Update all stable non-major dependencies

.forgejo/workflows/lint.yaml

@@ -24,7 +24,7 @@ jobs:
       # work in our environmnet.
       # Rather manually setup python (pip) before instead.
       - name: Run ansible-lint
-        uses: https://github.com/ansible/ansible-lint@v26.3.0
+        uses: https://github.com/ansible/ansible-lint@v26.4.0
         with:
           setup_python: "false"
           requirements_file: "requirements.yml"

inventories/chaosknoten/host_vars/netbox.yaml

@@ -1,5 +1,5 @@
 # renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox
-netbox__version: "v4.5.5"
+netbox__version: "v4.5.7"
 netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
 netbox__custom_pipeline_oidc_group_and_role_mapping: true
 

inventories/z9/host_vars/light.sops.yaml

@@ -1,4 +1,7 @@
 ansible_pull__age_private_key: ENC[AES256_GCM,data:VEGxr8C7RlEhyQhf+to/OrbfPPKkyL7iUU1yDXGAzmmPCQ4VftK71eiyN7OS6pG8J89Mj4Sy/dcY4SUX+rTl/q1csZMn9t4NBN8=,iv:JcrdyFLX5srZfRj9SA+RXf+CRZi5GEcApgyYsHoHTGE=,tag:xdJ4GmK3afZDkXmkrriStg==,type:str]
+secret__acme_dns_api_key_light_ccchh_net: ENC[AES256_GCM,data:SLUNVJQ4Nkos+tYH0l9ndJI8mrfZFC9i/qQqkcHgfLaNjL1tFuAFfQ==,iv:cc7DsiqzMlc2lh3D63cElMQcOeYT7oNxmRy7irSr9/s=,tag:dBnTAJXvgWlmq5vVGxrykw==,type:str]
+secret__acme_dns_api_key_light_z9_ccchh_net: ENC[AES256_GCM,data:m6+Sk533qTRfhrwv7U2RydJh/j7KjJKHiEetyzgvJV1dgWXmE5AhYA==,iv:lAGv4vfxA+DQfwaHiDp3NMel0tjmZl96nKUAN8QGFe4=,tag:h0wM/F9E4dIy+NYLIVUpxg==,type:str]
+secret__acme_dns_api_key_light_werkstatt_ccchh_net: ENC[AES256_GCM,data:zJ9hQo1jmQ5+d0oU+CD+cQh89HshPpguZCak7Nfjdb2bygUXJrEIIw==,iv:y+FSB/k5LixKJOm9egWsjhByQAdv7TfJHvv3job2oYg=,tag:CmuUqnCI3V/aOOUitzYT9Q==,type:str]
 sops:
   age:
     - recipient: age1llkxtfx4dgnezmukj4ganx4ql9k4ga4ca9zuanf5r568jfp8peeqal490q
@@ -10,8 +13,8 @@ sops:
         SHgzd0IvZjJBamZFcHczNm1FN1Q1TzAKDgId6bAykxsgXAeBWXd6Dyxiiyh0gIb/
         Q6MHNtagsA5OrUtc7xEInVt8CYT8czI/Lr9pHzmx5bQPlDf8NkW0lA==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2026-03-30T18:56:30Z"
-  mac: ENC[AES256_GCM,data:XQJwF0MuaNoNssD3QvcDrlz+W7cccDdBaY82i6Qae7zBOQKlxLRJ7FteaDQEmQ7Yb1xBczpS+wBLgKNy5WbwIm8GELX1Hs91Y/SUguCnSualWhSVw9HW42T4oP9OEv2DC2aiJYHampSOgjmWgbPqawCU9xfsnP7RFGajQNNmRWU=,iv:O+A6tGFLhS4AVjLQ25eEjUfERPG2PnzgczZ0wczf7UY=,tag:yjFBjKtSE6vu9JMY9DQ0UA==,type:str]
+  lastmodified: "2026-04-11T01:24:10Z"
+  mac: ENC[AES256_GCM,data:D7qAgDZX8B0oNdZovHE74sSZI5X3qd8oDPHWl13Q2ohLnp9vJsFxrKntXxeeHASzQceDv2RQ1exwq7ZPor62sLFx+xO1Dc0Awpq1eoclDlHPyKlvT3pgkcB8IxDO/FuO+7hg/bJkmTHhbHTiHLGQDWN2sQev309Eka86lQyCzIQ=,iv:OBCobeUp+GwdDQhrNtTJhiRVMxRJafq5g1rhMoEFhjc=,tag:OSAWMn2NPZnVKcRX+eJf+Q==,type:str]
   pgp:
     - created_at: "2026-03-30T19:01:24Z"
       enc: |-
@@ -213,4 +216,4 @@ sops:
         -----END PGP MESSAGE-----
       fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49
   unencrypted_suffix: _unencrypted
-  version: 3.12.1
+  version: 3.12.2

inventories/z9/host_vars/light.yaml

@@ -60,9 +60,24 @@ nginx__configurations:
     content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/http_handler.conf') }}"
 
 certbot__acme_account_email_address: le-admin@hamburg.ccc.de
-certbot__certificate_domains:
-  - "light-werkstatt.ccchh.net"
-  - "light.ccchh.net"
-  - "light.z9.ccchh.net"
+certbot__certs:
+  - commonName: "light.ccchh.net"
+    challengeType: "dns-01-acme-dns"
+    dns_01_acme_dns:
+      subdomain: "e59f55ee-9013-469d-a146-a159721b6fea"
+      apiUser: "33e96ec7-1f98-4f70-92be-85a42dabd211"
+      apiKey: "{{ secret__acme_dns_api_key_light_ccchh_net }}"
+  - commonName: "light.z9.ccchh.net"
+    challengeType: "dns-01-acme-dns"
+    dns_01_acme_dns:
+      subdomain: "3bc9e7ce-03dd-4533-a059-b5d38407eaa5"
+      apiUser: "c3b00882-ca2a-4d11-9ebd-fccfb8618b75"
+      apiKey: "{{ secret__acme_dns_api_key_light_z9_ccchh_net }}"
+  - commonName: "light-werkstatt.ccchh.net"
+    challengeType: "dns-01-acme-dns"
+    dns_01_acme_dns:
+      subdomain: "f408acc0-d9f5-4525-bb01-28938e3bb7d0"
+      apiUser: "a030e419-6ed8-43ee-8425-a451b457f83a"
+      apiKey: "{{ secret__acme_dns_api_key_light_werkstatt_ccchh_net }}"
 certbot__new_cert_commands:
   - "systemctl reload nginx.service"

resources/chaosknoten/grafana/docker_compose/compose.yaml.j2

@@ -2,7 +2,7 @@
 services:
 
   prometheus:
-    image: docker.io/prom/prometheus:v3.10.0
+    image: docker.io/prom/prometheus:v3.11.1
     container_name: prometheus
     command:
       - '--config.file=/etc/prometheus/prometheus.yml'
@@ -19,7 +19,7 @@ services:
       - prom_data:/prometheus
 
   alertmanager:
-    image: docker.io/prom/alertmanager:v0.31.1
+    image: docker.io/prom/alertmanager:v0.32.0
     container_name: alertmanager
     command:
       - '--config.file=/etc/alertmanager/alertmanager.yaml'

resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2

@@ -1,7 +1,7 @@
 ---
 services:
   ntfy:
-    image: docker.io/binwiederhier/ntfy:v2.20.1
+    image: docker.io/binwiederhier/ntfy:v2.21.0
     container_name: ntfy
     command:
       - serve

resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2

@@ -23,7 +23,7 @@ services:
       - pretalx_net
 
   static:
-    image: docker.io/library/nginx:1.29.7
+    image: docker.io/library/nginx:1.29.8
     restart: unless-stopped
     volumes:
       - public:/usr/share/nginx/html