Update docker.io/library/postgres Docker tag to v18

systemd_networkd(role),router(host): support global config to fix forw.
With the router upgrade to Debian 13 the systemd version got upgraded as well breaking the current configuration for IP forwarding. Add a variable for global systemd-networkd configuration and use that to enable IPv4 and IPv6 forwarding on the router. The systemd_networkd role could be a bit nicer, not deploying/deleting the global configuration, if the variable is empty and reloading/restarting systemd-networkd at appropriate times. But as is works for now.
2026-01-18 18:30:47 +00:00 · 2026-01-18 19:21:33 +01:00
13 changed files with 34 additions and 10 deletions
--- a/inventories/chaosknoten/host_vars/cloud.yaml
+++ b/inventories/chaosknoten/host_vars/cloud.yaml
@ -1,7 +1,7 @@
 # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 nextcloud__version: 32
 # renovate: datasource=docker depName=docker.io/library/postgres
-nextcloud__postgres_version: 15.15
+nextcloud__postgres_version: 18.1
 nextcloud__fqdn: cloud.hamburg.ccc.de
 nextcloud__data_dir: /data/nextcloud
 nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
--- a/inventories/chaosknoten/host_vars/router.yaml
+++ b/inventories/chaosknoten/host_vars/router.yaml
@ -1,4 +1,5 @@
 systemd_networkd__config_dir: 'resources/chaosknoten/router/systemd_networkd/'
 systemd_networkd__global_config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/systemd_networkd_global_config.conf') }}"
 nftables__config: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/router/nftables/nftables.conf') }}"
 ansible_pull__timer_on_calendar: "*-*-* 04:00:00 Europe/Berlin"
 ansible_pull__timer_randomized_delay_sec: 0min
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@ -46,7 +46,7 @@ services:
      - "8080:8080"
  db:
-    image: docker.io/library/postgres:15.15
+    image: docker.io/library/postgres:18.1
    restart: unless-stopped
    networks:
      - keycloak
--- a/resources/chaosknoten/lists/docker_compose/compose.yaml
+++ b/resources/chaosknoten/lists/docker_compose/compose.yaml
@ -56,7 +56,7 @@ services:
      - POSTGRES_DB=mailmandb
      - POSTGRES_USER=mailman
      - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
-    image: docker.io/library/postgres:12-alpine
+    image: docker.io/library/postgres:18-alpine
    volumes:
      - /opt/mailman/database:/var/lib/postgresql/data
    networks:
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@ -3,7 +3,7 @@
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=hedgedoc"
      - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@ -3,7 +3,7 @@
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=pretalx"
      - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
--- a/resources/chaosknoten/router/systemd_networkd/20-net1.network
+++ b/resources/chaosknoten/router/systemd_networkd/20-net1.network
@ -3,7 +3,6 @@ Name=net1
 [Network]
 DNS=212.12.50.158
 IPForward=ipv4
 IPv6AcceptRA=no
 [Address]
@ -11,4 +10,3 @@ Address=212.12.48.123/24
 [Route]
 Gateway=212.12.48.55
--- a/resources/chaosknoten/router/systemd_networkd/20-net2.network
+++ b/resources/chaosknoten/router/systemd_networkd/20-net2.network
@ -3,7 +3,6 @@ Name=net2
 [Network]
 #DNS=212.12.50.158
 IPForward=ipv6
 IPv6AcceptRA=no
 [Address]
@ -11,4 +10,3 @@ Address=2a00:14b0:4200:3500::130:2/112
 [Route]
 Gateway=2a00:14b0:4200:3500::130:1
--- a/resources/chaosknoten/router/systemd_networkd_global_config.conf
+++ b/resources/chaosknoten/router/systemd_networkd_global_config.conf
@ -0,0 +1,3 @@
 [Network]
 IPv4Forwarding=true
 IPv6Forwarding=true
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@ -1,7 +1,7 @@
 ---
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=pretix"
      - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
--- a/roles/systemd_networkd/README.md
+++ b/roles/systemd_networkd/README.md
@ -9,3 +9,8 @@ Should work on Debian-based distributions.
 ## Required Arguments
 - `systemd_networkd__config_dir`: Directory with systemd-networkd configs to deploy.
 ## Optional Arguments
 - `systemd_networkd__global_config`: systemd-networkd global configuration to deploy (see `man 5 networkd.conf`).  
  Defaults to `` (the empty string);
--- a/roles/systemd_networkd/defaults/main.yaml
+++ b/roles/systemd_networkd/defaults/main.yaml
@ -0,0 +1 @@
 systemd_networkd__global_config: ""
--- a/roles/systemd_networkd/tasks/main.yaml
+++ b/roles/systemd_networkd/tasks/main.yaml
@ -12,3 +12,21 @@
    recursive: true
    delete: true
  become: true
 - name: ensure global systemd-networkd config directory exists
  ansible.builtin.file:
    path: "/etc/systemd/networkd.conf.d"
    state: directory
    owner: root
    group: root
    mode: "0755"
  become: true
 - name: ensure global systemd-networkd config is deployed
  ansible.builtin.copy:
    content: "{{ systemd_networkd__global_config }}"
    dest: "/etc/systemd/networkd.conf.d/20-ansible.conf"
    mode: "0644"
    owner: root
    group: root
  become: true