Update docker.io/library/postgres Docker tag to v18

pretalx(host): move to dns-01-acme-dns as http-01 failed for cfp.eh22
2026-03-31 16:01:02 +00:00 · 2026-03-31 17:51:06 +02:00
9 changed files with 23 additions and 14 deletions
--- a/inventories/chaosknoten/host_vars/cloud.yaml
+++ b/inventories/chaosknoten/host_vars/cloud.yaml
@ -1,7 +1,7 @@
 # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 nextcloud__version: 32
 # renovate: datasource=docker depName=docker.io/library/postgres
-nextcloud__postgres_version: 15.17
+nextcloud__postgres_version: 18.3
 nextcloud__fqdn: cloud.hamburg.ccc.de
 nextcloud__data_dir: /data/nextcloud
 nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
--- a/inventories/chaosknoten/host_vars/pretalx.sops.yaml
+++ b/inventories/chaosknoten/host_vars/pretalx.sops.yaml
@ -1,6 +1,7 @@
 secret__pretalx_db_password: ENC[AES256_GCM,data:T9qw46sR88tcj4NG1oK3AfjreU4N1cIN0w==,iv:g2rr7PbFN9bFDg/w7vZBiuMB4p2j2uu0eQAyiweuQ6Q=,tag:0coJNAbT5W9gxy2fVOhuoA==,type:str]
 secret__pretalx_mail_password: ENC[AES256_GCM,data:HJrrmdDKzity4Fzz+JEj/kvddzHpRbw1Yw==,iv:dW15nSyYjzlFdPkQoZmJ5k+poWyJZ7dW5Lo8IFjtfMc=,tag:AZZObQRDMMoQgnPmqo/+Tw==,type:str]
 ansible_pull__age_private_key: ENC[AES256_GCM,data:CguBtrNgimXc0dBhIHn6SNYhmHY1z6mHXdb7bmAFUy5FtqAmU/HGTxIsOZdn+GjwHhk3idi4my68qAkyxiuvHno7yQ+HTRgPl4k=,iv:kFLI2ptzZi2UK0MLEyFpYdvJ4o2C0zaQ1K6fowYmG/4=,tag:8hwlDVpu+HBm+hjNAdiVyw==,type:str]
 secret__acme_dns_api_key_pretalx_hamburg_ccc_de: ENC[AES256_GCM,data:e5Chvj450jNpRZJWZ/fYersQC6U8V8sgcvXkhbCSSKO/U4wBJWTr6g==,iv:gkMZlzwIoeft5VrOGVdvA2QRacoO9QetKVJxJ6xHG54=,tag:Lz0r1P0qcCyJ00MFu1JR2g==,type:str]
 sops:
  age:
    - recipient: age133wy6sxhgx3kkwxecra6xf9ey2uhnvtjpgwawwfmpvz0jpd0s5dqe385u3
@ -12,8 +13,8 @@ sops:
        T3BVQmZyVFlyaloxZ1lUdEtlbDYxbkkKdaYhzRq66SVBbhn4iNVSDSoEBk7+zODh
        cogERhbBCuz6WXCKBHjFwLDggM6y2cLo/uk3qkG2X7YDXUqO/DMwSA==
        -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2025-10-14T23:41:45Z"
+  lastmodified: "2026-03-31T15:20:20Z"
-  mac: ENC[AES256_GCM,data:tw/zADjnc9mNcT1sEGDeCFr9RuyPsgj6mtcmDwpYdquhdfmjvccUBwly/NFFdHAwUqmL4l5R2xAFaeKxiEO03DT9nx6jujDvgpKaWyiXqgPnzMvft/9SXdjwx1+4COmT15WQ3LfTQbTXAJH3taGDQeRJBPRYFcykscyw3S5/aU8=,iv:kmCUVVT17MPoV4/tGqxKGeXuf1eIzX9qqJt6HL2ygPQ=,tag:+v+TVU4Nr+ZCqLxWvWWjdA==,type:str]
+  mac: ENC[AES256_GCM,data:XUk54tSq/2B5DlHSOovKuGT2x5ffl6EahmqriA6P+V0e8D9PNemgOcV7s0GfW3QgKNQ7RCCRaXZpOZADh4yIR/AslrIGAJ1qNHgekZgRJ0VX8yydjHMpVG5u9Qi4Kr/u867xXhSzjSLEsefT60RGCKyrQs5/QqkK833PaIJylqE=,iv:1sRcJlDHN3eu/oRyJ8e9TB7+5yThlf6iboBnaaO/IvM=,tag:EW+m//ycUf+crIeEOJoPtQ==,type:str]
  pgp:
    - created_at: "2026-03-05T19:18:39Z"
      enc: |-
@ -215,4 +216,4 @@ sops:
        -----END PGP MESSAGE-----
      fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49
  unencrypted_suffix: _unencrypted
-  version: 3.10.2
+  version: 3.12.1
--- a/inventories/chaosknoten/host_vars/pretalx.yaml
+++ b/inventories/chaosknoten/host_vars/pretalx.yaml
@ -2,9 +2,19 @@ docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 're
 docker_compose__configuration_files: [ ]
 certbot__acme_account_email_address: le-admin@hamburg.ccc.de
-certbot__certificate_domains:
+certbot__certs:
-  - "pretalx.hamburg.ccc.de"
+  - commonName: "pretalx.hamburg.ccc.de"
-  - "cfp.eh22.easterhegg.eu"
+    challengeType: "dns-01-acme-dns"
    dns_01_acme_dns:
      subdomain: 295a66d4-1d71-49f3-a80a-1f7527ec9cca
      apiUser: bee0544b-a414-42eb-96a1-3e30d43e104c
      apiKey: "{{ secret__acme_dns_api_key_pretalx_hamburg_ccc_de }}"
  - commonName: "cfp.eh22.easterhegg.eu"
    challengeType: "dns-01-acme-dns"
    dns_01_acme_dns:
      subdomain: 295a66d4-1d71-49f3-a80a-1f7527ec9cca
      apiUser: bee0544b-a414-42eb-96a1-3e30d43e104c
      apiKey: "{{ secret__acme_dns_api_key_pretalx_hamburg_ccc_de }}"
 certbot__new_cert_commands:
  - "systemctl reload nginx.service"
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@ -46,7 +46,7 @@ services:
      - "8080:8080"
  db:
-    image: docker.io/library/postgres:15.17
+    image: docker.io/library/postgres:18.3
    restart: unless-stopped
    networks:
      - keycloak
--- a/resources/chaosknoten/lists/docker_compose/compose.yaml
+++ b/resources/chaosknoten/lists/docker_compose/compose.yaml
@ -58,7 +58,7 @@ services:
      - POSTGRES_DB=mailmandb
      - POSTGRES_USER=mailman
      - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
-    image: docker.io/library/postgres:12-alpine
+    image: docker.io/library/postgres:18-alpine
    volumes:
      - /opt/mailman/database:/var/lib/postgresql/data
    networks:
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@ -3,7 +3,7 @@
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=hedgedoc"
      - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@ -3,7 +3,7 @@
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=pretalx"
      - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
--- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
@ -22,7 +22,6 @@ map $host $upstream_acme_challenge_host {
    netbox.hamburg.ccc.de netbox.hosts.hamburg.ccc.de:31820;
    onlyoffice.hamburg.ccc.de onlyoffice.hosts.hamburg.ccc.de:31820;
    pad.hamburg.ccc.de pad.hosts.hamburg.ccc.de:31820;
    pretalx.hamburg.ccc.de pretalx.hosts.hamburg.ccc.de:31820;
    spaceapi.hamburg.ccc.de 172.31.17.151:31820;
    staging.hamburg.ccc.de 172.31.17.151:31820;
    wiki.ccchh.net wiki.hosts.hamburg.ccc.de:31820;
@ -71,7 +70,6 @@ map $host $upstream_acme_challenge_host {
    woodpecker.hamburg.ccc.de 172.31.17.160:31820;
    design.hamburg.ccc.de 172.31.17.162:31820;
    hydra.hamburg.ccc.de 172.31.17.163:31820;
    cfp.eh22.easterhegg.eu 172.31.17.157:31820;
    ntfy.hamburg.ccc.de ntfy.hosts.hamburg.ccc.de:31820;
    cryptoparty-hamburg.de 172.31.17.151:31820;
    cryptoparty.hamburg.ccc.de 172.31.17.151:31820;
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@ -1,7 +1,7 @@
 ---
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=pretix"
      - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
Author	SHA1	Message	Date
Renovate	9e6ce72a5f	Update docker.io/library/postgres Docker tag to v18 All checks were successful / Ansible Lint (push) Successful in 21m49s Details / Ansible Lint (pull_request) Successful in 23m12s Details	2026-03-31 16:01:02 +00:00
June	6bc872f1c0	pretalx(host): move to dns-01-acme-dns as http-01 failed for cfp.eh22 All checks were successful / Ansible Lint (push) Successful in 13m31s Details	2026-03-31 17:51:06 +02:00