renovate(role): introduce first basic Renovate role

Sets up Renovate using Docker and systemd service and timer to run
regularly.
Also add accompanying host group and playbook play.

roles/renovate/tasks/main.yaml

@@ -0,0 +1,46 @@
+- name: ensure renovate config directory exists
+  ansible.builtin.file:
+    path: /etc/renovate
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+  become: true
+
+- name: ensure renovate config
+  ansible.builtin.copy:
+    content: "{{ renovate__config }}"
+    dest: /etc/renovate/config.js
+    owner: root
+    group: root
+    mode: "0640"
+  become: true
+
+- name: ensure systemd service exists
+  ansible.builtin.copy:
+    src: renovate.service
+    dest: /etc/systemd/system/renovate.service
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify:
+    - systemd daemon reload
+
+- name: ensure systemd timer exists
+  ansible.builtin.copy:
+    src: renovate.timer
+    dest: /etc/systemd/system/renovate.timer
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify:
+    - systemd daemon reload
+
+- name: ensure systemd timer is started and enabled
+  ansible.builtin.systemd_service:
+    name: renovate.timer
+    state: started
+    enabled: true
+  become: true