diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index bdd53f5..600d044 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -24,7 +24,7 @@ jobs: # work in our environmnet. # Rather manually setup python (pip) before instead. - name: Run ansible-lint - uses: https://github.com/ansible/ansible-lint@v26.3.0 + uses: https://github.com/ansible/ansible-lint@v26.4.0 with: setup_python: "false" requirements_file: "requirements.yml" diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml index f28d193..92928dc 100644 --- a/inventories/chaosknoten/host_vars/netbox.yaml +++ b/inventories/chaosknoten/host_vars/netbox.yaml @@ -1,5 +1,5 @@ # renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox -netbox__version: "v4.5.5" +netbox__version: "v4.5.8" netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}" netbox__custom_pipeline_oidc_group_and_role_mapping: true diff --git a/inventories/z9/host_vars/dooris.sops.yaml b/inventories/z9/host_vars/dooris.sops.yaml index 7b44e7c..11f20cc 100644 --- a/inventories/z9/host_vars/dooris.sops.yaml +++ b/inventories/z9/host_vars/dooris.sops.yaml @@ -1,6 +1,7 @@ secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str] secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str] ansible_pull__age_private_key: ENC[AES256_GCM,data:Yi4ST1zDVN4dLDs9i6aajUvEzTSYvwfYIRZUC278rgdO0bGk4y6saevmqK4mUnpIpz8M+ze//1OTDTgU6K4AE1TsX8vWB7fboGE=,iv:srZYtxDXXkCu5h7HwYbMtPr7PYhhgJ8rZQ3H4TOJmTk=,tag:iq6YEEyzYd6rNoAIgdk5Sw==,type:str] +secret__acme_dns_api_key_dooris_ccchh_net: ENC[AES256_GCM,data:1qDNE8CeXo6SA5vaZYQ/2yNUE9Y1nUkL976Qsq6D9QYCc3fIrkKMXg==,iv:clOa/vwup2QS0Yvq8JTFGhCkuviWWBPNzp0tht8WZXY=,tag:WwN035cE5AxVSpJqRqkGqw==,type:str] sops: age: - recipient: age1j0876shgsn7f2thxh9kx9x5uwnh45z6sy2jlk2qz5jhgedm26g5srn9kax @@ -12,8 +13,8 @@ sops: OHUrNW94NGwrckFJZnVJUGZYdGJOdVkKVL+SdpbhyxrCUBECEM32Kdv/4GgDSyaq gNUS9OEwtgNSClVkNGtowMPCtMCwm/jOth6sJqqyiE5dTPjgXI55lw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-30T18:52:37Z" - mac: ENC[AES256_GCM,data:9x3IZbUvmKIartKj+dlA7SZN1xMg3z9DisdFHbVc2zRoIg2qbKjw+kFDOAhBhesZNl/deBWHxLoqnRQjmkML/9QLtEFbQMlU8YjXG9gmM0tj9oRNyA4RQ4rEvnUmvWau/NVv5u/rBcv/8jyzQwRdpAcxzgRybaSeA9HNAxz2kEY=,iv:kOU7tbNsBzn5oF8qT4e4u03g4kA66S33H17k16WI02Y=,tag:BRtDa3F8ZUXMpNtrTmUIGQ==,type:str] + lastmodified: "2026-04-19T21:46:01Z" + mac: ENC[AES256_GCM,data:5VlEYqo7ez4EgdMqGGnelc02EoT/bCLYVbPGHth4kd+DhOaJ1EXhmVB5eiX3AwyRl2nr79z/idCDJ6R1QdfQ5v8rYnnWcqehtiIIz0RBXhbED/hN2oz48yRhIX9vCB0gjsK6cacDzTCHP0tPEsQF+Ax4uWdXNHKnZVYS70qxbEI=,iv:noc3LJdiZ10w9O6JfwTxzLUNKT74rfdTX/Gb94fP3JI=,tag:WgFpYsFO3WjrjCs/7R634w==,type:str] pgp: - created_at: "2026-04-18T22:36:25Z" enc: |- @@ -206,4 +207,4 @@ sops: -----END PGP MESSAGE----- fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49 unencrypted_suffix: _unencrypted - version: 3.12.1 + version: 3.12.2 diff --git a/inventories/z9/host_vars/dooris.yaml b/inventories/z9/host_vars/dooris.yaml index 3bfd55d..3792153 100644 --- a/inventories/z9/host_vars/dooris.yaml +++ b/inventories/z9/host_vars/dooris.yaml @@ -2,10 +2,15 @@ docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 're docker_compose__configuration_files: [ ] certbot__acme_account_email_address: le-admin@hamburg.ccc.de -certbot__certificate_domains: - - "dooris.ccchh.net" +certbot__certs: + - commonName: "dooris.ccchh.net" + challengeType: "dns-01-acme-dns" + dns_01_acme_dns: + subdomain: "37caae1f-b77f-4eb1-aa71-dc3f7ed24360" + apiUser: "fd42b696-a394-4e2a-8fcc-d44c9fac5d4e" + apiKey: "{{ secret__acme_dns_api_key_dooris_ccchh_net }}" certbot__new_cert_commands: - - "systemctl reload nginx.service" + - "systemctl restart nginx.service" nginx__version_spec: "" nginx__deploy_redirect_conf: false diff --git a/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 b/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 index 3fcd8c6..c68973f 100644 --- a/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: oauth2-proxy: container_name: oauth2-proxy - image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1 + image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2 command: --config /oauth2-proxy.cfg hostname: oauth2-proxy volumes: diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index 8c38500..56e516d 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: prometheus: - image: docker.io/prom/prometheus:v3.10.0 + image: docker.io/prom/prometheus:v3.11.2 container_name: prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' @@ -19,7 +19,7 @@ services: - prom_data:/prometheus alertmanager: - image: docker.io/prom/alertmanager:v0.31.1 + image: docker.io/prom/alertmanager:v0.32.0 container_name: alertmanager command: - '--config.file=/etc/alertmanager/alertmanager.yaml' @@ -32,7 +32,7 @@ services: - alertmanager_data:/alertmanager grafana: - image: docker.io/grafana/grafana:12.4.2 + image: docker.io/grafana/grafana:12.4.3 container_name: grafana ports: - 3000:3000 diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index d239bb4..8db3526 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -22,7 +22,7 @@ services: keycloak: - image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.5.7 + image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.6.0 pull_policy: always restart: unless-stopped command: start --optimized diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 index af1b531..9b16db4 100644 --- a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: ntfy: - image: docker.io/binwiederhier/ntfy:v2.20.1 + image: docker.io/binwiederhier/ntfy:v2.21.0 container_name: ntfy command: - serve diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index db60eb9..1d35832 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -13,7 +13,7 @@ services: restart: unless-stopped app: - image: quay.io/hedgedoc/hedgedoc:1.10.7 + image: quay.io/hedgedoc/hedgedoc:1.10.8 environment: - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc" - "CMD_DOMAIN=pad.hamburg.ccc.de" diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 0bbfcb8..a3f19fa 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -23,7 +23,7 @@ services: - pretalx_net static: - image: docker.io/library/nginx:1.29.7 + image: docker.io/library/nginx:1.30.0 restart: unless-stopped volumes: - public:/usr/share/nginx/html