From 1a74e05a7c3622292784053bb97f97e58f5e1b1c Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 1 Jan 2022 22:58:03 +0000 Subject: [PATCH] Create a dedicated machine for renovate This way it can do what it wants with docker. Because apparently it's very picky about how it's setup --- ansible/group_vars/all/pve.yml | 2 ++ ansible/hosts | 1 + ansible/main.yml | 6 ++++- ansible/roles/renovate/files/config.js | 6 ++++- .../roles/renovate/files/docker-compose.yml | 25 ++++++++++++++----- ansible/roles/renovate/tasks/main.yml | 4 +-- 6 files changed, 34 insertions(+), 10 deletions(-) diff --git a/ansible/group_vars/all/pve.yml b/ansible/group_vars/all/pve.yml index 7cbd82c..b337803 100644 --- a/ansible/group_vars/all/pve.yml +++ b/ansible/group_vars/all/pve.yml @@ -21,3 +21,5 @@ pve_hosts: ip: 192.168.2.203 qbittorrent: ip: 10.23.1.105 + renovate: + ip: 10.23.1.110 diff --git a/ansible/hosts b/ansible/hosts index b0ed8e8..f58da32 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -14,3 +14,4 @@ qbittorrent restic pve-gitlab pve-gitlab-runner +renovate diff --git a/ansible/main.yml b/ansible/main.yml index d72e7b7..00f46f1 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -32,6 +32,7 @@ - pve-gitlab-runner - grimes - decker + - renovate roles: - role: geerlingguy.docker become: true @@ -56,7 +57,6 @@ - pve_nebula_route - privatebin - vaultwarden - - renovate - hosts: ingress roles: @@ -122,3 +122,7 @@ - nebula - restic - uptime_kuma + +- hosts: renovate + roles: + - renovate diff --git a/ansible/roles/renovate/files/config.js b/ansible/roles/renovate/files/config.js index 731a916..7d0b643 100644 --- a/ansible/roles/renovate/files/config.js +++ b/ansible/roles/renovate/files/config.js @@ -7,5 +7,9 @@ module.exports = { onboarding: false, redisUrl: 'redis://redis', repositoryCache: 'enabled', - persistRepoData: true + persistRepoData: true, + binarySource: "docker", + dockerUser: "{{ docker_user.id }}", + baseDir: "/opt/renovate/renovate", + cacheDir: "/opt/renovate/renovate/cache" }; diff --git a/ansible/roles/renovate/files/docker-compose.yml b/ansible/roles/renovate/files/docker-compose.yml index 568b819..b46f20b 100644 --- a/ansible/roles/renovate/files/docker-compose.yml +++ b/ansible/roles/renovate/files/docker-compose.yml @@ -2,22 +2,35 @@ version: "2.3" services: renovate: image: renovate/renovate:31-slim - user: "{{ docker_user.id }}" command: /entrypoint.sh + user: "{{ docker_user.id }}" environment: - TZ={{ TZ }} - GITHUB_COM_TOKEN={{ renovate_github_token }} + - DOCKER_HOST=tcp://docker_proxy:2375 + - LOG_LEVEL=debug # Noisy, but required for debugging restart: unless-stopped depends_on: - redis - tmpfs: - - /tmp + - docker_proxy volumes: - - "{{ app_data_dir }}/renovate/config.js:/usr/src/app/config.js:ro" - - "{{ app_data_dir }}/renovate/entrypoint.sh:/entrypoint.sh:ro" + - ./config.js:/usr/src/app/config.js:ro + - ./entrypoint.sh:/entrypoint.sh:ro + - /opt/renovate/renovate:/opt/renovate/renovate # These must be the same redis: image: redis:6-alpine restart: unless-stopped volumes: - - /mnt/tank/dbs/redis/renovate:/data + - ./redis:/data + + docker_proxy: + image: tecnativa/docker-socket-proxy:latest + restart: unless-stopped + environment: + - POST=1 + - CONTAINERS=1 + - INFO=1 + - IMAGES=1 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro diff --git a/ansible/roles/renovate/tasks/main.yml b/ansible/roles/renovate/tasks/main.yml index dc065c7..1dfff88 100644 --- a/ansible/roles/renovate/tasks/main.yml +++ b/ansible/roles/renovate/tasks/main.yml @@ -22,7 +22,7 @@ - name: Install config file template: src: files/config.js - dest: "{{ app_data_dir }}/renovate/config.js" + dest: /opt/renovate/config.js mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: restart renovate @@ -31,7 +31,7 @@ - name: Install custom entrypoint template: src: files/entrypoint.sh - dest: "{{ app_data_dir }}/renovate/entrypoint.sh" + dest: /opt/renovate/entrypoint.sh mode: "0755" owner: "{{ docker_user.name }}" notify: restart renovate