Add caldance buildbot and optimize a bit the drivations

- Add caldance derivation
- Move buildbot_common inside the repository
- Avoid rebuilding all buildbot instances when modifying one project
- Prepare for non-local workers

7 files changed, 456 insertions, 24 deletions

diff --git a/nixops/modules/buildbot/buildbot_common.json b/nixops/modules/buildbot/buildbot_common.json
deleted file mode 100644
index 7a8d144..0000000
--- a/nixops/modules/buildbot/buildbot_common.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  "tag": "6f5a6e9-master",
-  "meta": {
-    "name": "buildbot_common",
-    "url": "gitolite@git.immae.eu:perso/Immae/Projets/Buildbot/common",
-    "branch": "master"
-  },
-  "git": {
-    "url": "gitolite@git.immae.eu:perso/Immae/Projets/Buildbot/common",
-    "rev": "6f5a6e926b23a80358c62ff2e8021128839b31bc",
-    "sha256": "1s2jhgg7wfyrsyv2qk44ylfzgviq4prhlz9yv2sxzcmypkqbjpm9",
-    "fetchSubmodules": true
-  }
-}
diff --git a/nixops/modules/buildbot/common/build_helpers.py b/nixops/modules/buildbot/common/build_helpers.py
new file mode 100644
index 0000000..f51de54
--- /dev/null
+++ b/nixops/modules/buildbot/common/build_helpers.py
@@ -0,0 +1,192 @@
+from buildbot.plugins import util, steps, schedulers
+from buildbot_buildslist import BuildsList
+
+__all__ = [
+        "force_scheduler", "deploy_scheduler", "hook_scheduler",
+        "clean_branch", "package_and_upload", "SlackStatusPush"
+        ]
+
+# Small helpers"
+@util.renderer
+def clean_branch(props):
+    if props.hasProperty("branch") and len(props["branch"]) > 0:
+        return props["branch"].replace("/", "_")
+    else:
+        return "HEAD"
+
+def package_and_upload(package, package_dest, package_url):
+    return [
+            steps.ShellCommand(name="build package",
+                logEnviron=False, haltOnFailure=True, workdir="source",
+                command=["git", "archive", "HEAD", "-o", package]),
+
+            steps.FileUpload(name="upload package", workersrc=package,
+                workdir="source", masterdest=package_dest,
+                url=package_url, mode=0o644),
+
+            steps.ShellCommand(name="cleanup package", logEnviron=False,
+                haltOnFailure=True, workdir="source", alwaysRun=True,
+                command=["rm", "-f", package]),
+            ]
+
+# Schedulers
+def force_scheduler(name, builders):
+    return schedulers.ForceScheduler(name=name,
+        label="Force build", buttonName="Force build",
+        reason=util.StringParameter(name="reason", label="Reason", default="Force build"),
+        codebases=[
+            util.CodebaseParameter("",
+                branch=util.StringParameter(
+                    name="branch", label="Git reference (tag, branch)", required=True),
+                revision=util.FixedParameter(name="revision", default=""),
+                repository=util.FixedParameter(name="repository", default=""),
+                project=util.FixedParameter(name="project", default=""),
+                ),
+            ],
+        username=util.FixedParameter(name="username", default="Web button"),
+        builderNames=builders)
+
+def deploy_scheduler(name, builders):
+    return schedulers.ForceScheduler(name=name,
+        builderNames=builders,
+        label="Deploy built package", buttonName="Deploy",
+        username=util.FixedParameter(name="username", default="Web button"),
+        codebases=[
+            util.CodebaseParameter(codebase="",
+                branch=util.FixedParameter(name="branch", default=""),
+                revision=util.FixedParameter(name="revision", default=""),
+                repository=util.FixedParameter(name="repository", default=""),
+                project=util.FixedParameter(name="project", default=""))],
+        reason=util.FixedParameter(name="reason", default="Deploy"),
+        properties=[
+            util.ChoiceStringParameter(label="Environment",
+                name="environment", default="integration",
+                choices=["integration", "production"]),
+            BuildsList(label="Build to deploy", name="build"),
+            ]
+        )
+
+def hook_scheduler(project, timer=10):
+    return schedulers.AnyBranchScheduler(
+            change_filter=util.ChangeFilter(category="hooks", project=project),
+            name=project, treeStableTimer=timer, builderNames=["{}_build".format(project)])
+
+# Slack status push
+from buildbot.reporters.http import HttpStatusPushBase
+from twisted.internet import defer
+from twisted.python import log
+from buildbot.util import httpclientservice
+from buildbot.reporters import utils
+from buildbot.process import results
+
+class SlackStatusPush(HttpStatusPushBase):
+    name = "SlackStatusPush"
+
+    @defer.inlineCallbacks
+    def reconfigService(self, serverUrl, **kwargs):
+        yield HttpStatusPushBase.reconfigService(self, **kwargs)
+        self._http = yield httpclientservice.HTTPClientService.getService(
+            self.master, serverUrl)
+
+    @defer.inlineCallbacks
+    def send(self, build):
+        yield utils.getDetailsForBuild(self.master, build, wantProperties=True)
+        response = yield self._http.post("", json=self.format(build))
+        if response.code != 200:
+            log.msg("%s: unable to upload status: %s" %
+                    (response.code, response.content))
+
+    def format(self, build):
+        colors = [
+                "#36A64F", # success
+                "#F1E903", # warnings
+                "#DA0505", # failure
+                "#FFFFFF", # skipped
+                "#000000", # exception
+                "#FFFFFF", # retry
+                "#D02CA9", # cancelled
+                ]
+
+        if "environment" in build["properties"]:
+            msg = "{} environment".format(build["properties"]["environment"][0])
+            if "build" in build["properties"]:
+                msg = "of archive {} in ".format(build["properties"]["build"][0]) + msg
+        elif len(build["buildset"]["sourcestamps"][0]["branch"]) > 0:
+            msg = "revision {}".format(build["buildset"]["sourcestamps"][0]["branch"])
+        else:
+            msg = "build"
+
+        if build["complete"]:
+            timedelta = int((build["complete_at"] - build["started_at"]).total_seconds())
+            hours, rest = divmod(timedelta, 3600)
+            minutes, seconds = divmod(rest, 60)
+            if hours > 0:
+                duration = "{}h {}min {}s".format(hours, minutes, seconds)
+            elif minutes > 0:
+                duration = "{}min {}s".format(minutes, seconds)
+            else:
+                duration = "{}s".format(seconds)
+
+            text = "Build <{}|{}> of {}'s {} was {} in {}.".format(
+                    build["url"], build["buildid"],
+                    build["builder"]["name"],
+                    msg,
+                    results.Results[build["results"]],
+                    duration,
+                    )
+            fields = [
+                    {
+                        "title": "Build",
+                        "value": "<{}|{}>".format(build["url"], build["buildid"]),
+                        "short": True,
+                        },
+                    {
+                        "title": "Project",
+                        "value": build["builder"]["name"],
+                        "short": True,
+                        },
+                    {
+                        "title": "Build status",
+                        "value": results.Results[build["results"]],
+                        "short": True,
+                        },
+                    {
+                        "title": "Build duration",
+                        "value": duration,
+                        "short": True,
+                        },
+                    ]
+            if "environment" in build["properties"]:
+                fields.append({
+                        "title": "Environment",
+                        "value": build["properties"]["environment"][0],
+                        "short": True,
+                    })
+            if "build" in build["properties"]:
+                fields.append({
+                        "title": "Archive",
+                        "value": build["properties"]["build"][0],
+                        "short": True,
+                    })
+            attachments = [{
+                    "fallback": "",
+                    "color": colors[build["results"]],
+                    "fields": fields
+                    }]
+        else:
+            text = "Build <{}|{}> of {}'s {} started.".format(
+                    build["url"], build["buildid"],
+                    build["builder"]["name"],
+                    msg,
+                    )
+            attachments = []
+
+        return {
+                "username": "Buildbot",
+                "icon_url": "http://docs.buildbot.net/current/_static/icon.png",
+                "text": text,
+                "attachments": attachments,
+                }
+
+
+
diff --git a/nixops/modules/buildbot/common/master.cfg b/nixops/modules/buildbot/common/master.cfg
new file mode 100644
index 0000000..abe08e0
--- /dev/null
+++ b/nixops/modules/buildbot/common/master.cfg
@@ -0,0 +1,69 @@
+# -*- python -*-
+# ex: set filetype=python:
+
+from buildbot.plugins import secrets, util, webhooks
+from buildbot.util import bytes2unicode
+import re
+import os
+from buildbot_config import E, configure
+import json
+
+class CustomBase(webhooks.base):
+    def getChanges(self, request):
+        try:
+            content = request.content.read()
+            args = json.loads(bytes2unicode(content))
+        except Exception as e:
+            raise ValueError("Error loading JSON: " + str(e))
+
+        args.setdefault("comments", "")
+        args.setdefault("repository", "")
+        args.setdefault("author", args.get("who"))
+
+        return ([args], None)
+
+userInfoProvider = util.LdapUserInfo(
+        uri=E.LDAP_URL,
+        bindUser=E.LDAP_ADMIN_USER,
+        bindPw=open(E.SECRETS_FILE + "/ldap", "r").read().rstrip(),
+        accountBase=E.LDAP_BASE,
+        accountPattern=E.LDAP_PATTERN,
+        accountFullName='cn',
+        accountEmail='mail',
+        avatarData="jpegPhoto",
+        groupBase=E.LDAP_BASE,
+        groupName="cn",
+        groupMemberPattern=E.LDAP_GROUP_PATTERN,
+        )
+
+c = BuildmasterConfig = {
+        "title": E.TITLE,
+        "titleURL": E.TITLE_URL,
+        "db": {
+            "db_url": "sqlite:///state.sqlite"
+            },
+        "protocols": { "pb": { "port": E.PB_SOCKET } },
+        "workers": [],
+        "change_source": [],
+        "schedulers": [],
+        "builders": [],
+        "services": [],
+        "secretsProviders": [
+            secrets.SecretInAFile(E.SECRETS_FILE),
+            ],
+        "www": {
+            "change_hook_dialects": { "base": { "custom_class": CustomBase } },
+            "plugins": {
+                "waterfall_view": {},
+                "console_view": {},
+                "grid_view": {},
+                "buildslist": {},
+                },
+            "auth": util.RemoteUserAuth(
+                header=b"X-Remote-User",
+                userInfoProvider=userInfoProvider,
+                headerRegex=re.compile(br"(?P<username>[^ @]+)")),
+            }
+        }
+
+configure(c)
diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix
index cd5b260..9b661f1 100644
--- a/nixops/modules/buildbot/default.nix
+++ b/nixops/modules/buildbot/default.nix
@@ -34,13 +34,15 @@ let
     doCheck = false;
     src = buildslist_src.src;
   };
-  buildbot_common = pkgsNext.python3Packages.buildPythonPackage (mylibs.fetchedGitPrivate ./buildbot_common.json // rec {
+  buildbot_common = pkgsNext.python3Packages.buildPythonPackage rec {
+    name = "buildbot_common";
+    src = ./common;
     format = "other";
     installPhase = ''
       mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
       cp -a $src $out/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common
       '';
-  });
+  };
   buildbot = pkgsNext.python3Packages.buildbot-full.withPlugins ([ buildslist ]);
 in
 {
@@ -75,7 +77,7 @@ in
         ProxyPassReverse /buildbot/${project.name}/      unix:///run/buildbot/${project.name}.sock|http://${project.name}-git.immae.eu/
         <Location /buildbot/${project.name}/>
           Use LDAPConnect
-          Require ldap-group cn=users,cn=buildbot,ou=services,dc=immae,dc=eu
+          Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
 
           SetEnvIf X-Url-Scheme https HTTPS=1
           ProxyPreserveHost On
@@ -89,15 +91,50 @@ in
       deps = [ "users" "wrappers" ];
       text = let
         master-cfg = "${buildbot_common}/${pkgsNext.python3.pythonForBuild.sitePackages}/buildbot_common/master.cfg";
-        puppet_notify = pkgs.writeText "puppet_notify" (builtins.readFile "${myconfig.privateFiles}/buildbot_puppet_notify");
+        buildbot_key = pkgs.writeText "buildbot_key" (builtins.readFile "${myconfig.privateFiles}/buildbot_ssh_key");
+        tac_file = pkgs.writeText "buildbot.tac" ''
+            import os
+
+            from twisted.application import service
+            from buildbot.master import BuildMaster
+
+            basedir = '${varDir}/${project.name}'
+            rotateLength = 10000000
+            maxRotatedFiles = 10
+            configfile = '${master-cfg}'
+
+            # Default umask for server
+            umask = None
+
+            # if this is a relocatable tac file, get the directory containing the TAC
+            if basedir == '.':
+                import os
+                basedir = os.path.abspath(os.path.dirname(__file__))
+
+            # note: this line is matched against to check that this is a buildmaster
+            # directory; do not edit it.
+            application = service.Application('buildmaster')
+            from twisted.python.logfile import LogFile
+            from twisted.python.log import ILogObserver, FileLogObserver
+            logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
+                                            maxRotatedFiles=maxRotatedFiles)
+            application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
+
+            m = BuildMaster(basedir, configfile, umask)
+            m.setServiceParent(application)
+            m.log_rotation.rotateLength = rotateLength
+            m.log_rotation.maxRotatedFiles = maxRotatedFiles
+          '';
       in ''
       install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
       install -m 0755 -o buildbot -g buildbot -d ${varDir}
       if [ ! -f ${varDir}/${project.name}/buildbot.tac ]; then
         $wrapperDir/sudo -u buildbot ${buildbot}/bin/buildbot create-master -c "${master-cfg}" "${varDir}/${project.name}"
         rm -f ${varDir}/${project.name}/master.cfg.sample
+        rm -f ${varDir}/${project.name}/buildbot.tac
       fi
-      install -Dm600 -o buildbot -g buildbot -T ${puppet_notify} ${varDir}/puppet_notify
+      ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
+      install -Dm600 -o buildbot -g buildbot -T ${buildbot_key} ${varDir}/buildbot_key
       buildbot_secrets=${varDir}/${project.name}/secrets
       install -m 0600 -o buildbot -g buildbot -d $buildbot_secrets
       echo "${myconfig.env.buildbot.ldap.password}" > $buildbot_secrets/ldap
@@ -119,7 +156,7 @@ in
         project_env = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair "BUILDBOT_${k}" v) project.environment;
         buildbot_config = pkgsNext.python3Packages.buildPythonPackage (rec {
           name = "buildbot_config-${project.name}";
-          src = "${./projects}/${project.name}";
+          src = ./projects + "/${project.name}";
           format = "other";
           installPhase = ''
             mkdir -p $out/${pkgsNext.python3.pythonForBuild.sitePackages}
diff --git a/nixops/modules/buildbot/projects/caldance/__init__.py b/nixops/modules/buildbot/projects/caldance/__init__.py
new file mode 100644
index 0000000..e28ef72
--- /dev/null
+++ b/nixops/modules/buildbot/projects/caldance/__init__.py
@@ -0,0 +1,146 @@
+from buildbot.plugins import *
+from buildbot_common.build_helpers import *
+import os
+
+__all__ = [ "configure", "E" ]
+
+class E():
+    PROJECT       = "caldance"
+    BUILDBOT_URL  = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
+    SOCKET        = "unix:/run/buildbot/{}.sock".format(PROJECT)
+    PB_SOCKET     = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
+    RELEASE_PATH  = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
+    RELEASE_URL   = "https://release.immae.eu/{}".format(PROJECT)
+    GIT_URL       = "gitolite@git.immae.eu:perso/simon_descarpentries/www.cal-dance.com"
+    SSH_KEY_PATH  = "/var/lib/buildbot/buildbot_key"
+    SSH_HOST_KEY  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbhFTl2A2RJn5L51yxJM4XfCS2ZaiSX/jo9jFSdghF"
+    LDAP_HOST     = "ldap.immae.eu"
+    LDAP_DN       = "cn=buildbot,ou=services,dc=immae,dc=eu"
+    LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
+
+    PUPPET_HOST = {
+            "integration": "root@caldance.immae.eu",
+            }
+
+    # master.cfg
+    SECRETS_FILE       = os.getcwd() + "/secrets"
+    LDAP_URL           = "ldaps://ldap.immae.eu:636"
+    LDAP_ADMIN_USER    = "cn=buildbot,ou=services,dc=immae,dc=eu"
+    LDAP_BASE          = "dc=immae,dc=eu"
+    LDAP_PATTERN       = "(uid=%(username)s)"
+    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=caldance,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+    TITLE_URL          = "https://caldance.immae.eu"
+    TITLE              = "Caldance"
+
+def configure(c):
+    c["buildbotURL"] = E.BUILDBOT_URL
+    c["www"]["port"] = E.SOCKET
+
+    c['workers'].append(worker.LocalWorker("generic-worker"))
+    c['workers'].append(worker.LocalWorker("deploy-worker"))
+
+    c['schedulers'].append(hook_scheduler("Caldance", timer=1))
+    c['schedulers'].append(force_scheduler("force_caldance", ["Caldance_build"]))
+    c['schedulers'].append(deploy_scheduler("deploy_caldance", ["Caldance_deploy"]))
+
+    c['builders'].append(factory("caldance"))
+
+    c['builders'].append(deploy_factory("caldance"))
+
+    c['services'].append(SlackStatusPush(
+        name="slack_status_caldance",
+        builders=["Caldance_build", "Caldance_deploy"],
+        serverUrl=open(E.SECRETS_FILE + "/slack_webhook", "r").read().rstrip()))
+
+def factory(project, ignore_fails=False):
+    release_file = "{1}/{0}_%(kw:clean_branch)s.tar.gz"
+
+    package = util.Interpolate("{0}_%(kw:clean_branch)s.tar.gz".format(project), clean_branch=clean_branch)
+    package_dest = util.Interpolate(release_file.format(project, E.RELEASE_PATH), clean_branch=clean_branch)
+    package_url = util.Interpolate(release_file.format(project, E.RELEASE_URL), clean_branch=clean_branch)
+
+    factory = util.BuildFactory()
+    factory.addStep(steps.Git(logEnviron=False, repourl=E.GIT_URL,
+        sshPrivateKey=open(E.SSH_KEY_PATH).read().rstrip(),
+        sshHostKey=E.SSH_HOST_KEY, mode="full", method="copy"))
+    factory.addSteps(package_and_upload(package, package_dest, package_url))
+
+    return util.BuilderConfig(
+            name="{}_build".format(project.capitalize()),
+            workernames=["generic-worker"], factory=factory)
+
+def compute_build_infos(project):
+    @util.renderer
+    def compute(props):
+        import re, hashlib
+        build_file = props.getProperty("build")
+        package_dest = "{1}/{0}".format(build_file, E.RELEASE_PATH)
+        version = re.match(r"{0}_(.*).tar.gz".format(project), build_file).group(1)
+        with open(package_dest, "rb") as f:
+            sha = hashlib.sha256(f.read()).hexdigest()
+        return {
+                "build_version": version,
+                "build_hash": sha,
+                }
+    return compute
+
+@util.renderer
+def puppet_host(props):
+    environment = props["environment"] if props.hasProperty("environment") else "integration"
+    return E.PUPPET_HOST.get(environment, "host.invalid")
+
+def deploy_factory(project):
+    package_dest = util.Interpolate("{0}/%(prop:build)s".format(E.RELEASE_PATH))
+
+    factory = util.BuildFactory()
+    factory.addStep(steps.MasterShellCommand(command=["test", "-f", package_dest]))
+    factory.addStep(steps.SetProperties(properties=compute_build_infos(project)))
+    factory.addStep(LdapPush(environment=util.Property("environment"),
+        project=project, build_version=util.Property("build_version"),
+        build_hash=util.Property("build_hash"), ldap_password=util.Secret("ldap")))
+    factory.addStep(steps.MasterShellCommand(command=[
+        "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host]))
+    return util.BuilderConfig(name="{}_deploy".format(project.capitalize()), workernames=["deploy-worker"], factory=factory)
+
+from twisted.internet import defer
+from buildbot.process.buildstep import FAILURE
+from buildbot.process.buildstep import SUCCESS
+from buildbot.process.buildstep import BuildStep
+
+class LdapPush(BuildStep):
+    name = "LdapPush"
+    renderables = ["environment", "project", "build_version", "build_hash", "ldap_password"]
+
+    def __init__(self, **kwargs):
+        self.environment = kwargs.pop("environment")
+        self.project = kwargs.pop("project")
+        self.build_version = kwargs.pop("build_version")
+        self.build_hash = kwargs.pop("build_hash")
+        self.ldap_password = kwargs.pop("ldap_password")
+        self.ldap_host = kwargs.pop("ldap_host", E.LDAP_HOST)
+        super().__init__(**kwargs)
+
+    def run(self):
+        import json
+        from ldap3 import Reader, Writer, Server, Connection, ObjectDef
+        server = Server(self.ldap_host)
+        conn = Connection(server,
+                user=E.LDAP_DN,
+                password=self.ldap_password)
+        conn.bind()
+        obj = ObjectDef("immaePuppetClass", conn)
+        r = Reader(conn, obj,
+                "cn=caldance.{},{}".format(self.environment, E.LDAP_ROLES_BASE))
+        r.search()
+        if len(r) > 0:
+            w = Writer.from_cursor(r)
+            for value in w[0].immaePuppetJson.values:
+                config = json.loads(value)
+                if "role::caldance::{}_version".format(self.project) in config:
+                    config["role::caldance::{}_version".format(self.project)] = self.build_version
+                    config["role::caldance::{}_sha256".format(self.project)] = self.build_hash
+                    w[0].immaePuppetJson -= value
+                    w[0].immaePuppetJson += json.dumps(config, indent="  ")
+                    w.commit()
+                    return defer.succeed(SUCCESS)
+        return defer.succeed(FAILURE)
diff --git a/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py b/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py
index 1157b5c..5d70f95 100644
--- a/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py
+++ b/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py
@@ -8,10 +8,11 @@ class E():
     PROJECT       = "cryptoportfolio"
     BUILDBOT_URL  = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
     SOCKET        = "unix:/run/buildbot/{}.sock".format(PROJECT)
+    PB_SOCKET     = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
     RELEASE_PATH  = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
     RELEASE_URL   = "https://release.immae.eu/{}".format(PROJECT)
     GIT_URL       = "https://git.immae.eu/perso/Immae/Projets/Cryptomonnaies/Cryptoportfolio/{0}.git"
-    SSH_KEY_PATH  = "/var/lib/buildbot/puppet_notify"
+    SSH_KEY_PATH  = "/var/lib/buildbot/buildbot_key"
     LDAP_HOST     = "ldap.immae.eu"
     LDAP_DN       = "cn=buildbot,ou=services,dc=immae,dc=eu"
     LDAP_ROLES_BASE = "ou=roles,ou=hosts,dc=immae,dc=eu"
@@ -27,7 +28,7 @@ class E():
     LDAP_ADMIN_USER    = "cn=buildbot,ou=services,dc=immae,dc=eu"
     LDAP_BASE          = "dc=immae,dc=eu"
     LDAP_PATTERN       = "(uid=%(username)s)"
-    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=cryptoportfolio,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
     TITLE_URL          = "https://git.immae.eu"
     TITLE              = "Cryptoportfolio"
 
diff --git a/nixops/modules/buildbot/projects/test/__init__.py b/nixops/modules/buildbot/projects/test/__init__.py
index c15788c..adda289 100644
--- a/nixops/modules/buildbot/projects/test/__init__.py
+++ b/nixops/modules/buildbot/projects/test/__init__.py
@@ -8,10 +8,11 @@ class E():
     PROJECT       = "test"
     BUILDBOT_URL  = "https://git.immae.eu/buildbot/{}/".format(PROJECT)
     SOCKET        = "unix:/run/buildbot/{}.sock".format(PROJECT)
+    PB_SOCKET     = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT)
     RELEASE_PATH  = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT)
     RELEASE_URL   = "https://release.immae.eu/{}".format(PROJECT)
     GIT_URL       = "https://git.immae.eu/perso/Immae/TestProject.git"
-    SSH_KEY_PATH  = "/var/lib/buildbot/puppet_notify"
+    SSH_KEY_PATH  = "/var/lib/buildbot/buildbot_key"
     PUPPET_HOST   = "root@backup-1.v.immae.eu"
     LDAP_HOST     = "ldap.immae.eu"
     LDAP_DN       = "cn=buildbot,ou=services,dc=immae,dc=eu"
@@ -23,7 +24,7 @@ class E():
     LDAP_ADMIN_USER    = "cn=buildbot,ou=services,dc=immae,dc=eu"
     LDAP_BASE          = "dc=immae,dc=eu"
     LDAP_PATTERN       = "(uid=%(username)s)"
-    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
+    LDAP_GROUP_PATTERN = "(&(memberOf=cn=groups,ou=test,cn=buildbot,ou=services,dc=immae,dc=eu)(member=%(dn)s))"
     TITLE_URL          = "https://git.immae.eu/?p=perso/Immae/TestProject.git;a=summary"
     TITLE              = "Test project"