diff --git a/nixos-configurations/lindberg-build/applications/default.nix b/nixos-configurations/lindberg-build/applications/default.nix index d9360ee..35d4632 100644 --- a/nixos-configurations/lindberg-build/applications/default.nix +++ b/nixos-configurations/lindberg-build/applications/default.nix @@ -13,6 +13,7 @@ qois.git-ci-runner.enable = true; qois.attic.enable = true; qois.postgresql.package = pkgs.postgresql_15; + qois.renovate.enable = true; # Remove substituters that are hosted on this node, to prevent lockups # since the current nix implementation is not forgiving with unavailable subsituters. diff --git a/nixos-modules/qois/renovate/default.nix b/nixos-modules/qois/renovate/default.nix new file mode 100644 index 0000000..411a6f3 --- /dev/null +++ b/nixos-modules/qois/renovate/default.nix @@ -0,0 +1,45 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.qois.renovate; +in +{ + + options.qois.renovate = { + enable = mkEnableOption "Enable renovate service"; + gitServer = mkOption { + description = "Gitea/Forgejo server that should be accessed"; + type = types.str; + default = "git.qo.is"; + }; + gitAuthor = mkOption { + description = "Author of commit messages"; + type = types.str; + default = "Renovate Bot "; + }; + }; + + config = mkIf cfg.enable { + sops.secrets."renovate/token".restartUnits = [ "renovate.service" ]; + services.renovate = { + enable = true; + credentials.RENOVATE_TOKEN = config.sops.secrets."renovate/token".path; + runtimePackages = with pkgs; [ + nix + ]; + settings = { + inherit (cfg) gitAuthor; + endpoint = "https://${domain}/api/v1"; + platform = "gitea"; + autodiscover = true; + optimizeForDisabled = true; + }; + schedule = "*:0/10"; + }; + }; +} diff --git a/private b/private index dcfc21e..d429330 160000 --- a/private +++ b/private @@ -1 +1 @@ -Subproject commit dcfc21e991b4ce056e24c26bb992b1af378d035a +Subproject commit d42933081c8149ee536b0300020d4f31b206f514