From 990802df1c4bb9dc19f8f58b0ae1c8c64c280c82 Mon Sep 17 00:00:00 2001 From: Joerg Deckert Date: Sun, 4 Aug 2024 19:51:27 +0200 Subject: [PATCH] first release --- Makefile | 40 +++++++ README.world.md | 6 + appliance/02firstboot.start | 75 +++++++++++++ appliance/cert-renew.service | 8 ++ appliance/cert-renew.sh | 63 +++++++++++ appliance/cert-renew.timer | 12 ++ nginx/nginx.conf | 81 ++++++++++++++ package.accept_keywords | 69 ++++++++++++ package.use | 10 ++ trytond/trytond.service | 10 ++ va-tryton.cfg | 2 + world | 207 +++++++++++++++++++++++++++++++++++ 12 files changed, 583 insertions(+) create mode 100644 Makefile create mode 100644 README.world.md create mode 100755 appliance/02firstboot.start create mode 100644 appliance/cert-renew.service create mode 100755 appliance/cert-renew.sh create mode 100644 appliance/cert-renew.timer create mode 100644 nginx/nginx.conf create mode 100644 package.accept_keywords create mode 100644 package.use create mode 100644 trytond/trytond.service create mode 100644 va-tryton.cfg create mode 100644 world diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..6c1cee9 --- /dev/null +++ b/Makefile @@ -0,0 +1,40 @@ +02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start +cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh +nginx_conf = $(CHROOT)/etc/nginx/nginx.conf.orig +trytond.conf = $(CHROOT)/etc/trytond/trytond.conf +trytond.service = $(CHROOT)/lib/systemd/system/trytond.service + +systemd-units: appliance/cert-renew.service appliance/cert-renew.timer + cp appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/ + +$(02firstboot): appliance/02firstboot.start + mkdir -p $(CHROOT)/usr/local/bin + cp $< $@ + touch $(CHROOT)/02firstboot + +$(cert-renew.sh): appliance/cert-renew.sh + mkdir -p $(CHROOT)/etc/ssl + cp $< $@ + +$(nginx_conf): nginx/nginx.conf + mv $(CHROOT)/etc/nginx/nginx.conf $@ + cp $< $(CHROOT)/etc/nginx/nginx.conf + +$(trytond.conf): + mkdir -p $(CHROOT)/etc/trytond + echo "[database]" > $(CHROOT)/etc/trytond/trytond.conf + echo "uri = postgresql://trytond:trytond@/" >> $(CHROOT)/etc/trytond/trytond.conf + echo "" >> $(CHROOT)/etc/trytond/trytond.conf + echo "[web]" >> $(CHROOT)/etc/trytond/trytond.conf + echo "root=/usr/share/sao" >> $(CHROOT)/etc/trytond/trytond.conf + +$(trytond.service): trytond/trytond.service + cp $< $@ + +preinstall: + +postinstall: systemd-units $(02firstboot) $(cert-renew.sh) $(nginx_conf) $(trytond.conf) $(trytond.service) + # configure postgresql + sed -i 's#^PG_INITDB_OPTS=.*#PG_INITDB_OPTS="--encoding=UTF8 --locale=de_DE.UTF-8"#' $(CHROOT)/etc/conf.d/postgresql-* + rm -rf $(CHROOT)/var/lib/postgresql/* + RUN emerge --config dev-db/postgresql diff --git a/README.world.md b/README.world.md new file mode 100644 index 0000000..81c6748 --- /dev/null +++ b/README.world.md @@ -0,0 +1,6 @@ +Es werden alle Module installiert, welche im Gentoo-Tryton-Repository vorhanden sind, außer: + +- app-tryton/sale_product_recommendation_association_rule: + Python-Modul efficient_apriory fehlt (müßte als Abhängigkeit ins ebuild rein) +- app-tryton/currency_ro und app-tryton/currency_rs: + Patch aus Ebuild ist nicht vorhanden (kein FILESDIR) diff --git a/appliance/02firstboot.start b/appliance/02firstboot.start new file mode 100755 index 0000000..6f2ce6a --- /dev/null +++ b/appliance/02firstboot.start @@ -0,0 +1,75 @@ +#!/bin/bash + +# variables +LABEL="DATA" +DATABASE_PASS="Di1sgPgSQLPw." +ADMIN_PASS="tryton" +TLD="example.com" +HOST="tryton" +ORGNAME="Tryton example" + +# start +set -e + +PGVER=$(eselect postgresql show) + +[ -e /01firstboot ] && exit 0 +[ -e /02firstboot ] || exit 0 + +systemctl stop postgresql-$PGVER +if [ ! -d "/$LABEL/var/lib/postgresql" ]; then + echo 'Create tryton database...' + mkdir -p "/$LABEL/var/lib" + rm -rf "/$LABEL/var/lib/postgresql.orig" + cp -a "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig" + mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql" + ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql" + systemctl start postgresql-$PGVER + psql -U postgres -d postgres -c "CREATE ROLE trytond WITH LOGIN;" + psql -U postgres -d postgres -c "ALTER USER trytond WITH PASSWORD '$DATABASE_PASS';" + psql -U postgres -d postgres -c "CREATE DATABASE trytond WITH OWNER trytond;" + export TRYTONPASSFILE=/tmp/trytonpassfile + echo -n "$ADMIN_PASS" > "$TRYTONPASSFILE" + trytond-admin -c /etc/trytond/trytond.conf -d trytond --all --email admin@$TLD + rm -f "$TRYTONPASSFILE" +else + echo 'start PostgreSQL DB...' + if [ ! -L /var/lib/postgresql ]; then + rm -rf "/$LABEL/var/lib/postgresql.orig" + mv "/var/lib/postgresql" "/$LABEL/var/lib/postgresql.orig" + ln -s "/$LABEL/var/lib/postgresql" "/var/lib/postgresql" + fi + systemctl start postgresql-$PGVER +fi + +if [ ! -f "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" ]; then + echo 'Create certificates...' + mkdir -p "/$LABEL/CERTS/KEYS/" + mkdir -p "/$LABEL/CERTS/$HOST.$TLD" + echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem" + cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem" + touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem" +fi + +rm -rf /etc/ssl/trytond +rm -rf /etc/ssl/nginx +mkdir -p /etc/ssl +ln -sf "/$LABEL/etc/ssl/trytond" "/etc/ssl/trytond" +ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx" + +/etc/ssl/cert-renew.sh + +systemctl enable postgresql-$PGVER +systemctl enable trytond +systemctl enable nginx + +systemctl restart trytond +systemctl restart nginx + +rm /02firstboot diff --git a/appliance/cert-renew.service b/appliance/cert-renew.service new file mode 100644 index 0000000..59ec86d --- /dev/null +++ b/appliance/cert-renew.service @@ -0,0 +1,8 @@ +[Unit] +Description=renew certificates from git store +RefuseManualStart=no +RefuseManualStop=yes + +[Service] +Type=oneshot +ExecStart=/etc/ssl/cert-renew.sh diff --git a/appliance/cert-renew.sh b/appliance/cert-renew.sh new file mode 100755 index 0000000..0aeb20c --- /dev/null +++ b/appliance/cert-renew.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +HOST="tryton" +TLD="example.com" +FQDN="$HOST.$TLD" +LABEL="DATA" + +CERT_DIR=/$LABEL/CERTS +CERT_NGINX=/$LABEL/etc/ssl/nginx +CERT_TRYTON=/$LABEL/etc/ssl/trytond +GETREPO="" +GETUSER="" +GETPASS="" + +function getCurrentVersion() { +# Get hash from latest revision + git log --format=format:%H -1 +} + +cd $CERT_DIR + +if [ -z "$GETREPO" ]; then + GIT_REVISION=0 + GIT_NEW_REVISION=1 + cd $FQDN +elif [ ! -d "$FQDN" ]; then + GIT_REVISION=0 + git clone "https://$GETUSER:$GETPASS@$GETREPO" + cd $FQDN + GIT_NEW_REVISION=$(getCurrentVersion) +else + cd $FQDN + GIT_REVISION=$(getCurrentVersion) + git commit -m "CRON: auto commit" + git fetch + git merge origin/master -m "Auto Merge" + GIT_NEW_REVISION=$(getCurrentVersion) +fi + +echo "old: $GIT_REVISION" +echo "new: $GIT_NEW_REVISION" + +if [ $GIT_REVISION != $GIT_NEW_REVISION ] +then + echo "Update Tryton certificate..." + mkdir -p $CERT_TRYTON + cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_TRYTON/server.pem + cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_TRYTON/server.key + echo "Restarting Tryton..." + systemctl is-active --quiet trytond && systemctl restart trytond + + echo "Update Nginx certificate..." + mkdir -p $CERT_NGINX + cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_NGINX/nginx.pem + cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_NGINX/nginx.key + chown nginx:nginx $CERT_NGINX/nginx.* + chmod 444 $CERT_NGINX/nginx.pem + chmod 400 $CERT_NGINX/nginx.key + echo "Restarting Nginx..." + systemctl is-active --quiet nginx && systemctl restart nginx +fi + +exit 0 diff --git a/appliance/cert-renew.timer b/appliance/cert-renew.timer new file mode 100644 index 0000000..fa2ee54 --- /dev/null +++ b/appliance/cert-renew.timer @@ -0,0 +1,12 @@ +[Unit] +Description=renew certificates from git store +RefuseManualStart=no +RefuseManualStop=no + +[Timer] +Persistent=false +OnCalendar=Sun *-*-* 04:03:00 +Unit=cert-renew.service + +[Install] +WantedBy=default.target diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..3b82abc --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,81 @@ +user nginx nginx; +worker_processes 1; + +error_log /var/log/nginx/error_log info; + +events { + worker_connections 1024; + use epoll; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main + '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$gzip_ratio"'; + + client_header_timeout 10m; + client_body_timeout 10m; + send_timeout 10m; + + connection_pool_size 256; + client_header_buffer_size 1k; + large_client_header_buffers 4 2k; + request_pool_size 4k; + + gzip off; + + output_buffers 1 32k; + postpone_output 1460; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 75 20; + + ignore_invalid_headers on; + + index index.html; + + server { + listen 80 default_server; + listen [::]:80 default_server; + + access_log /var/log/nginx/localhost.access_log main; + error_log /var/log/nginx/localhost.error_log info; + + root /var/www/localhost/htdocs; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://localhost:8000; + } + } + + server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + server_name example.com; + + ssl on; + ssl_certificate /etc/ssl/nginx/nginx.pem; + ssl_certificate_key /etc/ssl/nginx/nginx.key; + + access_log /var/log/nginx/localhost.ssl_access_log main; + error_log /var/log/nginx/localhost.ssl_error_log info; + + root /var/www/localhost/htdocs; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://localhost:8000; + } + } +} diff --git a/package.accept_keywords b/package.accept_keywords new file mode 100644 index 0000000..f24ddc1 --- /dev/null +++ b/package.accept_keywords @@ -0,0 +1,69 @@ +# tryton +app-office/trytond + +app-tryton/* + +dev-javascript/bootstrap +dev-javascript/bootstrap-datetimepicker +dev-javascript/bootstrap-rtl-ondemand +dev-javascript/c3 +dev-javascript/d3 +dev-javascript/fullcalendar +dev-javascript/gettext +dev-javascript/jquery +dev-javascript/moment +dev-javascript/moment-timezone +dev-javascript/mousetrap +dev-javascript/papaparse +dev-javascript/popperjs +dev-javascript/sortable +dev-javascript/tempusdominus-bootstrap + +dev-python/ShopifyAPI +dev-python/backports-entry-points-selectable +dev-python/braintree +dev-python/csb43 +dev-python/febelfin-coda +dev-python/flask_tryton +dev-python/forex-python +dev-python/geomet +dev-python/goocalendar +dev-python/iso3166 +dev-python/markuppy +dev-python/mt940 +dev-python/ofxparse +dev-python/playsound +dev-python/proteus +dev-python/pyactiveresource +dev-python/pycha +dev-python/pycountry +dev-python/pysaml2 +dev-python/python-barcode +dev-python/python-levenshtein +dev-python/python-sql +dev-python/raven +dev-python/relatorio +dev-python/schwifty +dev-python/sentry_tryton +dev-python/tablib +dev-python/tryton-filestore-s3 +dev-python/trytond_gis + +# SAO +app-office/sao + +dev-javascript/bootstrap +dev-javascript/bootstrap-datetimepicker +dev-javascript/bootstrap-rtl-ondemand +dev-javascript/c3 +dev-javascript/d3 +dev-javascript/fullcalendar +dev-javascript/gettext +dev-javascript/jquery +dev-javascript/moment +dev-javascript/moment-timezone +dev-javascript/mousetrap +dev-javascript/papaparse +dev-javascript/popperjs +dev-javascript/sortable +dev-javascript/tempusdominus-bootstrap3 diff --git a/package.use b/package.use new file mode 100644 index 0000000..d44ac7a --- /dev/null +++ b/package.use @@ -0,0 +1,10 @@ +# Tryton +app-arch/brotli python +dev-python/python-stdnum vies +dev-python/relatorio fodt +x11-libs/cairo X +x11-libs/gdk-pixbuf jpeg + +# Nginx / uWSGI +app-misc/mime-types nginx +www-servers/uwsgi python diff --git a/trytond/trytond.service b/trytond/trytond.service new file mode 100644 index 0000000..38c64bf --- /dev/null +++ b/trytond/trytond.service @@ -0,0 +1,10 @@ +[Unit] +Description=Tryton Server Daemon + +[Service] +Type=simple +User=trytond +ExecStart=/usr/bin/trytond -c /etc/trytond/trytond.conf + +[Install] +WantedBy=multi-user.target diff --git a/va-tryton.cfg b/va-tryton.cfg new file mode 100644 index 0000000..c5178ae --- /dev/null +++ b/va-tryton.cfg @@ -0,0 +1,2 @@ +REPO_NAMES += tryton +REPO_URI_tryton = https://github.com/gentoo-mirror/tryton.git diff --git a/world b/world new file mode 100644 index 0000000..0f1654c --- /dev/null +++ b/world @@ -0,0 +1,207 @@ +app-crypt/certbot-nginx +app-office/sao +app-office/trytond +app-tryton/account +app-tryton/account_asset +app-tryton/account_be +app-tryton/account_budget +app-tryton/account_cash_rounding +app-tryton/account_consolidation +app-tryton/account_credit_limit +app-tryton/account_deposit +app-tryton/account_de_skr03 +app-tryton/account_dunning +app-tryton/account_dunning_email +app-tryton/account_dunning_fee +app-tryton/account_dunning_letter +app-tryton/account_es +app-tryton/account_es_sii +app-tryton/account_eu +app-tryton/account_fr +app-tryton/account_fr_chorus +app-tryton/account_invoice +app-tryton/account_invoice_correction +app-tryton/account_invoice_defer +app-tryton/account_invoice_history +app-tryton/account_invoice_line_standalone +app-tryton/account_invoice_secondary_unit +app-tryton/account_invoice_stock +app-tryton/account_invoice_watermark +app-tryton/account_move_line_grouping +app-tryton/account_payment +app-tryton/account_payment_braintree +app-tryton/account_payment_clearing +app-tryton/account_payment_sepa +app-tryton/account_payment_sepa_cfonb +app-tryton/account_payment_stripe +app-tryton/account_product +app-tryton/account_receivable_rule +app-tryton/account_rule +app-tryton/account_statement +app-tryton/account_statement_aeb43 +app-tryton/account_statement_coda +app-tryton/account_statement_mt940 +app-tryton/account_statement_ofx +app-tryton/account_statement_rule +app-tryton/account_statement_sepa +app-tryton/account_stock_anglo_saxon +app-tryton/account_stock_continental +app-tryton/account_stock_eu +app-tryton/account_stock_landed_cost +app-tryton/account_stock_landed_cost_weight +app-tryton/account_stock_shipment_cost +app-tryton/account_stock_shipment_cost_weight +app-tryton/account_tax_cash +app-tryton/account_tax_non_deductible +app-tryton/account_tax_rule_country +app-tryton/analytic_account +app-tryton/analytic_budget +app-tryton/analytic_invoice +app-tryton/analytic_purchase +app-tryton/analytic_sale +app-tryton/attendance +app-tryton/authentication_saml +app-tryton/authentication_sms +app-tryton/bank +app-tryton/carrier +app-tryton/carrier_carriage +app-tryton/carrier_percentage +app-tryton/carrier_subdivision +app-tryton/carrier_weight +app-tryton/commission +app-tryton/commission_waiting +app-tryton/company +app-tryton/company_work_time +app-tryton/country +app-tryton/currency +app-tryton/customs +app-tryton/dashboard +app-tryton/document_incoming +app-tryton/document_incoming_invoice +app-tryton/document_incoming_ocr +app-tryton/document_incoming_ocr_typless +app-tryton/edocument_uncefact +app-tryton/edocument_unece +app-tryton/google_maps +app-tryton/inbound_email +app-tryton/incoterm +app-tryton/ldap_authentication +app-tryton/marketing +app-tryton/marketing_automation +app-tryton/marketing_campaign +app-tryton/marketing_email +app-tryton/notification_email +app-tryton/party +app-tryton/party_avatar +app-tryton/party_relationship +app-tryton/party_siret +app-tryton/product +app-tryton/product_attribute +app-tryton/product_classification +app-tryton/product_classification_taxonomic +app-tryton/product_cost_fifo +app-tryton/product_cost_history +app-tryton/product_cost_warehouse +app-tryton/product_image +app-tryton/product_image_attribute +app-tryton/production +app-tryton/production_outsourcing +app-tryton/production_routing +app-tryton/production_split +app-tryton/production_work +app-tryton/production_work_timesheet +app-tryton/product_kit +app-tryton/product_measurements +app-tryton/product_price_list +app-tryton/product_price_list_cache +app-tryton/product_price_list_dates +app-tryton/product_price_list_parent +app-tryton/project +app-tryton/project_invoice +app-tryton/project_plan +app-tryton/project_revenue +app-tryton/purchase +app-tryton/purchase_amendment +app-tryton/purchase_blanket_agreement +app-tryton/purchase_history +app-tryton/purchase_invoice_line_standalone +app-tryton/purchase_price_list +app-tryton/purchase_product_quantity +app-tryton/purchase_request +app-tryton/purchase_request_quotation +app-tryton/purchase_requisition +app-tryton/purchase_secondary_unit +app-tryton/purchase_shipment_cost +app-tryton/quality +app-tryton/sale +app-tryton/sale_advance_payment +app-tryton/sale_amendment +app-tryton/sale_blanket_agreement +app-tryton/sale_complaint +app-tryton/sale_credit_limit +app-tryton/sale_discount +app-tryton/sale_extra +app-tryton/sale_gift_card +app-tryton/sale_history +app-tryton/sale_invoice_date +app-tryton/sale_invoice_grouping +app-tryton/sale_opportunity +app-tryton/sale_payment +app-tryton/sale_point +app-tryton/sale_price_list +app-tryton/sale_product_customer +app-tryton/sale_product_quantity +app-tryton/sale_product_recommendation +app-tryton/sale_promotion +app-tryton/sale_promotion_coupon +app-tryton/sale_promotion_coupon_payment +app-tryton/sale_secondary_unit +app-tryton/sale_shipment_cost +app-tryton/sale_shipment_grouping +app-tryton/sale_shipment_tolerance +app-tryton/sale_stock_quantity +app-tryton/sale_subscription +app-tryton/sale_subscription_asset +app-tryton/sale_supply +app-tryton/sale_supply_drop_shipment +app-tryton/sale_supply_production +app-tryton/stock +app-tryton/stock_assign_manual +app-tryton/stock_consignment +app-tryton/stock_forecast +app-tryton/stock_inventory_location +app-tryton/stock_location_move +app-tryton/stock_location_sequence +app-tryton/stock_lot +app-tryton/stock_lot_sled +app-tryton/stock_lot_unit +app-tryton/stock_package +app-tryton/stock_package_shipping +app-tryton/stock_package_shipping_dpd +app-tryton/stock_package_shipping_mygls +app-tryton/stock_package_shipping_sendcloud +app-tryton/stock_package_shipping_ups +app-tryton/stock_product_location +app-tryton/stock_quantity_early_planning +app-tryton/stock_quantity_issue +app-tryton/stock_secondary_unit +app-tryton/stock_shipment_cost +app-tryton/stock_shipment_cost_weight +app-tryton/stock_shipment_measurements +app-tryton/stock_split +app-tryton/stock_supply +app-tryton/stock_supply_day +app-tryton/stock_supply_forecast +app-tryton/stock_supply_production +app-tryton/timesheet +app-tryton/timesheet_cost +app-tryton/user_role +app-tryton/web_shop +app-tryton/web_shop_shopify +app-tryton/web_shop_vue_storefront +app-tryton/web_shop_vue_storefront_stripe +app-tryton/web_shortener +app-tryton/web_user +dev-db/postgresql +www-servers/nginx +www-servers/uwsgi