stonehenge: install marge bot and renovate bot

2026-02-13 20:40:27 -03:00 · 2026-02-13 20:40:27 -03:00 · afe1dc40fc
commit afe1dc40fc
parent b6415a9d8f
11 changed files with 894 additions and 2 deletions
--- a/hosts/stonehenge/renovate-bot.nix
+++ b/hosts/stonehenge/renovate-bot.nix
@ -0,0 +1,49 @@
+{ config, pkgs, ... }:
+let
+  cfg = config.services.renovate-bot;
+  s = config.sops.secrets;
+in
+{
+  services.renovate-bot = {
+    enable = true;
+    schedule = "*-*-* *:00:00";
+    logLevel = "info";
+
+    platform = "gitlab";
+    endpoint = "https://gitlab.wopus.dev/api/v4";
+    tokenFile = s."renovate-bot/token".path;
+    envFile = s."renovate-bot/env".path;
+
+    extraPackages = with pkgs; [
+      nodejs
+      rustc
+      cargo
+      php
+      phpPackages.composer
+    ];
+
+    settings = {
+      autodiscover = true;
+      labels = [ "renovate" ];
+      rebaseWhen = "conflicted";
+
+      cacheDir = "/var/lib/renovate-bot/cache";
+      persistRepoData = true;
+      prConcurrentLimit = 2;
+      branchConcurrentLimit = 2;
+    };
+  };
+
+  sops.secrets."renovate-bot/token" = {
+    owner = cfg.user;
+    group = cfg.group;
+    mode = "0400";
+    sopsFile = ../../secrets/stonehenge/default.yaml;
+  };
+  sops.secrets."renovate-bot/env" = {
+    owner = cfg.user;
+    group = cfg.group;
+    mode = "0400";
+    sopsFile = ../../secrets/stonehenge/default.yaml;
+  };
+}