From a979fccd12de1bcd1c2ea8c7eb11e7e379101a89 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Thu, 30 Oct 2025 04:47:10 +0100
Subject: [PATCH 1/4] renovate: add custom regex manager for inventory vars
 dependencies

Inspiration taken from/documentation:
https://docs.renovatebot.com/presets-customManagers/#custommanagersdockerfileversions
https://docs.renovatebot.com/modules/manager/regex/
---
 renovate.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/renovate.json b/renovate.json
index f72babb..9dc45bf 100644
--- a/renovate.json
+++ b/renovate.json
@@ -30,6 +30,18 @@
       "versioning": "regex:^(?<major>\\d+\\.\\d+)(?:\\.(?<minor>\\d+))$"
     }
   ],
+  "customManagers": [
+    // Custom manager using regex for letting Renovate find dependencies in inventory variables.
+    {
+      "customType": "regex",
+      "managerFilePatterns": [
+        "/^inventories/.*?_vars/.*?\\.ya?ml$/"
+      ],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>[a-zA-Z0-9-._]+?) depName=(?<depName>[^\\s]+?)(?: packageName=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?\\s*.+?\\s*:\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
+      ]
+    }
+  ],
   "docker-compose": {
     "managerFilePatterns": [
       "/(^|/)(?:docker-)?compose[^/]*\\.ya?ml.j2$/"

From 83fd86897796e66e1ea59a188efbb582c83fb7ae Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Thu, 30 Oct 2025 04:49:44 +0100
Subject: [PATCH 2/4] docker(role): use full image sources

---
 roles/nextcloud/templates/compose.yaml.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/nextcloud/templates/compose.yaml.j2 b/roles/nextcloud/templates/compose.yaml.j2
index 4644d8b..9e28735 100644
--- a/roles/nextcloud/templates/compose.yaml.j2
+++ b/roles/nextcloud/templates/compose.yaml.j2
@@ -32,9 +32,9 @@ services:
       OVERWRITECLIURL: "https://{{ nextcloud__fqdn }}/"
       OVERWRITEHOST: "{{ nextcloud__fqdn }}"
       OVERWRITEPROTOCOL: "https"
-    
+
   db:
-    image: postgres:{{ nextcloud__postgres_version }}
+    image: docker.io/library/postgres:{{ nextcloud__postgres_version }}
     restart: unless-stopped
     #ports:
     #  - 127.0.0.1:5432:5432
@@ -48,7 +48,7 @@ services:
       POSTGRES_PASSWORD: "{{ nextcloud__postgres_password }}"
 
   redis:
-    image: redis:alpine
+    image: docker.io/library/redis:alpine
     restart: unless-stopped
     networks:
       - nextcloud

From df59e5e3a992f665188bce39b9b806b569ba800b Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Thu, 30 Oct 2025 04:56:31 +0100
Subject: [PATCH 3/4] add renovate comment for custom regex matcher to
 inventory version vars

---
 inventories/chaosknoten/host_vars/cloud.yaml  | 2 ++
 inventories/chaosknoten/host_vars/netbox.yaml | 1 +
 2 files changed, 3 insertions(+)

diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml
index 35fb162..fd1ac46 100644
--- a/inventories/chaosknoten/host_vars/cloud.yaml
+++ b/inventories/chaosknoten/host_vars/cloud.yaml
@@ -1,4 +1,6 @@
+# renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 nextcloud__version: 32
+# renovate: datasource=docker depName=postgres
 nextcloud__postgres_version: 15.14
 nextcloud__fqdn: cloud.hamburg.ccc.de
 nextcloud__data_dir: /data/nextcloud
diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml
index 4726885..fb99f0e 100644
--- a/inventories/chaosknoten/host_vars/netbox.yaml
+++ b/inventories/chaosknoten/host_vars/netbox.yaml
@@ -1,3 +1,4 @@
+# renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox
 netbox__version: "v4.1.7"
 netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
 netbox__custom_pipeline_oidc_group_and_role_mapping: true

From 8fe73447757dd8f0d303e778c135652dacd4a063 Mon Sep 17 00:00:00 2001
From: Renovate <no-reply@git.hamburg.ccc.de>
Date: Thu, 30 Oct 2025 03:58:39 +0000
Subject: [PATCH 4/4] Update docker.io/library/postgres Docker tag to v18

---
 resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 2 +-
 resources/chaosknoten/lists/docker_compose/compose.yaml       | 2 +-
 resources/chaosknoten/pad/docker_compose/compose.yaml.j2      | 2 +-
 resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2  | 2 +-
 resources/chaosknoten/tickets/docker_compose/compose.yaml.j2  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
index 92a6afb..7ccb85f 100644
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@@ -46,7 +46,7 @@ services:
       - "8080:8080"
 
   db:
-    image: docker.io/library/postgres:15.14@sha256:424e79b81868f5fc5cf515eaeac69d288692ebcca7db86d98f91b50d4bce64bb
+    image: docker.io/library/postgres:18.0@sha256:1ffc019dae94eca6b09a49ca67d37398951346de3c3d0cfe23d8d4ca33da83fb
     restart: unless-stopped
     networks:
       - keycloak
diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml
index 8537ead..d97bf1b 100644
--- a/resources/chaosknoten/lists/docker_compose/compose.yaml
+++ b/resources/chaosknoten/lists/docker_compose/compose.yaml
@@ -56,7 +56,7 @@ services:
       - POSTGRES_DB=mailmandb
       - POSTGRES_USER=mailman
       - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
-    image: docker.io/library/postgres:12-alpine@sha256:7c8f4870583184ebadf7f17a6513620aac5f365a7938dc6a6911c1d5df2f481a
+    image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40
     volumes:
       - /opt/mailman/database:/var/lib/postgresql/data
     networks:
diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
index 5513381..2e68fd8 100644
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@@ -3,7 +3,7 @@
 
 services:
   database:
-    image: docker.io/library/postgres:15-alpine@sha256:64583b3cb4f2010277bdd9749456de78e5c36f8956466ba14b0b96922e510950
+    image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40
     environment:
       - "POSTGRES_USER=hedgedoc"
       - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
index 243a468..1f7be6b 100644
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@@ -3,7 +3,7 @@
 
 services:
   database:
-    image: docker.io/library/postgres:15-alpine@sha256:64583b3cb4f2010277bdd9749456de78e5c36f8956466ba14b0b96922e510950
+    image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40
     environment:
       - "POSTGRES_USER=pretalx"
       - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
index deb9f50..60fc2b1 100644
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@@ -1,7 +1,7 @@
 ---
 services:
   database:
-    image: docker.io/library/postgres:15-alpine@sha256:64583b3cb4f2010277bdd9749456de78e5c36f8956466ba14b0b96922e510950
+    image: docker.io/library/postgres:18-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40
     environment:
       - "POSTGRES_USER=pretix"
       - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"