From 7e73d346ce0b401311d2ffe2e57031d757857b69 Mon Sep 17 00:00:00 2001
From: kjuulh <contact@kjuulh.io>
Date: Sat, 13 May 2023 02:58:39 +0200
Subject: [PATCH] fix(hosts): update ansible_host IP address to use internal IP
 for better security The ansible_host IP address is changed from the public IP
 to the internal IP (10.0.9.9) to improve security by using internal
 networking for communication.

feat(renovate/tasks/main.yml): add renovate clean cron job to maintain a clean environment
A new cron job is added to run twice daily at 2 AM and 2 PM. This job will clean up the environment by running `docker-compose down -v --remove-orphans` and then starting the services again with `docker-compose up -d`. The output is logged to /var/log/renovate-clean.log for monitoring purposes. This ensures a clean environment and helps prevent potential issues caused by stale or orphaned containers.
---
 hosts                               | 4 ++--
 roles/repos/renovate/tasks/main.yml | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hosts b/hosts
index 7db02ca..28c10e0 100644
--- a/hosts
+++ b/hosts
@@ -1,5 +1,5 @@
 [bespoke]
-renovate  ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=5.75.254.153 wireguard_peer_ip=10.0.9.9
+renovate  ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9 wireguard_peer_ip=10.0.9.9
 
 [renovate]
-renovate  ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=5.75.254.153 wireguard_peer_ip=10.0.9.9
+renovate  ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9 wireguard_peer_ip=10.0.9.9
diff --git a/roles/repos/renovate/tasks/main.yml b/roles/repos/renovate/tasks/main.yml
index f4a0141..77b23b5 100644
--- a/roles/repos/renovate/tasks/main.yml
+++ b/roles/repos/renovate/tasks/main.yml
@@ -24,3 +24,11 @@
   docker_compose:
     project_src: ~/git/git.front.kjuulh.io/kjuulh/renovate/
   when: compose_file_stat.stat.exists and github_env_stat.stat.exists and env_stat.stat.exists
+
+- name: renovate clean cron job
+  cron:
+    name: renovate clean cronjob
+    user: "root"
+    minute: "0"
+    hour: "2,14"
+    job: "docker-compose -f ~/git/git.front.kjuulh.io/kjuulh/renovate/docker-compose.yaml down -v --remove-orphans && docker-compose -f ~/git/git.front.kjuulh.io/kjuulh/renovate/docker-compose.yaml up -d >> /var/log/renovate-clean.log 2>&1"