From 73e77bde703ce52026e19edd56d482e89afa46ba Mon Sep 17 00:00:00 2001 From: June Date: Mon, 18 May 2026 18:14:51 +0200 Subject: [PATCH 1/3] tag plays in playbooks (instead of tasks in roles) --- playbooks/deploy.yaml | 43 +++++++++++++++++++ playbooks/maintenance.yaml | 6 +++ .../handlers/main.yaml | 1 - .../tasks/disable.yaml | 3 -- .../tasks/enable.yaml | 4 -- .../tasks/main.yaml | 2 - roles/knot/handlers/main.yaml | 3 -- roles/knot/tasks/01-install.yaml | 1 - roles/knot/tasks/02-configure.yaml | 4 -- roles/knot/tasks/03-configure-exporter.yaml | 2 - 10 files changed, 49 insertions(+), 20 deletions(-) diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index a3b047b..ad866cc 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -3,69 +3,98 @@ hosts: base_config_hosts roles: - base_config + tags: + - base_config - name: Ensure systemd-networkd config deployment on systemd_networkd_hosts hosts: systemd_networkd_hosts roles: - systemd_networkd + tags: + - systemd_networkd - name: Ensure nftables deployment on nftables_hosts hosts: nftables_hosts roles: - nftables + tags: + - nftables - name: Ensure deployment of infrastructure authorized keys hosts: infrastructure_authorized_keys_hosts roles: - infrastructure_authorized_keys + tags: + - infrastructure_authorized_keys - name: Ensure Nextcloud config hosts: nextcloud_hosts roles: - nextcloud + tags: + - nextcloud - name: Ensure ola deployment on ola_hosts hosts: ola_hosts roles: - ola + tags: + - ola - name: Ensure foobazdmx deployment on foobazdmx_hosts hosts: foobazdmx_hosts roles: - foobazdmx + tags: + - foobazdmx - name: Ensure Dokuwiki config hosts: wiki_hosts roles: - dokuwiki + tags: + - dokuwiki - name: Ensure NetBox deployment on netbox_hosts hosts: netbox_hosts roles: - netbox + tags: + - netbox - name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs hosts: nginx_hosts:&public_reverse_proxy_hosts roles: - nginx + tags: + - nginx + - public_reverse_proxy - name: Ensure certbot and certificate deployment on certbot_hosts hosts: certbot_hosts roles: - certbot + tags: + - certbot - name: Ensure OnlyOffice custom fonts ansible.builtin.import_playbook: onlyoffice_fonts.yaml + tags: + - onlyoffice_fonts - name: Ensure Docker Compose deployment on docker_compose_hosts hosts: docker_compose_hosts roles: - docker_compose + tags: + - docker_compose - name: Ensure NGINX deployment on nginx_hosts hosts: nginx_hosts:!public_reverse_proxy_hosts roles: - nginx + tags: + - nginx - name: Configure unattended upgrades for all non-hypervisors hosts: all:!hypervisors @@ -77,32 +106,46 @@ - "o=${distro_id},n=${distro_codename}" - "o=Docker,n=${distro_codename}" - "o=nginx,n=${distro_codename}" + tags: + - unattended_upgrades - name: Ensure Alloy is installed and Setup on alloy_hosts hosts: alloy_hosts become: true roles: - alloy + tags: + - alloy - name: Ensure ansible_pull deployment on ansible_pull_hosts hosts: ansible_pull_hosts roles: - ansible_pull + tags: + - ansible_pull - name: Ensure msmtp is setup on msmtp_hosts hosts: msmtp_hosts roles: - msmtp + tags: + - msmtp - name: Ensure Renovate is setup on renovate_hosts hosts: renovate_hosts roles: - renovate + tags: + - renovate - name: Run ensure_eh22_styleguide_dir Playbook ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml + tags: + - eh22_styleguide_dir - name: Setup authoritative dns servers hosts: auth-dns roles: - knot + tags: + - knot diff --git a/playbooks/maintenance.yaml b/playbooks/maintenance.yaml index c912a53..9fe3886 100644 --- a/playbooks/maintenance.yaml +++ b/playbooks/maintenance.yaml @@ -1,5 +1,7 @@ - name: Ensure NGINX repo setup and nginx install on relevant hosts hosts: nginx_hosts:nextcloud_hosts + tags: + - nextcloud_nginx tasks: - name: Ensure NGINX repo is setup ansible.builtin.include_role: @@ -13,6 +15,8 @@ - name: Ensure Docker repo setup and package install on relevant hosts hosts: docker_compose_hosts:nextcloud_hosts + tags: + - nextcloud_docker tasks: - name: Ensure Docker repo is setup ansible.builtin.include_role: @@ -28,6 +32,8 @@ hosts: all:!hypervisors roles: - apt_update_and_upgrade + tags: + - apt_update_and_upgrade - name: Run deploy Playbook ansible.builtin.import_playbook: deploy.yaml diff --git a/roles/deploy_systemd_resolved_config/handlers/main.yaml b/roles/deploy_systemd_resolved_config/handlers/main.yaml index b40760b..05b7521 100644 --- a/roles/deploy_systemd_resolved_config/handlers/main.yaml +++ b/roles/deploy_systemd_resolved_config/handlers/main.yaml @@ -1,6 +1,5 @@ --- - name: "reload systemd-resolved" - tags: [ "deploy_systemd_resolved_config" ] become: true ansible.builtin.systemd: name: "systemd-resolved.service" diff --git a/roles/deploy_systemd_resolved_config/tasks/disable.yaml b/roles/deploy_systemd_resolved_config/tasks/disable.yaml index 9092116..afa646a 100644 --- a/roles/deploy_systemd_resolved_config/tasks/disable.yaml +++ b/roles/deploy_systemd_resolved_config/tasks/disable.yaml @@ -1,13 +1,11 @@ --- - name: Ensure /etc/resolv.conf is a plain file - tags: [ "deploy_systemd_resolved_config" ] become: true ansible.builtin.file: path: "/etc/resolv.conf" state: file - name: Write nameserver config directly into /etc/resolv.conf - tags: [ "deploy_systemd_resolved_config" ] become: true ansible.builtin.template: src: "resolv.conf.j2" @@ -17,7 +15,6 @@ mode: u=rw,g=r,o=r - name: Disable systemd-resolved - tags: [ "deploy_systemd_resolved_config" ] become: true ansible.builtin.systemd: name: "systemd-resolved.service" diff --git a/roles/deploy_systemd_resolved_config/tasks/enable.yaml b/roles/deploy_systemd_resolved_config/tasks/enable.yaml index 9a7438e..2659c32 100644 --- a/roles/deploy_systemd_resolved_config/tasks/enable.yaml +++ b/roles/deploy_systemd_resolved_config/tasks/enable.yaml @@ -1,13 +1,11 @@ --- - name: Ensure systemd-resolved is installed - tags: [ "deploy_systemd_resolved_config" ] become: true when: ansible_facts["distribution"] == "Debian" ansible.builtin.package: name: [ "systemd-resolved" ] - name: Deploy systemd-resolved config - tags: [ "deploy_systemd_resolved_config" ] become: true notify: "reload systemd-resolved" ansible.builtin.template: @@ -18,7 +16,6 @@ mode: u=rw,g=r,o=r - name: Make /etc/resolv.conf points to systemd-resolved - tags: [ "deploy_systemd_resolved_config" ] become: true when: deploy_systemd_resolved_config__mode != "extern" ansible.builtin.file: # noqa: jinja @@ -35,7 +32,6 @@ {%- endif -%} - name: Ensure systemd-resolved is running and enabled - tags: [ "deploy_systemd_resolved_config" ] become: true ansible.builtin.systemd: name: systemd-resolved.service diff --git a/roles/deploy_systemd_resolved_config/tasks/main.yaml b/roles/deploy_systemd_resolved_config/tasks/main.yaml index 00bc293..00558dc 100644 --- a/roles/deploy_systemd_resolved_config/tasks/main.yaml +++ b/roles/deploy_systemd_resolved_config/tasks/main.yaml @@ -1,10 +1,8 @@ --- - name: Include enable.yaml - tags: [ "deploy_systemd_resolved_config" ] ansible.builtin.include_tasks: enable.yaml when: deploy_systemd_resolved_config__enable - name: Include disable.yaml - tags: [ "deploy_systemd_resolved_config" ] ansible.builtin.include_tasks: disable.yaml when: not deploy_systemd_resolved_config__enable diff --git a/roles/knot/handlers/main.yaml b/roles/knot/handlers/main.yaml index 38fce75..feb3ceb 100644 --- a/roles/knot/handlers/main.yaml +++ b/roles/knot/handlers/main.yaml @@ -1,19 +1,16 @@ --- - name: reload knot - tags: [ auth-dns ] become: true ansible.builtin.systemd: name: knot.service state: reloaded - name: netplan apply - tags: [ auth-dns ] become: true changed_when: true ansible.builtin.command: "netplan apply" - name: restart knot-exporter - tags: [ auth-dns ] become: true ansible.builtin.systemd: name: knot-exporter.service diff --git a/roles/knot/tasks/01-install.yaml b/roles/knot/tasks/01-install.yaml index 0a269d6..8a5feed 100644 --- a/roles/knot/tasks/01-install.yaml +++ b/roles/knot/tasks/01-install.yaml @@ -1,6 +1,5 @@ --- - name: Install knot - tags: [ auth-dns ] become: true ansible.builtin.package: name: diff --git a/roles/knot/tasks/02-configure.yaml b/roles/knot/tasks/02-configure.yaml index 2b0b0fa..a2a8e55 100644 --- a/roles/knot/tasks/02-configure.yaml +++ b/roles/knot/tasks/02-configure.yaml @@ -1,6 +1,5 @@ --- - name: Ensure required directories exist - tags: [ auth-dns ] become: true loop: [ "/etc/knot", "/etc/knot/zones" ] ansible.builtin.file: @@ -11,7 +10,6 @@ mode: u=rwx,g=rx,o= - name: Deploy knot configuration file - tags: [ auth-dns ] become: true notify: reload knot ansible.builtin.template: @@ -22,7 +20,6 @@ mode: u=rw,g=r,o= - name: Deploy configured zones - tags: [ auth-dns ] become: true notify: reload knot loop: "{{ knot__zones }}" @@ -42,7 +39,6 @@ # this results in outgoing zone transfers failing because knot will prefer to use the dynamic address over the statically configured one. # so because we are configuring a DNS Nameserver where known IP-Addresses are actually important for ACL reasons, SLAAC is disabled - name: Disable IPv6 SLAAC - tags: [ auth-dns ] become: true notify: netplan apply ansible.builtin.template: diff --git a/roles/knot/tasks/03-configure-exporter.yaml b/roles/knot/tasks/03-configure-exporter.yaml index 4254acb..8077ecd 100644 --- a/roles/knot/tasks/03-configure-exporter.yaml +++ b/roles/knot/tasks/03-configure-exporter.yaml @@ -1,5 +1,4 @@ - name: Deploy knot-exporter systemd unit - tags: [ auth-dns ] become: true register: knot_deploy_service_file notify: restart knot-exporter @@ -11,7 +10,6 @@ mode: u=rw,g=r,o=r - name: Ensure knot-exporter is running and enabled - tags: [ auth-dns ] become: true ansible.builtin.systemd: name: knot-exporter.service From 77843e62f5c6be7308f261050dc3c07e09a90716 Mon Sep 17 00:00:00 2001 From: Renovate Date: Mon, 18 May 2026 22:31:15 +0000 Subject: [PATCH 2/3] Update all stable non-major dependencies --- .forgejo/workflows/lint.yaml | 2 +- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- inventories/chaosknoten/host_vars/netbox.yaml | 2 +- .../chaosknoten/acmedns/docker_compose/compose.yaml.j2 | 2 +- .../chaosknoten/grafana/docker_compose/compose.yaml.j2 | 8 ++++---- .../chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 | 2 +- .../chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 4 ++-- .../chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +- resources/external/status/docker_compose/compose.yaml.j2 | 2 +- 10 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index bdd53f5..600d044 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -24,7 +24,7 @@ jobs: # work in our environmnet. # Rather manually setup python (pip) before instead. - name: Run ansible-lint - uses: https://github.com/ansible/ansible-lint@v26.3.0 + uses: https://github.com/ansible/ansible-lint@v26.4.0 with: setup_python: "false" requirements_file: "requirements.yml" diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 9c28d58..1cf8b4f 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 32 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.17 +nextcloud__postgres_version: 15.18 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml index f28d193..a0a03d5 100644 --- a/inventories/chaosknoten/host_vars/netbox.yaml +++ b/inventories/chaosknoten/host_vars/netbox.yaml @@ -1,5 +1,5 @@ # renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox -netbox__version: "v4.5.5" +netbox__version: "v4.6.0" netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}" netbox__custom_pipeline_oidc_group_and_role_mapping: true diff --git a/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 b/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 index 3fcd8c6..c68973f 100644 --- a/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: oauth2-proxy: container_name: oauth2-proxy - image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1 + image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2 command: --config /oauth2-proxy.cfg hostname: oauth2-proxy volumes: diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index 1f6c42f..44dfa20 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: prometheus: - image: docker.io/prom/prometheus:v3.10.0 + image: docker.io/prom/prometheus:v3.11.3 container_name: prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' @@ -19,7 +19,7 @@ services: - prom_data:/prometheus alertmanager: - image: docker.io/prom/alertmanager:v0.31.1 + image: docker.io/prom/alertmanager:v0.32.1 container_name: alertmanager command: - '--config.file=/etc/alertmanager/alertmanager.yaml' @@ -46,7 +46,7 @@ services: - graf_data:/var/lib/grafana pve-exporter: - image: docker.io/prompve/prometheus-pve-exporter:3.8.2 + image: docker.io/prompve/prometheus-pve-exporter:3.9.0 container_name: pve-exporter ports: - 9221:9221 @@ -59,7 +59,7 @@ services: - /dev/null:/etc/prometheus/pve.yml loki: - image: docker.io/grafana/loki:3.7.1 + image: docker.io/grafana/loki:3.7.2 container_name: loki ports: - 13100:3100 diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index d239bb4..8db3526 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -22,7 +22,7 @@ services: keycloak: - image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.5.7 + image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.6.0 pull_policy: always restart: unless-stopped command: start --optimized diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 index af1b531..cadfa54 100644 --- a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: ntfy: - image: docker.io/binwiederhier/ntfy:v2.20.1 + image: docker.io/binwiederhier/ntfy:v2.23.0 container_name: ntfy command: - serve diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 0bbfcb8..226b21d 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -15,7 +15,7 @@ services: - pretalx_net redis: - image: docker.io/library/redis:8.6.2 + image: docker.io/library/redis:8.6.3 restart: unless-stopped volumes: - redis:/data @@ -23,7 +23,7 @@ services: - pretalx_net static: - image: docker.io/library/nginx:1.29.7 + image: docker.io/library/nginx:1.31.0 restart: unless-stopped volumes: - public:/usr/share/nginx/html diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index b8a4cf2..11593ce 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -13,7 +13,7 @@ services: restart: unless-stopped redis: - image: docker.io/library/redis:8.6.2 + image: docker.io/library/redis:8.6.3 ports: - "6379:6379" volumes: diff --git a/resources/external/status/docker_compose/compose.yaml.j2 b/resources/external/status/docker_compose/compose.yaml.j2 index 58abefa..d7694ad 100644 --- a/resources/external/status/docker_compose/compose.yaml.j2 +++ b/resources/external/status/docker_compose/compose.yaml.j2 @@ -4,7 +4,7 @@ services: database: - image: docker.io/library/postgres:18.3 + image: docker.io/library/postgres:18.4 restart: always volumes: - ./database:/var/lib/postgresql From 7400d72004006d6b9f6acbb08db30911e81d3870 Mon Sep 17 00:00:00 2001 From: Renovate Date: Tue, 19 May 2026 06:46:03 +0000 Subject: [PATCH 3/3] Update all stable non-major dependencies --- .forgejo/workflows/lint.yaml | 2 +- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- inventories/chaosknoten/host_vars/netbox.yaml | 2 +- .../chaosknoten/acmedns/docker_compose/compose.yaml.j2 | 2 +- .../chaosknoten/grafana/docker_compose/compose.yaml.j2 | 8 ++++---- .../chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 | 2 +- .../chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 4 ++-- .../chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +- resources/external/status/docker_compose/compose.yaml.j2 | 2 +- 10 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index bdd53f5..600d044 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -24,7 +24,7 @@ jobs: # work in our environmnet. # Rather manually setup python (pip) before instead. - name: Run ansible-lint - uses: https://github.com/ansible/ansible-lint@v26.3.0 + uses: https://github.com/ansible/ansible-lint@v26.4.0 with: setup_python: "false" requirements_file: "requirements.yml" diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 9c28d58..1cf8b4f 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 32 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.17 +nextcloud__postgres_version: 15.18 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml index f28d193..a0a03d5 100644 --- a/inventories/chaosknoten/host_vars/netbox.yaml +++ b/inventories/chaosknoten/host_vars/netbox.yaml @@ -1,5 +1,5 @@ # renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox -netbox__version: "v4.5.5" +netbox__version: "v4.6.0" netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}" netbox__custom_pipeline_oidc_group_and_role_mapping: true diff --git a/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 b/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 index 3fcd8c6..c68973f 100644 --- a/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/acmedns/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: oauth2-proxy: container_name: oauth2-proxy - image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1 + image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2 command: --config /oauth2-proxy.cfg hostname: oauth2-proxy volumes: diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index 1f6c42f..44dfa20 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: prometheus: - image: docker.io/prom/prometheus:v3.10.0 + image: docker.io/prom/prometheus:v3.11.3 container_name: prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' @@ -19,7 +19,7 @@ services: - prom_data:/prometheus alertmanager: - image: docker.io/prom/alertmanager:v0.31.1 + image: docker.io/prom/alertmanager:v0.32.1 container_name: alertmanager command: - '--config.file=/etc/alertmanager/alertmanager.yaml' @@ -46,7 +46,7 @@ services: - graf_data:/var/lib/grafana pve-exporter: - image: docker.io/prompve/prometheus-pve-exporter:3.8.2 + image: docker.io/prompve/prometheus-pve-exporter:3.9.0 container_name: pve-exporter ports: - 9221:9221 @@ -59,7 +59,7 @@ services: - /dev/null:/etc/prometheus/pve.yml loki: - image: docker.io/grafana/loki:3.7.1 + image: docker.io/grafana/loki:3.7.2 container_name: loki ports: - 13100:3100 diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index d239bb4..8db3526 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -22,7 +22,7 @@ services: keycloak: - image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.5.7 + image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.6.0 pull_policy: always restart: unless-stopped command: start --optimized diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 index af1b531..cadfa54 100644 --- a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: ntfy: - image: docker.io/binwiederhier/ntfy:v2.20.1 + image: docker.io/binwiederhier/ntfy:v2.23.0 container_name: ntfy command: - serve diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 0bbfcb8..226b21d 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -15,7 +15,7 @@ services: - pretalx_net redis: - image: docker.io/library/redis:8.6.2 + image: docker.io/library/redis:8.6.3 restart: unless-stopped volumes: - redis:/data @@ -23,7 +23,7 @@ services: - pretalx_net static: - image: docker.io/library/nginx:1.29.7 + image: docker.io/library/nginx:1.31.0 restart: unless-stopped volumes: - public:/usr/share/nginx/html diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index b8a4cf2..11593ce 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -13,7 +13,7 @@ services: restart: unless-stopped redis: - image: docker.io/library/redis:8.6.2 + image: docker.io/library/redis:8.6.3 ports: - "6379:6379" volumes: diff --git a/resources/external/status/docker_compose/compose.yaml.j2 b/resources/external/status/docker_compose/compose.yaml.j2 index 58abefa..d7694ad 100644 --- a/resources/external/status/docker_compose/compose.yaml.j2 +++ b/resources/external/status/docker_compose/compose.yaml.j2 @@ -4,7 +4,7 @@ services: database: - image: docker.io/library/postgres:18.3 + image: docker.io/library/postgres:18.4 restart: always volumes: - ./database:/var/lib/postgresql