Merge branch 'master' into master

Merge pull request 'Update shlinkio/shlink Docker tag to v4.4.4' (#484 ) from renovate/shlinkio-shlink-4.x into master
Reviewed-on: Netz39_Admin/netz39-infra-ansible#484
2025-02-21 17:45:58 +01:00 · 2025-02-21 17:41:12 +01:00 · 2025-02-21 17:41:01 +01:00 · 2025-02-21 17:40:38 +01:00 · 2025-02-21 17:40:19 +01:00 · 2025-02-21 17:40:02 +01:00
15 changed files with 40 additions and 39 deletions
--- a/.yamllint
+++ b/.yamllint
@ -2,6 +2,7 @@
 extends: default

 rules:
+  comments-indentation: disable
  line-length: disable
  truthy:
    allowed-values:
--- a/group-k3s.yml
+++ b/group-k3s.yml
@ -6,4 +6,4 @@
    - name: Ensure nfs-common is installed on k3s VMs
      ansible.builtin.apt:
        pkg: nfs-common
-        state: present
+        state: present
--- a/host-beaker.yml
+++ b/host-beaker.yml
@ -22,6 +22,6 @@
      ansible.builtin.lineinfile:
        path: /etc/pve/user.cfg
        regexp: "^group:Admins:"
-        line: "group:Admins:{{ users | map(attribute = 'logname') | join(\"@pam,\") }}@pam::"
+        line: "group:Admins:{{ users | map(attribute='logname') | join(\"@pam,\") }}@pam::"

  handlers:
--- a/host-krypton.yml
+++ b/host-krypton.yml
@ -98,9 +98,9 @@
        rule: allow
        port: '389'
        proto: tcp
-        from: "{{  item  }}"
+        from: "{{ item }}"
        comment: LDAP Docker Access
-      loop: "{{  docker_ip_ranges  }}"
+      loop: "{{ docker_ip_ranges }}"

    - name: Allow access to openLDAP from local docker container [2/2]
      become: true
@ -108,9 +108,9 @@
        rule: allow
        port: '636'
        proto: tcp
-        from: "{{  item  }}"
+        from: "{{ item }}"
        comment: LDAP Docker Access
-      loop: "{{  docker_ip_ranges  }}"
+      loop: "{{ docker_ip_ranges }}"


    - name: Ensure container for entities validation service is running
--- a/host-platon.yml
+++ b/host-platon.yml
@ -141,7 +141,7 @@
        mode: "0644"
      register: wiringPi_copy

-    - name: Install wiringPi library  # noqa 503
+    - name: Install wiringPi library  # noqa: no-handler
      ansible.builtin.apt:
        state: present
        deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
--- a/host-radon.yml
+++ b/host-radon.yml
@ -13,7 +13,7 @@
    nodered_image: nodered/node-red:3.0.1-1-18
    nodered_data: "{{ data_dir }}/nodered"

-    rabbitmq_image: bitnami/rabbitmq:4.0.5
+    rabbitmq_image: bitnami/rabbitmq:4.0.6
    rabbitmq_data: "{{ data_dir }}/rabbitmq"

    pwr_meter_pulse_gw_image: netz39/power-meter-pulse-gateway:0.3.0
--- a/host-unicorn.yml
+++ b/host-unicorn.yml
@ -13,7 +13,7 @@
    - name: Setup the docker container for unifi-controller
      docker_container:
        name: unifi-controller
-        image: jacobalberty/unifi:v9.0.108
+        image: jacobalberty/unifi:v9.0.114
        state: started
        restart_policy: unless-stopped
        container_default_behavior: no_defaults
@ -22,13 +22,13 @@
        # These fixed ports are needed.
        # https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used
        ports:
-          - "8080:8080/tcp"   # Device command/control
-          - "8443:8443/tcp"   # Web interface + API
-          - "8843:8843/tcp"   # HTTPS portal
-          - "8880:8880/tcp"   # HTTP portal
-          - "3478:3478/udp"   # STUN service
-          - "6789:6789/tcp"   # Speed Test (unifi5 only)
-          - "10001:10001/udp" # Used for device discovery.
+          - "8080:8080/tcp"     # Device command/control
+          - "8443:8443/tcp"     # Web interface + API
+          - "8843:8843/tcp"     # HTTPS portal
+          - "8880:8880/tcp"     # HTTP portal
+          - "3478:3478/udp"     # STUN service
+          - "6789:6789/tcp"     # Speed Test (unifi5 only)
+          - "10001:10001/udp"   # Used for device discovery.
        volumes:
          - "{{ data_dir }}/unifi-controller/data:/unifi/data"
          - "{{ data_dir }}/unifi-controller/log:/unifi/log"
--- a/host-wittgenstein.yml
+++ b/host-wittgenstein.yml
@ -94,7 +94,7 @@
        force: no
      register: wiringPi_download

-    - name: Install wiringPi library  # noqa 503
+    - name: Install wiringPi library  # noqa: no-handler
      ansible.builtin.apt:
        state: present
        deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
@ -140,13 +140,13 @@
        detach: yes
        restart_policy: unless-stopped
        ports:
-          - "0.0.0.0:{{ spaceapi_host_port }}:8080" # Must be reached by pottwal
+          - "0.0.0.0:{{ spaceapi_host_port }}:8080"   # Must be reached by pottwal
 #          - "127.0.0.1:{{ spaceapi_host_port }}:8080"
        env:
          TZ: "{{ timezone }}"
          MQTT_BROKER: "platon.n39.eu"
          MQTT_TOPIC_STATUS: "{{ spaceapi_topic_status }}"
-          MQTT_TOPIC_LASTCHANGE:  "{{ spaceapi_topic_lastchange }}"
+          MQTT_TOPIC_LASTCHANGE: "{{ spaceapi_topic_lastchange }}"
      tags:
        - spaceapi

--- a/host_vars/pottwal.n39.eu/vars.yml
+++ b/host_vars/pottwal.n39.eu/vars.yml
@ -12,23 +12,23 @@ cleanuri_amqp_vhost: "/cleanuri"
 forgejo_host_port: 9091
 forgejo_ssh_port: 2222
 forgejo_domain_name: git.n39.eu
-forgejo_image: codeberg.org/forgejo/forgejo:10.0.0
+forgejo_image: codeberg.org/forgejo/forgejo:10.0.1

 shlink_host_port: 8083
 shlink_domain_name: sl.n39.eu
-shlink_image: shlinkio/shlink:4.4.0
+shlink_image: shlinkio/shlink:4.4.4
 shlink_initial_api_key: "{{ vault_shlink_initial_api_key }}"
 shlink_postgres_password: "{{ vault_shlink_postgres_password }}"

 hedgedoc_host_port: 8084
 hedgedoc_domain_name: pad.n39.eu
-hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.10.0
+hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.10.2
 hedgedoc_db_image: postgres:16.4-alpine
 hedgedoc_postgres_password: "{{ vault_hedgedoc_postgres_password }}"

 redmine_host_port: 8087
 redmine_domain_name: redmine.n39.eu
-redmine_image: redmine:6.0.2
+redmine_image: redmine:6.0.3
 redmine_mysql_image: mysql:8.4
 redmine_database: redmine
 redmine_database_password: "{{ vault_redmine_database_password }}"
@ -42,7 +42,7 @@ influxdb_init_password: "{{ vault_influxdb_init_password }}"
 jabber_host_port: 8086
 prosody_domain_name: jabber.n39.eu
 prosody_image: netz39/prosody:0.11
-prosody_web_image: joseluisq/static-web-server:2.35
+prosody_web_image: joseluisq/static-web-server:2.36
 prosody_config_dir: "/etc/prosody"
 prosody_data_dir: "{{ data_dir }}/prosody"

@ -52,14 +52,14 @@ uptimekuma_image: louislam/uptime-kuma:1.23.16

 grafana_host_port: 8089
 grafana_domain_name: grafana.n39.eu
-grafana_image: grafana/grafana:11.4.0
+grafana_image: grafana/grafana:11.5.2
 grafana_admin_password: "{{ vault_grafana_admin_password }}"

 homebox_host_port: 8092
 homebox_domain_name: inventory.n39.eu
 homebox_image: ghcr.io/hay-kot/homebox:v0.10.3

-renovate_image: renovate/renovate:39.84.0
+renovate_image: renovate/renovate:39.161.0
 renovate_forgejo_pat: "{{ vault_renovate_forgejo_pat }}"
 renovate_github_pat: "{{ vault_renovate_github_pat }}"
 renovate_git_user: "Renovate Bot <accounts+renovatebot@netz39.de>"
--- a/host_vars/radon.n39.eu/vars.yml
+++ b/host_vars/radon.n39.eu/vars.yml
@ -11,4 +11,3 @@ kiosk_grafana_user: "{{ vault_kiosk_grafana_user }}"
 kiosk_grafana_pass: "{{ vault_kiosk_grafana_pass }}"
 kiosk_mqtt_host: "mqtt.n39.eu"
 kiosk_mqtt_topic: "Netz39/Things/HackingDashboard/Screenshot"
-
--- a/host_vars/wittgenstein.n39.eu/vars.yml
+++ b/host_vars/wittgenstein.n39.eu/vars.yml
@ -1,3 +1,4 @@
+---
 server_admin: "admin+wittgenstein@netz39.de"
 mac: "b8:27:eb:48:f1:59"
 ansible_python_interpreter: /usr/bin/python3
--- a/roles/cleanuri/tasks/main.yml
+++ b/roles/cleanuri/tasks/main.yml
@ -35,7 +35,7 @@
    env:
      TZ: "{{ timezone }}"
      AMQP_HOST: "{{ cleanuri_amqp_host }}"
-      AMQP_USER: "{{ cleanuri_amqp_user  }}"
+      AMQP_USER: "{{ cleanuri_amqp_user }}"
      AMQP_PASS: "{{ cleanuri_amqp_pass }}"
      AMQP_VHOST: "{{ cleanuri_amqp_vhost }}"
      GATEWAY_RESULT_QUEUE: "{{ cleanuri_amqp_results }}"
@ -52,7 +52,7 @@
    env:
      TZ: "{{ timezone }}"
      AMQP_HOST: "{{ cleanuri_amqp_host }}"
-      AMQP_USER: "{{ cleanuri_amqp_user  }}"
+      AMQP_USER: "{{ cleanuri_amqp_user }}"
      AMQP_PASS: "{{ cleanuri_amqp_pass }}"
      AMQP_VHOST: "{{ cleanuri_amqp_vhost }}"
      CANONIZER_TASK_QUEUE: "{{ cleanuri_amqp_canonizer }}"
@ -69,7 +69,7 @@
    env:
      TZ: "{{ timezone }}"
      AMQP_HOST: "{{ cleanuri_amqp_host }}"
-      AMQP_USER: "{{ cleanuri_amqp_user  }}"
+      AMQP_USER: "{{ cleanuri_amqp_user }}"
      AMQP_PASS: "{{ cleanuri_amqp_pass }}"
      AMQP_VHOST: "{{ cleanuri_amqp_vhost }}"
      EXTRACTION_TASK_QUEUE: "{{ cleanuri_amqp_retrieval }}"
--- a/roles/docker_setup/tasks/main.yml
+++ b/roles/docker_setup/tasks/main.yml
@ -34,7 +34,7 @@
    dest: /etc/apt/sources.list.d/docker.list
  register: apt_repo

- name: Update package cache  # noqa 503
+- name: Update package cache  # noqa: no-handler
  ansible.builtin.apt:
    update_cache: true
  when: apt_repo.changed
--- a/roles/nfs-host/tasks/main.yml
+++ b/roles/nfs-host/tasks/main.yml
@ -3,9 +3,9 @@
  ansible.builtin.apt:
    state: present
    name:
-    - nfs-kernel-server
-    - nfs-common
-    - parted
+      - nfs-kernel-server
+      - nfs-common
+      - parted

 - name: Create a new ext4 primary partition
  community.general.parted:
--- a/roles/nginx_https_ingress/tasks/main.yml
+++ b/roles/nginx_https_ingress/tasks/main.yml
@ -8,9 +8,9 @@
  ansible.builtin.apt:
    state: present
    name:
-    - apt-transport-https
-    - ca-certificates
-    - gnupg2
+      - apt-transport-https
+      - ca-certificates
+      - gnupg2

 ### Setup APT cache for the nginx repository
 #
@ -33,7 +33,7 @@
    src: files/apt-preference-99nginx
    dest: /etc/apt/preferences.d/99nginx

- name: Update package cache # noqa 503
+- name: Update package cache  # noqa: no-handler
  ansible.builtin.apt:
    update_cache: true
  when: apt_repo.changed
@ -45,7 +45,7 @@
    state: present
    name:
    # This version of nginx comes with the ngx_stream_core_module module
-    - nginx
+      - nginx


 ### Configuration
Author	SHA1	Message	Date
0Ry5	ddd033c14a	Merge branch 'master' into master	2025-02-21 17:45:58 +01:00
Stefan Haun	2fe2420a10	Merge pull request 'Update shlinkio/shlink Docker tag to v4.4.4' (#484 ) from renovate/shlinkio-shlink-4.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#484	2025-02-21 17:41:12 +01:00
Renovate Bot	028e4ffadd	chore(deps): update shlinkio/shlink docker tag to v4.4.4	2025-02-21 17:41:01 +01:00
Stefan Haun	12c0b271a9	Merge pull request 'Update grafana/grafana Docker tag to v11.5.2' (#485 ) from renovate/grafana-grafana-11.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#485	2025-02-21 17:40:38 +01:00
Renovate Bot	0cc1d052ad	chore(deps): update grafana/grafana docker tag to v11.5.2	2025-02-21 17:40:19 +01:00
Stefan Haun	41875c04b2	Merge pull request 'Update quay.io/hedgedoc/hedgedoc Docker tag to v1.10.2' (#483 ) from renovate/quay.io-hedgedoc-hedgedoc-1.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#483	2025-02-21 17:40:02 +01:00
Renovate Bot	635b87a300	chore(deps): update quay.io/hedgedoc/hedgedoc docker tag to v1.10.2	2025-02-21 17:39:44 +01:00
Stefan Haun	38ecaf4e92	Merge pull request 'Update joseluisq/static-web-server Docker tag to v2.36' (#481 ) from renovate/joseluisq-static-web-server-2.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#481 Reviewed-by: Alexander Dahl <alex@netz39.de>	2025-02-21 17:38:34 +01:00
Renovate Bot	7a08b136ab	Update joseluisq/static-web-server Docker tag to v2.36	2025-02-21 14:18:59 +00:00
Stefan Haun	540f489a04	Merge pull request 'Update bitnami/rabbitmq Docker tag to v4.0.6' (#482 ) from renovate/bitnami-rabbitmq-4.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#482	2025-02-21 14:41:59 +01:00
Renovate Bot	c1acfd6671	chore(deps): update bitnami/rabbitmq docker tag to v4.0.6	2025-02-21 14:41:36 +01:00
Stefan Haun	517bf90b7b	Merge pull request '🚨 reduce ansible-lint warning count (trivial yaml and jinja warnings)' (#486 ) from lint into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#486 Reviewed-by: Stefan Haun <tux@netz39.de>	2025-02-20 10:10:01 +01:00
Alexander Dahl	71f68604d7	🔧 yamllint: Disable comment-indentation warnings Looked at the first three or five warnings, and those all look sane. The linter seems to be overly picky here. ansible-lint is happy about yaml now: % ansible-lint -t yaml Passed with production profile: 0 failure(s), 0 warning(s) on 142 files. Link: https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.comments_indentation	2025-02-20 08:23:17 +01:00
Alexander Dahl	41ab4622b3	🚨 Fix trivial jinja spacing warnings Fixes the following ansible-lint warnings: jinja[spacing]: Jinja2 spacing could be improved: group:Admins:{{ users \| map(attribute = 'logname') \| join("@pam,") }}@pam:: -> group:Admins:{{ users \| map(attribute='logname') \| join("@pam,") }}@pam:: (warning) host-beaker.yml:23 Jinja2 template rewrite recommendation: `group:Admins:{{ users \| map(attribute='logname') \| join("@pam,") }}@pam::`. jinja[spacing]: Jinja2 spacing could be improved: {{ docker_ip_ranges }} -> {{ docker_ip_ranges }} (warning) host-krypton.yml:95 Jinja2 template rewrite recommendation: `{{ docker_ip_ranges }}`. jinja[spacing]: Jinja2 spacing could be improved: {{ item }} -> {{ item }} (warning) host-krypton.yml:98 Jinja2 template rewrite recommendation: `{{ item }}`. jinja[spacing]: Jinja2 spacing could be improved: {{ docker_ip_ranges }} -> {{ docker_ip_ranges }} (warning) host-krypton.yml:105 Jinja2 template rewrite recommendation: `{{ docker_ip_ranges }}`. jinja[spacing]: Jinja2 spacing could be improved: {{ item }} -> {{ item }} (warning) host-krypton.yml:108 Jinja2 template rewrite recommendation: `{{ item }}`. jinja[spacing]: Jinja2 spacing could be improved: {{ cleanuri_amqp_user }} -> {{ cleanuri_amqp_user }} (warning) roles/cleanuri/tasks/main.yml:36 Jinja2 template rewrite recommendation: `{{ cleanuri_amqp_user }}`. jinja[spacing]: Jinja2 spacing could be improved: {{ cleanuri_amqp_user }} -> {{ cleanuri_amqp_user }} (warning) roles/cleanuri/tasks/main.yml:53 Jinja2 template rewrite recommendation: `{{ cleanuri_amqp_user }}`. jinja[spacing]: Jinja2 spacing could be improved: {{ cleanuri_amqp_user }} -> {{ cleanuri_amqp_user }} (warning) roles/cleanuri/tasks/main.yml:70 Jinja2 template rewrite recommendation: `{{ cleanuri_amqp_user }}`.	2025-02-20 06:43:59 +01:00
Alexander Dahl	a0021c4979	🚨 Add more spaces before comment Fixes the following ansible-lint warnings: yaml[comments]: Too few spaces before comment host-unicorn.yml:31 yaml[comments]: Too few spaces before comment host-wittgenstein.yml:143	2025-02-19 22:01:13 +01:00
Alexander Dahl	cbbcccdcae	🚨 Remove extra blank line Fixes the following ansible-lint warning: yaml[empty-lines]: Too many blank lines (1 > 0) host_vars/radon.n39.eu/vars.yml:14	2025-02-19 21:58:48 +01:00
Alexander Dahl	42710413d7	🚨 Add missing document start Fixes the following ansible-lint warning: yaml[document-start]: Missing document start "---" host_vars/wittgenstein.n39.eu/vars.yml:1	2025-02-19 21:57:30 +01:00
Alexander Dahl	a9e5a509a5	🚨 Fix wrong indentation Fixes the following ansible-lint warnings: yaml[indentation]: Wrong indentation: expected 6 but found 4 roles/nfs-host/tasks/main.yml:6 yaml[indentation]: Wrong indentation: expected 6 but found 4 roles/nginx_https_ingress/tasks/main.yml:11 yaml[indentation]: Wrong indentation: expected 6 but found 4 roles/nginx_https_ingress/tasks/main.yml:48	2025-02-19 21:55:53 +01:00
Alexander Dahl	fa7e94403f	🚨 Remove extra spaces Fixes the following ansible-lint warning: yaml[colons]: Too many spaces after colon host-wittgenstein.yml:149	2025-02-19 21:52:39 +01:00
Alexander Dahl	3730c67be0	🚨 Add newline at eof Fixes the following ansible-lint warning: yaml[new-line-at-end-of-file]: No new line character at the end of file group-k3s.yml:9	2025-02-19 21:49:57 +01:00
Alexander Dahl	49dd796a05	🚨 Modernize ansible-lint silence markup Fixes the following warning when running `ansible-lint`: WARNING Replaced outdated tag '503' with 'no-handler', replace it to avoid future regressions Link: https://ansible.readthedocs.io/projects/lint/rules/no-handler/	2025-02-19 21:40:23 +01:00
Stefan Haun	fd01c68746	Merge pull request 'chore(deps): update quay.io/hedgedoc/hedgedoc docker tag to v1.10.1' (#476 ) from renovate/quay.io-hedgedoc-hedgedoc-1.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#476	2025-02-10 19:18:46 +01:00
Renovate Bot	ec6a8b60ae	chore(deps): update quay.io/hedgedoc/hedgedoc docker tag to v1.10.1	2025-02-10 19:17:18 +01:00
Stefan Haun	dc729d3826	Merge pull request 'chore(deps): update jacobalberty/unifi docker tag to v9.0.114' (#478 ) from renovate/jacobalberty-unifi-9.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#478	2025-02-10 19:16:33 +01:00
Renovate Bot	e518a25dd4	chore(deps): update jacobalberty/unifi docker tag to v9.0.114	2025-02-10 19:16:15 +01:00
Stefan Haun	9da60fa37a	Merge pull request 'chore(deps): update codeberg.org/forgejo/forgejo docker tag to v10.0.1' (#480 ) from renovate/codeberg.org-forgejo-forgejo-10.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#480	2025-02-10 19:15:35 +01:00
Renovate Bot	7094eae031	chore(deps): update codeberg.org/forgejo/forgejo docker tag to v10.0.1	2025-02-08 14:18:55 +00:00
dkdent	d98a506c92	Merge pull request 'chore(deps): update grafana/grafana docker tag to v11.5.1' (#477 ) from renovate/grafana-grafana-11.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#477	2025-02-05 18:06:18 +01:00
Renovate Bot	80c32ea4c8	chore(deps): update grafana/grafana docker tag to v11.5.1	2025-02-05 18:06:01 +01:00
dkdent	57d44ada7d	Merge pull request 'chore(deps): update renovate/renovate docker tag to v39.161.0' (#467 ) from renovate/renovate-renovate-39.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#467	2025-02-05 18:03:21 +01:00
Renovate Bot	a3c14b1fb0	chore(deps): update renovate/renovate docker tag to v39.161.0	2025-02-05 09:18:51 +00:00
Stefan Haun	0963a11ceb	Merge pull request 'chore(deps): update grafana/grafana docker tag to v11.5.0' (#473 ) from renovate/grafana-grafana-11.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#473	2025-02-02 20:52:16 +01:00
Renovate Bot	be22683021	chore(deps): update grafana/grafana docker tag to v11.5.0	2025-02-02 20:51:46 +01:00
Stefan Haun	ab070b8da2	Merge pull request 'chore(deps): update shlinkio/shlink docker tag to v4.4.2' (#474 ) from renovate/shlinkio-shlink-4.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#474	2025-02-02 20:51:17 +01:00
Renovate Bot	f820443c46	chore(deps): update shlinkio/shlink docker tag to v4.4.2	2025-02-02 20:50:34 +01:00
Stefan Haun	6c58b37fee	Merge pull request 'chore(deps): update redmine docker tag to v6.0.3' (#475 ) from renovate/redmine-6.x into master Reviewed-on: Netz39_Admin/netz39-infra-ansible#475	2025-02-02 20:48:34 +01:00
Renovate Bot	c6b221d3fd	chore(deps): update redmine docker tag to v6.0.3	2025-01-30 00:18:45 +00:00