From a295d69fcfabe64bd17ae05f1948505531ea99a2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 15 Jun 2020 00:39:03 +0200 Subject: [PATCH] Add Denise websites --- .../buildbot/projects/denise/__init__.py | 72 +++++++++++++++++++ modules/private/default.nix | 2 + modules/private/websites/default.nix | 2 + modules/private/websites/denise/oms.nix | 49 +++++++++++++ .../private/websites/denise/production.nix | 25 +++++++ 5 files changed, 150 insertions(+) create mode 100644 modules/private/buildbot/projects/denise/__init__.py create mode 100644 modules/private/websites/denise/oms.nix create mode 100644 modules/private/websites/denise/production.nix diff --git a/modules/private/buildbot/projects/denise/__init__.py b/modules/private/buildbot/projects/denise/__init__.py new file mode 100644 index 0000000..8809d3d --- /dev/null +++ b/modules/private/buildbot/projects/denise/__init__.py @@ -0,0 +1,72 @@ +from buildbot.plugins import * +from buildbot_common.build_helpers import * +import os +from buildbot.util import bytes2unicode +import json + +__all__ = [ "configure", "E" ] + +class E(): + PROJECT = "denise" + BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT) + SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT) + PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT) + SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key" + SSH_HOST_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF" + + OMS_RELEASE_PATH = "/var/lib/buildbot/outputs/denise_oms" + OMS_GIT_URL = "gitolite@git.immae.eu:perso/Denise/oms" + + # master.cfg + SECRETS_FILE = os.getcwd() + "/secrets" + LDAP_URL = "ldaps://ldap.immae.eu:636" + LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu" + LDAP_BASE = "dc=immae,dc=eu" + LDAP_PATTERN = "(uid=%(username)s)" + LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=denise,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))" + TITLE_URL = "https://oms.syanni.eu" + TITLE = "Syanni website" + +class CustomBase(webhooks.base): + def getChanges(self, request): + try: + content = request.content.read() + args = json.loads(bytes2unicode(content)) + except Exception as e: + raise ValueError("Error loading JSON: " + str(e)) + + args.setdefault("comments", "") + args.setdefault("repository", "") + args.setdefault("author", args.get("who", "unknown")) + + return ([args], None) + +def configure(c): + c["buildbotURL"] = E.BUILDBOT_URL + c["www"]["port"] = E.SOCKET + + c["www"]["change_hook_dialects"]["base"] = { + "custom_class": CustomBase + } + c['workers'].append(worker.LocalWorker("generic-worker-denise")) + + c['schedulers'].append(hook_scheduler("DeniseOMS", timer=1)) + c['schedulers'].append(force_scheduler("force_denise", [ + "DeniseOMS_build" + ])) + + c['builders'].append(denise_oms_factory()) + +def denise_oms_factory(): + factory = util.BuildFactory() + factory.addStep(steps.Git(logEnviron=False, repourl=E.OMS_GIT_URL, + submodules=True, sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(), + sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy")) + factory.addStep(steps.MasterShellCommand(command="rm -rf {}".format(E.OMS_RELEASE_PATH))) + factory.addStep(steps.DirectoryUpload(workersrc="../source", + masterdest=E.OMS_RELEASE_PATH, + url="https://oms.syanni.eu")) + factory.addStep(steps.MasterShellCommand(command="chmod -R a+rX {}".format(E.OMS_RELEASE_PATH))) + factory.addStep(steps.MasterShellCommand(command="kill $(cat /run/denise_oms/gunicorn.pid)")) + + return util.BuilderConfig(name="DeniseOMS_build", workernames=["generic-worker-denise"], factory=factory) diff --git a/modules/private/default.nix b/modules/private/default.nix index bcd6e23..17dedd4 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix @@ -31,6 +31,8 @@ set = { deniseDenisejeromeProd = ./websites/denise/denisejerome.nix; deniseEvariste = ./websites/denise/evariste.nix; + deniseOMS = ./websites/denise/oms.nix; + deniseProduction = ./websites/denise/production.nix; emiliaMoodle = ./websites/emilia/moodle.nix; diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index d55d2dd..864d5d9 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix @@ -232,6 +232,8 @@ in denise = { evariste.enable = true; denisejerome.enable = true; + oms.enable = true; + production.enable = true; }; emilia.moodle.enable = true; diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix new file mode 100644 index 0000000..9650468 --- /dev/null +++ b/modules/private/websites/denise/oms.nix @@ -0,0 +1,49 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.myServices.websites.denise.oms; + varDir = "/var/lib/buildbot/outputs/denise_oms"; + socket = "/run/denise_oms/socket.sock"; +in { + options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website"; + + config = lib.mkIf cfg.enable { + services.websites.env.production.vhostConfs.denise_oms = { + certName = "denise"; + addToCerts = true; + hosts = [ "oms.syanni.eu" ]; + root = null; + extraConfig = [ + '' + ProxyPreserveHost on + ProxyVia On + ProxyRequests Off + ProxyPassMatch ^/.well-known/acme-challenge ! + ProxyPass / unix://${socket}|http://oms.syanni.eu/ + ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/ + '' + ]; + }; + + systemd.services.denise-oms = { + description = "Denise OMS website"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + WorkingDirectory = varDir; + ExecStart = let + python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib ]); + in + "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app"; + User = "buildbot"; + Restart = "always"; + RestartSec = "5s"; + PIDFile = "/run/denise_oms/gunicorn.pid"; + RuntimeDirectory = "denise_oms"; + StandardOutput = "journal"; + StandardError = "inherit"; + }; + }; + }; +} diff --git a/modules/private/websites/denise/production.nix b/modules/private/websites/denise/production.nix new file mode 100644 index 0000000..9b28e9e --- /dev/null +++ b/modules/private/websites/denise/production.nix @@ -0,0 +1,25 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.myServices.websites.denise.production; +in { + options.myServices.websites.denise.production.enable = lib.mkEnableOption "enable Denise's website"; + + config = lib.mkIf cfg.enable { + services.websites.env.production.vhostConfs.denise_production = { + certName = "denise"; + addToCerts = true; + hosts = [ "syanni.eu" "www.syanni.eu" ]; + root = ../_www; + extraConfig = [ + '' + + DirectoryIndex index.htm index.html + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride AuthConfig + Require all granted + + '' + ]; + }; + }; +} -- 2.41.0