From d26d013d84d7b1307355f65617cf1352254e6d2b Mon Sep 17 00:00:00 2001 From: Renovate Date: Fri, 6 Mar 2026 18:54:42 +0000 Subject: [PATCH 1/3] Update docker.io/library/mariadb Docker tag to v12 --- resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 index c2108d8..f359f47 100644 --- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/mariadb:11 + image: docker.io/library/mariadb:12 environment: - "MARIADB_DATABASE=wordpress" - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}" From 0788fde69dd514a9e891ac00d493eaea01b7d78a Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 5 Mar 2026 20:23:36 +0100 Subject: [PATCH 2/3] only allow sops encryption of *.sops.* files --- .sops.yaml | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index c659d62..fcb0b45 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -43,170 +43,170 @@ keys: creation_rules: ## group vars - - path_regex: inventories/chaosknoten/group_vars/all.* + - path_regex: "inventories/chaosknoten/group_vars/.+\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: *host_chaosknoten_age_keys - - path_regex: inventories/external/group_vars/all.* + - path_regex: "inventories/external/group_vars/.+\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: *host_external_age_keys - - path_regex: inventories/z9/group_vars/all.* + - path_regex: "inventories/z9/group_vars/.+\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys ## host vars # chaosknoten hosts - - path_regex: inventories/chaosknoten/host_vars/acmedns.* + - path_regex: "inventories/chaosknoten/host_vars/acmedns\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_acmedns_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/cloud.* + - path_regex: "inventories/chaosknoten/host_vars/cloud\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_cloud_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/keycloak.* + - path_regex: "inventories/chaosknoten/host_vars/keycloak\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_keycloak_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/grafana.* + - path_regex: "inventories/chaosknoten/host_vars/grafana\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_grafana_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/pad.* + - path_regex: "inventories/chaosknoten/host_vars/pad\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_pad_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/ccchoir.* + - path_regex: "inventories/chaosknoten/host_vars/ccchoir\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_ccchoir_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/pretalx.* + - path_regex: "inventories/chaosknoten/host_vars/pretalx\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_pretalx_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/netbox.* + - path_regex: "inventories/chaosknoten/host_vars/netbox\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_netbox_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/tickets.* + - path_regex: "inventories/chaosknoten/host_vars/tickets\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_tickets_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/onlyoffice.* + - path_regex: "inventories/chaosknoten/host_vars/onlyoffice\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_onlyoffice_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/zammad.* + - path_regex: "inventories/chaosknoten/host_vars/zammad\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_zammad_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/ntfy.* + - path_regex: "inventories/chaosknoten/host_vars/ntfy\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_ntfy_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/eh22-wiki.* + - path_regex: "inventories/chaosknoten/host_vars/eh22-wiki\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_eh22_wiki_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/sunders.* + - path_regex: "inventories/chaosknoten/host_vars/sunders\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_sunders_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/wiki.* + - path_regex: "inventories/chaosknoten/host_vars/wiki\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_wiki_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/renovate.* + - path_regex: "inventories/chaosknoten/host_vars/renovate\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_renovate_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/lists.* + - path_regex: "inventories/chaosknoten/host_vars/lists\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_lists_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/mumble.* + - path_regex: "inventories/chaosknoten/host_vars/mumble\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_mumble_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy.* + - path_regex: "inventories/chaosknoten/host_vars/public-reverse-proxy\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_public_reverse_proxy_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/spaceapiccc.* + - path_regex: "inventories/chaosknoten/host_vars/spaceapiccc\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_spaceapiccc_ansible_pull_age_key - - path_regex: inventories/chaosknoten/host_vars/mjolnir.* + - path_regex: "inventories/chaosknoten/host_vars/mjolnir\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_mjolnir_ansible_pull_age_key # external hosts - - path_regex: inventories/external/host_vars/status.* + - path_regex: "inventories/external/host_vars/status\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys age: - *host_status_ansible_pull_age_key # z9 hosts - - path_regex: inventories/z9/host_vars/dooris.* + - path_regex: "inventories/z9/host_vars/dooris\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys - - path_regex: inventories/z9/host_vars/yate.* + - path_regex: "inventories/z9/host_vars/yate\\.sops\\..+" key_groups: - pgp: *admin_gpg_keys # general - - key_groups: - - pgp: - *admin_gpg_keys + - path_regex: ".+\\.sops\\..+" + key_groups: + - pgp: *admin_gpg_keys stores: yaml: From cabebd26b06bf3225b673784eab619ab4a2c9ab6 Mon Sep 17 00:00:00 2001 From: Renovate Date: Fri, 6 Mar 2026 19:30:58 +0000 Subject: [PATCH 3/3] Update docker.io/library/mariadb Docker tag to v12 --- resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 index c2108d8..f359f47 100644 --- a/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/ccchoir/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/mariadb:11 + image: docker.io/library/mariadb:12 environment: - "MARIADB_DATABASE=wordpress" - "MARIADB_ROOT_PASSWORD={{ secret__mariadb_root_password }}"