Compare commits

...

3 commits

Author SHA1 Message Date
9acd7ba87b Update all stable non-major dependencies
Some checks failed
/ build (pull_request) Successful in 31s
/ Ansible Lint (pull_request) Failing after 2m42s
/ Ansible Lint (push) Failing after 2m44s
2026-06-28 15:15:47 +00:00
75e574a80b Merge branch 'main' of git.hamburg.ccc.de:CCCHH/ansible-infra
Some checks failed
/ build (push) Successful in 27s
/ Ansible Lint (push) Failing after 2m31s
2026-06-28 17:02:07 +02:00
3e0fdb6074 Configure transmission 2026-06-28 17:02:05 +02:00
19 changed files with 163 additions and 21 deletions

View file

@ -24,7 +24,7 @@ jobs:
# work in our environmnet.
# Rather manually setup python (pip) before instead.
- name: Run ansible-lint
uses: https://github.com/ansible/ansible-lint@v26.3.0
uses: https://github.com/ansible/ansible-lint@v26.4.0
with:
setup_python: "false"
requirements_file: "requirements.yml"

View file

@ -1,5 +1,5 @@
# renovate: datasource=github-releases depName=netbox packageName=netbox-community/netbox
netbox__version: "v4.5.5"
netbox__version: "v4.6.3"
netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}"
netbox__custom_pipeline_oidc_group_and_role_mapping: true

View file

@ -1,7 +1,8 @@
ansible_pull__age_private_key: ENC[AES256_GCM,data:QB0xpxP8pLfE2ExpCRD4joQzoEcbQZTiVEJbX3t9GyFEseZUtnUCO0ysFUc6hRs2BC9hoPXz6k/dZ0vNkniBmqcN5zTofZ8bg94=,iv:3NVVsae+pgbriTNzgT6rGCEzJjw368WgAKfQCi2qsmQ=,tag:AQSIxJCZOZ8dtlvcu4WMuw==,type:str]
transmission__rpc_password: ENC[AES256_GCM,data:PPEIdI/OcuvX8Mh+zNFSOw==,iv:AgHwT6FGmE9sY3H+MQQc291ILbpNKatEoK8W09wrtr4=,tag:M1E0iS8TTNvu2MABboqCSQ==,type:str]
sops:
lastmodified: "2026-06-01T19:05:50Z"
mac: ENC[AES256_GCM,data:ms4yaDEY/2DxC56rxagBRgfkHuy2/AGhZ0om3+gTVfG8/1p7v+qWXuWrNlDjefjhLKVCaf5yl749JZIjs8PP6rTKyTcteqVfoKwx+CFaEA9OmPOaENBV8Kpy2Rrkw8J4UBBKSoTKGFDAGtyysmqbS8eqDuEpb/TbfbbybJUNfe4=,iv:g4IHNmQELptweaqRE7P3LlBTwV+7jt6AfrPowzuziv4=,tag:YkBnOJA5IN1xDhI+umYSow==,type:str]
lastmodified: "2026-06-28T11:50:14Z"
mac: ENC[AES256_GCM,data:c03dDTwriK3lk9HYK5h85ESxC3nvVjBZVIva1ZAbeFu1n8u1IfazBS3NN4NSEZ+TkSW1WdQVKXFiQ9WBawLwLzXSKcmxaOPZuIvxcmbsYGuHAMpO1ODNgvuPP6D6vFl/C+Ew0yRVd72MqlvQKrg46+x6uD+1cvi9w30+EkzV+UY=,iv:UlSDF/0aF0dWYaQc9KAv3pXE1DUflQfFrHIlSt5stJU=,tag:Uj0W//Du0TOugByNFHFf9g==,type:str]
pgp:
- created_at: "2026-06-01T19:05:22Z"
enc: |-
@ -177,4 +178,4 @@ sops:
-----END PGP MESSAGE-----
fp: 41FFAF3D519CF5C039FBD8414BCC213729AF0E49
unencrypted_suffix: _unencrypted
version: 3.12.2
version: 3.13.1

View file

@ -1 +1,93 @@
# add /etc/transmission-remote/settings.json here
transmission__settings:
alt-speed-down: 50
alt-speed-enabled: false
alt-speed-time-begin: 540
alt-speed-time-day: 127
alt-speed-time-enabled: false
alt-speed-time-end: 1020
alt-speed-up: 50
announce-ip: ""
announce-ip-enabled: false
anti-brute-force-enabled: false
anti-brute-force-threshold: 100
bind-address-ipv4: ""
bind-address-ipv6: ""
blocklist-enabled: false
blocklist-url: http://www.example.com/blocklist
cache-size-mb: 4
default-trackers: ""
dht-enabled: true
download-dir: /torrents/complete
download-limit: 100
download-limit-enabled: 0
download-queue-enabled: true
download-queue-size: 5
encryption: 1
idle-seeding-limit: 30
idle-seeding-limit-enabled: false
incomplete-dir: /torrents/incomplete
incomplete-dir-enabled: true
lpd-enabled: true
max-peers-global: 200
message-level: 2
peer-congestion-algorithm: ""
peer-limit-global: 200
peer-limit-per-torrent: 50
peer-port: 51413
peer-port-random-high: 65535
peer-port-random-low: 49152
peer-port-random-on-start: false
peer-socket-tos: le
pex-enabled: true
pidfile: ""
port-forwarding-enabled: false
preallocation: 1
preferred_transport: utp
proxy_url: ""
queue-stalled-enabled: true
queue-stalled-minutes: 30
ratio-limit: 2
ratio-limit-enabled: false
rename-partial-files: true
reqq: 2000
rpc-authentication-required: false
rpc-bind-address: 0.0.0.0
rpc-enabled: true
rpc-host-whitelist: ""
rpc-host-whitelist-enabled: true
rpc-password: '{{ transmission__rpc_password }}'
rpc-port: 9091
rpc-socket-mode: "0750"
rpc-url: /transmission/
rpc-username: ""
rpc-whitelist: 127.0.0.1,::1,172.31.200.*,172.31.201.*,213.240.180.39,2a01:170:118b::1
rpc-whitelist-enabled: true
scrape-paused-torrents-enabled: true
script-torrent-added-enabled: false
script-torrent-added-filename: ""
script-torrent-done-enabled: false
script-torrent-done-filename: ""
script-torrent-done-seeding-enabled: false
script-torrent-done-seeding-filename: ""
seed-queue-enabled: false
seed-queue-size: 10
sequential_download: false
sleep-per-seconds-during-verify: 100
speed-limit-down: 100
speed-limit-down-enabled: false
speed-limit-up: 100
speed-limit-up-enabled: false
start-added-torrents: true
start_paused: false
tcp-enabled: true
torrent-added-verify-mode: fast
trash-original-torrent-files: false
umask: "022"
upload-limit: 100
upload-limit-enabled: 0
upload-slots-per-torrent: 8
utp-enabled: true
watch-dir: /torrents/torrents
watch-dir-enabled: true
watch-dir-force-generic: false

View file

@ -44,6 +44,9 @@ nginx_hosts:
ola_hosts:
hosts:
light:
transmission:
hosts:
opensourcetorrents:
proxmox_vm_template_hosts:
hosts:
thinkcccore0:

View file

@ -156,3 +156,10 @@
- knot
tags:
- knot
- name: Setup transmission
hosts: transmission
roles:
- transmission
tags:
- transmission

View file

@ -2,7 +2,7 @@
services:
oauth2-proxy:
container_name: oauth2-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1
image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.3
command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy
volumes:

View file

@ -2,7 +2,7 @@
services:
prometheus:
image: docker.io/prom/prometheus:v3.10.0
image: docker.io/prom/prometheus:v3.12.0
container_name: prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
@ -19,7 +19,7 @@ services:
- prom_data:/prometheus
alertmanager:
image: docker.io/prom/alertmanager:v0.31.1
image: docker.io/prom/alertmanager:v0.33.0
container_name: alertmanager
command:
- '--config.file=/etc/alertmanager/alertmanager.yaml'
@ -32,7 +32,7 @@ services:
- alertmanager_data:/alertmanager
grafana:
image: docker.io/grafana/grafana:13.0.1
image: docker.io/grafana/grafana:13.1.0
container_name: grafana
ports:
- 3000:3000
@ -46,7 +46,7 @@ services:
- graf_data:/var/lib/grafana
pve-exporter:
image: docker.io/prompve/prometheus-pve-exporter:3.8.2
image: docker.io/prompve/prometheus-pve-exporter:3.9.0
container_name: pve-exporter
ports:
- 9221:9221
@ -59,7 +59,7 @@ services:
- /dev/null:/etc/prometheus/pve.yml
loki:
image: docker.io/grafana/loki:3.7.1
image: docker.io/grafana/loki:3.7.3
container_name: loki
ports:
- 13100:3100

View file

@ -22,7 +22,7 @@
services:
keycloak:
image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.6.0
image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.6.3
pull_policy: always
restart: unless-stopped
command: start --optimized

View file

@ -1,7 +1,7 @@
---
services:
ntfy:
image: docker.io/binwiederhier/ntfy:v2.20.1
image: docker.io/binwiederhier/ntfy:v2.25.0
container_name: ntfy
command:
- serve

View file

@ -4,7 +4,7 @@
services:
onlyoffice:
image: docker.io/onlyoffice/documentserver:9.3.1
image: docker.io/onlyoffice/documentserver:9.4.0
restart: unless-stopped
volumes:
- "./onlyoffice/DocumentServer/logs:/var/log/onlyoffice"

View file

@ -13,7 +13,7 @@ services:
restart: unless-stopped
app:
image: quay.io/hedgedoc/hedgedoc:1.10.8
image: quay.io/hedgedoc/hedgedoc:1.11.0
environment:
- "CMD_DB_URL=postgres://hedgedoc:{{ secret__hedgedoc_db_password }}@database:5432/hedgedoc"
- "CMD_DOMAIN=pad.hamburg.ccc.de"

View file

@ -15,7 +15,7 @@ services:
- pretalx_net
redis:
image: docker.io/library/redis:8.6.2
image: docker.io/library/redis:8.8.0
restart: unless-stopped
volumes:
- redis:/data
@ -23,7 +23,7 @@ services:
- pretalx_net
static:
image: docker.io/library/nginx:1.29.7
image: docker.io/library/nginx:1.31.2
restart: unless-stopped
volumes:
- public:/usr/share/nginx/html

View file

@ -3,7 +3,7 @@
services:
db:
image: mariadb:12.2.2
image: mariadb:12.3.2
command: --max_allowed_packet=3250585600
environment:
MYSQL_ROOT_PASSWORD: "{{ secret__sunders_db_root_password }}"

View file

@ -13,7 +13,7 @@ services:
restart: unless-stopped
redis:
image: docker.io/library/redis:8.6.2
image: docker.io/library/redis:8.8.0
ports:
- "6379:6379"
volumes:

View file

@ -4,7 +4,7 @@
services:
database:
image: docker.io/library/postgres:18.3
image: docker.io/library/postgres:18.4
restart: always
volumes:
- ./database:/var/lib/postgresql
@ -16,7 +16,7 @@ services:
- gatus
gatus:
image: ghcr.io/twin/gatus:v5.35.0
image: ghcr.io/twin/gatus:v5.36.0
restart: always
ports:
- "8080:8080"

View file

@ -0,0 +1,13 @@
#!/bin/sh
#
# Update the transmission settings.json. For the update, stop transmission,
# put the new file in place, and restart it.
#
set -e
systemctl stop transmission-daemon
cp /etc/transmission-daemon/settings-ansible.json /etc/transmission-daemon/settings.json
chmod 0660 /etc/transmission-daemon/settings.json
systemctl start transmission-daemon

View file

@ -0,0 +1,3 @@
- name: update transmission settings
ansible.builtin.command: /usr/local/sbin/update-transmission-settings
become: true

View file

@ -0,0 +1,23 @@
- name: ensure transmission-daemon is installed
ansible.builtin.apt:
name: transmission-daemon
state: present
become: true
- name: ensure update-transmission-settings is deployed
ansible.builtin.copy:
src: "update-transmission-settings"
dest: "/usr/local/sbin/update-transmission-settings"
owner: root
group: root
mode: "0750"
become: true
notify: update transmission settings
- name: ensure transmission settings are deployed
ansible.builtin.copy:
content: '{{ transmission__settings | to_json(indent=4, sort_keys=True) }}'
dest: "/etc/transmission-daemon/settings-ansible.json"
owner: debian-transmission
group: debian-transmission
mode: "0750"
become: true
notify: update transmission settings