From bbf7c0265190a530fa9809b650836fbd0aecdbc5 Mon Sep 17 00:00:00 2001 From: Renovate Date: Sat, 7 Mar 2026 15:01:01 +0000 Subject: [PATCH 1/4] Update docker.io/library/postgres Docker tag to v18 --- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/lists/docker_compose/compose.yaml | 2 +- resources/chaosknoten/pad/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 9c28d58..0a1d845 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 32 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.17 +nextcloud__postgres_version: 18.3 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 165c62d..96cdf0f 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: docker.io/library/postgres:15.17 + image: docker.io/library/postgres:18.3 restart: unless-stopped networks: - keycloak diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index fb65594..65248bb 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -58,7 +58,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:18-alpine volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index a1501dd..75a4d85 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=hedgedoc" - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 66559e0..ca99bfb 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index ce7398b..514039e 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretix" - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}" From e961886972b540e8c8d7da5621fa9f7c817c5000 Mon Sep 17 00:00:00 2001 From: June Date: Mon, 9 Mar 2026 21:09:08 +0100 Subject: [PATCH 2/4] pad(host): set session secret, so users won't be logged out on restart Closes #74 --- inventories/chaosknoten/host_vars/pad.sops.yaml | 7 ++++--- resources/chaosknoten/pad/docker_compose/compose.yaml.j2 | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/inventories/chaosknoten/host_vars/pad.sops.yaml b/inventories/chaosknoten/host_vars/pad.sops.yaml index ae0d382..b256777 100644 --- a/inventories/chaosknoten/host_vars/pad.sops.yaml +++ b/inventories/chaosknoten/host_vars/pad.sops.yaml @@ -1,6 +1,7 @@ secret__hedgedoc_db_password: ENC[AES256_GCM,data:5Pw0orOTzb1xCefwx/n9h9m8gmEY6irE,iv:nZvnPSb6sXjS6k4wNUoo2PCJyOcwjm36gs9l0mxwAeo=,tag:0seJlVi9qTfBiol7mP6DQA==,type:str] secret__hedgedoc_kc_secret: ENC[AES256_GCM,data:7RyM9jfKnaaP7kJ1JwucPa/IAwaRc7Hhe9VYIKGEmlc=,iv:RvtaWLsf/X/y8s+DLANcyVgagJqGB7EkvQ2nYm2Xo24=,tag:amdgqknDGeZxUBmXsd1ksw==,type:str] secret__pad_smtp_password: ENC[AES256_GCM,data:msnYZYl8vP+OeISI5OOglQsCQ8vxMZ0gig==,iv:oqov/myWJNzUoAn4BSX6hN1fWyab5vud8NmT+z4ECqs=,tag:0T3Xm2zw5k5WmC9Ks03XhA==,type:str] +secret__hedgedoc_session_secret: ENC[AES256_GCM,data:pHm05ETouEOfbjnallwvhifEz0qB/sMdhYNYqDKKcQyOpk970WRfjNYXh2Be+MCcM9aZjJkHv/2Jc23jngETfg==,iv:z+IWBen08PJGdz9kc8RbPu07oZua2e+IlOfhhleAqUo=,tag:JJ8MM8WP8z53TrafVJ0/PQ==,type:str] ansible_pull__age_private_key: ENC[AES256_GCM,data:r9j1ikemQXl+Fq3D141P/MVltGLR27UyHxCCWnZphOLyGhyhQgqcuFqwPy1kZhnbg/mj5DclJ8rzqyH65T0XQu9h8d/vh7Apm4c=,iv:xOmxBTVIOTRt3rzWM8wHKVD7UHeuPj2+NSHJnCvU4xo=,tag:CA9dR+/rB/wfcPuU/+zwsA==,type:str] sops: age: @@ -13,8 +14,8 @@ sops: SzRBbUNaWUZMb2hXckQ5ekFPQ0hSQ2MKYcb+ylmw46a5xmDZSW5HfxUvwtsH2Aqw hgMNTkiAKyo9JWjhbAwdkZd75BTsukIB5846Fbblpjo8kGdP10H6vg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-20T18:59:09Z" - mac: ENC[AES256_GCM,data:3BwneKrw8YKmfwIoDyNRo+SG6i6VMW5tECQrhMXiq/mB/14xHHrUcrWRanFknm6JB518Ohv5HEjeHsrYdUehwpzsl1vtCji95osa8JdZY5moAt+4f06viRFTYa6GrfnNKToUR9obZFiPAHlMXcTTx6y0m/nPrtFZhuNtFssOdxg=,iv:4fElvIvapfqSqxRLE/NSiWyun5hAA8JLsai/Eoa5K68=,tag:mPKOquAMj43I0WhK6budLQ==,type:str] + lastmodified: "2026-03-09T20:05:54Z" + mac: ENC[AES256_GCM,data:iTfsv2WoOoP4RHWRhau/8olT5BQn2jWE+iizKuVSGIqcG/MZKastj536ZjhM5GYZXyROXEObAenB7G7Zjy9rK5cv4QUIw0FiYN0irObOcXm6/mlVb0OoYHv4ObPhRvGidDNONhILIJwW8+TOHPMfwnhswff8+32gkVvdZtk1u4A=,iv:elNrdohgQVtqxSX6IC8lNUF0mWPV+maYX2MrletkqV0=,tag:RHAlazcp6mp+BLomFV7Z3w==,type:str] pgp: - created_at: "2026-03-05T19:18:04Z" enc: |- @@ -216,4 +217,4 @@ sops: -----END PGP MESSAGE----- fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49 unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.12.1 diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index a1501dd..9ec25b2 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -37,6 +37,7 @@ services: - "CMD_OAUTH2_CLIENT_SECRET={{ secret__hedgedoc_kc_secret }}" - "CMD_OAUTH2_PROVIDERNAME=Keycloak" - "CMD_OAUTH2_SCOPE=openid email profile" + - "CMD_SESSION_SECRET={{ secret__hedgedoc_session_secret }}" volumes: - uploads:/hedgedoc/public/uploads ports: From 242746bcbd76930156c10510307a24ac877abacb Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 9 Mar 2026 21:13:20 +0100 Subject: [PATCH 3/4] alerts-fux: add alert for blackbox exporter probes --- .../docker_compose/prometheus_alerts-fux.rules.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml index b1836a3..97de744 100644 --- a/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml +++ b/resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml @@ -10,6 +10,15 @@ groups: annotations: summary: Job {{ $labels.job }} flaky on (instance {{ $labels.instance }}) description: "The job {{ $labels.job }} on target: {{ $labels.instance }} has been flaky over the last 24 hours." + - alert: ProbeFailed + expr: group by(instance, job, ip) (probe_success{org="fux"} == 0) + for: 1m + labels: + severity: critical + org: fux + annotations: + summary: "Probe failed for {{ $labels.instance }} (job: {{ $labels.job }})" + description: "The Probe: {{ $labels.job }} can not complete its job for {{ $labels.instance }}, this most likely means that the instance is unreachable." - name: Fux-SNMP rules: - alert: SnmpTargetMissing From 6ead5e0c704f918494be869d50e34fc1bd2a4eed Mon Sep 17 00:00:00 2001 From: Renovate Date: Tue, 10 Mar 2026 00:31:39 +0000 Subject: [PATCH 4/4] Update docker.io/library/postgres Docker tag to v18 --- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/lists/docker_compose/compose.yaml | 2 +- resources/chaosknoten/pad/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 9c28d58..0a1d845 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 32 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.17 +nextcloud__postgres_version: 18.3 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 165c62d..96cdf0f 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: docker.io/library/postgres:15.17 + image: docker.io/library/postgres:18.3 restart: unless-stopped networks: - keycloak diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index fb65594..65248bb 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -58,7 +58,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:18-alpine volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 9ec25b2..af84c67 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=hedgedoc" - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 66559e0..ca99bfb 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index ce7398b..514039e 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretix" - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"