Update Jenkins agent

2023-10-17 12:50:32 +02:00 · 2023-10-17 12:50:32 +02:00 · e1e30733ed
parent 1a5682d815
commit e1e30733ed
5 changed files with 30 additions and 1673 deletions
--- a/authelia/authelia-conf/configuration
+++ b/authelia/authelia-conf/configuration
--- a/authelia/authelia-conf/configuration.yml
+++ b/authelia/authelia-conf/configuration.yml
@ -1,155 +0,0 @@
 # yamllint disable rule:comments-indentation
 ---
 ###############################################################################
 #                           Authelia Configuration                            #
 ###############################################################################
 theme: dark #light/dark Elige el tema que más te guste
 jwt_secret: 1234567890abcdefghifjkl #Visita https://www.grc.com/passwords.htm y copia el numero largo de la ventana que se llama 64 random hexadecimal characters (0-9 and A-F):
 default_redirection_url: https://google.com/ #Aqui hará una redireccion si no existe ningun dominio en nuestro archivo
 server:
  host: 0.0.0.0 #No tocar, hay que dejarlo así
  port: 9091 #Este es el puerto por defecto, no cambiarlo
  path: ""
  buffers:
    read: 4096
    write: 4096
  enable_pprof: false
  enable_expvars: false
  disable_healthcheck: false
  tls:
    key: ""
    certificate: ""
 log:
  level: debug
 totp:
  issuer: 2FA Verdnatura #tu nombre de dominio. No es el subdominio, sino que es el fulanito.es
  algorithm: sha1
  digits: 6  
  period: 30
  secret_size: 32
  skew: 1
 ntp:
  address: "time.verdnatura.es:123"
  version: 4
  max_desync: 3s
  disable_startup_check: false
  disable_failure: false
 # authentication_backend:
  # password_reset:
    # disable: false
  # refresh_interval: 5m
  # file:
    # path: /config/users_database.yml #Este es el archivo que hemos creado con los usuarios, se configura en el archivo user_database.yml que tenéis en la carpeta
    # password:
      # algorithm: argon2id
      # iterations: 1
      # key_length: 32
      # salt_length: 16
      # memory: 1024
      # parallelism: 8
 authentication_backend:
  ldap:
    implementation: custom
    url: ldap://ldap.verdnatura.es:389
    timeout: 5s
    # start_tls: false
    # tls:
      # server_name: domain.com
      # skip_verify: false
      # minimum_version: TLS1.2
    base_dn: DC=verdnatura,DC=es
    username_attribute: uid
    additional_users_dn: ou=users
    users_filter: (&({username_attribute}={input})(objectClass=person))
    additional_groups_dn: ou=groups
    groups_filter: (&(member={dn})(objectClass=groupOfNames))
    group_name_attribute: cn
    mail_attribute: mail
    display_name_attribute: displayName
    user: cn=authelia,ou=admins,dc=verdnatura,dc=es
    password: r}LSW6E~~6mvY#T
 access_control:
  default_policy: deny #yo elijo doble factor por defecto
  networks:
    - name: internal
      networks:
        - 10.0.0.0/16  
  rules:
    ## bypass rule
    - domain:
        - "authelia.verdnatura.es" #Debe ser tu subdominio creado para authelia
      policy: bypass
    # - domain:
        # - "sub1.yourdomain.com" #Debes poner el dominio de uno de los proxys inversos si quieres que tenga solo una validación sencilla tipo usuario/contraseña
      # policy: one_factor
    - domain: 
        - "phpipam.verdnatura.es" #Debes poner el dominio de uno de los proxys inversos si quieres que tenga solo una validación de doble factor tipo usuario/contraseña y codigo cambiante cada 30 segundos
        - 'vaultwarden.verdnatura.es' #Debes poner el dominio de uno de los proxys inversos si quieres que tenga solo una validación de doble factor tipo usuario/contraseña y codigo cambiante cada 30 segundos
        - 'salixtest.verdnatura.es' #Debes poner el dominio de uno de los proxys inversos si quieres que tenga solo una validación de doble factor tipo usuario/contraseña y codigo cambiante cada 30 segundos
      policy: two_factor       
      #Cada vez que modifiquemos un dominio, hay que parar y arrancar el contenedor de authelia para que ejecute los cambios.
 session:
  name: authelia_session
  secret: unsecure_session_secret #Visita https://www.grc.com/passwords.htm y copia el numero largo de la ventana que se llama 64 random hexadecimal characters (0-9 and A-F):
  expiration: 36000  # 10 hours
  inactivity: 300  # 5 minutes
  domain: verdnatura.es  # tu nombre de dominio. No es el subdominio, sino que es el fulanito.es
  redis:
    host: authelia-redis
    port: 6379
    database_index: 0
    maximum_active_connections: 100
    minimum_idle_connections: 0
 regulation:
  max_retries: 3
  find_time: 10m
  ban_time: 12h
 #Numero de intentos en un tiempo antes de ser baneado durante la duración que pongamos. En este caso si introduce 3 intentos erróneos en 10 minutos, será baneado 12 horas.
 # storage:
  # local:
    # path: /config/db.sqlite3 #Base de datos que se crea con los usuarios, no es necesario complicarse la vida para usar Authelia de forma particular
  # encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this #borrar el texto y sustituirlo por una cadena de 20 caracteres alternados con letras y números.
 storage:
  encryption_key: 1234567890abcdefghifjkl
  mysql:
    host: authelia-db
    port: 3306
    database: authelia
    username: authelia
    password: authelia
 # notifier:
  # disable_startup_check: false
  # filesystem:
     # filename: /config/notification.txt
 notifier:
  disable_startup_check: true #true/false
  smtp:
    username: authelia #tu usuario de correo
    password: ZH^$Pc98.$964?P #Creamos una contraseña de aplicacion en goggle, la copiamos y la pegamos aquí
    host: smtp.verdnatura.es #email smtp server, este es correcto si usas gmail
    port: 465 #email smtp port, es este el que se utiliza si usas gmail
    sender: authelia@verdnatura.es #el correo de quien lo envia, poen el mismo que tu usuario
    identifier: authelia
    subject: "Authelia {title} desde tu ordenador" #email subject
--- a/authelia/docker-compose.yml
+++ b/authelia/docker-compose.yml
@ -35,6 +35,6 @@ services:
      MYSQL_ROOT_USER: root
      MYSQL_DATABASE: authelia
      MYSQL_USER: authelia
-      MYSQL_PASSWORD: "authelia"  
+      MYSQL_PASSWORD: "authelia"
    restart: unless-stopped
--- a/jenkins-agent/Dockerfile
+++ b/jenkins-agent/Dockerfile
@ -1,9 +1,13 @@
-FROM jenkins/inbound-agent:4.10-3
+FROM jenkins/inbound-agent:latest-jdk17
 USER root
 # Update APT
 RUN apt-get update \
-    && apt-get upgrade -y \
+    && apt-get upgrade -y
-    && apt-get install -y \
+
 # Building packages
 RUN apt-get install -y \
        sudo \
        libltdl-dev \
        libgtk-3-0 \
@ -11,39 +15,50 @@ RUN apt-get update \
        xvfb \
        default-mysql-client \
        build-essential \
-        python \
+        python-is-python3 \
        vim \
        wget \
-        curl \
+        curl
-    && curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` \
+
 # Docker compose
 RUN curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` \
        -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose \
+    && chmod +x /usr/local/bin/docker-compose
    && echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers \
    && groupadd  -g 998 docker \
    && usermod -a -G docker jenkins
 # Puppeteer
-RUN apt-get update \
+RUN apt-get install -y --no-install-recommends \
    && apt-get install -y --no-install-recommends \
        gconf-service libasound2 libatk1.0-0 libc6 \
        libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 \
        libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 \
        libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 \
        libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 \
        libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 \
-        fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils \
+        fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils
    && rm -rf /var/lib/apt/lists/*
 # Firefox
 RUN cd /opt \
    && wget https://ftp.mozilla.org/pub/firefox/releases/64.0.2/linux-x86_64/en-US/firefox-64.0.2.tar.bz2 \
    && tar xvjf firefox-64.0.2.tar.bz2 \
    && rm firefox-64.0.2.tar.bz2
 # Myt
 RUN apt-get install -y --no-install-recommends \
        libkrb5-dev \
        libssl-dev
 # Clean APT
 RUN rm -rf /var/lib/apt/lists/*
 # Fix defunct processeses: https://github.com/jenkinsci/docker-inbound-agent/issues/51
 ENV TINI_VERSION v0.19.0
 RUN wget -O /tini https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini \
    && chmod 755 /tini
 # User
 RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers \
    #&& groupadd -g 998 docker \
    && usermod -a -G 998 jenkins
 USER jenkins
 ENTRYPOINT ["/tini", "--", "/usr/local/bin/jenkins-agent"]
--- a/mrbs/config.inc.php
+++ b/mrbs/config.inc.php
@ -1,65 +0,0 @@
 <?php
 $debug = false;
 $timezone = "Europe/Madrid";
 $mrbs_admin = "Your Administrator";
 $mrbs_admin_email = "admin_email@your.org";
 $mrbs_company_logo = "vernatura-logo.png";
 $mrbs_company = "";
 //$mrbs_company_url = "https://www.verdnatura.es/";
 $weekstarts = 1;
 /*******************
 * Database settings
 ******************/
 // Which database system: "pgsql"=PostgreSQL, "mysql"=MySQL
 $dbsys = getenv('DB_TYPE') ? getenv('DB_TYPE') : "mysql";
 // Hostname of database server. For pgsql, can use "" instead of localhost
 // to use Unix Domain Sockets instead of TCP/IP. For mysql "localhost"
 // tells the system to use Unix Domain Sockets, and $db_port will be ignored;
 // if you want to force TCP connection you can use "127.0.0.1".
 $db_host = getenv('DB_HOST');
 // If you need to use a non standard port for the database connection you
 // can uncomment the following line and specify the port number
 // $db_port = 1234;
 // Database name:
 $db_database = getenv('DB_DATABASE');
 // Schema name.  This only applies to PostgreSQL and is only necessary if you have more
 // than one schema in your database and also you are using the same MRBS table names in
 // multiple schemas.
 //$db_schema = "public";
 // Database login user name:
 $db_login = getenv('DB_USER');
 // Database login password:
 $db_password = getenv('DB_PASS');
 // Prefix for table names.  This will allow multiple installations where only
 // one database is available
 $db_tbl_prefix = "mrbs_";
 // Set $db_persist to TRUE to use PHP persistent (pooled) database connections.  Note
 // that persistent connections are not recommended unless your system suffers significant
 // performance problems without them.   They can cause problems with transactions and
 // locks (see http://php.net/manual/en/features.persistent-connections.php) and although
 // MRBS tries to avoid those problems, it is generally better not to use persistent
 // connections if you can.
 $db_persist = false;
 $theme = "verdnatura";
 $auth["type"] = "ldap"; 
 $ldap_host = "ldap://ldap.verdnatura.es";
 $ldap_v3 = true;
 $ldap_tls = false;
 $ldap_base_dn = "dc=verdnatura,dc=es";
 $ldap_user_attrib = "uid";
 $ldap_dn_search_attrib = "uid";
 $ldap_dn_search_dn = "cn=mrbs,ou=admins,dc=verdnatura,dc=es";
 $ldap_get_user_email = false;
 $ldap_email_attrib = 'mail';
 $ldap_name_attrib = 'cn';
 $ldap_admin_group_dn = 'cn=sysadmin,ou=dnGroups,dc=verdnatura,dc=es';
 $ldap_group_member_attrib = 'memberof';
 $ldap_debug = true;
 $ldap_debug_attributes = true;
 $auth['deny_public_access'] = true;