diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml index 2c68c17..c18efd5 100644 --- a/inventories/chaosknoten/host_vars/netbox.yaml +++ b/inventories/chaosknoten/host_vars/netbox.yaml @@ -1,5 +1,5 @@ # renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox -netbox__version: "v4.5.0" +netbox__version: "v4.5.1" netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}" netbox__custom_pipeline_oidc_group_and_role_mapping: true diff --git a/inventories/external/host_vars/status.sops.yaml b/inventories/external/host_vars/status.sops.yaml index a67b8a1..366b641 100644 --- a/inventories/external/host_vars/status.sops.yaml +++ b/inventories/external/host_vars/status.sops.yaml @@ -1,7 +1,6 @@ ansible_pull__age_private_key: ENC[AES256_GCM,data:u0tluAG5YmXTs71/F6RjuTITCrEoJco0K7+o/F7An4OMdOAwJVBvvMCnEaYsKhLhdesnMIoA24oz2j22lKRFgZUNtkF08ZwH9gw=,iv:oqTTeOi8l6ig4vvqOKict5bqxjmiBW+kwlZhbozoCSU=,tag:ZL2wuIczCHguGJIhbY0NuQ==,type:str] secret__gatus_db_password: ENC[AES256_GCM,data:fwtdWmXVTA7odBsKnlxH7mKKGtplAt/rQqscFBAxbDky6DNqgk6PP2OsqbIEpnpzs9Yn7Kd2VAxzfJfK,iv:ox/Lm+LlxxRcssOPc++nRp6nVa2DF3/46eEsGzTOBmA=,tag:i1e71Gm01ojHr5pGy0S9rA==,type:str] secret__gatus_matrix_access_token: ENC[AES256_GCM,data:adNtFvg2LXwRiNE7mvTZNO1hXxN3qasWZrDEQOGk5mYEVH0t9pglNrM=,iv:30xXR31qmrywLP3M34u6YgsyQY348zVvt9RM4/bGhtY=,tag:vhgpON0IdQ+FS4uQ/0TpsQ==,type:str] -secret__gatus_acme_dns_update_test_x_api_key: ENC[AES256_GCM,data:rBMHvYT7g+o6Rc+edjikYT2jn4wKnkOJWOMf5Ys1zjKpsRCKEF0PZA==,iv:Tp4ELKMfhxtwaJljW4sMCVgW3KCTL89NfW2/LQTmO1Y=,tag:YMbvE0xgLTYCFXche/mvFA==,type:str] sops: age: - recipient: age1yl9ts8k6ceymaxjs72r5puetes5mtuzxuger7qgme9qkagfrm9hqzxx9qr @@ -13,8 +12,8 @@ sops: RFl1MnI1K0h2MUhvYk40d2JjbDRaUmMKNlPo1s06hVdxAamKhJy4HhNDX8PKQlq2 13PjdTJub64fydGEJng5NigcnNcPo7goGLz5QV7vE+6bO0gNZxBmmw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-01T21:17:51Z" - mac: ENC[AES256_GCM,data:YO5RoJnkjZeouYJa3ui/cRGLcpSzbs1Ou4D+XU9fZ6ZEc8snmLoN/e8vK91+9qigQECOc/WHHaln4ghYs6wNH+xje4ImCYL92p1RbMPvT8OoS3qu+pTF3sUfQfV/Rju61njNHA7XNAmGCxSiJQxgq2o92aoEB7qKs+AwCFEmTpE=,iv:QrRkSv4novqk3+YCnfFW59df1mvcGONTDO3zCUyXUME=,tag:oBy402SSczs3qyHhBpQqnw==,type:str] + lastmodified: "2026-01-18T18:40:32Z" + mac: ENC[AES256_GCM,data:7bP0fmn6TJKA8zLuXE8F47sHn1qqX33z/078KkCJx5yRSKBGyLnTeKNha8EODEBkMG0eXQ2BEQDPfNB892R5OW69xCInCa0+sEPONd3YELMvFVoM7/+avDi94X/tdJKCHVPnF/kpqnGhKlwikKlCFLIcbkfEAHJgDlze32C0QKU=,iv:1Q5dsJP2FToAYDJYWXJufHuIlXGfj93NaBWHfZ5rhHk=,tag:dFNYdMJOwUwr6/zwlRollg==,type:str] pgp: - created_at: "2026-01-15T21:23:56Z" enc: |- diff --git a/resources/chaosknoten/acmedns/nginx/acmedns.hamburg.ccc.de.conf b/resources/chaosknoten/acmedns/nginx/acmedns.hamburg.ccc.de.conf index dd78d8c..b360d40 100644 --- a/resources/chaosknoten/acmedns/nginx/acmedns.hamburg.ccc.de.conf +++ b/resources/chaosknoten/acmedns/nginx/acmedns.hamburg.ccc.de.conf @@ -77,10 +77,6 @@ server { proxy_pass http://127.0.0.1:8080/update; } - location = /health { # no auth by proxy required - proxy_pass http://127.0.0.1:8080/health; - } - location @oauth2_signin { return 302 /oauth2/sign_in?rd=$scheme://$host$request_uri; } diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index c2c312c..cdf6eea 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -32,7 +32,7 @@ services: - alertmanager_data:/alertmanager grafana: - image: docker.io/grafana/grafana:12.3.1 + image: docker.io/grafana/grafana:12.3.2 container_name: grafana ports: - 3000:3000 diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 index 50df05d..6b5a8fc 100644 --- a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: ntfy: - image: docker.io/binwiederhier/ntfy:v2.15.0 + image: docker.io/binwiederhier/ntfy:v2.16.0 container_name: ntfy command: - serve diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 091d113..835ed50 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -33,7 +33,7 @@ services: - pretalx_net pretalx: - image: docker.io/pretalx/standalone:v2025.1.0 + image: docker.io/pretalx/standalone:v2025.2.2 entrypoint: gunicorn command: - "pretalx.wsgi" @@ -78,7 +78,7 @@ services: - pretalx_net celery: - image: docker.io/pretalx/standalone:v2025.1.0 + image: docker.io/pretalx/standalone:v2025.2.2 command: - taskworker restart: unless-stopped diff --git a/resources/external/status/docker_compose/compose.yaml.j2 b/resources/external/status/docker_compose/compose.yaml.j2 index ae5681b..04abf95 100644 --- a/resources/external/status/docker_compose/compose.yaml.j2 +++ b/resources/external/status/docker_compose/compose.yaml.j2 @@ -25,7 +25,6 @@ services: - "POSTGRES_USER=gatus" - "POSTGRES_PASSWORD={{ secret__gatus_db_password }}" - "MATRIX_ACCESS_TOKEN={{ secret__gatus_matrix_access_token }}" - - "ACME_DNS_UPDATE_TEST_X_API_KEY={{ secret__gatus_acme_dns_update_test_x_api_key }}" volumes: - ./configs:/config networks: diff --git a/resources/external/status/docker_compose/config/easterhegg-websites.yaml b/resources/external/status/docker_compose/config/easterhegg-websites.yaml index 97ba482..87feb4c 100644 --- a/resources/external/status/docker_compose/config/easterhegg-websites.yaml +++ b/resources/external/status/docker_compose/config/easterhegg-websites.yaml @@ -5,8 +5,7 @@ easterhegg-websites-defaults: &easterhegg_websites_defaults group: Websites interval: 5m alerts: - # - type: matrix - - type: custom + - type: matrix failure-threshold: 3 success-threshold: 1 minimum-reminder-interval: "12h" @@ -16,8 +15,7 @@ easterhegg-websites-redirects-defaults: &easterhegg_websites_redirects_defaults group: Websites (Redirects) interval: 15m alerts: - # - type: matrix - - type: custom + - type: matrix failure-threshold: 3 success-threshold: 1 minimum-reminder-interval: "24h" diff --git a/resources/external/status/docker_compose/config/general.yaml b/resources/external/status/docker_compose/config/general.yaml index 53c620d..fb1c3ed 100644 --- a/resources/external/status/docker_compose/config/general.yaml +++ b/resources/external/status/docker_compose/config/general.yaml @@ -18,21 +18,10 @@ ui: default-sort-by: group alerting: - # matrix: - # server-url: "https://matrix.nekover.se" - # access-token: "${MATRIX_ACCESS_TOKEN}" - # internal-room-id: "!jG755onbGAH-lZsZo8SRKtlsncSMvq7nzPhwCi5CgdQ" - custom: - url: "https://matrix.nekover.se/_matrix/client/v3/rooms/%21jG755onbGAH-lZsZo8SRKtlsncSMvq7nzPhwCi5CgdQ/send/m.room.message" - method: "POST" - body: | - { - "msgtype": "m.text", - "body": "[ALERT_TRIGGERED_OR_RESOLVED]: [ENDPOINT_GROUP] - [ENDPOINT_NAME] - [ALERT_DESCRIPTION] - [RESULT_ERRORS]" - } - headers: - Authorization: "Bearer ${MATRIX_ACCESS_TOKEN}" - + matrix: + server-url: "https://matrix.nekover.se" + access-token: "${MATRIX_ACCESS_TOKEN}" + internal-room-id: "!jG755onbGAH-lZsZo8SRKtlsncSMvq7nzPhwCi5CgdQ" # A bit more than the default 5 concurrent checks should be fine. concurrency: 15 diff --git a/resources/external/status/docker_compose/config/services-chaosknoten.yaml b/resources/external/status/docker_compose/config/services-chaosknoten.yaml index 2c7d59f..0792e95 100644 --- a/resources/external/status/docker_compose/config/services-chaosknoten.yaml +++ b/resources/external/status/docker_compose/config/services-chaosknoten.yaml @@ -3,60 +3,13 @@ services-chaosknoten-defaults: &services_chaosknoten_defaults group: Services (Chaosknoten) interval: 1m alerts: - # - type: matrix - - type: custom + - type: matrix failure-threshold: 5 success-threshold: 2 minimum-reminder-interval: "6h" send-on-resolved: true endpoints: - - name: ACME DNS (main page/login) - url: "https://acmedns.hamburg.ccc.de" - <<: *services_chaosknoten_defaults - conditions: - - "[STATUS] == 200" - - "[CERTIFICATE_EXPIRATION] > 48h" - - "[BODY] == pat(*OAuth2 Proxy*)" - - - name: ACME DNS (health endpoint) - url: "https://acmedns.hamburg.ccc.de/health" - <<: *services_chaosknoten_defaults - conditions: - - "[STATUS] == 200" - - "[CERTIFICATE_EXPIRATION] > 48h" - - - name: ACME DNS (update endpoint) - url: "https://acmedns.hamburg.ccc.de/update" - <<: *services_chaosknoten_defaults - method: POST - # acme-dns validates that the value for the txt is 43 characters long. - # https://github.com/joohoi/acme-dns/blob/b7a0a8a7bcef39f6158dd596fe716594a170d362/validation.go#L34-L41 - body: | - { - "subdomain": "c621ef99-3da9-4ef6-a152-3a82b9b720f8", - "txt": "________________gatus_test_________________" - } - headers: - X-Api-User: "b897048a-1526-42aa-bc24-e4dfd654b722" - X-Api-Key: "${ACME_DNS_UPDATE_TEST_X_API_KEY}" - conditions: - - "[STATUS] == 200" - - "[CERTIFICATE_EXPIRATION] > 48h" - - "[BODY].txt == ________________gatus_test_________________" - - - name: ACME DNS (DNS) - url: "acmedns.hosts.hamburg.ccc.de" - <<: *services_chaosknoten_defaults - dns: - query-name: "c621ef99-3da9-4ef6-a152-3a82b9b720f8.auth.acmedns.hamburg.ccc.de" - query-type: "TXT" - conditions: - - "[DNS_RCODE] == NOERROR" - # error: query type is not supported yet - # apparently TXT records aren't supported yet. - # - "[BODY] == ________________gatus_test_________________" - - name: CCCHH ID/Keycloak (main page/account console) url: "https://id.hamburg.ccc.de/" <<: *services_chaosknoten_defaults diff --git a/resources/external/status/docker_compose/config/sites.yaml b/resources/external/status/docker_compose/config/sites.yaml index a3444a6..7b0ce82 100644 --- a/resources/external/status/docker_compose/config/sites.yaml +++ b/resources/external/status/docker_compose/config/sites.yaml @@ -3,8 +3,7 @@ sites-defaults: &sites_defaults group: Sites interval: 1m alerts: - # - type: matrix - - type: custom + - type: matrix failure-threshold: 5 success-threshold: 2 minimum-reminder-interval: "6h" diff --git a/resources/external/status/docker_compose/config/websites.yaml b/resources/external/status/docker_compose/config/websites.yaml index 964a866..e54337a 100644 --- a/resources/external/status/docker_compose/config/websites.yaml +++ b/resources/external/status/docker_compose/config/websites.yaml @@ -5,8 +5,7 @@ websites-defaults: &websites_defaults group: Websites interval: 1m alerts: - # - type: matrix - - type: custom + - type: matrix failure-threshold: 5 success-threshold: 2 minimum-reminder-interval: "6h" @@ -16,8 +15,7 @@ websites-staging-defaults: &websites_staging_defaults group: Websites (Staging) interval: 5m alerts: - # - type: matrix - - type: custom + - type: matrix failure-threshold: 3 success-threshold: 1 minimum-reminder-interval: "24h" @@ -27,8 +25,7 @@ websites-redirects-defaults: &websites_redirects_defaults group: Websites (Redirects) interval: 5m alerts: - # - type: matrix - - type: custom + - type: matrix failure-threshold: 3 success-threshold: 1 minimum-reminder-interval: "24h" @@ -52,14 +49,6 @@ endpoints: - "[CERTIFICATE_EXPIRATION] > 48h" - "[BODY] == pat(*Cat Ears Operation Center*)" - - name: cpu.ccc.de - url: "https://cpu.ccc.de" - <<: *websites_defaults - conditions: - - "[STATUS] == 200" - - "[CERTIFICATE_EXPIRATION] > 48h" - - "[BODY] == pat(*cpu.ccc.de | aus den Dezentralen*)" - - name: cryptoparty-hamburg.de url: "https://cryptoparty-hamburg.de" <<: *websites_defaults @@ -110,14 +99,6 @@ endpoints: - "[CERTIFICATE_EXPIRATION] > 48h" - "[BODY] == pat(*Wir sind der Chaos Computer Club der Hansestadt Hamburg.*)" - - name: spaceapi.ccc.de - url: "https://spaceapi.ccc.de" - <<: *websites_defaults - conditions: - - "[STATUS] == 200" - - "[CERTIFICATE_EXPIRATION] > 48h" - - "[BODY] == pat(*Kein Javascript, keine Kekse.*)" - # Websites (Staging) - name: staging.c3cat.de url: "https://staging.c3cat.de" @@ -176,22 +157,6 @@ endpoints: - "[CERTIFICATE_EXPIRATION] > 48h" - "[BODY] == pat(*Digitale Selbstverteidigung in Hamburg*)" - - name: local.ccc.de - url: "https://local.ccc.de" - <<: *websites_redirects_defaults - conditions: - - "[STATUS] == 200" - - "[CERTIFICATE_EXPIRATION] > 48h" - - "[BODY] == pat(*cpu.ccc.de | aus den Dezentralen*)" - - - name: lokal.ccc.de - url: "https://lokal.ccc.de" - <<: *websites_redirects_defaults - conditions: - - "[STATUS] == 200" - - "[CERTIFICATE_EXPIRATION] > 48h" - - "[BODY] == pat(*cpu.ccc.de | aus den Dezentralen*)" - - name: staging.cryptoparty.hamburg.ccc.de url: "https://staging.cryptoparty.hamburg.ccc.de" <<: *websites_redirects_defaults