woodpecker: upgrade to 2.5.0
forgejo: update to 7.0.3
__knot_dns: support multiple PTR entries on generation script
__nginx_site: update TLS config

Security recommendations according to: https://ssl-config.mozilla.org
__nginx_site: fix cronjob on Linux

infamously, the PATH variable is different :-), we had mostly used
this on BSD systems and therefore this issue was very seldom, and only
on Linux.

Reported by:	eXO.cat
__single_binary: common framework to keep types up to date

Note: this common framework for types requires jq to update them (type
maintainers), but not to run them (type users).

In order to, e.g. setup forgejo to use this common framework, we
	create two files:

printf "https://codeberg.org" > type/__evilham_forgejo/files/binary/forge
printf "forgejo/forgejo" > type/__evilham_forgejo/files/binary/repo

That is: `files/binary/forge` and `files/binary/repo`.

Then running:
> ./scripts/update-type.sh type/__evilham_forgejo
Updated __evilham_forgejo:  --> v1.21.5-0

Creates following files:
- latest.json: info about the latest release, jq formatted and without
    download statistics, which are inherently not idempotent
- latest.tag: the name of the latest release tag
- latest.tsv: a TSV file with columns:
    asset_file_name, download URL, hash

We currently assume sha256 hashes everywhere, as seems to be common,
but prefix them planning ahead.

This TSV is then used from the manifest as follows:


kernel="$(tr '[:upper:]' '[:lower:]'  < "${__global}/explorer/kernel_name")"
platform="$(cat "${__global}/explorer/machine")"
TYPE_VERSION="$(sed -e 's/^v//' "${__type}/files/binary/latest.tag")"
CHECKSUM="$(grep "${TARGET_FILE}" "${__type}/files/binary/latest.tsv" | head -n 1 | cut -f 3)"
DOWNLOAD_URL="$(grep "${TARGET_FILE}" "${__type}/files/binary/latest.tsv" | head -n 1 | cut -f 2)"

case "${kernel}" in

if [ -z "${CHECKSUM}" ] || [ -z "${DOWNLOAD_URL}" ]; then
        echo "Your platform '${kernel}-${platform}' is currently not supported." >> /dev/stderr
        exit 1

The key point being: deriving the target file name from the kernel and
the machine platform, then trying to get the checksum and download URL
off the TSV file.

This seems to be generic enough, to be worth migrating into
__single_binary_service in the future, but there are some minor
benefits of it being on each manifest (easier customisation).
__pf: load all anchors only when something changes

This closes ~evilham/cdist-automation#2
Start publishing manifests!

Over time, this repository of cdist-types has become more and more
opinionated, which simplifies work across multiple sites.

By having a flexible manifest framework we can centralise and simplify
management in this repository.

Sponsored by:	camilion.eu, eXO.cat, glutec.net
__knot*: new type to manage secondary zones from an external primary

While there, add sample manifests and snippets that can be used to
simplify creating your own site's manfiests.

Sponsored by:	giutec.net, camilion.eu
scripts: check manifests too
__pf: add the type itself as a source of anchors

Over the years, I have come to implement the same setup for multiple
sites / organisations, which had lead to some duplication.

By refactoring things, it is now easier to share settings and use this
as a flexible and opinionated firewall framework.

Sponsored by:	glutec.net, camilion.eu
bugfix/update victoriametrics to v1.94.0
update version on types of monitoring services

- prometheus 2.37.6 -> 2.47.2
- blackbox_exporter 0.23.0 -> 0.24.0
- alertmanager 0.25.0 -> 0.26.0
- victoriametrics 1.87.1 -> 1.93.7
- victoriametrics_vmauth 1.87.1 -> 1.93.7
__forgejo: add new parameter for possible attachments

This enables admins to allow other, less common, file extensions that
might be useful for their use-case.

Sponsored by:	camilion.eu
__nginx_site: fix renewal with acmetiny

When commanding this type to manage the TLS certificate with acmetiny,
we were not passing the renewal hook, which meant that certificates
were bound to be renewed but not reloaded into nginx.

Sponsored by:	camilion.eu
forgejo_ldap: support FreeBSD

while there improve the type docs.
forgejo: update conf file and improve UX

Update conf to match recent versions and perform some changes
regarding to UX:

- use the database as storage for sessions. While using memory is
  leaner on server resources, it has the drawback that a restart of
  the service (due, e.g. to a config change) loses all sessions.
- rename all cookies so they are actually meaningful
- increase the time cookies are valid from 1 day to 90 days
forgejo: add support for FreeBSD

we do this by generalising /etc to ETC_DIR and download the compiled
version from farga.eXO.cat
forgejo: enable email notifications by default + custom path

We were not passing the custom-path flag, which is problematic when we
want to override / customise certain assets.
__forgejo: use the .xz URL as required further down the manifest