Update Jenkins agent
This commit is contained in:
parent
1a5682d815
commit
e1e30733ed
File diff suppressed because it is too large
Load Diff
|
@ -1,155 +0,0 @@
|
|||
# yamllint disable rule:comments-indentation
|
||||
---
|
||||
###############################################################################
|
||||
# Authelia Configuration #
|
||||
###############################################################################
|
||||
|
||||
theme: dark #light/dark Elige el tema que más te guste
|
||||
jwt_secret: 1234567890abcdefghifjkl #Visita https://www.grc.com/passwords.htm y copia el numero largo de la ventana que se llama 64 random hexadecimal characters (0-9 and A-F):
|
||||
|
||||
default_redirection_url: https://google.com/ #Aqui hará una redireccion si no existe ningun dominio en nuestro archivo
|
||||
|
||||
server:
|
||||
host: 0.0.0.0 #No tocar, hay que dejarlo así
|
||||
port: 9091 #Este es el puerto por defecto, no cambiarlo
|
||||
path: ""
|
||||
buffers:
|
||||
read: 4096
|
||||
write: 4096
|
||||
enable_pprof: false
|
||||
enable_expvars: false
|
||||
disable_healthcheck: false
|
||||
tls:
|
||||
key: ""
|
||||
certificate: ""
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
||||
totp:
|
||||
issuer: 2FA Verdnatura #tu nombre de dominio. No es el subdominio, sino que es el fulanito.es
|
||||
algorithm: sha1
|
||||
digits: 6
|
||||
period: 30
|
||||
secret_size: 32
|
||||
skew: 1
|
||||
|
||||
|
||||
ntp:
|
||||
address: "time.verdnatura.es:123"
|
||||
version: 4
|
||||
max_desync: 3s
|
||||
disable_startup_check: false
|
||||
disable_failure: false
|
||||
|
||||
# authentication_backend:
|
||||
# password_reset:
|
||||
# disable: false
|
||||
# refresh_interval: 5m
|
||||
# file:
|
||||
# path: /config/users_database.yml #Este es el archivo que hemos creado con los usuarios, se configura en el archivo user_database.yml que tenéis en la carpeta
|
||||
# password:
|
||||
# algorithm: argon2id
|
||||
# iterations: 1
|
||||
# key_length: 32
|
||||
# salt_length: 16
|
||||
# memory: 1024
|
||||
# parallelism: 8
|
||||
|
||||
authentication_backend:
|
||||
ldap:
|
||||
implementation: custom
|
||||
url: ldap://ldap.verdnatura.es:389
|
||||
timeout: 5s
|
||||
# start_tls: false
|
||||
# tls:
|
||||
# server_name: domain.com
|
||||
# skip_verify: false
|
||||
# minimum_version: TLS1.2
|
||||
base_dn: DC=verdnatura,DC=es
|
||||
username_attribute: uid
|
||||
additional_users_dn: ou=users
|
||||
users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
additional_groups_dn: ou=groups
|
||||
groups_filter: (&(member={dn})(objectClass=groupOfNames))
|
||||
group_name_attribute: cn
|
||||
mail_attribute: mail
|
||||
display_name_attribute: displayName
|
||||
user: cn=authelia,ou=admins,dc=verdnatura,dc=es
|
||||
password: r}LSW6E~~6mvY#T
|
||||
|
||||
|
||||
access_control:
|
||||
default_policy: deny #yo elijo doble factor por defecto
|
||||
networks:
|
||||
- name: internal
|
||||
networks:
|
||||
- 10.0.0.0/16
|
||||
rules:
|
||||
## bypass rule
|
||||
- domain:
|
||||
- "authelia.verdnatura.es" #Debe ser tu subdominio creado para authelia
|
||||
policy: bypass
|
||||
# - domain:
|
||||
# - "sub1.yourdomain.com" #Debes poner el dominio de uno de los proxys inversos si quieres que tenga solo una validación sencilla tipo usuario/contraseña
|
||||
# policy: one_factor
|
||||
- domain:
|
||||
- "phpipam.verdnatura.es" #Debes poner el dominio de uno de los proxys inversos si quieres que tenga solo una validación de doble factor tipo usuario/contraseña y codigo cambiante cada 30 segundos
|
||||
- 'vaultwarden.verdnatura.es' #Debes poner el dominio de uno de los proxys inversos si quieres que tenga solo una validación de doble factor tipo usuario/contraseña y codigo cambiante cada 30 segundos
|
||||
- 'salixtest.verdnatura.es' #Debes poner el dominio de uno de los proxys inversos si quieres que tenga solo una validación de doble factor tipo usuario/contraseña y codigo cambiante cada 30 segundos
|
||||
policy: two_factor
|
||||
|
||||
|
||||
|
||||
|
||||
#Cada vez que modifiquemos un dominio, hay que parar y arrancar el contenedor de authelia para que ejecute los cambios.
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: unsecure_session_secret #Visita https://www.grc.com/passwords.htm y copia el numero largo de la ventana que se llama 64 random hexadecimal characters (0-9 and A-F):
|
||||
expiration: 36000 # 10 hours
|
||||
inactivity: 300 # 5 minutes
|
||||
domain: verdnatura.es # tu nombre de dominio. No es el subdominio, sino que es el fulanito.es
|
||||
redis:
|
||||
host: authelia-redis
|
||||
port: 6379
|
||||
database_index: 0
|
||||
maximum_active_connections: 100
|
||||
minimum_idle_connections: 0
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 10m
|
||||
ban_time: 12h
|
||||
|
||||
#Numero de intentos en un tiempo antes de ser baneado durante la duración que pongamos. En este caso si introduce 3 intentos erróneos en 10 minutos, será baneado 12 horas.
|
||||
# storage:
|
||||
# local:
|
||||
# path: /config/db.sqlite3 #Base de datos que se crea con los usuarios, no es necesario complicarse la vida para usar Authelia de forma particular
|
||||
# encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this #borrar el texto y sustituirlo por una cadena de 20 caracteres alternados con letras y números.
|
||||
|
||||
|
||||
storage:
|
||||
encryption_key: 1234567890abcdefghifjkl
|
||||
mysql:
|
||||
host: authelia-db
|
||||
port: 3306
|
||||
database: authelia
|
||||
username: authelia
|
||||
password: authelia
|
||||
|
||||
# notifier:
|
||||
# disable_startup_check: false
|
||||
# filesystem:
|
||||
# filename: /config/notification.txt
|
||||
|
||||
|
||||
notifier:
|
||||
disable_startup_check: true #true/false
|
||||
smtp:
|
||||
username: authelia #tu usuario de correo
|
||||
password: ZH^$Pc98.$964?P #Creamos una contraseña de aplicacion en goggle, la copiamos y la pegamos aquí
|
||||
host: smtp.verdnatura.es #email smtp server, este es correcto si usas gmail
|
||||
port: 465 #email smtp port, es este el que se utiliza si usas gmail
|
||||
sender: authelia@verdnatura.es #el correo de quien lo envia, poen el mismo que tu usuario
|
||||
identifier: authelia
|
||||
subject: "Authelia {title} desde tu ordenador" #email subject
|
|
@ -1,9 +1,13 @@
|
|||
FROM jenkins/inbound-agent:4.10-3
|
||||
FROM jenkins/inbound-agent:latest-jdk17
|
||||
|
||||
USER root
|
||||
|
||||
# Update APT
|
||||
RUN apt-get update \
|
||||
&& apt-get upgrade -y \
|
||||
&& apt-get install -y \
|
||||
&& apt-get upgrade -y
|
||||
|
||||
# Building packages
|
||||
RUN apt-get install -y \
|
||||
sudo \
|
||||
libltdl-dev \
|
||||
libgtk-3-0 \
|
||||
|
@ -11,39 +15,50 @@ RUN apt-get update \
|
|||
xvfb \
|
||||
default-mysql-client \
|
||||
build-essential \
|
||||
python \
|
||||
python-is-python3 \
|
||||
vim \
|
||||
wget \
|
||||
curl \
|
||||
&& curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` \
|
||||
curl
|
||||
|
||||
# Docker compose
|
||||
RUN curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` \
|
||||
-o /usr/local/bin/docker-compose \
|
||||
&& chmod +x /usr/local/bin/docker-compose \
|
||||
&& echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers \
|
||||
&& groupadd -g 998 docker \
|
||||
&& usermod -a -G docker jenkins
|
||||
&& chmod +x /usr/local/bin/docker-compose
|
||||
|
||||
# Puppeteer
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
RUN apt-get install -y --no-install-recommends \
|
||||
gconf-service libasound2 libatk1.0-0 libc6 \
|
||||
libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 \
|
||||
libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 \
|
||||
libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 \
|
||||
libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 \
|
||||
libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 \
|
||||
fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils
|
||||
|
||||
# Firefox
|
||||
RUN cd /opt \
|
||||
&& wget https://ftp.mozilla.org/pub/firefox/releases/64.0.2/linux-x86_64/en-US/firefox-64.0.2.tar.bz2 \
|
||||
&& tar xvjf firefox-64.0.2.tar.bz2 \
|
||||
&& rm firefox-64.0.2.tar.bz2
|
||||
|
||||
# Myt
|
||||
RUN apt-get install -y --no-install-recommends \
|
||||
libkrb5-dev \
|
||||
libssl-dev
|
||||
|
||||
# Clean APT
|
||||
RUN rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Fix defunct processeses: https://github.com/jenkinsci/docker-inbound-agent/issues/51
|
||||
ENV TINI_VERSION v0.19.0
|
||||
RUN wget -O /tini https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini \
|
||||
&& chmod 755 /tini
|
||||
|
||||
# User
|
||||
RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers \
|
||||
#&& groupadd -g 998 docker \
|
||||
&& usermod -a -G 998 jenkins
|
||||
|
||||
USER jenkins
|
||||
|
||||
ENTRYPOINT ["/tini", "--", "/usr/local/bin/jenkins-agent"]
|
||||
|
|
|
@ -1,65 +0,0 @@
|
|||
<?php
|
||||
|
||||
$debug = false;
|
||||
$timezone = "Europe/Madrid";
|
||||
$mrbs_admin = "Your Administrator";
|
||||
$mrbs_admin_email = "admin_email@your.org";
|
||||
$mrbs_company_logo = "vernatura-logo.png";
|
||||
$mrbs_company = "";
|
||||
//$mrbs_company_url = "https://www.verdnatura.es/";
|
||||
$weekstarts = 1;
|
||||
|
||||
/*******************
|
||||
* Database settings
|
||||
******************/
|
||||
// Which database system: "pgsql"=PostgreSQL, "mysql"=MySQL
|
||||
$dbsys = getenv('DB_TYPE') ? getenv('DB_TYPE') : "mysql";
|
||||
// Hostname of database server. For pgsql, can use "" instead of localhost
|
||||
// to use Unix Domain Sockets instead of TCP/IP. For mysql "localhost"
|
||||
// tells the system to use Unix Domain Sockets, and $db_port will be ignored;
|
||||
// if you want to force TCP connection you can use "127.0.0.1".
|
||||
$db_host = getenv('DB_HOST');
|
||||
// If you need to use a non standard port for the database connection you
|
||||
// can uncomment the following line and specify the port number
|
||||
// $db_port = 1234;
|
||||
// Database name:
|
||||
$db_database = getenv('DB_DATABASE');
|
||||
// Schema name. This only applies to PostgreSQL and is only necessary if you have more
|
||||
// than one schema in your database and also you are using the same MRBS table names in
|
||||
// multiple schemas.
|
||||
//$db_schema = "public";
|
||||
// Database login user name:
|
||||
$db_login = getenv('DB_USER');
|
||||
// Database login password:
|
||||
$db_password = getenv('DB_PASS');
|
||||
// Prefix for table names. This will allow multiple installations where only
|
||||
// one database is available
|
||||
$db_tbl_prefix = "mrbs_";
|
||||
// Set $db_persist to TRUE to use PHP persistent (pooled) database connections. Note
|
||||
// that persistent connections are not recommended unless your system suffers significant
|
||||
// performance problems without them. They can cause problems with transactions and
|
||||
// locks (see http://php.net/manual/en/features.persistent-connections.php) and although
|
||||
// MRBS tries to avoid those problems, it is generally better not to use persistent
|
||||
// connections if you can.
|
||||
$db_persist = false;
|
||||
|
||||
$theme = "verdnatura";
|
||||
|
||||
$auth["type"] = "ldap";
|
||||
|
||||
$ldap_host = "ldap://ldap.verdnatura.es";
|
||||
$ldap_v3 = true;
|
||||
$ldap_tls = false;
|
||||
$ldap_base_dn = "dc=verdnatura,dc=es";
|
||||
$ldap_user_attrib = "uid";
|
||||
$ldap_dn_search_attrib = "uid";
|
||||
$ldap_dn_search_dn = "cn=mrbs,ou=admins,dc=verdnatura,dc=es";
|
||||
$ldap_get_user_email = false;
|
||||
$ldap_email_attrib = 'mail';
|
||||
$ldap_name_attrib = 'cn';
|
||||
$ldap_admin_group_dn = 'cn=sysadmin,ou=dnGroups,dc=verdnatura,dc=es';
|
||||
$ldap_group_member_attrib = 'memberof';
|
||||
$ldap_debug = true;
|
||||
$ldap_debug_attributes = true;
|
||||
|
||||
$auth['deny_public_access'] = true;
|
Loading…
Reference in New Issue