CCCHH/ansible-infra
CCCHH/ansible-infra
3
2
Fork 2
Code Issues 7 Pull requests 4 Wiki Activity Actions

don't pin digests anymore
Some checks failed
/ Ansible Lint (push) Failing after 1m24s
Details

Browse source 
The benefit of digest pinning isn't that great for this project really
and it comes at the cost of more issues and additional renovate noise,
so just don't anymore.
Adjust renovate config accordingly as well.
This commit is contained in:
June 2025-11-18 13:50:44 +01:00
commit 0526a15e06
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
12 changed files with 37 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.forgejo/workflows/lint.yaml
View file

@ -10,7 +10,7 @@ jobs:
name: Ansible Lint name: Ansible Lint
runs-on: docker runs-on: docker
steps: steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - uses: actions/checkout@v5
- name: Install pip - name: Install pip
run: | run: |
apt update apt update
@ -24,7 +24,7 @@ jobs:
# work in our environmnet. # work in our environmnet.
# Rather manually setup python (pip) before instead. # Rather manually setup python (pip) before instead.
- name: Run ansible-lint - name: Run ansible-lint
uses: https://github.com/ansible/ansible-lint@d7cd7cfa2469536527aceaef9ef2ec6f2fb331cb # v25.9.2 uses: https://github.com/ansible/ansible-lint@v25.9.2
with: with:
setup_python: "false" setup_python: "false"
requirements_file: "requirements.yml" requirements_file: "requirements.yml"

16
renovate.json
View file

@ -1,13 +1,17 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "extends": [
"config:recommended", // Included in config:best-practices anyway, but added for clarity. "config:recommended",
"config:best-practices", // Parts from config:best-practices:
// https://docs.renovatebot.com/presets-config/#configbest-practices
":configMigration",
"abandonments:recommended",
"security:minimumReleaseAgeNpm",
":ignoreUnstable", ":ignoreUnstable",
":disableRateLimiting", ":disableRateLimiting",
":rebaseStalePrs", ":rebaseStalePrs",
":label(renovate)", ":label(renovate)",
"group:allDigest"
], ],
"semanticCommits": "disabled", "semanticCommits": "disabled",
"packageRules": [ "packageRules": [
@ -28,12 +32,6 @@
"matchDatasources": ["docker"], "matchDatasources": ["docker"],
"matchPackageNames": ["docker.io/pretix/standalone"], "matchPackageNames": ["docker.io/pretix/standalone"],
"versioning": "regex:^(?<major>\\d+\\.\\d+)(?:\\.(?<minor>\\d+))$" "versioning": "regex:^(?<major>\\d+\\.\\d+)(?:\\.(?<minor>\\d+))$"
},
// Since Forgejo seems to clean up older tag versions, so older digests, disable digest pinning for our images.
{
"matchDatasources": ["docker"],
"matchPackageNames": ["git.hamburg.ccc.de/*"],
"pinDigests": false
} }
], ],
"customManagers": [ "customManagers": [

4
resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
View file

@ -3,7 +3,7 @@
services: services:
database: database:
image: docker.io/library/mariadb:11@sha256:ae6119716edac6998ae85508431b3d2e666530ddf4e94c61a10710caec9b0f71 image: docker.io/library/mariadb:11
environment: environment:
- "MARIADB_DATABASE=wordpress" - "MARIADB_DATABASE=wordpress"
- "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}" - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"
@ -17,7 +17,7 @@ services:
restart: unless-stopped restart: unless-stopped
app: app:
image: docker.io/library/wordpress:6-php8.1@sha256:75f79f9c45a587b283e47fd21c6e51077d0c9dbbba529377faaa0c28d5b8f5a4 image: docker.io/library/wordpress:6-php8.1
environment: environment:
- "WORDPRESS_DB_HOST=database" - "WORDPRESS_DB_HOST=database"
- "WORDPRESS_DB_NAME=wordpress" - "WORDPRESS_DB_NAME=wordpress"

18
resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
View file

@ -2,7 +2,7 @@
services: services:
prometheus: prometheus:
image: docker.io/prom/prometheus:v3.7.2@sha256:23031bfe0e74a13004252caaa74eccd0d62b6c6e7a04711d5b8bf5b7e113adc7 image: docker.io/prom/prometheus:v3.7.2
container_name: prometheus container_name: prometheus
command: command:
- '--config.file=/etc/prometheus/prometheus.yml' - '--config.file=/etc/prometheus/prometheus.yml'
@ -19,7 +19,7 @@ services:
- prom_data:/prometheus - prom_data:/prometheus
alertmanager: alertmanager:
image: docker.io/prom/alertmanager:v0.28.1@sha256:27c475db5fb156cab31d5c18a4251ac7ed567746a2483ff264516437a39b15ba image: docker.io/prom/alertmanager:v0.28.1
container_name: alertmanager container_name: alertmanager
command: command:
- '--config.file=/etc/alertmanager/alertmanager.yaml' - '--config.file=/etc/alertmanager/alertmanager.yaml'
@ -32,7 +32,7 @@ services:
- alertmanager_data:/alertmanager - alertmanager_data:/alertmanager
grafana: grafana:
image: docker.io/grafana/grafana:12.2.1@sha256:35c41e0fd0295f5d0ee5db7e780cf33506abfaf47686196f825364889dee878b image: docker.io/grafana/grafana:12.2.1
container_name: grafana container_name: grafana
ports: ports:
- 3000:3000 - 3000:3000
@ -46,7 +46,7 @@ services:
- graf_data:/var/lib/grafana - graf_data:/var/lib/grafana
pve-exporter: pve-exporter:
image: docker.io/prompve/prometheus-pve-exporter:3.5.5@sha256:79a5598906697b1a5a006d09f0200528a77c6ff1568faf018539ac65824454df image: docker.io/prompve/prometheus-pve-exporter:3.5.5
container_name: pve-exporter container_name: pve-exporter
ports: ports:
- 9221:9221 - 9221:9221
@ -59,7 +59,7 @@ services:
- /dev/null:/etc/prometheus/pve.yml - /dev/null:/etc/prometheus/pve.yml
loki: loki:
image: docker.io/grafana/loki:3.5.7@sha256:0eaee7bf39cc83aaef46914fb58f287d4f4c4be6ec96b86c2ed55719a75e49c8 image: docker.io/grafana/loki:3.5.7
container_name: loki container_name: loki
ports: ports:
- 13100:3100 - 13100:3100
@ -70,7 +70,7 @@ services:
- loki_data:/var/loki - loki_data:/var/loki
ntfy-alertmanager-ccchh-critical: ntfy-alertmanager-ccchh-critical:
image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b image: docker.io/xenrox/ntfy-alertmanager:0.5.0
container_name: ntfy-alertmanager-ccchh-critical container_name: ntfy-alertmanager-ccchh-critical
volumes: volumes:
- ./configs/ntfy-alertmanager-ccchh-critical:/etc/ntfy-alertmanager/config - ./configs/ntfy-alertmanager-ccchh-critical:/etc/ntfy-alertmanager/config
@ -79,7 +79,7 @@ services:
restart: unless-stopped restart: unless-stopped
ntfy-alertmanager-fux-critical: ntfy-alertmanager-fux-critical:
image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b image: docker.io/xenrox/ntfy-alertmanager:0.5.0
container_name: ntfy-alertmanager-fux-critical container_name: ntfy-alertmanager-fux-critical
volumes: volumes:
- ./configs/ntfy-alertmanager-fux-critical:/etc/ntfy-alertmanager/config - ./configs/ntfy-alertmanager-fux-critical:/etc/ntfy-alertmanager/config
@ -88,7 +88,7 @@ services:
restart: unless-stopped restart: unless-stopped
ntfy-alertmanager-ccchh: ntfy-alertmanager-ccchh:
image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b image: docker.io/xenrox/ntfy-alertmanager:0.5.0
container_name: ntfy-alertmanager-ccchh container_name: ntfy-alertmanager-ccchh
volumes: volumes:
- ./configs/ntfy-alertmanager-ccchh:/etc/ntfy-alertmanager/config - ./configs/ntfy-alertmanager-ccchh:/etc/ntfy-alertmanager/config
@ -97,7 +97,7 @@ services:
restart: unless-stopped restart: unless-stopped
ntfy-alertmanager-fux: ntfy-alertmanager-fux:
image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b image: docker.io/xenrox/ntfy-alertmanager:0.5.0
container_name: ntfy-alertmanager-fux container_name: ntfy-alertmanager-fux
volumes: volumes:
- ./configs/ntfy-alertmanager-fux:/etc/ntfy-alertmanager/config - ./configs/ntfy-alertmanager-fux:/etc/ntfy-alertmanager/config

2
resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
View file

@ -46,7 +46,7 @@ services:
- "8080:8080" - "8080:8080"
db: db:
image: docker.io/library/postgres:15.14@sha256:424e79b81868f5fc5cf515eaeac69d288692ebcca7db86d98f91b50d4bce64bb image: docker.io/library/postgres:15.14
restart: unless-stopped restart: unless-stopped
networks: networks:
- keycloak - keycloak

6
resources/chaosknoten/lists/docker_compose/compose.yaml
View file

@ -1,7 +1,7 @@
services: services:
mailman-core: mailman-core:
restart: unless-stopped restart: unless-stopped
image: docker.io/maxking/mailman-core:0.5@sha256:cb8e412bb18d74480f996da68f46e92473b6103995e71bc5aeba139b255cc3d2 # Use a specific version tag (tag latest is not published) image: docker.io/maxking/mailman-core:0.5 # Use a specific version tag (tag latest is not published)
container_name: mailman-core container_name: mailman-core
hostname: mailman-core hostname: mailman-core
volumes: volumes:
@ -25,7 +25,7 @@ services:
mailman-web: mailman-web:
restart: unless-stopped restart: unless-stopped
image: docker.io/maxking/mailman-web:0.5@sha256:014726db85586fb53541f66f6ce964bf07e939791cfd5ffc796cd6d243696a18 # Use a specific version tag (tag latest is not published) image: docker.io/maxking/mailman-web:0.5 # Use a specific version tag (tag latest is not published)
container_name: mailman-web container_name: mailman-web
hostname: mailman-web hostname: mailman-web
depends_on: depends_on:
@ -56,7 +56,7 @@ services:
- POSTGRES_DB=mailmandb - POSTGRES_DB=mailmandb
- POSTGRES_USER=mailman - POSTGRES_USER=mailman
- POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
image: docker.io/library/postgres:12-alpine@sha256:7c8f4870583184ebadf7f17a6513620aac5f365a7938dc6a6911c1d5df2f481a image: docker.io/library/postgres:12-alpine
volumes: volumes:
- /opt/mailman/database:/var/lib/postgresql/data - /opt/mailman/database:/var/lib/postgresql/data
networks: networks:

2
resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
View file

@ -1,7 +1,7 @@
--- ---
services: services:
ntfy: ntfy:
image: docker.io/binwiederhier/ntfy:v2.14.0@sha256:5a051798d14138c3ecb12c038652558ab6a077e1aceeb867c151cbf5fa8451ef image: docker.io/binwiederhier/ntfy:v2.14.0
container_name: ntfy container_name: ntfy
command: command:
- serve - serve

2
resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2
View file

@ -4,7 +4,7 @@
services: services:
onlyoffice: onlyoffice:
image: docker.io/onlyoffice/documentserver:9.1.0@sha256:34b92f4a67bfd939bd6b75893e8217556e3b977f81e49472f7e28737b741ba1d image: docker.io/onlyoffice/documentserver:9.1.0
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- "./onlyoffice/DocumentServer/logs:/var/log/onlyoffice" - "./onlyoffice/DocumentServer/logs:/var/log/onlyoffice"

4
resources/chaosknoten/pad/docker_compose/compose.yaml.j2
View file

@ -3,7 +3,7 @@
services: services:
database: database:
image: docker.io/library/postgres:15-alpine@sha256:64583b3cb4f2010277bdd9749456de78e5c36f8956466ba14b0b96922e510950 image: docker.io/library/postgres:15-alpine
environment: environment:
- "POSTGRES_USER=hedgedoc" - "POSTGRES_USER=hedgedoc"
- "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
@ -13,7 +13,7 @@ services:
restart: unless-stopped restart: unless-stopped
app: app:
image: quay.io/hedgedoc/hedgedoc:1.10.3@sha256:ca58fd73ecf05c89559b384fb7a1519c18c8cbba5c21a0018674ed820b9bdb73 image: quay.io/hedgedoc/hedgedoc:1.10.3
environment: environment:
- "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc" - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
- "CMD_DOMAIN=pad.hamburg.ccc.de" - "CMD_DOMAIN=pad.hamburg.ccc.de"

10
resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
View file

@ -3,7 +3,7 @@
services: services:
database: database:
image: docker.io/library/postgres:15-alpine@sha256:64583b3cb4f2010277bdd9749456de78e5c36f8956466ba14b0b96922e510950 image: docker.io/library/postgres:15-alpine
environment: environment:
- "POSTGRES_USER=pretalx" - "POSTGRES_USER=pretalx"
- "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
@ -15,7 +15,7 @@ services:
- pretalx_net - pretalx_net
redis: redis:
image: docker.io/library/redis:8.2.2@sha256:4521b581dbddea6e7d81f8fe95ede93f5648aaa66a9dacd581611bf6fe7527bd image: docker.io/library/redis:8.2.2
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- redis:/data - redis:/data
@ -23,7 +23,7 @@ services:
- pretalx_net - pretalx_net
static: static:
image: docker.io/library/nginx:1.29.3@sha256:f547e3d0d5d02f7009737b284abc87d808e4252b42dceea361811e9fc606287f image: docker.io/library/nginx:1.29.3
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- public:/usr/share/nginx/html - public:/usr/share/nginx/html
@ -33,7 +33,7 @@ services:
- pretalx_net - pretalx_net
pretalx: pretalx:
image: docker.io/pretalx/standalone:v2025.1.0@sha256:fb2d15f11bcae8bb15430084ed81a150cfdf7c79705450583b51e352ba486e8e image: docker.io/pretalx/standalone:v2025.1.0
entrypoint: gunicorn entrypoint: gunicorn
command: command:
- "pretalx.wsgi" - "pretalx.wsgi"
@ -78,7 +78,7 @@ services:
- pretalx_net - pretalx_net
celery: celery:
image: docker.io/pretalx/standalone:v2025.1.0@sha256:fb2d15f11bcae8bb15430084ed81a150cfdf7c79705450583b51e352ba486e8e image: docker.io/pretalx/standalone:v2025.1.0
command: command:
- taskworker - taskworker
restart: unless-stopped restart: unless-stopped

6
resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
View file

@ -1,7 +1,7 @@
--- ---
services: services:
database: database:
image: docker.io/library/postgres:15-alpine@sha256:64583b3cb4f2010277bdd9749456de78e5c36f8956466ba14b0b96922e510950 image: docker.io/library/postgres:15-alpine
environment: environment:
- "POSTGRES_USER=pretix" - "POSTGRES_USER=pretix"
- "POSTGRES_PASSWORD={{ secret__pretix_db_password }}" - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
@ -13,7 +13,7 @@ services:
restart: unless-stopped restart: unless-stopped
redis: redis:
image: docker.io/library/redis:7.4.6@sha256:a9cc41d6d01da2aa26c219e4f99ecbeead955a7b656c1c499cce8922311b2514 image: docker.io/library/redis:7.4.6
ports: ports:
- "6379:6379" - "6379:6379"
volumes: volumes:
@ -25,7 +25,7 @@ services:
backend: backend:
pretix: pretix:
image: docker.io/pretix/standalone:2024.8@sha256:110bac37efa5f736227f158f38e421ed738d03dccc274dfb415b258ab0f75cfe image: docker.io/pretix/standalone:2024.8
command: ["all"] command: ["all"]
ports: ports:
- "8345:80" - "8345:80"

2
resources/z9/waybackproxy/docker_compose/compose.yaml.j2
View file

@ -1,7 +1,7 @@
services: services:
# https://github.com/richardg867/WaybackProxy # https://github.com/richardg867/WaybackProxy
waybackproxy: waybackproxy:
image: cttynul/waybackproxy:latest@sha256:e001d5b1d746522cd1ab2728092173c0d96f08086cbd3e49cdf1e298b8add22e image: cttynul/waybackproxy:latest
environment: environment:
DATE: 19990101 DATE: 19990101
DATE_TOLERANCE: 730 DATE_TOLERANCE: 730