From d1b371e74b445d2b2783c35ef957b175e7ed90c9 Mon Sep 17 00:00:00 2001 From: Renovate Date: Wed, 28 Jan 2026 14:45:52 +0000 Subject: [PATCH 1/6] Update all stable non-major dependencies --- inventories/chaosknoten/host_vars/netbox.yaml | 2 +- resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml index 2c68c17..c18efd5 100644 --- a/inventories/chaosknoten/host_vars/netbox.yaml +++ b/inventories/chaosknoten/host_vars/netbox.yaml @@ -1,5 +1,5 @@ # renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox -netbox__version: "v4.5.0" +netbox__version: "v4.5.1" netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}" netbox__custom_pipeline_oidc_group_and_role_mapping: true diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index c2c312c..cdf6eea 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -32,7 +32,7 @@ services: - alertmanager_data:/alertmanager grafana: - image: docker.io/grafana/grafana:12.3.1 + image: docker.io/grafana/grafana:12.3.2 container_name: grafana ports: - 3000:3000 diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 index 50df05d..6b5a8fc 100644 --- a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: ntfy: - image: docker.io/binwiederhier/ntfy:v2.15.0 + image: docker.io/binwiederhier/ntfy:v2.16.0 container_name: ntfy command: - serve diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 091d113..835ed50 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -33,7 +33,7 @@ services: - pretalx_net pretalx: - image: docker.io/pretalx/standalone:v2025.1.0 + image: docker.io/pretalx/standalone:v2025.2.2 entrypoint: gunicorn command: - "pretalx.wsgi" @@ -78,7 +78,7 @@ services: - pretalx_net celery: - image: docker.io/pretalx/standalone:v2025.1.0 + image: docker.io/pretalx/standalone:v2025.2.2 command: - taskworker restart: unless-stopped From c3b20abab31a4116d0eff9e8d6d33015bdce8b1e Mon Sep 17 00:00:00 2001 From: June Date: Sun, 1 Feb 2026 20:49:33 +0100 Subject: [PATCH 2/6] status(host): use custom alert for Matrix to make it work with PAT The Personal Access Token we use isn't compatible with the default Matrix alerting provider, so use a custom alert. --- .../config/easterhegg-websites.yaml | 6 ++++-- .../status/docker_compose/config/general.yaml | 19 +++++++++++++++---- .../config/services-chaosknoten.yaml | 3 ++- .../status/docker_compose/config/sites.yaml | 3 ++- .../docker_compose/config/websites.yaml | 9 ++++++--- 5 files changed, 29 insertions(+), 11 deletions(-) diff --git a/resources/external/status/docker_compose/config/easterhegg-websites.yaml b/resources/external/status/docker_compose/config/easterhegg-websites.yaml index 87feb4c..97ba482 100644 --- a/resources/external/status/docker_compose/config/easterhegg-websites.yaml +++ b/resources/external/status/docker_compose/config/easterhegg-websites.yaml @@ -5,7 +5,8 @@ easterhegg-websites-defaults: &easterhegg_websites_defaults group: Websites interval: 5m alerts: - - type: matrix + # - type: matrix + - type: custom failure-threshold: 3 success-threshold: 1 minimum-reminder-interval: "12h" @@ -15,7 +16,8 @@ easterhegg-websites-redirects-defaults: &easterhegg_websites_redirects_defaults group: Websites (Redirects) interval: 15m alerts: - - type: matrix + # - type: matrix + - type: custom failure-threshold: 3 success-threshold: 1 minimum-reminder-interval: "24h" diff --git a/resources/external/status/docker_compose/config/general.yaml b/resources/external/status/docker_compose/config/general.yaml index fb1c3ed..53c620d 100644 --- a/resources/external/status/docker_compose/config/general.yaml +++ b/resources/external/status/docker_compose/config/general.yaml @@ -18,10 +18,21 @@ ui: default-sort-by: group alerting: - matrix: - server-url: "https://matrix.nekover.se" - access-token: "${MATRIX_ACCESS_TOKEN}" - internal-room-id: "!jG755onbGAH-lZsZo8SRKtlsncSMvq7nzPhwCi5CgdQ" + # matrix: + # server-url: "https://matrix.nekover.se" + # access-token: "${MATRIX_ACCESS_TOKEN}" + # internal-room-id: "!jG755onbGAH-lZsZo8SRKtlsncSMvq7nzPhwCi5CgdQ" + custom: + url: "https://matrix.nekover.se/_matrix/client/v3/rooms/%21jG755onbGAH-lZsZo8SRKtlsncSMvq7nzPhwCi5CgdQ/send/m.room.message" + method: "POST" + body: | + { + "msgtype": "m.text", + "body": "[ALERT_TRIGGERED_OR_RESOLVED]: [ENDPOINT_GROUP] - [ENDPOINT_NAME] - [ALERT_DESCRIPTION] - [RESULT_ERRORS]" + } + headers: + Authorization: "Bearer ${MATRIX_ACCESS_TOKEN}" + # A bit more than the default 5 concurrent checks should be fine. concurrency: 15 diff --git a/resources/external/status/docker_compose/config/services-chaosknoten.yaml b/resources/external/status/docker_compose/config/services-chaosknoten.yaml index 0792e95..e7b1c9c 100644 --- a/resources/external/status/docker_compose/config/services-chaosknoten.yaml +++ b/resources/external/status/docker_compose/config/services-chaosknoten.yaml @@ -3,7 +3,8 @@ services-chaosknoten-defaults: &services_chaosknoten_defaults group: Services (Chaosknoten) interval: 1m alerts: - - type: matrix + # - type: matrix + - type: custom failure-threshold: 5 success-threshold: 2 minimum-reminder-interval: "6h" diff --git a/resources/external/status/docker_compose/config/sites.yaml b/resources/external/status/docker_compose/config/sites.yaml index 7b0ce82..a3444a6 100644 --- a/resources/external/status/docker_compose/config/sites.yaml +++ b/resources/external/status/docker_compose/config/sites.yaml @@ -3,7 +3,8 @@ sites-defaults: &sites_defaults group: Sites interval: 1m alerts: - - type: matrix + # - type: matrix + - type: custom failure-threshold: 5 success-threshold: 2 minimum-reminder-interval: "6h" diff --git a/resources/external/status/docker_compose/config/websites.yaml b/resources/external/status/docker_compose/config/websites.yaml index e54337a..d1459be 100644 --- a/resources/external/status/docker_compose/config/websites.yaml +++ b/resources/external/status/docker_compose/config/websites.yaml @@ -5,7 +5,8 @@ websites-defaults: &websites_defaults group: Websites interval: 1m alerts: - - type: matrix + # - type: matrix + - type: custom failure-threshold: 5 success-threshold: 2 minimum-reminder-interval: "6h" @@ -15,7 +16,8 @@ websites-staging-defaults: &websites_staging_defaults group: Websites (Staging) interval: 5m alerts: - - type: matrix + # - type: matrix + - type: custom failure-threshold: 3 success-threshold: 1 minimum-reminder-interval: "24h" @@ -25,7 +27,8 @@ websites-redirects-defaults: &websites_redirects_defaults group: Websites (Redirects) interval: 5m alerts: - - type: matrix + # - type: matrix + - type: custom failure-threshold: 3 success-threshold: 1 minimum-reminder-interval: "24h" From 8e75f1ad1401621e30f2c5e34cb6eb8ebab48e94 Mon Sep 17 00:00:00 2001 From: June Date: Sun, 1 Feb 2026 21:30:40 +0100 Subject: [PATCH 3/6] status(host): add monitoring for cpu.ccc.de and aliases --- .../docker_compose/config/websites.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/resources/external/status/docker_compose/config/websites.yaml b/resources/external/status/docker_compose/config/websites.yaml index d1459be..cbd899b 100644 --- a/resources/external/status/docker_compose/config/websites.yaml +++ b/resources/external/status/docker_compose/config/websites.yaml @@ -52,6 +52,14 @@ endpoints: - "[CERTIFICATE_EXPIRATION] > 48h" - "[BODY] == pat(*Cat Ears Operation Center*)" + - name: cpu.ccc.de + url: "https://cpu.ccc.de" + <<: *websites_defaults + conditions: + - "[STATUS] == 200" + - "[CERTIFICATE_EXPIRATION] > 48h" + - "[BODY] == pat(*cpu.ccc.de | aus den Dezentralen*)" + - name: cryptoparty-hamburg.de url: "https://cryptoparty-hamburg.de" <<: *websites_defaults @@ -160,6 +168,22 @@ endpoints: - "[CERTIFICATE_EXPIRATION] > 48h" - "[BODY] == pat(*Digitale Selbstverteidigung in Hamburg*)" + - name: local.ccc.de + url: "https://local.ccc.de" + <<: *websites_redirects_defaults + conditions: + - "[STATUS] == 200" + - "[CERTIFICATE_EXPIRATION] > 48h" + - "[BODY] == pat(*cpu.ccc.de | aus den Dezentralen*)" + + - name: lokal.ccc.de + url: "https://lokal.ccc.de" + <<: *websites_redirects_defaults + conditions: + - "[STATUS] == 200" + - "[CERTIFICATE_EXPIRATION] > 48h" + - "[BODY] == pat(*cpu.ccc.de | aus den Dezentralen*)" + - name: staging.cryptoparty.hamburg.ccc.de url: "https://staging.cryptoparty.hamburg.ccc.de" <<: *websites_redirects_defaults From 397285655bc03d76d829f95600495135a468a8ba Mon Sep 17 00:00:00 2001 From: June Date: Sun, 1 Feb 2026 21:38:57 +0100 Subject: [PATCH 4/6] status(host): add monitoring for spaceapi.ccc.de --- .../external/status/docker_compose/config/websites.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/resources/external/status/docker_compose/config/websites.yaml b/resources/external/status/docker_compose/config/websites.yaml index cbd899b..964a866 100644 --- a/resources/external/status/docker_compose/config/websites.yaml +++ b/resources/external/status/docker_compose/config/websites.yaml @@ -110,6 +110,14 @@ endpoints: - "[CERTIFICATE_EXPIRATION] > 48h" - "[BODY] == pat(*Wir sind der Chaos Computer Club der Hansestadt Hamburg.*)" + - name: spaceapi.ccc.de + url: "https://spaceapi.ccc.de" + <<: *websites_defaults + conditions: + - "[STATUS] == 200" + - "[CERTIFICATE_EXPIRATION] > 48h" + - "[BODY] == pat(*Kein Javascript, keine Kekse.*)" + # Websites (Staging) - name: staging.c3cat.de url: "https://staging.c3cat.de" From 536eedeffcf46560b38e6879855bf6968675424a Mon Sep 17 00:00:00 2001 From: June Date: Sun, 1 Feb 2026 22:44:42 +0100 Subject: [PATCH 5/6] status(host): add monitoring for ACME DNS --- .../external/host_vars/status.sops.yaml | 5 ++- .../status/docker_compose/compose.yaml.j2 | 1 + .../config/services-chaosknoten.yaml | 39 +++++++++++++++++++ 3 files changed, 43 insertions(+), 2 deletions(-) diff --git a/inventories/external/host_vars/status.sops.yaml b/inventories/external/host_vars/status.sops.yaml index 366b641..a67b8a1 100644 --- a/inventories/external/host_vars/status.sops.yaml +++ b/inventories/external/host_vars/status.sops.yaml @@ -1,6 +1,7 @@ ansible_pull__age_private_key: ENC[AES256_GCM,data:u0tluAG5YmXTs71/F6RjuTITCrEoJco0K7+o/F7An4OMdOAwJVBvvMCnEaYsKhLhdesnMIoA24oz2j22lKRFgZUNtkF08ZwH9gw=,iv:oqTTeOi8l6ig4vvqOKict5bqxjmiBW+kwlZhbozoCSU=,tag:ZL2wuIczCHguGJIhbY0NuQ==,type:str] secret__gatus_db_password: ENC[AES256_GCM,data:fwtdWmXVTA7odBsKnlxH7mKKGtplAt/rQqscFBAxbDky6DNqgk6PP2OsqbIEpnpzs9Yn7Kd2VAxzfJfK,iv:ox/Lm+LlxxRcssOPc++nRp6nVa2DF3/46eEsGzTOBmA=,tag:i1e71Gm01ojHr5pGy0S9rA==,type:str] secret__gatus_matrix_access_token: ENC[AES256_GCM,data:adNtFvg2LXwRiNE7mvTZNO1hXxN3qasWZrDEQOGk5mYEVH0t9pglNrM=,iv:30xXR31qmrywLP3M34u6YgsyQY348zVvt9RM4/bGhtY=,tag:vhgpON0IdQ+FS4uQ/0TpsQ==,type:str] +secret__gatus_acme_dns_update_test_x_api_key: ENC[AES256_GCM,data:rBMHvYT7g+o6Rc+edjikYT2jn4wKnkOJWOMf5Ys1zjKpsRCKEF0PZA==,iv:Tp4ELKMfhxtwaJljW4sMCVgW3KCTL89NfW2/LQTmO1Y=,tag:YMbvE0xgLTYCFXche/mvFA==,type:str] sops: age: - recipient: age1yl9ts8k6ceymaxjs72r5puetes5mtuzxuger7qgme9qkagfrm9hqzxx9qr @@ -12,8 +13,8 @@ sops: RFl1MnI1K0h2MUhvYk40d2JjbDRaUmMKNlPo1s06hVdxAamKhJy4HhNDX8PKQlq2 13PjdTJub64fydGEJng5NigcnNcPo7goGLz5QV7vE+6bO0gNZxBmmw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-18T18:40:32Z" - mac: ENC[AES256_GCM,data:7bP0fmn6TJKA8zLuXE8F47sHn1qqX33z/078KkCJx5yRSKBGyLnTeKNha8EODEBkMG0eXQ2BEQDPfNB892R5OW69xCInCa0+sEPONd3YELMvFVoM7/+avDi94X/tdJKCHVPnF/kpqnGhKlwikKlCFLIcbkfEAHJgDlze32C0QKU=,iv:1Q5dsJP2FToAYDJYWXJufHuIlXGfj93NaBWHfZ5rhHk=,tag:dFNYdMJOwUwr6/zwlRollg==,type:str] + lastmodified: "2026-02-01T21:17:51Z" + mac: ENC[AES256_GCM,data:YO5RoJnkjZeouYJa3ui/cRGLcpSzbs1Ou4D+XU9fZ6ZEc8snmLoN/e8vK91+9qigQECOc/WHHaln4ghYs6wNH+xje4ImCYL92p1RbMPvT8OoS3qu+pTF3sUfQfV/Rju61njNHA7XNAmGCxSiJQxgq2o92aoEB7qKs+AwCFEmTpE=,iv:QrRkSv4novqk3+YCnfFW59df1mvcGONTDO3zCUyXUME=,tag:oBy402SSczs3qyHhBpQqnw==,type:str] pgp: - created_at: "2026-01-15T21:23:56Z" enc: |- diff --git a/resources/external/status/docker_compose/compose.yaml.j2 b/resources/external/status/docker_compose/compose.yaml.j2 index 04abf95..ae5681b 100644 --- a/resources/external/status/docker_compose/compose.yaml.j2 +++ b/resources/external/status/docker_compose/compose.yaml.j2 @@ -25,6 +25,7 @@ services: - "POSTGRES_USER=gatus" - "POSTGRES_PASSWORD={{ secret__gatus_db_password }}" - "MATRIX_ACCESS_TOKEN={{ secret__gatus_matrix_access_token }}" + - "ACME_DNS_UPDATE_TEST_X_API_KEY={{ secret__gatus_acme_dns_update_test_x_api_key }}" volumes: - ./configs:/config networks: diff --git a/resources/external/status/docker_compose/config/services-chaosknoten.yaml b/resources/external/status/docker_compose/config/services-chaosknoten.yaml index e7b1c9c..7a8f18f 100644 --- a/resources/external/status/docker_compose/config/services-chaosknoten.yaml +++ b/resources/external/status/docker_compose/config/services-chaosknoten.yaml @@ -11,6 +11,45 @@ services-chaosknoten-defaults: &services_chaosknoten_defaults send-on-resolved: true endpoints: + - name: ACME DNS (main page/login) + url: "https://acmedns.hamburg.ccc.de" + <<: *services_chaosknoten_defaults + conditions: + - "[STATUS] == 200" + - "[CERTIFICATE_EXPIRATION] > 48h" + - "[BODY] == pat(*OAuth2 Proxy*)" + + - name: ACME DNS (update endpoint) + url: "https://acmedns.hamburg.ccc.de/update" + <<: *services_chaosknoten_defaults + method: POST + # acme-dns validates that the value for the txt is 43 characters long. + # https://github.com/joohoi/acme-dns/blob/b7a0a8a7bcef39f6158dd596fe716594a170d362/validation.go#L34-L41 + body: | + { + "subdomain": "c621ef99-3da9-4ef6-a152-3a82b9b720f8", + "txt": "________________gatus_test_________________" + } + headers: + X-Api-User: "b897048a-1526-42aa-bc24-e4dfd654b722" + X-Api-Key: "${ACME_DNS_UPDATE_TEST_X_API_KEY}" + conditions: + - "[STATUS] == 200" + - "[CERTIFICATE_EXPIRATION] > 48h" + - "[BODY].txt == ________________gatus_test_________________" + + - name: ACME DNS (DNS) + url: "acmedns.hosts.hamburg.ccc.de" + <<: *services_chaosknoten_defaults + dns: + query-name: "c621ef99-3da9-4ef6-a152-3a82b9b720f8.auth.acmedns.hamburg.ccc.de" + query-type: "TXT" + conditions: + - "[DNS_RCODE] == NOERROR" + # error: query type is not supported yet + # apparently TXT records aren't supported yet. + # - "[BODY] == ________________gatus_test_________________" + - name: CCCHH ID/Keycloak (main page/account console) url: "https://id.hamburg.ccc.de/" <<: *services_chaosknoten_defaults From 17ba7c04f243119c54253c81d6a27f880b5b79be Mon Sep 17 00:00:00 2001 From: June Date: Sun, 1 Feb 2026 23:14:15 +0100 Subject: [PATCH 6/6] acmdns(host): expose and monitor health endpoint --- .../chaosknoten/acmedns/nginx/acmedns.hamburg.ccc.de.conf | 4 ++++ .../status/docker_compose/config/services-chaosknoten.yaml | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/resources/chaosknoten/acmedns/nginx/acmedns.hamburg.ccc.de.conf b/resources/chaosknoten/acmedns/nginx/acmedns.hamburg.ccc.de.conf index b360d40..dd78d8c 100644 --- a/resources/chaosknoten/acmedns/nginx/acmedns.hamburg.ccc.de.conf +++ b/resources/chaosknoten/acmedns/nginx/acmedns.hamburg.ccc.de.conf @@ -77,6 +77,10 @@ server { proxy_pass http://127.0.0.1:8080/update; } + location = /health { # no auth by proxy required + proxy_pass http://127.0.0.1:8080/health; + } + location @oauth2_signin { return 302 /oauth2/sign_in?rd=$scheme://$host$request_uri; } diff --git a/resources/external/status/docker_compose/config/services-chaosknoten.yaml b/resources/external/status/docker_compose/config/services-chaosknoten.yaml index 7a8f18f..2c7d59f 100644 --- a/resources/external/status/docker_compose/config/services-chaosknoten.yaml +++ b/resources/external/status/docker_compose/config/services-chaosknoten.yaml @@ -19,6 +19,13 @@ endpoints: - "[CERTIFICATE_EXPIRATION] > 48h" - "[BODY] == pat(*OAuth2 Proxy*)" + - name: ACME DNS (health endpoint) + url: "https://acmedns.hamburg.ccc.de/health" + <<: *services_chaosknoten_defaults + conditions: + - "[STATUS] == 200" + - "[CERTIFICATE_EXPIRATION] > 48h" + - name: ACME DNS (update endpoint) url: "https://acmedns.hamburg.ccc.de/update" <<: *services_chaosknoten_defaults