Congrats on the new gig! Six figures has a nice ring to it!

Here are some tips about salary negotiations:

• https://twitter.com/GergelyOrosz/status/1392090746988208128?lang=en
• https://www.getrichslowly.org/salary-negotiation/
• https://blog.pragmaticengineer.com/equity-for-software-engineers/
• https://github.com/petermekhaeil/salary-negotiating

This is definitely an over-engineered setup…

I store my Docker Compose files in an internal-only git repo (hosted on Gitea).

Drone is my CI/CD system, and I use Renovatebot to look for updates to container tags (never pull latest). My workflow is this:

1. Renovatebot runs once a night (at midnight) via Drone in a Docker container (I’ve written about this here). If a new image tag is found, it opens a PR in Gitea.
2. I manually log in to Gitea and approve the PR.
3. The PR approval (merging to master) kicks off a Drone workflow that does the following:
   • Runs an Alpine Linux container
   • SSHes from the Alpine Linux container into my Docker host
   • Runs a script (on the Docker host) that basically runs git pull, then docker compose -f "$D" pull and then docker compose -f "$D" up -d.
   • If there is a failure, Drone emails me

I’ve written about step 3 here.

This means I never manually update Docker Compose files, I let Renovate manage everything, I approve PRs, then I walk away and let the scripts run.

I also run a single-node K3s cluster that is hosted on GitHub. Again, using Renovate to open PRs, and I run Flux so watch for changes to master, which then redeploys applications.