ConfigLMM 0.2.0 → 0.4.0

data/Plugins/Apps/Discourse/Discourse.lmm.rb

@@ -0,0 +1,95 @@
+
+module ConfigLMM
+    module LMM
+        class Discourse < Framework::NginxApp
+
+            USER = 'discourse'
+            HOME_DIR = '/var/lib/discourse'
+            HOST_IP = '10.0.2.2'
+
+            def actionDiscourseDeploy(id, target, activeState, context, options)
+                raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
+
+                target['Database'] ||= {}
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+
+                    self.class.sshStart(uri) do |ssh|
+
+                        dbPassword = self.configurePostgreSQL(target['Database'], ssh)
+                        distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
+                        Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'Discourse', distroInfo, ssh)
+                        self.class.sshExec!(ssh, "su --login #{USER} --shell /bin/sh --command 'mkdir -p ~/data ~/sidekiq'")
+
+                        path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
+                        self.class.exec("echo 'DISCOURSE_DATABASE_HOST=#{HOST_IP}' > #{path}/Discourse.env", ssh)
+                        self.class.exec("echo 'DISCOURSE_DATABASE_NAME=#{USER}' >> #{path}/Discourse.env", ssh)
+                        self.class.exec(" echo 'DISCOURSE_DATABASE_USER=#{USER}' >> #{path}/Discourse.env", ssh)
+                        self.class.exec(" echo 'DISCOURSE_DATABASE_PASSWORD=#{dbPassword}' >> #{path}/Discourse.env", ssh)
+                        self.class.exec("echo 'DISCOURSE_HOST=#{target['Domain']}' >> #{path}/Discourse.env", ssh)
+
+                        self.class.exec("echo 'DISCOURSE_REDIS_HOST=#{HOST_IP}' >> #{path}/Discourse.env", ssh)
+                        self.class.exec(" echo 'DISCOURSE_REDIS_PASSWORD=#{ENV['REDIS_PASSWORD']}' >> #{path}/Discourse.env", ssh)
+
+                        if target['SMTP']
+                            host = target['SMTP']['Host']
+                            host = HOST_IP if ['localhost', '127.0.0.1'].include?(host)
+                            self.class.exec("echo 'DISCOURSE_SMTP_HOST=#{host}' >> #{path}/Discourse.env", ssh)
+                            self.class.exec("echo 'DISCOURSE_SMTP_PORT_NUMBER=#{target['SMTP']['Port']}' >> #{path}/Discourse.env", ssh)
+                            self.class.exec(" echo 'DISCOURSE_SMTP_USER=#{target['SMTP']['Username']}' >> #{path}/Discourse.env", ssh)
+                            self.class.exec(" echo 'DISCOURSE_SMTP_PASSWORD=#{ENV['DISCOURSE_SMTP_PASSWORD']}' >> #{path}/Discourse.env", ssh)
+                            auth = target['SMTP']['Auth'].to_s.downcase
+                            auth = 'plain' if auth.empty?
+                            self.class.exec("echo 'DISCOURSE_SMTP_AUTH=#{auth}' >> #{path}/Discourse.env", ssh)
+                            if target['SMTP']['Port'] == 465
+                                self.class.exec("echo 'DISCOURSE_EXTRA_CONF_CONTENT=smtp_force_tls = true' >> #{path}/Discourse.env", ssh)
+                            end
+                        end
+
+                        self.class.exec(" echo 'DISCOURSE_PRECOMPILE_ASSETS=no' >> #{path}/Discourse.env", ssh)
+                        self.class.exec("echo 'CHEAP_SOURCE_MAPS=1' >> #{path}/Discourse.env", ssh)
+                        self.class.exec("echo 'JOBS=1' >> #{path}/Discourse.env", ssh)
+
+                        self.class.exec("chown #{USER}:#{USER} #{path}/Discourse.env", ssh)
+                        self.class.exec("chmod 600 #{path}/Discourse.env", ssh)
+
+                        ssh.scp.upload!(__dir__ + '/Discourse.container', path)
+                        ssh.scp.upload!(__dir__ + '/Discourse-Sidekiq.container', path)
+                        self.class.exec("systemctl --user --machine=#{USER}@ daemon-reload", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart Discourse", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart Discourse-Sidekiq", ssh)
+
+                        Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
+                        Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
+                        self.class.prepareNginxConfig(target, ssh)
+                        self.writeNginxConfig(__dir__, 'Discourse', id, target, state, context, options)
+                        self.deployNginxConfig(id, target, activeState, context, options)
+                        Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
+
+                        containers = JSON.parse(self.class.exec("su --login #{USER} --shell /usr/bin/sh --command 'podman ps --format json --filter name=^Discourse$'", ssh).strip)
+                        raise 'Failed to find container!' if containers.empty?
+                        if !target['Plugins'].to_a.empty?
+                            target['Plugins'].each do |plugin|
+                                self.class.exec("su --login #{USER} --shell /usr/bin/sh --command \"podman exec --workdir /opt/bitnami/discourse #{containers.first['Id']} sh -c 'RAILS_ENV=production bundle exec rake plugin:install repo=#{plugin}'\"", ssh, true)
+                            end
+                        end
+
+                        self.class.exec("su --login #{USER} --shell /usr/bin/sh --command \"podman exec --workdir /opt/bitnami/discourse #{containers.first['Id']} sh -c 'RAILS_ENV=production CHEAP_SOURCE_MAPS=1 JOBS=1 bundle exec rake assets:precompile'\"", ssh)
+                    end
+                else
+                    # TODO
+                end
+            end
+
+            def configurePostgreSQL(settings, ssh)
+                password = SecureRandom.alphanumeric(20)
+                PostgreSQL.createRemoteUserAndDBOverSSH(settings, USER, password, ssh)
+                PostgreSQL.createExtensions(settings, USER, ['hstore', 'pg_trgm'], ssh)
+                password
+            end
+
+        end
+    end
+end
+

data/Plugins/Apps/Dovecot/Dovecot.lmm.rb

@@ -4,13 +4,184 @@ module ConfigLMM
         class Dovecot < Framework::Plugin
             PACKAGE_NAME = 'Dovecot'
             SERVICE_NAME = 'dovecot'
+            DOVECOT_DIR = '/etc/dovecot/'
+            EMAIL_HOME = '/var/lib/email'
+            EMAIL_USER = 'email'
 
             def actionDovecotDeploy(id, target, activeState, context, options)
                 plugins[:Linux].ensurePackage(PACKAGE_NAME, target['Location'])
                 plugins[:Linux].ensureServiceAutoStart(SERVICE_NAME, target['Location'])
+
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+
+                    self.class.sshStart(uri) do |ssh|
+                        distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
+                        addUserCmd = "#{distroInfo['CreateServiceUser']} --home-dir '#{EMAIL_HOME}' --create-home --comment 'Dovecot EMail' #{EMAIL_USER}"
+                        self.class.sshExec!(ssh, addUserCmd, true)
+                        uid = self.class.sshExec!(ssh, "id -u #{EMAIL_USER}").strip
+
+                        cmd = "sed -i 's|^#mail_uid =.*|mail_uid = #{uid}|' #{DOVECOT_DIR}conf.d/10-mail.conf"
+                        self.class.sshExec!(ssh, cmd)
+                        cmd = "sed -i 's|^#mail_gid =.*|mail_gid = #{uid}|' #{DOVECOT_DIR}conf.d/10-mail.conf"
+                        self.class.sshExec!(ssh, cmd)
+                        cmd = "sed -i 's|^#mail_location =.*|mail_location = maildir:~/Mail|' #{DOVECOT_DIR}conf.d/10-mail.conf"
+                        self.class.sshExec!(ssh, cmd)
+
+                        if !target['Protocols'].to_a.empty?
+                            updateRemoteFile(ssh, DOVECOT_DIR + 'dovecot.conf', options) do |configLines|
+                                configLines << "protocols = #{target['Protocols'].join(' ')}\n"
+                            end
+                        end
+
+                        updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-mail.conf', options) do |configLines|
+                            configLines << "mail_home = #{EMAIL_HOME}/emails/%u\n"
+                            configLines << "first_valid_uid = #{uid}\n"
+                            configLines << "last_valid_uid = #{uid}\n"
+                        end
+
+                        self.class.cutConfigSection(DOVECOT_DIR + 'conf.d/10-master.conf', 'service lmtp', options, ssh)
+                        updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-master.conf', options) do |configLines|
+                            configLines << "service lmtp {\n"
+                            configLines << "    unix_listener lmtp {\n"
+                            configLines << "        user = postfix\n"
+                            configLines << "        group = postfix\n"
+                            configLines << "        mode = 0600\n"
+                            configLines << "    }\n"
+                            configLines << "}\n"
+                        end
+
+                        self.class.cutConfigSection(DOVECOT_DIR + 'conf.d/15-mailboxes.conf', 'namespace inbox', options, ssh)
+                        updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/15-mailboxes.conf', options) do |configLines|
+                            configLines << "namespace inbox {\n"
+                            configLines << "    mailbox Drafts {\n"
+                            configLines << "        special_use = \\Drafts\n"
+                            configLines << "        auto = subscribe\n"
+                            configLines << "    }\n"
+                            #configLines << "    mailbox Junk {\n"
+                            #configLines << "        special_use = \\Junk\n"
+                            #configLines << "        auto = subscribe\n"
+                            #configLines << "    }\n"
+                            configLines << "    mailbox Trash {\n"
+                            configLines << "        special_use = \\Trash\n"
+                            configLines << "        auto = subscribe\n"
+                            configLines << "    }\n"
+                            configLines << "    mailbox Sent {\n"
+                            configLines << "        special_use = \\Sent\n"
+                            configLines << "        auto = subscribe\n"
+                            configLines << "    }\n"
+                            configLines << "}\n"
+                        end
+
+                        Framework::LinuxApp.firewallAddService('imaps', ssh)
+
+                        cmd = "sed -i 's|^!include auth-system.conf.ext|#!include auth-system.conf.ext|' #{DOVECOT_DIR}conf.d/10-auth.conf"
+                        self.class.sshExec!(ssh, cmd)
+
+                        if target['OAuth2']
+                            cmd = "sed -i 's|auth_mechanisms =.*|auth_mechanisms = xoauth2 oauthbearer|' #{DOVECOT_DIR}conf.d/10-auth.conf"
+                            self.class.sshExec!(ssh, cmd)
+
+                            updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-auth.conf', options) do |configLines|
+                                configLines << "userdb {\n"
+                                configLines << "    driver = static\n"
+                                configLines << "    args = allow_all_users=yes\n"
+                                configLines << "}\n"
+                                configLines << "passdb {\n"
+                                configLines << "    driver = oauth2\n"
+                                configLines << "    mechanisms = xoauth2 oauthbearer\n"
+                                configLines << "    args = #{DOVECOT_DIR}dovecot-oauth2.conf.ext\n"
+                                configLines << "}\n"
+                            end
+
+                            updateRemoteFile(ssh, DOVECOT_DIR + 'dovecot-oauth2.conf.ext', options) do |configLines|
+                                # Need v2.3.16+
+                                #configLines << "openid_configuration_url = #{target['OAuth2']['OIDC']}\n"
+                                if target['OAuth2']['TokenInfo']
+                                    configLines << "tokeninfo_url = #{target['OAuth2']['TokenInfo']}\n"
+                                end
+                                if target['OAuth2']['Introspection']
+                                    configLines << "introspection_url = #{target['OAuth2']['Introspection']}\n"
+                                end
+                                if target['OAuth2']['ClientID']
+                                    configLines << "client_id = #{target['OAuth2']['ClientID']}\n"
+                                end
+                                if ENV['DOVECOT_OAUTH2_SECRET']
+                                    configLines << "client_secret = #{ENV['DOVECOT_OAUTH2_SECRET']}\n"
+                                end
+                            end
+                        else
+                            cmd = "sed -i 's|auth_mechanisms =.*|auth_mechanisms = plain|' #{DOVECOT_DIR}conf.d/10-auth.conf"
+                            self.class.sshExec!(ssh, cmd)
+
+                            updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-auth.conf', options) do |configLines|
+                                configLines << "auth_username_format = %u\n"
+                                configLines << "userdb {\n"
+                                configLines << "    driver = static\n"
+                                configLines << "    args = allow_all_users=yes\n"
+                                configLines << "}\n"
+                                configLines << "passdb {\n"
+                                configLines << "    driver = passwd-file\n"
+                                configLines << "    args = #{DOVECOT_DIR}passwords\n"
+                                configLines << "}\n"
+                            end
+                            self.class.sshExec!(ssh, "touch #{DOVECOT_DIR}passwords")
+                            self.class.sshExec!(ssh, "chown dovecot:dovecot #{DOVECOT_DIR}passwords")
+                            self.class.sshExec!(ssh, "chmod 600 #{DOVECOT_DIR}passwords")
+                        end
+
+                        certDir = Framework::LinuxApp.createCertificateOverSSH(ssh)
+                        updateRemoteFile(ssh, DOVECOT_DIR + 'conf.d/10-ssl.conf', options) do |configLines|
+                            configLines << "ssl_cert = <#{certDir}fullchain.pem\n"
+                            configLines << "ssl_key = <#{certDir}privkey.pem\n"
+                        end
+                    end
+                else
+                    # TODO
+                end
+
                 plugins[:Linux].startService(SERVICE_NAME, target['Location'])
+
+                activeState['Status'] = State::STATUS_DEPLOYED
             end
 
+            def cleanup(configs, state, context, options)
+                cleanupType(:Dovecot, configs, state, context, options) do |item, id, state, context, options, ssh|
+                    Framework::LinuxApp.stopService(SERVICE_NAME, ssh, options[:dry])
+                    Framework::LinuxApp.firewallRemoveService('imaps', ssh, options[:dry])
+                    Framework::LinuxApp.removePackage(PACKAGE_NAME, ssh, options[:dry])
+
+                    state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+
+                    if options[:destroy]
+                        Framework::LinuxApp.deleteUserAndGroup(EMAIL_USER, ssh, options[:dry])
+
+                        state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                    end
+                end
+            end
+
+            def self.cutConfigSection(file, sectionStart, options, ssh)
+                localFile = options['output'] + '/' + SecureRandom.alphanumeric(10)
+                File.write(localFile, '')
+                self.sshExec!(ssh, "touch #{file}")
+                ssh.scp.download!(file, localFile)
+                fileData = File.read(localFile)
+                position = fileData.index(sectionStart)
+                if position
+                    # Find the index of the closing brace of the section
+                    # We use a regular expression to find the next non-nested closing brace
+                    match = fileData[position..-1].match(/(?<=\{)(.*?)(^\})/m)
+                    if match
+                        fileData = fileData[0...position] + fileData[(position + match.end(0))..-1]
+                    else
+                        fileData = fileData[0...position]
+                    end
+                    File.write(localFile, fileData)
+                    ssh.scp.upload!(localFile, file)
+                end
+            end
         end
 
     end

data/Plugins/Apps/ERPNext/ERPNext-Frontend.container

@@ -0,0 +1,19 @@
+
+[Unit]
+Description=ERPNext Frontend container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext-Frontend
+Image=ConfigLM.moe/erpnext:v$VERSION
+Exec=nginx-entrypoint.sh
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+PublishPort=127.0.0.1:18400:8080
+Network=ERPNext
+HostName=ERPNext-Frontend
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext-Queue.container

@@ -0,0 +1,17 @@
+
+[Unit]
+Description=ERPNext Queue container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext-Queue
+Image=ConfigLM.moe/erpnext:v$VERSION
+Exec=bench worker --queue long,default,short
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+Network=slirp4netns:allow_host_loopback=true
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext-Scheduler.container

@@ -0,0 +1,17 @@
+
+[Unit]
+Description=ERPNext Scheduler container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext-Scheduler
+Image=ConfigLM.moe/erpnext:v$VERSION
+Exec=bench schedule
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target
+

data/Plugins/Apps/ERPNext/ERPNext-Websocket.container

@@ -0,0 +1,19 @@
+
+[Unit]
+Description=ERPNext Websocket container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext-Websocket
+Image=ConfigLM.moe/erpnext:v$VERSION
+Exec=node /home/frappe/frappe-bench/apps/frappe/socketio.js
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+Network=ERPNext
+IP=10.90.50.11
+HostName=ERPNext-Websocket
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext.container

@@ -0,0 +1,18 @@
+
+[Unit]
+Description=ERPNext container
+After=local-fs.target
+
+[Container]
+ContainerName=ERPNext
+Image=ConfigLM.moe/erpnext:v$VERSION
+EnvironmentFile=/var/lib/erpnext/.config/containers/systemd/ERPNext.env
+Network=ERPNext
+IP=10.90.50.10
+HostName=ERPNext
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/erpnext/sites:/home/frappe/frappe-bench/sites
+Volume=/var/lib/erpnext/logs:/home/frappe/frappe-bench/logs
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/ERPNext/ERPNext.lmm.rb

@@ -0,0 +1,193 @@
+
+module ConfigLMM
+    module LMM
+        class ERPNext < Framework::NginxApp
+
+            USER = 'erpnext'
+            HOME_DIR = '/var/lib/erpnext'
+            VERSION = '15'
+            FRAPPE_REPO = 'https://github.com/frappe/frappe_docker.git'
+            IMAGE_ID = 'ConfigLM.moe/erpnext:v' + VERSION
+
+            def actionERPNextBuild(id, target, activeState, context, options)
+                buildContainer(id, target, options)
+            end
+
+            def buildContainer(id, target, options)
+                begin
+                    Framework::LinuxApp.ensurePackage('git', '@me', 'git')
+                    Framework::LinuxApp.ensurePackage('Podman', '@me', 'podman')
+                rescue RuntimeError => error
+                    prompt.say(error, :color => :red)
+                end
+                frappe = File.expand_path(REPOS_CACHE + '/frappe_docker')
+                if !File.exist?(frappe)
+                    mkdir(File.expand_path(REPOS_CACHE), false)
+                    self.class.exec('cd #{REPOS_CACHE} && git clone --quiet #{FRAPPE_REPO}')
+                else
+                    self.class.exec('cd #{REPOS_CACHE}/frappe_docker && git pull --quiet')
+                end
+                self.class.exec('cd #{REPOS_CACHE}/frappe_docker && git checkout . --quiet')
+
+                if !self.class.cmdSuccess?("podman image exists #{IMAGE_ID}")
+                    appsJSON = Base64.urlsafe_encode64(File.read(__dir__ + '/sites/apps.json').gsub('$VERSION', VERSION))
+                    self.class.exec("cd #{REPOS_CACHE}/frappe_docker && podman build --tag=#{IMAGE_ID} --build-arg APPS_JSON_BASE64=#{appsJSON} --build-arg FRAPPE_BRANCH=version-#{VERSION}  --file images/custom/Containerfile .")
+                end
+            end
+
+            def actionERPNextDeploy(id, target, activeState, context, options)
+                raise Framework::PluginProcessError.new('Domain field must be set!') if (!target.key?('Proxy') || target['Proxy']) && !target['Domain']
+
+                target['Database'] ||= {}
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+
+                    self.class.sshStart(uri) do |ssh|
+
+                        activeState['Database'] = target['Database']
+                        dbPassword = self.configureMariaDB(target['Database'], activeState, ssh)
+                        distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
+                        Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'ERPNext', distroInfo, ssh)
+                        self.class.exec("su --login #{USER} --shell /bin/sh --command 'mkdir -p ~/sites ~/logs'", ssh)
+
+                        cmd = self.class.cmdSSH(uri)
+                        self.class.exec("podman image save ConfigLM.moe/erpnext:v#{VERSION} | #{cmd} 'cat > #{HOME_DIR}/erpnext.tar'")
+                        self.class.exec("su --login #{USER} --shell /usr/bin/sh --command 'podman image load --input erpnext.tar'", ssh)
+                        self.class.exec("rm -f #{HOME_DIR}/erpnext.tar", ssh)
+
+                        path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
+                        self.class.exec(" echo 'FRAPPE_DB_PASSWORD=#{dbPassword}' > #{path}/ERPNext.env", ssh)
+                        self.class.exec("echo 'FRAPPE_SITE_NAME_HEADER=erpnext' >> #{path}/ERPNext.env", ssh)
+                        #self.class.exec("echo 'UPSTREAM_REAL_IP_ADDRESS=127.0.0.1' >> #{path}/ERPNext.env", ssh)
+                        #self.class.exec("echo 'UPSTREAM_REAL_IP_RECURSIVE=on' >> #{path}/ERPNext.env", ssh)
+                        self.class.exec("echo 'BACKEND=10.90.50.10:8000' >> #{path}/ERPNext.env", ssh)
+                        self.class.exec("echo 'SOCKETIO=10.90.50.11:9000' >> #{path}/ERPNext.env", ssh)
+
+                        self.class.exec("chown #{USER}:#{USER} #{path}/ERPNext.env", ssh)
+                        self.class.exec("chmod 600 #{path}/ERPNext.env", ssh)
+
+                        ssh.scp.upload!(__dir__ + '/sites/apps.txt', HOME_DIR + '/sites/')
+                        ssh.scp.upload!(__dir__ + '/sites/common_site_config.json', HOME_DIR + '/sites/')
+
+                        if target['Database'] && target['Database']['HostName']
+                            self.class.exec("sed -i 's|\"10.0.2.2\"|\"#{target['Database']['HostName']}\"|' #{HOME_DIR}/sites/common_site_config.json", ssh)
+                        end
+
+                        if target['Valkey']
+                            self.class.exec("sed -i 's|10.0.2.2:6379|#{target['Valkey']}|' #{HOME_DIR}/sites/common_site_config.json", ssh)
+                        end
+
+                        valkeyPassword = ENV[id + '-VALKEY_PASSWORD'] || ENV['VALKEY_PASSWORD']
+                        if valkeyPassword
+                            self.class.exec("sed -i 's|\"use_rq_auth\": false|\"use_rq_auth\": true|' #{HOME_DIR}/sites/common_site_config.json", ssh)
+                            self.class.exec("sed -i 's|$VALKEY_PASSWORD|#{valkeyPassword}|' #{HOME_DIR}/sites/common_site_config.json", ssh)
+                        end
+
+                        self.class.exec("chown -R #{USER}:#{USER} " + HOME_DIR + '/sites', ssh)
+
+                        ssh.scp.upload!(__dir__ + '/ERPNext.network', path)
+                        ssh.scp.upload!(__dir__ + '/ERPNext.container', path)
+                        ssh.scp.upload!(__dir__ + '/ERPNext-Queue.container', path)
+                        ssh.scp.upload!(__dir__ + '/ERPNext-Scheduler.container', path)
+                        ssh.scp.upload!(__dir__ + '/ERPNext-Websocket.container', path)
+                        ssh.scp.upload!(__dir__ + '/ERPNext-Frontend.container', path)
+                        self.class.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext.container", ssh)
+                        self.class.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext-Queue.container", ssh)
+                        self.class.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext-Scheduler.container", ssh)
+                        self.class.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext-Websocket.container", ssh)
+                        self.class.exec("sed -i 's|$VERSION|#{VERSION}|' #{path}/ERPNext-Frontend.container", ssh)
+
+                        if !target.key?('Proxy') || target['Proxy']
+                            deployNginxProxyConfig('http://127.0.0.1:18400', 'ERPNext', id, target, activeState, state, context, options, ssh)
+                        elsif target.key?('Proxy') && target['Proxy'] == false
+                            self.class.exec("sed -i 's|PublishPort=127.0.0.1:18400:|PublishPort=0.0.0.0:18400:|' #{path}ERPNext-Frontend.container", ssh)
+                            Framework::LinuxApp.firewallAddPort('18400/tcp', ssh)
+                        end
+
+                        self.class.exec("systemctl --user --machine=#{USER}@ daemon-reload", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart ERPNext-network", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart ERPNext", ssh)
+
+                        containers = JSON.parse(self.class.exec("su --login #{USER} --shell /usr/bin/sh --command 'podman ps --format json --filter name=^ERPNext$'", ssh).strip)
+                        raise 'Failed to find container!' if containers.empty?
+
+                        MariaDB.executeRemotely(target['Database'], ssh) do |sshDB|
+                            if !MariaDB.tableExist?(USER, 'tabUser', sshDB)
+                                adminPassword = SecureRandom.alphanumeric(20)
+                                self.class.exec("rm -rf " + HOME_DIR + '/sites/erpnext', ssh)
+                                #self.class.exec(" su --login #{USER} --shell /usr/bin/sh --command \"podman exec #{containers.first['Id']} sh -c 'bench new-site --no-setup-db --db-name erpnext --db-user erpnext --admin-password #{adminPassword} --install-app erpnext --set-default erpnext'\"", ssh)
+                                dbAdminPassword = MariaDB.createAdmin(sshDB)
+                                MariaDB.executeSQL("DROP DATABASE #{USER}", nil, sshDB)
+                                self.class.exec(" su --login #{USER} --shell /usr/bin/sh --command \" podman exec #{containers.first['Id']} sh -c ' bench new-site --db-root-username admin --db-root-password #{dbAdminPassword} --db-name erpnext --admin-password #{adminPassword} --install-app erpnext --set-default erpnext'\"", ssh)
+                                MariaDB.dropAdmin(sshDB)
+                                self.class.exec("su --login #{USER} --shell /usr/bin/sh --command \"podman exec #{containers.first['Id']} sh -c 'bench --site erpnext install-app hrms'\"", ssh)
+                                prompt.say("Administrator password: #{adminPassword}", :color => :magenta)
+                            end
+                        end
+
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart ERPNext-Queue", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart ERPNext-Scheduler", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart ERPNext-Websocket", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart ERPNext-Frontend", ssh)
+
+
+                    end
+                else
+                    # TODO
+                end
+            end
+
+            def configureMariaDB(settings, activeState, ssh)
+                password = SecureRandom.alphanumeric(20)
+                MariaDB.createRemoteUserAndDB(settings, USER, password, ssh)
+                password
+            end
+
+            def cleanup(configs, state, context, options)
+                cleanupType(:ERPNext, configs, state, context, options) do |item, id, state, context, options, ssh|
+                    if item['Proxy'].nil? || item['Proxy']
+                        self.cleanupNginxConfig('ERPNext', id, state, context, options, ssh)
+                        self.class.reload(ssh, options[:dry])
+                    end
+                    Framework::LinuxApp.firewallRemovePort('18400/tcp', ssh, options[:dry])
+
+                    self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext", ssh, true, options[:dry])
+                    self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-Frontend", ssh, true, options[:dry])
+                    self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-Websocket", ssh, true, options[:dry])
+                    self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-Scheduler", ssh, true, options[:dry])
+                    self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-Queue", ssh, true, options[:dry])
+                    self.class.exec("systemctl --user --machine=#{USER}@ stop ERPNext-network", ssh, true, options[:dry])
+
+                    path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
+                    rm(path + 'ERPNext.network', options[:dry], ssh)
+                    rm(path + 'ERPNext.container', options[:dry], ssh)
+                    rm(path + 'ERPNext-Queue.container', options[:dry], ssh)
+                    rm(path + 'ERPNext-Scheduler.container', options[:dry], ssh)
+                    rm(path + 'ERPNext-Websocket.container', options[:dry], ssh)
+                    rm(path + 'ERPNext-Frontend.container', options[:dry], ssh)
+
+                    self.class.exec("podman rmi #{IMAGE_ID}", ssh, true, options[:dry])
+
+                    state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+
+                    if options[:destroy]
+                        item['Database'] ||= {}
+                        MariaDB.executeRemotely(item['Database'], ssh) do |sshDB|
+                            MariaDB.executeSQL("DROP DATABASE #{USER}", nil, sshDB, true, options[:dry])
+                        end
+                        Framework::LinuxApp.deleteUserAndGroup(USER, ssh, options[:dry])
+                        rm(HOME_DIR, options[:dry], ssh)
+                        rm('/var/log/nginx/erpnext.access.log', options[:dry], ssh)
+                        rm('/var/log/nginx/erpnext.error.log', options[:dry], ssh)
+
+                        state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                    end
+                end
+            end
+
+        end
+    end
+end
+
+

data/Plugins/Apps/ERPNext/ERPNext.network

@@ -0,0 +1,12 @@
+
+[Unit]
+Description=ERPNext network
+After=network-online.target
+
+[Network]
+NetworkName=ERPNext
+Subnet=10.90.50.0/28
+Gateway=10.90.50.1
+
+[Install]
+WantedBy=default.target

data/Plugins/Apps/ERPNext/sites/apps.json

@@ -0,0 +1,10 @@
+[
+  {
+    "url": "https://github.com/frappe/erpnext",
+    "branch": "version-$VERSION"
+  },
+  {
+    "url": "https://github.com/frappe/hrms",
+    "branch": "version-$VERSION"
+  }
+]

data/Plugins/Apps/ERPNext/sites/apps.txt

@@ -0,0 +1,3 @@
+erpnext
+frappe
+hrms

data/Plugins/Apps/ERPNext/sites/common_site_config.json

@@ -0,0 +1,11 @@
+{
+    "db_host": "10.0.2.2",
+    "db_port": 3306,
+    "redis_cache": "redis://default:$VALKEY_PASSWORD@10.0.2.2:6379",
+    "redis_queue": "redis://default:$VALKEY_PASSWORD@10.0.2.2:6379",
+    "redis_socketio": "redis://default:$VALKEY_PASSWORD@10.0.2.2:6379",
+    "use_rq_auth": false,
+    "rq_password": "$VALKEY_PASSWORD",
+    "rq_username": "default",
+    "socketio_port": 9000
+}

data/Plugins/Apps/GitLab/GitLab.container

@@ -0,0 +1,18 @@
+
+[Unit]
+Description=GitLab container
+After=local-fs.target firewalld.service
+
+[Container]
+Image=docker.io/gitlab/gitlab-ce:latest
+PublishPort=127.0.0.1:18100:80
+PublishPort=0.0.0.0:22:22
+Volume=/var/lib/gitlab/config:/etc/gitlab
+Volume=/var/lib/gitlab/logs:/var/log/gitlab
+Volume=/var/lib/gitlab/data:/var/opt/gitlab
+Volume=/var/lib/gitlab/backups:/var/opt/gitlab/backups
+ShmSize=256M
+AutoUpdate=registry
+
+[Install]
+WantedBy=multi-user.target default.target