond.conf) $(trytond.service) + # configure postgresql + sed -i 's#^PG_INITDB_OPTS=.*#PG_INITDB_OPTS="--encoding=UTF8 --locale=de_DE.UTF-8"#' $(CHROOT)/etc/conf.d/postgresql-* + rm -rf $(CHROOT)/var/lib/postgresql/* + RUN emerge --config dev-db/postgresql diff --git a/tryton/appliance/02firstboot.start b/tryton/appliance/02firstboot.start new file mode 100755 index 0000000..6f2ce6a --- /dev/null +++ b/tryton/appliance/02firstboot.start @@ -0,0 +1,75 @@ +#!/bin/bash + +# variables +LABEL="DATA" +DATABASE_PASS="Di1sgPgSQLPw." +ADMIN_PASS="tryton" +TLD="example.com" +HOST="tryton" +ORGNAME="Tryton example" + +# start +set -e + +PGVER=$(eselect postgresql show) + +[ -e /01firstboot ] && exit 0 +[ -e /02firstboot ] || exit 0 + +systemctl stop postgresql-$PGVER +if [ ! -d "/$LABEL/var/lib/postgresql" ]; then + echo 'Create tryton database...' + mkdir -p "/$LABEL/var/lib" + rm -rf "/$LABEL/var/lib/postgresql.orig" + cp -a "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig" + mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql" + ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql" + systemctl start postgresql-$PGVER + psql -U postgres -d postgres -c "CREATE ROLE trytond WITH LOGIN;" + psql -U postgres -d postgres -c "ALTER USER trytond WITH PASSWORD '$DATABASE_PASS';" + psql -U postgres -d postgres -c "CREATE DATABASE trytond WITH OWNER trytond;" + export TRYTONPASSFILE=/tmp/trytonpassfile + echo -n "$ADMIN_PASS" > "$TRYTONPASSFILE" + trytond-admin -c /etc/trytond/trytond.conf -d trytond --all --email admin@$TLD + rm -f "$TRYTONPASSFILE" +else + echo 'start PostgreSQL DB...' + if [ ! -L /var/lib/postgresql ]; then + rm -rf "/$LABEL/var/lib/postgresql.orig" + mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig" + ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql" + fi + systemctl start postgresql-$PGVER +fi + +if [ ! -f "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" ]; then + echo 'Create certificates...' + mkdir -p "/$LABEL/CERTS/KEYS/" + mkdir -p "/$LABEL/CERTS/$HOST.$TLD" + echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem" + cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem" + touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem" +fi + +rm -rf /etc/ssl/trytond +rm -rf /etc/ssl/nginx +mkdir -p /etc/ssl +ln -sf "/$LABEL/etc/ssl/trytond" "/etc/ssl/trytond" +ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx" + +/etc/ssl/cert-renew.sh + +systemctl enable postgresql-$PGVER +systemctl enable trytond +systemctl enable nginx + +systemctl restart trytond +systemctl restart nginx + +rm /02firstboot diff --git a/tryton/appliance/cert-renew.sh b/tryton/appliance/cert-renew.sh new file mode 100755 index 0000000..b514269 --- /dev/null +++ b/tryton/appliance/cert-renew.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +HOST="tryton" +TLD="example.com" +FQDN="$HOST.$TLD" +LABEL="DATA" + +CERT_DIR=/$LABEL/CERTS +CERT_TRYTOND=/$LABEL/etc/ssl/trytond +CERT_NGINX=/$LABEL/etc/ssl/nginx +GETREPO="" +GETUSER="" +GETPASS="" + +function getCurrentVersion() { +# Get hash from latest revision + git log --format=format:%H -1 +} + +cd $CERT_DIR + +if [ -z "$GETREPO" ]; then + GIT_REVISION=0 + GIT_NEW_REVISION=1 + cd $FQDN +elif [ ! -d "$FQDN" ]; then + GIT_REVISION=0 + git clone "https://$GETUSER:$GETPASS@$GETREPO" + cd $FQDN + GIT_NEW_REVISION=$(getCurrentVersion) +else + cd $FQDN + GIT_REVISION=$(getCurrentVersion) + git commit -m "CRON: auto commit" + git fetch + git merge origin/master -m "Auto Merge" + GIT_NEW_REVISION=$(getCurrentVersion) +fi + +echo "old: $GIT_REVISION" +echo "new: $GIT_NEW_REVISION" + +if [ $GIT_REVISION != $GIT_NEW_REVISION ] +then + echo "Update Trytond certificate..." + mkdir -p $CERT_TRYTOND + cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_TRYTOND/server.pem + cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_TRYTOND/server.key + chown trytond:trytond $CERT_TRYTOND/server.* + chmod 444 $CERT_TRYTOND/server.pem + chmod 440 $CERT_TRYTOND/server.key + echo "Restarting Trytond..." + systemctl is-active --quiet trytond && systemctl restart trytond + + echo "Update Nginx certificate..." + mkdir -p $CERT_NGINX + cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_NGINX/nginx.pem + cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_NGINX/nginx.key + chown nginx:nginx $CERT_NGINX/nginx.* + chmod 444 $CERT_NGINX/nginx.pem + chmod 400 $CERT_NGINX/nginx.key + echo "Restarting Nginx..." + systemctl is-active --quiet nginx && systemctl restart nginx +fi + +exit 0 diff --git a/tryton/nginx/nginx.conf b/tryton/nginx/nginx.conf new file mode 100644 index 0000000..3b82abc --- /dev/null +++ b/tryton/nginx/nginx.conf @@ -0,0 +1,81 @@ +user nginx nginx; +worker_processes 1; + +error_log /var/log/nginx/error_log info; + +events { + worker_connections 1024; + use epoll; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main + '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$gzip_ratio"'; + + client_header_timeout 10m; + client_body_timeout 10m; + send_timeout 10m; + + connection_pool_size 256; + client_header_buffer_size 1k; + large_client_header_buffers 4 2k; + request_pool_size 4k; + + gzip off; + + output_buffers 1 32k; + postpone_output 1460; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 75 20; + + ignore_invalid_headers on; + + index index.html; + + server { + listen 80 default_server; + listen [::]:80 default_server; + + access_log /var/log/nginx/localhost.access_log main; + error_log /var/log/nginx/localhost.error_log info; + + root /var/www/localhost/htdocs; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://localhost:8000; + } + } + + server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + server_name example.com; + + ssl on; + ssl_certificate /etc/ssl/nginx/nginx.pem; + ssl_certificate_key /etc/ssl/nginx/nginx.key; + + access_log /var/log/nginx/localhost.ssl_access_log main; + error_log /var/log/nginx/localhost.ssl_error_log info; + + root /var/www/localhost/htdocs; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://localhost:8000; + } + } +} diff --git a/tryton/package.accept_keywords b/tryton/package.accept_keywords new file mode 100644 index 0000000..390dd07 --- /dev/null +++ b/tryton/package.accept_keywords @@ -0,0 +1,154 @@ +# tryton +app-office/trytond + +app-tryton/account +app-tryton/account_asset +app-tryton/account_cash_rounding +app-tryton/account_credit_limit +app-tryton/account_deposit +app-tryton/account_de_skr03 +app-tryton/account_dunning +app-tryton/account_dunning_email +app-tryton/account_dunning_fee +app-tryton/account_dunning_letter +app-tryton/account_invoice +app-tryton/account_invoice_correction +app-tryton/account_invoice_history +app-tryton/account_invoice_line_standalone +app-tryton/account_invoice_secondary_unit +app-tryton/account_invoice_stock +app-tryton/account_payment +app-tryton/account_payment_clearing +app-tryton/account_payment_sepa +app-tryton/account_payment_sepa_cfonb +app-tryton/account_payment_stripe +app-tryton/account_product +app-tryton/account_statement +app-tryton/account_statement_rule +app-tryton/account_stock_continental +app-tryton/account_stock_landed_cost +app-tryton/account_stock_landed_cost_weight +app-tryton/account_tax_cash +app-tryton/account_tax_rule_country +app-tryton/analytic_account +app-tryton/analytic_invoice +app-tryton/analytic_purchase +app-tryton/analytic_sale +app-tryton/attendance +app-tryton/bank +app-tryton/carrier +app-tryton/carrier_percentage +app-tryton/carrier_weight +app-tryton/commission +app-tryton/commission_waiting +app-tryton/company +app-tryton/company_work_time +app-tryton/country +app-tryton/currency +app-tryton/customs +app-tryton/dashboard +app-tryton/google_maps +app-tryton/ldap_authentication +app-tryton/notification_email +app-tryton/party +app-tryton/party_relationship +app-tryton/product +app-tryton/product_attribute +app-tryton/product_classification +app-tryton/product_classification_taxonomic +app-tryton/product_cost_fifo +app-tryton/product_cost_history +app-tryton/production +app-tryton/production_outsourcing +app-tryton/production_routing +app-tryton/production_split +app-tryton/production_work +app-tryton/production_work_timesheet +app-tryton/product_measurements +app-tryton/product_price_list +app-tryton/product_price_list_dates +app-tryton/product_price_list_parent +app-tryton/project +app-tryton/project_invoice +app-tryton/project_plan +app-tryton/project_revenue +app-tryton/purchase +app-tryton/purchase_amendment +app-tryton/purchase_history +app-tryton/purchase_invoice_line_standalone +app-tryton/purchase_request +app-tryton/purchase_request_quotation +app-tryton/purchase_requisition +app-tryton/purchase_secondary_unit +app-tryton/purchase_shipment_cost +app-tryton/sale +app-tryton/sale_advance_payment +app-tryton/sale_amendment +app-tryton/sale_complaint +app-tryton/sale_credit_limit +app-tryton/sale_discount +app-tryton/sale_extra +app-tryton/sale_history +app-tryton/sale_invoice_grouping +app-tryton/sale_opportunity +app-tryton/sale_payment +app-tryton/sale_price_list +app-tryton/sale_product_customer +app-tryton/sale_promotion +app-tryton/sale_promotion_coupon +app-tryton/sale_secondary_unit +app-tryton/sale_shipment_cost +app-tryton/sale_shipment_grouping +app-tryton/sale_shipment_tolerance +app-tryton/sale_stock_quantity +app-tryton/sale_subscription +app-tryton/sale_subscription_asset +app-tryton/sale_supply +app-tryton/sale_supply_drop_shipment +app-tryton/sale_supply_production +app-tryton/stock +app-tryton/stock_assign_manual +app-tryton/stock_consignment +app-tryton/stock_forecast +app-tryton/stock_inventory_location +app-tryton/stock_location_move +app-tryton/stock_location_sequence +app-tryton/stock_lot +app-tryton/stock_lot_sled +app-tryton/stock_lot_unit +app-tryton/stock_package +app-tryton/stock_package_shipping +app-tryton/stock_package_shipping_ups +app-tryton/stock_product_location +app-tryton/stock_secondary_unit +app-tryton/stock_shipment_measurements +app-tryton/stock_split +app-tryton/stock_supply +app-tryton/stock_supply_day +app-tryton/stock_supply_forecast +app-tryton/stock_supply_production +app-tryton/timesheet +app-tryton/timesheet_cost +app-tryton/user_role + +dev-python/forex-python +dev-python/proteus +dev-python/python-sql +dev-python/relatorio + +# SAO +app-office/sao + +dev-javascript/bootstrap +dev-javascript/bootstrap-rtl-ondemand +dev-javascript/c3 +dev-javascript/d3 +dev-javascript/fullcalendar +dev-javascript/gettext +dev-javascript/jquery +dev-javascript/moment +dev-javascript/mousetrap +dev-javascript/papaparse +dev-javascript/popperjs +dev-javascript/sortable +dev-javascript/tempusdominus-bootstrap3 diff --git a/tryton/package.use b/tryton/package.use new file mode 100644 index 0000000..7629ba2 --- /dev/null +++ b/tryton/package.use @@ -0,0 +1,8 @@ +# Tryton +dev-python/python-stdnum vies +dev-python/relatorio fodt +x11-libs/cairo X +x11-libs/gdk-pixbuf jpeg + +# Nginx / uWSGI +www-servers/uwsgi python diff --git a/tryton/tryton.cfg b/tryton/tryton.cfg new file mode 100644 index 0000000..c5178ae --- /dev/null +++ b/tryton/tryton.cfg @@ -0,0 +1,2 @@ +REPO_NAMES += tryton +REPO_URI_tryton = https://github.com/gentoo-mirror/tryton.git diff --git a/tryton/trytond/trytond.service b/tryton/trytond/trytond.service new file mode 100644 index 0000000..38c64bf --- /dev/null +++ b/tryton/trytond/trytond.service @@ -0,0 +1,10 @@ +[Unit] +Description=Tryton Server Daemon + +[Service] +Type=simple +User=trytond +ExecStart=/usr/bin/trytond -c /etc/trytond/trytond.conf + +[Install] +WantedBy=multi-user.target diff --git a/tryton/world b/tryton/world new file mode 100644 index 0000000..c56110c --- /dev/null +++ b/tryton/world @@ -0,0 +1,135 @@ +app-crypt/certbot-nginx +app-office/sao +app-office/trytond +app-tryton/account +app-tryton/account_asset +app-tryton/account_cash_rounding +app-tryton/account_credit_limit +app-tryton/account_deposit +app-tryton/account_de_skr03 +app-tryton/account_dunning +app-tryton/account_dunning_email +app-tryton/account_dunning_fee +app-tryton/account_dunning_letter +app-tryton/account_invoice +app-tryton/account_invoice_correction +app-tryton/account_invoice_history +app-tryton/account_invoice_line_standalone +app-tryton/account_invoice_secondary_unit +app-tryton/account_invoice_stock +app-tryton/account_payment +app-tryton/account_payment_clearing +app-tryton/account_payment_sepa +app-tryton/account_payment_sepa_cfonb +app-tryton/account_payment_stripe +app-tryton/account_product +app-tryton/account_statement +app-tryton/account_statement_rule +app-tryton/account_stock_continental +app-tryton/account_stock_landed_cost +app-tryton/account_stock_landed_cost_weight +app-tryton/account_tax_cash +app-tryton/account_tax_rule_country +app-tryton/analytic_account +app-tryton/analytic_invoice +app-tryton/analytic_purchase +app-tryton/analytic_sale +app-tryton/attendance +app-tryton/bank +app-tryton/carrier +app-tryton/carrier_percentage +app-tryton/carrier_weight +app-tryton/commission +app-tryton/commission_waiting +app-tryton/company +app-tryton/company_work_time +app-tryton/country +app-tryton/currency +app-tryton/customs +app-tryton/dashboard +app-tryton/google_maps +app-tryton/ldap_authentication +app-tryton/notification_email +app-tryton/party +app-tryton/party_relationship +app-tryton/product +app-tryton/product_attribute +app-tryton/product_classification +app-tryton/product_classification_taxonomic +app-tryton/product_cost_fifo +app-tryton/product_cost_history +app-tryton/production +app-tryton/production_outsourcing +app-tryton/production_routing +app-tryton/production_split +app-tryton/production_work +app-tryton/production_work_timesheet +app-tryton/product_measurements +app-tryton/product_price_list +app-tryton/product_price_list_dates +app-tryton/product_price_list_parent +app-tryton/project +app-tryton/project_invoice +app-tryton/project_plan +app-tryton/project_revenue +app-tryton/purchase +app-tryton/purchase_amendment +app-tryton/purchase_history +app-tryton/purchase_invoice_line_standalone +app-tryton/purchase_request +app-tryton/purchase_request_quotation +app-tryton/purchase_requisition +app-tryton/purchase_secondary_unit +app-tryton/purchase_shipment_cost +app-tryton/sale +app-tryton/sale_advance_payment +app-tryton/sale_amendment +app-tryton/sale_complaint +app-tryton/sale_credit_limit +app-tryton/sale_discount +app-tryton/sale_extra +app-tryton/sale_history +app-tryton/sale_invoice_grouping +app-tryton/sale_opportunity +app-tryton/sale_payment +app-tryton/sale_price_list +app-tryton/sale_product_customer +app-tryton/sale_promotion +app-tryton/sale_promotion_coupon +app-tryton/sale_secondary_unit +app-tryton/sale_shipment_cost +app-tryton/sale_shipment_grouping +app-tryton/sale_shipment_tolerance +app-tryton/sale_stock_quantity +app-tryton/sale_subscription +app-tryton/sale_subscription_asset +app-tryton/sale_supply +app-tryton/sale_supply_drop_shipment +app-tryton/sale_supply_production +app-tryton/stock +app-tryton/stock_assign_manual +app-tryton/stock_consignment +app-tryton/stock_forecast +app-tryton/stock_inventory_location +app-tryton/stock_location_move +app-tryton/stock_location_sequence +app-tryton/stock_lot +app-tryton/stock_lot_sled +app-tryton/stock_lot_unit +app-tryton/stock_package +app-tryton/stock_package_shipping +app-tryton/stock_package_shipping_ups +app-tryton/stock_product_location +app-tryton/stock_secondary_unit +app-tryton/stock_shipment_measurements +app-tryton/stock_split +app-tryton/stock_supply +app-tryton/stock_supply_day +app-tryton/stock_supply_forecast +app-tryton/stock_supply_production +app-tryton/timesheet +app-tryton/timesheet_cost +app-tryton/user_role +dev-db/postgresql +www-servers/nginx +www-servers/uwsgi