qo.is/infrastructure
3
0
Fork 0
Code Issues 12 Pull requests Projects 1 Activity Actions

Fix renovate submodule cloning
All checks were successful
CI / build (push) Successful in 3m13s
Details

Browse source
This commit is contained in:
Fabian Hauser 2025-01-22 19:44:12 +02:00
parent 3d04556637
commit 8ecebda2b8
5 changed files with 21 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

15
nixos-modules/qois/renovate/default.nix
View file

@ -2,6 +2,7 @@
config,
pkgs,
lib,
inputs,
...
}:
with lib;
@ -26,9 +27,14 @@ in
config = mkIf cfg.enable {
sops.secrets."renovate/token".restartUnits = [ "renovate.service" ];
sops.secrets."renovate/host_rules".restartUnits = [ "renovate.service" ];
systemd.services.renovate.environment.LOG_LEVEL = "debug";
services.renovate = {
enable = true;
credentials.RENOVATE_TOKEN = config.sops.secrets."renovate/token".path;
credentials = {
RENOVATE_TOKEN = config.sops.secrets."renovate/token".path;
RENOVATE_HOST_RULES = config.sops.secrets."renovate/host_rules".path;
};
runtimePackages = with pkgs; [
nix
];
@ -41,5 +47,12 @@ in
};
schedule = "*:0/10";
};
systemd.services.renovate = {
path = mkBefore [ inputs.pkgs.nixVersions.git ]; # Circumvent submodule bug - remove after >=2.26 is the default.
script = mkBefore ''
echo -e "machine ${cfg.gitServer}\n login $(systemd-creds cat 'SECRET-RENOVATE_TOKEN')\n password x-oauth-basic" > ~/.netrc
'';
};
};
}