bundles/jenkins-ci: add systemd unit file
Some checks failed
kunsi/bundlewrap/pipeline/head There was a failure building this commit
Some checks failed
kunsi/bundlewrap/pipeline/head There was a failure building this commit
This commit is contained in:
parent
bd45def053
commit
945e349d61
GPG key ID:
12E3D2136B818350
4 changed files with 59 additions and 0 deletions
40
bundles/jenkins-ci/files/jenkins.service
Normal file
40
bundles/jenkins-ci/files/jenkins.service
Normal file
|
|
@ -0,0 +1,40 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Jenkins Continuous Integration Server
|
||||||
|
Requires=network.target
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
NotifyAccess=main
|
||||||
|
ExecStart=/usr/bin/java -Djava.awt.headless=true -Xmx512m -Djava.net.preferIPv4Stack=true -jar /usr/share/jenkins/jenkins.war --httpPort=22010 --httpListenAddress=127.0.0.1
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10
|
||||||
|
|
||||||
|
User=jenkins
|
||||||
|
Group=jenkins
|
||||||
|
|
||||||
|
Environment="JENKINS_HOME=/var/lib/jenkins"
|
||||||
|
WorkingDirectory=/var/lib/jenkins
|
||||||
|
|
||||||
|
LimitNOFILE=8192
|
||||||
|
LimitNPROC=256
|
||||||
|
|
||||||
|
UMask=0022
|
||||||
|
|
||||||
|
NoNewPrivileges=true
|
||||||
|
ProtectSystem=true
|
||||||
|
ReadOnlyPaths=/
|
||||||
|
ReadWritePaths=${' '.join(sorted(read_write_paths))}
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
PrivateUsers=true
|
||||||
|
ProtectHostname=true
|
||||||
|
ProtectClock=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
@ -22,6 +22,16 @@ files = {
|
||||||
'/var/lib/jenkins/.ssh/config': {
|
'/var/lib/jenkins/.ssh/config': {
|
||||||
'source': 'ssh-config',
|
'source': 'ssh-config',
|
||||||
},
|
},
|
||||||
|
'/etc/systemd/system/jenkins.service': {
|
||||||
|
'content_type': 'mako',
|
||||||
|
'context': {
|
||||||
|
'read_write_paths': node.metadata.get('jenkins-ci/writeable_paths'),
|
||||||
|
},
|
||||||
|
'triggers': {
|
||||||
|
'action:systemd-reload',
|
||||||
|
'svc_systemd:jenkins:restart',
|
||||||
|
},
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if node.metadata.get('jenkins-ci/install_ssh_key', False):
|
if node.metadata.get('jenkins-ci/install_ssh_key', False):
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,11 @@ defaults = {
|
||||||
'/var/lib/jenkins',
|
'/var/lib/jenkins',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
'jenkins-ci': {
|
||||||
|
'writeable_paths': {
|
||||||
|
'/var/lib/jenkins',
|
||||||
|
},
|
||||||
|
},
|
||||||
'zfs': {
|
'zfs': {
|
||||||
'datasets': {
|
'datasets': {
|
||||||
'tank/jenkins': {
|
'tank/jenkins': {
|
||||||
|
|
|
||||||
|
|
@ -152,6 +152,10 @@ nodes['rx300'] = {
|
||||||
'jenkins-ci': {
|
'jenkins-ci': {
|
||||||
'install_ssh_key': True,
|
'install_ssh_key': True,
|
||||||
'domain': 'jenkins.franzi.business',
|
'domain': 'jenkins.franzi.business',
|
||||||
|
'writeable_paths': {
|
||||||
|
'/var/www/franzi.business', # for deployment task
|
||||||
|
'/var/www/unicornsden', # for deployment task
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'letsencrypt': {
|
'letsencrypt': {
|
||||||
'concat_and_deploy': {
|
'concat_and_deploy': {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue