aboutsummaryrefslogtreecommitdiff
path: root/data/jenkins
diff options
context:
space:
mode:
authorSam Chudnick <sam@chudnick.com>2023-06-25 09:52:36 -0400
committerSam Chudnick <sam@chudnick.com>2023-06-25 09:52:36 -0400
commit95b73daa36b23565a8566f71f9b202d3459b685f (patch)
treecb17b021be70e7868d0ec235a761f0ecdc80f3f2 /data/jenkins
Initial CommitHEADmaster
Diffstat (limited to 'data/jenkins')
-rw-r--r--data/jenkins/configuration.yml.j2163
-rw-r--r--data/jenkins/jenkins.conf85
2 files changed, 248 insertions, 0 deletions
diff --git a/data/jenkins/configuration.yml.j2 b/data/jenkins/configuration.yml.j2
new file mode 100644
index 0000000..c5f652d
--- /dev/null
+++ b/data/jenkins/configuration.yml.j2
@@ -0,0 +1,163 @@
1credentials:
2 system:
3 domainCredentials:
4 - credentials:
5 - basicSSHUserPrivateKey:
6 description: "SSH Key for Jenkins User in FreeIPA"
7 id: "jenkins_freeipa_ssh"
8 privateKeySource:
9 directEntry:
10 privateKey: "{{ jenkins_privkey }}"
11 scope: GLOBAL
12 username: "jenkins"
13 - string:
14 description: "Ansible Vault Credentials"
15 id: "ansible_vault"
16 scope: GLOBAL
17 secret: "{{ jenkins_vault }}"
18jenkins:
19 agentProtocols:
20 - "JNLP4-connect"
21 - "Ping"
22 authorizationStrategy:
23 loggedInUsersCanDoAnything:
24 allowAnonymousRead: true
25 crumbIssuer:
26 standard:
27 excludeClientIPFromCrumb: false
28 disableRememberMe: false
29 disabledAdministrativeMonitors:
30 - "jenkins.diagnostics.ControllerExecutorsNoAgents"
31 labelAtoms:
32 - name: "built-in"
33 markupFormatter: "plainText"
34 mode: NORMAL
35 myViewsTabBar: "standard"
36 noUsageStatistics: true
37 numExecutors: 1
38 primaryView:
39 all:
40 name: "all"
41 projectNamingStrategy: "standard"
42 quietPeriod: 5
43 remotingSecurity:
44 enabled: true
45 scmCheckoutRetryCount: 0
46 securityRealm:
47 oic:
48 authorizationServerUrl: "https://auth.chudnick.com/api/oidc/authorization"
49 automanualconfigure: "auto"
50 clientId: "jenkins"
51 clientSecret: "{{ jenkins_oic_secret }}"
52 disableSslVerification: false
53 escapeHatchEnabled: false
54 escapeHatchSecret: "{{ jenkins_oic_escapehatch }}"
55 logoutFromOpenidProvider: false
56 scopes: "openid offline_access profile groups email"
57 tokenAuthMethod: "client_secret_post"
58 tokenServerUrl: "https://auth.chudnick.com/api/oidc/token"
59 userInfoServerUrl: "https://auth.chudnick.com/api/oidc/userinfo"
60 userNameField: "sub"
61 wellKnownOpenIDConfigurationUrl: "https://auth.chudnick.com/.well-known/openid-configuration"
62 slaveAgentPort: -1
63 updateCenter:
64 sites:
65 - id: "default"
66 url: "https://updates.jenkins.io/update-center.json"
67 views:
68 - all:
69 name: "all"
70 viewsTabBar: "standard"
71globalCredentialsConfiguration:
72 configuration:
73 providerFilter: "none"
74 typeFilter: "none"
75security:
76 apiToken:
77 creationOfLegacyTokenEnabled: false
78 tokenGenerationOnCreationEnabled: false
79 usageStatisticsEnabled: true
80 gitHooks:
81 allowedOnAgents: false
82 allowedOnController: false
83 gitHostKeyVerificationConfiguration:
84 sshHostKeyVerificationStrategy: "knownHostsFileVerificationStrategy"
85 sSHD:
86 port: -1
87unclassified:
88 buildDiscarders:
89 configuredBuildDiscarders:
90 - "jobBuildDiscarder"
91 buildStepOperation:
92 enabled: false
93 fingerprints:
94 fingerprintCleanupDisabled: false
95 storage: "file"
96 scmGit:
97 addGitTagAction: false
98 allowSecondFetch: false
99 createAccountBasedOnEmail: false
100 disableGitToolChooser: false
101 hideCredentials: false
102 showEntireCommitSummaryInChanges: false
103 useExistingAccountWithSameEmail: false
104 giteaServers:
105 servers:
106 - displayName: "Local"
107 manageHooks: false
108 serverUrl: "https://gitea.chudnick.com"
109 globalTimeOutConfiguration:
110 operations:
111 - "abortOperation"
112 overwriteable: false
113 junitTestResultStorage:
114 storage: "file"
115 location:
116 adminAddress: "sam@chudnick.com"
117 url: "https://jenkins.chudnick.com/"
118 mailer:
119 charset: "UTF-8"
120 useSsl: false
121 useTls: false
122 metricsAccessKey:
123 accessKeys:
124 - canHealthCheck: true
125 canMetrics: true
126 canPing: true
127 canThreadDump: false
128 key: "{{ jenkins_metrics_key }}"
129 origins: "*"
130 pollSCM:
131 pollingThreadCount: 10
132 prometheusConfiguration:
133 appendParamLabel: false
134 appendStatusLabel: true
135 collectDiskUsage: true
136 collectingMetricsPeriodInSeconds: 120
137 countAbortedBuilds: true
138 countFailedBuilds: true
139 countNotBuiltBuilds: true
140 countSuccessfulBuilds: true
141 countUnstableBuilds: true
142 defaultNamespace: "default"
143 fetchTestResults: true
144 jobAttributeName: "jenkins_job"
145 path: "prometheus"
146 processingDisabledBuilds: false
147 useAuthenticatedEndpoint: false
148 themeManager:
149 disableUserThemes: false
150 theme: "dark"
151tool:
152 ansible:
153 installations:
154 - home: "/usr/bin/"
155 name: "Default"
156 git:
157 installations:
158 - home: "git"
159 name: "Default"
160 mavenGlobalConfig:
161 globalSettingsProvider: "standard"
162 settingsProvider: "standard"
163
diff --git a/data/jenkins/jenkins.conf b/data/jenkins/jenkins.conf
new file mode 100644
index 0000000..0c477a5
--- /dev/null
+++ b/data/jenkins/jenkins.conf
@@ -0,0 +1,85 @@
1upstream jenkins {
2 keepalive 32; # keepalive connections
3 server 127.0.0.1:8080; # jenkins ip and port
4}
5
6# Required for Jenkins websocket agents
7map $http_upgrade $connection_upgrade {
8 default upgrade;
9 '' close;
10}
11
12server {
13 listen 443 ssl;
14 server_name jenkins.chudnick.com;
15
16 ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
17 ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
18 add_header Strict-Transport-Security "max-age=31536000" always;
19 ssl_stapling on;
20 ssl_stapling_verify on;
21
22 # Security / XSS Mitigation Headers
23 add_header X-Frame-Options "SAMEORIGIN";
24 add_header X-XSS-Protection "1; mode=block";
25 add_header X-Content-Type-Options "nosniff";
26
27 root /var/run/jenkins/war/;
28 access_log /var/log/nginx/jenkins.access.log;
29 error_log /var/log/nginx/jenkins.error.log;
30 ignore_invalid_headers off;
31
32 location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
33 # rewrite all static files into requests to the root
34 # E.g /static/12345678/css/something.css will become /css/something.css
35 rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
36 }
37
38 location /userContent {
39 # have nginx handle all the static requests to userContent folder
40 # note : This is the $JENKINS_HOME dir
41 root /var/lib/jenkins/;
42 if (!-f $request_filename){
43 # this file does not exist, might be a directory or a /**view** url
44 rewrite (.*) /$1 last;
45 break;
46 }
47 sendfile on;
48 }
49
50 location / {
51 sendfile off;
52 proxy_pass http://jenkins;
53 proxy_redirect default;
54 proxy_http_version 1.1;
55
56 # Required for Jenkins websocket agents
57 proxy_set_header Connection $connection_upgrade;
58 proxy_set_header Upgrade $http_upgrade;
59
60 proxy_set_header Host $host;
61 proxy_set_header X-Real-IP $remote_addr;
62 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
63 proxy_set_header X-Forwarded-Proto $scheme;
64 proxy_max_temp_file_size 0;
65
66 #this is the maximum upload size
67 client_max_body_size 10m;
68 client_body_buffer_size 128k;
69
70 proxy_connect_timeout 90;
71 proxy_send_timeout 90;
72 proxy_read_timeout 90;
73 proxy_buffering off;
74 proxy_request_buffering off; # Required for HTTP CLI commands
75 proxy_set_header Connection ""; # Clear for keepalive
76 }
77
78}
79
80server {
81 listen 80;
82 listen [::]:80;
83 server_name jenkins.chudnick.com;
84 return 301 https://$host$request_uri;
85}