first cut of jenkins package for cloudron

2025-04-21 15:34:14 -04:00
parent f3a57e5b87
commit 9f74e0fc39
3 changed files with 93 additions and 0 deletions
--- a/Techops/jenkins.knownelement.com/casc_templates/default.yaml
+++ b/Techops/jenkins.knownelement.com/casc_templates/default.yaml
@ -0,0 +1,26 @@
+jenkins:
+  systemMessage: "Jenkins configured with local authentication"
+  securityRealm:
+    local:
+      allowsSignup: false
+      enableCaptcha: false
+      users:
+        - id: "admin"
+          password: "adminpass"
+          
+  authorizationStrategy:
+    globalMatrix:
+      permissions:
+        - "Overall/Administer:admin"
+        - "Overall/Read:authenticated"
+        - "Job/Read:authenticated"
+        - "Job/Build:authenticated"
+        - "Job/Create:authenticated"
+        - "Job/Configure:authenticated"
+        - "View/Read:authenticated"
+        - "View/Create:authenticated"
+        - "View/Configure:authenticated"
+
+unclassified:
+  location:
+    url: "${JENKINS_URL}"
--- a/Techops/jenkins.knownelement.com/casc_templates/ldap.yaml
+++ b/Techops/jenkins.knownelement.com/casc_templates/ldap.yaml
@ -0,0 +1,32 @@
+jenkins:
+  systemMessage: "Jenkins configured with Cloudron LDAP authentication"
+  securityRealm:
+    ldap:
+      configurations:
+        - server: "${CLOUDRON_LDAP_SERVER}"
+          rootDN: "${CLOUDRON_LDAP_USERS_BASE_DN}"
+          managerDN: "${CLOUDRON_LDAP_BIND_DN}"
+          managerPasswordSecret: "${CLOUDRON_LDAP_BIND_PASSWORD}"
+          userSearchBase: ""
+          userSearch: "uid={0}"
+          groupSearchBase: "${CLOUDRON_LDAP_GROUPS_BASE_DN}"
+          groupSearchFilter: "memberUid={0}"
+          displayNameAttributeName: "displayName"
+          mailAddressAttributeName: "mail"
+          
+  authorizationStrategy:
+    globalMatrix:
+      permissions:
+        - "Overall/Administer:admin"
+        - "Overall/Read:authenticated"
+        - "Job/Read:authenticated"
+        - "Job/Build:authenticated"
+        - "Job/Create:authenticated"
+        - "Job/Configure:authenticated"
+        - "View/Read:authenticated"
+        - "View/Create:authenticated"
+        - "View/Configure:authenticated"
+
+unclassified:
+  location:
+    url: "${JENKINS_URL}"
--- a/Techops/jenkins.knownelement.com/casc_templates/oauth.yaml
+++ b/Techops/jenkins.knownelement.com/casc_templates/oauth.yaml
@ -0,0 +1,35 @@
+jenkins:
+  systemMessage: "Jenkins configured with Cloudron OpenID Connect authentication"
+  securityRealm:
+    oic:
+      clientId: "${CLOUDRON_OAUTH_CLIENT_ID}"
+      clientSecret: "${CLOUDRON_OAUTH_CLIENT_SECRET}"
+      wellKnownOpenIDConfigurationUrl: "${CLOUDRON_OAUTH_ORIGIN}/.well-known/openid-configuration"
+      userNameField: "preferred_username"
+      tokenAuthMethod: "client_secret_basic"
+      scopes: "openid email profile groups"
+      fullNameFieldName: "name"
+      emailFieldName: "email"
+      groupsFieldName: "groups"
+      pkceEnabled: true
+      escapeHatchEnabled: true
+      escapeHatchUsername: "admin"
+      escapeHatchSecret: "adminpass"
+      escapeHatchGroup: "admin"
+  
+  authorizationStrategy:
+    globalMatrix:
+      permissions:
+        - "Overall/Administer:admin"
+        - "Overall/Read:authenticated"
+        - "Job/Read:authenticated"
+        - "Job/Build:authenticated"
+        - "Job/Create:authenticated"
+        - "Job/Configure:authenticated"
+        - "View/Read:authenticated"
+        - "View/Create:authenticated"
+        - "View/Configure:authenticated"
+
+unclassified:
+  location:
+    url: "${JENKINS_URL}"