From bd096810259c38ba38adf5ac88055aab4abb1689 Mon Sep 17 00:00:00 2001 From: Renovate Date: Sun, 18 Jan 2026 04:01:43 +0000 Subject: [PATCH 1/3] Update docker.io/library/postgres Docker tag to v18 --- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/lists/docker_compose/compose.yaml | 2 +- resources/chaosknoten/pad/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index b6cf771..1164730 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 32 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.15 +nextcloud__postgres_version: 18.1 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index a260ab1..562df5c 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: docker.io/library/postgres:15.15 + image: docker.io/library/postgres:18.1 restart: unless-stopped networks: - keycloak diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index cdfd70a..7050a8b 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -56,7 +56,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:18-alpine volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 790cf95..e13191a 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=hedgedoc" - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 091d113..2f6f990 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index 938883b..3d35c0b 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretix" - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}" From d514688574e84f8da76aa357782953fce5e4cb0c Mon Sep 17 00:00:00 2001 From: June Date: Sun, 18 Jan 2026 19:21:33 +0100 Subject: [PATCH 2/3] systemd_networkd(role),router(host): support global config to fix forw. With the router upgrade to Debian 13 the systemd version got upgraded as well breaking the current configuration for IP forwarding. Add a variable for global systemd-networkd configuration and use that to enable IPv4 and IPv6 forwarding on the router. The systemd_networkd role could be a bit nicer, not deploying/deleting the global configuration, if the variable is empty and reloading/restarting systemd-networkd at appropriate times. But as is works for now. --- inventories/chaosknoten/host_vars/router.yaml | 1 + .../router/systemd_networkd/20-net1.network | 2 -- .../router/systemd_networkd/20-net2.network | 2 -- .../router/systemd_networkd_global_config.conf | 3 +++ roles/systemd_networkd/README.md | 5 +++++ roles/systemd_networkd/defaults/main.yaml | 1 + roles/systemd_networkd/tasks/main.yaml | 18 ++++++++++++++++++ 7 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 resources/chaosknoten/router/systemd_networkd_global_config.conf create mode 100644 roles/systemd_networkd/defaults/main.yaml diff --git a/inventories/chaosknoten/host_vars/router.yaml b/inventories/chaosknoten/host_vars/router.yaml index 5e9c832..adbc8d9 100644 --- a/inventories/chaosknoten/host_vars/router.yaml +++ b/inventories/chaosknoten/host_vars/router.yaml @@ -1,4 +1,5 @@ systemd_networkd__config_dir: 'resources/chaosknoten/router/systemd_networkd/' +systemd_networkd__global_config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/systemd_networkd_global_config.conf') }}" nftables__config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/nftables/nftables.conf') }}" ansible_pull__timer_on_calendar: "*-*-* 04:00:00 Europe/Berlin" ansible_pull__timer_randomized_delay_sec: 0min diff --git a/resources/chaosknoten/router/systemd_networkd/20-net1.network b/resources/chaosknoten/router/systemd_networkd/20-net1.network index c8bffc1..5c14d8d 100644 --- a/resources/chaosknoten/router/systemd_networkd/20-net1.network +++ b/resources/chaosknoten/router/systemd_networkd/20-net1.network @@ -3,7 +3,6 @@ Name=net1 [Network] DNS=212.12.50.158 -IPForward=ipv4 IPv6AcceptRA=no [Address] @@ -11,4 +10,3 @@ Address=212.12.48.123/24 [Route] Gateway=212.12.48.55 - diff --git a/resources/chaosknoten/router/systemd_networkd/20-net2.network b/resources/chaosknoten/router/systemd_networkd/20-net2.network index b3f497d..39d1f03 100644 --- a/resources/chaosknoten/router/systemd_networkd/20-net2.network +++ b/resources/chaosknoten/router/systemd_networkd/20-net2.network @@ -3,7 +3,6 @@ Name=net2 [Network] #DNS=212.12.50.158 -IPForward=ipv6 IPv6AcceptRA=no [Address] @@ -11,4 +10,3 @@ Address=2a00:14b0:4200:3500::130:2/112 [Route] Gateway=2a00:14b0:4200:3500::130:1 - diff --git a/resources/chaosknoten/router/systemd_networkd_global_config.conf b/resources/chaosknoten/router/systemd_networkd_global_config.conf new file mode 100644 index 0000000..2d3d8a3 --- /dev/null +++ b/resources/chaosknoten/router/systemd_networkd_global_config.conf @@ -0,0 +1,3 @@ +[Network] +IPv4Forwarding=true +IPv6Forwarding=true diff --git a/roles/systemd_networkd/README.md b/roles/systemd_networkd/README.md index 3297c47..ac7f115 100644 --- a/roles/systemd_networkd/README.md +++ b/roles/systemd_networkd/README.md @@ -9,3 +9,8 @@ Should work on Debian-based distributions. ## Required Arguments - `systemd_networkd__config_dir`: Directory with systemd-networkd configs to deploy. + +## Optional Arguments + +- `systemd_networkd__global_config`: systemd-networkd global configuration to deploy (see `man 5 networkd.conf`). + Defaults to `` (the empty string); diff --git a/roles/systemd_networkd/defaults/main.yaml b/roles/systemd_networkd/defaults/main.yaml new file mode 100644 index 0000000..e84ed28 --- /dev/null +++ b/roles/systemd_networkd/defaults/main.yaml @@ -0,0 +1 @@ +systemd_networkd__global_config: "" diff --git a/roles/systemd_networkd/tasks/main.yaml b/roles/systemd_networkd/tasks/main.yaml index f88ed14..cc8f4d9 100644 --- a/roles/systemd_networkd/tasks/main.yaml +++ b/roles/systemd_networkd/tasks/main.yaml @@ -12,3 +12,21 @@ recursive: true delete: true become: true + +- name: ensure global systemd-networkd config directory exists + ansible.builtin.file: + path: "/etc/systemd/networkd.conf.d" + state: directory + owner: root + group: root + mode: "0755" + become: true + +- name: ensure global systemd-networkd config is deployed + ansible.builtin.copy: + content: "{{ systemd_networkd__global_config }}" + dest: "/etc/systemd/networkd.conf.d/20-ansible.conf" + mode: "0644" + owner: root + group: root + become: true From 8c9cbef65730898888bb31c4fbe8b308f6fd5d31 Mon Sep 17 00:00:00 2001 From: Renovate Date: Sun, 18 Jan 2026 18:30:47 +0000 Subject: [PATCH 3/3] Update docker.io/library/postgres Docker tag to v18 --- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/lists/docker_compose/compose.yaml | 2 +- resources/chaosknoten/pad/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index b6cf771..1164730 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 32 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.15 +nextcloud__postgres_version: 18.1 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index a260ab1..562df5c 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: docker.io/library/postgres:15.15 + image: docker.io/library/postgres:18.1 restart: unless-stopped networks: - keycloak diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index cdfd70a..7050a8b 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -56,7 +56,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:18-alpine volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 790cf95..e13191a 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=hedgedoc" - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 091d113..2f6f990 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index 938883b..3d35c0b 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretix" - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"