dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2026-01-07 08:37:34 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add jenkins (#34)

Browse source
This commit is contained in:
Sridhar Ratnakumar 2023-03-20 14:32:03 -04:00 committed by GitHub
parent d8744b0987
commit d3f7cf6fe4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 865 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitattributes vendored
View file

@ -1 +1,3 @@
flake.lock linguist-generated=true
*.age linguist-generated=true
nixos/jenkins/plugins.nix linguist-generated=true

1
flake.nix
View file

@ -57,6 +57,7 @@
./systems/hetzner/ax101.nix
./nixos/server/harden.nix
./nixos/docker.nix
./nixos/jenkins.nix
# ./nixos/hercules.nix
# I host a Nix cache
# (import ./nixos/cache-server.nix {

162
nixos/jenkins.nix Normal file
View file

@ -0,0 +1,162 @@
{ pkgs, config, ... }:
# TODO:
# - Build agents (SSH slave)
# - NixOS slave: container separation?
# - macOS slave (later)
let
# The port to run Jenkins on.
port = 9091;
# The domain in which Jenkins is exposed to the outside world through nginx.
domain = "jenkins.srid.ca";
# Config for configuration-as-code-plugin
#
# This enable us to configure Jenkins declaratively rather than fiddle with
# the UI manually.
# cf:
# https://github.com/mjuh/nixos-jenkins/blob/master/nixos/modules/services/continuous-integration/jenkins/jenkins.nix
cascConfig = {
credentials = {
system.domainCredentials = [
{
credentials = [
{
basicSSHUserPrivateKey = {
id = "ssh-privkey";
username = "jenkins";
privateKeySource.directEntry.privateKey =
casc.readFile config.age.secrets.jenkins-ssh-privkey.path;
};
}
{
# Instructions for creating this Github App are at:
# https://github.com/jenkinsci/github-branch-source-plugin/blob/master/docs/github-app.adoc#configuration-as-code-plugin
githubApp = {
appID = "307056"; # https://github.com/apps/jenkins-srid
description = "Github App - jenkins-srid";
id = "github-app";
privateKey = casc.readFile config.age.secrets.jenkins-github-app-privkey.path;
};
}
{
string = {
id = "cachix-auth-token";
description = "srid.cachix.org auth token";
secret = casc.json "value" (casc.readFile config.age.secrets.srid-cachix-auth-token.path);
};
}
{
string = {
id = "docker-pass";
description = "sridca Docker password";
secret = casc.json "value" (casc.readFile config.age.secrets.srid-docker-pass.path);
};
}
];
}
];
};
jenkins = {
numExecutors = 6;
securityRealm = {
local = {
allowsSignup = false;
};
};
/*
nodes = [
{
permanent = {
name = "jenkins-agent-contaiiner";
remoteFS = "/var/lib/jenkins/";
launcher.ssh = {
host = "undefined";
port = 22;
};
};
}
];
*/
};
unclassified.location.url = "https://${domain}/";
};
# Functions for working with configuration-as-code-plugin syntax.
# https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#additional-variable-substitution
casc = {
readFile = path:
"$" + "{readFile:" + path + "}";
json = k: x:
"$" + "{json:" + k + ":" + x + "}";
};
in
{
imports = [
./docker.nix
];
services.jenkins.extraGroups = [ "docker" ];
age.secrets.jenkins-ssh-privkey = {
owner = "jenkins";
file = ../secrets/jenkins-ssh-privkey.age;
};
age.secrets.jenkins-github-app-privkey = {
owner = "jenkins";
file = ../secrets/jenkins-github-app-privkey.age;
};
age.secrets.srid-cachix-auth-token = {
owner = "jenkins";
file = ../secrets/srid-cachix-auth-token.age;
};
age.secrets.srid-docker-pass = {
owner = "jenkins";
file = ../secrets/srid-docker-pass.age;
};
services.jenkins = {
enable = true;
inherit port;
environment = {
CASC_JENKINS_CONFIG =
builtins.toString (pkgs.writeText "jenkins.json" (builtins.toJSON cascConfig));
};
packages = with pkgs; [
# Add packages used by Jenkins plugins here.
git
bash # 'sh' step requires this
coreutils
which
nix
cachix
docker
];
# ./jenkins/update-plugins.sh
plugins = import ./jenkins/plugins.nix {
inherit (pkgs) fetchurl stdenv;
};
extraJavaOptions = [
# Useful when the 'sh' step b0rks.
# https://stackoverflow.com/a/66098536/55246
"-Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true"
];
};
# To allow the local node to run as builder, supporting nix builds.
# This should not be necessary with external build agents.
nix.settings.allowed-users = [ "jenkins" ];
nix.settings.trusted-users = [ "jenkins" ];
services.nginx = {
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
}

647
nixos/jenkins/plugins.nix generated Normal file
View file

@ -0,0 +1,647 @@
{ stdenv, fetchurl }:
let
mkJenkinsPlugin = { name, src }:
stdenv.mkDerivation {
inherit name src;
phases = "installPhase";
installPhase = "cp \$src \$out";
};
in {
apache-httpcomponents-client-4-api = mkJenkinsPlugin {
name = "apache-httpcomponents-client-4-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/apache-httpcomponents-client-4-api/4.5.14-150.v7a_b_9d17134a_5/apache-httpcomponents-client-4-api.hpi";
sha256 = "ec6919c2ae115234535ed79947e5c3a20e97ebc566d4f0990944f88f84864dc4";
};
};
blueocean-commons = mkJenkinsPlugin {
name = "blueocean-commons";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/blueocean-commons/1.27.3/blueocean-commons.hpi";
sha256 = "d397762452ee2998d2984fe9475c85236a06b8d35d78bdb9bbc382b58258e75b";
};
};
blueocean-core-js = mkJenkinsPlugin {
name = "blueocean-core-js";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/blueocean-core-js/1.27.3/blueocean-core-js.hpi";
sha256 = "7305281db350d6dea7d3c96976c4b204b279164d359a0e4c0a8b6e4ea3410c07";
};
};
blueocean-rest = mkJenkinsPlugin {
name = "blueocean-rest";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/blueocean-rest/1.27.3/blueocean-rest.hpi";
sha256 = "22abb9c3626e5ee059d4782c1d5cb630446961d1c634692a388b4a783e07458c";
};
};
blueocean-web = mkJenkinsPlugin {
name = "blueocean-web";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/blueocean-web/1.27.3/blueocean-web.hpi";
sha256 = "f65be13547d2b5600cd448439a1b06261c7530755de472376f6351120604ed73";
};
};
bootstrap5-api = mkJenkinsPlugin {
name = "bootstrap5-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/bootstrap5-api/5.2.2-1/bootstrap5-api.hpi";
sha256 = "025f21e5ebfdde6197425f457a93ccb2ba3811c623c3c21d5f3234c4c79ff872";
};
};
bouncycastle-api = mkJenkinsPlugin {
name = "bouncycastle-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/bouncycastle-api/2.27/bouncycastle-api.hpi";
sha256 = "3837ee8f7402bf4a4dc90f6a228a6086086205bc755e119eadff2b15faf908a3";
};
};
branch-api = mkJenkinsPlugin {
name = "branch-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/branch-api/2.1071.v1a_188a_562481/branch-api.hpi";
sha256 = "16f3f3afdb4684e8558eec3c5c7d2523affa78c01b83fa822fb6379aa1470cf8";
};
};
caffeine-api = mkJenkinsPlugin {
name = "caffeine-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/caffeine-api/2.9.3-65.v6a_47d0f4d1fe/caffeine-api.hpi";
sha256 = "649fb9a4f730024d30b4890182e9d1c41ff388664fd81786b6cf5ddf9367d89e";
};
};
checks-api = mkJenkinsPlugin {
name = "checks-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/checks-api/2.0.0/checks-api.hpi";
sha256 = "a38772be178edd899e1963267541530fc074a8529f88254ad0cf512f7ae89a9b";
};
};
cloudbees-folder = mkJenkinsPlugin {
name = "cloudbees-folder";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/cloudbees-folder/6.815.v0dd5a_cb_40e0e/cloudbees-folder.hpi";
sha256 = "cd045bc885fc7b147765fdae56ef3c6ffd98ade2aed7086fd4a691e270b83f04";
};
};
command-launcher = mkJenkinsPlugin {
name = "command-launcher";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/command-launcher/90.v669d7ccb_7c31/command-launcher.hpi";
sha256 = "38e6bf4f404d2f8264b338b773a1c930e12143f97c18bd67d6c9661427a6ada8";
};
};
commons-lang3-api = mkJenkinsPlugin {
name = "commons-lang3-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/commons-lang3-api/3.12.0-36.vd97de6465d5b_/commons-lang3-api.hpi";
sha256 = "98dfff9f21370d6808392fd811f90a6e173e705970309877596032be1b917ad1";
};
};
commons-text-api = mkJenkinsPlugin {
name = "commons-text-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/commons-text-api/1.10.0-36.vc008c8fcda_7b_/commons-text-api.hpi";
sha256 = "250120de1e1e56e246b6180324d99d161a073d4dfbbf8adc2552de92f1bf2ceb";
};
};
conditional-buildstep = mkJenkinsPlugin {
name = "conditional-buildstep";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/conditional-buildstep/1.4.2/conditional-buildstep.hpi";
sha256 = "919be166db7b7f90c1445b7dd37981e60880929362908439ba20cb25799fc98f";
};
};
config-file-provider = mkJenkinsPlugin {
name = "config-file-provider";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/config-file-provider/3.11.1/config-file-provider.hpi";
sha256 = "c026f18419f3f67521ebcfb3c58797f3f3acf27766919ef3d40691eeedf3761b";
};
};
configuration-as-code = mkJenkinsPlugin {
name = "configuration-as-code";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/configuration-as-code/1569.vb_72405b_80249/configuration-as-code.hpi";
sha256 = "853fa7fcb19fa4d0b661ef8df953b2cf1c8e8727a8a51370dd92cd3b1ed9c56f";
};
};
credentials = mkJenkinsPlugin {
name = "credentials";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/credentials/1224.vc23ca_a_9a_2cb_0/credentials.hpi";
sha256 = "23674ca9c570e36597166d9b5a629383546548594ad9f7f7ffe13594231d16bb";
};
};
credentials-binding = mkJenkinsPlugin {
name = "credentials-binding";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/credentials-binding/523.vd859a_4b_122e6/credentials-binding.hpi";
sha256 = "0a9e850728268d2750fe941ef63e35ca0eb42dfa3f425056cbd630a90d9d089a";
};
};
display-url-api = mkJenkinsPlugin {
name = "display-url-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/display-url-api/2.3.7/display-url-api.hpi";
sha256 = "1d35d2e9727821c63609a672e872a68172696e8aa81ec6ea07816086f95c684d";
};
};
durable-task = mkJenkinsPlugin {
name = "durable-task";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/durable-task/504.vb10d1ae5ba2f/durable-task.hpi";
sha256 = "0c79fdd0a04852987c8457953f89d5089fffb20d78331fabd58647b966268340";
};
};
echarts-api = mkJenkinsPlugin {
name = "echarts-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/echarts-api/5.4.0-2/echarts-api.hpi";
sha256 = "a13dd94cc3a4ed4f3fcb61686ba1e15d9acab4293fcab4ad2e997e6bf16a357f";
};
};
font-awesome-api = mkJenkinsPlugin {
name = "font-awesome-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/font-awesome-api/6.3.0-1/font-awesome-api.hpi";
sha256 = "0921f3834035368c728959a15d8e1bf26de85703f78e0c09a9e9dadd99c80dc7";
};
};
git = mkJenkinsPlugin {
name = "git";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/git/5.0.0/git.hpi";
sha256 = "5ad8e2f6ef7b9bec00c889092fc702ef21c1d4a334a5c9c8f00cffa65cf63605";
};
};
git-client = mkJenkinsPlugin {
name = "git-client";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/git-client/4.2.0/git-client.hpi";
sha256 = "42c84f73e80fe47041d6ecd66b3f98d4f239fd460b7b727d14a78174bc8ae40e";
};
};
github = mkJenkinsPlugin {
name = "github";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/github/1.37.0/github.hpi";
sha256 = "9314887062bc880504dab25a3958844fe613cb9268d77f00906d11fe8c669d6d";
};
};
github-api = mkJenkinsPlugin {
name = "github-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/github-api/1.303-417.ve35d9dd78549/github-api.hpi";
sha256 = "3d241357ff65631c97b0abb130fe72c421b842923cd09efdfb363f12e910b17e";
};
};
github-branch-source = mkJenkinsPlugin {
name = "github-branch-source";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/github-branch-source/1701.v00cc8184df93/github-branch-source.hpi";
sha256 = "fb882a78b4fb3962a11f8175ab02d8bf05fe41321a9206dc7b7dd7a3f1d25123";
};
};
instance-identity = mkJenkinsPlugin {
name = "instance-identity";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/instance-identity/142.v04572ca_5b_265/instance-identity.hpi";
sha256 = "0545ef7fa6b5240f2baf1a385464e5d4f2ab43ac5784460c82d4eb1e5f2dbd6f";
};
};
ionicons-api = mkJenkinsPlugin {
name = "ionicons-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/ionicons-api/45.vf54fca_5d2154/ionicons-api.hpi";
sha256 = "56b1e6377326e36f8d98e7e992aa2a6622e9e556efc78b2408a5418eedf6074b";
};
};
jackson2-api = mkJenkinsPlugin {
name = "jackson2-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/jackson2-api/2.14.2-319.v37853346a_229/jackson2-api.hpi";
sha256 = "a8e9fce51913f55ec42924cb92447c807eb9d8560f8fa6648a5231d31118f896";
};
};
jakarta-activation-api = mkJenkinsPlugin {
name = "jakarta-activation-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/jakarta-activation-api/2.0.1-3/jakarta-activation-api.hpi";
sha256 = "fa99c0288dcd24e7bbc857974d07a622d19d48ba71a39564b6c1fa9a14773ed1";
};
};
jakarta-mail-api = mkJenkinsPlugin {
name = "jakarta-mail-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/jakarta-mail-api/2.0.1-3/jakarta-mail-api.hpi";
sha256 = "af8d0ed38eed3231a078291c4c5f1f0c342970a860a88cdd11ff3ebb606bd3b7";
};
};
javadoc = mkJenkinsPlugin {
name = "javadoc";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/javadoc/226.v71211feb_e7e9/javadoc.hpi";
sha256 = "a2913b6b99f0d204400ddfcbf6ef50edaa0e869a4f0fde2c38f13432943a762d";
};
};
javax-activation-api = mkJenkinsPlugin {
name = "javax-activation-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/javax-activation-api/1.2.0-6/javax-activation-api.hpi";
sha256 = "8af800837a3bddca75d7f962fbcf535d1c3c214f323fa57c141cecdde61516a9";
};
};
jaxb = mkJenkinsPlugin {
name = "jaxb";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/jaxb/2.3.8-1/jaxb.hpi";
sha256 = "607213a0b4d959f9982ef53e908c8cfc37f2334e38bb49487f7f8eed6b6c4956";
};
};
jenkins-design-language = mkJenkinsPlugin {
name = "jenkins-design-language";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/jenkins-design-language/1.27.3/jenkins-design-language.hpi";
sha256 = "e67a942df722a6732d8b5aa3297924acf302aef954a9e306a80b8ccd10c6ae58";
};
};
jjwt-api = mkJenkinsPlugin {
name = "jjwt-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/jjwt-api/0.11.5-77.v646c772fddb_0/jjwt-api.hpi";
sha256 = "cc10fc60c47fe60a585224dad45dde166dd0268cf6efc9967fbf870e3601ceb2";
};
};
job-dsl = mkJenkinsPlugin {
name = "job-dsl";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/job-dsl/1.81.1/job-dsl.hpi";
sha256 = "3fdef67437ed807a66f47d844fc51b3291726b0c503d061c77a5e685f79a644c";
};
};
jquery3-api = mkJenkinsPlugin {
name = "jquery3-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/jquery3-api/3.6.3-1/jquery3-api.hpi";
sha256 = "4ecbb0dae33e23fa525e54d5ae9ed21ffaea87b4f5b403d7ba1c66f00b098bce";
};
};
jsch = mkJenkinsPlugin {
name = "jsch";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/jsch/0.1.55.61.va_e9ee26616e7/jsch.hpi";
sha256 = "8379691a06b084540ce6b70c11fc055720098d262b717cf46429a2afd6ca8ee6";
};
};
junit = mkJenkinsPlugin {
name = "junit";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/junit/1189.v1b_e593637fa_e/junit.hpi";
sha256 = "4df91b00e439844382c4b58fb27a1530591a882a02f7a2645e0f63b29c5e46d2";
};
};
mailer = mkJenkinsPlugin {
name = "mailer";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/mailer/448.v5b_97805e3767/mailer.hpi";
sha256 = "0b5f9925bb002b286e2ea46fa8157b3b957845c8d9cedf57cb00ede6bfe46609";
};
};
managed-scripts = mkJenkinsPlugin {
name = "managed-scripts";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/managed-scripts/1.5.6/managed-scripts.hpi";
sha256 = "72ae9dcd4085bdfbe810c1e04e30269520db6a1cefba339e34c13f39fa8384b8";
};
};
mapdb-api = mkJenkinsPlugin {
name = "mapdb-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/mapdb-api/1.0.9-28.vf251ce40855d/mapdb-api.hpi";
sha256 = "b924749b6445270cd2ed881f81925fedd71f67a2993473b9172e1e7a9a4023be";
};
};
matrix-project = mkJenkinsPlugin {
name = "matrix-project";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/matrix-project/785.v06b_7f47b_c631/matrix-project.hpi";
sha256 = "e42f01c243f2a5797649438cbf523b7a76b40d1ff3cf9075898fe1e824f2e525";
};
};
maven-plugin = mkJenkinsPlugin {
name = "maven-plugin";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/maven-plugin/3.21/maven-plugin.hpi";
sha256 = "86e4a8ede78fcd5bea375685ba29713f5e08ee07467a3c6bc768d5aa3ff51e01";
};
};
metrics = mkJenkinsPlugin {
name = "metrics";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/metrics/4.2.13-420.vea_2f17932dd6/metrics.hpi";
sha256 = "ccdd21e7890530e555285cfd4efe4ea2e33215b99ad1901afdb867fffb554e57";
};
};
mina-sshd-api-common = mkJenkinsPlugin {
name = "mina-sshd-api-common";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/mina-sshd-api-common/2.9.2-50.va_0e1f42659a_a/mina-sshd-api-common.hpi";
sha256 = "a364ceb83947f6e94616b8b848a7527a04f7d0e4e2f1eaf0af41cc615906ca65";
};
};
mina-sshd-api-core = mkJenkinsPlugin {
name = "mina-sshd-api-core";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/mina-sshd-api-core/2.9.2-50.va_0e1f42659a_a/mina-sshd-api-core.hpi";
sha256 = "4499a7c8bb533e0f06b53860628923ddefc3ceeeffaee8031cde1487f295aba8";
};
};
node-iterator-api = mkJenkinsPlugin {
name = "node-iterator-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/node-iterator-api/49.v58a_8b_35f8363/node-iterator-api.hpi";
sha256 = "106b4ba84478412d2f7bb30fa7e4aad13c5235b235cfbbf62f072904342969ea";
};
};
okhttp-api = mkJenkinsPlugin {
name = "okhttp-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/okhttp-api/4.10.0-132.v7a_7b_91cef39c/okhttp-api.hpi";
sha256 = "d64fcc0e29c76c5b0197f8585267f53ffa96e0ea0709c7aa4a4ecd0eccfeb6ca";
};
};
parameterized-trigger = mkJenkinsPlugin {
name = "parameterized-trigger";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/parameterized-trigger/2.45/parameterized-trigger.hpi";
sha256 = "58d1441fb5cfb4837c67d4d87a8925f45d8e99a1472a8f8010fbecc0b6ecfed9";
};
};
pipeline-build-step = mkJenkinsPlugin {
name = "pipeline-build-step";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/pipeline-build-step/487.va_823138eee8b_/pipeline-build-step.hpi";
sha256 = "01db32de84bd43857590788a9cca2f60578f5c67fdb3816eab46b3eda7594774";
};
};
pipeline-groovy-lib = mkJenkinsPlugin {
name = "pipeline-groovy-lib";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/pipeline-groovy-lib/629.vb_5627b_ee2104/pipeline-groovy-lib.hpi";
sha256 = "f8a10d0784b6548678ba6758effc1267df0fa62fa86191648355c303cd042746";
};
};
pipeline-input-step = mkJenkinsPlugin {
name = "pipeline-input-step";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/pipeline-input-step/466.v6d0a_5df34f81/pipeline-input-step.hpi";
sha256 = "81fbb12caffea58e298d0662a2fff4cc2ad087b92718d917f5c00b63909a8fe0";
};
};
pipeline-milestone-step = mkJenkinsPlugin {
name = "pipeline-milestone-step";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/pipeline-milestone-step/111.v449306f708b_7/pipeline-milestone-step.hpi";
sha256 = "48bea7547ad989b0c1abb550c3e2ff27bb48d7ff7685e84c0f39d5148bf6fd6b";
};
};
pipeline-model-api = mkJenkinsPlugin {
name = "pipeline-model-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/pipeline-model-api/2.2118.v31fd5b_9944b_5/pipeline-model-api.hpi";
sha256 = "ed6320e23aa3287f53ab1dedc4e56ad7c318479b6959b13c3b7f169ab2143377";
};
};
pipeline-model-definition = mkJenkinsPlugin {
name = "pipeline-model-definition";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/pipeline-model-definition/2.2118.v31fd5b_9944b_5/pipeline-model-definition.hpi";
sha256 = "0bba171131e7c8af33db91302879b0ad026b55dd0213a7fc78160e3ea0621e4d";
};
};
pipeline-model-extensions = mkJenkinsPlugin {
name = "pipeline-model-extensions";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/pipeline-model-extensions/2.2118.v31fd5b_9944b_5/pipeline-model-extensions.hpi";
sha256 = "44312fa6a8b93de1287be8f9269cb442a17518ec38b235751593674d4bbf07d8";
};
};
pipeline-stage-step = mkJenkinsPlugin {
name = "pipeline-stage-step";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/pipeline-stage-step/305.ve96d0205c1c6/pipeline-stage-step.hpi";
sha256 = "8d5112dd70d9912f33bdb64858bbfa718372ab79447fa91f1e07fdb41c05bb7e";
};
};
pipeline-stage-tags-metadata = mkJenkinsPlugin {
name = "pipeline-stage-tags-metadata";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/pipeline-stage-tags-metadata/2.2118.v31fd5b_9944b_5/pipeline-stage-tags-metadata.hpi";
sha256 = "4cefb0f311c3b962c8b085bf54367d416121e7b011aede9af9ba34d9cc3eee53";
};
};
plain-credentials = mkJenkinsPlugin {
name = "plain-credentials";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/plain-credentials/143.v1b_df8b_d3b_e48/plain-credentials.hpi";
sha256 = "23a74199dcb19659e19c9d92e4797b40bc9feb48400ce56ae43fa4d9520df901";
};
};
plugin-util-api = mkJenkinsPlugin {
name = "plugin-util-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/plugin-util-api/3.1.0/plugin-util-api.hpi";
sha256 = "12097d17bdfb1cb44f8c3e6ccba82b14041bba83b34ef9c1f75ae33f00b62412";
};
};
project-inheritance = mkJenkinsPlugin {
name = "project-inheritance";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/project-inheritance/21.04.03/project-inheritance.hpi";
sha256 = "c7e714d2a096ceb719f9a91eb61d12c6da1619f139254ce91db1ead58520ecf7";
};
};
promoted-builds = mkJenkinsPlugin {
name = "promoted-builds";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/promoted-builds/892.vd6219fc0a_efb/promoted-builds.hpi";
sha256 = "1f0483c03cfd227a8d8e1924a08aeb43f23a2414dd7602ba4c4871e3a6447ea6";
};
};
rebuild = mkJenkinsPlugin {
name = "rebuild";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/rebuild/1.34/rebuild.hpi";
sha256 = "84e3ac4876488adb8649172ace2132a6fd887faf0809235154e40d330d912a74";
};
};
run-condition = mkJenkinsPlugin {
name = "run-condition";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/run-condition/1.5/run-condition.hpi";
sha256 = "7ed94d7196676c00e45b5bf7e191831eee0e49770dced1c266b8055980b339ca";
};
};
scm-api = mkJenkinsPlugin {
name = "scm-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/scm-api/631.v9143df5b_e4a_a/scm-api.hpi";
sha256 = "981a908f2b2af2fd7947d2c2dc58bb0e85185ba3a0a741f1f948cd904d3bdb30";
};
};
script-security = mkJenkinsPlugin {
name = "script-security";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/script-security/1229.v4880b_b_e905a_6/script-security.hpi";
sha256 = "c2a36c560e04a099a4037a08298a8b87bb514ae739b915fd882ba07b2fbf25e6";
};
};
snakeyaml-api = mkJenkinsPlugin {
name = "snakeyaml-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/snakeyaml-api/1.33-95.va_b_a_e3e47b_fa_4/snakeyaml-api.hpi";
sha256 = "c6cc0607f773e3b026ab2c121856b905f97415c9b1fb20e884cd6297e8d0bf21";
};
};
ssh-credentials = mkJenkinsPlugin {
name = "ssh-credentials";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/ssh-credentials/305.v8f4381501156/ssh-credentials.hpi";
sha256 = "008ffb999ce9c7949c1299e1305007178bd0bedfd4c8401d6a4e92eeba635ff4";
};
};
ssh-slaves = mkJenkinsPlugin {
name = "ssh-slaves";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/ssh-slaves/2.877.v365f5eb_a_b_eec/ssh-slaves.hpi";
sha256 = "64dd557487fbab57c35d78e241e07f6596a46fb43723031a4c1c3d783e50d016";
};
};
structs = mkJenkinsPlugin {
name = "structs";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/structs/324.va_f5d6774f3a_d/structs.hpi";
sha256 = "65dd0a68c663b08e30ed254f37549e9ccfab18d27e4f1182cc7eed6d4d02c958";
};
};
subversion = mkJenkinsPlugin {
name = "subversion";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/subversion/2.17.1/subversion.hpi";
sha256 = "8647902fe5786df248cb9a2c77322210871270a6c233de7426cbc2706738be3c";
};
};
support-core = mkJenkinsPlugin {
name = "support-core";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/support-core/1266.v6d096c154c90/support-core.hpi";
sha256 = "31d3e23cd5ecc08c13aa8584ae69ee7bede124199a503983db5ed9ed607906df";
};
};
theme-manager = mkJenkinsPlugin {
name = "theme-manager";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/theme-manager/1.6/theme-manager.hpi";
sha256 = "1ea4f6b571befade0611ddb104cd49b94ecd41a427deadfcf3cb504903222d63";
};
};
token-macro = mkJenkinsPlugin {
name = "token-macro";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/token-macro/321.vd7cc1f2a_52c8/token-macro.hpi";
sha256 = "095084f680c37f7d18d6468e2c4aecd74430f324c1d6ebb23d8551d34debdadb";
};
};
trilead-api = mkJenkinsPlugin {
name = "trilead-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/trilead-api/2.84.v72119de229b_7/trilead-api.hpi";
sha256 = "72ee883ee83a94a0a84e9821123ae3f1eb09e7650896c5e0a78be8d0df50bde8";
};
};
variant = mkJenkinsPlugin {
name = "variant";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/variant/59.vf075fe829ccb/variant.hpi";
sha256 = "14ac8250e7ff958e45d8e47c05d5cb495602a34737a7a2680e9e364798624fb3";
};
};
vsphere-cloud = mkJenkinsPlugin {
name = "vsphere-cloud";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/vsphere-cloud/2.27/vsphere-cloud.hpi";
sha256 = "b584e8c515cdf41fa47740087677e11af80c402ef6c4fb5f153b9d8e05ccbdea";
};
};
workflow-aggregator = mkJenkinsPlugin {
name = "workflow-aggregator";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-aggregator/596.v8c21c963d92d/workflow-aggregator.hpi";
sha256 = "45933e33058d48c6f3e70a37f31ecb65e48939ce91d46bc98b60f5595316c1d1";
};
};
workflow-api = mkJenkinsPlugin {
name = "workflow-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-api/1208.v0cc7c6e0da_9e/workflow-api.hpi";
sha256 = "b99225d0926f1956a516ad30e8fb4c0f904c92f835be7c91a9d6a17fa8c78d88";
};
};
workflow-basic-steps = mkJenkinsPlugin {
name = "workflow-basic-steps";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-basic-steps/1010.vf7a_b_98e847c1/workflow-basic-steps.hpi";
sha256 = "2106fde9cc20fb037f2f9b33b0684fb7817b4f40d4e73f0ed2e20bcaa3fd9159";
};
};
workflow-cps = mkJenkinsPlugin {
name = "workflow-cps";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-cps/3641.vf58904a_b_b_5d8/workflow-cps.hpi";
sha256 = "e2d62c1dd6d2d51b3cf1d3bff9901052dfca3f0f0da5b4df670cc7c7b4379771";
};
};
workflow-durable-task-step = mkJenkinsPlugin {
name = "workflow-durable-task-step";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-durable-task-step/1234.v019404b_3832a/workflow-durable-task-step.hpi";
sha256 = "d3a1eebc10aece2a9c5cafd3c4c457d641dc201cf92b86ef80ae0e151ea11507";
};
};
workflow-job = mkJenkinsPlugin {
name = "workflow-job";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-job/1284.v2fe8ed4573d4/workflow-job.hpi";
sha256 = "c1eda23a02c4599b209901cd8340bc705e472432a73337b8d6e01b329ca3f3f2";
};
};
workflow-multibranch = mkJenkinsPlugin {
name = "workflow-multibranch";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-multibranch/733.v109046189126/workflow-multibranch.hpi";
sha256 = "539e0d6a50f840af044ee4976b2e027b6ac4947d45a371c32a2352259f28a2d9";
};
};
workflow-scm-step = mkJenkinsPlugin {
name = "workflow-scm-step";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-scm-step/400.v6b_89a_1317c9a_/workflow-scm-step.hpi";
sha256 = "c0ed89da3228bfa5215b6a1724ca4a76dbbe2b939d8c4efdaa6a5a976a3145ed";
};
};
workflow-step-api = mkJenkinsPlugin {
name = "workflow-step-api";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-step-api/639.v6eca_cd8c04a_a_/workflow-step-api.hpi";
sha256 = "e297994ef4892b292fed850431cafe5a687fe64fbb9ddf9b7938d2b74db81763";
};
};
workflow-support = mkJenkinsPlugin {
name = "workflow-support";
src = fetchurl {
url = "https://updates.jenkins-ci.org/download/plugins/workflow-support/839.v35e2736cfd5c/workflow-support.hpi";
sha256 = "3fe54cab155ad9bac49d3a98df1377f5795f8acf556f829ac48b32f5567c02bd";
};
};
}

14
nixos/jenkins/update-plugins.sh Executable file
View file

@ -0,0 +1,14 @@
#!/bin/sh
set -e
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
PLUGINS_NIX="${SCRIPT_DIR}/plugins.nix"
echo "Updating ${PLUGINS_NIX}"
set -x
nix run github:Fuuzetsu/jenkinsPlugins2nix -- \
-p github-api \
-p git \
-p github-branch-source \
-p workflow-aggregator \
-p ssh-slaves \
-p configuration-as-code \
> ${PLUGINS_NIX}

BIN
secrets/jenkins-github-app-privkey.age generated Normal file
View file

Binary file not shown.

18
secrets/jenkins-ssh-privkey.age generated Normal file
View file

@ -0,0 +1,18 @@
age-encryption.org/v1
-> ssh-rsa sNTFlg
debFJnMQu6VYOy3GKosgCg3+qoc/9E2Al1jmOfrYCdir/0MVRBYEDgmSzB2SJll4
65Poa9RZqBpPZ2g6xTKpa7VotQxhdGDWa0GXLyj8JawqCg7slBSMhp/ixw8bY7jA
W0M+pfCBhgebhl/77CHcPuM+ZJ5SyTaRh2tgDKaTEOcHvvh6E+TVlIn45gUuzx+b
TAaAgzYyHG56MCwF054easEkss/cdQaIz02rlWqgJYDf0SGd1IjCaiQl8f+ZgM4j
W8mgmaOqKTtsgh+ykqoFP6tbV5+L3AelbZ3cYi/0dDCk2k6SRy1O8i6wbUMvmrQI
N+N/YdecVkWynIePujLQLQ
-> ssh-ed25519 96IXNQ 6kNGDSEsoEV42FKppOrHmsLbt1lTv1Th0V3Y/62FAys
8TiQJnkvER6stps/B9H4+wH2ZbRFLWnAJLJNiuKS4lU
-> ssh-ed25519 Zqspmg bCy5N9RCiE5PMGmxfhQPxoArq+OmvHEagiyuRM3ZryE
zW056z0XFGm06Sx158vnhwLagTn0og8tN5WQYOyHFGA
-> ^kTdp*-grease w $063GJO# &'? :#x
1mlqmNmBfDGFqH9v82rSxBDq2oDOTqQGQQ/pL/0PfBufbXqKMcjX4F8xhXaacBr1
wrKLiA
--- DPmB1o/bO+UXSiPm/SEPKZOuGy7JE2I08SuZWQMb8mc
pgGžquÍôÎ5ÍzYžD+†;qÇÁ¢•T¨—H6Z­·<C2AD>VNBO#Œ0&¦¤—«ªcp¶±jSÊuH.N!H±e6˜U… N7'¥¦si¶öùlç׎â'¥6d"$ÉåÙöœr˜Ÿ•2\Ó<>ßfÉ6Cå¹
a[»Ù<C2BB>°Øt¹LªšaØ“Á‰{¬Ò—Œ"ß¿ß1¶ ê^^r?Êù˜&ÄHqnÜÊr)&æo~_™ø5?NóŒ¹<.ŽÀ«°çä-CÛšÕØÝKˆJÃFýîÜHcmþ·¤<C2B7>|SØc¡„‘MVR@Ÿ/èuáÀ<3Þi„šDžãÎñpuÍF­×ëIÕƒ÷þ Ôr|Š“ƒ³ÚAØ.ê/Žaå¯Üa³D‡ Ä®äÌ÷~yqÿ<71>Þ«P[]êsrbOП%pŠú¥V:6”PZ¨}™h7¬}¦'nîéÃêÏê8poèžFÎY*EÒâé¨ÚYò·u_¨MvÖÚ3ÏwM mÃMšãd¦öÁX™

4
secrets/secrets.nix
View file

@ -9,4 +9,8 @@ in
# agenix -r -i =(op read 'op://Personal/id_rsa/private key')
{
"cache-priv-key.age".publicKeys = keys;
"jenkins-ssh-privkey.age".publicKeys = keys;
"jenkins-github-app-privkey.age".publicKeys = keys;
"srid-cachix-auth-token.age".publicKeys = keys;
"srid-docker-pass.age".publicKeys = keys;
}

BIN
secrets/srid-cachix-auth-token.age generated Normal file
View file

Binary file not shown.

17
secrets/srid-docker-pass.age generated Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-rsa sNTFlg
M9Dt+kUeZ6dbQ8a/cOpZSXgw5dATlt5G4jE2on2rS0K+IGteHvq5bPkYSH9dWeIr
giT3LM8FARKLsXgGOxsIxu0bgwUmp2qoc1fMaDroW7wVwFL+ly8Dl1a9of4V8XC2
8/K/Mm2HubZJe3L/15u2CQ6IDH5JoZF+ckV/mA4G56CCByjAkn/KVwynuqNeLWq7
iczpuDbI9re/nChLXZ4Gm/nCl9iwFfSwaZIBAeeKiJ9vJPOFJOiSj8l8OUlNHpyl
3Uj/AeFgxpmjJvuaZjRAjuikeIVNDQpW3xslx2+lKP8K78fv0/ZELzhJYY0m3qEx
8ooqYf7Qg3pAjx9/QuxzOw
-> ssh-ed25519 96IXNQ fN4mSlev/oFwGFB25V+PLAhdQVQYzOftPdNwgJv/2FA
TEYYqD14vgIkj6yP1bKkrSpmkrq8wJoR/Y9ooBRZSgo
-> ssh-ed25519 Zqspmg br8SoJ3Fp5AogfTVWXOk0r4gkjnNYPx6lz7gwVxD41E
nCkvAGK2lD69n05sGQ2ouGgPsiFd7cnrFh7uJ+nzsC8
-> d.p/,a}J-grease
DoAgE6jK3hDAAlqvG+SSJiO4SG0X7Qi4KSqvwvDd6EiDKOrBTYl20k1vKa6tXJ+0
MHEGNxUSiNmuApzthOo99U9sCCUxJ/i3lI9tz9PpYDr0p71/HnxUMhg0EW4
--- LevtDUV5O/eoOQLCyfFA0OVgKpognIa+UhwV96l6XhM
Ž·3K\I2äuü¸[žšå<C5A1>³¡»•}Ø=ÕMß-Ò<>ñÔ"ê…2;[ÕšrØ©1j+ Ó¤URKn