Move all nixos-modules out of qois subfolder

2025-03-21 19:20:28 +02:00 · 2025-03-21 19:20:28 +02:00 · 97d1a30329
commit 97d1a30329
parent d49f58265f
22 changed files with 3 additions and 14 deletions
--- a/nixos-modules/renovate/default.nix
+++ b/nixos-modules/renovate/default.nix
@ -0,0 +1,58 @@
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+with lib;
+let
+  cfg = config.qois.renovate;
+in
+{
+
+  options.qois.renovate = {
+    enable = mkEnableOption "Enable renovate service";
+    gitServer = mkOption {
+      description = "Gitea/Forgejo server that should be accessed";
+      type = types.str;
+      default = "git.qo.is";
+    };
+    gitAuthor = mkOption {
+      description = "Author of commit messages";
+      type = types.str;
+      default = "Renovate Bot <sysadmin+renovate@qo.is>";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    sops.secrets."renovate/token".restartUnits = [ "renovate.service" ];
+    sops.secrets."renovate/host_rules".restartUnits = [ "renovate.service" ];
+    systemd.services.renovate.environment.LOG_LEVEL = "debug";
+    services.renovate = {
+      enable = true;
+      credentials = {
+        RENOVATE_TOKEN = config.sops.secrets."renovate/token".path;
+        RENOVATE_HOST_RULES = config.sops.secrets."renovate/host_rules".path;
+      };
+      runtimePackages = with pkgs; [
+        nix
+      ];
+      settings = {
+        inherit (cfg) gitAuthor;
+        endpoint = "https://${cfg.gitServer}/api/v1";
+        platform = "gitea";
+        autodiscover = true;
+        optimizeForDisabled = true;
+      };
+      schedule = "*:0/10";
+    };
+
+    systemd.services.renovate = {
+      path = mkBefore [ inputs.pkgs.nixVersions.git ]; # Circumvent submodule bug - remove after >=2.26 is the default.
+      script = mkBefore ''
+        echo -e "machine ${cfg.gitServer}\n    login $(systemd-creds cat 'SECRET-RENOVATE_TOKEN')\n    password x-oauth-basic" > ~/.netrc
+      '';
+    };
+  };
+}