From ceb1f54a7c2519cab700bb5e5cdb6e01e364e46a Mon Sep 17 00:00:00 2001
From: Tharre <tharre3@gmail.com>
Date: Fri, 15 Jun 2018 17:37:25 +0200
Subject: Add jenkins to nyarlathotep

---
 group_vars/all/jenkins.yml                    |  2 ++
 playbooks/nyarlathotep.yml                    |  1 +
 roles/jenkins/meta/main.yml                   |  4 +++
 roles/jenkins/tasks/main.yml                  | 16 ++++++++++
 roles/jenkins/templates/jenkins_nginx.conf.j2 | 43 +++++++++++++++++++++++++++
 5 files changed, 66 insertions(+)
 create mode 100644 group_vars/all/jenkins.yml
 create mode 100644 roles/jenkins/meta/main.yml
 create mode 100644 roles/jenkins/tasks/main.yml
 create mode 100644 roles/jenkins/templates/jenkins_nginx.conf.j2

diff --git a/group_vars/all/jenkins.yml b/group_vars/all/jenkins.yml
new file mode 100644
index 0000000..da21440
--- /dev/null
+++ b/group_vars/all/jenkins.yml
@@ -0,0 +1,2 @@
+---
+jenkins_subdomain: "jenkins.th73.ovh"
diff --git a/playbooks/nyarlathotep.yml b/playbooks/nyarlathotep.yml
index 3f07266..c7684a4 100644
--- a/playbooks/nyarlathotep.yml
+++ b/playbooks/nyarlathotep.yml
@@ -6,3 +6,4 @@
     - { role: nginx, tags: ['www'] }
     - { role: gitolite, git_config_keys: ".*", tags: ['git'] }
     - { role: cgit, tags: ['cgit'] }
+    - { role: jenkins, tags: ['jenkins'] }
diff --git a/roles/jenkins/meta/main.yml b/roles/jenkins/meta/main.yml
new file mode 100644
index 0000000..5938332
--- /dev/null
+++ b/roles/jenkins/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - { role: nginx }
diff --git a/roles/jenkins/tasks/main.yml b/roles/jenkins/tasks/main.yml
new file mode 100644
index 0000000..b9ecbe7
--- /dev/null
+++ b/roles/jenkins/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+
+- name: Install jenkins
+  package:
+    name: jenkins
+    state: present
+
+- name: Copy nginx conf file
+  template:
+    src: jenkins_nginx.conf.j2
+    dest: /etc/nginx/nginx.d/jenkins.conf
+    mode: 0644
+    owner: "root"
+    group: "root"
+  notify:
+    - reload nginx
diff --git a/roles/jenkins/templates/jenkins_nginx.conf.j2 b/roles/jenkins/templates/jenkins_nginx.conf.j2
new file mode 100644
index 0000000..765eba0
--- /dev/null
+++ b/roles/jenkins/templates/jenkins_nginx.conf.j2
@@ -0,0 +1,43 @@
+# {{ ansible_managed }}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ jenkins_subdomain }};
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+upstream jenkins {
+    server 127.0.0.1:8090 fail_timeout=0;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name {{ jenkins_subdomain }};
+
+    root /srv/http;
+    index index.html index.htm;
+
+    ssl_certificate         /etc/letsencrypt/live/{{ jenkins_subdomain }}/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/{{ jenkins_subdomain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ jenkins_subdomain }}/chain.pem;
+
+    location / {
+        proxy_set_header        Host $host:$server_port;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_redirect http:// https://;
+        proxy_pass http://jenkins;
+        # Required for new HTTP-based CLI
+        proxy_http_version 1.1;
+        proxy_request_buffering off;
+        proxy_buffering off; # Required for HTTP-based CLI to work over SSL
+    }
+}
-- 
cgit v1.2.3-70-g09d2