nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

remove python CI service

Browse Source
This commit is contained in:
nyanloutre 2025-01-02 12:17:02 +01:00
parent da67f2b523
commit b8bdb492c5
5 changed files with 0 additions and 403 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
services/python-ci.nix
View File

@ -1,49 +0,0 @@
{lib, config, pkgs, ... }:
with lib;
let
cfg = config.services.python-ci;
in
{
options.services.python-ci = {
enable = mkEnableOption "Service de CI Nix écrit en Python";
};
config = mkIf cfg.enable {
users.users = {
python-ci = {
isSystemUser = true;
group = "nogroup";
description = "Python CI user";
};
};
systemd.services.python-ci = {
description = "CI Nix en Python";
requires = ["network-online.target"];
wantedBy = ["multi-user.target"];
environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";};
path = with pkgs;[ nix gnutar gzip ];
serviceConfig = {
User = "python-ci";
StateDirectory = "python-ci";
RuntimeDirectory = "python-ci";
RuntimeDirectoryPreserve = "yes";
ExecStart = with pkgs;
let env = python3Packages.python.buildEnv.override {
extraLibs = with python3Packages;[ pyramid python-gitlab setuptools ];
ignoreCollisions = true;
};
in "${pkgs.writeShellScriptBin "run.sh" ''
${env}/bin/python ${pkgs.writeScript "python-ci.py" "${readFile ./python-ci.py}"} --port 52350 \
--secret /var/lib/python-ci/secret --gitlab-token /var/lib/python-ci/gitlab_token \
--gitea-token /var/lib/python-ci/gitea_token --output /run/python-ci
''}/bin/run.sh";
};
};
};
}

168
services/python-ci.py
View File

@ -1,168 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i python3 -p "python3.withPackages(ps: [ps.pyramid ps.python-gitlab])"
from wsgiref.simple_server import make_server
from pyramid.config import Configurator
from pyramid.view import view_config, view_defaults
from pyramid.httpexceptions import HTTPNotFound
from subprocess import check_call, CalledProcessError
import urllib.request
import tarfile
from tempfile import TemporaryDirectory
from multiprocessing import Pool
from gitlab import Gitlab
import urllib.request
import json
import argparse
import hmac
import hashlib
def gitlab_build(payload, gl):
commit = gl.projects.get(payload['project']['path_with_namespace']).commits.get(payload['checkout_sha'])
commit.statuses.create({'state': 'running', 'name': 'Python CI'})
print("push from " + payload['user_name'])
print("repo: " + payload['project']['path_with_namespace'])
print("commit: " + payload['checkout_sha'])
temp_dir = TemporaryDirectory()
repo_dir = temp_dir.name + '/' + payload['project']['name'] + '-' + payload['checkout_sha']
archive_url = payload['project']['web_url'] + '/-/archive/' + payload['checkout_sha'] + \
'/' + payload['project']['name'] + '-' + payload['checkout_sha'] + '.tar.gz'
with urllib.request.urlopen(archive_url) as gitlab_archive:
with tarfile.open(fileobj=gitlab_archive, mode='r|gz') as gitlab_repo_files:
gitlab_repo_files.extractall(path=temp_dir.name)
check_call(['ls', '-lha', repo_dir])
try:
check_call(['nix-build', '-o', args.output + '/' + payload['project']['path_with_namespace'], repo_dir])
except CalledProcessError:
commit.statuses.create({'state': 'failed', 'name': 'Python CI'})
print("erreur build")
else:
commit.statuses.create({'state': 'success', 'name': 'Python CI'})
print("build terminé")
@view_defaults(
route_name="gitlab_payload", renderer="json", request_method="POST"
)
class GitlabHook(object):
def __init__(self, request):
self.request = request
self.payload = self.request.json
self.whitelist = ['nyanloutre/site-musique']
self.secret = open(args.secret, 'r').readline().splitlines()[0]
self.gitlab_token = open(args.gitlab_token, 'r').readline().splitlines()[0]
self.gl = Gitlab('https://gitlab.com', private_token=self.gitlab_token)
@view_config(header="X-Gitlab-Event:Push Hook")
def push_hook(self):
if self.payload['project']['path_with_namespace'] in self.whitelist and self.request.headers['X-Gitlab-Token'] == self.secret:
self.gl.projects.get(self.payload['project']['path_with_namespace']).commits.get(self.payload['checkout_sha']).statuses.create({'state': 'pending', 'name': 'Python CI'})
pool.apply_async(gitlab_build, (self.payload, self.gl))
return "build started"
else:
raise HTTPNotFound
def gitea_status_update(repo, commit, token, status):
url = 'https://gitea.nyanlout.re/api/v1/repos/' + repo + '/statuses/' + commit
print(url)
req = urllib.request.Request(url)
req.add_header('Content-Type', 'application/json; charset=utf-8')
req.add_header('accept', 'application/json')
req.add_header('Authorization', 'token ' + token)
jsondata = json.dumps({'state': status}).encode('utf-8')
req.add_header('Content-Length', len(jsondata))
urllib.request.urlopen(req, jsondata)
def gitea_build(payload, token):
commit = payload['after']
repo = payload['repository']['full_name']
gitea_status_update(repo, commit, token, 'pending')
print("push from " + payload['pusher']['username'])
print("repo: " + repo)
print("commit: " + commit)
temp_dir = TemporaryDirectory()
repo_dir = temp_dir.name + '/' + payload['repository']['name']
archive_url = payload['repository']['html_url'] + '/archive/' + commit + '.tar.gz'
with urllib.request.urlopen(archive_url) as gitea_archive:
with tarfile.open(fileobj=gitea_archive, mode='r|gz') as gitea_repo_files:
gitea_repo_files.extractall(path=temp_dir.name)
check_call(['ls', '-lha', repo_dir])
try:
check_call(['nix-build', '-o', args.output + '/' + repo, repo_dir])
except CalledProcessError:
gitea_status_update(repo, commit, token, 'failure')
print("erreur build")
else:
gitea_status_update(repo, commit, token, 'success')
print("build terminé")
@view_defaults(
route_name="gitea_payload", renderer="json", request_method="POST"
)
class GiteaHook(object):
def __init__(self, request):
self.payload = request.json
self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max']
self.gitea_token = open(args.gitea_token, 'r').readline().strip()
@view_config(header=["X-Gitea-Event:push", "X-Gitea-Signature"], check_hmac=True)
def push_hook(self):
if self.payload['repository']['full_name'] in self.whitelist:
pool.apply_async(gitea_build, (self.payload, self.gitea_token))
return "build started"
else:
raise HTTPNotFound
class CheckHmacPredicate(object):
def __init__(self, val, info):
self.secret = open(args.secret, 'r').readline().strip().encode()
def text(self):
return 'HMAC checking enabled'
phash = text
def __call__(self, context, request):
payload_signature = hmac.new(self.secret, request.body, hashlib.sha256).hexdigest()
return hmac.compare_digest(request.headers["X-Gitea-Signature"], payload_signature)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='CI server')
parser.add_argument('--address', help='listening address', default='127.0.0.1')
parser.add_argument('--port', type=int, help='listening port')
parser.add_argument('--output', help='output directory')
parser.add_argument('--secret', help='repo secret file')
parser.add_argument('--gitlab-token', help='gitlab token file')
parser.add_argument('--gitea-token', help='gitea token file')
args = parser.parse_args()
pool = Pool(1)
config = Configurator()
config.add_view_predicate('check_hmac', CheckHmacPredicate)
config.add_route("gitlab_payload", "/gitlab_payload")
config.add_route("gitea_payload", "/gitea_payload")
config.scan()
app = config.make_wsgi_app()
server = make_server(args.address, args.port, app)
print('listening ...')
server.serve_forever()

120
services/sdtdserver.nix
View File

@ -1,120 +0,0 @@
{lib, config, pkgs, ... }:
with lib;
let
cfg = config.services.sdtdserver;
gamePath = "/var/lib/sdtdserver";
gameOptions = {
ServerPort="26900";
ServerVisibility="2";
ServerName="Serveur des loutres";
ServerPassword="";
ServerMaxPlayerCount="16";
ServerReservedSlots="0";
ServerReservedSlotsPermission="100";
ServerAdminSlots="0";
ServerAdminSlotsPermission="0";
ServerDescription="Un serveur idiot anti gilets jaunes";
ServerWebsiteURL="";
ServerDisabledNetworkProtocols="";
GameWorld="Navezgane";
WorldGenSeed="Lakeu";
WorldGenSize="4096";
GameName="Lakeu";
GameDifficulty="2";
GameMode="GameModeSurvival";
ZombiesRun="0";
ZombieMove="0";
ZombieMoveNight="3";
ZombieFeralMove="3";
ZombieBMMove="3";
BuildCreate="false";
DayNightLength="60";
DayLightLength="18";
PlayerKillingMode="3";
PersistentPlayerProfiles="false";
PlayerSafeZoneLevel="5";
PlayerSafeZoneHours="5";
ControlPanelEnabled="false";
ControlPanelPort="8080";
ControlPanelPassword="CHANGEME";
TelnetEnabled="false";
TelnetPort="8081";
TelnetPassword="";
TelnetFailedLoginLimit="10";
TelnetFailedLoginsBlocktime="10";
TerminalWindowEnabled="false";
AdminFileName="serveradmin.xml";
DropOnDeath="0";
DropOnQuit="0";
BloodMoonEnemyCount="8";
EnemySpawnMode="true";
EnemyDifficulty="0";
BlockDurabilityModifier="100";
LootAbundance="100";
LootRespawnDays="30";
LandClaimSize="41";
LandClaimDeadZone="30";
LandClaimExpiryTime="3";
LandClaimDecayMode="0";
LandClaimOnlineDurabilityModifier="4";
LandClaimOfflineDurabilityModifier="4";
PartySharedKillRange="100";
AirDropFrequency="72";
AirDropMarker="false";
MaxSpawnedZombies="60";
MaxSpawnedAnimals="50";
EACEnabled="true";
HideCommandExecutionLog="0";
MaxUncoveredMapChunksPerPlayer="131072";
BedrollDeadZoneSize="15";
ServerLoginConfirmationText="Prout";
};
gameConfig = builtins.toFile "serverconfig.xml" ''
<?xml version="1.0"?>
<ServerSettings>
${concatStrings (
mapAttrsToList (name: value:
" <property name=\"${name}\" value=\"${value}\"/>\n"
) gameOptions)}
</ServerSettings>
'';
in
{
options.services.sdtdserver = {
enable = mkEnableOption "Activation du serveur dédié 7 Days to Die";
};
config = mkIf cfg.enable {
systemd.services.sdtdserver = {
description = "Serveur dédié 7 Days to Die";
requires = ["network-online.target"];
wantedBy = ["multi-user.target"];
environment = { HOME = gamePath; };
serviceConfig = {
DynamicUser = true;
StateDirectory = "sdtdserver";
};
preStart = let
libPath = with pkgs; lib.makeLibraryPath [
stdenv.cc.cc.lib
];
in ''
${pkgs.steamcmd}/bin/steamcmd +login anonymous +force_install_dir ${gamePath} +app_update 294420 validate +quit
install -m666 ${gameConfig} ${gamePath}/serverconfig.xml
'';
script = ''
${pkgs.steam-run}/bin/steam-run ${gamePath}/7DaysToDieServer.x86_64 -quit -batchmode -nographics -dedicated -configfile=serverconfig.xml
'';
};
networking.firewall = {
allowedTCPPorts = [ 26900 ];
allowedUDPPorts = [ 26900 26901 26902 ];
};
};
}

3
systems/LoutreOS/services.nix
View File

@ -26,9 +26,6 @@ in
{ {
imports = [ imports = [
../../services/python-ci.nix
../../services/sdtdserver.nix
# /mnt/secrets/factorio_secrets.nix
./monitoring.nix ./monitoring.nix
./medias.nix ./medias.nix
./web.nix ./web.nix

63
systems/LoutreOS/web.nix
View File

@ -61,43 +61,10 @@ in
isSystemUser = true; isSystemUser = true;
group = config.users.groups.webdav.name; group = config.users.groups.webdav.name;
}; };
# wordpress = {
# isSystemUser = true;
# group = config.services.nginx.group;
# };
}; };
services = { services = {
phpfpm.pools = { phpfpm.pools = {
# work = {
# user = config.users.users.work.name;
# phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]);
# settings = {
# "listen.owner" = config.services.nginx.user;
# "pm" = "dynamic";
# "pm.max_children" = 75;
# "pm.start_servers" = 10;
# "pm.min_spare_servers" = 5;
# "pm.max_spare_servers" = 20;
# "pm.max_requests" = 500;
# };
# };
# "wordpress-designyourfuture" = {
# user = config.users.users.wordpress.name;
# group = config.services.nginx.group;
# settings = {
# "listen.owner" = config.services.nginx.user;
# "pm" = "dynamic";
# "pm.max_children" = 32;
# "pm.start_servers" = 2;
# "pm.min_spare_servers" = 2;
# "pm.max_spare_servers" = 4;
# "pm.max_requests" = 500;
# };
# };
drive = { drive = {
user = config.users.users.webdav.name; user = config.users.users.webdav.name;
settings = { settings = {
@ -242,7 +209,6 @@ in
forceSSL = true; forceSSL = true;
globalRedirect = "musique-meyenheim.fr"; globalRedirect = "musique-meyenheim.fr";
}; };
# "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; };
"stream.nyanlout.re" = base { "stream.nyanlout.re" = base {
"/" = { "/" = {
proxyPass = "http://10.30.135.71"; proxyPass = "http://10.30.135.71";
@ -261,7 +227,6 @@ in
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
"ci.nyanlout.re" = simpleReverse 52350;
"gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT;
"musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port;
"photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) {
@ -279,27 +244,6 @@ in
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
# "work.rezom.eu" = base {
# "/" = {
# index = "/_h5ai/public/index.php";
# extraConfig = ''
# dav_ext_methods PROPFIND OPTIONS;
# '';
# };
# "~ ^/(_h5ai/public/index|random).php" = {
# extraConfig = ''
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:${config.services.phpfpm.pools.work.socket};
# include ${pkgs.nginx}/conf/fastcgi_params;
# include ${pkgs.nginx}/conf/fastcgi.conf;
# '';
# };
# } // {
# root = "/mnt/medias/iso_linux";
# extraConfig = ''
# access_log /var/log/nginx/$host.log;
# '';
# };
"drive.nyanlout.re" = base { "drive.nyanlout.re" = base {
"/" = { "/" = {
extraConfig = '' extraConfig = ''
@ -382,13 +326,6 @@ in
}; };
}; };
python-ci.enable = true;
# mysql = {
# enable = true;
# package = pkgs.mariadb;
# };
nextcloud = { nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud30;