add renovate
This commit is contained in:
parent
aaaad3f7a0
commit
e0a13aa3f3
10 changed files with 177 additions and 22 deletions
42
flake.lock
42
flake.lock
|
@ -434,11 +434,11 @@
|
||||||
"utils": "utils_2"
|
"utils": "utils_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674041176,
|
"lastModified": 1674082145,
|
||||||
"narHash": "sha256-cMf1BQzI39nHQ0H/mOatthbbI3392qLmJ9gU0u520P4=",
|
"narHash": "sha256-4IpEt5Jc6VrNcpIcrKMCZAyeJMLXaaHk+yOV9HusO/A=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "2c29ae48f9a149151bdd82f429ac61d4412c312a",
|
"rev": "7026e1a934abfa02623c9870378dbcdac3cd7f80",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -455,11 +455,11 @@
|
||||||
"xdph": "xdph"
|
"xdph": "xdph"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674039296,
|
"lastModified": 1674054764,
|
||||||
"narHash": "sha256-VkhsLIKY/evIu/FRB9ughThrjva0YfJ8N8C0IYCJRPg=",
|
"narHash": "sha256-00cRYxCYmZvncLyCsVYrhQsCzFnjkZi+23TC2FpQU/U=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "Hyprland",
|
"repo": "Hyprland",
|
||||||
"rev": "32c11bb212dd88e4fe8e573f35649448f7d8911c",
|
"rev": "428063ff2304962387803fd59e5da8b9b82710cc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -770,11 +770,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673954326,
|
"lastModified": 1674101896,
|
||||||
"narHash": "sha256-oAKwsXTptcY6gRCBxJlZ+W1BrZHNr9a28+4fQMLuRu0=",
|
"narHash": "sha256-xWLaexT6IHhOJru54wrOMeBbkKeJzOZ4Pqrxctf82q0=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "8fc3a1dcc98d3603221d4afd239e666eeedb6141",
|
"rev": "a841e262264e48722dccc8469f066068146e406b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -786,11 +786,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_22-11": {
|
"nixpkgs_22-11": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673800717,
|
"lastModified": 1673957332,
|
||||||
"narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=",
|
"narHash": "sha256-njH7Szk1BLVWGMw7IRibgGejSlxXHj9saZHfH20gHdk=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
|
"rev": "b83e7f5a04a3acc8e92228b0c4bae68933d504eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -840,11 +840,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673912429,
|
"lastModified": 1674125115,
|
||||||
"narHash": "sha256-1HnrX/nFD1GqfU3S7He+J5v+DbZ6rLa//DNYOwIZeCU=",
|
"narHash": "sha256-k22iBAgchS0pvFJu1gVhw/6fVbmOngtgYAGpRbL55qw=",
|
||||||
"owner": "pta2002",
|
"owner": "pta2002",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "d0910a6ddba8f3ad2079243a5cb4480739cb00e1",
|
"rev": "3f9effc575cabe61b7a9539ce550484049fe5c68",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -855,11 +855,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674046168,
|
"lastModified": 1674117493,
|
||||||
"narHash": "sha256-5ffayoK//QsJYYhq0roW47e+ogz2AdV0+dKgvhG4FRM=",
|
"narHash": "sha256-3X7K7CfTshJUMlUxGI2I2SJqKg9S1OFw4HhtYCe/vnw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "87d0c5acda6b08d96134dc2c7c96f0e6e38e8375",
|
"rev": "00120bd037350362ad270e536d3cfd5efd404228",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1101,11 +1101,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673428169,
|
"lastModified": 1674127129,
|
||||||
"narHash": "sha256-b6y1bjIchI9FNDXTgyFT1FVHIhgrnbFhBEvyPCSt/kI=",
|
"narHash": "sha256-LKAyyZB2/G7XFs3ZiFGQMuI5VhyT3sJQaWTP9q/TdWo=",
|
||||||
"owner": "serokell",
|
"owner": "serokell",
|
||||||
"repo": "vault-secrets",
|
"repo": "vault-secrets",
|
||||||
"rev": "e20e124551d1ab2f9445033e0596e9daf7d23b5e",
|
"rev": "5495c3fde2294e8f02751988e5a7fcb06a92e9cc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
|
- services
|
||||||
- websites
|
- websites
|
||||||
|
|
4
flux/olympus/apps/services/kustomization.yaml
Normal file
4
flux/olympus/apps/services/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- renovate
|
21
flux/olympus/apps/services/renovate/external-secret.yaml
Normal file
21
flux/olympus/apps/services/renovate/external-secret.yaml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: renovate
|
||||||
|
namespace: services
|
||||||
|
spec:
|
||||||
|
refreshInterval: "5m"
|
||||||
|
secretStoreRef:
|
||||||
|
name: vault
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
target:
|
||||||
|
name: renovate
|
||||||
|
data:
|
||||||
|
- secretKey: RENOVATE_TOKEN
|
||||||
|
remoteRef:
|
||||||
|
key: gitops/renovate
|
||||||
|
property: gitea_token
|
||||||
|
- secretKey: GITHUB_COM_TOKEN
|
||||||
|
remoteRef:
|
||||||
|
key: gitops/renovate
|
||||||
|
property: github_token
|
5
flux/olympus/apps/services/renovate/kustomization.yaml
Normal file
5
flux/olympus/apps/services/renovate/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- external-secret.yaml
|
||||||
|
- renovate-infrastructure.yaml
|
113
flux/olympus/apps/services/renovate/renovate-infrastructure.yaml
Normal file
113
flux/olympus/apps/services/renovate/renovate-infrastructure.yaml
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: CronJob
|
||||||
|
metadata:
|
||||||
|
name: renovate-infrastructure
|
||||||
|
namespace: services
|
||||||
|
spec:
|
||||||
|
schedule: "@hourly"
|
||||||
|
concurrencyPolicy: Forbid
|
||||||
|
jobTemplate:
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
volumes:
|
||||||
|
- name: config-volume
|
||||||
|
configMap:
|
||||||
|
name: renovate-config
|
||||||
|
- name: work-volume
|
||||||
|
emptyDir: {}
|
||||||
|
containers:
|
||||||
|
- name: renovate
|
||||||
|
image: renovate/renovate:32.135
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /opt/renovate/
|
||||||
|
- name: work-volume
|
||||||
|
mountPath: /tmp/renovate/
|
||||||
|
env:
|
||||||
|
- name: LOG_LEVEL
|
||||||
|
value: debug
|
||||||
|
- name: RENOVATE_ENDPOINT
|
||||||
|
value: "https://git.0x76.dev/api/v1/"
|
||||||
|
- name: RENOVATE_PLATFORM
|
||||||
|
value: gitea
|
||||||
|
- name: RENOVATE_AUTODISCOVER
|
||||||
|
value: "false"
|
||||||
|
- name: RENOVATE_GIT_AUTHOR
|
||||||
|
value: "Renovate Bot <renovate@xirion.net>"
|
||||||
|
- name: RENOVATE_CONFIG_FILE
|
||||||
|
value: "/opt/renovate/config.js"
|
||||||
|
- name: RENOVATE_BASE_DIR
|
||||||
|
value: "/tmp/renovate"
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: renovate
|
||||||
|
restartPolicy: Never
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: renovate-config
|
||||||
|
namespace: gitops
|
||||||
|
data:
|
||||||
|
config.js: |-
|
||||||
|
module.exports = {
|
||||||
|
"binarySource": "install",
|
||||||
|
"repositories": ["v/infrastructure"],
|
||||||
|
"flux": {
|
||||||
|
"fileMatch": ["flux/.+\\.ya?ml$"]
|
||||||
|
},
|
||||||
|
"helm-values": {
|
||||||
|
"fileMatch": ["flux/.+\\.ya?ml$"]
|
||||||
|
},
|
||||||
|
"kubernetes": {
|
||||||
|
"fileMatch": ["flux/.+\\.ya?ml$"]
|
||||||
|
},
|
||||||
|
"hostRules": [
|
||||||
|
{
|
||||||
|
"hostType": "docker",
|
||||||
|
"matchHost": "ghcr.io",
|
||||||
|
"username": "NULLx76",
|
||||||
|
"password": process.env.GITHUB_COM_TOKEN
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"packageRules": [
|
||||||
|
{
|
||||||
|
"automerge": true,
|
||||||
|
"automergeType": "branch",
|
||||||
|
"matchPackageNames": [
|
||||||
|
"renovate/renovate"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
// ignore individual fluxcd images
|
||||||
|
"ignoreDeps": [
|
||||||
|
"ghcr.io/fluxcd/helm-controller",
|
||||||
|
"ghcr.io/fluxcd/image-automation-controller",
|
||||||
|
"ghcr.io/fluxcd/image-reflector-controller",
|
||||||
|
"ghcr.io/fluxcd/kustomize-controller",
|
||||||
|
"ghcr.io/fluxcd/notification-controller",
|
||||||
|
"ghcr.io/fluxcd/source-controller"
|
||||||
|
],
|
||||||
|
"regexManagers": [
|
||||||
|
{
|
||||||
|
"fileMatch": [
|
||||||
|
"flux/cluster/crds/traefik/.+\\.ya?ml$"
|
||||||
|
],
|
||||||
|
"matchStrings": [
|
||||||
|
"registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n *tag: v(?<currentValue>.*)\n"
|
||||||
|
],
|
||||||
|
"datasourceTemplate": "helm"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"fileMatch": [
|
||||||
|
"flux/cluster/crds/external-secrets/.+\\.ya?ml$"
|
||||||
|
],
|
||||||
|
"matchStrings": [
|
||||||
|
"registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n *tag: helm-chart-(?<currentValue>.*)\n"
|
||||||
|
],
|
||||||
|
"datasourceTemplate": "helm"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
};
|
|
@ -3,3 +3,4 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- websites.yaml
|
- websites.yaml
|
||||||
- security.yaml
|
- security.yaml
|
||||||
|
- services.yaml
|
||||||
|
|
5
flux/olympus/core/namespaces/services.yaml
Normal file
5
flux/olympus/core/namespaces/services.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: services
|
|
@ -11,7 +11,11 @@ in {
|
||||||
home.homeDirectory = "/home/victor";
|
home.homeDirectory = "/home/victor";
|
||||||
home.stateVersion = "23.05";
|
home.stateVersion = "23.05";
|
||||||
|
|
||||||
imports = [ ./dconf.nix ./theme.nix ./neovim.nix ];
|
imports = [
|
||||||
|
./dconf.nix
|
||||||
|
./theme.nix
|
||||||
|
# ./neovim.nix
|
||||||
|
];
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
btop
|
btop
|
||||||
|
|
|
@ -44,6 +44,7 @@
|
||||||
lsp = {
|
lsp = {
|
||||||
enable = true;
|
enable = true;
|
||||||
servers.rust-analyzer.enable = true;
|
servers.rust-analyzer.enable = true;
|
||||||
|
servers.sumneko_lua.enable = false;
|
||||||
servers.rnix-lsp.enable = true;
|
servers.rnix-lsp.enable = true;
|
||||||
servers.pyright.enable = true;
|
servers.pyright.enable = true;
|
||||||
servers.elixirls.enable = true;
|
servers.elixirls.enable = true;
|
||||||
|
|
Loading…
Reference in a new issue