jenkins.yaml.tmpl (8878B)
1 credentials: 2 system: 3 domainCredentials: 4 - credentials: 5 - vaultAppRoleCredential: 6 description: "Jenkins approle on vault.in0rdr.ch" 7 id: "vault.in0rdr.ch" 8 path: "approle" 9 roleId: "{{with secret "kv/jenkins/vault-secret-source"}}{{index .Data.data.role_id}}{{end}}" 10 scope: GLOBAL 11 secretId: "{{with secret "kv/jenkins/vault-secret-source"}}{{index .Data.data.secret_id}}{{end}}" 12 usePolicies: false 13 unclassified: 14 location: 15 adminAddress: "{{ if nomadVarExists "nomad/jobs/jenkins" -}} 16 {{ with nomadVar "nomad/jobs/jenkins" }}{{ .admin_address }}{{ end -}} 17 {{ else }}address not configured yet <nobody@nowhere>{{ end}}" 18 url: "https://jenkins.in0rdr.ch" 19 hashicorpVault: 20 configuration: 21 vaultCredentialId: "vault.in0rdr.ch" 22 vaultUrl: "https://vault.in0rdr.ch" 23 mailer: 24 authentication: 25 password: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.password}}{{end}}" 26 username: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.username}}{{end}}" 27 replyToAddress: "no-reply@p0c.ch" 28 smtpHost: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.smtpHost}}{{end}}" 29 smtpPort: "{{with secret "kv/jenkins/mailer"}}{{index .Data.data.smtpPort}}{{end}}" 30 globalLibraries: 31 libraries: 32 - name: "in0rdr-jenkins-lib" 33 retriever: 34 modernSCM: 35 scm: 36 git: 37 remote: "https://git.in0rdr.ch/jenkins-lib.git" 38 scmGit: 39 globalConfigEmail: "jenkins@jenkins.in0rdr.ch" 40 globalConfigName: "jenkins" 41 jenkins: 42 # https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/demos/jenkins/jenkins.yaml 43 systemMessage: | 44 {\__/} 45 ( • . •) 46 / >💾 Jenkins configured with Jenkins Configuration as Code plugin 47 # Building on the built-in node can be a security issue. You should set the 48 # number of executors on the built-in node to 0: 49 # https://www.jenkins.io/doc/book/security/controller-isolation/#not-building-on-the-built-in-node 50 numExecutors: 0 51 slaveAgentPort: 50000 52 authorizationStrategy: 53 loggedInUsersCanDoAnything: 54 allowAnonymousRead: false 55 securityRealm: 56 # https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos/embedded-userdatabase 57 local: 58 allowsSignup: false 59 users: 60 - id: in0rdr 61 password: "{{with secret "kv/jenkins/users"}}{{index .Data.data.in0rdr}}{{end}}" 62 globalNodeProperties: 63 - envVars: 64 env: 65 - key: "GIT_AUTHOR_EMAIL" 66 value: "jenkins@jenkins.in0rdr.ch" 67 - key: "GIT_AUTHOR_NAME" 68 value: "jenkins" 69 clouds: 70 - nomad: 71 name: "nomad" 72 nomadUrl: "https://{{env "attr.unique.network.ip-address"}}:4646" 73 tlsEnabled: true 74 serverCertificate: "/etc/ssl/certs/nomad-agent-ca.p12" 75 # the truststore only contains public certificates, password is irrelevant here 76 serverPassword: "123456" 77 clientPassword: 78 prune: true 79 templates: 80 - idleTerminationInMinutes: 10 81 jobTemplate: |- 82 { 83 "Job": { 84 "Region": "global", 85 "ID": "%WORKER_NAME%", 86 "Namespace": "default", 87 "Type": "batch", 88 "Datacenters": [ 89 "dc1" 90 ], 91 "TaskGroups": [ 92 { 93 "Name": "jenkins-podman-worker-taskgroup", 94 "Count": 1, 95 "RestartPolicy": { 96 "Attempts": 0, 97 "Interval": 10000000000, 98 "Mode": "fail", 99 "Delay": 1000000000 100 }, 101 "Tasks": [ 102 { 103 "Name": "jenkins-podman-worker", 104 "Driver": "podman", 105 "User": "1312", 106 "Config": { 107 "volumes": [ 108 "/run/user/1312/podman/podman.sock:/home/jenkins/agent/podman.sock", 109 "/etc/containers/registries.conf:/etc/containers/registries.conf", 110 "/home/jenkins/workspace:/home/jenkins/workspace" 111 ], 112 "force_pull": true, 113 "image": "127.0.0.1:5000/jenkins-inbound-agent:${REMOTING_VERSION}" 114 }, 115 "Env": { 116 "REMOTING_OPTS": "-url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }}", 117 "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock" 118 }, 119 "Resources": { 120 "CPU": 500, 121 "MemoryMB": 512, 122 "MemoryMaxMB": 1024 123 } 124 } 125 ], 126 "EphemeralDisk": { 127 "SizeMB": 300 128 } 129 } 130 ] 131 } 132 } 133 labels: "nomad podman" # use the 'podman' label in the Jenkins pipeline spec 134 numExecutors: 1 135 prefix: "jenkins-podman" 136 reusable: true 137 - idleTerminationInMinutes: 10 138 jobTemplate: |- 139 { 140 "Job": { 141 "Region": "global", 142 "ID": "%WORKER_NAME%", 143 "Namespace": "default", 144 "Type": "service", 145 "Datacenters": [ 146 "dc1" 147 ], 148 "TaskGroups": [ 149 { 150 "Name": "jenkins-packer-worker-taskgroup", 151 "Count": 1, 152 "RestartPolicy": { 153 "Attempts": 0, 154 "Interval": 10000000000, 155 "Mode": "fail", 156 "Delay": 1000000000 157 }, 158 "Tasks": [ 159 { 160 "Name": "jenkins-packer-worker", 161 "Driver": "exec", 162 "User": "jenkins", 163 "Config": { 164 "command": "/bin/sh", 165 "args": [ 166 "-c", 167 "java -jar ./${NOMAD_TASK_DIR}/remoting-${REMOTING_VERSION}.jar -url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }} $@" 168 ] 169 }, 170 "Artifacts": [ 171 { 172 "Chown": false, 173 "GetterHeaders": null, 174 "GetterInsecure": false, 175 "GetterMode": "any", 176 "GetterOptions": null, 177 "GetterSource": "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${REMOTING_VERSION}/remoting-${REMOTING_VERSION}.jar", 178 "RelativeDest": "${NOMAD_TASK_DIR}" 179 } 180 ], 181 "Resources": { 182 "CPU": 500, 183 "MemoryMB": 512, 184 "MemoryMaxMB": 1024 185 } 186 } 187 ], 188 "EphemeralDisk": { 189 "SizeMB": 300 190 } 191 } 192 ] 193 } 194 } 195 labels: "nomad packer" 196 numExecutors: 1 197 prefix: "jenkins-packer" 198 reusable: true 199 workerTimeout: 1 200 # Configuration example for the Docker cloud to spawn Jenkins agents directly 201 # in Docker containers without intermediary Nomad jobs: 202 # - https://plugins.jenkins.io/docker-plugin/#plugin-content-jcasc-plugin 203 #- docker: 204 # name: "docker" 205 # containerCap: 3 206 # dockerApi: 207 # connectTimeout: 23 208 # dockerHost: 209 # uri: "unix:///home/jenkins/agent/podman.sock" 210 # readTimeout: 43 211 # errorDuration: 313 212 # templates: 213 # - connector: 214 # jnlp: 215 # jenkinsUrl: "http://{{ env "NOMAD_ADDR_jenkins" }}" 216 # user: "1312" 217 # dockerTemplateBase: 218 # image: "127.0.0.1:5000/jenkins-inbound-agent:latest" 219 # environment: 220 # - JENKINS_TUNNEL={{ env "NOMAD_ADDR_jnlp" }} 221 # - DOCKER_HOST=unix:///home/jenkins/agent/podman.sock 222 # labelString: "podman" 223 # name: "alpine-jdk21" 224 # pullTimeout: 171 225 # remoteFs: "/home/jenkins/agent" 226 227 # https://github.com/jenkinsci/theme-manager-plugin 228 appearance: 229 themeManager: 230 disableUserThemes: false 231 theme: "dark" 232 customHeader: 233 enabled: true 234 logo: 235 image: 236 logoUrl: "https://www.jenkins.io/images/logos/kongfu/kongfu.png" 237 loginTheme: 238 branding: "https://www.jenkins.io/images/logos/kongfu/kongfu.png"