renovate(role): introduce first basic Renovate role

Sets up Renovate using Docker and systemd service and timer to run regularly. Also add accompanying host group and playbook play.
2025-10-16 17:42:13 +02:00 · 2025-10-16 17:42:13 +02:00 · 8388657d33
commit 8388657d33
parent dce4e7c4d4
9 changed files with 95 additions and 0 deletions
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@ -195,3 +195,5 @@ ansible_pull_hosts:
    wiki:
 msmtp_hosts:
  hosts:
 renovate_hosts:
  hosts:
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@ -88,5 +88,10 @@
  roles:
    - msmtp
 - name: Ensure Renovate is setup on renovate_hosts
  hosts: renovate_hosts
  roles:
    - renovate
 - name: Run ensure_eh22_styleguide_dir Playbook
  ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml
--- a/roles/renovate/README.md
+++ b/roles/renovate/README.md
@ -0,0 +1,11 @@
 # Role `renovate`
 A role for setting up [Renovate](https://docs.renovatebot.com/).
 ## Supported Distributions
 Should work on Debian-based distributions.
 ## Required Arguments
 - `renovate__config`: The Renovate config to deploy.
--- a/roles/renovate/files/renovate.service
+++ b/roles/renovate/files/renovate.service
@ -0,0 +1,10 @@
 [Unit]
 Description=renovate
 After=network-online.target
 Wants=network-online.target
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/docker run --rm \
    -v "/etc/renovate/config.js:/usr/src/app/config.js" \
    renovate/renovate
--- a/roles/renovate/files/renovate.timer
+++ b/roles/renovate/files/renovate.timer
@ -0,0 +1,8 @@
 [Unit]
 Description=renovate running every 15 minutes
 [Timer]
 OnCalendar=*-*-* *:00,15,30,45:00
 [Install]
 WantedBy=timers.target
--- a/roles/renovate/handlers/main.yaml
+++ b/roles/renovate/handlers/main.yaml
@ -0,0 +1,4 @@
 - name: systemd daemon reload
  ansible.builtin.systemd_service:
    daemon_reload: true
  become: true
--- a/roles/renovate/meta/argument_specs.yaml
+++ b/roles/renovate/meta/argument_specs.yaml
@ -0,0 +1,6 @@
 argument_specs:
  main:
    options:
      renovate__config:
        type: str
        required: true
--- a/roles/renovate/meta/main.yaml
+++ b/roles/renovate/meta/main.yaml
@ -0,0 +1,3 @@
 ---
 dependencies:
  - role: docker
--- a/roles/renovate/tasks/main.yaml
+++ b/roles/renovate/tasks/main.yaml
@ -0,0 +1,46 @@
 - name: ensure renovate config directory exists
  ansible.builtin.file:
    path: /etc/renovate
    state: directory
    owner: root
    group: root
    mode: "0755"
  become: true
 - name: ensure renovate config
  ansible.builtin.copy:
    content: "{{ renovate__config }}"
    dest: /etc/renovate/config.js
    owner: root
    group: root
    mode: "0640"
  become: true
 - name: ensure systemd service exists
  ansible.builtin.copy:
    src: renovate.service
    dest: /etc/systemd/system/renovate.service
    owner: root
    group: root
    mode: "0644"
  become: true
  notify:
    - systemd daemon reload
 - name: ensure systemd timer exists
  ansible.builtin.copy:
    src: renovate.timer
    dest: /etc/systemd/system/renovate.timer
    owner: root
    group: root
    mode: "0644"
  become: true
  notify:
    - systemd daemon reload
 - name: ensure systemd timer is started and enabled
  ansible.builtin.systemd_service:
    name: renovate.timer
    state: started
    enabled: true
  become: true