CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 8 Pull requests 7 Wiki Activity Actions

Compare commits

base: CCCHH:a1891a99885f2a25fa9f95e137fdd5683f65484a
Branches Tags
CCCHH:main
CCCHH:renovate/all-stable-minor-patch
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/docker.io-pretix-standalone-2024.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops
...
compare: CCCHH:0788fde69dd514a9e891ac00d493eaea01b7d78a
Branches Tags
CCCHH:renovate/all-stable-minor-patch
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/docker.io-pretix-standalone-2024.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:main
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops

3 commits
a1891a9988 ... 0788fde69d

Author SHA1 Message Date
lilly
0788fde69d only allow sops encryption of *.sops.* files
All checks were successful
/ Ansible Lint (pull_request) Successful in 2m31s
Details
/ Ansible Lint (push) Successful in 13m55s
Details
2026-03-06 20:21:33 +01:00
June
f345ff5e00
 		renovate: make exclusion of CalVer non-patch/-minor upgrades work
All checks were successful
/ Ansible Lint (push) Successful in 2m27s
Details 
Pretix and Pretalx both use CalVer, so we don't want to have upgrades to
their second number be identified as minor updates and get grouped with
all the other minor and patch updates.
The regex to re-classify the second number as major doesn't work.
Probably because of:
"Important: all capture groups must contain only purely numeric values."
(https://docs.renovatebot.com/modules/versioning/regex/)
So instead match on the minor update type for Pretix and Pretalx and set
the group name to null.
 2026-03-06 19:53:24 +01:00
June
e98f6d68bd
 		Revert "wip: test renovate"
All checks were successful
/ Ansible Lint (push) Successful in 6m51s
Details 
This reverts commit 05d8c39b75.
Doesn't work.
 2026-03-06 19:15:55 +01:00
2 changed files with 34 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

60
.sops.yaml
View file

@ -43,170 +43,170 @@ keys:
creation_rules: creation_rules:
## group vars ## group vars
- path_regex: inventories/chaosknoten/group_vars/all.* - path_regex: "inventories/chaosknoten/group_vars/.+\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
*host_chaosknoten_age_keys *host_chaosknoten_age_keys
- path_regex: inventories/external/group_vars/all.* - path_regex: "inventories/external/group_vars/.+\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
*host_external_age_keys *host_external_age_keys
- path_regex: inventories/z9/group_vars/all.* - path_regex: "inventories/z9/group_vars/.+\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
## host vars ## host vars
# chaosknoten hosts # chaosknoten hosts
- path_regex: inventories/chaosknoten/host_vars/acmedns.* - path_regex: "inventories/chaosknoten/host_vars/acmedns\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_acmedns_ansible_pull_age_key - *host_acmedns_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/cloud.* - path_regex: "inventories/chaosknoten/host_vars/cloud\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_cloud_ansible_pull_age_key - *host_cloud_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/keycloak.* - path_regex: "inventories/chaosknoten/host_vars/keycloak\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_keycloak_ansible_pull_age_key - *host_keycloak_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/grafana.* - path_regex: "inventories/chaosknoten/host_vars/grafana\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_grafana_ansible_pull_age_key - *host_grafana_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/pad.* - path_regex: "inventories/chaosknoten/host_vars/pad\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_pad_ansible_pull_age_key - *host_pad_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/ccchoir.* - path_regex: "inventories/chaosknoten/host_vars/ccchoir\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_ccchoir_ansible_pull_age_key - *host_ccchoir_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/pretalx.* - path_regex: "inventories/chaosknoten/host_vars/pretalx\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_pretalx_ansible_pull_age_key - *host_pretalx_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/netbox.* - path_regex: "inventories/chaosknoten/host_vars/netbox\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_netbox_ansible_pull_age_key - *host_netbox_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/tickets.* - path_regex: "inventories/chaosknoten/host_vars/tickets\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_tickets_ansible_pull_age_key - *host_tickets_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/onlyoffice.* - path_regex: "inventories/chaosknoten/host_vars/onlyoffice\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_onlyoffice_ansible_pull_age_key - *host_onlyoffice_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/zammad.* - path_regex: "inventories/chaosknoten/host_vars/zammad\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_zammad_ansible_pull_age_key - *host_zammad_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/ntfy.* - path_regex: "inventories/chaosknoten/host_vars/ntfy\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_ntfy_ansible_pull_age_key - *host_ntfy_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/eh22-wiki.* - path_regex: "inventories/chaosknoten/host_vars/eh22-wiki\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_eh22_wiki_ansible_pull_age_key - *host_eh22_wiki_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/sunders.* - path_regex: "inventories/chaosknoten/host_vars/sunders\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_sunders_ansible_pull_age_key - *host_sunders_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/wiki.* - path_regex: "inventories/chaosknoten/host_vars/wiki\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_wiki_ansible_pull_age_key - *host_wiki_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/renovate.* - path_regex: "inventories/chaosknoten/host_vars/renovate\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_renovate_ansible_pull_age_key - *host_renovate_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/lists.* - path_regex: "inventories/chaosknoten/host_vars/lists\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_lists_ansible_pull_age_key - *host_lists_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/mumble.* - path_regex: "inventories/chaosknoten/host_vars/mumble\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_mumble_ansible_pull_age_key - *host_mumble_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy.* - path_regex: "inventories/chaosknoten/host_vars/public-reverse-proxy\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_public_reverse_proxy_ansible_pull_age_key - *host_public_reverse_proxy_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/spaceapiccc.* - path_regex: "inventories/chaosknoten/host_vars/spaceapiccc\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_spaceapiccc_ansible_pull_age_key - *host_spaceapiccc_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/mjolnir.* - path_regex: "inventories/chaosknoten/host_vars/mjolnir\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_mjolnir_ansible_pull_age_key - *host_mjolnir_ansible_pull_age_key
# external hosts # external hosts
- path_regex: inventories/external/host_vars/status.* - path_regex: "inventories/external/host_vars/status\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_status_ansible_pull_age_key - *host_status_ansible_pull_age_key
# z9 hosts # z9 hosts
- path_regex: inventories/z9/host_vars/dooris.* - path_regex: "inventories/z9/host_vars/dooris\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
- path_regex: inventories/z9/host_vars/yate.* - path_regex: "inventories/z9/host_vars/yate\\.sops\\..+"
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
# general # general
- key_groups: - path_regex: ".+\\.sops\\..+"
- pgp: key_groups:
*admin_gpg_keys - pgp: *admin_gpg_keys
stores: stores:
yaml: yaml:

8
renovate.json
View file

@ -30,19 +30,19 @@
"matchUpdateTypes": [ "matchUpdateTypes": [
"minor", "minor",
"patch" "patch"
], ]
"matchJsonata": ["isBreaking != true"]
}, },
{ {
"matchDatasources": ["docker"], "matchDatasources": ["docker"],
"matchPackageNames": ["docker.io/pretix/standalone"], "matchPackageNames": ["docker.io/pretix/standalone"],
"versioning": "regex:^(?<major>\\d+\\.\\d+)(?:\\.(?<minor>\\d+))$" "matchUpdateTypes": ["minor"],
"groupName": null
}, },
{ {
"matchDatasources": ["docker"], "matchDatasources": ["docker"],
"matchPackageNames": ["docker.io/pretalx/standalone"], "matchPackageNames": ["docker.io/pretalx/standalone"],
"matchUpdateTypes": ["minor"], "matchUpdateTypes": ["minor"],
"isBreaking": true "groupName": null
} }
], ],
"customManagers": [ "customManagers": [