From 72f148425a968bdebeef309bfd0f1bbc7ab5468a Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 11 Jul 2021 15:47:45 +0200 Subject: [PATCH] bundles/jenkins-ci: add ssh keys and config --- bundles/jenkins-ci/files/ssh-config | 3 +++ bundles/jenkins-ci/items.py | 16 ++++++++++++++++ data/jenkins-ci/files/ssh-keys/rx300.key.vault | 1 + data/jenkins-ci/files/ssh-keys/rx300.pub | 1 + nodes/rx300.py | 7 +++++-- 5 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 bundles/jenkins-ci/files/ssh-config create mode 100644 data/jenkins-ci/files/ssh-keys/rx300.key.vault create mode 100644 data/jenkins-ci/files/ssh-keys/rx300.pub diff --git a/bundles/jenkins-ci/files/ssh-config b/bundles/jenkins-ci/files/ssh-config new file mode 100644 index 0000000..564c5f9 --- /dev/null +++ b/bundles/jenkins-ci/files/ssh-config @@ -0,0 +1,3 @@ +Host * + UserKnownHostsFile /dev/null + StrictHostKeyChecking no diff --git a/bundles/jenkins-ci/items.py b/bundles/jenkins-ci/items.py index da6ea1a..03e627e 100644 --- a/bundles/jenkins-ci/items.py +++ b/bundles/jenkins-ci/items.py @@ -6,6 +6,11 @@ directories = { 'pkg_apt:jenkins', }, }, + '/var/lib/jenkins/.ssh': { + 'mode': '0755', + 'owner': 'git', + 'group': 'git', + }, } files = { @@ -14,8 +19,19 @@ files = { 'svc_systemd:jenkins:restart', }, }, + '/var/lib/jenkins/.ssh/config': { + 'source': 'ssh-config', + }, } +if node.metadata.get('jenkins-ci/install_ssh_key', False): + files['/var/lib/jenkins/.ssh/id_ed25519'] = { + 'content': repo.vault.decrypt_file(f'jenkins-ci/files/ssh-keys/{node.name}.key.vault'), + 'mode': '0600', + 'owner': 'jenkins', + 'group': 'jenkins', + } + svc_systemd = { 'jenkins': { 'needs': { diff --git a/data/jenkins-ci/files/ssh-keys/rx300.key.vault b/data/jenkins-ci/files/ssh-keys/rx300.key.vault new file mode 100644 index 0000000..e56190a --- /dev/null +++ b/data/jenkins-ci/files/ssh-keys/rx300.key.vault @@ -0,0 +1 @@ +encrypt$gAAAAABg6vNNuCZcmhH52dQDiD4ePsbXhz0kHSjqX3yduJ6E5NylWEdKNtjtrfc9bu1WNnDBO0YpsqxIeax2u1xc6gstohVfbu2MgwGJKpA7J5Py6xiQL82YKJcwV7k0EZ7ilWbqlzXuSDh40KG3GWOTPiw_CbsbDEpCU09x1hUs1_0BTPAU6ln4t7ync7ZjFZf_vRBTlrnZWchzXoSwppzedAZeaptfhMWn_-8oARoYvxJf3pkmTSGjovNMvDak_sscq_M2rldng6_oboR4iTo_6eY6bpCjEGD3xMeSzLhDZsJ4c0l9bZBDef-NRWA7Ewptc4KYKVvzKlgyrByqSV8TCmYn4aBgOusv-VAW3VqKg2rHi3nq5L50zkPwWmHC6_rdtIS-pAlnR5A0HJYdXGyf2eQSq3UkrZA3BIFlqUWrvS8aTWxp9CUL5C9oRGpL8P3fVfExiqhmcLGamHZb1Y2kjxX8EMcSCRLgiVO9DwIpXlEm86HfgVcXaL0wpibM32PD0sspOPILThE5P9WETGhpFAWDkWR0WaYQjZuAVlXTtk8tgdh0vC2auQl2pEVbvvnZaa04Ohp2QgE3AJLg3tdekLciwCQmPm0bpX8xYvJ49vNWG-SCaAlLHzLVIMFXFY53-SBOHYnE \ No newline at end of file diff --git a/data/jenkins-ci/files/ssh-keys/rx300.pub b/data/jenkins-ci/files/ssh-keys/rx300.pub new file mode 100644 index 0000000..55ce7ec --- /dev/null +++ b/data/jenkins-ci/files/ssh-keys/rx300.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZnYhsdtGUYJiFcvfqTLljGkInnFTOoDF/WZniLtPjH diff --git a/nodes/rx300.py b/nodes/rx300.py index 78374b9..d66a7b0 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -87,6 +87,9 @@ nodes['rx300'] = { 'icinga_options': { 'pretty_name': 'franzi.business', }, + 'jenkins-ci': { + 'install_ssh_key': True, + }, 'miniflux': { 'domain': 'rss.franzi.business', }, @@ -150,8 +153,8 @@ nodes['rx300'] = { 'domain': 'map.unicornsden.com', 'php': True, 'webroot_config': { - 'owner': 'git', - 'group': 'git', + 'owner': 'jenkins', + 'group': 'jenkins', 'mode': '0755', }, },