jenkins.yaml.tmpl (11800B)
1 credentials: 2 system: 3 domainCredentials: 4 - credentials: 5 - vaultAppRoleCredential: 6 description: "Jenkins approle on vault.in0rdr.ch" 7 id: "vault.in0rdr.ch" 8 path: "approle" 9 roleId: "{{with secret "kv/jenkins/vault-secret-source"}}{{index .Data.data.role_id}}{{end}}" 10 scope: GLOBAL 11 secretId: "{{with secret "kv/jenkins/vault-secret-source"}}{{index .Data.data.secret_id}}{{end}}" 12 usePolicies: false 13 - string: 14 description: "Nomad ACL NOMAD_TOKEN for Nomad cloud plugin" 15 id: "nomad" 16 scope: GLOBAL 17 secret: "{{with secret "kv/jenkins/nomad_token"}}{{index .Data.data.password}}{{end}}" 18 unclassified: 19 location: 20 adminAddress: "{{ if nomadVarExists "nomad/jobs/jenkins" -}} 21 {{ with nomadVar "nomad/jobs/jenkins" }}{{ .admin_address }}{{ end -}} 22 {{ else }}address not configured yet <nobody@nowhere>{{ end}}" 23 url: "https://jenkins.in0rdr.ch" 24 hashicorpVault: 25 configuration: 26 vaultCredentialId: "vault.in0rdr.ch" 27 vaultUrl: "https://vault.in0rdr.ch" 28 mailer: 29 authentication: 30 password: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.password}}{{end}}" 31 username: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.username}}{{end}}" 32 replyToAddress: "no-reply@p0c.ch" 33 smtpHost: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.smtpHost}}{{end}}" 34 smtpPort: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.smtpPort}}{{end}}" 35 globalLibraries: 36 libraries: 37 - name: "in0rdr-jenkins-lib" 38 retriever: 39 modernSCM: 40 scm: 41 gitSource: 42 remote: "https://git.in0rdr.ch/jenkins-lib.git" 43 scmGit: 44 globalConfigEmail: "jenkins@jenkins.in0rdr.ch" 45 globalConfigName: "jenkins" 46 jenkins: 47 # https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/demos/jenkins/jenkins.yaml 48 systemMessage: | 49 {\__/} 50 ( • . •) 51 / >💾 Jenkins configured with Jenkins Configuration as Code plugin 52 # Building on the built-in node can be a security issue. You should set the 53 # number of executors on the built-in node to 0: 54 # https://www.jenkins.io/doc/book/security/controller-isolation/#not-building-on-the-built-in-node 55 numExecutors: 0 56 slaveAgentPort: 50000 57 authorizationStrategy: 58 loggedInUsersCanDoAnything: 59 allowAnonymousRead: false 60 securityRealm: 61 # https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/embedded-userdatabase 62 local: 63 allowsSignup: false 64 users: 65 - id: in0rdr 66 password: "{{with secret "kv/jenkins/users"}}{{index .Data.data.in0rdr}}{{end}}" 67 globalNodeProperties: 68 - envVars: 69 env: 70 - key: "GIT_AUTHOR_EMAIL" 71 value: "jenkins@jenkins.in0rdr.ch" 72 - key: "GIT_AUTHOR_NAME" 73 value: "jenkins" 74 clouds: 75 - nomad: 76 name: "nomad" 77 nomadUrl: "https://{{env "attr.unique.network.ip-address"}}:4646" 78 nomadACLCredentialsId: "nomad" 79 tlsEnabled: true 80 serverCertificate: "/etc/ssl/certs/nomad-agent-ca.p12" 81 # the truststore only contains public certificates, password is irrelevant here 82 serverPassword: "123456" 83 clientPassword: 84 prune: true 85 templates: 86 - idleTerminationInMinutes: 10 87 jobTemplate: |- 88 { 89 "Job": { 90 "Region": "global", 91 "ID": "%WORKER_NAME%", 92 "Namespace": "default", 93 "Type": "batch", 94 "Datacenters": [ 95 "dc1" 96 ], 97 "Constraints": [ 98 { 99 "LTarget": "^${attr.cpu.arch}", 100 "Operand": "=", 101 "RTarget": "arm64" 102 } 103 ], 104 "TaskGroups": [ 105 { 106 "Name": "jenkins-podman-worker-taskgroup", 107 "Count": 1, 108 "RestartPolicy": { 109 "Attempts": 0, 110 "Interval": 10000000000, 111 "Mode": "fail", 112 "Delay": 1000000000 113 }, 114 "Tasks": [ 115 { 116 "Name": "jenkins-podman-worker", 117 "Driver": "podman", 118 "User": "jenkins", 119 "Config": { 120 "volumes": [ 121 "/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock", 122 "/etc/containers/registries.conf:/etc/containers/registries.conf", 123 "/home/jenkins/workspace:/home/jenkins/workspace" 124 ], 125 "force_pull": true, 126 "image": "127.0.0.1:5000/jenkins-inbound-agent:${REMOTING_VERSION}" 127 }, 128 "Env": { 129 "REMOTING_OPTS": "-url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }}", 130 "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock" 131 }, 132 "Resources": { 133 "CPU": 500, 134 "MemoryMB": 512, 135 "MemoryMaxMB": 1024 136 } 137 } 138 ], 139 "EphemeralDisk": { 140 "SizeMB": 300 141 } 142 } 143 ] 144 } 145 } 146 labels: "nomad podman arm64" # use the 'podman' label in the Jenkins pipeline spec 147 numExecutors: 1 148 prefix: "jenkins-podman-arm64" 149 reusable: true 150 - idleTerminationInMinutes: 10 151 jobTemplate: |- 152 { 153 "Job": { 154 "Region": "global", 155 "ID": "%WORKER_NAME%", 156 "Namespace": "default", 157 "Type": "batch", 158 "Datacenters": [ 159 "dc1" 160 ], 161 "Constraints": [ 162 { 163 "LTarget": "^${attr.cpu.arch}", 164 "Operand": "=", 165 "RTarget": "amd64" 166 } 167 ], 168 "TaskGroups": [ 169 { 170 "Name": "jenkins-podman-worker-taskgroup", 171 "Count": 1, 172 "RestartPolicy": { 173 "Attempts": 0, 174 "Interval": 10000000000, 175 "Mode": "fail", 176 "Delay": 1000000000 177 }, 178 "Tasks": [ 179 { 180 "Name": "jenkins-podman-worker", 181 "Driver": "podman", 182 "User": "jenkins", 183 "Config": { 184 "volumes": [ 185 "/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock", 186 "/etc/containers/registries.conf:/etc/containers/registries.conf", 187 "/home/jenkins/workspace:/home/jenkins/workspace" 188 ], 189 "force_pull": true, 190 "image": "127.0.0.1:5000/jenkins-inbound-agent:${REMOTING_VERSION}" 191 }, 192 "Env": { 193 "REMOTING_OPTS": "-url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }}", 194 "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock" 195 }, 196 "Resources": { 197 "CPU": 500, 198 "MemoryMB": 512, 199 "MemoryMaxMB": 1024 200 } 201 } 202 ], 203 "EphemeralDisk": { 204 "SizeMB": 300 205 } 206 } 207 ] 208 } 209 } 210 labels: "nomad podman amd64" # use the 'podman' label in the Jenkins pipeline spec 211 numExecutors: 1 212 prefix: "jenkins-podman-amd64" 213 reusable: true 214 - idleTerminationInMinutes: 10 215 jobTemplate: |- 216 { 217 "Job": { 218 "Region": "global", 219 "ID": "%WORKER_NAME%", 220 "Namespace": "default", 221 "Type": "service", 222 "Datacenters": [ 223 "dc1" 224 ], 225 "TaskGroups": [ 226 { 227 "Name": "jenkins-packer-worker-taskgroup", 228 "Count": 1, 229 "RestartPolicy": { 230 "Attempts": 0, 231 "Interval": 10000000000, 232 "Mode": "fail", 233 "Delay": 1000000000 234 }, 235 "Tasks": [ 236 { 237 "Name": "jenkins-packer-worker", 238 "Driver": "exec", 239 "User": "jenkins", 240 "Config": { 241 "command": "/bin/sh", 242 "args": [ 243 "-c", 244 "java -jar ./${NOMAD_TASK_DIR}/remoting-${REMOTING_VERSION}.jar -url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }} $@" 245 ] 246 }, 247 "Artifacts": [ 248 { 249 "Chown": false, 250 "GetterHeaders": null, 251 "GetterInsecure": false, 252 "GetterMode": "any", 253 "GetterOptions": null, 254 "GetterSource": "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${REMOTING_VERSION}/remoting-${REMOTING_VERSION}.jar", 255 "RelativeDest": "${NOMAD_TASK_DIR}" 256 } 257 ], 258 "Resources": { 259 "CPU": 500, 260 "MemoryMB": 512, 261 "MemoryMaxMB": 1024 262 } 263 } 264 ], 265 "EphemeralDisk": { 266 "SizeMB": 300 267 } 268 } 269 ] 270 } 271 } 272 labels: "nomad packer" 273 numExecutors: 1 274 prefix: "jenkins-packer" 275 reusable: true 276 workerTimeout: 1 277 # Configuration example for the Docker cloud to spawn Jenkins agents directly 278 # in Docker containers without intermediary Nomad jobs: 279 # - https://plugins.jenkins.io/docker-plugin/#plugin-content-jcasc-plugin 280 #- docker: 281 # name: "docker" 282 # containerCap: 3 283 # dockerApi: 284 # connectTimeout: 23 285 # dockerHost: 286 # uri: "unix:///home/jenkins/agent/podman.sock" 287 # readTimeout: 43 288 # errorDuration: 313 289 # templates: 290 # - connector: 291 # jnlp: 292 # jenkinsUrl: "http://{{ env "NOMAD_ADDR_jenkins" }}" 293 # user: "1312" 294 # dockerTemplateBase: 295 # image: "127.0.0.1:5000/jenkins-inbound-agent:latest" 296 # environment: 297 # - JENKINS_TUNNEL={{ env "NOMAD_ADDR_jnlp" }} 298 # - DOCKER_HOST=unix:///home/jenkins/agent/podman.sock 299 # labelString: "podman" 300 # name: "alpine-jdk21" 301 # pullTimeout: 171 302 # remoteFs: "/home/jenkins/agent" 303 304 # https://github.com/jenkinsci/theme-manager-plugin 305 appearance: 306 themeManager: 307 disableUserThemes: false 308 theme: "dark" 309 customHeader: 310 enabled: true 311 logo: 312 image: 313 logoUrl: "https://www.jenkins.io/images/logos/kongfu/kongfu.png" 314 loginTheme: 315 branding: "https://www.jenkins.io/images/logos/kongfu/kongfu.png"