darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Merge pull request #505 from DarkKirb/add-renovate

Browse source 
add renovate
This commit is contained in:
Charlotte 🦝 Delenk 2024-09-05 10:47:42 +02:00 committed by GitHub
commit 5b260eda1f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 40 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/nas.nix
View file

@ -40,6 +40,7 @@
./services/heisenbridge.nix
#./services/kubernetes.nix
./services/forgejo-runner.nix
./services/renovate.nix
];
hardware.cpu.amd.updateMicrocode = true;

36
config/services/renovate.nix Normal file
View file

@ -0,0 +1,36 @@
{
pkgs,
config,
cargo2nix,
system,
...
}: {
services.renovate = {
enable = true;
schedule = "hourly";
settings = {
platform = "gitea";
endpoint = "https://git.chir.rs";
gitAuthor = "Renovate <gitea-bot@chir.rs>";
autodiscover = true;
autodiscoverTopics = ["managed-by-renovate"];
nix.enabled = true;
lockFileMaintenance.enabled = true;
osvVulnerabilityAlerts = true;
allowedPostUpgradeCommands = ["^cargo2nix -o$" "^alejandra \\.$"];
};
credentials = {
RENOVATE_TOKEN = config.sops.secrets."services/renovate".path;
};
runtimePackages = with pkgs; [
config.nix.package
nodejs
corepack
cargo
cargo2nix.packages.${system}.cargo2nix
alejandra
];
};
sops.secrets."services/renovate" = {};
}

5
secrets/nas.yaml
View file

@ -19,6 +19,7 @@ services:
aws_credentials: ENC[AES256_GCM,data:Jqlm/51nraW5Z8Tz1wYKghcPqTFZtSHb5bC2/EKjYjQfcd504AHFNlAQjlsa0vdf5hyca9401PpeWuxxPb2jnKdRqYSh/JXqNKIXNDySJIdHbEwdBSW6Y9thzBldUfkpVIOAJgjGJmA69XIYCNaq75UJ3rE=,iv:GWx0SNEXr8JYttiWuzu0LK2V0cr0+mk7DTty2llEgyE=,tag:IsB+Y6ErXmmzR80z/L3C7g==,type:str]
akkoma-key: ENC[AES256_GCM,data:0lPd+1JnjQpiDiyhOwNzCVrwA7PbQc7sK/INLOy1QiVbWmJ7C5ziwxU3AA==,iv:SZaD9QHxR6+NFiFYeC0H985/GlEEJ+QKocpo7FFg7Ls=,tag:jEGg4N42MJ/qPoIkN3q5cQ==,type:str]
forgejo-runner: ENC[AES256_GCM,data:rKQkDgejZxCt2k685P4+393mtRXL7oCSENnH0c7Tr2X+cUmmoR6QikDkoBsefA==,iv:D2K12VA+BUSDo8LiHYoVzZQpveEcUCGe9BUwWqeHJt8=,tag:2JVcklZTplALwjaImydsHg==,type:str]
renovate: ENC[AES256_GCM,data:pfbOrawWZFXj9VTqnSMoEe2MHo0wceCM39hsxQRXzLHj9+kpUlh7pQ==,iv:B03BU1MbI2mtprLs4MuVNF25EV3KF/Kip2Fdz0ff2r8=,tag:sXWgoNM1doXDOqAkQsKeGQ==,type:str]
security:
acme:
dns: ENC[AES256_GCM,data:wlwS5g6p62ilVCNuNFg1atTR+RdPRSQY6jXJwdUkQsXM15fSc2+wwWGGMtLVKnfvPH+0R+jVy+Xeu+Xya8D+HvnO2zV4cz5DV3Fqq0McCcQBVBpx1jJaU0+BvrVh5+ZwVerla8re6/0wYoVFjyVUy1EbvGYsgGS12WFoW+WdUOgZKvGqlbl3LRn27Lrht+xnk7D/46EN6VpQls/4jK1aD5WS/YDEersEdPPcAhe3LUZfHgzUsVgOJAZYhghQQqgWG60rXk/1XkMH2HrU6a3zb/obu0PU,iv:c6zY25WBevtBoKqDv7ITELkTP4yf29AAZuFEZ9w8atM=,tag:cztLn1oAekz7JLThf9kLEg==,type:str]
@ -60,8 +61,8 @@ sops:
Kytvc1lyRHRrRXRjaEV0V3ZDcUgzVVkKkqr0FcWUCkTYLIXJKuY5/LJX1odVaF4s
P2BLyjXj81078QjKwTyXskFV36uWM70LoVfkxBRTMZO/4O+BCwRpkg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-04T16:46:23Z"
mac: ENC[AES256_GCM,data:paJNopVUjIafa8eYP8eIFY7wVs1LARstBTMk9SQc0LrfA19qZqvILsVivoEY8rOeKHUbykK1aMEuFX1XmWfTBuCDSAiYqFqetnybpN8dZi+2C6oaNmCFPyLQdGftdrL5YACfZUJ+2enZwKU9X24GWsngYqb37lhQXdNLEgt4gUE=,iv:KzLnDrNIpifgd2EpfA7dCQQy3FrUW6IDrmVn65eMcCY=,tag:Jt8PDenIYLDaiJ1ZIJSg5Q==,type:str]
lastmodified: "2024-09-04T19:00:05Z"
mac: ENC[AES256_GCM,data:HHqjMF4qdoGS74XZbXeVqQBzkI18Mz8K0qvZpv0K4cWbRrwsZKkZvwdtYJSzAbv4MX1ZVg1sRavekae3WUEjTkktrZQb0jJ+0xLdBz6kO9uwN28EhzH2mXF/cyTuzuAblhWGmN7PzOHaGd+bRsmD5ylRQn+Lgwag2oykxAM2bcs=,iv:ng5KCTJ/kuLYEXM5B3sNzIj+Y87QjhDnimIfIzoJ0wc=,tag:hWKPfWkfrfO+obyc2POUXw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0