feat: Add systemd timer support for scheduled Renovate runs

- Add renovate.service systemd unit file
- Add renovate.timer to run daily at 02:00 with 30min random delay
- Change default restart_policy from "unless-stopped" to "no"

The container no longer auto-restarts. Use the systemd timer to
schedule runs:

  cp files/renovate.service /etc/systemd/system/
  cp files/renovate.timer /etc/systemd/system/
  systemctl daemon-reload
  systemctl enable --now renovate.timer

files/renovate.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Renovate Bot - Automated Dependency Updates
+After=docker.service
+Requires=docker.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/docker start -a renovate
+ExecStop=/usr/bin/docker stop renovate
+TimeoutStartSec=0
+TimeoutStopSec=120
+
+# Logging
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=renovate
+
+[Install]
+WantedBy=multi-user.target

files/renovate.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Renovate Bot Timer - Run daily at 02:00
+
+[Timer]
+OnCalendar=*-*-* 02:00:00
+Persistent=true
+RandomizedDelaySec=1800
+
+[Install]
+WantedBy=timers.target

variables.tf

@@ -17,7 +17,7 @@ variable "renovate_image" {
 variable "restart_policy" {
   description = "Restart policy for the container (no, on-failure, always, unless-stopped)"
   type        = string
-  default     = "unless-stopped"
+  default     = "no"
 }
 
 # Resource Limits