Update all stable non-major dependencies

.forgejo/workflows/lint.yaml

@@ -24,7 +24,7 @@ jobs:
       # work in our environmnet.
       # Rather manually setup python (pip) before instead.
       - name: Run ansible-lint
-        uses: https://github.com/ansible/ansible-lint@v26.3.0
+        uses: https://github.com/ansible/ansible-lint@v26.4.0
         with:
           setup_python: "false"
           requirements_file: "requirements.yml"

inventories/chaosknoten/host_vars/netbox.yaml

@@ -1,5 +1,5 @@
 # renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox
-netbox__version: "v4.5.5"
+netbox__version: "v4.5.8"
 netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
 netbox__custom_pipeline_oidc_group_and_role_mapping: true
 

inventories/z9/host_vars/dooris.sops.yaml

@@ -1,6 +1,7 @@
 secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str]
 secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str]
 ansible_pull__age_private_key: ENC[AES256_GCM,data:Yi4ST1zDVN4dLDs9i6aajUvEzTSYvwfYIRZUC278rgdO0bGk4y6saevmqK4mUnpIpz8M+ze//1OTDTgU6K4AE1TsX8vWB7fboGE=,iv:srZYtxDXXkCu5h7HwYbMtPr7PYhhgJ8rZQ3H4TOJmTk=,tag:iq6YEEyzYd6rNoAIgdk5Sw==,type:str]
+secret__acme_dns_api_key_dooris_ccchh_net: ENC[AES256_GCM,data:1qDNE8CeXo6SA5vaZYQ/2yNUE9Y1nUkL976Qsq6D9QYCc3fIrkKMXg==,iv:clOa/vwup2QS0Yvq8JTFGhCkuviWWBPNzp0tht8WZXY=,tag:WwN035cE5AxVSpJqRqkGqw==,type:str]
 sops:
   age:
     - recipient: age1j0876shgsn7f2thxh9kx9x5uwnh45z6sy2jlk2qz5jhgedm26g5srn9kax
@@ -12,8 +13,8 @@ sops:
         OHUrNW94NGwrckFJZnVJUGZYdGJOdVkKVL+SdpbhyxrCUBECEM32Kdv/4GgDSyaq
         gNUS9OEwtgNSClVkNGtowMPCtMCwm/jOth6sJqqyiE5dTPjgXI55lw==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2026-03-30T18:52:37Z"
+  lastmodified: "2026-04-19T21:46:01Z"
-  mac: ENC[AES256_GCM,data:9x3IZbUvmKIartKj+dlA7SZN1xMg3z9DisdFHbVc2zRoIg2qbKjw+kFDOAhBhesZNl/deBWHxLoqnRQjmkML/9QLtEFbQMlU8YjXG9gmM0tj9oRNyA4RQ4rEvnUmvWau/NVv5u/rBcv/8jyzQwRdpAcxzgRybaSeA9HNAxz2kEY=,iv:kOU7tbNsBzn5oF8qT4e4u03g4kA66S33H17k16WI02Y=,tag:BRtDa3F8ZUXMpNtrTmUIGQ==,type:str]
+  mac: ENC[AES256_GCM,data:5VlEYqo7ez4EgdMqGGnelc02EoT/bCLYVbPGHth4kd+DhOaJ1EXhmVB5eiX3AwyRl2nr79z/idCDJ6R1QdfQ5v8rYnnWcqehtiIIz0RBXhbED/hN2oz48yRhIX9vCB0gjsK6cacDzTCHP0tPEsQF+Ax4uWdXNHKnZVYS70qxbEI=,iv:noc3LJdiZ10w9O6JfwTxzLUNKT74rfdTX/Gb94fP3JI=,tag:WgFpYsFO3WjrjCs/7R634w==,type:str]
   pgp:
     - created_at: "2026-04-18T22:36:25Z"
       enc: |-
@@ -206,4 +207,4 @@ sops:
         -----END PGP MESSAGE-----
       fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49
   unencrypted_suffix: _unencrypted
-  version: 3.12.1
+  version: 3.12.2

inventories/z9/host_vars/dooris.yaml

@@ -2,10 +2,15 @@ docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 're
 docker_compose__configuration_files: [ ]
 
 certbot__acme_account_email_address: le-admin@hamburg.ccc.de
-certbot__certificate_domains:
+certbot__certs:
-  - "dooris.ccchh.net"
+  - commonName: "dooris.ccchh.net"
+    challengeType: "dns-01-acme-dns"
+    dns_01_acme_dns:
+      subdomain: "37caae1f-b77f-4eb1-aa71-dc3f7ed24360"
+      apiUser: "fd42b696-a394-4e2a-8fcc-d44c9fac5d4e"
+      apiKey: "{{ secret__acme_dns_api_key_dooris_ccchh_net }}"
 certbot__new_cert_commands:
-  - "systemctl reload nginx.service"
+  - "systemctl restart nginx.service"
 
 nginx__version_spec: ""
 nginx__deploy_redirect_conf: false

resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2

@@ -2,7 +2,7 @@
 services:
   oauth2-proxy:
     container_name: oauth2-proxy
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2
     command: --config /oauth2-proxy.cfg
     hostname: oauth2-proxy
     volumes:

resources/chaosknoten/grafana/docker_compose/compose.yaml.j2

@@ -2,7 +2,7 @@
 services:
 
   prometheus:
-    image: docker.io/prom/prometheus:v3.10.0
+    image: docker.io/prom/prometheus:v3.11.2
     container_name: prometheus
     command:
       - '--config.file=/etc/prometheus/prometheus.yml'
@@ -19,7 +19,7 @@ services:
       - prom_data:/prometheus
 
   alertmanager:
-    image: docker.io/prom/alertmanager:v0.31.1
+    image: docker.io/prom/alertmanager:v0.32.0
     container_name: alertmanager
     command:
       - '--config.file=/etc/alertmanager/alertmanager.yaml'
@@ -32,7 +32,7 @@ services:
       - alertmanager_data:/alertmanager
 
   grafana:
-    image: docker.io/grafana/grafana:12.4.2
+    image: docker.io/grafana/grafana:12.4.3
     container_name: grafana
     ports:
       - 3000:3000

resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2

@@ -22,7 +22,7 @@
 
 services:
   keycloak:
-    image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.5.7
+    image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.6.0
     pull_policy: always
     restart: unless-stopped
     command: start --optimized

resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2

@@ -1,7 +1,7 @@
 ---
 services:
   ntfy:
-    image: docker.io/binwiederhier/ntfy:v2.20.1
+    image: docker.io/binwiederhier/ntfy:v2.21.0
     container_name: ntfy
     command:
       - serve

resources/chaosknoten/pad/docker_compose/compose.yaml.j2

@@ -13,7 +13,7 @@ services:
     restart: unless-stopped
 
   app:
-    image: quay.io/hedgedoc/hedgedoc:1.10.7
+    image: quay.io/hedgedoc/hedgedoc:1.10.8
     environment:
       - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
       - "CMD_DOMAIN=pad.hamburg.ccc.de"

resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2

@@ -23,7 +23,7 @@ services:
       - pretalx_net
 
   static:
-    image: docker.io/library/nginx:1.29.7
+    image: docker.io/library/nginx:1.30.0
     restart: unless-stopped
     volumes:
       - public:/usr/share/nginx/html