Update docker.io/library/postgres Docker tag to v18

docker(role): move automatic cleanup of unused Docker data here
Move the automatic cleanup of unused Docker data to the docker role from the docker_compose role, so that hosts, which only use Docker (like renovate) also have an automatic cleanup set up. Also use a systemd timer instead of cron.
2026-03-06 20:16:58 +00:00 · 2026-03-06 21:09:47 +01:00
12 changed files with 59 additions and 14 deletions
--- a/inventories/chaosknoten/host_vars/cloud.yaml
+++ b/inventories/chaosknoten/host_vars/cloud.yaml
@ -1,7 +1,7 @@
 # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 nextcloud__version: 32
 # renovate: datasource=docker depName=docker.io/library/postgres
-nextcloud__postgres_version: 15.15
+nextcloud__postgres_version: 18.3
 nextcloud__fqdn: cloud.hamburg.ccc.de
 nextcloud__data_dir: /data/nextcloud
 nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@ -46,7 +46,7 @@ services:
      - "8080:8080"
  db:
-    image: docker.io/library/postgres:15.15
+    image: docker.io/library/postgres:18.3
    restart: unless-stopped
    networks:
      - keycloak
--- a/resources/chaosknoten/lists/docker_compose/compose.yaml
+++ b/resources/chaosknoten/lists/docker_compose/compose.yaml
@ -58,7 +58,7 @@ services:
      - POSTGRES_DB=mailmandb
      - POSTGRES_USER=mailman
      - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
-    image: docker.io/library/postgres:12-alpine
+    image: docker.io/library/postgres:18-alpine
    volumes:
      - /opt/mailman/database:/var/lib/postgresql/data
    networks:
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@ -3,7 +3,7 @@
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=hedgedoc"
      - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@ -3,7 +3,7 @@
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=pretalx"
      - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@ -1,7 +1,7 @@
 ---
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=pretix"
      - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
--- a/roles/docker/files/docker-cleanup.service
+++ b/roles/docker/files/docker-cleanup.service
@ -0,0 +1,8 @@
 [Unit]
 Description=cleanup unused docker data
 After=network-online.target docker.service
 Wants=network-online.target docker.service
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/docker system prune --all --force
--- a/roles/docker/files/docker-cleanup.timer
+++ b/roles/docker/files/docker-cleanup.timer
@ -0,0 +1,9 @@
 [Unit]
 Description=cleanup unused docker data every day
 [Timer]
 OnCalendar=daily
 RandomizedDelaySec=1h
 [Install]
 WantedBy=timers.target
--- a/roles/docker/handlers/main.yaml
+++ b/roles/docker/handlers/main.yaml
@ -0,0 +1,4 @@
 - name: systemd daemon reload
  ansible.builtin.systemd_service:
    daemon_reload: true
  become: true
--- a/roles/docker/tasks/main.yaml
+++ b/roles/docker/tasks/main.yaml
@ -9,3 +9,7 @@
 - name: Ensure Docker daemon configuration
  ansible.builtin.import_tasks:
    file: main/03_docker_config.yaml
 - name: Ensure automatic cleanup of unused Docker data is set up
  ansible.builtin.import_tasks:
    file: main/04_docker_auto_cleanup.yaml
--- a/roles/docker/tasks/main/04_docker_auto_cleanup.yaml
+++ b/roles/docker/tasks/main/04_docker_auto_cleanup.yaml
@ -0,0 +1,28 @@
 - name: ensure systemd service exists
  ansible.builtin.copy:
    src: docker-cleanup.service
    dest: /etc/systemd/system/docker-cleanup.service
    owner: root
    group: root
    mode: "0644"
  become: true
  notify:
    - systemd daemon reload
 - name: ensure systemd timer exists
  ansible.builtin.copy:
    src: docker-cleanup.timer
    dest: /etc/systemd/system/docker-cleanup.timer
    owner: root
    group: root
    mode: "0644"
  become: true
  notify:
    - systemd daemon reload
 - name: ensure systemd timer is started and enabled
  ansible.builtin.systemd_service:
    name: docker-cleanup.timer
    state: started
    enabled: true
  become: true
--- a/roles/docker_compose/tasks/main.yaml
+++ b/roles/docker_compose/tasks/main.yaml
@ -108,11 +108,3 @@
    minute: "0"
    hour: "5"
    job: "cd /ansible_docker_compose; docker compose pull && docker compose up -d"
 - name: ensure automatic cleanup cron job is present
  become: true
  ansible.builtin.cron:
    name: 'ansible docker compose auto cleanup'
    minute: "23"
    hour: "4"
    job: "docker system prune -a -f"
Author	SHA1	Message	Date
Renovate	077b3b9eb7	Update docker.io/library/postgres Docker tag to v18 All checks were successful / Ansible Lint (pull_request) Successful in 2m39s Details / Ansible Lint (push) Successful in 3m25s Details	2026-03-06 20:16:58 +00:00
June	2b5f261cd3	docker(role): move automatic cleanup of unused Docker data here All checks were successful / Ansible Lint (push) Successful in 2m20s Details Move the automatic cleanup of unused Docker data to the docker role from the docker_compose role, so that hosts, which only use Docker (like renovate) also have an automatic cleanup set up. Also use a systemd timer instead of cron.	2026-03-06 21:09:47 +01:00