Initial setup of renovate bot

ansible/main.yml

@@ -18,3 +18,4 @@
     - nextcloud
     - tautulli
     - gitea
+    - renovate

ansible/roles/renovate/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: Create install directory
+  file:
+    path: "{{ install_directory }}/{{ role_name }}"
+    state: directory
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Copy docker-compose file to destination
+  template:
+    src: docker-compose.yml
+    dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+    validate: docker-compose -f %s config
+  become: true
+
+- name: Copy config.js to destination
+  template:
+    src: config.js
+    dest: "{{ install_directory }}/renovate/config.js"
+    mode: "{{ docker_compose_file_mask }}"
+  become: true
+
+- name: Start docker container
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/{{ role_name }}"
+    pull: true
+    remove_orphans: yes

ansible/roles/renovate/templates/config.js

@@ -0,0 +1,14 @@
+module.exports = {
+  endpoint: "git.{{ personal_domain }}/api/v2",
+  token: '{{ renovate_gitea_token }}',
+  platform: 'gitea',
+  dryRun: true,
+  autodiscover: true,
+  onboarding: false,
+  redisUrl: 'redis://redis',
+  repositoryCache: 'enabled',
+  persistRepoData: true,
+  binarySource: "docker",
+  dockerUser: "{{ primary_uid }}",
+  baseDir: "{{ data_dir }}/renovate",
+};

ansible/roles/renovate/templates/docker-compose.yml

@@ -0,0 +1,27 @@
+version: "{{ docker_compose_version }}"
+
+networks:
+  docker-socket-proxy:
+    external: true
+
+services:
+  renovate:
+    container_name: renovate
+    image: renovate/renovate:slim
+    restart: unless-stopped
+    depends_on:
+      - redis
+    networks:
+      - docker-socket-proxy
+    user: "{{ service_user.uid }}:{{ service_user.group }}"
+    environment:
+      - TZ={{ timezone }}
+      - DOCKER_HOST=tcp://docker_socket_proxy:2375
+      - "RENOVATE_TOKEN={{ renovate_gitea_token }}"
+    volumes:
+      - "{{ data_dir }}/renovate:/{{ data_dir }}/renovate" # These must be the same
+      - ./config.js:/usr/src/app/config.js:ro
+
+  redis:
+    image: redis:7-alpine
+    restart: unless-stopped

ansible/roles/renovate/vars/main.yml

@@ -0,0 +1,8 @@
+renovate_gitea_token: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  61383064643566343633633962376238346137633933643634353564316266656338333665613235
+  3230613339633561313064393163393537623763393336300a383332626538376335613763313439
+  64326566393761666266303438313435346535626231376661653863663664623839663431363632
+  6434306532613065650a636562663030363162396435346262353839653736343530393365633331
+  65366534333234353239376566326234666566303038396661343137316265306433313235366530
+  6164656437346131376165613136363161646437343038393266

ansible/roles/traefik/tasks/main.yml

@@ -2,6 +2,10 @@
   community.docker.docker_network:
     name: traefik
 
+- name: Create docker network for Docker Socket Proxy
+  community.docker.docker_network:
+    name: docker-socket-proxy
+
 - name: Create install directory
   file:
     path: "{{ install_directory }}/traefik"

ansible/roles/traefik/templates/docker-compose.yml

@@ -4,14 +4,15 @@ networks:
   traefik:
     external: true
   docker-socket-proxy:
-    external: false
+    external: true
 
 services:
   traefik:
     container_name: traefik
     image: traefik:v2.9
     depends_on:
-      - docker_socket_proxy
+      docker_socket_proxy:
+        condition: service_healthy
     networks:
       - traefik
       - docker-socket-proxy
@@ -30,6 +31,7 @@ services:
       traefik.http.routers.traefik-dashboard.middlewares: lan-whitelist@file
 
   docker_socket_proxy:
+    container_name: docker_socket_proxy
     image: tecnativa/docker-socket-proxy:latest
     restart: unless-stopped
     networks:
@@ -40,3 +42,6 @@ services:
       - INFO=1
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
+    healthcheck:
+      test: "exit 0"
+      start_period: 5s