nomad

jenkins.nomad (3823B)

---

 job "jenkins" {
   datacenters = ["dc1"]
 
   vault {}
 
   group "server" {
     count = 1
 
     volume "tls" {
       type = "csi"
       source = "certbot"
       access_mode = "multi-node-multi-writer"
       attachment_mode = "file-system"
     }
     volume "jenkins" {
       type = "csi"
       source = "jenkins"
       access_mode = "multi-node-multi-writer"
       attachment_mode = "file-system"
     }
 
     network {
       port "jenkins" {
         to = 8080
       }
       port "jnlp" {
         to = 50000
       }
       port "https" {
         static = 44401
       }
     }
 
     # Install jenkins plugins
     # https://www.jenkins.io/doc/book/installing/docker
     task "install-jenkins-plugins" {
       driver = "podman"
 
       volume_mount {
         volume = "jenkins"
         destination = "/var/jenkins_home"
       }
 
       config {
         image = "docker.io/jenkins/jenkins:lts-jdk21"
         force_pull = true
         command = "jenkins-plugin-cli"
         args = [
           "--plugins",
           "blueocean",
           "configuration-as-code",
           "git",
           "hashicorp-vault-plugin",
           "nomad",
           "pipeline-utility-steps",
           "docker-workflow", # spawn Jenkins agents in Nomad jobs
           #"docker-plugin", # spawn Jenkins agents in Docker containers
           "--plugin-download-directory",
           "/var/jenkins_home/plugins",
         ]
       }
 
       resources {
         memory = 512
         memory_max = 1024
         cpu = 300
       }
 
       lifecycle {
         hook = "prestart"
         sidecar = false
       }
     }
 
     task "jenkins" {
       driver = "podman"
 
       template {
         # https://github.com/GastroGee/jenkins-nomad/blob/main/jenkins-controller/nomad.yaml
         destination = "${NOMAD_TASK_DIR}/jenkins.yaml"
         data = file("./templates/jenkins.yaml.tmpl")
       }
 
       env {
         JAVA_OPTS = "-Djava.awt.headless=true -Djenkins.install.runSetupWizard=false -Dorg.apache.commons.jelly.tags.fmt.timeZone=Europe/Zurich -Dhudson.model.UsageStatistics.disabled=true -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true"
       }
 
       config {
         image = "docker.io/jenkins/jenkins:lts-jdk21"
         force_pull = true
         ports = ["jenkins", "jnlp"]
         volumes = [
           # mount the templated config from the task directory to the container
           "local/jenkins.yaml:/var/jenkins_home/jenkins.yaml",
           # mount the Nomad server truststore
           "/home/jenkins/nomad-agent-ca.p12:/etc/ssl/certs/nomad-agent-ca.p12",
           # Required to test the functionality of the socket in the settings on
           # the Jenkins controller (only for Docker cloud, docker-plugin)
           # https://jenkins.in0rdr.ch/manage/cloud/docker/configure
           #"/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock"
         ]
       }
 
       volume_mount {
         volume = "jenkins"
         destination = "/var/jenkins_home"
       }
 
       resources {
         # https://www.jenkins.io/doc/book/installing/docker/#prerequisites
         memory = 1024
         memory_max = 2048
         cpu    = 500
       }
     }
 
     task "nginx" {
       driver = "podman"
 
       config {
         image = "docker.io/library/nginx:stable-alpine"
         force_pull = true
         ports = ["https"]
         volumes = [
           # mount the templated config from the task directory to the container
           "local/jenkins.conf:/etc/nginx/conf.d/jenkins.conf",
         ]
       }
 
       volume_mount {
         volume = "tls"
         destination = "/etc/letsencrypt"
       }
 
       template {
         destination = "${NOMAD_TASK_DIR}/jenkins.conf"
         data = file("./templates/nginx.conf.tmpl")
       }
 
       resources {
         memory = 50
         memory_max = 256
         cpu    = 200
       }
     }
   }
 }