From 96ecd033c8030ddbfb707c1a8d50451519bcbd66 Mon Sep 17 00:00:00 2001 From: June Date: Wed, 22 Oct 2025 00:29:59 +0200 Subject: [PATCH 01/12] (test) disable semantic commit prefixes --- renovate.json | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json b/renovate.json index 1766469..9e6fe64 100644 --- a/renovate.json +++ b/renovate.json @@ -5,6 +5,7 @@ "config:best-practices", ":ignoreUnstable" ], + "semanticCommits": "disabled", "packageRules": [ // Create a package rule for grouping all stable non-major dependency updates together. // A combination of/inspired by: From c79cfe3938b35d4492ae74a5414abadc6f1c55ee Mon Sep 17 00:00:00 2001 From: Renovate Date: Tue, 21 Oct 2025 22:33:22 +0000 Subject: [PATCH 02/12] Update docker.io/pretix/standalone Docker tag to v2025 --- resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index 6509a99..97bc070 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -25,7 +25,7 @@ services: backend: pretix: - image: docker.io/pretix/standalone:2024.8 + image: docker.io/pretix/standalone:2025.8@sha256:21048b37b641ff50320984fc80a9fdf84fbfb37efc7d28484e7ac3ab0e64537a command: ["all"] ports: - "8345:80" From 78a6be6f5d6fdf0d992a50f766ab4d605a8aa70f Mon Sep 17 00:00:00 2001 From: June Date: Wed, 22 Oct 2025 00:47:05 +0200 Subject: [PATCH 03/12] renovate: disable semantic commits --- renovate.json | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json b/renovate.json index 1766469..9e6fe64 100644 --- a/renovate.json +++ b/renovate.json @@ -5,6 +5,7 @@ "config:best-practices", ":ignoreUnstable" ], + "semanticCommits": "disabled", "packageRules": [ // Create a package rule for grouping all stable non-major dependency updates together. // A combination of/inspired by: From d0d517d97dd32aa1644006bdaab101808de3257f Mon Sep 17 00:00:00 2001 From: June Date: Wed, 22 Oct 2025 16:42:02 +0200 Subject: [PATCH 04/12] renovate: add custom package rule for pretix calendar versioning Add custom package rule accounting for pretix calendar versioning to not have Renovate classify month updates as minor version updates, but major version updates instead. --- renovate.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/renovate.json b/renovate.json index 9e6fe64..9cd0c82 100644 --- a/renovate.json +++ b/renovate.json @@ -19,6 +19,11 @@ "minor", "patch" ] + }, + { + "matchDatasources": ["docker"], + "matchPackageNames": ["docker.io/pretix/standalone"], + "versioning": "regex:^(?\\d+\\.\\d+)(?:\\.(?\\d+))$" } ], "docker-compose": { From 8f612d1d9c80d88c957802b1417209e7410f9f51 Mon Sep 17 00:00:00 2001 From: June Date: Wed, 22 Oct 2025 19:42:20 +0200 Subject: [PATCH 05/12] renovate: add persistent volume for base (and therefore cache) dir --- roles/renovate/files/renovate.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/renovate/files/renovate.service b/roles/renovate/files/renovate.service index ca9f7ed..6cb8f16 100644 --- a/roles/renovate/files/renovate.service +++ b/roles/renovate/files/renovate.service @@ -7,4 +7,6 @@ Wants=network-online.target Type=oneshot ExecStart=/usr/bin/docker run --rm \ -v "/etc/renovate/config.js:/usr/src/app/config.js" \ + --mount "type=volume,src=renovate,dst=/tmp/renovate" \ + --env "RENOVATE_BASE_DIR=/tmp/renovate" \ renovate/renovate From a60946b3b8b84641a1192862e65be4c0f6790ad4 Mon Sep 17 00:00:00 2001 From: Renovate Date: Wed, 22 Oct 2025 21:50:08 +0000 Subject: [PATCH 06/12] Update https://github.com/ansible/ansible-lint action to v25 --- .forgejo/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index 1002532..3b09d8b 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -24,7 +24,7 @@ jobs: # work in our environmnet. # Rather manually setup python (pip) before instead. - name: Run ansible-lint - uses: https://github.com/ansible/ansible-lint@v24.10.0 + uses: https://github.com/ansible/ansible-lint@d7cd7cfa2469536527aceaef9ef2ec6f2fb331cb # v25.9.2 with: setup_python: "false" requirements_file: "requirements.yml" From 2f8897751b646fc26c44ddf32a06f8bbc1500629 Mon Sep 17 00:00:00 2001 From: Renovate Date: Thu, 23 Oct 2025 12:15:38 +0000 Subject: [PATCH 07/12] Pin dependencies --- .forgejo/workflows/lint.yaml | 2 +- .../ccchoir/docker_compose/compose.yaml.j2 | 4 ++-- .../grafana/docker_compose/compose.yaml.j2 | 18 +++++++++--------- .../keycloak/docker_compose/compose.yaml.j2 | 10 +++++----- .../lists/docker_compose/compose.yaml | 6 +++--- .../ntfy/docker_compose/compose.yaml.j2 | 2 +- .../onlyoffice/docker_compose/compose.yaml.j2 | 2 +- .../pad/docker_compose/compose.yaml.j2 | 6 +++--- .../pretalx/docker_compose/compose.yaml.j2 | 10 +++++----- .../tickets/docker_compose/compose.yaml.j2 | 6 +++--- .../z9/dooris/docker_compose/compose.yaml.j2 | 2 +- .../docker_compose/compose.yaml.j2 | 2 +- .../z9/yate/docker_compose/compose.yaml.j2 | 2 +- 13 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index 3b09d8b..a0fd1d8 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -10,7 +10,7 @@ jobs: name: Ansible Lint runs-on: docker steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Install pip run: | apt update diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 index c2108d8..4c9d491 100644 --- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/mariadb:11 + image: docker.io/library/mariadb:11@sha256:ae6119716edac6998ae85508431b3d2e666530ddf4e94c61a10710caec9b0f71 environment: - "MARIADB_DATABASE=wordpress" - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}" @@ -17,7 +17,7 @@ services: restart: unless-stopped app: - image: docker.io/library/wordpress:6-php8.1 + image: docker.io/library/wordpress:6-php8.1@sha256:d93a391bc1ba9d2db3e53c8c8421a88d6beadb7b654235ba83ccf9ea93ecdcd5 environment: - "WORDPRESS_DB_HOST=database" - "WORDPRESS_DB_NAME=wordpress" diff --git a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 index 228382b..436669a 100644 --- a/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: prometheus: - image: docker.io/prom/prometheus:v3.7.1 + image: docker.io/prom/prometheus:v3.7.1@sha256:ff7e389acbe064a4823212a500393d40a28a8f362e4b05cbf6742a9a3ef736b2 container_name: prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' @@ -18,7 +18,7 @@ services: - prom_data:/prometheus alertmanager: - image: docker.io/prom/alertmanager:v0.28.1 + image: docker.io/prom/alertmanager:v0.28.1@sha256:27c475db5fb156cab31d5c18a4251ac7ed567746a2483ff264516437a39b15ba container_name: alertmanager command: - '--config.file=/etc/alertmanager/alertmanager.yaml' @@ -31,7 +31,7 @@ services: - alertmanager_data:/alertmanager grafana: - image: docker.io/grafana/grafana:12.2.1 + image: docker.io/grafana/grafana:12.2.1@sha256:35c41e0fd0295f5d0ee5db7e780cf33506abfaf47686196f825364889dee878b container_name: grafana ports: - 3000:3000 @@ -45,7 +45,7 @@ services: - graf_data:/var/lib/grafana pve-exporter: - image: docker.io/prompve/prometheus-pve-exporter:3.5.5 + image: docker.io/prompve/prometheus-pve-exporter:3.5.5@sha256:79a5598906697b1a5a006d09f0200528a77c6ff1568faf018539ac65824454df container_name: pve-exporter ports: - 9221:9221 @@ -58,7 +58,7 @@ services: - /dev/null:/etc/prometheus/pve.yml loki: - image: docker.io/grafana/loki:3.5.7 + image: docker.io/grafana/loki:3.5.7@sha256:0eaee7bf39cc83aaef46914fb58f287d4f4c4be6ec96b86c2ed55719a75e49c8 container_name: loki ports: - 13100:3100 @@ -69,7 +69,7 @@ services: - loki_data:/var/loki ntfy-alertmanager-ccchh-critical: - image: docker.io/xenrox/ntfy-alertmanager:0.5.0 + image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b container_name: ntfy-alertmanager-ccchh-critical volumes: - ./configs/ntfy-alertmanager-ccchh-critical:/etc/ntfy-alertmanager/config @@ -78,7 +78,7 @@ services: restart: unless-stopped ntfy-alertmanager-fux-critical: - image: docker.io/xenrox/ntfy-alertmanager:0.5.0 + image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b container_name: ntfy-alertmanager-fux-critical volumes: - ./configs/ntfy-alertmanager-fux-critical:/etc/ntfy-alertmanager/config @@ -87,7 +87,7 @@ services: restart: unless-stopped ntfy-alertmanager-ccchh: - image: docker.io/xenrox/ntfy-alertmanager:0.5.0 + image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b container_name: ntfy-alertmanager-ccchh volumes: - ./configs/ntfy-alertmanager-ccchh:/etc/ntfy-alertmanager/config @@ -96,7 +96,7 @@ services: restart: unless-stopped ntfy-alertmanager-fux: - image: docker.io/xenrox/ntfy-alertmanager:0.5.0 + image: docker.io/xenrox/ntfy-alertmanager:0.5.0@sha256:5fea88db3bf0257d98c007ab0c4ef064c6d67d7b7ceead7d6956dfa0a5cb333b container_name: ntfy-alertmanager-fux volumes: - ./configs/ntfy-alertmanager-fux:/etc/ntfy-alertmanager/config diff --git a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 index 9fde708..398d814 100644 --- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2 @@ -22,7 +22,7 @@ services: keycloak: - image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4 + image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.4@sha256:65d65fa0e858a608fd3e7d16ecfd7a5ced2fba4ab22a8fd3b86f3742ecec0a83 pull_policy: always restart: unless-stopped command: start --optimized @@ -46,7 +46,7 @@ services: - "8080:8080" db: - image: docker.io/library/postgres:15.14 + image: docker.io/library/postgres:15.14@sha256:9541969afa16d1ac724e16d1cf3c26ddd0c5bae5dd1c230118a7f5b9c14cde1f restart: unless-stopped networks: - keycloak @@ -58,7 +58,7 @@ services: POSTGRES_DB: keycloak id-invite-web: - image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest + image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a command: web restart: unless-stopped networks: @@ -84,7 +84,7 @@ services: - "BOTTLE_HOST=0.0.0.0" id-invite-email: - image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest + image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a command: email restart: unless-stopped networks: @@ -99,7 +99,7 @@ services: - "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}" id-invite-keycloak: - image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest + image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest@sha256:ba011f410bc1d2e112135857c236412f65b727f15197dbea1fffd955e0487a6a command: keycloak restart: unless-stopped networks: diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index cdfd70a..8537ead 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -1,7 +1,7 @@ services: mailman-core: restart: unless-stopped - image: docker.io/maxking/mailman-core:0.5 # Use a specific version tag (tag latest is not published) + image: docker.io/maxking/mailman-core:0.5@sha256:cb8e412bb18d74480f996da68f46e92473b6103995e71bc5aeba139b255cc3d2 # Use a specific version tag (tag latest is not published) container_name: mailman-core hostname: mailman-core volumes: @@ -25,7 +25,7 @@ services: mailman-web: restart: unless-stopped - image: docker.io/maxking/mailman-web:0.5 # Use a specific version tag (tag latest is not published) + image: docker.io/maxking/mailman-web:0.5@sha256:014726db85586fb53541f66f6ce964bf07e939791cfd5ffc796cd6d243696a18 # Use a specific version tag (tag latest is not published) container_name: mailman-web hostname: mailman-web depends_on: @@ -56,7 +56,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:12-alpine@sha256:7c8f4870583184ebadf7f17a6513620aac5f365a7938dc6a6911c1d5df2f481a volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 index 9fe2a7a..07e8d9e 100644 --- a/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: ntfy: - image: docker.io/binwiederhier/ntfy:v2.14.0 + image: docker.io/binwiederhier/ntfy:v2.14.0@sha256:5a051798d14138c3ecb12c038652558ab6a077e1aceeb867c151cbf5fa8451ef container_name: ntfy command: - serve diff --git a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 index f3444ac..5c9a42a 100644 --- a/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/onlyoffice/docker_compose/compose.yaml.j2 @@ -4,7 +4,7 @@ services: onlyoffice: - image: docker.io/onlyoffice/documentserver:9.1.0 + image: docker.io/onlyoffice/documentserver:9.1.0@sha256:34b92f4a67bfd939bd6b75893e8217556e3b977f81e49472f7e28737b741ba1d restart: unless-stopped volumes: - "./onlyoffice/DocumentServer/logs:/var/log/onlyoffice" diff --git a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 index 455caa3..014b8af 100644 --- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:15-alpine@sha256:2e50ad404aead120409575d21758230cc295aec52dfa05ece9b4d0429bc38636 environment: - "POSTGRES_USER=hedgedoc" - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}" @@ -13,7 +13,7 @@ services: restart: unless-stopped app: - image: quay.io/hedgedoc/hedgedoc:1.10.3 + image: quay.io/hedgedoc/hedgedoc:1.10.3@sha256:ca58fd73ecf05c89559b384fb7a1519c18c8cbba5c21a0018674ed820b9bdb73 environment: - "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc" - "CMD_DOMAIN=pad.hamburg.ccc.de" @@ -46,7 +46,7 @@ services: - database hedgedoc-expire: - image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest + image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest@sha256:9be261712a8ee57ff89068c3926a8c5d7c96ff80aa629f98eec239786c6158b1 # command: "emailcheck" command: "cron" environment: diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 7b733cb..66f6172 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:15-alpine@sha256:2e50ad404aead120409575d21758230cc295aec52dfa05ece9b4d0429bc38636 environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}" @@ -15,7 +15,7 @@ services: - pretalx_net redis: - image: docker.io/library/redis:8.2.2 + image: docker.io/library/redis:8.2.2@sha256:4521b581dbddea6e7d81f8fe95ede93f5648aaa66a9dacd581611bf6fe7527bd restart: unless-stopped volumes: - redis:/data @@ -23,7 +23,7 @@ services: - pretalx_net static: - image: docker.io/library/nginx:1.29.2 + image: docker.io/library/nginx:1.29.2@sha256:029d4461bd98f124e531380505ceea2072418fdf28752aa73b7b273ba3048903 restart: unless-stopped volumes: - public:/usr/share/nginx/html @@ -33,7 +33,7 @@ services: - pretalx_net pretalx: - image: docker.io/pretalx/standalone:v2025.1.0 + image: docker.io/pretalx/standalone:v2025.1.0@sha256:fb2d15f11bcae8bb15430084ed81a150cfdf7c79705450583b51e352ba486e8e entrypoint: gunicorn command: - "pretalx.wsgi" @@ -78,7 +78,7 @@ services: - pretalx_net celery: - image: docker.io/pretalx/standalone:v2025.1.0 + image: docker.io/pretalx/standalone:v2025.1.0@sha256:fb2d15f11bcae8bb15430084ed81a150cfdf7c79705450583b51e352ba486e8e command: - taskworker restart: unless-stopped diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index 6509a99..057da55 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ --- services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:15-alpine@sha256:2e50ad404aead120409575d21758230cc295aec52dfa05ece9b4d0429bc38636 environment: - "POSTGRES_USER=pretix" - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}" @@ -13,7 +13,7 @@ services: restart: unless-stopped redis: - image: docker.io/library/redis:7.4.6 + image: docker.io/library/redis:7.4.6@sha256:a9cc41d6d01da2aa26c219e4f99ecbeead955a7b656c1c499cce8922311b2514 ports: - "6379:6379" volumes: @@ -25,7 +25,7 @@ services: backend: pretix: - image: docker.io/pretix/standalone:2024.8 + image: docker.io/pretix/standalone:2024.8@sha256:110bac37efa5f736227f158f38e421ed738d03dccc274dfb415b258ab0f75cfe command: ["all"] ports: - "8345:80" diff --git a/resources/z9/dooris/docker_compose/compose.yaml.j2 b/resources/z9/dooris/docker_compose/compose.yaml.j2 index 38db85a..b722aa7 100644 --- a/resources/z9/dooris/docker_compose/compose.yaml.j2 +++ b/resources/z9/dooris/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: dooris: - image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest + image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest@sha256:a895989b0955936cbe0641de0309bcb343a9da9c2c8d6184d906a66bf1151303 environment: HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56 172.31.200.0/23 172.31.202.0/27" HMDOORIS_CCUJACK_CERTIFICATE_PATH: false diff --git a/resources/z9/waybackproxy/docker_compose/compose.yaml.j2 b/resources/z9/waybackproxy/docker_compose/compose.yaml.j2 index b6752fa..52d57df 100644 --- a/resources/z9/waybackproxy/docker_compose/compose.yaml.j2 +++ b/resources/z9/waybackproxy/docker_compose/compose.yaml.j2 @@ -1,7 +1,7 @@ services: # https://github.com/richardg867/WaybackProxy waybackproxy: - image: cttynul/waybackproxy:latest + image: cttynul/waybackproxy:latest@sha256:e001d5b1d746522cd1ab2728092173c0d96f08086cbd3e49cdf1e298b8add22e environment: DATE: 19990101 DATE_TOLERANCE: 730 diff --git a/resources/z9/yate/docker_compose/compose.yaml.j2 b/resources/z9/yate/docker_compose/compose.yaml.j2 index e3d6614..c39afa4 100644 --- a/resources/z9/yate/docker_compose/compose.yaml.j2 +++ b/resources/z9/yate/docker_compose/compose.yaml.j2 @@ -2,7 +2,7 @@ services: yate: - image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest + image: git.hamburg.ccc.de/ccchh/yate-image/yate-image:latest@sha256:66f77d63dc52c9aeb09481e48b9d62f5f95439f86eab3766fce94daea7b2e26a # command: # - sh # - "-c" From a13d23c7eafd03bb2f2d7b4d87243f4fab583fad Mon Sep 17 00:00:00 2001 From: Renovate Date: Thu, 23 Oct 2025 13:45:41 +0000 Subject: [PATCH 08/12] Update actions/checkout action to v5 --- .forgejo/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index a0fd1d8..a867c13 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -10,7 +10,7 @@ jobs: name: Ansible Lint runs-on: docker steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - name: Install pip run: | apt update From b2961c5664aeecef4d90ed5b6c2f4fb2602d41ec Mon Sep 17 00:00:00 2001 From: June Date: Fri, 24 Oct 2025 18:59:58 +0200 Subject: [PATCH 09/12] renovate: disable rate-limiting --- renovate.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index 9cd0c82..2975de6 100644 --- a/renovate.json +++ b/renovate.json @@ -3,7 +3,8 @@ "extends": [ "config:recommended", // Included in config:best-practices anyway, but added for clarity. "config:best-practices", - ":ignoreUnstable" + ":ignoreUnstable", + ":disableRateLimiting" ], "semanticCommits": "disabled", "packageRules": [ From 658a50d19bdce7d8c66e06d95c98b8ee40542fc0 Mon Sep 17 00:00:00 2001 From: June Date: Fri, 24 Oct 2025 19:18:04 +0200 Subject: [PATCH 10/12] renovate: use rebase stale PRs preset to rebase once base branch updated Use this configuration to always have the fast-forward option. https://docs.renovatebot.com/presets-default/#rebasestaleprs --- renovate.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index 2975de6..56d20ff 100644 --- a/renovate.json +++ b/renovate.json @@ -4,7 +4,8 @@ "config:recommended", // Included in config:best-practices anyway, but added for clarity. "config:best-practices", ":ignoreUnstable", - ":disableRateLimiting" + ":disableRateLimiting", + ":rebaseStalePrs" ], "semanticCommits": "disabled", "packageRules": [ From 37cedb1ad0954b63a4d6509286897ce5639778a5 Mon Sep 17 00:00:00 2001 From: June Date: Fri, 24 Oct 2025 19:28:49 +0200 Subject: [PATCH 11/12] renovate: label all PRs with the "renovate" label --- renovate.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index 56d20ff..13774e4 100644 --- a/renovate.json +++ b/renovate.json @@ -5,7 +5,8 @@ "config:best-practices", ":ignoreUnstable", ":disableRateLimiting", - ":rebaseStalePrs" + ":rebaseStalePrs", + ":label(renovate)" ], "semanticCommits": "disabled", "packageRules": [ From 9da42b59ae169105f940477f07c25950e1232919 Mon Sep 17 00:00:00 2001 From: Renovate Date: Tue, 21 Oct 2025 22:33:22 +0000 Subject: [PATCH 12/12] Update docker.io/pretix/standalone Docker tag to v2025 --- .../chaosknoten/router/nftables/current.conf | 38 +++++++++++++++++++ .../tickets/docker_compose/compose.yaml.j2 | 2 +- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 resources/chaosknoten/router/nftables/current.conf diff --git a/resources/chaosknoten/router/nftables/current.conf b/resources/chaosknoten/router/nftables/current.conf new file mode 100644 index 0000000..91d24a5 --- /dev/null +++ b/resources/chaosknoten/router/nftables/current.conf @@ -0,0 +1,38 @@ +#!/usr/sbin/nft -f + +# only flush tables managed by this file +table inet filter +flush table inet filter + +define LAN_IFS = {net0.2, net0.3} + +table inet filter { + chain input { + type filter hook input priority filter; policy drop; + ip protocol icmp accept + ip6 nexthdr icmpv6 accept + iifname lo accept + ct state related,established accept + + tcp dport 22 accept + iifname $LAN_IFS tcp dport 53 counter accept + iifname $LAN_IFS udp dport 53 counter accept + + iifname net0.3 udp dport 67 counter accept + + iifname $LAN_IFS log prefix "[nftables] Inbound Denied: " counter drop + } + chain forward { + type filter hook forward priority filter; policy drop; + ct state related,established counter accept + + meta nfproto ipv6 iifname $LAN_IFS oifname net2 counter accept + meta nfproto ipv4 iifname $LAN_IFS oifname net1 counter accept + + #iifname net0.2 oifname net0.3 counter accept + iifname $LAN_IFS log prefix "[nftables] Forward Denied: " counter drop + } + chain output { + type filter hook output priority filter; + } +} diff --git a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 index 057da55..5b9bde5 100644 --- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2 @@ -25,7 +25,7 @@ services: backend: pretix: - image: docker.io/pretix/standalone:2024.8@sha256:110bac37efa5f736227f158f38e421ed738d03dccc274dfb415b258ab0f75cfe + image: docker.io/pretix/standalone:2025.8@sha256:21048b37b641ff50320984fc80a9fdf84fbfb37efc7d28484e7ac3ab0e64537a command: ["all"] ports: - "8345:80"