From 174f9b82e2995324b9718387a3de5d2b8417fb33 Mon Sep 17 00:00:00 2001 From: Renovate Date: Tue, 31 Mar 2026 15:01:02 +0000 Subject: [PATCH 1/3] Update docker.io/library/postgres Docker tag to v18 --- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/lists/docker_compose/compose.yaml | 2 +- resources/chaosknoten/pad/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 9c28d58..0a1d845 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 32 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.17 +nextcloud__postgres_version: 18.3 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 165c62d..96cdf0f 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: docker.io/library/postgres:15.17 + image: docker.io/library/postgres:18.3 restart: unless-stopped networks: - keycloak diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index fb65594..65248bb 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -58,7 +58,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:18-alpine volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 9ec25b2..af84c67 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=hedgedoc" - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 0bbfcb8..091bd44 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index ce7398b..514039e 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretix" - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}" From 6bc872f1c0af393f6cb2a8d281f68244887b3a17 Mon Sep 17 00:00:00 2001 From: June Date: Tue, 31 Mar 2026 17:51:06 +0200 Subject: [PATCH 2/3] pretalx(host): move to dns-01-acme-dns as http-01 failed for cfp.eh22 --- .../chaosknoten/host_vars/pretalx.sops.yaml | 7 ++++--- inventories/chaosknoten/host_vars/pretalx.yaml | 16 +++++++++++++--- .../nginx/acme_challenge.conf | 2 -- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/inventories/chaosknoten/host_vars/pretalx.sops.yaml b/inventories/chaosknoten/host_vars/pretalx.sops.yaml index e5f3132..7a42dcc 100644 --- a/inventories/chaosknoten/host_vars/pretalx.sops.yaml +++ b/inventories/chaosknoten/host_vars/pretalx.sops.yaml @@ -1,6 +1,7 @@ secret__pretalx_db_password: ENC[AES256_GCM,data:T9qw46sR88tcj4NG1oK3AfjreU4N1cIN0w==,iv:g2rr7PbFN9bFDg/w7vZBiuMB4p2j2uu0eQAyiweuQ6Q=,tag:0coJNAbT5W9gxy2fVOhuoA==,type:str] secret__pretalx_mail_password: ENC[AES256_GCM,data:HJrrmdDKzity4Fzz+JEj/kvddzHpRbw1Yw==,iv:dW15nSyYjzlFdPkQoZmJ5k+poWyJZ7dW5Lo8IFjtfMc=,tag:AZZObQRDMMoQgnPmqo/+Tw==,type:str] ansible_pull__age_private_key: ENC[AES256_GCM,data:CguBtrNgimXc0dBhIHn6SNYhmHY1z6mHXdb7bmAFUy5FtqAmU/HGTxIsOZdn+GjwHhk3idi4my68qAkyxiuvHno7yQ+HTRgPl4k=,iv:kFLI2ptzZi2UK0MLEyFpYdvJ4o2C0zaQ1K6fowYmG/4=,tag:8hwlDVpu+HBm+hjNAdiVyw==,type:str] +secret__acme_dns_api_key_pretalx_hamburg_ccc_de: ENC[AES256_GCM,data:e5Chvj450jNpRZJWZ/fYersQC6U8V8sgcvXkhbCSSKO/U4wBJWTr6g==,iv:gkMZlzwIoeft5VrOGVdvA2QRacoO9QetKVJxJ6xHG54=,tag:Lz0r1P0qcCyJ00MFu1JR2g==,type:str] sops: age: - recipient: age133wy6sxhgx3kkwxecra6xf9ey2uhnvtjpgwawwfmpvz0jpd0s5dqe385u3 @@ -12,8 +13,8 @@ sops: T3BVQmZyVFlyaloxZ1lUdEtlbDYxbkkKdaYhzRq66SVBbhn4iNVSDSoEBk7+zODh cogERhbBCuz6WXCKBHjFwLDggM6y2cLo/uk3qkG2X7YDXUqO/DMwSA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-14T23:41:45Z" - mac: ENC[AES256_GCM,data:tw/zADjnc9mNcT1sEGDeCFr9RuyPsgj6mtcmDwpYdquhdfmjvccUBwly/NFFdHAwUqmL4l5R2xAFaeKxiEO03DT9nx6jujDvgpKaWyiXqgPnzMvft/9SXdjwx1+4COmT15WQ3LfTQbTXAJH3taGDQeRJBPRYFcykscyw3S5/aU8=,iv:kmCUVVT17MPoV4/tGqxKGeXuf1eIzX9qqJt6HL2ygPQ=,tag:+v+TVU4Nr+ZCqLxWvWWjdA==,type:str] + lastmodified: "2026-03-31T15:20:20Z" + mac: ENC[AES256_GCM,data:XUk54tSq/2B5DlHSOovKuGT2x5ffl6EahmqriA6P+V0e8D9PNemgOcV7s0GfW3QgKNQ7RCCRaXZpOZADh4yIR/AslrIGAJ1qNHgekZgRJ0VX8yydjHMpVG5u9Qi4Kr/u867xXhSzjSLEsefT60RGCKyrQs5/QqkK833PaIJylqE=,iv:1sRcJlDHN3eu/oRyJ8e9TB7+5yThlf6iboBnaaO/IvM=,tag:EW+m//ycUf+crIeEOJoPtQ==,type:str] pgp: - created_at: "2026-03-05T19:18:39Z" enc: |- @@ -215,4 +216,4 @@ sops: -----END PGP MESSAGE----- fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49 unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.12.1 diff --git a/inventories/chaosknoten/host_vars/pretalx.yaml b/inventories/chaosknoten/host_vars/pretalx.yaml index 12610b6..e1298f0 100644 --- a/inventories/chaosknoten/host_vars/pretalx.yaml +++ b/inventories/chaosknoten/host_vars/pretalx.yaml @@ -2,9 +2,19 @@ docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 're docker_compose__configuration_files: [ ] certbot__acme_account_email_address: le-admin@hamburg.ccc.de -certbot__certificate_domains: - - "pretalx.hamburg.ccc.de" - - "cfp.eh22.easterhegg.eu" +certbot__certs: + - commonName: "pretalx.hamburg.ccc.de" + challengeType: "dns-01-acme-dns" + dns_01_acme_dns: + subdomain: 295a66d4-1d71-49f3-a80a-1f7527ec9cca + apiUser: bee0544b-a414-42eb-96a1-3e30d43e104c + apiKey: "{{ secret__acme_dns_api_key_pretalx_hamburg_ccc_de }}" + - commonName: "cfp.eh22.easterhegg.eu" + challengeType: "dns-01-acme-dns" + dns_01_acme_dns: + subdomain: 295a66d4-1d71-49f3-a80a-1f7527ec9cca + apiUser: bee0544b-a414-42eb-96a1-3e30d43e104c + apiKey: "{{ secret__acme_dns_api_key_pretalx_hamburg_ccc_de }}" certbot__new_cert_commands: - "systemctl reload nginx.service" diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf index 7bb4993..3bcd0fb 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf @@ -22,7 +22,6 @@ map $host $upstream_acme_challenge_host { netbox.hamburg.ccc.de netbox.hosts.hamburg.ccc.de:31820; onlyoffice.hamburg.ccc.de onlyoffice.hosts.hamburg.ccc.de:31820; pad.hamburg.ccc.de pad.hosts.hamburg.ccc.de:31820; - pretalx.hamburg.ccc.de pretalx.hosts.hamburg.ccc.de:31820; spaceapi.hamburg.ccc.de 172.31.17.151:31820; staging.hamburg.ccc.de 172.31.17.151:31820; wiki.ccchh.net wiki.hosts.hamburg.ccc.de:31820; @@ -71,7 +70,6 @@ map $host $upstream_acme_challenge_host { woodpecker.hamburg.ccc.de 172.31.17.160:31820; design.hamburg.ccc.de 172.31.17.162:31820; hydra.hamburg.ccc.de 172.31.17.163:31820; - cfp.eh22.easterhegg.eu 172.31.17.157:31820; ntfy.hamburg.ccc.de ntfy.hosts.hamburg.ccc.de:31820; cryptoparty-hamburg.de 172.31.17.151:31820; cryptoparty.hamburg.ccc.de 172.31.17.151:31820; From 9e6ce72a5fd49db8f50fca7e2377c230d5b5ff14 Mon Sep 17 00:00:00 2001 From: Renovate Date: Tue, 31 Mar 2026 16:01:02 +0000 Subject: [PATCH 3/3] Update docker.io/library/postgres Docker tag to v18 --- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/lists/docker_compose/compose.yaml | 2 +- resources/chaosknoten/pad/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 9c28d58..0a1d845 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 32 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.17 +nextcloud__postgres_version: 18.3 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 165c62d..96cdf0f 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: docker.io/library/postgres:15.17 + image: docker.io/library/postgres:18.3 restart: unless-stopped networks: - keycloak diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index fb65594..65248bb 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -58,7 +58,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:18-alpine volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 9ec25b2..af84c67 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=hedgedoc" - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 0bbfcb8..091bd44 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index ce7398b..514039e 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretix" - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"