Infrastructure issues
https://git.histalek.de/histalek-de/infrastructure/-/issues
2024-02-19T10:42:15Z
https://git.histalek.de/histalek-de/infrastructure/-/issues/22
Explore using Ansible's Role argument validation feature
2024-02-19T10:42:15Z
histalek
Explore using Ansible's Role argument validation feature
Ref.: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html#role-argument-validation
Ref.: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html#role-argument-validation
histalek
histalek
https://git.histalek.de/histalek-de/infrastructure/-/issues/19
Dependency Dashboard
2024-03-28T11:04:56Z
Tortoise caretaker
Dependency Dashboard
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Pending Approval
These branches will be created by Renovate only ...
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Pending Approval
These branches will be created by Renovate only once you click their checkbox below.
- [ ] <!-- approve-branch=renovate/invoiceninja-mariadb-11.x -->chore(deps): update invoiceninja-mariadb docker tag to v11
- [ ] <!-- approve-branch=renovate/vikunja-postgres-16.x -->chore(deps): update vikunja-postgres docker tag to v16
- [ ] <!-- approve-branch=renovate/wikijs-postgres-16.x -->chore(deps): update wikijs-postgres docker tag to v16
- [ ] <!-- approve-all-pending-prs -->🔐 **Create all pending approval MRs at once** 🔐
## Open
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
- [ ] <!-- rebase-branch=renovate/keycloak-postgres-16.x -->[chore(deps): update keycloak-postgres docker tag to v16](!1917)
## Detected dependencies
<details><summary>ansible-galaxy</summary>
<blockquote>
<details><summary>.ansible/requirements.yml</summary>
- `ansible.posix 1.5.4`
- `community.general 8.5.0`
- `containers.podman 1.12.0`
- `devsec.hardening 9.0.1`
- `fedora.linux_system_roles 1.75.3`
</details>
</blockquote>
</details>
<details><summary>gitlabci</summary>
<blockquote>
<details><summary>.gitlab-ci.yml</summary>
- `ghcr.io/orhun/git-cliff/git-cliff 2.1.2`
- `registry.gitlab.com/gitlab-org/release-cli v0.16.0`
</details>
</blockquote>
</details>
<details><summary>regex</summary>
<blockquote>
<details><summary>roles/gitlabrunner/defaults/main.yml</summary>
- `GitLab-Runner v16.10.0@sha256:38a8c56774c909978aa38bf5f3d4312bbd7f723fb9a21f428138cee28adedea1`
</details>
<details><summary>roles/lvm_backup/defaults/main.yml</summary>
- `backup-duplicity 1.2.3@sha256:65e194d1ea08b00e3a827459bffec19c8449510b2c3b411ecfaa21d3dadcf7c2`
</details>
<details><summary>roles/caddy/defaults/main.yml</summary>
- `caddy 2.7.6-alpine`
</details>
<details><summary>roles/camo/defaults/main.yml</summary>
- `camo v2.4.10`
</details>
<details><summary>roles/cinny/defaults/main.yml</summary>
- `cinny v3.2.0`
</details>
<details><summary>roles/conduit/defaults/main.yml</summary>
- `conduit 0.6.0`
</details>
<details><summary>roles/gatus/defaults/main.yml</summary>
- `gatus v5.8.0`
</details>
<details><summary>roles/gitlab/defaults/main.yml</summary>
- `gitlab 16.10.1-ce.0`
</details>
<details><summary>roles/grafana_agent/defaults/main.yml</summary>
- `grafana-agent v0.40.3`
</details>
<details><summary>roles/invoiceninja/defaults/main.yml</summary>
- `invoiceninja 5.8.38`
- `invoiceninja-nginx 1.25.4-alpine`
- `invoiceninja-mariadb 10.11.7`
</details>
<details><summary>roles/keycloak/defaults/main.yml</summary>
- `keycloak 24.0.2`
- `keycloak-postgres 14.11-alpine`
</details>
<details><summary>roles/libreddit/defaults/main.yml</summary>
</details>
<details><summary>roles/lvm_backup/defaults/main.yml</summary>
- `backup-duplicity 1.2.3`
</details>
<details><summary>roles/monitoring/defaults/main.yml</summary>
- `monitoring-grafana 10.4.1`
- `monitoring-loki 2.9.6`
- `monitoring-prometheus v2.51.1`
- `monitoring-image_renderer 3.10.1`
</details>
<details><summary>roles/ntfy/defaults/main.yml</summary>
- `ntfy v2.10.0`
</details>
<details><summary>roles/teamspeak/defaults/main.yml</summary>
- `teamspeak 3.13.7`
</details>
<details><summary>roles/uptime_kuma/defaults/main.yml</summary>
- `uptime-kuma 1.23.11-alpine`
</details>
<details><summary>roles/vikunja/defaults/main.yml</summary>
- `vikunja 0.23.0`
- `vikunja-postgres 14.11-alpine`
- `vikunja-redis 7.2.4-alpine`
</details>
<details><summary>roles/wikijs/defaults/main.yml</summary>
- `wikijs 2.5.301`
- `wikijs-postgres 15.6-alpine`
</details>
<details><summary>roles/gitlabrunner/defaults/main.yml</summary>
- `GitLab-Runner v16.10.0@sha256:38a8c56774c909978aa38bf5f3d4312bbd7f723fb9a21f428138cee28adedea1`
</details>
<details><summary>roles/lvm_backup/defaults/main.yml</summary>
- `backup-duplicity 1.2.3@sha256:65e194d1ea08b00e3a827459bffec19c8449510b2c3b411ecfaa21d3dadcf7c2`
</details>
<details><summary>roles/caddy/defaults/main.yml</summary>
- `caddy 2.7.6-alpine`
</details>
<details><summary>roles/camo/defaults/main.yml</summary>
- `camo v2.4.10`
</details>
<details><summary>roles/cinny/defaults/main.yml</summary>
- `cinny v3.2.0`
</details>
<details><summary>roles/conduit/defaults/main.yml</summary>
- `conduit 0.6.0`
</details>
<details><summary>roles/gatus/defaults/main.yml</summary>
- `gatus v5.8.0`
</details>
<details><summary>roles/gitlab/defaults/main.yml</summary>
- `gitlab 16.10.1-ce.0`
</details>
<details><summary>roles/grafana_agent/defaults/main.yml</summary>
- `grafana-agent v0.40.3`
</details>
<details><summary>roles/invoiceninja/defaults/main.yml</summary>
- `invoiceninja 5.8.38`
- `invoiceninja-nginx 1.25.4-alpine`
- `invoiceninja-mariadb 10.11.7`
</details>
<details><summary>roles/keycloak/defaults/main.yml</summary>
- `keycloak 24.0.2`
- `keycloak-postgres 14.11-alpine`
</details>
<details><summary>roles/libreddit/defaults/main.yml</summary>
</details>
<details><summary>roles/lvm_backup/defaults/main.yml</summary>
- `backup-duplicity 1.2.3`
</details>
<details><summary>roles/monitoring/defaults/main.yml</summary>
- `monitoring-grafana 10.4.1`
- `monitoring-loki 2.9.6`
- `monitoring-prometheus v2.51.1`
- `monitoring-image_renderer 3.10.1`
</details>
<details><summary>roles/ntfy/defaults/main.yml</summary>
- `ntfy v2.10.0`
</details>
<details><summary>roles/teamspeak/defaults/main.yml</summary>
- `teamspeak 3.13.7`
</details>
<details><summary>roles/uptime_kuma/defaults/main.yml</summary>
- `uptime-kuma 1.23.11-alpine`
</details>
<details><summary>roles/vikunja/defaults/main.yml</summary>
- `vikunja 0.23.0`
- `vikunja-postgres 14.11-alpine`
- `vikunja-redis 7.2.4-alpine`
</details>
<details><summary>roles/wikijs/defaults/main.yml</summary>
- `wikijs 2.5.301`
- `wikijs-postgres 15.6-alpine`
</details>
</blockquote>
</details>
https://git.histalek.de/histalek-de/infrastructure/-/issues/16
Monitoring: Add s3 storage configuration to loki and prometheus
2023-01-07T20:04:08Z
histalek
Monitoring: Add s3 storage configuration to loki and prometheus
histalek
histalek
https://git.histalek.de/histalek-de/infrastructure/-/issues/3
Define and enable healthchecks for containers
2022-06-10T06:31:35Z
histalek
Define and enable healthchecks for containers
Healthchecks could help with the following:
- more fine grained monitoring of services
- better lifecycle management and 'autohealing'
- depending on sdnotify integration/support; more robust startup dependencies (e.g. database containers)
Healthchecks could help with the following:
- more fine grained monitoring of services
- better lifecycle management and 'autohealing'
- depending on sdnotify integration/support; more robust startup dependencies (e.g. database containers)
histalek
histalek
https://git.histalek.de/histalek-de/infrastructure/-/issues/2
Define custom seccomp filters for container services
2023-03-04T07:01:49Z
histalek
Define custom seccomp filters for container services
This would decrease the attack surface for rogue container processes.
Instead of manually checking for needed syscalls, the [OCI seccomp runtime hook](https://github.com/containers/oci-seccomp-bpf-hook) could be used to create a list of...
This would decrease the attack surface for rogue container processes.
Instead of manually checking for needed syscalls, the [OCI seccomp runtime hook](https://github.com/containers/oci-seccomp-bpf-hook) could be used to create a list of these syscalls.
The hook uses [eBPF](https://ebpf.io/what-is-ebpf) which needs root privileges. So for rootless containers these would need to be created beforehand in a rootfull way.
Ref.: [RH-Article "Improving Linux container security with seccomp](https://www.redhat.com/sysadmin/container-security-seccomp)
histalek
histalek