Add Denise websites

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-06-15 00:39:03 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-06-15 00:39:03 +0200
commit: a295d69fcfabe64bd17ae05f1948505531ea99a2 (patch)
tree: 1d7e06f4f3e7219b160af3af9681262b42e8ff31
parent: ce7d09efb55888501b73f9e763811deac762aed2 (diff)
download: Nix-a295d69fcfabe64bd17ae05f1948505531ea99a2.tar.gz
Nix-a295d69fcfabe64bd17ae05f1948505531ea99a2.tar.zst
Nix-a295d69fcfabe64bd17ae05f1948505531ea99a2.zip
5 files changed, 150 insertions, 0 deletions
diff --git a/modules/private/buildbot/projects/denise/__init__.py b/modules/private/buildbot/projects/denise/__init__.py
new file mode 100644
index 0000000..8809d3d
--- /dev/null
+++ b/modules/private/buildbot/projects/denise/__init__.py
@@ -0,0 +1,72 @@
+from buildbot.plugins import *
+from buildbot_common.build_helpers import *
+import os
+from buildbot.util import bytes2unicode
+import json
+__all__ = [ "configure", "E" ]
+class E():
+    PROJECT           = "denise"
+    BUILDBOT_URL      = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
+    SOCKET            = "unix:/run/buildbot/{}.sock".format(PROJECT)
+    PB_SOCKET         = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
+    SSH_KEY_PATH      = "/var/lib/buildbot/buildbot_key"
+    SSH_HOST_KEY      = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF"
+    OMS_RELEASE_PATH  = "/var/lib/buildbot/outputs/denise_oms"
+    OMS_GIT_URL       = "gitolite@git.immae.eu:perso/Denise/oms"
+    # master.cfg
+    SECRETS_FILE       = os.getcwd() + "/secrets"
+    LDAP_URL           = "ldaps://ldap.immae.eu:636"
+    LDAP_ADMIN_USER    = "cn=buildbot,ou=services,dc=immae,dc=eu"
+    LDAP_BASE          = "dc=immae,dc=eu"
+    LDAP_PATTERN       = "(uid=%(username)s)"
+    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=denise,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+    TITLE_URL          = "https://oms.syanni.eu"
+    TITLE              = "Syanni website"
+class CustomBase(webhooks.base):
+    def getChanges(self, request):
+        try:
+            content = request.content.read()
+            args = json.loads(bytes2unicode(content))
+        except Exception as e:
+            raise ValueError("Error loading JSON: " + str(e))
+        args.setdefault("comments", "")
+        args.setdefault("repository", "")
+        args.setdefault("author", args.get("who", "unknown"))
+        return ([args], None)
+def configure(c):
+    c["buildbotURL"] = E.BUILDBOT_URL
+    c["www"]["port"] = E.SOCKET
+    c["www"]["change_hook_dialects"]["base"] = {
+            "custom_class": CustomBase
+            }
+    c['workers'].append(worker.LocalWorker("generic-worker-denise"))
+    c['schedulers'].append(hook_scheduler("DeniseOMS", timer=1))
+    c['schedulers'].append(force_scheduler("force_denise", [
+        "DeniseOMS_build"
+        ]))
+    c['builders'].append(denise_oms_factory())
+def denise_oms_factory():
+    factory = util.BuildFactory()
+    factory.addStep(steps.Git(logEnviron=False, repourl=E.OMS_GIT_URL,
+        submodules=True, sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(),
+        sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy"))
+    factory.addStep(steps.MasterShellCommand(command="rm -rf {}".format(E.OMS_RELEASE_PATH)))
+    factory.addStep(steps.DirectoryUpload(workersrc="../source",
+        masterdest=E.OMS_RELEASE_PATH,
+        url="https://oms.syanni.eu"))
+    factory.addStep(steps.MasterShellCommand(command="chmod -R a+rX {}".format(E.OMS_RELEASE_PATH)))
+    factory.addStep(steps.MasterShellCommand(command="kill $(cat /run/denise_oms/gunicorn.pid)"))
+    return util.BuilderConfig(name="DeniseOMS_build", workernames=["generic-worker-denise"], factory=factory)
diff --git a/modules/private/default.nix b/modules/private/default.nix
index bcd6e23..17dedd4 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -31,6 +31,8 @@ set = {
  deniseDenisejeromeProd = ./websites/denise/denisejerome.nix;
  deniseEvariste = ./websites/denise/evariste.nix;
+  deniseOMS = ./websites/denise/oms.nix;
+  deniseProduction = ./websites/denise/production.nix;
  emiliaMoodle = ./websites/emilia/moodle.nix;
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index d55d2dd..864d5d9 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -232,6 +232,8 @@ in
      denise = {
        evariste.enable = true;
        denisejerome.enable = true;
+        oms.enable = true;
+        production.enable = true;
      };
      emilia.moodle.enable = true;
diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix
new file mode 100644
index 0000000..9650468
--- /dev/null
+++ b/modules/private/websites/denise/oms.nix
@@ -0,0 +1,49 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.denise.oms;
+  varDir = "/var/lib/buildbot/outputs/denise_oms";
+  socket = "/run/denise_oms/socket.sock";
+in {
+  options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
+  config = lib.mkIf cfg.enable {
+    services.websites.env.production.vhostConfs.denise_oms = {
+      certName     = "denise";
+      addToCerts   = true;
+      hosts        = [ "oms.syanni.eu" ];
+      root         = null;
+      extraConfig  = [
+        ''
+        ProxyPreserveHost on
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPassMatch ^/.well-known/acme-challenge !
+        ProxyPass / unix://${socket}|http://oms.syanni.eu/
+        ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/
+          ''
+      ];
+    };
+    systemd.services.denise-oms = {
+      description = "Denise OMS website";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "simple";
+        WorkingDirectory = varDir;
+        ExecStart = let
+          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib ]);
+        in
+          "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
+        User = "buildbot";
+        Restart = "always";
+        RestartSec = "5s";
+        PIDFile = "/run/denise_oms/gunicorn.pid";
+        RuntimeDirectory = "denise_oms";
+        StandardOutput = "journal";
+        StandardError = "inherit";
+      };
+    };
+  };
+}
diff --git a/modules/private/websites/denise/production.nix b/modules/private/websites/denise/production.nix
new file mode 100644
index 0000000..9b28e9e
--- /dev/null
+++ b/modules/private/websites/denise/production.nix
@@ -0,0 +1,25 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.denise.production;
+in {
+  options.myServices.websites.denise.production.enable = lib.mkEnableOption "enable Denise's website";
+  config = lib.mkIf cfg.enable {
+    services.websites.env.production.vhostConfs.denise_production = {
+      certName     = "denise";
+      addToCerts   = true;
+      hosts        = [ "syanni.eu" "www.syanni.eu" ];
+      root         = ../_www;
+      extraConfig  = [
+        ''
+        <Directory ${../_www}>
+          DirectoryIndex index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride AuthConfig
+          Require all granted
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-06-15 00:39:03 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-06-15 00:39:03 +0200
commit	a295d69fcfabe64bd17ae05f1948505531ea99a2 (patch)
tree	1d7e06f4f3e7219b160af3af9681262b42e8ff31
parent	ce7d09efb55888501b73f9e763811deac762aed2 (diff)
download	Nix-a295d69fcfabe64bd17ae05f1948505531ea99a2.tar.gz Nix-a295d69fcfabe64bd17ae05f1948505531ea99a2.tar.zst Nix-a295d69fcfabe64bd17ae05f1948505531ea99a2.zip

diff --git a/modules/private/buildbot/projects/denise/__init__.py b/modules/private/buildbot/projects/denise/__init__.py new file mode 100644 index 0000000..8809d3d --- /dev/null +++ b/modules/private/buildbot/projects/denise/__init__.py
@@ -0,0 +1,72 @@
		1	from buildbot.plugins import *
		2	from buildbot_common.build_helpers import *
		3	import os
		4	from buildbot.util import bytes2unicode
		5	import json
		6
		7	__all__ = [ "configure", "E" ]
		8
		9	class E():
		10	PROJECT = "denise"
		11	BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
		12	SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT)
		13	PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
		14	SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key"
		15	SSH_HOST_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF"
		16
		17	OMS_RELEASE_PATH = "/var/lib/buildbot/outputs/denise_oms"
		18	OMS_GIT_URL = "gitolite@git.immae.eu:perso/Denise/oms"
		19
		20	# master.cfg
		21	SECRETS_FILE = os.getcwd() + "/secrets"
		22	LDAP_URL = "ldaps://ldap.immae.eu:636"
		23	LDAP_ADMIN_USER = "cn=buildbot,ou=services,dc=immae,dc=eu"
		24	LDAP_BASE = "dc=immae,dc=eu"
		25	LDAP_PATTERN = "(uid=%(username)s)"
		26	LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=denise,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
		27	TITLE_URL = "https://oms.syanni.eu"
		28	TITLE = "Syanni website"
		29
		30	class CustomBase(webhooks.base):
		31	def getChanges(self, request):
		32	try:
		33	content = request.content.read()
		34	args = json.loads(bytes2unicode(content))
		35	except Exception as e:
		36	raise ValueError("Error loading JSON: " + str(e))
		37
		38	args.setdefault("comments", "")
		39	args.setdefault("repository", "")
		40	args.setdefault("author", args.get("who", "unknown"))
		41
		42	return ([args], None)
		43
		44	def configure(c):
		45	c["buildbotURL"] = E.BUILDBOT_URL
		46	c["www"]["port"] = E.SOCKET
		47
		48	c["www"]["change_hook_dialects"]["base"] = {
		49	"custom_class": CustomBase
		50	}
		51	c['workers'].append(worker.LocalWorker("generic-worker-denise"))
		52
		53	c['schedulers'].append(hook_scheduler("DeniseOMS", timer=1))
		54	c['schedulers'].append(force_scheduler("force_denise", [
		55	"DeniseOMS_build"
		56	]))
		57
		58	c['builders'].append(denise_oms_factory())
		59
		60	def denise_oms_factory():
		61	factory = util.BuildFactory()
		62	factory.addStep(steps.Git(logEnviron=False, repourl=E.OMS_GIT_URL,
		63	submodules=True, sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(),
		64	sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy"))
		65	factory.addStep(steps.MasterShellCommand(command="rm -rf {}".format(E.OMS_RELEASE_PATH)))
		66	factory.addStep(steps.DirectoryUpload(workersrc="../source",
		67	masterdest=E.OMS_RELEASE_PATH,
		68	url="https://oms.syanni.eu"))
		69	factory.addStep(steps.MasterShellCommand(command="chmod -R a+rX {}".format(E.OMS_RELEASE_PATH)))
		70	factory.addStep(steps.MasterShellCommand(command="kill $(cat /run/denise_oms/gunicorn.pid)"))
		71
		72	return util.BuilderConfig(name="DeniseOMS_build", workernames=["generic-worker-denise"], factory=factory)


diff --git a/modules/private/default.nix b/modules/private/default.nix index bcd6e23..17dedd4 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix
@@ -31,6 +31,8 @@ set = {
31		31
32	deniseDenisejeromeProd = ./websites/denise/denisejerome.nix;	32	deniseDenisejeromeProd = ./websites/denise/denisejerome.nix;
33	deniseEvariste = ./websites/denise/evariste.nix;	33	deniseEvariste = ./websites/denise/evariste.nix;
		34	deniseOMS = ./websites/denise/oms.nix;
		35	deniseProduction = ./websites/denise/production.nix;
34		36
35	emiliaMoodle = ./websites/emilia/moodle.nix;	37	emiliaMoodle = ./websites/emilia/moodle.nix;
36		38


diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index d55d2dd..864d5d9 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix
@@ -232,6 +232,8 @@ in
232	denise = {	232	denise = {
233	evariste.enable = true;	233	evariste.enable = true;
234	denisejerome.enable = true;	234	denisejerome.enable = true;
		235	oms.enable = true;
		236	production.enable = true;
235	};	237	};
236		238
237	emilia.moodle.enable = true;	239	emilia.moodle.enable = true;


diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix new file mode 100644 index 0000000..9650468 --- /dev/null +++ b/modules/private/websites/denise/oms.nix
@@ -0,0 +1,49 @@
		1	{ lib, config, pkgs, ... }:
		2	let
		3	cfg = config.myServices.websites.denise.oms;
		4	varDir = "/var/lib/buildbot/outputs/denise_oms";
		5	socket = "/run/denise_oms/socket.sock";
		6	in {
		7	options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
		8
		9	config = lib.mkIf cfg.enable {
		10	services.websites.env.production.vhostConfs.denise_oms = {
		11	certName = "denise";
		12	addToCerts = true;
		13	hosts = [ "oms.syanni.eu" ];
		14	root = null;
		15	extraConfig = [
		16	''
		17	ProxyPreserveHost on
		18	ProxyVia On
		19	ProxyRequests Off
		20	ProxyPassMatch ^/.well-known/acme-challenge !
		21	ProxyPass / unix://${socket}\|http://oms.syanni.eu/
		22	ProxyPassReverse / unix://${socket}\|http://oms.syanni.eu/
		23	''
		24	];
		25	};
		26
		27	systemd.services.denise-oms = {
		28	description = "Denise OMS website";
		29	after = [ "network.target" ];
		30	wantedBy = [ "multi-user.target" ];
		31
		32	serviceConfig = {
		33	Type = "simple";
		34	WorkingDirectory = varDir;
		35	ExecStart = let
		36	python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib ]);
		37	in
		38	"${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
		39	User = "buildbot";
		40	Restart = "always";
		41	RestartSec = "5s";
		42	PIDFile = "/run/denise_oms/gunicorn.pid";
		43	RuntimeDirectory = "denise_oms";
		44	StandardOutput = "journal";
		45	StandardError = "inherit";
		46	};
		47	};
		48	};
		49	}


diff --git a/modules/private/websites/denise/production.nix b/modules/private/websites/denise/production.nix new file mode 100644 index 0000000..9b28e9e --- /dev/null +++ b/modules/private/websites/denise/production.nix
@@ -0,0 +1,25 @@
		1	{ lib, config, pkgs, ... }:
		2	let
		3	cfg = config.myServices.websites.denise.production;
		4	in {
		5	options.myServices.websites.denise.production.enable = lib.mkEnableOption "enable Denise's website";
		6
		7	config = lib.mkIf cfg.enable {
		8	services.websites.env.production.vhostConfs.denise_production = {
		9	certName = "denise";
		10	addToCerts = true;
		11	hosts = [ "syanni.eu" "www.syanni.eu" ];
		12	root = ../_www;
		13	extraConfig = [
		14	''
		15	<Directory ${../_www}>
		16	DirectoryIndex index.htm index.html
		17	Options Indexes FollowSymLinks MultiViews Includes
		18	AllowOverride AuthConfig
		19	Require all granted
		20	</Directory>
		21	''
		22	];
		23	};
		24	};
		25	}