bundles/jenkins-ci: add ssh keys and config

2021-07-11 15:47:45 +02:00 · 2021-07-11 15:47:45 +02:00 · 72f148425a
parent 0a14d46cf2
commit 72f148425a
5 changed files with 26 additions and 2 deletions
--- a/bundles/jenkins-ci/files/ssh-config
+++ b/bundles/jenkins-ci/files/ssh-config
@ -0,0 +1,3 @@
 Host *
    UserKnownHostsFile /dev/null
    StrictHostKeyChecking no
--- a/bundles/jenkins-ci/items.py
+++ b/bundles/jenkins-ci/items.py
@ -6,6 +6,11 @@ directories = {
            'pkg_apt:jenkins',
        },
    },
    '/var/lib/jenkins/.ssh': {
        'mode': '0755',
        'owner': 'git',
        'group': 'git',
    },
 }
 files = {
@ -14,8 +19,19 @@ files = {
            'svc_systemd:jenkins:restart',
        },
    },
    '/var/lib/jenkins/.ssh/config': {
        'source': 'ssh-config',
    },
 }
 if node.metadata.get('jenkins-ci/install_ssh_key', False):
    files['/var/lib/jenkins/.ssh/id_ed25519'] = {
        'content': repo.vault.decrypt_file(f'jenkins-ci/files/ssh-keys/{node.name}.key.vault'),
        'mode': '0600',
        'owner': 'jenkins',
        'group': 'jenkins',
    }
 svc_systemd = {
    'jenkins': {
        'needs': {
--- a/data/jenkins-ci/files/ssh-keys/rx300.key.vault
+++ b/data/jenkins-ci/files/ssh-keys/rx300.key.vault
@ -0,0 +1 @@
 encrypt$gAAAAABg6vNNuCZcmhH52dQDiD4ePsbXhz0kHSjqX3yduJ6E5NylWEdKNtjtrfc9bu1WNnDBO0YpsqxIeax2u1xc6gstohVfbu2MgwGJKpA7J5Py6xiQL82YKJcwV7k0EZ7ilWbqlzXuSDh40KG3GWOTPiw_CbsbDEpCU09x1hUs1_0BTPAU6ln4t7ync7ZjFZf_vRBTlrnZWchzXoSwppzedAZeaptfhMWn_-8oARoYvxJf3pkmTSGjovNMvDak_sscq_M2rldng6_oboR4iTo_6eY6bpCjEGD3xMeSzLhDZsJ4c0l9bZBDef-NRWA7Ewptc4KYKVvzKlgyrByqSV8TCmYn4aBgOusv-VAW3VqKg2rHi3nq5L50zkPwWmHC6_rdtIS-pAlnR5A0HJYdXGyf2eQSq3UkrZA3BIFlqUWrvS8aTWxp9CUL5C9oRGpL8P3fVfExiqhmcLGamHZb1Y2kjxX8EMcSCRLgiVO9DwIpXlEm86HfgVcXaL0wpibM32PD0sspOPILThE5P9WETGhpFAWDkWR0WaYQjZuAVlXTtk8tgdh0vC2auQl2pEVbvvnZaa04Ohp2QgE3AJLg3tdekLciwCQmPm0bpX8xYvJ49vNWG-SCaAlLHzLVIMFXFY53-SBOHYnE
--- a/data/jenkins-ci/files/ssh-keys/rx300.pub
+++ b/data/jenkins-ci/files/ssh-keys/rx300.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZnYhsdtGUYJiFcvfqTLljGkInnFTOoDF/WZniLtPjH
--- a/nodes/rx300.py
+++ b/nodes/rx300.py
@ -87,6 +87,9 @@ nodes['rx300'] = {
        'icinga_options': {
            'pretty_name': 'franzi.business',
        },
        'jenkins-ci': {
            'install_ssh_key': True,
        },
        'miniflux': {
            'domain': 'rss.franzi.business',
        },
@ -150,8 +153,8 @@ nodes['rx300'] = {
                    'domain': 'map.unicornsden.com',
                    'php': True,
                    'webroot_config': {
-                        'owner': 'git',
+                        'owner': 'jenkins',
-                        'group': 'git',
+                        'group': 'jenkins',
                        'mode': '0755',
                    },
                },
		`@ -0,0 +1 @@`
							encrypt$gAAAAABg6vNNuCZcmhH52dQDiD4ePsbXhz0kHSjqX3yduJ6E5NylWEdKNtjtrfc9bu1WNnDBO0YpsqxIeax2u1xc6gstohVfbu2MgwGJKpA7J5Py6xiQL82YKJcwV7k0EZ7ilWbqlzXuSDh40KG3GWOTPiw_CbsbDEpCU09x1hUs1_0BTPAU6ln4t7ync7ZjFZf_vRBTlrnZWchzXoSwppzedAZeaptfhMWn_-8oARoYvxJf3pkmTSGjovNMvDak_sscq_M2rldng6_oboR4iTo_6eY6bpCjEGD3xMeSzLhDZsJ4c0l9bZBDef-NRWA7Ewptc4KYKVvzKlgyrByqSV8TCmYn4aBgOusv-VAW3VqKg2rHi3nq5L50zkPwWmHC6_rdtIS-pAlnR5A0HJYdXGyf2eQSq3UkrZA3BIFlqUWrvS8aTWxp9CUL5C9oRGpL8P3fVfExiqhmcLGamHZb1Y2kjxX8EMcSCRLgiVO9DwIpXlEm86HfgVcXaL0wpibM32PD0sspOPILThE5P9WETGhpFAWDkWR0WaYQjZuAVlXTtk8tgdh0vC2auQl2pEVbvvnZaa04Ohp2QgE3AJLg3tdekLciwCQmPm0bpX8xYvJ49vNWG-SCaAlLHzLVIMFXFY53-SBOHYnE
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZnYhsdtGUYJiFcvfqTLljGkInnFTOoDF/WZniLtPjH`