From 3a09c107b93d9816f103353105c0fe4900beea58 Mon Sep 17 00:00:00 2001 From: lilly Date: Sat, 6 Jun 2026 14:58:56 +0200 Subject: [PATCH 1/5] knot: use explicit ansible_facts reference --- roles/knot/templates/netplan-disable-ra.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/knot/templates/netplan-disable-ra.yaml b/roles/knot/templates/netplan-disable-ra.yaml index 505fba2..af7fd8d 100644 --- a/roles/knot/templates/netplan-disable-ra.yaml +++ b/roles/knot/templates/netplan-disable-ra.yaml @@ -1,7 +1,7 @@ # {{ ansible_managed }} network: ethernets: - {%- for i_iface_name in ansible_interfaces -%} + {%- for i_iface_name in ansible_facts["interfaces"] -%} {%- if i_iface_name != "lo" -%} {%- set i_iface = ansible_facts[i_iface_name] %} From 8ca5d82d390cb7b7dd04370bc9ae59b76ffb877d Mon Sep 17 00:00:00 2001 From: lilly Date: Sat, 6 Jun 2026 14:58:56 +0200 Subject: [PATCH 2/5] knot: fix templating inconsistency in netplan config --- roles/knot/templates/netplan-disable-ra.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/knot/templates/netplan-disable-ra.yaml b/roles/knot/templates/netplan-disable-ra.yaml index af7fd8d..bad31a5 100644 --- a/roles/knot/templates/netplan-disable-ra.yaml +++ b/roles/knot/templates/netplan-disable-ra.yaml @@ -11,4 +11,3 @@ network: accept-ra: false {% endif %} {% endfor %} - From 66e009507020a14de75882cff089a5ef3b77d99c Mon Sep 17 00:00:00 2001 From: lilly Date: Sat, 6 Jun 2026 14:58:56 +0200 Subject: [PATCH 3/5] add zone diday.org. to authoritative DNS --- .../chaosknoten/host_vars/auth-dns.yaml | 5 +++ .../chaosknoten/auth-dns/zones/diday.org.zone | 45 +++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 resources/chaosknoten/auth-dns/zones/diday.org.zone diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index c94a9e7..8c0404e 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -42,6 +42,11 @@ knot__zones: notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone') }}" + - domain: "diday.org." + catalog_member: "hamburg.ccc.de.catalog." + notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/diday.org.zone') }}" + - domain: "3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa." notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" diff --git a/resources/chaosknoten/auth-dns/zones/diday.org.zone b/resources/chaosknoten/auth-dns/zones/diday.org.zone new file mode 100644 index 0000000..18e3efb --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/diday.org.zone @@ -0,0 +1,45 @@ +$TTL 3600 ; 1 minutes +@ SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( + 1 ; serial (overwritten by knot automatically) + 10800 ; refresh + 3600 ; retry + 3600000 ; expire + 86400 ; minimum/negative ttl + ) + +@ NS auth-dns.hamburg.ccc.de. +@ NS ns.vie.ccc.de. + + + +; +; Main Site +; +*.diday.org. A 212.12.48.125 +*.diday.org. AAAA 2a00:14b0:4200:3000:125::1 +diday.org. A 212.12.48.125 +diday.org. AAAA 2a00:14b0:4200:3000:125::1 +diday.org. TXT "google-site-verification=pJq0LANnNJlkIflKgwbBOOt8GLuU5ywlW6RXhtPwdmE" + +; +; Mail Setup +; +diday.org. MX 10 cow.hamburg.ccc.de. +diday.org. TXT "v=spf1 mx ip4:212.12.51.133 ip6:2a00:14b0:f000:23:51:133:0:1 ip4:212.12.48.122 ip6:2a00:14b0:4200:3000:122::1 -all" +_dmarc.diday.org. TXT "v=DMARC1; p=none" +dkim._domainkey.diday.org. TXT "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2YlBjR5oNm7eDeMXmQF6Izx1A17+vBHNapHlV2Rlj3N4Cjo9kSn0y8rlrqkASUKszDgToGrh1vkHhtYN6EE5QS5iVVSnXcWPiHnBzrxK4OmhVZZtrgGsM17pq9udAEEapc371dQQsL3WhXOvilGGSIQ9u5VDlc+y/ApXi79J6DHSf66t0JUU1e8vLn8ZI8hcXe3nsHXqbW4ot24rk8EvaugsK40jbhqxZ+BrJTBq/iP8w5RsF6KdYjTaqPfr/D4dbvUU6fc8jLyy3OWZgSkkOmv7m0UdbOm2Kk6c+1hNjQJZVEhQrpGrpAcjE37/v8ZNbQMgaasiugH6ElnKb13ZQIDAQAB +" + +events.diday.org. A 91.98.167.209 +events.diday.org. AAAA 2a01:4f8:c2c:44b::1 +termine.diday.org. CNAME events.diday.org. + + +; +; Local Delegation or sub-sites +; +darmstadt.diday.org. DS 60883 14 2 351d5314bd499060db6de802dc06104cc9ef54ce91c783def8d20e2e9cd99b99 +darmstadt.diday.org. DS 60883 14 4 4dc93f94c226ecdbb0adbae32064c5ff9a52e9be80973a2ff99218e7bc5af19ab50d9f13f552f1a7900f781fbd7e8205 +darmstadt.diday.org. NS jerry.hax404.de. +darmstadt.diday.org. NS summer.hax404.de. + From 5f94d7f284ce81657e0ef87346ff842effb63d67 Mon Sep 17 00:00:00 2001 From: lilly Date: Sat, 6 Jun 2026 16:26:47 +0200 Subject: [PATCH 4/5] remove ns-intern.hamburg.ccc.de from notify targets of our domains --- inventories/chaosknoten/host_vars/auth-dns.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 8c0404e..41b11ae 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -19,34 +19,34 @@ knot__catalog_zones: knot__zones: - domain: "hh.ccc.de." catalog_member: "hamburg.ccc.de.catalog." - notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] + notify_targets: [ "ns.vie.ccc.de", "ns2.vie.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone') }}" - domain: "ccchh.net." catalog_member: "hamburg.ccc.de.catalog." - notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] + notify_targets: [ "ns.vie.ccc.de", "ns2.vie.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/ccchh.net.zone') }}" - domain: "hamburg.ccc.de." catalog_member: "hamburg.ccc.de.catalog." - notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] + notify_targets: [ "ns.vie.ccc.de", "ns2.vie.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone') }}" - domain: "eh20.easterhegg.eu." catalog_member: "hamburg.ccc.de.catalog." - notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] + notify_targets: [ "ns.vie.ccc.de", "ns2.vie.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone') }}" - domain: "eh22.easterhegg.eu." catalog_member: "hamburg.ccc.de.catalog." - notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] + notify_targets: [ "ns.vie.ccc.de", "ns2.vie.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone') }}" - domain: "diday.org." catalog_member: "hamburg.ccc.de.catalog." - notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] + notify_targets: [ "ns.vie.ccc.de", "ns2.vie.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/diday.org.zone') }}" - domain: "3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa." - notify_targets: [ "ns-intern.hamburg.ccc.de", "ns.vie.ccc.de", "ns2.vie.ccc.de" ] + notify_targets: [ "ns.vie.ccc.de", "ns2.vie.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" From ca8b08743539ec1bf20eb01505650a183a734928 Mon Sep 17 00:00:00 2001 From: Renovate Date: Sat, 6 Jun 2026 14:31:11 +0000 Subject: [PATCH 5/5] Update docker.io/library/postgres Docker tag to v18 --- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- resources/chaosknoten/lists/docker_compose/compose.yaml.j2 | 2 +- resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 19aca7b..7d0ee89 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 33 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.18 +nextcloud__postgres_version: 18.4 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml.j2 b/resources/chaosknoten/lists/docker_compose/compose.yaml.j2 index db605b5..58d1ed5 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml.j2 @@ -62,7 +62,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - "POSTGRES_PASSWORD={{ secret__lists__postgres_password }}" - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:18-alpine volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 0bbfcb8..091bd44 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"