From 9f74e0fc3977d368f1ca4846843607c75cd05b1c Mon Sep 17 00:00:00 2001 From: Charles N Wyble Date: Mon, 21 Apr 2025 15:34:14 -0400 Subject: [PATCH] first cut of jenkins package for cloudron --- .../casc_templates/default.yaml | 26 ++++++++++++++ .../casc_templates/ldap.yaml | 32 +++++++++++++++++ .../casc_templates/oauth.yaml | 35 +++++++++++++++++++ 3 files changed, 93 insertions(+) create mode 100644 Techops/jenkins.knownelement.com/casc_templates/default.yaml create mode 100644 Techops/jenkins.knownelement.com/casc_templates/ldap.yaml create mode 100644 Techops/jenkins.knownelement.com/casc_templates/oauth.yaml diff --git a/Techops/jenkins.knownelement.com/casc_templates/default.yaml b/Techops/jenkins.knownelement.com/casc_templates/default.yaml new file mode 100644 index 0000000..5b85c06 --- /dev/null +++ b/Techops/jenkins.knownelement.com/casc_templates/default.yaml @@ -0,0 +1,26 @@ +jenkins: + systemMessage: "Jenkins configured with local authentication" + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "admin" + password: "adminpass" + + authorizationStrategy: + globalMatrix: + permissions: + - "Overall/Administer:admin" + - "Overall/Read:authenticated" + - "Job/Read:authenticated" + - "Job/Build:authenticated" + - "Job/Create:authenticated" + - "Job/Configure:authenticated" + - "View/Read:authenticated" + - "View/Create:authenticated" + - "View/Configure:authenticated" + +unclassified: + location: + url: "${JENKINS_URL}" \ No newline at end of file diff --git a/Techops/jenkins.knownelement.com/casc_templates/ldap.yaml b/Techops/jenkins.knownelement.com/casc_templates/ldap.yaml new file mode 100644 index 0000000..35aaa13 --- /dev/null +++ b/Techops/jenkins.knownelement.com/casc_templates/ldap.yaml @@ -0,0 +1,32 @@ +jenkins: + systemMessage: "Jenkins configured with Cloudron LDAP authentication" + securityRealm: + ldap: + configurations: + - server: "${CLOUDRON_LDAP_SERVER}" + rootDN: "${CLOUDRON_LDAP_USERS_BASE_DN}" + managerDN: "${CLOUDRON_LDAP_BIND_DN}" + managerPasswordSecret: "${CLOUDRON_LDAP_BIND_PASSWORD}" + userSearchBase: "" + userSearch: "uid={0}" + groupSearchBase: "${CLOUDRON_LDAP_GROUPS_BASE_DN}" + groupSearchFilter: "memberUid={0}" + displayNameAttributeName: "displayName" + mailAddressAttributeName: "mail" + + authorizationStrategy: + globalMatrix: + permissions: + - "Overall/Administer:admin" + - "Overall/Read:authenticated" + - "Job/Read:authenticated" + - "Job/Build:authenticated" + - "Job/Create:authenticated" + - "Job/Configure:authenticated" + - "View/Read:authenticated" + - "View/Create:authenticated" + - "View/Configure:authenticated" + +unclassified: + location: + url: "${JENKINS_URL}" \ No newline at end of file diff --git a/Techops/jenkins.knownelement.com/casc_templates/oauth.yaml b/Techops/jenkins.knownelement.com/casc_templates/oauth.yaml new file mode 100644 index 0000000..ccbf3b4 --- /dev/null +++ b/Techops/jenkins.knownelement.com/casc_templates/oauth.yaml @@ -0,0 +1,35 @@ +jenkins: + systemMessage: "Jenkins configured with Cloudron OpenID Connect authentication" + securityRealm: + oic: + clientId: "${CLOUDRON_OAUTH_CLIENT_ID}" + clientSecret: "${CLOUDRON_OAUTH_CLIENT_SECRET}" + wellKnownOpenIDConfigurationUrl: "${CLOUDRON_OAUTH_ORIGIN}/.well-known/openid-configuration" + userNameField: "preferred_username" + tokenAuthMethod: "client_secret_basic" + scopes: "openid email profile groups" + fullNameFieldName: "name" + emailFieldName: "email" + groupsFieldName: "groups" + pkceEnabled: true + escapeHatchEnabled: true + escapeHatchUsername: "admin" + escapeHatchSecret: "adminpass" + escapeHatchGroup: "admin" + + authorizationStrategy: + globalMatrix: + permissions: + - "Overall/Administer:admin" + - "Overall/Read:authenticated" + - "Job/Read:authenticated" + - "Job/Build:authenticated" + - "Job/Create:authenticated" + - "Job/Configure:authenticated" + - "View/Read:authenticated" + - "View/Create:authenticated" + - "View/Configure:authenticated" + +unclassified: + location: + url: "${JENKINS_URL}" \ No newline at end of file