2025-01-22 18:44:35 +01:00
5 changed files with 21 additions and 7 deletions
--- a/dev-shells/default.nix
+++ b/dev-shells/default.nix
@ -24,6 +24,7 @@
      ++ (with pkgs; [
        attic-client
        deploy-rs
+        nixVersions.git
        nixd
        nixfmt-rfc-style
        nixos-anywhere
--- a/flake.lock
+++ b/flake.lock
@ -111,11 +111,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737489963,
-        "narHash": "sha256-1Qo3Qofx6W4s7tfvAKuq+hIUkkSRTU6j9PcDodM0hY4=",
+        "lastModified": 1737552783,
+        "narHash": "sha256-pJ2lp36L3++a5HtdN7ULcVpdB4j7yo90TDayWuAO+T8=",
        "ref": "refs/heads/main",
-        "rev": "d42933081c8149ee536b0300020d4f31b206f514",
-        "revCount": 10,
+        "rev": "33cf80043c64ddd6882268430454e3cbe98b692b",
+        "revCount": 11,
        "type": "git",
        "url": "file:./private"
      },
--- a/nixos-modules/qois/renovate/default.nix
+++ b/nixos-modules/qois/renovate/default.nix
@ -2,6 +2,7 @@
  config,
  pkgs,
  lib,
+  inputs,
  ...
 }:
 with lib;
@ -26,9 +27,14 @@ in

  config = mkIf cfg.enable {
    sops.secrets."renovate/token".restartUnits = [ "renovate.service" ];
+    sops.secrets."renovate/host_rules".restartUnits = [ "renovate.service" ];
+    systemd.services.renovate.environment.LOG_LEVEL = "debug";
    services.renovate = {
      enable = true;
-      credentials.RENOVATE_TOKEN = config.sops.secrets."renovate/token".path;
+      credentials = {
+        RENOVATE_TOKEN = config.sops.secrets."renovate/token".path;
+        RENOVATE_HOST_RULES = config.sops.secrets."renovate/host_rules".path;
+      };
      runtimePackages = with pkgs; [
        nix
      ];
@ -41,5 +47,12 @@ in
      };
      schedule = "*:0/10";
    };
+
+    systemd.services.renovate = {
+      path = mkBefore [ inputs.pkgs.nixVersions.git ]; # Circumvent submodule bug - remove after >=2.26 is the default.
+      script = mkBefore ''
+        echo -e "machine ${cfg.gitServer}\n    login $(systemd-creds cat 'SECRET-RENOVATE_TOKEN')\n    password x-oauth-basic" > ~/.netrc
+      '';
+    };
  };
 }
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit d42933081c8149ee536b0300020d4f31b206f514
+Subproject commit 33cf80043c64ddd6882268430454e3cbe98b692b
--- a/renovate.json
+++ b/renovate.json
@ -1,6 +1,6 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [ "config:base" ],
+  "extends": [ "config:recommended" ],
  "lockFileMaintenance": {
    "enabled": true,
    "extends": [ "schedule:weekly" ]