58 lines
1.6 KiB
Nix
58 lines
1.6 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
inputs,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
cfg = config.qois.renovate;
|
|
in
|
|
{
|
|
|
|
options.qois.renovate = {
|
|
enable = mkEnableOption "Enable renovate service";
|
|
gitServer = mkOption {
|
|
description = "Gitea/Forgejo server that should be accessed";
|
|
type = types.str;
|
|
default = "git.qo.is";
|
|
};
|
|
gitAuthor = mkOption {
|
|
description = "Author of commit messages";
|
|
type = types.str;
|
|
default = "Renovate Bot <sysadmin+renovate@qo.is>";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
sops.secrets."renovate/token".restartUnits = [ "renovate.service" ];
|
|
sops.secrets."renovate/host_rules".restartUnits = [ "renovate.service" ];
|
|
systemd.services.renovate.environment.LOG_LEVEL = "debug";
|
|
services.renovate = {
|
|
enable = true;
|
|
credentials = {
|
|
RENOVATE_TOKEN = config.sops.secrets."renovate/token".path;
|
|
RENOVATE_HOST_RULES = config.sops.secrets."renovate/host_rules".path;
|
|
};
|
|
runtimePackages = with pkgs; [
|
|
nix
|
|
];
|
|
settings = {
|
|
inherit (cfg) gitAuthor;
|
|
endpoint = "https://${cfg.gitServer}/api/v1";
|
|
platform = "gitea";
|
|
autodiscover = true;
|
|
optimizeForDisabled = true;
|
|
};
|
|
schedule = "*:0/10";
|
|
};
|
|
|
|
systemd.services.renovate = {
|
|
path = mkBefore [ inputs.pkgs.nixVersions.git ]; # Circumvent submodule bug - remove after >=2.26 is the default.
|
|
script = mkBefore ''
|
|
echo -e "machine ${cfg.gitServer}\n login $(systemd-creds cat 'SECRET-RENOVATE_TOKEN')\n password x-oauth-basic" > ~/.netrc
|
|
'';
|
|
};
|
|
};
|
|
}
|