Add Denise websites

diff --git a/modules/private/buildbot/projects/denise/__init__.py b/modules/private/buildbot/projects/denise/__init__.py
new file mode 100644 (file)
index 0000000..8809d3d
--- /dev/null
+++ b/modules/private/buildbot/projects/denise/__init__.py
@@ -0,0 +1,72 @@
+from buildbot.plugins import *
+from buildbot_common.build_helpers import *
+import os
+from buildbot.util import bytes2unicode
+import json
+
+__all__ = [ "configure", "E" ]
+
+class E():
+    PROJECT           = "denise"
+    BUILDBOT_URL      = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
+    SOCKET            = "unix:/run/buildbot/{}.sock".format(PROJECT)
+    PB_SOCKET         = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
+    SSH_KEY_PATH      = "/var/lib/buildbot/buildbot_key"
+    SSH_HOST_KEY      = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF"
+
+    OMS_RELEASE_PATH  = "/var/lib/buildbot/outputs/denise_oms"
+    OMS_GIT_URL       = "gitolite@git.immae.eu:perso/Denise/oms"
+
+    # master.cfg
+    SECRETS_FILE       = os.getcwd() + "/secrets"
+    LDAP_URL           = "ldaps://ldap.immae.eu:636"
+    LDAP_ADMIN_USER    = "cn=buildbot,ou=services,dc=immae,dc=eu"
+    LDAP_BASE          = "dc=immae,dc=eu"
+    LDAP_PATTERN       = "(uid=%(username)s)"
+    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=denise,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+    TITLE_URL          = "https://oms.syanni.eu"
+    TITLE              = "Syanni website"
+
+class CustomBase(webhooks.base):
+    def getChanges(self, request):
+        try:
+            content = request.content.read()
+            args = json.loads(bytes2unicode(content))
+        except Exception as e:
+            raise ValueError("Error loading JSON: " + str(e))
+
+        args.setdefault("comments", "")
+        args.setdefault("repository", "")
+        args.setdefault("author", args.get("who", "unknown"))
+
+        return ([args], None)
+
+def configure(c):
+    c["buildbotURL"] = E.BUILDBOT_URL
+    c["www"]["port"] = E.SOCKET
+
+    c["www"]["change_hook_dialects"]["base"] = {
+            "custom_class": CustomBase
+            }
+    c['workers'].append(worker.LocalWorker("generic-worker-denise"))
+
+    c['schedulers'].append(hook_scheduler("DeniseOMS", timer=1))
+    c['schedulers'].append(force_scheduler("force_denise", [
+        "DeniseOMS_build"
+        ]))
+
+    c['builders'].append(denise_oms_factory())
+
+def denise_oms_factory():
+    factory = util.BuildFactory()
+    factory.addStep(steps.Git(logEnviron=False, repourl=E.OMS_GIT_URL,
+        submodules=True, sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(),
+        sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy"))
+    factory.addStep(steps.MasterShellCommand(command="rm -rf {}".format(E.OMS_RELEASE_PATH)))
+    factory.addStep(steps.DirectoryUpload(workersrc="../source",
+        masterdest=E.OMS_RELEASE_PATH,
+        url="https://oms.syanni.eu"))
+    factory.addStep(steps.MasterShellCommand(command="chmod -R a+rX {}".format(E.OMS_RELEASE_PATH)))
+    factory.addStep(steps.MasterShellCommand(command="kill $(cat /run/denise_oms/gunicorn.pid)"))
+
+    return util.BuilderConfig(name="DeniseOMS_build", workernames=["generic-worker-denise"], factory=factory)

diff --git a/modules/private/default.nix b/modules/private/default.nix
index bcd6e233084b7feb16d5f64efa3d71f73edc33ac..17dedd4dcf7aa0654e82ae75aebce124a00734ef 100644 (file)
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -31,6 +31,8 @@ set = {
 
   deniseDenisejeromeProd = ./websites/denise/denisejerome.nix;
   deniseEvariste = ./websites/denise/evariste.nix;
+  deniseOMS = ./websites/denise/oms.nix;
+  deniseProduction = ./websites/denise/production.nix;
 
   emiliaMoodle = ./websites/emilia/moodle.nix;
 

diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index d55d2dd933dd67540b1df709cec88a2d3a58a525..864d5d90e2f800f7a09b5a5a615266e22908ede4 100644 (file)
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -232,6 +232,8 @@ in
       denise = {
         evariste.enable = true;
         denisejerome.enable = true;
+        oms.enable = true;
+        production.enable = true;
       };
 
       emilia.moodle.enable = true;

diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix
new file mode 100644 (file)
index 0000000..9650468
--- /dev/null
+++ b/modules/private/websites/denise/oms.nix
@@ -0,0 +1,49 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.denise.oms;
+  varDir = "/var/lib/buildbot/outputs/denise_oms";
+  socket = "/run/denise_oms/socket.sock";
+in {
+  options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
+
+  config = lib.mkIf cfg.enable {
+    services.websites.env.production.vhostConfs.denise_oms = {
+      certName     = "denise";
+      addToCerts   = true;
+      hosts        = [ "oms.syanni.eu" ];
+      root         = null;
+      extraConfig  = [
+        ''
+        ProxyPreserveHost on
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPassMatch ^/.well-known/acme-challenge !
+        ProxyPass / unix://${socket}|http://oms.syanni.eu/
+        ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/
+          ''
+      ];
+    };
+
+    systemd.services.denise-oms = {
+      description = "Denise OMS website";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        WorkingDirectory = varDir;
+        ExecStart = let
+          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib ]);
+        in
+          "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
+        User = "buildbot";
+        Restart = "always";
+        RestartSec = "5s";
+        PIDFile = "/run/denise_oms/gunicorn.pid";
+        RuntimeDirectory = "denise_oms";
+        StandardOutput = "journal";
+        StandardError = "inherit";
+      };
+    };
+  };
+}

diff --git a/modules/private/websites/denise/production.nix b/modules/private/websites/denise/production.nix
new file mode 100644 (file)
index 0000000..9b28e9e
--- /dev/null
+++ b/modules/private/websites/denise/production.nix
@@ -0,0 +1,25 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.denise.production;
+in {
+  options.myServices.websites.denise.production.enable = lib.mkEnableOption "enable Denise's website";
+
+  config = lib.mkIf cfg.enable {
+    services.websites.env.production.vhostConfs.denise_production = {
+      certName     = "denise";
+      addToCerts   = true;
+      hosts        = [ "syanni.eu" "www.syanni.eu" ];
+      root         = ../_www;
+      extraConfig  = [
+        ''
+        <Directory ${../_www}>
+          DirectoryIndex index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride AuthConfig
+          Require all granted
+        </Directory>
+          ''
+      ];
+    };
+  };
+}