diff options
| -rw-r--r-- | group_vars/all/jenkins.yml | 2 | ||||
| -rw-r--r-- | playbooks/nyarlathotep.yml | 1 | ||||
| -rw-r--r-- | roles/jenkins/meta/main.yml | 4 | ||||
| -rw-r--r-- | roles/jenkins/tasks/main.yml | 16 | ||||
| -rw-r--r-- | roles/jenkins/templates/jenkins_nginx.conf.j2 | 43 |
5 files changed, 66 insertions, 0 deletions
diff --git a/group_vars/all/jenkins.yml b/group_vars/all/jenkins.yml new file mode 100644 index 0000000..da21440 --- /dev/null +++ b/group_vars/all/jenkins.yml @@ -0,0 +1,2 @@ +--- +jenkins_subdomain: "jenkins.th73.ovh" diff --git a/playbooks/nyarlathotep.yml b/playbooks/nyarlathotep.yml index 3f07266..c7684a4 100644 --- a/playbooks/nyarlathotep.yml +++ b/playbooks/nyarlathotep.yml @@ -6,3 +6,4 @@ - { role: nginx, tags: ['www'] } - { role: gitolite, git_config_keys: ".*", tags: ['git'] } - { role: cgit, tags: ['cgit'] } + - { role: jenkins, tags: ['jenkins'] } diff --git a/roles/jenkins/meta/main.yml b/roles/jenkins/meta/main.yml new file mode 100644 index 0000000..5938332 --- /dev/null +++ b/roles/jenkins/meta/main.yml @@ -0,0 +1,4 @@ +--- + +dependencies: + - { role: nginx } diff --git a/roles/jenkins/tasks/main.yml b/roles/jenkins/tasks/main.yml new file mode 100644 index 0000000..b9ecbe7 --- /dev/null +++ b/roles/jenkins/tasks/main.yml @@ -0,0 +1,16 @@ +--- + +- name: Install jenkins + package: + name: jenkins + state: present + +- name: Copy nginx conf file + template: + src: jenkins_nginx.conf.j2 + dest: /etc/nginx/nginx.d/jenkins.conf + mode: 0644 + owner: "root" + group: "root" + notify: + - reload nginx diff --git a/roles/jenkins/templates/jenkins_nginx.conf.j2 b/roles/jenkins/templates/jenkins_nginx.conf.j2 new file mode 100644 index 0000000..765eba0 --- /dev/null +++ b/roles/jenkins/templates/jenkins_nginx.conf.j2 @@ -0,0 +1,43 @@ +# {{ ansible_managed }} + +server { + listen 80; + listen [::]:80; + server_name {{ jenkins_subdomain }}; + + include snippets/letsencrypt.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +upstream jenkins { + server 127.0.0.1:8090 fail_timeout=0; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ jenkins_subdomain }}; + + root /srv/http; + index index.html index.htm; + + ssl_certificate /etc/letsencrypt/live/{{ jenkins_subdomain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ jenkins_subdomain }}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{{ jenkins_subdomain }}/chain.pem; + + location / { + proxy_set_header Host $host:$server_port; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect http:// https://; + proxy_pass http://jenkins; + # Required for new HTTP-based CLI + proxy_http_version 1.1; + proxy_request_buffering off; + proxy_buffering off; # Required for HTTP-based CLI to work over SSL + } +} |