directories = {
    '/var/lib/jenkins': {
        'owner': 'jenkins',
        'group': 'jenkins',
        'needs': {
            'pkg_apt:jenkins',
        },
    },
    '/var/lib/jenkins/.ssh': {
        'mode': '0755',
        'owner': 'git',
        'group': 'git',
    },
}

files = {
    '/etc/default/jenkins': {
        'triggers': {
            'svc_systemd:jenkins:restart',
        },
    },
    '/var/lib/jenkins/.ssh/config': {
        'source': 'ssh-config',
    },
    '/etc/systemd/system/jenkins.service': {
        'content_type': 'mako',
        'context': {
            'read_write_paths': node.metadata.get('jenkins-ci/writeable_paths'),
        },
        'triggers': {
            'action:systemd-reload',
            'svc_systemd:jenkins:restart',
        },
    }
}

if node.metadata.get('jenkins-ci/install_ssh_key', False):
    files['/var/lib/jenkins/.ssh/id_ed25519'] = {
        'content': repo.vault.decrypt_file(f'jenkins-ci/files/ssh-keys/{node.name}.key.vault'),
        'mode': '0600',
        'owner': 'jenkins',
        'group': 'jenkins',
    }

svc_systemd = {
    'jenkins': {
        'needs': {
            'directory:/var/lib/jenkins',
            'pkg_apt:jenkins',
        },
    },
}