diff --git a/services/python-ci.nix b/services/python-ci.nix deleted file mode 100644 index ce957db..0000000 --- a/services/python-ci.nix +++ /dev/null @@ -1,49 +0,0 @@ -{lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.python-ci; -in -{ - options.services.python-ci = { - enable = mkEnableOption "Service de CI Nix écrit en Python"; - }; - - config = mkIf cfg.enable { - - users.users = { - python-ci = { - isSystemUser = true; - group = "nogroup"; - description = "Python CI user"; - }; - }; - - systemd.services.python-ci = { - description = "CI Nix en Python"; - requires = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";}; - path = with pkgs;[ nix gnutar gzip ]; - serviceConfig = { - User = "python-ci"; - StateDirectory = "python-ci"; - RuntimeDirectory = "python-ci"; - RuntimeDirectoryPreserve = "yes"; - ExecStart = with pkgs; - let env = python3Packages.python.buildEnv.override { - extraLibs = with python3Packages;[ pyramid python-gitlab setuptools ]; - ignoreCollisions = true; - }; - in "${pkgs.writeShellScriptBin "run.sh" '' - ${env}/bin/python ${pkgs.writeScript "python-ci.py" "${readFile ./python-ci.py}"} --port 52350 \ - --secret /var/lib/python-ci/secret --gitlab-token /var/lib/python-ci/gitlab_token \ - --gitea-token /var/lib/python-ci/gitea_token --output /run/python-ci - ''}/bin/run.sh"; - }; - }; - - }; - -} diff --git a/services/python-ci.py b/services/python-ci.py deleted file mode 100755 index 950cf44..0000000 --- a/services/python-ci.py +++ /dev/null @@ -1,168 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python3 -p "python3.withPackages(ps: [ps.pyramid ps.python-gitlab])" -from wsgiref.simple_server import make_server -from pyramid.config import Configurator -from pyramid.view import view_config, view_defaults -from pyramid.httpexceptions import HTTPNotFound -from subprocess import check_call, CalledProcessError -import urllib.request -import tarfile -from tempfile import TemporaryDirectory -from multiprocessing import Pool -from gitlab import Gitlab -import urllib.request -import json -import argparse -import hmac -import hashlib - - -def gitlab_build(payload, gl): - commit = gl.projects.get(payload['project']['path_with_namespace']).commits.get(payload['checkout_sha']) - - commit.statuses.create({'state': 'running', 'name': 'Python CI'}) - print("push from " + payload['user_name']) - print("repo: " + payload['project']['path_with_namespace']) - print("commit: " + payload['checkout_sha']) - temp_dir = TemporaryDirectory() - repo_dir = temp_dir.name + '/' + payload['project']['name'] + '-' + payload['checkout_sha'] - archive_url = payload['project']['web_url'] + '/-/archive/' + payload['checkout_sha'] + \ - '/' + payload['project']['name'] + '-' + payload['checkout_sha'] + '.tar.gz' - - with urllib.request.urlopen(archive_url) as gitlab_archive: - with tarfile.open(fileobj=gitlab_archive, mode='r|gz') as gitlab_repo_files: - gitlab_repo_files.extractall(path=temp_dir.name) - - check_call(['ls', '-lha', repo_dir]) - - try: - check_call(['nix-build', '-o', args.output + '/' + payload['project']['path_with_namespace'], repo_dir]) - except CalledProcessError: - commit.statuses.create({'state': 'failed', 'name': 'Python CI'}) - print("erreur build") - else: - commit.statuses.create({'state': 'success', 'name': 'Python CI'}) - print("build terminé") - - -@view_defaults( - route_name="gitlab_payload", renderer="json", request_method="POST" -) -class GitlabHook(object): - - def __init__(self, request): - self.request = request - self.payload = self.request.json - self.whitelist = ['nyanloutre/site-musique'] - self.secret = open(args.secret, 'r').readline().splitlines()[0] - self.gitlab_token = open(args.gitlab_token, 'r').readline().splitlines()[0] - self.gl = Gitlab('https://gitlab.com', private_token=self.gitlab_token) - - @view_config(header="X-Gitlab-Event:Push Hook") - def push_hook(self): - if self.payload['project']['path_with_namespace'] in self.whitelist and self.request.headers['X-Gitlab-Token'] == self.secret: - self.gl.projects.get(self.payload['project']['path_with_namespace']).commits.get(self.payload['checkout_sha']).statuses.create({'state': 'pending', 'name': 'Python CI'}) - pool.apply_async(gitlab_build, (self.payload, self.gl)) - return "build started" - else: - raise HTTPNotFound - - -def gitea_status_update(repo, commit, token, status): - url = 'https://gitea.nyanlout.re/api/v1/repos/' + repo + '/statuses/' + commit - print(url) - req = urllib.request.Request(url) - req.add_header('Content-Type', 'application/json; charset=utf-8') - req.add_header('accept', 'application/json') - req.add_header('Authorization', 'token ' + token) - - jsondata = json.dumps({'state': status}).encode('utf-8') - req.add_header('Content-Length', len(jsondata)) - - urllib.request.urlopen(req, jsondata) - -def gitea_build(payload, token): - commit = payload['after'] - repo = payload['repository']['full_name'] - - gitea_status_update(repo, commit, token, 'pending') - - print("push from " + payload['pusher']['username']) - print("repo: " + repo) - print("commit: " + commit) - temp_dir = TemporaryDirectory() - repo_dir = temp_dir.name + '/' + payload['repository']['name'] - archive_url = payload['repository']['html_url'] + '/archive/' + commit + '.tar.gz' - - with urllib.request.urlopen(archive_url) as gitea_archive: - with tarfile.open(fileobj=gitea_archive, mode='r|gz') as gitea_repo_files: - gitea_repo_files.extractall(path=temp_dir.name) - - check_call(['ls', '-lha', repo_dir]) - - try: - check_call(['nix-build', '-o', args.output + '/' + repo, repo_dir]) - except CalledProcessError: - gitea_status_update(repo, commit, token, 'failure') - print("erreur build") - else: - gitea_status_update(repo, commit, token, 'success') - print("build terminé") - - -@view_defaults( - route_name="gitea_payload", renderer="json", request_method="POST" -) -class GiteaHook(object): - def __init__(self, request): - self.payload = request.json - self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max'] - self.gitea_token = open(args.gitea_token, 'r').readline().strip() - - @view_config(header=["X-Gitea-Event:push", "X-Gitea-Signature"], check_hmac=True) - def push_hook(self): - if self.payload['repository']['full_name'] in self.whitelist: - pool.apply_async(gitea_build, (self.payload, self.gitea_token)) - return "build started" - else: - raise HTTPNotFound - - -class CheckHmacPredicate(object): - def __init__(self, val, info): - self.secret = open(args.secret, 'r').readline().strip().encode() - - def text(self): - return 'HMAC checking enabled' - - phash = text - - def __call__(self, context, request): - payload_signature = hmac.new(self.secret, request.body, hashlib.sha256).hexdigest() - return hmac.compare_digest(request.headers["X-Gitea-Signature"], payload_signature) - -if __name__ == "__main__": - parser = argparse.ArgumentParser(description='CI server') - parser.add_argument('--address', help='listening address', default='127.0.0.1') - parser.add_argument('--port', type=int, help='listening port') - parser.add_argument('--output', help='output directory') - parser.add_argument('--secret', help='repo secret file') - parser.add_argument('--gitlab-token', help='gitlab token file') - parser.add_argument('--gitea-token', help='gitea token file') - args = parser.parse_args() - - - pool = Pool(1) - - config = Configurator() - - config.add_view_predicate('check_hmac', CheckHmacPredicate) - - config.add_route("gitlab_payload", "/gitlab_payload") - config.add_route("gitea_payload", "/gitea_payload") - config.scan() - - app = config.make_wsgi_app() - server = make_server(args.address, args.port, app) - print('listening ...') - server.serve_forever() diff --git a/services/sdtdserver.nix b/services/sdtdserver.nix deleted file mode 100644 index c233150..0000000 --- a/services/sdtdserver.nix +++ /dev/null @@ -1,120 +0,0 @@ -{lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.sdtdserver; - gamePath = "/var/lib/sdtdserver"; - gameOptions = { - ServerPort="26900"; - ServerVisibility="2"; - ServerName="Serveur des loutres"; - ServerPassword=""; - ServerMaxPlayerCount="16"; - ServerReservedSlots="0"; - ServerReservedSlotsPermission="100"; - ServerAdminSlots="0"; - ServerAdminSlotsPermission="0"; - ServerDescription="Un serveur idiot anti gilets jaunes"; - ServerWebsiteURL=""; - ServerDisabledNetworkProtocols=""; - GameWorld="Navezgane"; - WorldGenSeed="Lakeu"; - WorldGenSize="4096"; - GameName="Lakeu"; - GameDifficulty="2"; - GameMode="GameModeSurvival"; - ZombiesRun="0"; - ZombieMove="0"; - ZombieMoveNight="3"; - ZombieFeralMove="3"; - ZombieBMMove="3"; - BuildCreate="false"; - DayNightLength="60"; - DayLightLength="18"; - PlayerKillingMode="3"; - PersistentPlayerProfiles="false"; - PlayerSafeZoneLevel="5"; - PlayerSafeZoneHours="5"; - ControlPanelEnabled="false"; - ControlPanelPort="8080"; - ControlPanelPassword="CHANGEME"; - TelnetEnabled="false"; - TelnetPort="8081"; - TelnetPassword=""; - TelnetFailedLoginLimit="10"; - TelnetFailedLoginsBlocktime="10"; - TerminalWindowEnabled="false"; - AdminFileName="serveradmin.xml"; - DropOnDeath="0"; - DropOnQuit="0"; - BloodMoonEnemyCount="8"; - EnemySpawnMode="true"; - EnemyDifficulty="0"; - BlockDurabilityModifier="100"; - LootAbundance="100"; - LootRespawnDays="30"; - LandClaimSize="41"; - LandClaimDeadZone="30"; - LandClaimExpiryTime="3"; - LandClaimDecayMode="0"; - LandClaimOnlineDurabilityModifier="4"; - LandClaimOfflineDurabilityModifier="4"; - PartySharedKillRange="100"; - AirDropFrequency="72"; - AirDropMarker="false"; - MaxSpawnedZombies="60"; - MaxSpawnedAnimals="50"; - EACEnabled="true"; - HideCommandExecutionLog="0"; - MaxUncoveredMapChunksPerPlayer="131072"; - BedrollDeadZoneSize="15"; - ServerLoginConfirmationText="Prout"; - }; - gameConfig = builtins.toFile "serverconfig.xml" '' - - - ${concatStrings ( - mapAttrsToList (name: value: - " \n" - ) gameOptions)} - - ''; -in -{ - options.services.sdtdserver = { - enable = mkEnableOption "Activation du serveur dédié 7 Days to Die"; - }; - - config = mkIf cfg.enable { - - systemd.services.sdtdserver = { - description = "Serveur dédié 7 Days to Die"; - requires = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - environment = { HOME = gamePath; }; - serviceConfig = { - DynamicUser = true; - StateDirectory = "sdtdserver"; - }; - preStart = let - libPath = with pkgs; lib.makeLibraryPath [ - stdenv.cc.cc.lib - ]; - in '' - ${pkgs.steamcmd}/bin/steamcmd +login anonymous +force_install_dir ${gamePath} +app_update 294420 validate +quit - install -m666 ${gameConfig} ${gamePath}/serverconfig.xml - ''; - script = '' - ${pkgs.steam-run}/bin/steam-run ${gamePath}/7DaysToDieServer.x86_64 -quit -batchmode -nographics -dedicated -configfile=serverconfig.xml - ''; - }; - - networking.firewall = { - allowedTCPPorts = [ 26900 ]; - allowedUDPPorts = [ 26900 26901 26902 ]; - }; - - }; - -} diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 70686dc..e388f66 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -26,9 +26,6 @@ in { imports = [ - ../../services/python-ci.nix - ../../services/sdtdserver.nix - # /mnt/secrets/factorio_secrets.nix ./monitoring.nix ./medias.nix ./web.nix diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 32b8663..a7e1802 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -61,43 +61,10 @@ in isSystemUser = true; group = config.users.groups.webdav.name; }; - # wordpress = { - # isSystemUser = true; - # group = config.services.nginx.group; - # }; }; services = { phpfpm.pools = { - # work = { - # user = config.users.users.work.name; - # phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); - # settings = { - # "listen.owner" = config.services.nginx.user; - # "pm" = "dynamic"; - # "pm.max_children" = 75; - # "pm.start_servers" = 10; - # "pm.min_spare_servers" = 5; - # "pm.max_spare_servers" = 20; - # "pm.max_requests" = 500; - # }; - # }; - - # "wordpress-designyourfuture" = { - # user = config.users.users.wordpress.name; - # group = config.services.nginx.group; - # settings = { - # "listen.owner" = config.services.nginx.user; - # "pm" = "dynamic"; - # "pm.max_children" = 32; - # "pm.start_servers" = 2; - # "pm.min_spare_servers" = 2; - # "pm.max_spare_servers" = 4; - # "pm.max_requests" = 500; - # }; - # }; - - drive = { user = config.users.users.webdav.name; settings = { @@ -242,7 +209,6 @@ in forceSSL = true; globalRedirect = "musique-meyenheim.fr"; }; - # "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { proxyPass = "http://10.30.135.71"; @@ -261,7 +227,6 @@ in proxyWebsockets = true; }; }; - "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { @@ -279,27 +244,6 @@ in proxyWebsockets = true; }; }; - # "work.rezom.eu" = base { - # "/" = { - # index = "/_h5ai/public/index.php"; - # extraConfig = '' - # dav_ext_methods PROPFIND OPTIONS; - # ''; - # }; - # "~ ^/(_h5ai/public/index|random).php" = { - # extraConfig = '' - # fastcgi_split_path_info ^(.+\.php)(/.+)$; - # fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; - # include ${pkgs.nginx}/conf/fastcgi_params; - # include ${pkgs.nginx}/conf/fastcgi.conf; - # ''; - # }; - # } // { - # root = "/mnt/medias/iso_linux"; - # extraConfig = '' - # access_log /var/log/nginx/$host.log; - # ''; - # }; "drive.nyanlout.re" = base { "/" = { extraConfig = '' @@ -382,13 +326,6 @@ in }; }; - python-ci.enable = true; - - # mysql = { - # enable = true; - # package = pkgs.mariadb; - # }; - nextcloud = { enable = true; package = pkgs.nextcloud30;