wip

AmrikSD · Dec 13, 2024 · ace1693 · ace1693
1 parent fa83dba
commit ace1693
Show file tree

Hide file tree

Showing 6 changed files with 227 additions and 3 deletions.
diff --git a/infra/cloudflare/03-amrik.xyz.tf b/infra/cloudflare/03-amrik.xyz.tf
@@ -0,0 +1,11 @@
+variable "ip_address" {
+  description = "The IP address to use for the Cloudflare DNS record"
+  type        = string
+}
+
+resource "cloudflare_record" "amrik_xyz" {
+  zone_id = data.sops_file.cloudflare-secret.data["cloudflare.amrik.xyz.zone_id"]
+  name    = "@"
+  type    = "A"
+  content   = var.ip_address
+}
diff --git a/infra/cloudflare/cloudflare.sops.yaml b/infra/cloudflare/cloudflare.sops.yaml
@@ -9,6 +9,8 @@ cloudflare:
         ip: ENC[AES256_GCM,data:2+zAyjDzS+kJUnumug==,iv:6ntiyuZhYuZkKk08Qo60Q17KNhVH1jAPHxMSG8j+KVE=,tag:8GseWE/GXZRXKVadfAhdmg==,type:str]
         tunnel:
             secret: ENC[AES256_GCM,data:Lum6ZSAEGLn6pTGRBTHhCMAw1XmDJmVqZmdhDMrKqJjhIEll,iv:f3pVkLt47A4dUkfz7RVBseA5DbWpMkXpZ3W31LRCKeg=,tag:te1e7TjAUsDOXdnsnw9pKQ==,type:str]
+    amrik.xyz:
+        zone_id: ENC[AES256_GCM,data:sRxZso3w+BPp0yDW6lVT5NK1f5zvZzGErkiO1I6DXMA=,iv:8FzDWJ+egABO83AWnso2sgi99ew4auhkny/ui1yhyO4=,tag:q4WDV0mZeej7rHo8BVZVCQ==,type:str]
 github:
     client_id: ENC[AES256_GCM,data:83iy0nvSDMUz8vw+x615uvC64qQ=,iv:+y80PpsNW0bxXjWvnV7j5fzJHDBsRo34p1mJ6pOZ+68=,tag:b4f2I4xp7d+ihs7QabPj4A==,type:str]
     client_secret: ENC[AES256_GCM,data:oqdbcU5w4Sewr0LgVdauh7jVG+/8CfFaOgYgMjdZuz/qAtMdndQ/Xg==,iv:FKTvlccmw9EtqR5VeyEjSDhxgsAHXlDFdF0y1z6I/dg=,tag:02Kyh+d/+hL3jK9JMCkqkw==,type:str]
@@ -27,8 +29,8 @@ sops:
             SkVJam9kQTRkSlFhS0pZZnpEK25HTlEKWIB90KHn2BvVL4mz74qERMa9HDa2lao5
             8xQjdUeivXtpyEyHoEfnQmTBprCiupxhJnFMZfOrWIaz2GM10XVyAQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-30T06:23:46Z"
-    mac: ENC[AES256_GCM,data:XXePpraFA+62stSrsZIvUZeDFPk7vvIoZZzOU4eVS0DNK4Bh3xTuH+2jbwgPvOSwqWgkDNim+Aj0a6mqev3UzDF+/KYgaU8lCdGkFmVG099DTuD9j+lCgihXGTSgrSPPGjALU7GvlKVgWfSK531wzPCwKlsM57JPvvhiJeELKDQ=,iv:29QVDVTNQMy46de5BuH6sjVzVPoa/2JudkbVNho/Ta0=,tag:WkHsAzmQXoEFNHv/1A2/7Q==,type:str]
+    lastmodified: "2024-12-13T00:04:35Z"
+    mac: ENC[AES256_GCM,data:fYzXspkMjKmsITJcrfFmnD35xg8iUShbt6wat/bdjc5RJRgpKouWEPjI9W6Jur55l8uZ1LWx0HbXn1d9jZ5ER4lQ/jXuwSDLWDFfnmHqG5sG+A+rhsYFPqhzxxRGIETI6yTe0E/YhmDsABbH3hUIE2DSLU+VHfUjfPwW59NKgnk=,iv:vpnWlGq5dnHjs92S1cV267qva/qcDmoPsVFrE3rnH2o=,tag:jKUBbEuPRKbEd281LNnYqw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.9.1
diff --git a/infra/gcp/01-project.tf b/infra/gcp/01-project.tf
@@ -112,3 +112,7 @@ resource "google_compute_firewall" "default-ssh" {
         "213.78.238.32/32"
     ]
 }
+
+output "frappe_ip_address" {
+  value = google_compute_address.frappe-static.address
+}
diff --git a/infra/gcp/frappe/docker-compose.yaml b/infra/gcp/frappe/docker-compose.yaml
@@ -7,3 +7,14 @@ services:
     restart: always
     volumes:
       - ./nginx.conf:/etc/nginx/conf.d/nginx.conf:ro
+      - certbot_data:/var/www/certbot/:ro
+      - letsencrypt_data:/etc/nginx/ssl/:ro
+  certbot:
+    image: certbot/certbot:latest
+    volumes:
+      - certbot_data:/var/www/certbot/:rw
+      - letsencrypt_data:/etc/letsencrypt/:rw
+
+volumes:
+  certbot_data:
+  letsencrypt_data:
diff --git a/infra/gcp/frappe/frappe.yaml b/infra/gcp/frappe/frappe.yaml
@@ -0,0 +1,195 @@
+version: "3"
+
+services:
+  backend:
+    image: frappe/erpnext:v15.35.0
+    deploy:
+      restart_policy:
+        condition: on-failure
+    volumes:
+      - sites:/home/frappe/frappe-bench/sites
+      - logs:/home/frappe/frappe-bench/logs
+
+  configurator:
+    image: frappe/erpnext:v15.35.0
+    deploy:
+      restart_policy:
+        condition: none
+    entrypoint:
+      - bash
+      - -c
+    # add redis_socketio for backward compatibility
+    command:
+      - >
+        ls -1 apps > sites/apps.txt;
+        bench set-config -g db_host $$DB_HOST;
+        bench set-config -gp db_port $$DB_PORT;
+        bench set-config -g redis_cache "redis://$$REDIS_CACHE";
+        bench set-config -g redis_queue "redis://$$REDIS_QUEUE";
+        bench set-config -g redis_socketio "redis://$$REDIS_QUEUE";
+        bench set-config -gp socketio_port $$SOCKETIO_PORT;
+    environment:
+      DB_HOST: db
+      DB_PORT: "3306"
+      REDIS_CACHE: redis-cache:6379
+      REDIS_QUEUE: redis-queue:6379
+      SOCKETIO_PORT: "9000"
+    volumes:
+      - sites:/home/frappe/frappe-bench/sites
+      - logs:/home/frappe/frappe-bench/logs
+
+  create-site:
+    image: frappe/erpnext:v15.35.0
+    deploy:
+      restart_policy:
+        condition: none
+    volumes:
+      - sites:/home/frappe/frappe-bench/sites
+      - logs:/home/frappe/frappe-bench/logs
+    entrypoint:
+      - bash
+      - -c
+    command:
+      - >
+        wait-for-it -t 120 db:3306;
+        wait-for-it -t 120 redis-cache:6379;
+        wait-for-it -t 120 redis-queue:6379;
+        export start=`date +%s`;
+        until [[ -n `grep -hs ^ sites/common_site_config.json | jq -r ".db_host // empty"` ]] && \
+          [[ -n `grep -hs ^ sites/common_site_config.json | jq -r ".redis_cache // empty"` ]] && \
+          [[ -n `grep -hs ^ sites/common_site_config.json | jq -r ".redis_queue // empty"` ]];
+        do
+          echo "Waiting for sites/common_site_config.json to be created";
+          sleep 5;
+          if (( `date +%s`-start > 120 )); then
+            echo "could not find sites/common_site_config.json with required keys";
+            exit 1
+          fi
+        done;
+        echo "sites/common_site_config.json found";
+        bench new-site --no-mariadb-socket --admin-password=admin --db-root-password=admin --install-app erpnext --set-default frontend;
+
+  db:
+    image: mariadb:10.6
+    healthcheck:
+      test: mysqladmin ping -h localhost --password=admin
+      interval: 1s
+      retries: 15
+    deploy:
+      restart_policy:
+        condition: on-failure
+    command:
+      - --character-set-server=utf8mb4
+      - --collation-server=utf8mb4_unicode_ci
+      - --skip-character-set-client-handshake
+      - --skip-innodb-read-only-compressed # Temporary fix for MariaDB 10.6
+    environment:
+      MYSQL_ROOT_PASSWORD: admin
+    volumes:
+      - db-data:/var/lib/mysql
+
+  tls:
+    image: nginx:1.27.1
+    volumes:
+      - ${PWD}/certs:/certs
+      - ${PWD}/nginx-4.conf:/etc/nginx/nginx.conf
+    restart: on-failure
+    ports:
+      - 443:443
+      - 8080:8080
+
+  frontend:
+    image: frappe/erpnext:v15.35.0
+    depends_on:
+      - websocket
+    deploy:
+      restart_policy:
+        condition: on-failure
+    command:
+      - nginx-entrypoint.sh
+    environment:
+      BACKEND: backend:8000
+      FRAPPE_SITE_NAME_HEADER: frontend
+      SOCKETIO: websocket:9000
+      UPSTREAM_REAL_IP_HEADER: X-Forwarded-For
+      UPSTREAM_REAL_IP_RECURSIVE: "off"
+      PROXY_READ_TIMEOUT: 120
+      CLIENT_MAX_BODY_SIZE: 50m
+    volumes:
+      - sites:/home/frappe/frappe-bench/sites
+      - logs:/home/frappe/frappe-bench/logs
+
+  queue-long:
+    image: frappe/erpnext:v15.35.0
+    deploy:
+      restart_policy:
+        condition: on-failure
+    command:
+      - bench
+      - worker
+      - --queue
+      - long,default,short
+    volumes:
+      - sites:/home/frappe/frappe-bench/sites
+      - logs:/home/frappe/frappe-bench/logs
+
+  queue-short:
+    image: frappe/erpnext:v15.35.0
+    deploy:
+      restart_policy:
+        condition: on-failure
+    command:
+      - bench
+      - worker
+      - --queue
+      - short,default
+    volumes:
+      - sites:/home/frappe/frappe-bench/sites
+      - logs:/home/frappe/frappe-bench/logs
+
+  redis-queue:
+    image: redis:6.2-alpine
+    deploy:
+      restart_policy:
+        condition: on-failure
+    volumes:
+      - redis-queue-data:/data
+
+  redis-cache:
+    image: redis:6.2-alpine
+    deploy:
+      restart_policy:
+        condition: on-failure
+    volumes:
+      - redis-cache-data:/data
+
+  scheduler:
+    image: frappe/erpnext:v15.35.0
+    deploy:
+      restart_policy:
+        condition: on-failure
+    command:
+      - bench
+      - schedule
+    volumes:
+      - sites:/home/frappe/frappe-bench/sites
+      - logs:/home/frappe/frappe-bench/logs
+
+  websocket:
+    image: frappe/erpnext:v15.35.0
+    deploy:
+      restart_policy:
+        condition: on-failure
+    command:
+      - node
+      - /home/frappe/frappe-bench/apps/frappe/socketio.js
+    volumes:
+      - sites:/home/frappe/frappe-bench/sites
+      - logs:/home/frappe/frappe-bench/logs
+
+volumes:
+  db-data:
+  redis-queue-data:
+  redis-cache-data:
+  sites:
+  logs:
diff --git a/infra/main.tf b/infra/main.tf
@@ -8,6 +8,7 @@ terraform {
 }
 module "cloudflare" {
   source = "./cloudflare/"
+  ip_address = module.gcp.frappe_ip_address
 }
 
 module "gcp" {