chore(deps): update snipe/snipe-it docker tag to v7.1.15

chore(deps): update quay.io/thanos/thanos docker tag to v0.37.0
chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2024.11.27
2024-11-28 20:52:14 +00:00 · 2024-11-28 20:52:03 +00:00 · 2024-11-27 06:02:03 +00:00 · 2024-11-26 13:29:00 -08:00 · 2024-11-26 13:22:47 -08:00 · 2024-11-26 15:02:06 +00:00
9 changed files with 49 additions and 9 deletions
--- a/.forgejo/workflows/build-synapse.yaml
+++ b/.forgejo/workflows/build-synapse.yaml
@ -19,3 +19,16 @@ jobs:
          tags: git.janky.solutions/jankysolutions/infra/synapse:latest
          platforms: linux/amd64
          push: ${{ github.ref == 'refs/heads/main' }}
+  rollout:
+    name: roll out update
+    runs-on: ubuntu-latest
+    container:
+      image: git.janky.solutions/jankysolutions/infra/deployer:latest
+    needs: [build-synapse]
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: roll out update
+        run: |
+          set -euo pipefail
+          echo "${{ secrets.KUBERNETES_CLIENT_CONFIG }}" > ~/.kube/config
+          kubectl -n matrix rollout restart statefulset homeserver-janky-solutions
--- a/containers/synapse/Containerfile
+++ b/containers/synapse/Containerfile
@ -1,4 +1,4 @@
-FROM matrixdotorg/synapse:v1.119.0
+FROM matrixdotorg/synapse:v1.120.0
 RUN pip install boto3 humanize tqdm
 # there is probably a better way to figure out where the site packages are
 # this used to be hard coded to /usr/local/lib/python3.11/site-packages but then synapse updated it's minor python version and it broke
--- a/k8s/matrix/janky.bot-homeserver.yaml
+++ b/k8s/matrix/janky.bot-homeserver.yaml
@ -37,7 +37,7 @@ spec:
            - secretRef:
                name: synapse-janky-bot
      containers:
-      - image: matrixdotorg/synapse:v1.119.0
+      - image: matrixdotorg/synapse:v1.120.0
        name: synapse
        resources: {}
        volumeMounts:
--- a/k8s/monitoring/matrix-alertmanager-receiver.yaml
+++ b/k8s/monitoring/matrix-alertmanager-receiver.yaml
@ -31,7 +31,7 @@ spec:
                name: matrix-alertmanager-receiver
      containers:
      - name: matrix-alertmanager-receiver
-        image: docker.io/metio/matrix-alertmanager-receiver:2024.11.20
+        image: docker.io/metio/matrix-alertmanager-receiver:2024.11.27
        args: ["--config-path", "/config/config.yaml"]
        resources:
          limits:
--- a/k8s/monitoring/thanos.yaml
+++ b/k8s/monitoring/thanos.yaml
@ -18,7 +18,7 @@ spec:
    spec:
      containers:
      - name: thanos-querier
-        image: quay.io/thanos/thanos:v0.36.1
+        image: quay.io/thanos/thanos:v0.37.0
        args:
          - query
          - --http-address
@ -120,7 +120,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
-        image: quay.io/thanos/thanos:v0.36.1
+        image: quay.io/thanos/thanos:v0.37.0
        livenessProbe:
          failureThreshold: 8
          httpGet:
@ -254,7 +254,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
-        image: quay.io/thanos/thanos:v0.36.1
+        image: quay.io/thanos/thanos:v0.37.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 4
--- a/k8s/operators/external-secrets/bitwarden.yaml
+++ b/k8s/operators/external-secrets/bitwarden.yaml
@ -17,7 +17,7 @@ spec:
    spec:
      containers:
        - name: bitwarden-cli
-          image: ghcr.io/charlesthomas/bitwarden-cli:2024.11.0
+          image: ghcr.io/charlesthomas/bitwarden-cli:2024.11.1
          imagePullPolicy: IfNotPresent
          envFrom:
            - secretRef:
--- a/k8s/shlink/shlink.yaml
+++ b/k8s/shlink/shlink.yaml
@ -18,7 +18,7 @@ spec:
        fsGroup: 1001
        fsGroupChangePolicy: "OnRootMismatch"
      containers:
-      - image: ghcr.io/shlinkio/shlink:4.2.5
+      - image: ghcr.io/shlinkio/shlink:4.3.1
        name: shlink
        resources: {}
        ports:
--- a/k8s/snipeit/statefulset.yaml
+++ b/k8s/snipeit/statefulset.yaml
@ -18,7 +18,7 @@ spec:
        fsGroupChangePolicy: "OnRootMismatch"
      containers:
      - name: snipe
-        image: snipe/snipe-it:v7.1.14
+        image: snipe/snipe-it:v7.1.15
        ports:
        - containerPort: 80
          name: web
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -10,3 +10,30 @@
  apt:
    name: [ufw]
    state: absent
+
+- name: check which users exist
+  ansible.builtin.user:
+    name: "{{ item }}"
+  loop: ["root", "finn", "debian"]
+  check_mode: true
+  register: users
+
+- name: Ensure SSH key is set
+  ansible.posix.authorized_key:
+    user: "{{ item.item }}"
+    state: present
+    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJs5PJ6jQF7Sx3T1b1+NBXt4JRsnjGnWv8+bCf4RpwGM finn@taint
+  loop: "{{ users.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when: item.state | d('') == 'present'
+
+- name: Invalidate old SSH key
+  ansible.posix.authorized_key:
+    user: "{{ item.item }}"
+    state: absent
+    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMaJrZWSrAYTaCoGhW+o8HivmBj5oZi7Dei73FtCl0d finn@taint
+  loop: "{{ users.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when: item.state | d('') == 'present'
Author	SHA1	Message	Date
Renovate Bot	204e7935f5	chore(deps): update snipe/snipe-it docker tag to v7.1.15 All checks were successful / diff-and-deploy (push) Successful in 2m1s Details	2024-11-28 20:52:14 +00:00
Renovate Bot	19f973b6d0	chore(deps): update quay.io/thanos/thanos docker tag to v0.37.0 Some checks are pending / diff-and-deploy (push) Waiting to run Details	2024-11-28 20:52:03 +00:00
Renovate Bot	6f1bf71c76	chore(deps): update docker.io/metio/matrix-alertmanager-receiver docker tag to v2024.11.27 Some checks failed / diff-and-deploy (push) Has been cancelled Details	2024-11-27 06:02:03 +00:00
Finn	29f22759a4	move rollout to separate job All checks were successful / build-synapse (push) Successful in 17s Details / roll out update (push) Successful in 4s Details	2024-11-26 13:29:00 -08:00
Finn	6bbc5b24d7	rollout synapse updates after build Some checks failed / build-synapse (push) Failing after 51s Details	2024-11-26 13:22:47 -08:00
Renovate Bot	86c496faaf	chore(deps): update matrixdotorg/synapse docker tag to v1.120.0 All checks were successful / build-synapse (push) Successful in 26s Details / diff-and-deploy (push) Successful in 2m0s Details	2024-11-26 15:02:06 +00:00
Renovate Bot	d13630bd51	chore(deps): update ghcr.io/shlinkio/shlink docker tag to v4.3.1 All checks were successful / diff-and-deploy (push) Successful in 2m2s Details	2024-11-26 00:01:51 +00:00
Renovate Bot	3b1f44e19e	chore(deps): update ghcr.io/shlinkio/shlink docker tag to v4.3.0 All checks were successful / diff-and-deploy (push) Successful in 2m2s Details	2024-11-24 14:01:56 +00:00
Finn	ce1e33d678	ansible: rotate ssh key	2024-11-23 12:22:04 -08:00
Renovate Bot	89fcffdf59	chore(deps): update ghcr.io/charlesthomas/bitwarden-cli docker tag to v2024.11.1 All checks were successful / diff-and-deploy (push) Successful in 2m3s Details	2024-11-22 02:01:50 +00:00