add renovate
This commit is contained in:
parent
aaaad3f7a0
commit
e0a13aa3f3
10 changed files with 177 additions and 22 deletions
42
flake.lock
42
flake.lock
|
@ -434,11 +434,11 @@
|
|||
"utils": "utils_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1674041176,
|
||||
"narHash": "sha256-cMf1BQzI39nHQ0H/mOatthbbI3392qLmJ9gU0u520P4=",
|
||||
"lastModified": 1674082145,
|
||||
"narHash": "sha256-4IpEt5Jc6VrNcpIcrKMCZAyeJMLXaaHk+yOV9HusO/A=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "2c29ae48f9a149151bdd82f429ac61d4412c312a",
|
||||
"rev": "7026e1a934abfa02623c9870378dbcdac3cd7f80",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -455,11 +455,11 @@
|
|||
"xdph": "xdph"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1674039296,
|
||||
"narHash": "sha256-VkhsLIKY/evIu/FRB9ughThrjva0YfJ8N8C0IYCJRPg=",
|
||||
"lastModified": 1674054764,
|
||||
"narHash": "sha256-00cRYxCYmZvncLyCsVYrhQsCzFnjkZi+23TC2FpQU/U=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "Hyprland",
|
||||
"rev": "32c11bb212dd88e4fe8e573f35649448f7d8911c",
|
||||
"rev": "428063ff2304962387803fd59e5da8b9b82710cc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -770,11 +770,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1673954326,
|
||||
"narHash": "sha256-oAKwsXTptcY6gRCBxJlZ+W1BrZHNr9a28+4fQMLuRu0=",
|
||||
"lastModified": 1674101896,
|
||||
"narHash": "sha256-xWLaexT6IHhOJru54wrOMeBbkKeJzOZ4Pqrxctf82q0=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8fc3a1dcc98d3603221d4afd239e666eeedb6141",
|
||||
"rev": "a841e262264e48722dccc8469f066068146e406b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -786,11 +786,11 @@
|
|||
},
|
||||
"nixpkgs_22-11": {
|
||||
"locked": {
|
||||
"lastModified": 1673800717,
|
||||
"narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=",
|
||||
"lastModified": 1673957332,
|
||||
"narHash": "sha256-njH7Szk1BLVWGMw7IRibgGejSlxXHj9saZHfH20gHdk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
|
||||
"rev": "b83e7f5a04a3acc8e92228b0c4bae68933d504eb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -840,11 +840,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1673912429,
|
||||
"narHash": "sha256-1HnrX/nFD1GqfU3S7He+J5v+DbZ6rLa//DNYOwIZeCU=",
|
||||
"lastModified": 1674125115,
|
||||
"narHash": "sha256-k22iBAgchS0pvFJu1gVhw/6fVbmOngtgYAGpRbL55qw=",
|
||||
"owner": "pta2002",
|
||||
"repo": "nixvim",
|
||||
"rev": "d0910a6ddba8f3ad2079243a5cb4480739cb00e1",
|
||||
"rev": "3f9effc575cabe61b7a9539ce550484049fe5c68",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -855,11 +855,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1674046168,
|
||||
"narHash": "sha256-5ffayoK//QsJYYhq0roW47e+ogz2AdV0+dKgvhG4FRM=",
|
||||
"lastModified": 1674117493,
|
||||
"narHash": "sha256-3X7K7CfTshJUMlUxGI2I2SJqKg9S1OFw4HhtYCe/vnw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "87d0c5acda6b08d96134dc2c7c96f0e6e38e8375",
|
||||
"rev": "00120bd037350362ad270e536d3cfd5efd404228",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1101,11 +1101,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1673428169,
|
||||
"narHash": "sha256-b6y1bjIchI9FNDXTgyFT1FVHIhgrnbFhBEvyPCSt/kI=",
|
||||
"lastModified": 1674127129,
|
||||
"narHash": "sha256-LKAyyZB2/G7XFs3ZiFGQMuI5VhyT3sJQaWTP9q/TdWo=",
|
||||
"owner": "serokell",
|
||||
"repo": "vault-secrets",
|
||||
"rev": "e20e124551d1ab2f9445033e0596e9daf7d23b5e",
|
||||
"rev": "5495c3fde2294e8f02751988e5a7fcb06a92e9cc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- services
|
||||
- websites
|
||||
|
|
4
flux/olympus/apps/services/kustomization.yaml
Normal file
4
flux/olympus/apps/services/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- renovate
|
21
flux/olympus/apps/services/renovate/external-secret.yaml
Normal file
21
flux/olympus/apps/services/renovate/external-secret.yaml
Normal file
|
@ -0,0 +1,21 @@
|
|||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: renovate
|
||||
namespace: services
|
||||
spec:
|
||||
refreshInterval: "5m"
|
||||
secretStoreRef:
|
||||
name: vault
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: renovate
|
||||
data:
|
||||
- secretKey: RENOVATE_TOKEN
|
||||
remoteRef:
|
||||
key: gitops/renovate
|
||||
property: gitea_token
|
||||
- secretKey: GITHUB_COM_TOKEN
|
||||
remoteRef:
|
||||
key: gitops/renovate
|
||||
property: github_token
|
5
flux/olympus/apps/services/renovate/kustomization.yaml
Normal file
5
flux/olympus/apps/services/renovate/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- external-secret.yaml
|
||||
- renovate-infrastructure.yaml
|
113
flux/olympus/apps/services/renovate/renovate-infrastructure.yaml
Normal file
113
flux/olympus/apps/services/renovate/renovate-infrastructure.yaml
Normal file
|
@ -0,0 +1,113 @@
|
|||
---
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: renovate-infrastructure
|
||||
namespace: services
|
||||
spec:
|
||||
schedule: "@hourly"
|
||||
concurrencyPolicy: Forbid
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: renovate-config
|
||||
- name: work-volume
|
||||
emptyDir: {}
|
||||
containers:
|
||||
- name: renovate
|
||||
image: renovate/renovate:32.135
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /opt/renovate/
|
||||
- name: work-volume
|
||||
mountPath: /tmp/renovate/
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: debug
|
||||
- name: RENOVATE_ENDPOINT
|
||||
value: "https://git.0x76.dev/api/v1/"
|
||||
- name: RENOVATE_PLATFORM
|
||||
value: gitea
|
||||
- name: RENOVATE_AUTODISCOVER
|
||||
value: "false"
|
||||
- name: RENOVATE_GIT_AUTHOR
|
||||
value: "Renovate Bot <renovate@xirion.net>"
|
||||
- name: RENOVATE_CONFIG_FILE
|
||||
value: "/opt/renovate/config.js"
|
||||
- name: RENOVATE_BASE_DIR
|
||||
value: "/tmp/renovate"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: renovate
|
||||
restartPolicy: Never
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: renovate-config
|
||||
namespace: gitops
|
||||
data:
|
||||
config.js: |-
|
||||
module.exports = {
|
||||
"binarySource": "install",
|
||||
"repositories": ["v/infrastructure"],
|
||||
"flux": {
|
||||
"fileMatch": ["flux/.+\\.ya?ml$"]
|
||||
},
|
||||
"helm-values": {
|
||||
"fileMatch": ["flux/.+\\.ya?ml$"]
|
||||
},
|
||||
"kubernetes": {
|
||||
"fileMatch": ["flux/.+\\.ya?ml$"]
|
||||
},
|
||||
"hostRules": [
|
||||
{
|
||||
"hostType": "docker",
|
||||
"matchHost": "ghcr.io",
|
||||
"username": "NULLx76",
|
||||
"password": process.env.GITHUB_COM_TOKEN
|
||||
}
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"automerge": true,
|
||||
"automergeType": "branch",
|
||||
"matchPackageNames": [
|
||||
"renovate/renovate"
|
||||
]
|
||||
}
|
||||
],
|
||||
// ignore individual fluxcd images
|
||||
"ignoreDeps": [
|
||||
"ghcr.io/fluxcd/helm-controller",
|
||||
"ghcr.io/fluxcd/image-automation-controller",
|
||||
"ghcr.io/fluxcd/image-reflector-controller",
|
||||
"ghcr.io/fluxcd/kustomize-controller",
|
||||
"ghcr.io/fluxcd/notification-controller",
|
||||
"ghcr.io/fluxcd/source-controller"
|
||||
],
|
||||
"regexManagers": [
|
||||
{
|
||||
"fileMatch": [
|
||||
"flux/cluster/crds/traefik/.+\\.ya?ml$"
|
||||
],
|
||||
"matchStrings": [
|
||||
"registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n *tag: v(?<currentValue>.*)\n"
|
||||
],
|
||||
"datasourceTemplate": "helm"
|
||||
},
|
||||
{
|
||||
"fileMatch": [
|
||||
"flux/cluster/crds/external-secrets/.+\\.ya?ml$"
|
||||
],
|
||||
"matchStrings": [
|
||||
"registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n *tag: helm-chart-(?<currentValue>.*)\n"
|
||||
],
|
||||
"datasourceTemplate": "helm"
|
||||
},
|
||||
]
|
||||
};
|
|
@ -3,3 +3,4 @@ kind: Kustomization
|
|||
resources:
|
||||
- websites.yaml
|
||||
- security.yaml
|
||||
- services.yaml
|
||||
|
|
5
flux/olympus/core/namespaces/services.yaml
Normal file
5
flux/olympus/core/namespaces/services.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: services
|
|
@ -11,7 +11,11 @@ in {
|
|||
home.homeDirectory = "/home/victor";
|
||||
home.stateVersion = "23.05";
|
||||
|
||||
imports = [ ./dconf.nix ./theme.nix ./neovim.nix ];
|
||||
imports = [
|
||||
./dconf.nix
|
||||
./theme.nix
|
||||
# ./neovim.nix
|
||||
];
|
||||
|
||||
home.packages = with pkgs; [
|
||||
btop
|
||||
|
|
|
@ -44,6 +44,7 @@
|
|||
lsp = {
|
||||
enable = true;
|
||||
servers.rust-analyzer.enable = true;
|
||||
servers.sumneko_lua.enable = false;
|
||||
servers.rnix-lsp.enable = true;
|
||||
servers.pyright.enable = true;
|
||||
servers.elixirls.enable = true;
|
||||
|
|
Loading…
Reference in a new issue