diff --git a/flake.lock b/flake.lock index f09419f..5463aa7 100644 --- a/flake.lock +++ b/flake.lock @@ -434,11 +434,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1674041176, - "narHash": "sha256-cMf1BQzI39nHQ0H/mOatthbbI3392qLmJ9gU0u520P4=", + "lastModified": 1674082145, + "narHash": "sha256-4IpEt5Jc6VrNcpIcrKMCZAyeJMLXaaHk+yOV9HusO/A=", "owner": "nix-community", "repo": "home-manager", - "rev": "2c29ae48f9a149151bdd82f429ac61d4412c312a", + "rev": "7026e1a934abfa02623c9870378dbcdac3cd7f80", "type": "github" }, "original": { @@ -455,11 +455,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1674039296, - "narHash": "sha256-VkhsLIKY/evIu/FRB9ughThrjva0YfJ8N8C0IYCJRPg=", + "lastModified": 1674054764, + "narHash": "sha256-00cRYxCYmZvncLyCsVYrhQsCzFnjkZi+23TC2FpQU/U=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "32c11bb212dd88e4fe8e573f35649448f7d8911c", + "rev": "428063ff2304962387803fd59e5da8b9b82710cc", "type": "github" }, "original": { @@ -770,11 +770,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1673954326, - "narHash": "sha256-oAKwsXTptcY6gRCBxJlZ+W1BrZHNr9a28+4fQMLuRu0=", + "lastModified": 1674101896, + "narHash": "sha256-xWLaexT6IHhOJru54wrOMeBbkKeJzOZ4Pqrxctf82q0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8fc3a1dcc98d3603221d4afd239e666eeedb6141", + "rev": "a841e262264e48722dccc8469f066068146e406b", "type": "github" }, "original": { @@ -786,11 +786,11 @@ }, "nixpkgs_22-11": { "locked": { - "lastModified": 1673800717, - "narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=", + "lastModified": 1673957332, + "narHash": "sha256-njH7Szk1BLVWGMw7IRibgGejSlxXHj9saZHfH20gHdk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f", + "rev": "b83e7f5a04a3acc8e92228b0c4bae68933d504eb", "type": "github" }, "original": { @@ -840,11 +840,11 @@ ] }, "locked": { - "lastModified": 1673912429, - "narHash": "sha256-1HnrX/nFD1GqfU3S7He+J5v+DbZ6rLa//DNYOwIZeCU=", + "lastModified": 1674125115, + "narHash": "sha256-k22iBAgchS0pvFJu1gVhw/6fVbmOngtgYAGpRbL55qw=", "owner": "pta2002", "repo": "nixvim", - "rev": "d0910a6ddba8f3ad2079243a5cb4480739cb00e1", + "rev": "3f9effc575cabe61b7a9539ce550484049fe5c68", "type": "github" }, "original": { @@ -855,11 +855,11 @@ }, "nur": { "locked": { - "lastModified": 1674046168, - "narHash": "sha256-5ffayoK//QsJYYhq0roW47e+ogz2AdV0+dKgvhG4FRM=", + "lastModified": 1674117493, + "narHash": "sha256-3X7K7CfTshJUMlUxGI2I2SJqKg9S1OFw4HhtYCe/vnw=", "owner": "nix-community", "repo": "NUR", - "rev": "87d0c5acda6b08d96134dc2c7c96f0e6e38e8375", + "rev": "00120bd037350362ad270e536d3cfd5efd404228", "type": "github" }, "original": { @@ -1101,11 +1101,11 @@ ] }, "locked": { - "lastModified": 1673428169, - "narHash": "sha256-b6y1bjIchI9FNDXTgyFT1FVHIhgrnbFhBEvyPCSt/kI=", + "lastModified": 1674127129, + "narHash": "sha256-LKAyyZB2/G7XFs3ZiFGQMuI5VhyT3sJQaWTP9q/TdWo=", "owner": "serokell", "repo": "vault-secrets", - "rev": "e20e124551d1ab2f9445033e0596e9daf7d23b5e", + "rev": "5495c3fde2294e8f02751988e5a7fcb06a92e9cc", "type": "github" }, "original": { diff --git a/flux/olympus/apps/kustomization.yaml b/flux/olympus/apps/kustomization.yaml index ce8efa2..0dd5fc5 100644 --- a/flux/olympus/apps/kustomization.yaml +++ b/flux/olympus/apps/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - services - websites diff --git a/flux/olympus/apps/services/kustomization.yaml b/flux/olympus/apps/services/kustomization.yaml new file mode 100644 index 0000000..4ddab70 --- /dev/null +++ b/flux/olympus/apps/services/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - renovate diff --git a/flux/olympus/apps/services/renovate/external-secret.yaml b/flux/olympus/apps/services/renovate/external-secret.yaml new file mode 100644 index 0000000..4063745 --- /dev/null +++ b/flux/olympus/apps/services/renovate/external-secret.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: renovate + namespace: services +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: renovate + data: + - secretKey: RENOVATE_TOKEN + remoteRef: + key: gitops/renovate + property: gitea_token + - secretKey: GITHUB_COM_TOKEN + remoteRef: + key: gitops/renovate + property: github_token diff --git a/flux/olympus/apps/services/renovate/kustomization.yaml b/flux/olympus/apps/services/renovate/kustomization.yaml new file mode 100644 index 0000000..215e80b --- /dev/null +++ b/flux/olympus/apps/services/renovate/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - external-secret.yaml + - renovate-infrastructure.yaml diff --git a/flux/olympus/apps/services/renovate/renovate-infrastructure.yaml b/flux/olympus/apps/services/renovate/renovate-infrastructure.yaml new file mode 100644 index 0000000..da65c1f --- /dev/null +++ b/flux/olympus/apps/services/renovate/renovate-infrastructure.yaml @@ -0,0 +1,113 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: renovate-infrastructure + namespace: services +spec: + schedule: "@hourly" + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + spec: + volumes: + - name: config-volume + configMap: + name: renovate-config + - name: work-volume + emptyDir: {} + containers: + - name: renovate + image: renovate/renovate:32.135 + volumeMounts: + - name: config-volume + mountPath: /opt/renovate/ + - name: work-volume + mountPath: /tmp/renovate/ + env: + - name: LOG_LEVEL + value: debug + - name: RENOVATE_ENDPOINT + value: "https://git.0x76.dev/api/v1/" + - name: RENOVATE_PLATFORM + value: gitea + - name: RENOVATE_AUTODISCOVER + value: "false" + - name: RENOVATE_GIT_AUTHOR + value: "Renovate Bot " + - name: RENOVATE_CONFIG_FILE + value: "/opt/renovate/config.js" + - name: RENOVATE_BASE_DIR + value: "/tmp/renovate" + envFrom: + - secretRef: + name: renovate + restartPolicy: Never +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: renovate-config + namespace: gitops +data: + config.js: |- + module.exports = { + "binarySource": "install", + "repositories": ["v/infrastructure"], + "flux": { + "fileMatch": ["flux/.+\\.ya?ml$"] + }, + "helm-values": { + "fileMatch": ["flux/.+\\.ya?ml$"] + }, + "kubernetes": { + "fileMatch": ["flux/.+\\.ya?ml$"] + }, + "hostRules": [ + { + "hostType": "docker", + "matchHost": "ghcr.io", + "username": "NULLx76", + "password": process.env.GITHUB_COM_TOKEN + } + ], + "packageRules": [ + { + "automerge": true, + "automergeType": "branch", + "matchPackageNames": [ + "renovate/renovate" + ] + } + ], + // ignore individual fluxcd images + "ignoreDeps": [ + "ghcr.io/fluxcd/helm-controller", + "ghcr.io/fluxcd/image-automation-controller", + "ghcr.io/fluxcd/image-reflector-controller", + "ghcr.io/fluxcd/kustomize-controller", + "ghcr.io/fluxcd/notification-controller", + "ghcr.io/fluxcd/source-controller" + ], + "regexManagers": [ + { + "fileMatch": [ + "flux/cluster/crds/traefik/.+\\.ya?ml$" + ], + "matchStrings": [ + "registryUrl=(?.*?) chart=(?.*?)\n *tag: v(?.*)\n" + ], + "datasourceTemplate": "helm" + }, + { + "fileMatch": [ + "flux/cluster/crds/external-secrets/.+\\.ya?ml$" + ], + "matchStrings": [ + "registryUrl=(?.*?) chart=(?.*?)\n *tag: helm-chart-(?.*)\n" + ], + "datasourceTemplate": "helm" + }, + ] + }; diff --git a/flux/olympus/core/namespaces/kustomization.yaml b/flux/olympus/core/namespaces/kustomization.yaml index 89c93b9..be604cf 100644 --- a/flux/olympus/core/namespaces/kustomization.yaml +++ b/flux/olympus/core/namespaces/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - websites.yaml - security.yaml + - services.yaml diff --git a/flux/olympus/core/namespaces/services.yaml b/flux/olympus/core/namespaces/services.yaml new file mode 100644 index 0000000..62bcfaf --- /dev/null +++ b/flux/olympus/core/namespaces/services.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: services diff --git a/nixos/hosts/thalassa/aoife/home/default.nix b/nixos/hosts/thalassa/aoife/home/default.nix index 5ddf8b2..7b52b15 100644 --- a/nixos/hosts/thalassa/aoife/home/default.nix +++ b/nixos/hosts/thalassa/aoife/home/default.nix @@ -11,7 +11,11 @@ in { home.homeDirectory = "/home/victor"; home.stateVersion = "23.05"; - imports = [ ./dconf.nix ./theme.nix ./neovim.nix ]; + imports = [ + ./dconf.nix + ./theme.nix + # ./neovim.nix + ]; home.packages = with pkgs; [ btop diff --git a/nixos/hosts/thalassa/aoife/home/neovim.nix b/nixos/hosts/thalassa/aoife/home/neovim.nix index d12dda7..67f7195 100644 --- a/nixos/hosts/thalassa/aoife/home/neovim.nix +++ b/nixos/hosts/thalassa/aoife/home/neovim.nix @@ -44,6 +44,7 @@ lsp = { enable = true; servers.rust-analyzer.enable = true; + servers.sumneko_lua.enable = false; servers.rnix-lsp.enable = true; servers.pyright.enable = true; servers.elixirls.enable = true;