Compare commits
2 commits
d17d496ff8
...
23e4658e68
| Author | SHA1 | Date | |
|---|---|---|---|
| 23e4658e68 | |||
| 8ecebda2b8 |
5 changed files with 33 additions and 20 deletions
|
|
@ -24,6 +24,7 @@
|
||||||
++ (with pkgs; [
|
++ (with pkgs; [
|
||||||
attic-client
|
attic-client
|
||||||
deploy-rs
|
deploy-rs
|
||||||
|
nixVersions.git
|
||||||
nixd
|
nixd
|
||||||
nixfmt-rfc-style
|
nixfmt-rfc-style
|
||||||
nixos-anywhere
|
nixos-anywhere
|
||||||
|
|
|
||||||
33
flake.lock
generated
33
flake.lock
generated
|
|
@ -27,11 +27,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1736165297,
|
"lastModified": 1737038063,
|
||||||
"narHash": "sha256-OT+sF4eNDFN/OdyUfIQwyp28+CFQL7PAdWn0wGU7F0U=",
|
"narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "76816af65d5294761636a838917e335992a52e0c",
|
"rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -74,11 +74,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-nixos-stable": {
|
"nixpkgs-nixos-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1736061677,
|
"lastModified": 1737404927,
|
||||||
"narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=",
|
"narHash": "sha256-e1WgPJpIYbOuokjgylcsuoEUCB4Jl2rQXa2LUD6XAG8=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36",
|
"rev": "ae584d90cbd0396a422289ee3efb1f1c9d141dc3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -90,11 +90,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-nixos-unstable": {
|
"nixpkgs-nixos-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1736012469,
|
"lastModified": 1737469691,
|
||||||
"narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
|
"narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
|
"rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -111,11 +111,10 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737489963,
|
"lastModified": 1737552783,
|
||||||
"narHash": "sha256-1Qo3Qofx6W4s7tfvAKuq+hIUkkSRTU6j9PcDodM0hY4=",
|
"narHash": "sha256-pJ2lp36L3++a5HtdN7ULcVpdB4j7yo90TDayWuAO+T8=",
|
||||||
"ref": "refs/heads/main",
|
"rev": "33cf80043c64ddd6882268430454e3cbe98b692b",
|
||||||
"rev": "d42933081c8149ee536b0300020d4f31b206f514",
|
"revCount": 11,
|
||||||
"revCount": 10,
|
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "file:./private"
|
"url": "file:./private"
|
||||||
},
|
},
|
||||||
|
|
@ -141,11 +140,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1736064798,
|
"lastModified": 1737411508,
|
||||||
"narHash": "sha256-xJRN0FmX9QJ6+w8eIIIxzBU1AyQcLKJ1M/Gp6lnSD20=",
|
"narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "5dc08f9cc77f03b43aacffdfbc8316807773c930",
|
"rev": "015d461c16678fc02a2f405eb453abb509d4e1d4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
|
inputs,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
|
|
@ -26,9 +27,14 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
sops.secrets."renovate/token".restartUnits = [ "renovate.service" ];
|
sops.secrets."renovate/token".restartUnits = [ "renovate.service" ];
|
||||||
|
sops.secrets."renovate/host_rules".restartUnits = [ "renovate.service" ];
|
||||||
|
systemd.services.renovate.environment.LOG_LEVEL = "debug";
|
||||||
services.renovate = {
|
services.renovate = {
|
||||||
enable = true;
|
enable = true;
|
||||||
credentials.RENOVATE_TOKEN = config.sops.secrets."renovate/token".path;
|
credentials = {
|
||||||
|
RENOVATE_TOKEN = config.sops.secrets."renovate/token".path;
|
||||||
|
RENOVATE_HOST_RULES = config.sops.secrets."renovate/host_rules".path;
|
||||||
|
};
|
||||||
runtimePackages = with pkgs; [
|
runtimePackages = with pkgs; [
|
||||||
nix
|
nix
|
||||||
];
|
];
|
||||||
|
|
@ -41,5 +47,12 @@ in
|
||||||
};
|
};
|
||||||
schedule = "*:0/10";
|
schedule = "*:0/10";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.renovate = {
|
||||||
|
path = mkBefore [ inputs.pkgs.nixVersions.git ]; # Circumvent submodule bug - remove after >=2.26 is the default.
|
||||||
|
script = mkBefore ''
|
||||||
|
echo -e "machine ${cfg.gitServer}\n login $(systemd-creds cat 'SECRET-RENOVATE_TOKEN')\n password x-oauth-basic" > ~/.netrc
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
2
private
2
private
|
|
@ -1 +1 @@
|
||||||
Subproject commit d42933081c8149ee536b0300020d4f31b206f514
|
Subproject commit 33cf80043c64ddd6882268430454e3cbe98b692b
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"extends": [ "config:base" ],
|
"extends": [ "config:recommended" ],
|
||||||
"lockFileMaintenance": {
|
"lockFileMaintenance": {
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"extends": [ "schedule:weekly" ]
|
"extends": [ "schedule:weekly" ]
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue