From 3541c68357d2e8367714b414a9ac6d828670ba2b Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Tue, 19 May 2026 11:01:51 +0200
Subject: [PATCH 1/2] disable dnssec for catalog zones on auth-dns

Catalog zones are not real zones in the DNS hierarchy and don't
have a parent zone. Therefore they will never have a valid DNSSEC
delegation so we should skip signing those zones.
---
 roles/knot/templates/knot.conf.j2 | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/knot/templates/knot.conf.j2 b/roles/knot/templates/knot.conf.j2
index c661e25..45a0f8d 100644
--- a/roles/knot/templates/knot.conf.j2
+++ b/roles/knot/templates/knot.conf.j2
@@ -67,8 +67,7 @@ template:
   # template for automatically created special zones
   - id: catalog
     catalog-role: generate
-    dnssec-signing: on
-    dnssec-policy: default
+    dnssec-signing: off
 
 
 # define zones on this server

From dbf71420a337529b1c7477eb132b96768fe33d55 Mon Sep 17 00:00:00 2001
From: Renovate <no-reply@git.hamburg.ccc.de>
Date: Tue, 19 May 2026 09:16:08 +0000
Subject: [PATCH 2/2] Update docker.io/library/mariadb Docker tag to v12

---
 resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
index c2108d8..f359f47 100644
--- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2
@@ -3,7 +3,7 @@
 
 services:
   database:
-    image: docker.io/library/mariadb:11
+    image: docker.io/library/mariadb:12
     environment:
       - "MARIADB_DATABASE=wordpress"
       - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"