jenkins.yaml.tmpl (9153B)
1 credentials: 2 system: 3 domainCredentials: 4 - credentials: 5 - vaultAppRoleCredential: 6 description: "Jenkins approle on vault.in0rdr.ch" 7 id: "vault.in0rdr.ch" 8 path: "approle" 9 roleId: "{{with secret "kv/jenkins/vault-secret-source"}}{{index .Data.data.role_id}}{{end}}" 10 scope: GLOBAL 11 secretId: "{{with secret "kv/jenkins/vault-secret-source"}}{{index .Data.data.secret_id}}{{end}}" 12 usePolicies: false 13 - string: 14 description: "Nomad ACL NOMAD_TOKEN for Nomad cloud plugin" 15 id: "nomad" 16 scope: GLOBAL 17 secret: "{{with secret "kv/jenkins/nomad_token"}}{{index .Data.data.password}}{{end}}" 18 unclassified: 19 location: 20 adminAddress: "{{ if nomadVarExists "nomad/jobs/jenkins" -}} 21 {{ with nomadVar "nomad/jobs/jenkins" }}{{ .admin_address }}{{ end -}} 22 {{ else }}address not configured yet <nobody@nowhere>{{ end}}" 23 url: "https://jenkins.in0rdr.ch" 24 hashicorpVault: 25 configuration: 26 vaultCredentialId: "vault.in0rdr.ch" 27 vaultUrl: "https://vault.in0rdr.ch" 28 mailer: 29 authentication: 30 password: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.password}}{{end}}" 31 username: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.username}}{{end}}" 32 replyToAddress: "no-reply@p0c.ch" 33 smtpHost: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.smtpHost}}{{end}}" 34 smtpPort: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.smtpPort}}{{end}}" 35 globalLibraries: 36 libraries: 37 - name: "in0rdr-jenkins-lib" 38 retriever: 39 modernSCM: 40 scm: 41 gitSource: 42 remote: "https://git.in0rdr.ch/jenkins-lib.git" 43 scmGit: 44 globalConfigEmail: "jenkins@jenkins.in0rdr.ch" 45 globalConfigName: "jenkins" 46 jenkins: 47 # https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/demos/jenkins/jenkins.yaml 48 systemMessage: | 49 {\__/} 50 ( • . •) 51 / >💾 Jenkins configured with Jenkins Configuration as Code plugin 52 # Building on the built-in node can be a security issue. You should set the 53 # number of executors on the built-in node to 0: 54 # https://www.jenkins.io/doc/book/security/controller-isolation/#not-building-on-the-built-in-node 55 numExecutors: 0 56 slaveAgentPort: 50000 57 authorizationStrategy: 58 loggedInUsersCanDoAnything: 59 allowAnonymousRead: false 60 securityRealm: 61 # https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/embedded-userdatabase 62 local: 63 allowsSignup: false 64 users: 65 - id: in0rdr 66 password: "{{with secret "kv/jenkins/users"}}{{index .Data.data.in0rdr}}{{end}}" 67 globalNodeProperties: 68 - envVars: 69 env: 70 - key: "GIT_AUTHOR_EMAIL" 71 value: "jenkins@jenkins.in0rdr.ch" 72 - key: "GIT_AUTHOR_NAME" 73 value: "jenkins" 74 clouds: 75 - nomad: 76 name: "nomad" 77 nomadUrl: "https://{{env "attr.unique.network.ip-address"}}:4646" 78 nomadACLCredentialsId: "nomad" 79 tlsEnabled: true 80 serverCertificate: "/etc/ssl/certs/nomad-agent-ca.p12" 81 # the truststore only contains public certificates, password is irrelevant here 82 serverPassword: "123456" 83 clientPassword: 84 prune: true 85 templates: 86 - idleTerminationInMinutes: 10 87 jobTemplate: |- 88 { 89 "Job": { 90 "Region": "global", 91 "ID": "%WORKER_NAME%", 92 "Namespace": "default", 93 "Type": "batch", 94 "Datacenters": [ 95 "dc1" 96 ], 97 "TaskGroups": [ 98 { 99 "Name": "jenkins-podman-worker-taskgroup", 100 "Count": 1, 101 "RestartPolicy": { 102 "Attempts": 0, 103 "Interval": 10000000000, 104 "Mode": "fail", 105 "Delay": 1000000000 106 }, 107 "Tasks": [ 108 { 109 "Name": "jenkins-podman-worker", 110 "Driver": "podman", 111 "User": "jenkins", 112 "Config": { 113 "volumes": [ 114 "/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock", 115 "/etc/containers/registries.conf:/etc/containers/registries.conf", 116 "/home/jenkins/workspace:/home/jenkins/workspace" 117 ], 118 "force_pull": true, 119 "image": "127.0.0.1:5000/jenkins-inbound-agent:${REMOTING_VERSION}" 120 }, 121 "Env": { 122 "REMOTING_OPTS": "-url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }}", 123 "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock" 124 }, 125 "Resources": { 126 "CPU": 500, 127 "MemoryMB": 512, 128 "MemoryMaxMB": 1024 129 } 130 } 131 ], 132 "EphemeralDisk": { 133 "SizeMB": 300 134 } 135 } 136 ] 137 } 138 } 139 labels: "nomad podman" # use the 'podman' label in the Jenkins pipeline spec 140 numExecutors: 1 141 prefix: "jenkins-podman" 142 reusable: true 143 - idleTerminationInMinutes: 10 144 jobTemplate: |- 145 { 146 "Job": { 147 "Region": "global", 148 "ID": "%WORKER_NAME%", 149 "Namespace": "default", 150 "Type": "service", 151 "Datacenters": [ 152 "dc1" 153 ], 154 "TaskGroups": [ 155 { 156 "Name": "jenkins-packer-worker-taskgroup", 157 "Count": 1, 158 "RestartPolicy": { 159 "Attempts": 0, 160 "Interval": 10000000000, 161 "Mode": "fail", 162 "Delay": 1000000000 163 }, 164 "Tasks": [ 165 { 166 "Name": "jenkins-packer-worker", 167 "Driver": "exec", 168 "User": "jenkins", 169 "Config": { 170 "command": "/bin/sh", 171 "args": [ 172 "-c", 173 "java -jar ./${NOMAD_TASK_DIR}/remoting-${REMOTING_VERSION}.jar -url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }} $@" 174 ] 175 }, 176 "Artifacts": [ 177 { 178 "Chown": false, 179 "GetterHeaders": null, 180 "GetterInsecure": false, 181 "GetterMode": "any", 182 "GetterOptions": null, 183 "GetterSource": "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${REMOTING_VERSION}/remoting-${REMOTING_VERSION}.jar", 184 "RelativeDest": "${NOMAD_TASK_DIR}" 185 } 186 ], 187 "Resources": { 188 "CPU": 500, 189 "MemoryMB": 512, 190 "MemoryMaxMB": 1024 191 } 192 } 193 ], 194 "EphemeralDisk": { 195 "SizeMB": 300 196 } 197 } 198 ] 199 } 200 } 201 labels: "nomad packer" 202 numExecutors: 1 203 prefix: "jenkins-packer" 204 reusable: true 205 workerTimeout: 1 206 # Configuration example for the Docker cloud to spawn Jenkins agents directly 207 # in Docker containers without intermediary Nomad jobs: 208 # - https://plugins.jenkins.io/docker-plugin/#plugin-content-jcasc-plugin 209 #- docker: 210 # name: "docker" 211 # containerCap: 3 212 # dockerApi: 213 # connectTimeout: 23 214 # dockerHost: 215 # uri: "unix:///home/jenkins/agent/podman.sock" 216 # readTimeout: 43 217 # errorDuration: 313 218 # templates: 219 # - connector: 220 # jnlp: 221 # jenkinsUrl: "http://{{ env "NOMAD_ADDR_jenkins" }}" 222 # user: "1312" 223 # dockerTemplateBase: 224 # image: "127.0.0.1:5000/jenkins-inbound-agent:latest" 225 # environment: 226 # - JENKINS_TUNNEL={{ env "NOMAD_ADDR_jnlp" }} 227 # - DOCKER_HOST=unix:///home/jenkins/agent/podman.sock 228 # labelString: "podman" 229 # name: "alpine-jdk21" 230 # pullTimeout: 171 231 # remoteFs: "/home/jenkins/agent" 232 233 # https://github.com/jenkinsci/theme-manager-plugin 234 appearance: 235 themeManager: 236 disableUserThemes: false 237 theme: "dark" 238 customHeader: 239 enabled: true 240 logo: 241 image: 242 logoUrl: "https://www.jenkins.io/images/logos/kongfu/kongfu.png" 243 loginTheme: 244 branding: "https://www.jenkins.io/images/logos/kongfu/kongfu.png"