Create a dedicated machine for renovate

This way it can do what it wants with docker. Because apparently it's very picky about how it's setup
2022-01-01 22:58:03 +00:00 · 2022-01-01 22:58:03 +00:00 · 1a74e05a7c
commit 1a74e05a7c
parent 78b0161585
6 changed files with 34 additions and 10 deletions
--- a/ansible/group_vars/all/pve.yml
+++ b/ansible/group_vars/all/pve.yml
@ -21,3 +21,5 @@ pve_hosts:
    ip: 192.168.2.203
  qbittorrent:
    ip: 10.23.1.105
+  renovate:
+    ip: 10.23.1.110
--- a/ansible/hosts
+++ b/ansible/hosts
@ -14,3 +14,4 @@ qbittorrent
 restic
 pve-gitlab
 pve-gitlab-runner
+renovate
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -32,6 +32,7 @@
    - pve-gitlab-runner
    - grimes
    - decker
+    - renovate
  roles:
    - role: geerlingguy.docker
      become: true
@ -56,7 +57,6 @@
    - pve_nebula_route
    - privatebin
    - vaultwarden
-    - renovate

 - hosts: ingress
  roles:
@ -122,3 +122,7 @@
    - nebula
    - restic
    - uptime_kuma
+
+- hosts: renovate
+  roles:
+    - renovate
--- a/ansible/roles/renovate/files/config.js
+++ b/ansible/roles/renovate/files/config.js
@ -7,5 +7,9 @@ module.exports = {
  onboarding: false,
  redisUrl: 'redis://redis',
  repositoryCache: 'enabled',
-  persistRepoData: true
+  persistRepoData: true,
+  binarySource: "docker",
+  dockerUser: "{{ docker_user.id }}",
+  baseDir: "/opt/renovate/renovate",
+  cacheDir: "/opt/renovate/renovate/cache"
 };
--- a/ansible/roles/renovate/files/docker-compose.yml
+++ b/ansible/roles/renovate/files/docker-compose.yml
@ -2,22 +2,35 @@ version: "2.3"
 services:
  renovate:
    image: renovate/renovate:31-slim
-    user: "{{ docker_user.id }}"
    command: /entrypoint.sh
+    user: "{{ docker_user.id }}"
    environment:
      - TZ={{ TZ }}
      - GITHUB_COM_TOKEN={{ renovate_github_token }}
+      - DOCKER_HOST=tcp://docker_proxy:2375
+      - LOG_LEVEL=debug  # Noisy, but required for debugging
    restart: unless-stopped
    depends_on:
      - redis
-    tmpfs:
-      - /tmp
+      - docker_proxy
    volumes:
-      - "{{ app_data_dir }}/renovate/config.js:/usr/src/app/config.js:ro"
-      - "{{ app_data_dir }}/renovate/entrypoint.sh:/entrypoint.sh:ro"
+      - ./config.js:/usr/src/app/config.js:ro
+      - ./entrypoint.sh:/entrypoint.sh:ro
+      - /opt/renovate/renovate:/opt/renovate/renovate  # These must be the same

  redis:
    image: redis:6-alpine
    restart: unless-stopped
    volumes:
-      - /mnt/tank/dbs/redis/renovate:/data
+      - ./redis:/data
+
+  docker_proxy:
+    image: tecnativa/docker-socket-proxy:latest
+    restart: unless-stopped
+    environment:
+      - POST=1
+      - CONTAINERS=1
+      - INFO=1
+      - IMAGES=1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
--- a/ansible/roles/renovate/tasks/main.yml
+++ b/ansible/roles/renovate/tasks/main.yml
@ -22,7 +22,7 @@
 - name: Install config file
  template:
    src: files/config.js
-    dest: "{{ app_data_dir }}/renovate/config.js"
+    dest: /opt/renovate/config.js
    mode: "{{ docker_compose_file_mask }}"
    owner: "{{ docker_user.name }}"
  notify: restart renovate
@ -31,7 +31,7 @@
 - name: Install custom entrypoint
  template:
    src: files/entrypoint.sh
-    dest: "{{ app_data_dir }}/renovate/entrypoint.sh"
+    dest: /opt/renovate/entrypoint.sh
    mode: "0755"
    owner: "{{ docker_user.name }}"
  notify: restart renovate