feat(redis): update redis from 8.6.1 to 8.6.3

update notes: - run 'ansible-playbook playbooks/app/site.yaml --tags "site"' so that update all redis at onece
feat(postgresql): update postgresql and vectorchord extension
2026-05-09 13:55:28 +09:00 · 2026-05-09 13:54:10 +09:00 · 2026-05-09 12:56:22 +09:00 · 2026-05-09 12:50:36 +09:00 · 2026-05-09 12:44:44 +09:00 · 2026-05-09 12:44:05 +09:00
5 changed files with 69 additions and 10 deletions
@@ -192,21 +192,21 @@ version:
    # infra
    step: "0.30.2"
    ldap: "v0.6.3"
-    x509-exporter: "3.21.0"
-    prometheus: "v3.9.1"
+    x509-exporter: "4.1.0"
+    prometheus: "v3.11.3"
    loki: "3.7.1"
-    grafana: "12.3.3"
+    grafana: "13.0.1"
    ## Postgresql
-    postgresql: "18.2"
+    postgresql: "18.3"
    # For immich - https://github.com/immich-app/base-images/blob/main/postgres/versions.yaml
 #    pgvector: "v0.8.1"
-    vectorchord: "0.5.3"
+    vectorchord: "1.1.1"
    # Auth
    authelia: "4.39.19"
    # App
-    vaultwarden: "1.35.8"
+    vaultwarden: "1.36.0"
    gitea: "1.26.1"
-    redis: "8.6.1"
+    redis: "8.6.3"
    immich: "v2.7.5"
    actualbudget: "26.3.0"
    paperless: "2.20.15"
@@ -8,9 +8,20 @@
    mode: "0770"
  loop:
    - "x509-exporter"
+    - "x509-exporter/config"
    - "x509-exporter/certs"
  become: true

+- name: Deploy config.yaml
+  ansible.builtin.copy:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/x509-exporter/config/config.yaml"
+    dest: "{{ node['home_path'] }}/containers/x509-exporter/config/config.yaml"
+    owner: "{{ services['x509-exporter']['subuid'] }}"
+    group: "svadmins"
+    mode: "0440"
+  become: true
+  no_log: true
+
 - name: Deploy certificates
  ansible.builtin.copy:
    content: |
@@ -0,0 +1,11 @@
+server:
+  listen: :9793
+
+sources:
+  - kind: file
+    name: homelab-certs
+    paths:
+      - /certs/*.crt
+      - /certs/*.pem
+      - /certs/*.cer
+    refreshInterval: 1m
@@ -11,11 +11,12 @@ Image=docker.io/enix/x509-certificate-exporter:{{ version['containers']['x509-ex
 ContainerName=x509-exporter
 HostName=X509-exporter

+Volume=%h/containers/x509-exporter/config/config.yaml:/etc/config.yaml:ro
 Volume=%h/containers/x509-exporter/certs:/certs:ro

 PublishPort={{ services['x509-exporter']['ports']['http'] }}:9793

-Exec=--listen-address :9793 --watch-dir=/certs
+Exec=--config /etc/config.yaml

 [Service]
 Restart=always
@@ -37,14 +37,14 @@ podman exec -it -u postgres postgresql "psql -U postgres"
 > \l
 > \q

-# Restor database (manually)
+# Restore database (manually)
 podman exec -u postgres postgresql "psql -U postgres -f $POSTGRESQL_BACKUP_PATH_IN_CONTAINER/script.sql"

 # Backup service executes
 systemctl --user start postgresql-cluster-backup.service

 # Stop and remove all data
-systemctl --stop postgresql
+systemctl --user stop postgresql
 sudo find "/home/infra/data/containers/postgresql/data" -mindepth 1 -delete

 # Restore database
@@ -62,3 +62,39 @@ postgres=# SHOW shared_preload_libraries;
 vchord.so
 (1 row)
 ```
+
+## Update and upgrade version
+
+### Update version
+
+#### Prerequisite
+
+- Shutdown all related services on [infra, auth, app] vms.
+    - [service list](../../../ansible/roles/infra/tasks/services/set_postgresql.yaml)
+    - `systemctl --user stop $SERVICE`
+
+- Run backup service unit on infra vm.
+    - `systemctl --user start postgresql-cluster-backup.service`
+    - `systemctl --user start postgresql-data-backup@$SERVICE.service`
+
+- Modify postgresql and extension version and run ansible playbook
+    - [version info](../../../ansible/inventory/group_vars/all.yaml)
+    - `ansible-playbook playbooks/infra/site.yaml --tags "postgresql"`
+
+- Check postgresql container and update extension
+
+```postgresql
+# immich example
+# extension should be checked on each database which needs the extension
+\c immich_db
+\dx
+# check the installed_version and default_version
+ALTER EXTENSION vchord UPDATE;
+REINDEX INDEX face_index;
+REINDEX INDEX clip_index;
+```
+
+- Run playbook to start all services
+    - `ansible-playbook playbooks/[infra, auth, app]/site.yaml --tags "site"`
+
+- Check all services
Author	SHA1	Message	Date
il	26115c5660	feat(redis): update redis from 8.6.1 to 8.6.3 update notes: - run 'ansible-playbook playbooks/app/site.yaml --tags "site"' so that update all redis at onece	2026-05-09 13:55:28 +09:00
il	acef35ca8b	feat(postgresql): update postgresql and vectorchord extension update notes: - update postgresql version from 18.2 to 18.3 - update vectorchord version from 0.5.3 to 1.1.1 - add update flow and notice to postgresql.md	2026-05-09 13:54:10 +09:00
il	b531170bd7	feat(vaultwardne): update vaultwarden from 1.35.8 to 1.36.0	2026-05-09 12:56:22 +09:00
il	ad586c3cd3	feat(grafana): update grafana from 12.3.3 to 13.0.1	2026-05-09 12:50:36 +09:00
il	6dfef08f7b	feat(prometheus): update prometheus from v3.9.1 to v3.11.3	2026-05-09 12:44:44 +09:00
il	934dd314a8	feat(x509-exporter): update x509-exporter from 3.21.0 to 4.1.0 update notes: - '--listen-address' and '--watch-dir' cli flags are deprecated - add '--config' cli flag and config.yaml	2026-05-09 12:44:05 +09:00