0Ry5/netz39-infra-ansible

Fork 0

forked from Netz39_Admin/netz39-infra-ansible

feat/add-posthorn-secrets #1

Merged

0Ry5 merged 149 commits from Netz39_Admin/netz39-infra-ansible:feat/add-posthorn-secrets into posthorn-integration

2025-05-02 16:50:25 +02:00

0Ry5 commented

2025-05-02 16:50:04 +02:00

Owner

No description provided.

0Ry5 added 149 commits

2025-05-02 16:50:05 +02:00

🚚 Migrate docker_host role to external project b22c86758e

We used a similar local role here, in the Freifunk Magdeburg project,
and in personal playbooks.  That was moved to an external project,
unified, and reworked, so the external role can act as replacement for
the distributed, redundant copies.

Link: https://github.com/netz39/ansible-role-host-docker

🔧 renovate: Remove docker_compose match e946fe37b4

The role matched by this was removed, and is handled through
requirements.yml now.  That should already be covered by renovate
without additional configuration.

🔧 Enable automatic docker image prune again cc41217ad8

The feature was part of the old role but unconditionally.  When porting
to external role we made it optional with variable
`docker_cron_image_prune` but default to false.  Restore the previous
behaviour in this playbook.

Merge pull request '🚚 Migrate docker_host role to external project' (#311 ) from alex/netz39-infra-ansible:host-docker into master 5de9b8be40

Reviewed-on: Netz39_Admin/netz39-infra-ansible#311
Reviewed-by: dkdent <dkdent@netz39.de>
Reviewed-by: Stefan Haun <tux@netz39.de>

Update renovate/renovate Docker tag to v39.180.2 5df5a155c8

Merge pull request 'Update renovate/renovate Docker tag to v39.180.2' (#479 ) from renovate/renovate-renovate-39.x into master c116035395

Reviewed-on: Netz39_Admin/netz39-infra-ansible#479

Update bitnami/rabbitmq Docker tag to v4.0.7 3239237bbc

Merge pull request 'Update bitnami/rabbitmq Docker tag to v4.0.7' (#488 ) from renovate/bitnami-rabbitmq-4.x into master 7b5317cd12

Reviewed-on: Netz39_Admin/netz39-infra-ansible#488

Update dependency netz39.host_docker to v0.4.0 7c3220ad2e

Merge pull request 'Update dependency netz39.host_docker to v0.4.0' (#489 ) from renovate/netz39.host_docker-0.x into master 8ee48afa7c

Reviewed-on: Netz39_Admin/netz39-infra-ansible#489

Update mrtux/grafana-screenshot Docker tag to v0.1.2 e4340c1aba

Merge pull request 'Update mrtux/grafana-screenshot Docker tag to v0.1.2' (#490 ) from renovate/mrtux-grafana-screenshot-0.x into master 7074d12bae

Reviewed-on: Netz39_Admin/netz39-infra-ansible#490

🐛 Use bash as shell in cron jobs to make process substitution work 58e27dec10

The cron jobs were executed, but dash (/bin/sh) complained, and so the
actual command was never run.  This is why our dyndns update did not
work through cron, but when executed manually in bash by an admin.

Example for such a fail when done manually in sh:

    # echo test3 > >(/usr/bin/logger -p user.debug -t dd24)
    /bin/sh: 7: Syntax error: redirection unexpected

Process substitution with `>(command)` is a feature supported by bash
and other shells, but not by POSIX shell which was supposed to used here
(set by `SHELL=…`).  Instead of building complicated redirect magic for
sh just switch to bash, which should be available on the hosts affected.

Link: https://www.shellcheck.net/wiki/SC3001
Fixes: 03dbd132eb ("🔊 Send DD24 cron errors to syslog")
Fixes: 38fbff30b5 ("feat: add role to manage dyndns entry on desec.io")

🔊 Redirect curl output to debug log 338dfc7410

curl only logs its own errors to stderr with the given options (--silent
--show-error).  Requests answered by the remote webserver, regardless of
HTTP status code, go to stdout.  So in case of an unsuccesful update
with some error condition we could not see that before.  Redirect those
to debug log, because it's still quite noisy otherwise.

This adds 288 log messages per day and service to the debug log,
accounting to max. 30k per day and service, and thus should not hurt.

desec log output is only the word "good" in case of success.

dd24 full output would be this, and is thus reduced to the relevant
lines merged in one line:

    [RESPONSE]
    code = 200
    description = Command completed successfully
    runtime = 0.067
    queuetime = 0
    EOF

Sample journald entry:

    Feb 27 12:48:15 pottwal dd24[519651]: code = 200,description = Command completed successfully

Merge pull request 'dyndns: Fix not executed cron jobs' (#492 ) from alex/netz39-infra-ansible:cron into master 7df49482c4

Reviewed-on: Netz39_Admin/netz39-infra-ansible#492
Reviewed-by: Stefan Haun <tux@netz39.de>

📝 mailmap: Merge some new identies 53fe6b4427

Prefer private mail address over company mail address.
Prefer netz39 mail address over private mail address.

Output of `git shortlog -es` diffed:

```diff
--- before      2025-02-26 12:29:28.323774025 +0100
+++ after       2025-02-26 12:30:29.355141593 +0100
@@ -1,11 +1,8 @@
     99 Alexander Dahl <alex@netz39.de>
    284 David Kilias <dkdent@netz39.de>
-     2 Jens Winter-Hübenthal <jens.winter-huebenthal@bridgefield.de>
-     1 JensWH <jens.winter@gmail.com>
-     1 MG-95 <mg-95@gitea.n39.eu>
+     3 Jens Winter-Hübenthal <jens.winter@gmail.com>
      4 Maximilian Deubel <maximilian.deubel@gmail.com>
-     5 Maximilian Grau <mg-95@t-online.de>
+     6 Maximilian Grau <mg-95@t-online.de>
    259 Renovate Bot <accounts+renovatebot@netz39.de>
    670 Stefan Haun <tux@netz39.de>
-     1 timo <n39@therr.de>
-     1 timo <timo@netz39.de>
+     2 timo <timo@netz39.de>
```

Merge pull request '📝 mailmap: Merge some new identies' (#487 ) from alex/netz39-infra-ansible:mailmap into master 17855e8849

Reviewed-on: Netz39_Admin/netz39-infra-ansible#487

Update kiosk Grafana URL to enable kiosk mode d065738f92

The kiosk setup mechanism seems to have changed in the past and now this parameter is needed in the Grafana URL.

Downgrade grafana-screenshot Docker image to v0.1.1 dc8e51322e

Merge pull request 'Update kiosk Grafana URL to re-enable kiosk mode' (#491 ) from grafana-kiosk-url into master db7a419ced

Reviewed-on: Netz39_Admin/netz39-infra-ansible#491

🚨 roles: nfs_host: Rename 7e5b723a3a

Roles names are expected to be lower case with underscores only,
see ansible-lint warning:

    % ansible-lint -t role-name
    WARNING  Listing 1 violation(s) that are fatal
    role-name: Role name nfs-host does not match ``^[a-z][a-z0-9_]*$`` pattern.
    roles/nfs-host:1

    Read documentation for instructions on how to ignore specific rule violations.

                 Rule Violation Summary
     count tag       profile rule associated tags
         1 role-name basic   deprecations, metadata

    Failed after min profile: 1 failure(s), 0 warning(s) on 135 files.

Fixes: 2138870520 ("nfs server wird nicht im k3s laufen, labeling entfernt")

🚨 roles: setup_http_site_forward: Rename 94bdf60700

Roles names should be lowercase with underscores only.
ansible-lint complained:

    % ansible-lint -t role-name
    WARNING  Listing 1 violation(s) that are fatal
    role-name: Role name setup-http-site-forward does not match ``^[a-z][a-z0-9_]*$`` pattern.
    roles/setup-http-site-forward:1

    Read documentation for instructions on how to ignore specific rule violations.

                 Rule Violation Summary
     count tag       profile rule associated tags
         1 role-name basic   deprecations, metadata

    Failed after min profile: 1 failure(s), 0 warning(s) on 135 files.

Fixes: 85c09ea2ae ("Add role for apache forward site")

Merge pull request 'Rename roles to comply with linter' (#495 ) from alex/netz39-infra-ansible:lint into master 266ba39473

Reviewed-on: Netz39_Admin/netz39-infra-ansible#495
Reviewed-by: dkdent <dkdent@netz39.de>

Update shlinkio/shlink Docker tag to v4.4.5 d96a2770cf

🚨 Fix linter warnings of type 'name[casing]' 8b2ab7753d

ansible-lint reads like this:

    name[casing]: All names should start with an uppercase letter.

While at it: Some task/handler names were slightly adapted to better
match what should be done.

🚨 Fix linter warning of type 'name[template]' e3d2e8a31b

This warning:

    name[template]: Jinja templates should only be at the end of 'name'
    setup-ssh.yml:6 Task/Handler: Ensure {{ lookup('env', 'HOME') }}/.ssh/config.d/ dir is present

Reason for that warning is thin.  Using the actual home dir here adds
not much value, so keep it symbolic.

Link: https://ansible.readthedocs.io/projects/lint/rules/name/

🚨 Add names to plays to fix name[play] linter warnings bc43af38d9

Adds basic descriptions on what those host are supposed to do.

Merge pull request 'Update shlinkio/shlink Docker tag to v4.4.5' (#496 ) from renovate/shlinkio-shlink-4.x into master 43d1c94d66

Reviewed-on: Netz39_Admin/netz39-infra-ansible#496

Update netz39/entities_validation_svc Docker tag to v1.0.4 bbfff8f481

Merge pull request 'Update netz39/entities_validation_svc Docker tag to v1.0.4' (#499 ) from renovate/netz39-entities_validation_svc-1.x into master 962948e76a

Reviewed-on: Netz39_Admin/netz39-infra-ansible#499

chore(deps): update mysql docker tag to v9 7553d64b80

Merge pull request 'Update mysql Docker tag to v9' (#395 ) from renovate/mysql-9.x into master cfa3175f24

Reviewed-on: Netz39_Admin/netz39-infra-ansible#395

Update postgres Docker tag to v16.8 761dd212a8

Merge pull request 'Update postgres Docker tag to v16.8' (#452 ) from renovate/postgres-16.x into master daf17468d3

Reviewed-on: Netz39_Admin/netz39-infra-ansible#452

Update mrtux/grafana-screenshot Docker tag to v0.1.3 eef2d8b4fb

Merge pull request 'Update mrtux/grafana-screenshot Docker tag to v0.1.3' (#493 ) from renovate/mrtux-grafana-screenshot-0.x into master 0d8e580338

Reviewed-on: Netz39_Admin/netz39-infra-ansible#493
Reviewed-by: Stefan Haun <tux@netz39.de>

Update dependency netz39.host_docker to v0.5.0 32bcc7e70b

Adjust variable docker_image_prune to change in netz39.host_docker 0.5.0 dc6943354f

Merge pull request 'Update dependency netz39.host_docker to v0.5.0' (#501 ) from renovate/netz39.host_docker-0.x into master 371f6b2907

Reviewed-on: Netz39_Admin/netz39-infra-ansible#501
Reviewed-by: Stefan Haun <tux@netz39.de>

Limit telegraf role to hosts with supporting arch 289ff674f9

Temporary fix for https://github.com/LeSpocky/ansible-role-telegraf-docker-in-docker/issues/17

Add wittgenstein to docker group fca9c9ea3b

Merge pull request 'Limit telegraf role to supported arch and unify docker host setup' (#502 ) from unify-docker-hosts into master 0f9060a2b1

Reviewed-on: Netz39_Admin/netz39-infra-ansible#502
Reviewed-by: Alexander Dahl <alex@netz39.de>

Merge pull request 'Fix linter warnings of type 'name'' (#497 ) from alex/netz39-infra-ansible:lint into master de7d285ee4

Reviewed-on: Netz39_Admin/netz39-infra-ansible#497
Reviewed-by: Stefan Haun <tux@netz39.de>

Update dependency lespocky.telegraf_docker_in_docker to v0.2.2 856253de98

Merge pull request 'Update dependency lespocky.telegraf_docker_in_docker to v0.2.2' (#503 ) from renovate/lespocky.telegraf_docker_in_docker-0.x into master b8e4746343

Reviewed-on: Netz39_Admin/netz39-infra-ansible#503
Reviewed-by: Alexander Dahl <alex@netz39.de>

Update eclipse-mosquitto Docker tag to v2.0.21 7915336812

Merge pull request 'Update eclipse-mosquitto Docker tag to v2.0.21' (#504 ) from renovate/eclipse-mosquitto-2.x into master f541f8f6fe

Reviewed-on: Netz39_Admin/netz39-infra-ansible#504

🚨 roles: users: Fix linter warnings of type 'fqcn' 2b0e31870d

fqcn[action-core]: Use FQCN for builtin module actions (shell).
    roles/users/handlers/main.yml:2 Use `ansible.builtin.shell` or `ansible.legacy.shell` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (package).
    roles/users/tasks/main.yml:2 Use `ansible.builtin.package` or `ansible.legacy.package` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (lineinfile).
    roles/users/tasks/main.yml:8 Use `ansible.builtin.lineinfile` or `ansible.legacy.lineinfile` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (user).
    roles/users/tasks/main.yml:16 Use `ansible.builtin.user` or `ansible.legacy.user` instead.

    fqcn[action]: Use FQCN for module actions, such `ansible.posix.authorized_key`.
    roles/users/tasks/main.yml:24 Action `authorized_key` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (user).
    roles/users/tasks/main.yml:34 Use `ansible.builtin.user` or `ansible.legacy.user` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (stat).
    roles/users/tasks/main.yml:42 Use `ansible.builtin.stat` or `ansible.legacy.stat` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (lineinfile).
    roles/users/tasks/main.yml:47 Use `ansible.builtin.lineinfile` or `ansible.legacy.lineinfile` instead.

🚨 roles: setup_http_site_proxy: Fix fqcn linter warnings cb50012dd3

fqcn[action-core]: Use FQCN for builtin module actions (service).
    roles/setup_http_site_proxy/handlers/main.yml:2 Use `ansible.builtin.service` or `ansible.legacy.service` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (template).
    roles/setup_http_site_proxy/tasks/main.yml:2 Use `ansible.builtin.template` or `ansible.legacy.template` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (command).
    roles/setup_http_site_proxy/tasks/main.yml:9 Use `ansible.builtin.command` or `ansible.legacy.command` instead.

🚨 roles: setup_http_site_forward: Fix fqcn linter warnings eeb87d2108

fqcn[action-core]: Use FQCN for builtin module actions (service).
    roles/setup_http_site_forward/handlers/main.yml:2 Use `ansible.builtin.service` or `ansible.legacy.service` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (template).
    roles/setup_http_site_forward/tasks/main.yml:2 Use `ansible.builtin.template` or `ansible.legacy.template` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (command).
    roles/setup_http_site_forward/tasks/main.yml:8 Use `ansible.builtin.command` or `ansible.legacy.command` instead.

🚨 roles: nginx_https_ingress: Fix fqcn linter warnings 11e98a4d8e

fqcn[action-core]: Use FQCN for builtin module actions (service).
    roles/nginx_https_ingress/handlers/main.yml:3 Use `ansible.builtin.service` or `ansible.legacy.service` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (apt_key).
    roles/nginx_https_ingress/tasks/main.yml:20 Use `ansible.builtin.apt_key` or `ansible.legacy.apt_key` instead.

🚨 roles: cleanuri: Fix fqcn linter warnings 8b54b36392

fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    roles/cleanuri/tasks/main.yml:3 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    roles/cleanuri/tasks/main.yml:17 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    roles/cleanuri/tasks/main.yml:25 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    roles/cleanuri/tasks/main.yml:44 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    roles/cleanuri/tasks/main.yml:61 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    roles/cleanuri/tasks/main.yml:78 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

🚨 roles: apache: Fix fqcn linter warnings bec6fc20b7

fqcn[action-core]: Use FQCN for builtin module actions (service).
    roles/apache/handlers/main.yml:3 Use `ansible.builtin.service` or `ansible.legacy.service` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (apt).
    roles/apache/tasks/main.yml:2 Use `ansible.builtin.apt` or `ansible.legacy.apt` instead.

    fqcn[action]: Use FQCN for module actions, such `community.general.apache2_module`.
    roles/apache/tasks/main.yml:8 Action `apache2_module` is not FQCN.

🚨 roles: Fix remaining fqcn linter warnings 23bc6d7b69

fqcn[action-core]: Use FQCN for builtin module actions (service).
    roles/apache_letsencrypt/handlers/main.yml:3 Use `ansible.builtin.service` or `ansible.legacy.service` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (apt).
    roles/dd24_dyndns_cron/tasks/main.yml:2 Use `ansible.builtin.apt` or `ansible.legacy.apt` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (apt).
    roles/desec_dyndns_cron/tasks/main.yml:2 Use `ansible.builtin.apt` or `ansible.legacy.apt` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (command).
    roles/nfs_host/handlers/main.yml:2 Use `ansible.builtin.command` or `ansible.legacy.command` instead.

🚨 host: wittgenstein: Fix fqcn linter warnings e61a68de53

fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-wittgenstein.yml:132 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-wittgenstein.yml:151 Action `docker_container` is not FQCN.

🚨 host: unicorn: Fix fqcn linter warning 5d1ca7ef9f

fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-unicorn.yml:14 Action `docker_container` is not FQCN.

🚨 host: tau: Fix fqcn linter warnings 95706d0ad4

fqcn[action]: Use FQCN for module actions, such `community.docker.docker_network`.
    host-tau.yml:28 Action `docker_network` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-tau.yml:37 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-tau.yml:54 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-tau.yml:61 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-tau.yml:78 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (file).
    host-tau.yml:94 Use `ansible.builtin.file` or `ansible.legacy.file` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-tau.yml:101 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-tau.yml:120 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-tau.yml:149 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-tau.yml:168 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-tau.yml:178 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-tau.yml:193 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

🚨 host: radon: Fix fqcn linter warnings 9eedf004a5

fqcn[action-core]: Use FQCN for builtin module actions (file).
    host-radon.yml:40 Use `ansible.builtin.file` or `ansible.legacy.file` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (template).
    host-radon.yml:52 Use `ansible.builtin.template` or `ansible.legacy.template` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-radon.yml:61 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-radon.yml:91 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-radon.yml:111 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-radon.yml:132 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-radon.yml:153 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-radon.yml:162 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-radon.yml:180 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-radon.yml:188 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-radon.yml:204 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-radon.yml:213 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-radon.yml:230 Action `docker_container` is not FQCN.

🚨 host: pottwal: Fix fqcn linter warnings d145039dbe

fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:57 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-pottwal.yml:83 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:91 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_network`.
    host-pottwal.yml:104 Action `docker_network` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:120 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:140 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-pottwal.yml:169 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:237 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:259 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-pottwal.yml:278 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (file).
    host-pottwal.yml:301 Use `ansible.builtin.file` or `ansible.legacy.file` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_network`.
    host-pottwal.yml:314 Action `docker_network` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:322 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:342 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-pottwal.yml:374 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (file).
    host-pottwal.yml:383 Use `ansible.builtin.file` or `ansible.legacy.file` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:393 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-pottwal.yml:413 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_network`.
    host-pottwal.yml:438 Action `docker_network` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:446 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:466 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-pottwal.yml:492 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (file).
    host-pottwal.yml:501 Use `ansible.builtin.file` or `ansible.legacy.file` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:511 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-pottwal.yml:528 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (file).
    host-pottwal.yml:537 Use `ansible.builtin.file` or `ansible.legacy.file` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:554 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-pottwal.yml:575 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (file).
    host-pottwal.yml:585 Use `ansible.builtin.file` or `ansible.legacy.file` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-pottwal.yml:599 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-pottwal.yml:619 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (template).
    host-pottwal.yml:629 Use `ansible.builtin.template` or `ansible.legacy.template` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (service).
    host-pottwal.yml:657 Use `ansible.builtin.service` or `ansible.legacy.service` instead.

🚨 host: platon: Fix fqcn linter warnings fcd3b9c87b

fqcn[action-core]: Use FQCN for builtin module actions (service).
    host-platon.yml:308 Use `ansible.builtin.service` or `ansible.legacy.service` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (service).
    host-platon.yml:314 Use `ansible.builtin.service` or `ansible.legacy.service` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (service).
    host-platon.yml:320 Use `ansible.builtin.service` or `ansible.legacy.service` instead.

🚨 host: krypton: Fix fqcn linter warnings 2b9b1d1c39

fqcn[action-core]: Use FQCN for builtin module actions (file).
    host-krypton.yml:41 Use `ansible.builtin.file` or `ansible.legacy.file` instead.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-krypton.yml:52 Action `docker_container` is not FQCN.

    fqcn[action]: Use FQCN for module actions, such `community.docker.docker_container`.
    host-krypton.yml:117 Action `docker_container` is not FQCN.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    host-krypton.yml:130 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

🚨 group: all: Fix fqcn linter warnings 6f1e80493a

WARNING  Listing 3 violation(s) that are fatal
    fqcn[action-core]: Use FQCN for builtin module actions (apt).
    group-all.yml:16 Use `ansible.builtin.apt` or `ansible.legacy.apt` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (apt).
    group-all.yml:23 Use `ansible.builtin.apt` or `ansible.legacy.apt` instead.

    fqcn[action-core]: Use FQCN for builtin module actions (include_role).
    group-all.yml:28 Use `ansible.builtin.include_role` or `ansible.legacy.include_role` instead.

    Read documentation for instructions on how to ignore specific rule violations.

                     Rule Violation Summary
     count tag               profile    rule associated tags
         3 fqcn[action-core] production formatting

    Failed after shared profile, 4/5 star rating: 3 failure(s), 0 warning(s) on 135 files.

chore(deps): update redmine docker tag to v6.0.4 d1dbda444d

Merge pull request 'chore(deps): update redmine docker tag to v6.0.4' (#506 ) from renovate/redmine-6.x into master 585e8eb2b2

Reviewed-on: Netz39_Admin/netz39-infra-ansible#506

Add comment to clarify Renovate configuration source 031fe9c06e

Limit renovate/renovate updates to Friday before 1am b9416d0096

This effectively reduces the renovate update PRs to (mostly) once per week.

Allow automerge for renovate/renovate 5a591c4145

Merge pull request 'renovate/renovate: Update once a week and allow automerge' (#500 ) from renovate-config into master 865b3c5495

Reviewed-on: Netz39_Admin/netz39-infra-ansible#500

chore(deps): update renovate/renovate docker tag to v39.198.1 e5d1c2ac88

Merge pull request 'chore(deps): update renovate/renovate docker tag to v39.198.1' (#494 ) from renovate/renovate-renovate-39.x into master 4c0c84b6a6

Reviewed-on: Netz39_Admin/netz39-infra-ansible#494

Merge pull request '🚨 Fix linter warnings of type 'fqcn'' (#505 ) from alex/netz39-infra-ansible:lint into master e1b9349f19

Reviewed-on: Netz39_Admin/netz39-infra-ansible#505
Reviewed-by: Stefan Haun <tux@netz39.de>

⬆️ requirements: Migrate unattended-upgrades 28d80515b2

The role was moved into a collection.

Link: https://github.com/hifis-net/ansible-collection-toolkit#looking-for-the-unattended_upgrades-role
Link: https://github.com/hifis-net/ansible-collection-toolkit/releases/tag/v4.0.0
Link: https://github.com/hifis-net/ansible-collection-toolkit/issues/165

✏️ host: tau: Fix misleading task name 7eebfd5d61

Task here is to check the auth dir, not the data dir, that's a different
one.  Rename the used variable while at it.

Fixes: f539a42024 ("Add a docker registry")

Merge pull request '✏️ host: tau: Fix misleading task name' (#510 ) from docker-registry into master 40ae8191f2

Reviewed-on: Netz39_Admin/netz39-infra-ansible#510
Reviewed-by: Stefan Haun <tux@netz39.de>

Update renovate/renovate Docker tag to v39.206.0 b05df7aa1d

Merge pull request 'Update renovate/renovate Docker tag to v39.206.0' (#509 ) from renovate/renovate-renovate-39.x into master c01f6b263e

Reviewed-on: Netz39_Admin/netz39-infra-ansible#509

✏️ host: pottwal: Fix misleading task name 725fa1d074

Looks like a copy'n'paste mistake.  Improve the other task name while at
it.

Fixes: 88e14f7ca6 ("👌 pottwal: Move prosody config to /etc")

Merge pull request '✏️ host: pottwal: Fix misleading task name' (#512 ) from alex/netz39-infra-ansible:pottwal into master 09359799b8

Reviewed-on: Netz39_Admin/netz39-infra-ansible#512
Reviewed-by: Stefan Haun <tux@netz39.de>

Update shlinkio/shlink Docker tag to v4.4.6 cdc1d52a38

Merge pull request 'Update shlinkio/shlink Docker tag to v4.4.6' (#513 ) from renovate/shlinkio-shlink-4.x into master 392d1970f7

Reviewed-on: Netz39_Admin/netz39-infra-ansible#513

Update codeberg.org/forgejo/forgejo Docker tag to v10.0.2 1135385fe6

Merge pull request 'Update codeberg.org/forgejo/forgejo Docker tag to v10.0.2' (#515 ) from renovate/codeberg.org-forgejo-forgejo-10.x into master 1b2cb40096

Reviewed-on: Netz39_Admin/netz39-infra-ansible#515

Update renovate/renovate Docker tag to v39.211.0 5a41489246

Merge pull request 'Update renovate/renovate Docker tag to v39.211.0' (#514 ) from renovate/renovate-renovate-39.x into master 470cd03c57

Reviewed-on: Netz39_Admin/netz39-infra-ansible#514

Update codeberg.org/forgejo/forgejo Docker tag to v10.0.3 4c467865e7

Merge pull request 'Update codeberg.org/forgejo/forgejo Docker tag to v10.0.3' (#517 ) from renovate/codeberg.org-forgejo-forgejo-10.x into master 21125a3784

Reviewed-on: Netz39_Admin/netz39-infra-ansible#517

Update dependency 24367dfa.dehydrated to v2.1.0 b1b480f415

Merge pull request 'Update dependency 24367dfa.dehydrated to v2.1.0' (#518 ) from renovate/24367dfa.dehydrated-2.x into master db49b5c862

Reviewed-on: Netz39_Admin/netz39-infra-ansible#518

Update netz39/ampel-controller Docker tag to v0.2.0 94757d9785

Merge pull request 'Update netz39/ampel-controller Docker tag to v0.2.0' (#519 ) from renovate/netz39-ampel-controller-0.x into master fd039c143f

Reviewed-on: Netz39_Admin/netz39-infra-ansible#519

Update grafana/grafana Docker tag to v11.6.0 82523e8bcd

Merge pull request 'Update grafana/grafana Docker tag to v11.6.0' (#520 ) from renovate/grafana-grafana-11.x into master 581b5d276c

Reviewed-on: Netz39_Admin/netz39-infra-ansible#520

⬆️ Bumn mrtux/cleanuri-webui to 0.2.2 640596f73d

⬆️ Bump cleanURI-apigateway to 0.3.2 edc9be4d51

⬆️ Bump cleanURI-canonizer to 0.5.2 390d5015cb

⬆️ Bump cleanURI-extractor to 0.5.2 c564dd5df7

Merge pull request '⬆️ Update cleanURI components' (#511 ) from bump-cleanrui-webui into master 8ec4dd5ae2

Reviewed-on: Netz39_Admin/netz39-infra-ansible#511
Reviewed-by: Alexander Dahl <alex@netz39.de>

Merge pull request '⬆️ requirements: Migrate unattended-upgrades' (#507 ) from alex/netz39-infra-ansible:unattended-upgrades into master f799bef69a

Reviewed-on: Netz39_Admin/netz39-infra-ansible#507
Reviewed-by: Stefan Haun <tux@netz39.de>

⬆️ Bump cleanuri-canonizer to 0.5.3 cd7109cac9

⬆️ Bump cleanuri-extractor to 0.5.3 318c646515

Merge pull request '⬆️ Update cleanURI to fix extractor issues' (#521 ) from cleanURI-updates into master 919f973164

Reviewed-on: Netz39_Admin/netz39-infra-ansible#521

roles: apache_letsencrypt: Rename variable for challenge dir 7e4177451e

The previous variable name is the same as in the role
24367dfa.dehydrated but had a different meaning here.  While in the
dehydrated role it means the directory where the working copy of the
dehydrated git repo is cloned to, in here it meant the directory for the
challenges which is known as "wellknown" dir in the dehydrated project
and role.  Setting this variable before using both roles would most
certainly lead to unexpected results?!

The whole playbook does not set `dehydrated_location` so it goes with
its defaults in both roles currently, probably.

Consistent with the role setup_http_site_proxy now, which configures the
path in the reverse proxy, while this configures the same path in the
actual webserver behind the proxy.

Running the playbooks using both roles yields no change in target
configuration after this changeset.

Link: https://github.com/24367dfa/ansible-role-dehydrated/blob/main/defaults/main.yml
Fixes: 1fe6526898 ("✨ Add a role to allow letsencrypt access in Apache2")

Update renovate/renovate Docker tag to v39.220.1 801cd60f4d

Merge pull request 'Update renovate/renovate Docker tag to v39.219.2' (#522 ) from renovate/renovate-renovate-39.x into master 2075a8dfc9

Merge pull request 'roles: apache_letsencrypt: Rename variable for challenge dir' (#523 ) from alex/netz39-infra-ansible:role-vars into master 08fd0156e4

Reviewed-on: Netz39_Admin/netz39-infra-ansible#523
Reviewed-by: Stefan Haun <tux@netz39.de>

Update dependency 24367dfa.dehydrated to v2.2.0 91eea8caba

Merge pull request 'Update dependency 24367dfa.dehydrated to v2.2.0' (#525 ) from renovate/24367dfa.dehydrated-2.x into master e083f68c0d

Reviewed-on: Netz39_Admin/netz39-infra-ansible#525

Update bitnami/rabbitmq Docker tag to v4.0.8 2370e130b3

Merge pull request 'Update bitnami/rabbitmq Docker tag to v4.0.8' (#526 ) from renovate/bitnami-rabbitmq-4.x into master 7fe551a83e

Reviewed-on: Netz39_Admin/netz39-infra-ansible#526

Add a comment on our deploy-hook mechanism for dehydrated fcfc19e796

Merge pull request 'Add a comment on our deploy-hook mechanism for dehydrated' (#529 ) from dehydrated-deploy-hook-comment into master 275ad619b9

Reviewed-on: Netz39_Admin/netz39-infra-ansible#529
Reviewed-by: Alexander Dahl <alex@netz39.de>

Update renovate/renovate Docker tag to v39.233.3 bc595b0dfe

Merge pull request 'Update renovate/renovate Docker tag to v39.233.0' (#528 ) from renovate/renovate-renovate-39.x into master 2afbf65c35

Update registry Docker tag to v3 ceda943ee6

Update quay.io/hedgedoc/hedgedoc Docker tag to v1.10.3 191ba6453c

Merge pull request 'Update quay.io/hedgedoc/hedgedoc Docker tag to v1.10.3' (#530 ) from renovate/quay.io-hedgedoc-hedgedoc-1.x into master 908992ac34

Reviewed-on: Netz39_Admin/netz39-infra-ansible#530

Update renovate/renovate Docker tag to v39.240.1 7c5a05d50c

Merge pull request 'Update renovate/renovate Docker tag to v39.238.1' (#531 ) from renovate/renovate-renovate-39.x into master 8ce71c0fc5

🚨 Use empty lists for empty playbook sections d642846a83

Mitigates ansible-lint warnings of type 'schema':

% ansible-lint -t schema
WARNING Listing 4 violation(s) that are fatal
schema[playbook]: None is not of type 'array'
host-beaker.yml:1 Returned errors will not include exact line numbers, but they will mention
the schema name being used as a tag, like ``schema[playbook]``,
``schema[tasks]``.

This rule is not skippable and stops further processing of the file.

If incorrect schema was picked, you might want to either:

* move the file to standard location, so its file is detected correctly.
* use ``kinds:`` option in linter config to help it pick correct file type.

schema[playbook]: None is not of type 'array'
host-hobbes.yml:1 Returned errors will not include exact line numbers, but they will mention
the schema name being used as a tag, like ``schema[playbook]``,
``schema[tasks]``.

This rule is not skippable and stops further processing of the file.

If incorrect schema was picked, you might want to either:

* move the file to standard location, so its file is detected correctly.
* use ``kinds:`` option in linter config to help it pick correct file type.

schema[playbook]: None is not of type 'array'
host-oganesson.yml:1 Returned errors will not include exact line numbers, but they will mention
the schema name being used as a tag, like ``schema[playbook]``,
``schema[tasks]``.

This rule is not skippable and stops further processing of the file.

If incorrect schema was picked, you might want to either:

* move the file to standard location, so its file is detected correctly.
* use ``kinds:`` option in linter config to help it pick correct file type.

schema[playbook]: None is not of type 'array'
host-unicorn.yml:1 Returned errors will not include exact line numbers, but they will mention
the schema name being used as a tag, like ``schema[playbook]``,
``schema[tasks]``.

This rule is not skippable and stops further processing of the file.

If incorrect schema was picked, you might want to either:

* move the file to standard location, so its file is detected correctly.
* use ``kinds:`` option in linter config to help it pick correct file type.

Read documentation for instructions on how to ignore specific rule violations.

Rule Violation Summary
count tag profile rule associated tags
4 schema[playbook] basic core

Failed after min profile: 4 failure(s), 0 warning(s) on 137 files.

Link: Netz39_Admin/netz39-infra-ansible#516

Merge pull request '🚨 Remove empty playbook sections' (#516 ) from alex/netz39-infra-ansible:lint into master db1b195c60

Reviewed-on: Netz39_Admin/netz39-infra-ansible#516
Reviewed-by: Stefan Haun <tux@netz39.de>

Update bitnami/rabbitmq Docker tag to v4.0.9 ed84013953

Update postgres Docker tag to v17 f45d133145

Merge pull request 'Update bitnami/rabbitmq Docker tag to v4.0.9' (#533 ) from renovate/bitnami-rabbitmq-4.x into master 380997e7a3

Reviewed-on: Netz39_Admin/netz39-infra-ansible#533

Update mysql Docker tag to v9.3 adee76d82c

Merge pull request 'Update mysql Docker tag to v9.3' (#534 ) from renovate/mysql-9.x into master d6b646de9b

Reviewed-on: Netz39_Admin/netz39-infra-ansible#534

Update redmine Docker tag to v6.0.5 3914b6c5d5

Update bitnami/rabbitmq Docker tag to v4.1.0 2b28a7dd5a

Update grafana/grafana Docker tag to v11.6.1 26049fcc46

Update jacobalberty/unifi Docker tag to v9.1.120 c0efbf3da8

Update dependency 24367dfa.dehydrated to v2.3.0 d45e71143e

Update renovate/renovate Docker tag to v39.263.0 7395783d34

Merge pull request 'Update renovate/renovate Docker tag to v39.250.3' (#536 ) from renovate/renovate-renovate-39.x into master 4fdda8703f

Merge pull request 'Update jacobalberty/unifi Docker tag to v9.1.120' (#541 ) from renovate/jacobalberty-unifi-9.x into master bcd468cbc8

Reviewed-on: Netz39_Admin/netz39-infra-ansible#541

Merge pull request 'Update grafana/grafana Docker tag to v11.6.1' (#539 ) from renovate/grafana-grafana-11.x into master 181820587f

Reviewed-on: Netz39_Admin/netz39-infra-ansible#539

Merge pull request 'Update redmine Docker tag to v6.0.5' (#537 ) from renovate/redmine-6.x into master b70f2d06e0

Reviewed-on: Netz39_Admin/netz39-infra-ansible#537

Merge pull request 'Update dependency 24367dfa.dehydrated to v2.3.0' (#542 ) from renovate/24367dfa.dehydrated-2.x into master 6d4927dc85

Reviewed-on: Netz39_Admin/netz39-infra-ansible#542
Reviewed-by: Alexander Dahl <alex@netz39.de>

Merge pull request 'Update registry Docker tag to v3' (#527 ) from renovate/registry-3.x into master 4a95705602

Reviewed-on: Netz39_Admin/netz39-infra-ansible#527
Reviewed-by: Alexander Dahl <alex@netz39.de>

Update codeberg.org/forgejo/forgejo Docker tag to v11 26ca022bbe

Merge pull request 'Update codeberg.org/forgejo/forgejo Docker tag to v11' (#546 ) from renovate/codeberg.org-forgejo-forgejo-11.x into master 0bf5326cef

Reviewed-on: Netz39_Admin/netz39-infra-ansible#546

Update config yaml format in default callback plugin f9c5b2593d

```
[DEPRECATION WARNING]: community.general.yaml has been deprecated. The plugin
has been superseded by the the option `result_format=yaml` in callback plugin
ansible.builtin.default from ansible-core 2.13 onwards. This feature will be
removed from community.general in version 13.0.0. Deprecation warnings can be
disabled by setting deprecation_warnings=False in ansible.cfg
```

Merge pull request 'Update config yaml format in default callback plugin' (#532 ) from result-format-yaml into master b684463827

Reviewed-on: Netz39_Admin/netz39-infra-ansible#532
Reviewed-by: Alexander Dahl <alex@netz39.de>

Merge pull request 'Update bitnami/rabbitmq Docker tag to v4.1.0' (#538 ) from renovate/bitnami-rabbitmq-4.x into master 4382362da0

Reviewed-on: Netz39_Admin/netz39-infra-ansible#538

⬆️ Bump nodered/node-red to 3.1.15-18 bd1a369b5e

Merge pull request '⬆️ Bump nodered/node-red to 3.1.15-18' (#547 ) from nodered-3.1.15-18 into master c4cc6819b6

Reviewed-on: Netz39_Admin/netz39-infra-ansible#547

Update nodered/node-red Docker tag to v4 41fce94db4

Merge pull request 'Update nodered/node-red Docker tag to v4' (#548 ) from renovate/nodered-node-red-4.x into master 458eab5714

Reviewed-on: Netz39_Admin/netz39-infra-ansible#548

Merge pull request 'Update postgres Docker tag to v17' (#426 ) from renovate/postgres-17.x into master acecd11bc7

Reviewed-on: Netz39_Admin/netz39-infra-ansible#426

feat: add posthorn secrets to pottwal vault bae723b07c

feat: add matrx secrets to pottwal vault 2fb41ce537

0Ry5 merged commit 0c4e0f7b50 into posthorn-integration

2025-05-02 16:50:25 +02:00

0Ry5 referenced this pull request from a commit

2025-05-02 16:50:26 +02:00

Merge pull request 'feat/add-posthorn-secrets' (#1) from Netz39_Admin/netz39-infra-ansible:feat/add-posthorn-secrets into posthorn-integration

No reviewers

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: 0Ry5/netz39-infra-ansible#1

No description provided.

Rows
Columns