[Unit]
Description=Jenkins inbound agent %i
Wants=network-online.target
After=network-online.target
StartLimitIntervalSec=0

[Service]
Type=simple
User=root
Group=root
EnvironmentFile=/etc/jenkins-agent/%i.env
WorkingDirectory=/var/lib/jenkins/agent/%i
ExecStart=/usr/local/bin/jenkins-inbound-agent-start %i
Restart=always
RestartSec=10
KillSignal=SIGINT
TimeoutStopSec=30

# 当前生产流水线仍包含服务器初始化、systemd 与 Nginx 写入等特权操作。
# 后续若将 agent 降权到 jenkins 用户，需要先把流水线命令收敛到精确 sudo 白名单。
PrivateTmp=true

[Install]
WantedBy=multi-user.target