Add git renovate module

nixos-configurations/lindberg-build/applications/default.nix

@@ -13,6 +13,7 @@
   qois.git-ci-runner.enable = true;
   qois.attic.enable = true;
   qois.postgresql.package = pkgs.postgresql_15;
+  qois.renovate.enable = true;
 
   # Remove substituters that are hosted on this node, to prevent lockups
   #  since the current nix implementation is not forgiving with unavailable subsituters.

nixos-modules/qois/renovate/default.nix

@@ -0,0 +1,45 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib;
+let
+  cfg = config.qois.renovate;
+in
+{
+
+  options.qois.renovate = {
+    enable = mkEnableOption "Enable renovate service";
+    gitServer = mkOption {
+      description = "Gitea/Forgejo server that should be accessed";
+      type = types.str;
+      default = "git.qo.is";
+    };
+    gitAuthor = mkOption {
+      description = "Author of commit messages";
+      type = types.str;
+      default = "Renovate Bot <sysadmin+renovate@qo.is>";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    sops.secrets."renovate/token".restartUnits = [ "renovate.service" ];
+    services.renovate = {
+      enable = true;
+      credentials.RENOVATE_TOKEN = config.sops.secrets."renovate/token".path;
+      runtimePackages = with pkgs; [
+        nix
+      ];
+      settings = {
+        inherit (cfg) gitAuthor;
+        endpoint = "https://${domain}/api/v1";
+        platform = "gitea";
+        autodiscover = true;
+        optimizeForDisabled = true;
+      };
+      schedule = "*:0/10";
+    };
+  };
+}

private

@@ -1 +1 @@
-Subproject commit dcfc21e991b4ce056e24c26bb992b1af378d035a
+Subproject commit d42933081c8149ee536b0300020d4f31b206f514