{ config, pkgs, ... }:

{
  age.secrets.renovate-gitea-token.file = ./renovate-gitea-token.age;
  age.secrets.renovate-github-token.file = ./renovate-github-token.age;

  systemd.services.renovate-clear-cache = {
    script = ''
      set -eu
      ${pkgs.coreutils}/bin/rm -rf /var/cache/private/renovate /var/lib/renovate
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "root";
    };
    startAt = "3:00";
  };

  services.renovate = {
    enable = true;
    package = pkgs.unstable.renovate;
    schedule = "0..2,10..23:00";
    credentials = {
      RENOVATE_TOKEN = config.age.secrets.renovate-gitea-token.path;
      GITHUB_COM_TOKEN = config.age.secrets.renovate-github-token.path;
    };
    runtimePackages = with pkgs.unstable; [
      pnpm_9
      python312
      poetry
      gnumake
      cargo
    ];
    settings = {
      platform = "gitea";
      endpoint = "https://git.pleshevski.ru";
      assignees = [ "pleshevskiy" ];
      autodiscover = true;
      automergeStrategy = "fast-forward";
      onboardingConfig = {
        "$schema" = "https://docs.renovatebot.com/renovate-schema.json";
      };
      globalExtends = [
        "npm:unpublishSafe"
        "config:best-practices"
        ":configMigration"
        ":automergeMinor"
        ":automergeRequireAllStatusChecks"
      ];

      cacheHardTtlMinutes = 30;
      httpCacheTtlDays = 1;
    };
  };

  # systemd.services.renovate.environment.LOG_LEVEL = "debug";
}