fix: update octopus_exporter to v1.1.1 (#81)

* fix: update checkout version to dodge deprecation

* fix: more deprecations

* forgot one

.github/workflows/deploy-on-merge.yml

@@ -5,7 +5,7 @@ on:
     branches:
       - main
     paths-ignore:
-      - 'terraform/**'
+      - "terraform/**"
 
 # Requires these repository secrets:
 #   TAILSCALE_CLIENT_ID  — Tailscale OAuth client ID (federated identity)
@@ -20,7 +20,7 @@ jobs:
     outputs:
       hosts: ${{ steps.discover.outputs.hosts }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Read hosts from inventory
         id: discover
@@ -40,7 +40,7 @@ jobs:
         host: ${{ fromJson(needs.discover.outputs.hosts) }}
       fail-fast: false
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up Tailscale
         uses: tailscale/github-action@v4

.github/workflows/deploy.yml

@@ -4,15 +4,15 @@ on:
   workflow_dispatch:
     inputs:
       target:
-        description: 'Target host (e.g. helsinki-a, london-b, all)'
+        description: "Target host (e.g. helsinki-a, london-b, all)"
         required: true
         type: string
       playbook:
-        description: 'Ansible playbook to run (e.g. site.yml, update.yml)'
+        description: "Ansible playbook to run (e.g. site.yml, update.yml)"
         required: true
         type: string
       dry_run:
-        description: 'Dry run (--check mode)'
+        description: "Dry run (--check mode)"
         required: false
         type: boolean
         default: true
@@ -30,7 +30,7 @@ jobs:
     outputs:
       hosts: ${{ steps.prepare.outputs.hosts }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Build host matrix
         id: prepare
@@ -48,7 +48,7 @@ jobs:
     needs: prepare
     name: Deploy ${{ inputs.playbook }} → ${{ matrix.host }}
     runs-on: ubuntu-latest
-    environment: production  # requires manual approval in repo settings
+    environment: production # requires manual approval in repo settings
     permissions:
       id-token: write
     strategy:
@@ -56,7 +56,7 @@ jobs:
         host: ${{ fromJson(needs.prepare.outputs.hosts) }}
       fail-fast: false
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up Tailscale
         uses: tailscale/github-action@v4

.github/workflows/lint-ansible.yml

@@ -8,7 +8,7 @@ jobs:
     name: ansible-lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Check for Ansible files
         id: check

.github/workflows/lint-docker-compose.yml

@@ -8,7 +8,7 @@ jobs:
     name: docker compose config
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Stub missing env files referenced by Compose
         run: |

.github/workflows/terraform.yml

@@ -4,8 +4,8 @@ on:
   push:
     branches: [main]
     paths:
-      - 'terraform/**'
+      - "terraform/**"
-      - '.github/workflows/terraform.yml'
+      - ".github/workflows/terraform.yml"
 
 # Requires these repository secrets:
 #   AGE_SECRET_KEY     — age private key for SOPS decryption
@@ -15,10 +15,10 @@ jobs:
     name: Plan
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install OpenTofu
-        uses: opentofu/setup-opentofu@v1
+        uses: opentofu/setup-opentofu@v2
         with:
           tofu_version: latest
 
@@ -53,7 +53,7 @@ jobs:
 
       - name: Upload plan
         if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: tfplan
           path: terraform/tfplan
@@ -66,10 +66,10 @@ jobs:
     runs-on: ubuntu-latest
     environment: production
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install OpenTofu
-        uses: opentofu/setup-opentofu@v1
+        uses: opentofu/setup-opentofu@v2
         with:
           tofu_version: latest
 
@@ -99,7 +99,7 @@ jobs:
         run: tofu init
 
       - name: Download plan
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
         with:
           name: tfplan
           path: terraform/

.github/workflows/validate-caddyfile.yml

@@ -8,7 +8,7 @@ jobs:
     name: caddy validate
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Check for Caddyfile
         id: check

.github/workflows/validate-terraform.yml

@@ -8,10 +8,10 @@ jobs:
     name: tofu validate
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install OpenTofu
-        uses: opentofu/setup-opentofu@v1
+        uses: opentofu/setup-opentofu@v2
         with:
           tofu_version: latest
 

ansible/services/octopus-exporter/docker-compose.yml

@@ -4,7 +4,7 @@
 
 services:
   octopus-exporter:
-    image: rwejlgaard/octopus_exporter:v1.1.0
+    image: rwejlgaard/octopus_exporter:v1.1.1
     container_name: octopus_exporter
     restart: unless-stopped
     ports:

terraform/hetzner_compute.tf

@@ -1,39 +1,40 @@
 resource "hcloud_server" "nuremberg-a" {
-    name = "nuremberg-a"
+  name        = "nuremberg-a"
-    image = "debian-13"
+  image       = "debian-13"
-    server_type = "cx23"
+  server_type = "cx23"
 
-    location = "nbg1"
+  location           = "nbg1"
-    delete_protection = true
+  delete_protection  = true
-    rebuild_protection = true
+  rebuild_protection = true
-    keep_disk = true
+  keep_disk          = true
 
-    labels = {
+  labels = {
-        "role" = "mail"
+    "role" = "mail"
-    }
+  }
 
-    public_net {
+  public_net {
-      ipv4_enabled = true
+    ipv4_enabled = true
-      ipv6_enabled = true
+    ipv6_enabled = true
-    }
+  }
 }
 
 resource "hcloud_server" "helsinki-a" {
-    name = "helsinki-a"
+  name        = "helsinki-a"
-    image = "debian-13"
+  image       = "debian-13"
-    server_type = "cax11"
+  server_type = "cax11"
 
-    location = "hel1"
+  location           = "hel1"
-    delete_protection = true
+  delete_protection  = true
-    rebuild_protection = true
+  rebuild_protection = true
-    keep_disk = true
+  keep_disk          = true
 
-    labels = {
+  labels = {
-        "role" = "ingress"
+    "role" = "ingress"
-    }
+  }
+
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = true
+  }
+}
 
-    public_net {
-      ipv4_enabled = true
-      ipv6_enabled = true
-    }
-}

terraform/hetzner_ssh_keys.tf

@@ -0,0 +1,4 @@
+resource "hcloud_ssh_key" "personal" {
+  name = "personal"
+  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlU2h+JgVMVsHkkcxed9WbrUCKWfuUrY6yErmGIIREP6X2cua2qE4H+329FSJXQs0Yd0OiNwsXzfW88kl0+aMopQXaccY3q8109KR43RNrRrril9od+PidVvT/fvV8eNYVE9M4gyT1c9t8ZLD85vJf9rILFWbLG4DqqFL3z33W2u//Bl8uVLoY3tSgBmukVt45If9g9mxVfSstLmZj7j75rghS0EbE2kzwgUH397mJGMlJJdFhzRtP+/D09hE+zgFxl45V6dszEu9ggawRRGvEcR1dXDB0g6n3/7h6M+pb8/77ZAxk4AwD6CzZi8k7SlVkzCKZQRPpge+C0xLdm9EAY7byj30XdGgpo80eiCJmVImYm4VmPnjh39IumQWkDgpXkYQ9aj9jUDvcSrEmwTBRJOqmaO7BW0sVbP0BDW3UjCyeUQ8zprmWsUscoB0u9r4bMOLnhNldXljjKcDRdX2JciIILiCEfnn781Q3uxLgOoHEnYto0tSxbLQI/o9WB4M="
+}

terraform/providers.tf

@@ -4,6 +4,7 @@ terraform {
   required_providers {
     cloudflare = {
       source  = "cloudflare/cloudflare"
+      version = "~> 5.19"
     }
     
     hcloud = {