CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 6 Pull requests 9 Wiki Activity Actions

Compare commits

base: CCCHH:4c4ce69f7e0c7e8c6cb83db7709ae2ffb51fbf00
Branches Tags
CCCHH:main
CCCHH:renovate/docker.io-pretalx-standalone-2026.x
CCCHH:add-basic-tags
CCCHH:add-systemd-resolved-config-role
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/major-grafana-monorepo
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:renovate/all-stable-minor-patch
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops
...
compare: CCCHH:deec1534070b50fc5e71688f77bf3728fea7415d
Branches Tags
CCCHH:renovate/docker.io-pretalx-standalone-2026.x
CCCHH:add-basic-tags
CCCHH:add-systemd-resolved-config-role
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/major-grafana-monorepo
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:renovate/all-stable-minor-patch
CCCHH:main
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops

2 commits
4c4ce69f7e ... deec153407

Author SHA1 Message Date
Renovate
deec153407 Update all stable non-major dependencies
All checks were successful
/ Ansible Lint (pull_request) Successful in 3m7s
Details
/ Ansible Lint (push) Successful in 3m8s
Details
2026-04-20 00:46:36 +00:00
bitwhisker
ec4dd36178
 		dooris(host): move to dns-01-acme-dns
All checks were successful
/ Ansible Lint (pull_request) Successful in 2m19s
Details
/ Ansible Lint (push) Successful in 2m28s
Details
2026-04-19 23:48:11 +02:00
10 changed files with 22 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.forgejo/workflows/lint.yaml
View file

@ -24,7 +24,7 @@ jobs:
# work in our environmnet. # work in our environmnet.
# Rather manually setup python (pip) before instead. # Rather manually setup python (pip) before instead.
- name: Run ansible-lint - name: Run ansible-lint
uses: https://github.com/ansible/ansible-lint@v26.3.0 uses: https://github.com/ansible/ansible-lint@v26.4.0
with: with:
setup_python: "false" setup_python: "false"
requirements_file: "requirements.yml" requirements_file: "requirements.yml"

2
inventories/chaosknoten/host_vars/netbox.yaml
View file

@ -1,5 +1,5 @@
# renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox # renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox
netbox__version: "v4.5.5" netbox__version: "v4.5.8"
netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}" netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
netbox__custom_pipeline_oidc_group_and_role_mapping: true netbox__custom_pipeline_oidc_group_and_role_mapping: true

7
inventories/z9/host_vars/dooris.sops.yaml
View file

@ -1,6 +1,7 @@
secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str] secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str]
secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str] secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str]
ansible_pull__age_private_key: ENC[AES256_GCM,data:Yi4ST1zDVN4dLDs9i6aajUvEzTSYvwfYIRZUC278rgdO0bGk4y6saevmqK4mUnpIpz8M+ze//1OTDTgU6K4AE1TsX8vWB7fboGE=,iv:srZYtxDXXkCu5h7HwYbMtPr7PYhhgJ8rZQ3H4TOJmTk=,tag:iq6YEEyzYd6rNoAIgdk5Sw==,type:str] ansible_pull__age_private_key: ENC[AES256_GCM,data:Yi4ST1zDVN4dLDs9i6aajUvEzTSYvwfYIRZUC278rgdO0bGk4y6saevmqK4mUnpIpz8M+ze//1OTDTgU6K4AE1TsX8vWB7fboGE=,iv:srZYtxDXXkCu5h7HwYbMtPr7PYhhgJ8rZQ3H4TOJmTk=,tag:iq6YEEyzYd6rNoAIgdk5Sw==,type:str]
secret__acme_dns_api_key_dooris_ccchh_net: ENC[AES256_GCM,data:1qDNE8CeXo6SA5vaZYQ/2yNUE9Y1nUkL976Qsq6D9QYCc3fIrkKMXg==,iv:clOa/vwup2QS0Yvq8JTFGhCkuviWWBPNzp0tht8WZXY=,tag:WwN035cE5AxVSpJqRqkGqw==,type:str]
sops: sops:
age: age:
- recipient: age1j0876shgsn7f2thxh9kx9x5uwnh45z6sy2jlk2qz5jhgedm26g5srn9kax - recipient: age1j0876shgsn7f2thxh9kx9x5uwnh45z6sy2jlk2qz5jhgedm26g5srn9kax
@ -12,8 +13,8 @@ sops:
OHUrNW94NGwrckFJZnVJUGZYdGJOdVkKVL+SdpbhyxrCUBECEM32Kdv/4GgDSyaq OHUrNW94NGwrckFJZnVJUGZYdGJOdVkKVL+SdpbhyxrCUBECEM32Kdv/4GgDSyaq
gNUS9OEwtgNSClVkNGtowMPCtMCwm/jOth6sJqqyiE5dTPjgXI55lw== gNUS9OEwtgNSClVkNGtowMPCtMCwm/jOth6sJqqyiE5dTPjgXI55lw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-30T18:52:37Z" lastmodified: "2026-04-19T21:46:01Z"
mac: ENC[AES256_GCM,data:9x3IZbUvmKIartKj+dlA7SZN1xMg3z9DisdFHbVc2zRoIg2qbKjw+kFDOAhBhesZNl/deBWHxLoqnRQjmkML/9QLtEFbQMlU8YjXG9gmM0tj9oRNyA4RQ4rEvnUmvWau/NVv5u/rBcv/8jyzQwRdpAcxzgRybaSeA9HNAxz2kEY=,iv:kOU7tbNsBzn5oF8qT4e4u03g4kA66S33H17k16WI02Y=,tag:BRtDa3F8ZUXMpNtrTmUIGQ==,type:str] mac: ENC[AES256_GCM,data:5VlEYqo7ez4EgdMqGGnelc02EoT/bCLYVbPGHth4kd+DhOaJ1EXhmVB5eiX3AwyRl2nr79z/idCDJ6R1QdfQ5v8rYnnWcqehtiIIz0RBXhbED/hN2oz48yRhIX9vCB0gjsK6cacDzTCHP0tPEsQF+Ax4uWdXNHKnZVYS70qxbEI=,iv:noc3LJdiZ10w9O6JfwTxzLUNKT74rfdTX/Gb94fP3JI=,tag:WgFpYsFO3WjrjCs/7R634w==,type:str]
pgp: pgp:
- created_at: "2026-04-18T22:36:25Z" - created_at: "2026-04-18T22:36:25Z"
enc: |- enc: |-
@ -206,4 +207,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49 fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.1 version: 3.12.2

11
inventories/z9/host_vars/dooris.yaml
View file

@ -2,10 +2,15 @@ docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 're
docker_compose__configuration_files: [ ] docker_compose__configuration_files: [ ]
certbot__acme_account_email_address: le-admin@hamburg.ccc.de certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains: certbot__certs:
- "dooris.ccchh.net" - commonName: "dooris.ccchh.net"
challengeType: "dns-01-acme-dns"
dns_01_acme_dns:
subdomain: "37caae1f-b77f-4eb1-aa71-dc3f7ed24360"
apiUser: "fd42b696-a394-4e2a-8fcc-d44c9fac5d4e"
apiKey: "{{ secret__acme_dns_api_key_dooris_ccchh_net }}"
certbot__new_cert_commands: certbot__new_cert_commands:
- "systemctl reload nginx.service" - "systemctl restart nginx.service"
nginx__version_spec: "" nginx__version_spec: ""
nginx__deploy_redirect_conf: false nginx__deploy_redirect_conf: false

2
resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2
View file

@ -2,7 +2,7 @@
services: services:
oauth2-proxy: oauth2-proxy:
container_name: oauth2-proxy container_name: oauth2-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1 image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2
command: --config /oauth2-proxy.cfg command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy hostname: oauth2-proxy
volumes: volumes:

6
resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
View file

@ -2,7 +2,7 @@
services: services:
prometheus: prometheus:
image: docker.io/prom/prometheus:v3.10.0 image: docker.io/prom/prometheus:v3.11.2
container_name: prometheus container_name: prometheus
command: command:
- '--config.file=/etc/prometheus/prometheus.yml' - '--config.file=/etc/prometheus/prometheus.yml'
@ -19,7 +19,7 @@ services:
- prom_data:/prometheus - prom_data:/prometheus
alertmanager: alertmanager:
image: docker.io/prom/alertmanager:v0.31.1 image: docker.io/prom/alertmanager:v0.32.0
container_name: alertmanager container_name: alertmanager
command: command:
- '--config.file=/etc/alertmanager/alertmanager.yaml' - '--config.file=/etc/alertmanager/alertmanager.yaml'
@ -32,7 +32,7 @@ services:
- alertmanager_data:/alertmanager - alertmanager_data:/alertmanager
grafana: grafana:
image: docker.io/grafana/grafana:12.4.2 image: docker.io/grafana/grafana:12.4.3
container_name: grafana container_name: grafana
ports: ports:
- 3000:3000 - 3000:3000

2
resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
View file

@ -22,7 +22,7 @@
services: services:
keycloak: keycloak:
image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.5.7 image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.6.0
pull_policy: always pull_policy: always
restart: unless-stopped restart: unless-stopped
command: start --optimized command: start --optimized

2
resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2
View file

@ -1,7 +1,7 @@
--- ---
services: services:
ntfy: ntfy:
image: docker.io/binwiederhier/ntfy:v2.20.1 image: docker.io/binwiederhier/ntfy:v2.21.0
container_name: ntfy container_name: ntfy
command: command:
- serve - serve

2
resources/chaosknoten/pad/docker_compose/compose.yaml.j2
View file

@ -13,7 +13,7 @@ services:
restart: unless-stopped restart: unless-stopped
app: app:
image: quay.io/hedgedoc/hedgedoc:1.10.7 image: quay.io/hedgedoc/hedgedoc:1.10.8
environment: environment:
- "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc" - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
- "CMD_DOMAIN=pad.hamburg.ccc.de" - "CMD_DOMAIN=pad.hamburg.ccc.de"

2
resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
View file

@ -23,7 +23,7 @@ services:
- pretalx_net - pretalx_net
static: static:
image: docker.io/library/nginx:1.29.7 image: docker.io/library/nginx:1.30.0
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- public:/usr/share/nginx/html - public:/usr/share/nginx/html