add renovate

2023-01-19 12:48:27 +01:00 · 2023-01-19 12:48:27 +01:00 · e0a13aa3f3
parent aaaad3f7a0
commit e0a13aa3f3
10 changed files with 177 additions and 22 deletions
--- a/flake.lock
+++ b/flake.lock
@ -434,11 +434,11 @@
        "utils": "utils_2"
      },
      "locked": {
-        "lastModified": 1674041176,
-        "narHash": "sha256-cMf1BQzI39nHQ0H/mOatthbbI3392qLmJ9gU0u520P4=",
+        "lastModified": 1674082145,
+        "narHash": "sha256-4IpEt5Jc6VrNcpIcrKMCZAyeJMLXaaHk+yOV9HusO/A=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "2c29ae48f9a149151bdd82f429ac61d4412c312a",
+        "rev": "7026e1a934abfa02623c9870378dbcdac3cd7f80",
        "type": "github"
      },
      "original": {
@ -455,11 +455,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1674039296,
-        "narHash": "sha256-VkhsLIKY/evIu/FRB9ughThrjva0YfJ8N8C0IYCJRPg=",
+        "lastModified": 1674054764,
+        "narHash": "sha256-00cRYxCYmZvncLyCsVYrhQsCzFnjkZi+23TC2FpQU/U=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "32c11bb212dd88e4fe8e573f35649448f7d8911c",
+        "rev": "428063ff2304962387803fd59e5da8b9b82710cc",
        "type": "github"
      },
      "original": {
@ -770,11 +770,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1673954326,
-        "narHash": "sha256-oAKwsXTptcY6gRCBxJlZ+W1BrZHNr9a28+4fQMLuRu0=",
+        "lastModified": 1674101896,
+        "narHash": "sha256-xWLaexT6IHhOJru54wrOMeBbkKeJzOZ4Pqrxctf82q0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8fc3a1dcc98d3603221d4afd239e666eeedb6141",
+        "rev": "a841e262264e48722dccc8469f066068146e406b",
        "type": "github"
      },
      "original": {
@ -786,11 +786,11 @@
    },
    "nixpkgs_22-11": {
      "locked": {
-        "lastModified": 1673800717,
-        "narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=",
+        "lastModified": 1673957332,
+        "narHash": "sha256-njH7Szk1BLVWGMw7IRibgGejSlxXHj9saZHfH20gHdk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
+        "rev": "b83e7f5a04a3acc8e92228b0c4bae68933d504eb",
        "type": "github"
      },
      "original": {
@ -840,11 +840,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1673912429,
-        "narHash": "sha256-1HnrX/nFD1GqfU3S7He+J5v+DbZ6rLa//DNYOwIZeCU=",
+        "lastModified": 1674125115,
+        "narHash": "sha256-k22iBAgchS0pvFJu1gVhw/6fVbmOngtgYAGpRbL55qw=",
        "owner": "pta2002",
        "repo": "nixvim",
-        "rev": "d0910a6ddba8f3ad2079243a5cb4480739cb00e1",
+        "rev": "3f9effc575cabe61b7a9539ce550484049fe5c68",
        "type": "github"
      },
      "original": {
@ -855,11 +855,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1674046168,
-        "narHash": "sha256-5ffayoK//QsJYYhq0roW47e+ogz2AdV0+dKgvhG4FRM=",
+        "lastModified": 1674117493,
+        "narHash": "sha256-3X7K7CfTshJUMlUxGI2I2SJqKg9S1OFw4HhtYCe/vnw=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "87d0c5acda6b08d96134dc2c7c96f0e6e38e8375",
+        "rev": "00120bd037350362ad270e536d3cfd5efd404228",
        "type": "github"
      },
      "original": {
@ -1101,11 +1101,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1673428169,
-        "narHash": "sha256-b6y1bjIchI9FNDXTgyFT1FVHIhgrnbFhBEvyPCSt/kI=",
+        "lastModified": 1674127129,
+        "narHash": "sha256-LKAyyZB2/G7XFs3ZiFGQMuI5VhyT3sJQaWTP9q/TdWo=",
        "owner": "serokell",
        "repo": "vault-secrets",
-        "rev": "e20e124551d1ab2f9445033e0596e9daf7d23b5e",
+        "rev": "5495c3fde2294e8f02751988e5a7fcb06a92e9cc",
        "type": "github"
      },
      "original": {
--- a/flux/olympus/apps/kustomization.yaml
+++ b/flux/olympus/apps/kustomization.yaml
@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - services
  - websites
--- a/flux/olympus/apps/services/kustomization.yaml
+++ b/flux/olympus/apps/services/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - renovate
--- a/flux/olympus/apps/services/renovate/external-secret.yaml
+++ b/flux/olympus/apps/services/renovate/external-secret.yaml
@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: renovate
+  namespace: services
+spec:
+  refreshInterval: "5m"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: renovate
+  data:
+    - secretKey: RENOVATE_TOKEN
+      remoteRef:
+        key: gitops/renovate
+        property: gitea_token
+    - secretKey: GITHUB_COM_TOKEN
+      remoteRef:
+        key: gitops/renovate
+        property: github_token
--- a/flux/olympus/apps/services/renovate/kustomization.yaml
+++ b/flux/olympus/apps/services/renovate/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - external-secret.yaml
+  - renovate-infrastructure.yaml
--- a/flux/olympus/apps/services/renovate/renovate-infrastructure.yaml
+++ b/flux/olympus/apps/services/renovate/renovate-infrastructure.yaml
@ -0,0 +1,113 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: renovate-infrastructure
+  namespace: services
+spec:
+  schedule: "@hourly"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          volumes:
+            - name: config-volume
+              configMap:
+                name: renovate-config
+            - name: work-volume
+              emptyDir: {}
+          containers:
+            - name: renovate
+              image: renovate/renovate:32.135
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /opt/renovate/
+                - name: work-volume
+                  mountPath: /tmp/renovate/
+              env:
+                - name: LOG_LEVEL
+                  value: debug
+                - name: RENOVATE_ENDPOINT
+                  value: "https://git.0x76.dev/api/v1/"
+                - name: RENOVATE_PLATFORM
+                  value: gitea
+                - name: RENOVATE_AUTODISCOVER
+                  value: "false"
+                - name: RENOVATE_GIT_AUTHOR
+                  value: "Renovate Bot <renovate@xirion.net>"
+                - name: RENOVATE_CONFIG_FILE
+                  value: "/opt/renovate/config.js"
+                - name: RENOVATE_BASE_DIR
+                  value: "/tmp/renovate"
+              envFrom:
+                - secretRef:
+                    name: renovate
+          restartPolicy: Never
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: renovate-config
+  namespace: gitops
+data:
+  config.js: |-
+    module.exports = {
+      "binarySource": "install",
+      "repositories": ["v/infrastructure"],
+      "flux": {
+        "fileMatch": ["flux/.+\\.ya?ml$"]
+      },
+      "helm-values": {
+        "fileMatch": ["flux/.+\\.ya?ml$"]
+      },
+      "kubernetes": {
+        "fileMatch": ["flux/.+\\.ya?ml$"]
+      },
+      "hostRules": [
+        {
+          "hostType": "docker",
+          "matchHost": "ghcr.io",
+          "username": "NULLx76",
+          "password": process.env.GITHUB_COM_TOKEN
+        }
+      ],
+      "packageRules": [
+        {
+          "automerge": true,
+          "automergeType": "branch",
+          "matchPackageNames": [
+            "renovate/renovate"
+          ]
+        }
+      ],
+      // ignore individual fluxcd images
+      "ignoreDeps": [
+        "ghcr.io/fluxcd/helm-controller",
+        "ghcr.io/fluxcd/image-automation-controller",
+        "ghcr.io/fluxcd/image-reflector-controller",
+        "ghcr.io/fluxcd/kustomize-controller",
+        "ghcr.io/fluxcd/notification-controller",
+        "ghcr.io/fluxcd/source-controller"
+      ],
+      "regexManagers": [
+        {
+          "fileMatch": [
+            "flux/cluster/crds/traefik/.+\\.ya?ml$"
+          ],
+          "matchStrings": [
+            "registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n *tag: v(?<currentValue>.*)\n"
+          ],
+          "datasourceTemplate": "helm"
+        },
+        {
+          "fileMatch": [
+            "flux/cluster/crds/external-secrets/.+\\.ya?ml$"
+          ],
+          "matchStrings": [
+            "registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n *tag: helm-chart-(?<currentValue>.*)\n"
+          ],
+          "datasourceTemplate": "helm"
+        },
+      ]
+    };
--- a/flux/olympus/core/namespaces/kustomization.yaml
+++ b/flux/olympus/core/namespaces/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
  - websites.yaml
  - security.yaml
+  - services.yaml
--- a/flux/olympus/core/namespaces/services.yaml
+++ b/flux/olympus/core/namespaces/services.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: services
--- a/nixos/hosts/thalassa/aoife/home/default.nix
+++ b/nixos/hosts/thalassa/aoife/home/default.nix
@ -11,7 +11,11 @@ in {
  home.homeDirectory = "/home/victor";
  home.stateVersion = "23.05";

-  imports = [ ./dconf.nix ./theme.nix ./neovim.nix ];
+  imports = [
+    ./dconf.nix
+    ./theme.nix
+    # ./neovim.nix 
+  ];

  home.packages = with pkgs; [
    btop
--- a/nixos/hosts/thalassa/aoife/home/neovim.nix
+++ b/nixos/hosts/thalassa/aoife/home/neovim.nix
@ -44,6 +44,7 @@
      lsp = {
        enable = true;
        servers.rust-analyzer.enable = true;
+        servers.sumneko_lua.enable = false;
        servers.rnix-lsp.enable = true;
        servers.pyright.enable = true;
        servers.elixirls.enable = true;