From 75d42f26712ceec1cf2b7ad308d3f05249327ca6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 4 Dec 2025 00:03:25 +0000 Subject: [PATCH 001/108] Update rcourtman/pulse Docker tag to v4.36.2 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 29b5823..776676b 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.36.0 + image: rcourtman/pulse:4.36.2 volumeMounts: - name: pulse-data mountPath: /data From 340ca38dfe49749c82d01f3714c71f31b701ef82 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 5 Dec 2025 05:09:44 +0000 Subject: [PATCH 002/108] Update searxng/searxng Docker digest to 5cf43ee --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 3e6f3a9..3e80377 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:6dd0dffc05a75d92bbacd858953b4e93b8f709403c3fb1fb8a33ca8fd02e40a4 + image: searxng/searxng@sha256:5cf43eea89b334f0b34ec03eef03a432e1734dbc13e980878ea1442c50391c7e ports: - containerPort: 8080 env: From ff8ad873fd986ee31e50aeff468d74cd11e273a4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 5 Dec 2025 05:09:48 +0000 Subject: [PATCH 003/108] Update docker Docker tag to v29.1.2 --- clusters/default/git-ops/gitea-act/gitea-act.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml index 6162f70..daf8889 100644 --- a/clusters/default/git-ops/gitea-act/gitea-act.yml +++ b/clusters/default/git-ops/gitea-act/gitea-act.yml @@ -67,7 +67,7 @@ spec: - name: runner-data mountPath: /data - name: daemon - image: docker:29.1.1-dind + image: docker:29.1.2-dind env: - name: DOCKER_TLS_CERTDIR value: /certs From 5da05d49203594e442956b6a6f22ca4d72a9c38f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 5 Dec 2025 05:09:51 +0000 Subject: [PATCH 004/108] Update Helm release metallb to v0.15.3 --- clusters/default/helm/metallb/metallb-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/metallb/metallb-release.yml b/clusters/default/helm/metallb/metallb-release.yml index 1dc8cda..d7d9209 100644 --- a/clusters/default/helm/metallb/metallb-release.yml +++ b/clusters/default/helm/metallb/metallb-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: metallb - version: "0.15.2" + version: "0.15.3" sourceRef: kind: HelmRepository name: metallb From 0923da2b6c12caedf91c428907f9e871ba3eb160 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 5 Dec 2025 05:10:03 +0000 Subject: [PATCH 005/108] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.11.1 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index b96d9a4..df45ce8 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.10.3 + image: lscr.io/linuxserver/speedtest-tracker:1.11.1 ports: - containerPort: 80 env: From 4ee96d56ffc7b2ac36abcfe7f84f413c8044a900 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 6 Dec 2025 00:03:01 +0000 Subject: [PATCH 006/108] Update searxng/searxng Docker digest to b40d6e5 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 3e80377..1a9be8c 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:5cf43eea89b334f0b34ec03eef03a432e1734dbc13e980878ea1442c50391c7e + image: searxng/searxng@sha256:b40d6e5ee3792e450f4034c53bdcb50f12d906e0cfb74df169e979b125b99f78 ports: - containerPort: 8080 env: From 1835385eb3ca6e389d1ed06ba34d8829b09b0429 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 6 Dec 2025 00:03:12 +0000 Subject: [PATCH 007/108] Update Helm release prometheus to v27.50.0 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index a5e4038..bfcf0f9 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.49.0" + version: "27.50.0" sourceRef: kind: HelmRepository name: prometheus-community From 3839ab858983c281b67303f831f7c58784f7d227 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 6 Dec 2025 00:03:50 +0000 Subject: [PATCH 008/108] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.12.0 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index df45ce8..741bbd8 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.11.1 + image: lscr.io/linuxserver/speedtest-tracker:1.12.0 ports: - containerPort: 80 env: From 6688ed54bf67cf1eb850f71eac0f41d0f6f3d41e Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sat, 6 Dec 2025 14:06:09 +0530 Subject: [PATCH 009/108] pin sabnzbd image to specific version --- clusters/default/arr-stack/sabnzbd/sabnzbd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/arr-stack/sabnzbd/sabnzbd.yml b/clusters/default/arr-stack/sabnzbd/sabnzbd.yml index 48c3d00..269dac3 100644 --- a/clusters/default/arr-stack/sabnzbd/sabnzbd.yml +++ b/clusters/default/arr-stack/sabnzbd/sabnzbd.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: sabnzbd - image: lscr.io/linuxserver/sabnzbd:latest + image: lscr.io/linuxserver/sabnzbd:4.5.5 env: - name: PUID value: "1000" From 51a57d21153cf91f8949b27b6fe73da1341f5ba1 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 7 Dec 2025 00:02:26 +0000 Subject: [PATCH 010/108] Update searxng/searxng Docker digest to c25c6b6 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 1a9be8c..c41e2f8 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:b40d6e5ee3792e450f4034c53bdcb50f12d906e0cfb74df169e979b125b99f78 + image: searxng/searxng@sha256:c25c6b671382f0464318b2de3b142f1c9fe3721e46fdad027f4d6caf399728ea ports: - containerPort: 8080 env: From c9c1da82dcb844fde6bc4a92b6dd8e23bc56f330 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 7 Dec 2025 00:02:29 +0000 Subject: [PATCH 011/108] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.12.1 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index 741bbd8..b7fe724 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.12.0 + image: lscr.io/linuxserver/speedtest-tracker:1.12.1 ports: - containerPort: 80 env: From d87e969aa600ed17aec4eb78919906a4d6bcf564 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sun, 7 Dec 2025 17:13:33 +0530 Subject: [PATCH 012/108] disable newt --- {clusters/default/helm => disabled}/newt/newt-creds.yml | 0 {clusters/default/helm => disabled}/newt/newt-release.yml | 0 {clusters/default/helm => disabled}/newt/newt-repo.yml | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename {clusters/default/helm => disabled}/newt/newt-creds.yml (100%) rename {clusters/default/helm => disabled}/newt/newt-release.yml (100%) rename {clusters/default/helm => disabled}/newt/newt-repo.yml (100%) diff --git a/clusters/default/helm/newt/newt-creds.yml b/disabled/newt/newt-creds.yml similarity index 100% rename from clusters/default/helm/newt/newt-creds.yml rename to disabled/newt/newt-creds.yml diff --git a/clusters/default/helm/newt/newt-release.yml b/disabled/newt/newt-release.yml similarity index 100% rename from clusters/default/helm/newt/newt-release.yml rename to disabled/newt/newt-release.yml diff --git a/clusters/default/helm/newt/newt-repo.yml b/disabled/newt/newt-repo.yml similarity index 100% rename from clusters/default/helm/newt/newt-repo.yml rename to disabled/newt/newt-repo.yml From 084d36f349c24ea1f02a4e17314157934ecd922b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 7 Dec 2025 12:28:29 +0000 Subject: [PATCH 013/108] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.12.2 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index b7fe724..3fffd16 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.12.1 + image: lscr.io/linuxserver/speedtest-tracker:1.12.2 ports: - containerPort: 80 env: From a28d2ab5e20c0d249360574a22cde056da37d0f0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 8 Dec 2025 00:02:14 +0000 Subject: [PATCH 014/108] Update searxng/searxng Docker digest to 8354c2e --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index c41e2f8..c6eaca4 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:c25c6b671382f0464318b2de3b142f1c9fe3721e46fdad027f4d6caf399728ea + image: searxng/searxng@sha256:8354c2e3fdc4e400379c0fa906e42961dfc55a570d9769c70ab07e410dfb1468 ports: - containerPort: 8080 env: From 146f3006ad5ed27ea68a0c3ffc9511e5bb3c791c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 9 Dec 2025 00:02:14 +0000 Subject: [PATCH 015/108] Update quay.io/invidious/invidious-companion Docker digest to d68a312 --- clusters/default/media/invidious/invidious.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml index 33d8a7f..3221e95 100644 --- a/clusters/default/media/invidious/invidious.yml +++ b/clusters/default/media/invidious/invidious.yml @@ -66,7 +66,7 @@ spec: - name: postgres-data mountPath: /var/lib/postgresql - name: inv-companion - image: quay.io/invidious/invidious-companion@sha256:a9de6b495fcad1de80d18b4452409e3f328af1f93cd0729c18fc833012efa9c8 + image: quay.io/invidious/invidious-companion@sha256:d68a312073920572e39b0d4ae486f22885819567fae5fac23220f7b750f8e295 restartPolicy: Always env: - name: SERVER_SECRET_KEY From f35db22500c2efbc9f44e1f85b7a122178af9373 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 9 Dec 2025 10:06:54 +0000 Subject: [PATCH 016/108] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.12.3 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index 3fffd16..fc6c38b 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.12.2 + image: lscr.io/linuxserver/speedtest-tracker:1.12.3 ports: - containerPort: 80 env: From 28b65089501398d2bfda5afd1a3ecbab811cf2d5 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 15:38:49 +0530 Subject: [PATCH 017/108] Update Renovate and Checkout action versions in workflow --- .gitea/workflows/renovate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml index bc344ce..80ef187 100644 --- a/.gitea/workflows/renovate.yml +++ b/.gitea/workflows/renovate.yml @@ -9,11 +9,11 @@ jobs: renovate: runs-on: ubuntu-latest container: - image: renovate/renovate:42.26.11 + image: renovate/renovate:42.41.0 steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Run Renovate env: From 9782fa9e79f0789d5116b372baa5d7f76412440d Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 16:43:04 +0530 Subject: [PATCH 018/108] add pihole widget to homepage --- .../monitoring/homepage/home-secrets.yml | 33 ++++++++++--------- .../monitoring/homepage/homepage-config.yml | 14 +++++++- 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/clusters/default/monitoring/homepage/home-secrets.yml b/clusters/default/monitoring/homepage/home-secrets.yml index 3deaf3d..69ace2a 100644 --- a/clusters/default/monitoring/homepage/home-secrets.yml +++ b/clusters/default/monitoring/homepage/home-secrets.yml @@ -6,22 +6,23 @@ metadata: namespace: monitoring spec: encryptedData: - ALLOWED_HOSTS: AgAUKCAFKds1pbbKlF45HLQC238Ueg2kaS83tp23uE7MCUrzFDMF8OrRwVg79cLFcQlKVMNj4FYHqMpkRHfueOAN9shIXMPfEK+IzQvzl4r0cMopuuBRumq2/ObGOLudeK3JWQm5CygmRFGi3auJS8EBD+a3xGPJPlgb6b7J7SrMka0DjIUZxLAknSVLP6fI05ZUQjnP4M0Rv1FaO63VrXOhQ+1boReiuc0mSFA0HR1M+Jv3NscUhxx9KwWdJL3igH+84PUC6JfvFyrY5E+V+HVCf//W4yIT+tTiWIQ03ySCA3+Fpdsm+RqvUC3Hqpf/CC/HpTx8pSLeVYFT3Bak5OgQNen4HBANwBuns8CJLMKKLe7OQfluzc81EnGjcBOYJRjZTXIyrkvLBsRdNodK/ho+YeO65f1ZOZVVL1XsCa2R/YemvPiRYhjyIiCNNi+HSzDUwc8hSuO8JHIO6NK+pswQgL0IqbGudl7JOJzcbEfpFwV4NUZLbO/McWpr5h/L0ZHmjf8weD52YKkoppjLbr9SXPRqGsHQkURoVQcGEerd/+IWWeV/6dT7Do6GRZGUWBuiCuxnXFgVnkUx3FnDSZ9Pd5nj5oGKrhzs3F89aeD50FkVEoXhW9FTXh+WPwfzyRfj6UyhthUE/sjs93aghjXqKrdEcNE3aUEQee2FTEQ0HC7XpEXmYnjqoD15kD/+azBaCeyddbVpfZJ9eovy+ribwWg= - BAZARR_API_KEY: AgDFkohbhrDZ2yYGHRCmu29+jqwxjp+KVIivRMiCMoFGglFA6HZYvGuwpNtYH8uFCmRmOx9ew8/xzhGLfsjye7Flnrt8FZ9l9MvgVVkSa4YaQBlM9mFx+esM4Q0B4LUoswKD4+jdvqAlEB427TZLYUgeZ4EMNJnhIfT+HtlRTIZdSA9i8GzFu0W1FyLf/KyF9IUtn+6sUAuHBpj0aqiYxyhkW6jXFIQ8suG8PpQPWsXKBotdGu3tei0dCsCs76phqDFONEWlhhpLdPGEFtkfF+HXaf4mZnOUhqguKVMPsmjEfUWOm7KWUqF/ya80k2eSXu/GT5FtofISNAsyth5iU5F/f4QdJaQb1T0ZMOzVvBURD4ddCEAWI1v+Ea+P/dvOEULpi2QN6VSLSkUagXgKJV5CKEDKHJayw3lY2t/8wCO3qvuNgl8029asuAML6MYSnI5c3aKcDbIRyEgu2j1yJdWlS4RI/2u+Ga0pWr5sC6E9ehufUI8hdcMe5dxlTfySp/rgZ9wV7c42MgyDsIKsUef/8fN2WlqVMbiocS8eUYxVrjTgUhoaDYgaGIl+ex48Tz14OH9wCNtUfL39p6sxKl1XW5slUz0mdtnQoOajdSwGRfVCVeACiKs/jTnsAM4DEy0Uuz/q0l7SH53gN/8oQNAqEgJbVwofsC3Ka5EnjZEv54zcLQuya2VojsR6IdwRK6ju2oTa7kvQZiL6GrF9yz0UDLYo7iEJsk9Bw2J5fAGxQw== - DOMAIN: AgAKkN95LerXHe/p1CS3O/foK+ouRxBVwgOpinqC5Rk5shz2CQ8YYR0AsTeh2mN2zHYB5jyrAdCTxsSGbe/ZbwdwWm9MiDKHwYZKiHI8UazXfIKm4sFLlDtyi57ChdkQLzHALvnAILygMzSGz8uZjJDan88ByeFW2rTqYYQnylbHJi0TTIeOAGoYWbxD6FdQQbG07DYLLb/1gSDtDoAV/omD2xIOttii8m54ZzTzJpThCZWVige4Bjdl+h+BRCkZJ6AwMRrXZ7hyb/0Qzo0LDYog+TYVKaX8jDnIsszudGlOikVtdVhhu1OeLYB+ma7+zYRC0tq87LryFvSc7lR7gMh2QwHnkNmqsWK0MuXvg+F04i+xJFcj8wpEUKH4DvcApGRG7AbYi9CCk29O+jZzvbaEVvO571cIaJd1SP/CtBjiuArVU826IW3wNxu9Wz0bOtZEkcMMqdst41Q2d5ESm0LDFlrrHZZG5Bc/2NCCAVMjiOgsRRaGLvLWUwaDoZO2rrmx7q5d6plmTplmNS2AP/TVITdpG4MIKe+VtZ842uF3tXbeQt7y624c9db+R8wSun5QPZ1nS7c9m9SRi+dIe9liTnaeNRw/HQDawwwxeHpYWEfMKjRYon7JicBV0EL5/HAXlrhOEKSGgGLT8U3zeLT8uvIcBpU8AcMWJZoGOSi/XTgsI5jy7H0JO6B6OBd4nGlW5N0Mrg1B9RH1Dp0X - GITEA_API_KEY: AgBDJSM/3KOBDpL2u3aBUWP4Dczx0X669QmNb7bMDft7UY4P07MDIZGgLe19Gu39nsFvp0La9SGv7xPz42jSwM4dB4vEifnD98b86fD2GdVMTUwfScH2E6KatNuI4f713kLFryYqBGxcFQ1ka/2MmXUHaEwo//MhL+pcVzaK/WDej6coGb11Cp51W8R2OOxSHr1wToErtfOEn/0ucVop01QrMbEmj3dnuGGAXPZthmZ00vTzuUfNFJQqKEboNE0kt0EsqiAdHCTdYyRVFOEMMjSgxYecfnn/nJ3feXRimVdspzRAm9pOclbASrq3KUOmdyRyABAfHW2HZq3tt8O2nAE2ZkQ7o3+g0uZkgclq6Duhnehn0cvcUzfDkVKuzz6SAMVo550VsvtFVbmyu3RgzLJXZDA1UYooV7f1PzEL8ejO6Y7FTfr6b+0sGzLGiwBDpjJsmVFSdMvVnJ38bvwmyOQxp1CFsmNxY5zlQk6vjQv6A0M/hZ8K7/E/9oVw9asfDeO9Tiy43IQiyn7egTty6loOSXrNwb3shcndctLyYNAt0wtmyfWUmoQnbpd6ME73VSf+KIpgp4ypiKMY/Ec6bUPYxCl0GM126pg8UPVPvBcB0JEL6+8x6fsB9z+kqfIohT6gzekdPN2FArDWBfoBg0Tro2uKAqEcpXROGfjSDe+NMWxGeTPCto5bBCs2z5VM6IiDLe6QItfy2BOsAqIaYxgrhvHdQK36Y/KvhxTpqLtyeHVe7RhVwIvF - IMMICH_API_KEY: AgB302QdlUawaxR6aVH5HhOlHWRIHtievkVaeFecOWwH0+N2hUvSFt0N7IQQD4G+cZFjoIgStHuAuaFFvYmDI8iw5523ui94nXFKXJ04Dz+/4IIwl/rzqEWBVLI/GP/XWsknh9hnZtaPTCSp8IpXji6+k4ZU8vPBQFVr9IgdXO/Raz7yzGTEwP1rNu3mkizVn6RWuy4LwLrPxq4tdJ2mVN0zqfaSpQZTPBs0AbMvtN7EBfNTnnxqHFMn+Zqt/EfUHkhMwHd9bAop+XMDyc7eoFgwCtGZATV7Z1NmQX5+HKGIfIONf7HVvygCWqhKRTn7fShQj5W9/kAkKm98WfyPrCerF21fid9sCYJ4u6p4Jhzi/sqKV5YPhNTBD4d8p7dRvo3f9U/aPj/y8IpIrsXDhdquXOypN69YNKv98R7bqdcuZ7BMd/B447byR2MCe3F40SsQwmUr7jHAql75q1F4CMjcUMIUGwN4pxLTdOTmHKSdHaN9VnmDK4rmfawph1iE8Spx7NS8fxQ5oLUPat+VTENHv7agVNvrowcxZIAtT1t7EMe5i5Gqr8pzddg0HiH4DfmbKtioUxfrGDr7rVpHHgirm2S/KFGEJD78hc17QYUQIYtXYL6DB6PZ3cZ6nDq9R5Y1QuTP/cieYfLVtPsmBq85WscFWzzB7cc3mKvmd6gHrNZ0ldxpQZhsfEQohRAjEF3GQKhglbeY8FIIBOAOaDoch/qCr7dmDJ6ARz81x5wBwAajmScHHD5bdTg= - JELLYFIN_API_KEY: AgC2gPgvLMIxZkyvGJvLXqFOTDOiz3PZyt2JVAlQaqZpDJf7gsZ0vQ5u4CeFqgB5xLYYOuds7ShaRhqopFC7PO/YOVRRthU84AGYBBer51y3Ind7SwHzJVfjqcexkuqh/an4wqWvsgl2ESu5kisii5FIgMEdAXrnq77/E3Qnlv5Fw6HSl+MGAX5rw0sGzAhpRMCCDJFoYBcECXIhCKnZKfTxE1TQne+NPmj/oymvQGCY3eKnv0LbjdbFzRHWWmfK4QbiC2L8fnrZ3Iuumhorjb2u/aa++21JwL9UfvAhaioZn/KAbVTgWphQMARpOZBw9kfvU+GLW3I+Jkzt39KYFhgT4euce0LwgLwdnYjw81o+CsS8U5IaVRAuLNCwlcYkWLmg/R9JcwyjznbNt+mYP1iUPhpiLD7n/iV7JtLI0GvqSZHohBa9Pu5gNQ/+NN4XG3ujaDRvjVSdfb/ZTxnxWFgpbEjkLDs6aLnjRkGa1aMOczli5GRJPJ65N4oBT2kTSz14Z9LqF3eeiEb0HMZcvbIe/WGguPWM/5y3jcCH82JDUJNBeEOtgm4UT8zWnrFRce8p1CKy/CPeAjTkoVyQJ8hRRv6SsKUNd2Vqs4FP/PrvfdmQxNZcUEithuZ2afrXEshg01KORBm0g8eWoSXTrKUFL0mdsoHGLrzB6U56FJN1+L9FE6w//qbuxkP703NmWeSiHLWfk0hLrEt7ntczt/ZCOopu4FX/FKKnhyN7Usp9oA== - JELLYSEERR_API_KEY: AgAt/JMmEK2igQQmQYF3/eCmoRTh58GUmA7F7jfkzmjyswSljX2kyRSC6SouxNQ+NxtqoQ3toJnuc2twN4g1uWZabRZf9nNxlFYswItex7hWQela5YMGXzvkhk+peStfn3chrWqrvUuFDswK907tf9T5jf0xA4ZIglDocckLH58zqFYSPin+i7Dl3xN9R1Y7fpFDMKjFlnZ/6NvWBLd7kOBJtEfxxFiBIPpBc0X8ygQWv5v31DTVjaXOxglAtS2rtf4DUZYadjAGFCZ6M1NIUHg2Uwga/C/uDAMBjN/umnsrDDjS9Zug/n9D5WKpLzAwiLs3JbXVvfbpbJKUJEI2GpPh4msokFR+NmXwT2HhA4pFpzoOQxS2SFT6Jx2AQs8fVNGazEP+PrOXw+L8MM0Z3NDP5gqFwasgu6kopCK+2hOObZq9GBEXcb2OJmg/xVWHL+IAJTf5afVAIEuu6k//I/W8VVn2VlfTnwDLPrxbr3ILHILaMZbuZR9nY8zQ1TL+4vvji9RLQ3E3fTSeqvhu8+dvCRg2oG8nPSLD5BRrmiV8jHh3fT410RKzXmWJTgN9mNADSePsOH760KsfB25U+4xUBvqYuab08/NvYkrSrn87SpZ2rS3IebKSyLjyK6rqhzHLzR9iNBlC/YCdyYxVBN7WHPevZBCxEr9uPSxt557n8JY8qpDTPncr7y5yeNnPs9gHCLbgoaFL9TKAHux40sdQRA6LwhD5MraKwxrNHqjch8hP8gqiWo5klwYnrA+NMTXhjCh/zn3YG6V6JCEv2HFvkwoJ1A== - NEXTCLOUD_PASSWORD: AgC1Qd25JG72huqwQQquQ+J3pzdRwdKA5SmJr2apSCwSp/CDgj3J+du7HdcOv0e72xbf87cKyfG3bKJibYhsLvem4bg3fd6nMd9JghC38gAC+QEQ+eXb1sFcAuMk8pfHC0RKuZYhvi1o3TO7KOPID3uAPD3zscM0AczSREzqHSn1nei7jSQ0+fT9ZmmHC+nO1iWJdahlgWNVYCqrd5lO3zJjVpRjDH3nnz7zAyle7lEx6CWJDkLPS6sDaRYw2wepqRcYZ4rbC+91Nh5qr9Fphnf3S38VZDkkfiYLZY6o9Baqz2I8Wj2XCz1oIV7Ui6hkc5zVVDLmQGqZSED9zMV0YznCU7c5HNglYCrWUWiEu+kBetGPeiUQjx444PWoQYxTOgBoBAQD4EM8QeK5O+pjBfhrOrTLO3S2nmf3bSJVp5VA6JE8FfG0zuPQOJU4cbLdZ7HKyLaHsTvrKxz4KI6jo9Ic4bN7jC0pLNWFloSOFTfd4qwl7Sd5TK8Yf9lNFDLJFIErN4j4D9OOh1SMp5jA3/2KJsYu0yOtbNdNOetvoWSot0FCTsA7IdXL0fLLfo9LvAUlsRKehyow+cRg7c/MrRz34WZCMBDiDu4vXJp8L+8kA7yepUfdvrt/VqpblZisqspdJWPkUxfuMWIzT/bu6bd0nkWaxZjM46n9KMgkD9SMDqIdUlZaKQKrXLJWojMMtpaad9GmOREig6T+7A== - PIHOLE_PASSWORD: AgAeo1207dqEPIRKom8exZkq3gZfN4//avKzparh7fZ1SrvmzuU/cnPwvhMJrUnjziuq6mssFmMppUHLDqdNL/jkHHBfwyacI5ZWJJ0YL9/oMKhs5ujlsOOlgJcUBm6FZZ2YOX47uuBrF+OPYNzDSyVALJiRAdKGnRNEc1HiQ4LBHjuGqVvEeFmv4XXpyF6D/67lFRm3TSt8gTWtddSBlVDLZxAv/IunTpsgC+q1n7EiYCFTwqbhN09MnT9bVy5UVQ4cGiGIpZyZoJA/+7I1HkRxzOi14ZcEy12qcEhQUdaMkBxjUN8aUjm5tiwl47H+6ChPzakK2IWF1FVJseGTTthXKjXZwIRwy5h4ujEQ9kyPpeUTIz6T9xk9npFU4BmKpdtSdq39NyWtiuO/kJRbd38iNWdjQkcr50Ycc0HYbH2EuzmUJvK92RnsiFDkT+UppI/rAu3Uvl8OFdfnZp59gOEEuIdQmNDhP31KfCWp8A8Wqt/lX4AKwaQdXzv5jTZQMm0hhQttt0QuEnS12/hwJoC4O6Cu3gCAjlAxAUVrTye//8Lf7pd+/ZxxB1gLtWDMy45AXQOQvm/g0t5OLhb/3Ib9uH4im6dPlSo8EqX6UGcDcCbROxNOytZkpgaslsEpSese8q8lgbEE7j8UIkOof+UbsikzPslyLqdtO7GVINWkQw3SpdUlu5dybqlXk0cgQusCZ72BRjut23l3vQ== - PROWLARR_API_KEY: AgB6vNTTovXWjFCFxtZinPT2iEcesapI9iHEXVAmvYjzz+14BDNHisskMkToVg4wa1gLrF1bSWjKvYSI6Sb5LWlu8qyjjjvcpzQtFTL4VseXaDtm/hkgz/w0RwDwmkASphgJ4tMEW3noCzENZCldNlAgnAUsy829CDRqgdfyHU9SnXYe/X+LyNql+JkswvK4YoEntk79E3hl4c9wUc6PnRUV3bfs51I8vkUlPkDxwg5xKTl5eWk2ZcrJv9NXaO+C808RKjNlQAdN5Nx3j/PWgrSA40j+YW90WYjds32Gqtxo7Jh1KSevjQaLul2C4zcMcSJU+6XtYRNlKsgdfD8luDm22zW6fGIfS3TZV+TlXF8haJSmKQEle9dm0bCdbff/wAHcyudTesv314UnI4Ff5zGKfHRL6vvzsLa6WQ+W16qx18WzLXuLJV3AduzAXCAKPswcY6r/xGpse6KmTi9g10wf0zJ7v8Fj8QYXIcU594a1As4Cg8aVxCTHiZrKTdiBkV/HvHu+dFUi1J4tWDE93BKCFtDRFtpv67FZyQ1jd2CcI9t7lJGtfJqVoVcPCvEczLu9vNAiGyp6pQt0MEOP053ndHmhjL8kQz35dXQeV5qGT8yVBPXaP4m6ib5OV+zVhQEQuqlnd/hQ1IrD28Gh0yNw7mdwVxUTCUdFZYX6VuKkDm66QxQqyW1vAy2JKewTbjQW2vhlj3EPleIETi5fSVbKrOwioM7qlpAUxDkmr1FXbA== - PROXMOX_BACKUP_SERVER_PASSWORD: AgBtWazeVChipqazWVp5IDp3u2KY+4uGCjxjhydZ0thfptGhegppNEfaqqYFT2+F1bHYXDEZFQwuuVHLBRD5ArT89jib/xks92/pBR4SDVf5kfkGiUKAz1n8R8os+YIN3XfQ9nxCoePpmfCVkmJnz3iFYM47shNYc8r39YVBAsMYV7WH2au1xbIwj1sQ4E6azwCo6/Scl9Cb0z/voHlwGxo92KXcryHSQNjDQM4o6NlzniJ0MK0OpFMPy78JB7G/VpS0wQFC7J234Xjc1vqW0gSqjadoThTirVhBGqRGcIY95I4ogb8lNBErcwvBvUx7k11of1978v5R7DcYV8mD0ef40fxVE0UECARnAz7c+zoTvqqAUmjGw/znHbuKECEdLEFUd+ogu6zgH0euik0wmoBwvAwOmTSgvKdKogJQee7swOnYoI7ytQixZv42f9K7HSd7QrRKLZNNMSHkcQ5sSQIT+2KPCj9vpZWT7b0gD6w5HxEFc5FUQW9a4XuNw4TX4HSz1tTKJGhLha+7ulmknsDnmsQl7lrkCG+6B33EMsteoBUro/4AuLwwjgp27hoTG/RmW3hA26UaJkujXpSzurkclKrHfcpUP3RmrFYGYGv+eH2vx3hNkuZgfEslCuOu4H+i3zslNsbwy2x1MtqRQsjNQ+guKJTEVsYcN/QT9tR2PnHpJu1IdH8/ZALHYNYaKHxXAzgPwyioeBFtQz/8pT9E+TMKZjam+3nPoA+2EaWLEA3L3Gc= - PROXMOX_PASSWORD: AgDAyutvM9QB3MoZYUrEuqnG7HthwshmDaDA4hV2zyURkzk72u9LjpFwKicvFf4+2lVocDfYebqU9mWEVRjnNBHELaN1xSWXSd4jwOndlIrNMJVGeuhi/ohMIYN0MgRGw0FkvdpN2//akgmLdaP4ugZ3N8QV19qCYAi6QyjMJE8U1ASuJDdkAZddOgqmLwamEk2ss32gTj0cHsw4P7VTtKhBCTctoPZzC6hfuaOI8Gn2k0eRHgh+yLgZzXxzQDUUx2I8n3iEuTq8j0hTxZ0D0BZRnsLVRE7CTlT9eWMud6vHLCbqlTUwA8f54t7eB6eFbADHsBbreDImDyzLW76FYo9OtcVYZ+LEDRplh9LYQjlvStvHDRsG/H4GbkQNZRUkUUwiDbAVvNClxC3kk6WzsX/TvJErDDV+1fKxdEYLowlDR3/w/T1h59zjgOw3ZUU+CUZIqXsOwFNd5/JWxqwdHZaSJe17OxsNUFx9ARyLkFAm8tZvgyfiw5SzMUaPEZrQNcjwDnf960OhUKaeWHory99StqOfnbB5HqROltnlWZDdoxzKwzkdkSYrWv6OhUR5WvwDKW5I3biVMYflwXrFSvH0+q3DMB3hQ8ydx/JTUmjMB5vVntRBjiiofyUGkG5jjL3I2kcAPEJKCEsng3PPhaNzR8KqaAEdPixAArNPmL/KkZetNpUFR1EPppwSfh5BspP0cg5n05V2mv09XOT1J8J9Urt2mJ4fQON++LxfPHQcvNqFans= - QBITTORRENT_PASSWORD: AgCCcxImOsReceVf9/euw4xQZXwnJbT1ete2Vmcxbqk3859SMKDWi/KZzGsbsnI8fbljdmxxBIODf4VBOsNs8Jxv5ciQLJmZa6VNAxqNXOFWZ7urVb33dwwQqUyLFJ9UhdAXeWFPbz4vkK6Mr4x+kn6UBYyI20xos3AqDHCbdih4N1foy+aW874xZZ13kH7rxAiF537MkZZPc2VVQMMovphJuKTDXctPzjRHTsGZb3YmUnjbGCRkQGwJqxMr1CincgPyrI9EHFCnj8+xZpWd6CNgFgADNaNTquOtb6W4od6SVGw78/xUd/TNM3KRscH9wnU8nsrJumMslqGPSy2Btu6uFjAfDJo3DC5bh1ZB/kIlMz64r6fI8V5hogl6Iq8C4QBZA0jwyfeHVP9pZmityLDADvwFlnNUd1yfCskp6lfrDd3vobHslLeelIQBsYNDqd05AYwg4tOpvjtIt3jUOYGNo09Rx8DyzJ4fOS9oU6tX8Ut+bB0RKV+k3fKmQx8oYtR8gXxtApILzLRqReRTO0S9PNdCKPR7kA+QBdc78DDhgJECJCEPZMwtAWff6UnEzh48+PYfcf/R6aljw15LpyR2eQk/LYmaLk1Wupuyu/kWhQYakzjWfoEoKs+K8DyKkR8D2ihNlCJx8/hjNZ4QodBBeIQJ1D/Sc7xScpkY1B5bItXDGj6y89GjHH3pfvFcMpmi8eEVEVk7+9xL - RADARR_API_KEY: AgCYpnUSNjkjnAE54Z+2TmK4OtiukA5r2BAHUpD6C2d8lrduH1xw/WZ+omnB1qAGG4U/zDw/3PwqyumpTn7Iryq0ZmxVuS+2aaYKeK5LNVpV1I1eGTPrVnjdAZ+t8xdm13Qq/+uqu/yUbn7+yoqD5lfV63LEgqUQNWyZRFdAc2qbg87ETyElNv1NDqT3X06A7byANILETAzktOuWcB/zqPi4hsPpyeFrIESaOiuJMZUi2UIzbKbfoVzpW2ksSspm3Qga855HmnhKEiCQIEuUSMxUaECRwZbKrPjrmTcJGiUV+CQXNz6MKYT284TURtOs3Q9CpRAfLfgIXSDopi33bBl+6IczJYXqCnzQOe0X+2dAomfvC1F2suW5nabgfU2D4wGzjPJFXSys7t9q1wDCNvxvx1gG1euh/Uhb1/xhFstXA4ZKqK1wb/va1wt6ZfAbt2kXhqYv6bAEiU50XebNtxKw4o+DPPfoa58sfBkd3NgODCgHFxbExw1LVBBh5bcJzncHGeK+F2xSpZfERNWrbXdPdeDqRocyOT3N/GGaMWEBZmYYMpoGzlkbB26eYQRUsihXB91OfMSTfDJ+uVgbE7qZde9Oyt87q7Il3FT7F7GektHgcllmeOPTZa4JS2RyhEPU25+0jQlkWKmj6Cd+9qyLJ0+Xxkhs0wmutfWcDIvBKbgeq0ygIdzb+PffCm8mWxR1Nf0fnapX8oQ0q0SDfSUIWuy4o1D8fGvioowlTZmbmQ== - SABNZBD_API_KEY: AgAna64TkVRcAbxKt1lgnxVzpUHrdxey0qOIF3H4VEcX4o5fGPOBukuUaU4RPeM20fOaqAlllKIQKISUZbKEioPey5CY663SM5pTys1HhicMQUlfPNhUejzYgewJ85cWsHlsF5MdjNd+rMZnW6JGGbVoDfDnU1wmi5YEr5KzalSyWwxGUH641xhwHN+itG9n4+254RAX3Jq5ijWwyO3zmagDEEv3+MgVdChPmzMh580Ugdi8O3PNE9O6kalXslDcs6QnndNqXJVJfuClREu9QYXQSugSjkcD8hRS26pnIr6RMjZQW7n0aR5wSgfLCT2CIAB9AGzP9Pltn/98kBJgsgFTJpWnQvh9yNbIDMeF1C2MhAxKn1kQg6TPNGBRosI6mxuOXMqUmTAN6oMr5lTuciIOQQdL7s08pmNISZtCT9QT/kiIth/MBei3R2pJGRUDHJ3xFlMZjbXv125zKIoIkSf2bcvPI9HJG5QUbyEh9q5tEwpBHLqg+ftMxlCbBxBednCV4Rtg/nKTs8BP+KZhkBpqsDLJdFRmFRsedSndbpRKIEGvQCqBGdmu9817mZXOU/yjboLLDloWk4Yw142sGEzsq/YlQqmQer4QKdxc8j/gQICSiGFAGdDhnIVy7pnOsAKpIxNHWXb7wjGgU9yp/jTBolyLJ3TxDPDkM1d2ZNmTWHvKWBniTnJr1v44qoPwJ2Gx53iiN8WhDFCfY6TIAtLNVfApKT5vdUbYs/uq6/rnrg== - SONARR_API_KEY: AgA4+fLrXQkajYR1t0bSJ7g4C+EfnxmapbTFehIf5tFmqyxtLj5JeixrZ+Gfb5v4x0NGb9q68ahP+6VWhrjRCZsWMNQ71fuySk6069AG4P1JFyaNOCrTmSb+HGh6+L2FEd/IUK5QW8a0j7NiEfmhFuiippEYeLkv4XYtDDXs9z8qNIrJGzRBibVupRTkgvMmvt7z+BnzW7Y/rSr7yNth6n9APXzhhcPMOZCy2tmvGLMmdsfhRI/t9PmAmyfcgYWi4ntDYPZfqNTRsj70fEDn2rK1Ts6TyIX+GBcpQW9qn3WPpoNYfUcTwfsUQRwZOOub63eMt/wM6xVMY0AuSmRBMj8HKh+aXtMgqiu5PtPJlj/Pp4bdtiY380uYjHxh2The6LaWY0Nobr6VRL4lqrfWo9tNajGSBx9uQmHU8oa+l9ISXpuigMQ7HGtoKbZSkE+8AycB3d4Wd22GoEDZQnx4uhbaPpeN53OnsDTV0sTU7pHxdZEGmN52DFcl5aEcoogz8PzRpbZwNqD4vVecCua7wHE4mskuVAHElltD0TN9yCnX+mEcECNgKx+diwginwMgrj2DCAbUPZwOoEh5ITzZiqatOP/yk848sigvLo7S2h1Sc0geJH1O7ddw50pBvLx+4S6eS1DdUe/BIt9B4SkhfxJRMavrkVvsRJbaWfzOiKq39FkqShMgH62QewFl8w13XvujaVGdNqgpLasRJl5pb4ch3GHs2KpNM9fDKjfIkD22lQ== + ALLOWED_HOSTS: AgAwNxnFMRAE5sHGwA+CWTVKGkL4ompOb2alObZfiM2x2GkuQoeNEIKAgW1nZSIJnn60NZd7zwG6xNS/hFXVEzLQ0+07Aqd9zORQr8MLe0rBJxXPjp2RHzHuW/DSh5cadjanwuazZ5LSfDGKtwI1xC2qdIpM+eUUxfu5QozSGiOuM8eSzi0t7uwa9yvYI80+J7NErJBhOiKiUf+CUtd6UA2upBXHNgs2fcu2o89XtjGzP3k+fjA4GcLugLJ8HOAcF5JWNAUlWBuLPoDiAbSsTYavpbl05bghbTqyPIhaX9ifDA1wyZOjYywITZ1SUE1Av61l8GT9DfHEvgORvweuONRoUyi8o1aLDc2idIlQQTSwzsP3O/Z+iiGLWi3fo4/4KuMDqDWNmTtiuRiYEqhE33bt4IXhiQDQweanqyb4QboXORmmKfuqyzgC1RFd2foKVSDaFUkKeQDiLUCTBt2QNJPPD+4Grxa/KDujIWBV9eDiWQIM7qsQPn+4/fZA+h8nn++o1u/Faz3fE3q1NznsvMXIeBqYx/s93K2M9pGvDjrwHs7nIXalg+QzIFLP3wHTbKshwBgF9zcRiioblBucTjvy2MRv9VgaJDjcMhfSSWuyFsSkQNNQUkyud1XbPZ/563LKArqmOONU/x9X0tx3cdL3X3KcmwaCNijulWG4UGTHVTfAKNHnRgtIy+S8LoAnnXq8Mw9y7gjqzECT4KfWiN7BGkc= + BAZARR_API_KEY: AgBEsWcgL2EBxfwz56b5qbTyeqY/5q40Sm2V2gmmb+y+/4irQi8CVdUdb3CwlIhoMrB7qCWyGMps9wHx+KMWWc2xqAN+0x0mw1KliVEPQhdbdTnn6/gEHar3mjVj6wFvgXy2I8YPlWNiqKtFyyNWs6KrbvwCh5qHPNqVRUgNAT64z+WWDsPbaDLta3+x6IV+zQLvQELU+R2F5uoJb/dkgmtl97NdUT+/esc61B1MkSkg5cy49N9jzuKsZpvtusSFIJvzr2tTJxviS3mzHk2SqmfZcjZhgo9YerJXnlLvW9dYME6FVMeWG4NkU1Nid4Obcr1UKc6zi6YnF7g6lCg1R3dehVkcdUacbxcaJGTX495ugWDJqKcGXJiHd+2iL9VVjGpRIK9mLy6a3FliPURfw4yjhbLh4GJAd9GJEpj943cJAOxookeiuimJwmtHszcxlUqXJI+n6NcTdesT/F+MzNTC10X7ikR3osBm5FdB1IXpLDlcyLZY/IjsnbGUtSica6HyPBenW7kZHsEDU+tVCggHCrLS7vPmK/Wjj3D9Ijza3guVOkvTf1pBI/9+9TDpXm93RLAAYf+e+TBOXIWtBBaPed9JGgxZZEmimedAjU0rc/mysPeZkfkgLUa6FafWEdiWhXHF4x85iSp3aXs8N5rY9bHswpht+U0F8DbquYSm74IPC9Af6GVUgFuxXpXnu8ePIGi9yRyi1u2QE8d3JZxJHzam6Fy/EFMhY/r4xSMr6A== + DOMAIN: AgAc/axtBDWTTaaefN4lv4mx0SAAxgIKGf1bnwtL9jsPolr+HwDCOHpkFZcvhA5BHvssRQM5w/3T8nSepCTsZ9V8AYhvKqPg9rRGEnmqnWiOdoBLT4yNXP6tDZ3vy/XawFRk//dA9aG9fbAzsJgqYrGOOOMEURb6U8GRS7+AamsEbsnm00D5xE0/16YUveW1pGNRm2EKlHJMGAnpnBqaVK4u7LyNyUf9UDt4KUyz+VdSB2Ij/bkuQyNRo2YFGnUBA0AxUo7ve4CdsRpcwL8TCPeUgng4A9p2Bmeo5Z1WuKExJWHfGWVX0fxNhHoVA462fg7HORc3asC/Gi+MnEDosE8NfpWhylW6TPzpuXu957jvZhs996JUFxGhgMRVn9KRRaXGdmNPo4BiD3JmKE9MX26nDO3tGrilc5d9vuhCchfu6RwWAxbbMpz9Y3LM6hP84bbeLbmEDZ6I/ILGxx1sggkcJF8IZ/QtC1JIg6p/T4+BfQzMIj00LVPxVEP97dw/hkiTP4xbwBTMRtCf8RF5DXprQXokE5hPtfpOpRyLFnlhvXkHPMl1HgRUSmB3JvnVTf4Pf0tmvr5wS0shDI0SbjxeQMBO8wkTQcLMPH4g3wM2YL+az9hRnv7ZZ+P4duUghUReYIjgjaoG0UU8wTNxIFKnzLP6S7Ys0/8FxqM4ML0KHy2uW/Ip869UVupQY17+qQ+ek8dbuMIqE1kW3lLH + GITEA_API_KEY: AgCDvcSCoZHlgXRV2EQ9Axi5uVbXiqeWrgu7v5dzzjmSHz36bftH+PCR/NQwj79uCPfyDCMEqfYDK0Bypn+K0vPlf3vktAxOc6sxjh61ciZo9lu/FTRsmDV9thQA+ZTxJtYg6ZfyFaVd2/XxA3Lsh3Un530qwu2wTFC5raoyqIBkyZm83T6dlz4GhrteOAvGibOYWaEPcJlVslARqrzHg/rJK0nCNS88OhvIVLcIUq0j82boEB2CUqlLfP36kx2y0eUdOfQYgzTF2uGL7oZTEkXrb4+QG2+SY1NUCg4SS6CJbqP5TPFYDCpCoi4YNCd0De/YgOKoUBDs0gV/VHNRs/YgDbYcC30I9UL9Da3KSYcQtS9SMs57RcBNHPGE0WurP+E36RbodfuIAP6XPTBPvP93XDLavHNJesHAmcNX13hqx3Otzca4zC0IbIl67jNzPS4bo3Spta9FCtN589PMEzhm/YOxAaklttKQ4IqGS+yadIgKRbfUOEUnGEtFyk6IpcccXuNE6A2OKqVEbDHr2JCuCpsC0WT/Ysvkic1yoScetzsHtM1m9ASOZGvwJZnIxfzF5wOzmYo3QLJAWcDH3956NU8J18orpiifU9yyRk7viQYH07AarjoRwR97nN1JlP1CJ9p3+vdxgBtnwpQDKeJUnVtq5OpqzyGJ7ZTlNb694rNE+rY1Ufm+1vVUUv/8B7yGxi6YT2kzQia7aWIkP2B3ngaZPt4EkJwCgITkB1qTl2SJZvjNDJxg + IMMICH_API_KEY: AgAsbCSTCRY3aiCtCEsg9uF49S3TF++x6tPr9MRiYt0xYLv28oZk1Y0E/aiX63MfRAh/WGu3zp0qPlQ6vb/Op8CT62uHZZ+Ngm33C1YS/ZyMzmyMqKaNg8kTpUdW9h6gb6HVdRtJmtCwjJMgpVocnItS7Swg/GPTPwNit2Vq6S5D/qK2uG+dkWFWaF11looSkpmG2l90LWRFK02p16vIdRW3wieJtBeo9mkuNPMu06toX6iAM3OaoWqFVeU0skTPvM55r7JN4kckpjxf+UwZw07tDAOyWlOoCpPy+tzr0Ezyd3mp4FwlgB5RVJwLsHRgqQ9QsBjKdQ5EOyhIo0g3J7jhkRTZblUcv+Q8zsMrE2uwYsSxx7Lu5bp1QjiZHAHZ7AepwSPl0uLpAx+9x03lr4Y+vKTfPcRHRBqo+A6/vGwqdeNahnrTTMG8dO3akN15f6ssZvcYAI3YD4PiSWYHr18mu5IZGRnwwZkfrJGeMvbJAnQAOOJMP+VE3Ca3cVpbHQ878Fc3ZbYVrhJveJY45i9OIiPjzm4h1hM/ISzMmeECb2unQsjzlwtbXMeRf9/HzwICBBa8XmBiDFb9p9Xl9SCwF7hgzdtHi7p8B+M13FShbwxplFHHLUBP/SR4TqWodMVad8JfgT7LUs2+qN0BqNX8Ogltx9MyHUEGH+VZMkYr6l3HY+y1X8gv1SHHFsxkDT00nbEHlgHp8CMxXydIAGQT/QCFTqXY/G+v2Lo159KXyVVcmsS9vyBIFfc= + JELLYFIN_API_KEY: AgAMLEPLxHadKP7Ln+Y/zYXpROzPqTib9hiDE9EKqwlhdv93XX7+NUPC22jrkRBkR3/ICwOJs32v8cqD/T+3ERmN5vPphRyBRroONMRSfUfFRA3cqRDfTXKYFwoKJFCZBiOSarNcOpY+hmFM++4lhnsOOG6tk2Gt+C8WGQSynJ45YFDgyOQUFBT5FdQTbdEOMts7RY6MXtS5S11Ej9Ri7fckxjeKCidoagdvZt27GegiqRdOc0Zc1DJelqTorSYi4UZL4Tho2H9EHcGPR2s3XBfFNWXH94Rw6yh8bvtvMkvzeL8RLUDq+diciRZw6k7TvluF92TcQxkjfnryb/nIGV1cy1ccTrW0XcnBYD6A6pe4CPCKiTmlDZmTNDqWiPg4rVyhqjeUiMUgIK367gYY2H9rFlrZms6+tJe0KtQnFS+lAck3sSeyjavL5fv0A2MgL1zXd41fOWibSLMPP9D/v/lE5YuqJVFfj/AsMgGZx2K5yY0le7bAeVbIq8f0eoroAwL5OLd91IQD+YUzqBWhe41VXC5nuPSstAVDkg6RYJVB4mrO/m2hc6KsWK29m11qAFUImut0P4j1Rb5FOy2MhORbDv18mQu0pqoKVxnJQVgdTJ5puDxlCFfe/jzR8UcKlICu2LR/R5uyY5T0SQ04aI5bLp+RiZjU2SS5GfXDrjz7C7h7j15aEBgZNNggvcSTFr/kNZVczmBWxCah5ckTF/4pWr8WlS17YSvSxQT3OgYDRQ== + JELLYSEERR_API_KEY: AgCmBjM6O/Y/gsb+BXwCFhDu3dea/itAx6zGvz+ammVzUSPJE4+N4u4PEkT8ZUIay9Q8Uf3BERiidu2wcMdT5BJ74JhLRZdxMAjC1MbSz92DRKntWDxNm5q0FgRYrbSV8qWNhwG9vNROObNTmgLuxMw5RF2Py0IJxA2Yy8Lc+Ff3d95mkijjuKf4Q3VdI1Zk1mGuZhQbw4+yJE0SzeEv+dQlqWTXMWc74K3xXpEipEJSUMXj856vnTvUJlp5vCWZS3nCfEZoCdMrZ8cvx8iV8tRqGk3zGVaAekZKq+YMLe5ERbAHlNj0f0imJZ7IesVBUdkYEWZUzepMidiEIkITrFfTUKHUCZzfThCKJrQtl8c7d8dtPyklqA0HLcD2TsqAF5XO6fBrBXUm3+9B7siTFAZCfuit5Q2hon+Sx+uIEEwZMmwzf2RbpXQxXViK+Hs7NpeGPUqOH4HpagBzwzyrXu76swelnKSgMMo/D9iTR1ymnsc05t3MAp3ypRfqfvRWbUmpWZYiz5CejuUXecm7osZuz3vMoopBUI/q/aaLhs4+6DOGIWCme20wDo/Me+im29sDyCmcws+OscbkqmlXO2sqOBmwPbF0qzNXkIeeg/zqvSIR47/Pm97oMecu4o9YY6hei4+0I2bpe+CEs2vYaU6+hXB8M6mGauNrLH/0LB0J1dmwNzHlXnHPj/OhmG9MDUp0muasHKdoTRPFuFoW/vtqNTpEV43Be3tJu0ky9+8XuVGOA22lGCiv4ZLvldzrfg0xthq4iVa7+wr1enllzeNFvSM+oQ== + NEXTCLOUD_PASSWORD: AgCc8eCMeOs5UR7jCf30qivGD4Bd6SXewfRKmME6WBYMACiYctORNgt+Smwm3oFSGS6Rjtc3gfNmU87gvVamCcrzxIdOH8pT/I7uJBkhRz+dWNAevW4WsZmBqDh5oYkNWa42wSTZQQRsfR2fYUQaQB+EAf8eo08fGY/thWuDpH+QBvqn1ODCXJiRl2SUpax47/jxTkRCIrpWQkndjlAmTHwONaWKFHVYayY4HkkRq2Wdtq13u0Iq4Zo1AMYaX3p+3s1Uthlk6jDJuAkifZUqTn6vyvI6nT6lFN10ilf3SDxWbQmyZn39vwYCzOUWG3niCYogJRWO0vRd6GnTu7ndzmiumMz1Cp/4qyUiWN9jass4+rgwCi33Qz5zP1+YDKWmuDs1uRf6m+ub9nG/TvcT/b5U8luv3RIoaMc8yRt8IC2bHZzSmDVZSG/wLh2YPaRfzmx4YxjXTsvliONbPpZavnIm0gHrQnwvEla+1xba/CtpVjQa3F6h2tCFJuc7AgP7fGYt1PLuim5y4GfNfmZV3ZljMPUqJ/YjgXJ+Z1A+XRLKRWBcNzy9k0D31Z9m4R80D2uT/1rtHR43RNnuugRJND6ejs66rM2rdBdXLnrLra2XpByh9TShrCQS5ir+Hnl4mnVmEqIDQ19mANJtYNtmEBTo3xiyEQCPiq/xaSjDm8U6QeqkhbfXvFm59RxdVPQA1iHQBknS+cqyF6qGaw== + PIHOLE_API_KEY: AgAkXqWweu5cFLjJAusl6l85l+TsYRZRKf+mUbV3Lo6gtN4n07zJrOzFYH4u2GYkgPftfOaRZ/CpUOEJflkakXoTwru1L4THk0irP6yNqGvBNJF1b53+zH1hO1tAUM0B101fCmnJ3yZ50onExfwHL/mDAqyl0LlWaZ+9M/S4Kr3lqePhwdBRUv9UXaVBe5BtF4nLwnux/Ya6+lgJ9SvyD4ZQF6ueDYT2woUz4cJa1wqOVZVueS/wYobma6I5wrY3oQVT/feFCDsd8vf7uOcJDjwn/GobBeEhpc3yyti3vW+y9B+tmfvGGk2voAtxVDiN6ysHQQfO5pfqb1q92BREIZ18+jPdQQGXJ7BCvS3TIYhfMcW0EvZb5GgOyp26DZyVHIt+HZHKz2FTISli/EtHsXKUaxUQIEs5VouIDjX3gGRWWaHfMu/2neWJmlZcrRAZsOEHF0C4VXTzq7NsaTgCL6Qbp9QIlDaXMLvroGT/HHGfIcLY5kL0xneHsQyZrp/PqbUkEGCNdYopAuwmSdSbZoTMv6yJNUZFa9OYXqLzees4L6c+3POuKdpdBI3cMMllEmWMQGYgSa6Dw5hIpAUsKP5methfAsr7ASah2vQu6GYFcc5cI9dM4jt8ZAkLKPIummC1REuwdD/JAa+7XQRVqae/D/j8dcftwpuHMez5iKsahdKVInaCgG+bMt6PsnPu0+fGAl6yGbJ+39zl + PIHOLE_PASSWORD: AgAcUZTYElvizIHDgtvMTkS2XSHRrYYAzq29uwa3lyigqOyvvsw6F2WEySm6j0Oowv2Wb3uvm0ZLCydRy/Zk8Ba0B/pvTTnZs1n6mdN6KSC9WYW1vXxy2dtSFCQvEnEmnJN+BrsCfNCEJyQKreoJr8GdowJc367f8eghH02sJrJIai9SFU/h/4hn1ALqozLOBDxtM5PPG6AqTFh4InYcO0iaLiMuic0c7kEA7AALV96/OtkNfi0wr1JOfLpicm8yKwSOo0isEyHyF9rLohUgH261LAcS99XYdefYas4w1C6ex60xcP7lxJVGggoO8YRZY6pYtOjfa2zpWJh9JHl5Mo906B7GbTtqBvn7quoElxKN+Gjsv2gdzR6I1MWlzwW0MXuUGwrhX0I8NITOP6twRQgqKsf8ncXUvNPwpKDQ63g+abb8eboebEdq2titFVLIrPGey1y6SVbH15jnsL1eCaNdMvbAL4/e1wOoSDVgAuUREHo6NKG+U9T+GQ1VJor1n88gcpWddHq/Kok+SiNLW2d1dXTg5CSr5I2p35J/ShojFm6tBwjqtwLUgPlPrxDlm9EAW0N3nk0ATUXObx8xoqU+zJM2Utf2RXAN5BUkXdvNrGDREja/IXLaHZKilqg5qRs/HVxJwTDOOcWqCnJNXvcl/RJchN5AHEnz/8PoFtsZfcOEaVtmHwm4gAH5FKEZIErnuWKZIEWt1O6sTA== + PROWLARR_API_KEY: AgBlA/pCQWKVAw925RVAhSILv/aWfexF0GvmsQrRGD+vFkpW2W9aZG7p1fV+5hJkzyJaTBva6xO5Jd+2lksZo8/CpGyTioZQAo+mZKAanJVKKo/TJO4R729GyfZND4T5P55Kqj+CoLn/0RFE/HIQNa0YefzsW1IWXQv1AS5vFXwqLigZBaOBS8twQOk80bMHtb0K+EP2hSa1GZG++MGIV3QIy1xJ087cizf/wSrNg1ohafhRHZfA97+vfbm2HdJ98Y4sInwf1bF53cFNpHkhW3MYFLU8Oaw+tTKmmtTT0zDmFcIdnkNp6Fm2evISbmNyeDut+2J98hqRuPEkUCfV6Rv8lrm2DXkLfzmedmRMPnJLpYNJiJXiAs63JTd4kjfLwCmGPo6PH8ECRlOWsrkBxuQ48eoBq9E61p42hpLdtZynW0Z6cZLAQTx2obEnbBtOoJ2rhKkizbbijRLKWa9cMXtzqyoAOk0aE1VtTw5BfjIzBA2XWe4/FALLEHOkzJWW+TFEOLkHjMCM6E0mkRcVkUyOB9V8vG7Rj6qzkazp7lKl9CgxTs1mZpdhrTnfFy1axwifB0NZcm+fjjKTTqs+zmr6nCcZG++mTgkrh5jK+aiV4ItrKbGbPTHYtsdvuzVWYeNCfqlxa7ZsaLmfAMXiC6qPNvosSef3IHIyrKE8raqrHNEM5vZ4hhYRKmlJCVnAoAl4W49lzUbpGvMn5i1WRcFoMtzE8g6oELhBBTxTk+Y8Ag== + PROXMOX_BACKUP_SERVER_PASSWORD: AgBHdIz2VxogpHvgYujwMmt3tWF90GcbCp0czkgHHESsd2m7bJGPZfY0yA+hmQ1t+iAorjGwOKUfZQFSfI20nktTHFTRhknIpu52259KrjroDftDbE75AlFSqZ1Nc2+6yUkZe1N4+SJT56JBumV9p0qEggxImKuP0hdTPFdcPYYQcE/vKJAYh4ysIcXrcUGA+RTrd10hQd96F1/wxc7ljbY0m7pg/LDSO6lcUf0lVrNRg0MgDt5WIZXM2HsSlSSbH81dDOOXMjmcylQSZkB2Tbe11KSEj/NcovhW0AFQS2D8J40s/dJ9ez4F0YSiz1UB5AQZhneBoSLwUhFE+5smyliGMeyYTai4N5l02A69/JdQa5qf3wJ+MDAPsCbw/sqsP8wz3+mG5aznCjJcwZomaGuUi3O1y/UKl+4hNbiWlcxXLAHKcTpyX/EHWYH9mucbsz9PqO9BniEF5d78D3gTZyGMLeeWjFgshx7eFsw0UV++PTneF0TMacwJA0bp3lm2VrW5Ae5aSdEL6/RUZmny0wkkVPy8YUYpjsfm8nPbxTG6RqOZie8q05lEGKPxWWTO5b5OrQ2sepUSvIxBS+TsLLEKqqiBtRa4TYXBh+ChwTetHLK5cDbpS5XJbnfunovPtfgBRjikbuf0Ez3d9Rhz8BOToEzHTSW+gsGbUJcnCD/NESCOYEZqpcFNGDFL3vDSQgFr0Fnyd3SFZC4uIm4dzRI5urrlTBkQPBhgOaACjVJEjUYvCIE= + PROXMOX_PASSWORD: AgACQWEwrEjBcb6Y4GGrvGKgmKf2V6OhAh+WblEBBPilDa2lITukc7kKLIMF0jYmVCILV8reZ/ByBTTD+7mNuGlZZ7sogyyQlo4LI94pM/fdZCGk3RIwNglQtDfN2+/tF7F6JruBOq5Pf/9u0ZRk20XBQsqZIlWmD7Y8Ul3Cz2OYHpP6KJCNJrzjYEo1f7fkYqg+Rz0z+UVULisUlqbFbEfXXP5N0Z+lSs5vGcFC4MSamQngDX1BKlXbpKsaqNahnffgS/tgQWpQ7xPvdyQR2w3fnEKngQVPk9RKcQaLqxwmndTqy7HGsqII6wcn40cFMrE09+bCZmdZQTaSgiUZcTFLTEsnC0exWVtHiCbSaM+oHM77Q7efcvWY1CEdeI8k7jOOGfmJGZhkc+eqLMvqKYX16dw4A2ffhNn3Fj1+Mu+J/GNsytk7rTFgxdPNqx+QQZsziYdlhDoOTMO9LgEa7l/cLxRrK2hz/2inyKyLTFIkhZJrDniebNM0QHGkSCPHyhDStcQ2zGIy6JOIQsGkMXmrqnZebaYDk4hAmXQS8iJQTb+oFGFXWCO6Fd/VfOBzcN0Fiss/BQLuMH8MYisIl3+oHFALQ1Ovvhzc13U7bqgMBN+6oqg1w0VsM5kqJ54zy2A1RQg77itLBOwfgz2ftpbcySCn4ZeDNgu8KeT/TeY0JoujmM4i83hq0XLiO2GAJgKrHiuIYomg5staK109DzSLeHI0n4MAqZGuNp6hOv4JgyKhMI4= + QBITTORRENT_PASSWORD: AgAdMAxiSrxWpdmrD6FrZXceFVqhqk1UqL3kruE7aEjmHVmpNqv6BM4u8CdxUIZS99U/Z0CtfAGZ9IEoKH5Ldq+kbtwHNXLxNqYLIkwk7aKJhISRwFAMpg6+FGbTIvoBJgC1xwTZhYC2L9HtwZPj2PN98uMlHpm48yv/qw7awE5o35MmUKyd8EwCi0iT8WaxpGguXyg0ITNSW9D1NZ5OZqVNeL7FJ0GuLWOrHImiZtNAbZuB6B0+3UeQiFE31FbchB7JzCIJu7NZ0+yqxfCBX/4cTR+gZZ6eyaUHIfve5PT2mKjQ2WTAEVbGaEjhE1V5B+bkAJUULtFbcsQUatQm/cj8pyDNT1nCleKRBUFOnB078jguhOLB7FzE1+e2xl2vbCSERS272OegGzf6/FPqXrOcELMKlSNCQlPwWZ94MomGbUKsjmPrFGrqP5aXfY2zCXrv2KSpcHDtUndeyE9OCIucx7dMFrIPpEi22J+oJY87quZqrpyjMypDfxcAJbAgQFBlHBgJZ/ACszqfoAr56x1xXZIM0QVK6Up7irt9rt1RBAkNlSywsqHEWcDgnx+tH0qz8y5NdACjK8xY5iWSGgifkq4kiecQdf4BRhiBLbe4FydQv/AZu1dNMJbGU2hnPESUIntTHqJQ0mM8d0aMNkOdSH9qc0NAJDFsC3oEjnuRXEOSwXSyzEqDBTVuLESyf2iabmPzyMqdbv7i + RADARR_API_KEY: AgA5tKo/V/uCwIpSKNSBrtgJst9n8JXYrlqWD0HgJM5ccUdvUdgwf+Mun+rQDNMDrPz/uIxkjNkUIoplatpQh0s4WlwaEkosf57gmq0TIiId6+x/Z9S4bDfrjqaaFJTDZRaiZWxMgOkSNzKdFh5itSdw0Vjh6ojB/fElB0zYENZAXI8uKIPeebdCYtPgVG+ap7tLlj2Y28zinJc6lHO73g+qgHeEx22N6rr5coY8OIB58KuZ6mcSUvEsPLItkvQ9vDxbv28uv+c9ktfwSDbK7+lbVHQdqfkk8QT1GQCS2Xlf9CXndxzhqQ6ME5W1PWs7znC2K+b7rJ1UInlUpXkzsP1nDsrrPeC14dQ80kR3+Yz/AbLvKBV9eK4FRMp5fLK9C2s5Gy5tcWJLoFA7N8tR2oAIkZCIEaJ34YQeGGP631UyIa1IUuN8ZotvZo3nUXKF0SJhc7SAvqxNYLKfw3Xk1fa/T1Mr4wWIbtfrO3NvoPkt5gHGfTi5ECjPsd72XV185323nOvVBmiYpQCA7RCEOm7cXR/EEcxX7nKHdsZIOULJElc3dYflsd61uKZdwIRXa8ACNLSuRAQRtxUVQ+t5UlWxmxYB5wjRwjSSJ5HXOqNrcr9Go/zh2XFY6XaWoCF97t9xCa+P3SSokfTFhfLutYmSPwZ5VyZTXyH+/bjd8stxeBeneWso7yK2cDdOLSX29/Ke2U1+k1qw4i0wTEC3XHvH3sy1TwE7LDdjjYiHNNeuxA== + SABNZBD_API_KEY: AgC5/8HHS6IYQfRI+H0pkkV1+JHeZvgVYYJ6RHU8sgquXDliGSGVa36UwgdmPFeoO4vpCDvvNPvv452rkwxrLwn7Tc2TC2k8zxDkzHlHsKl3T/9CqQ5gD/XKiA2sKETTGD5wVTAk9D7WpMQXZ+P0KDSW+j0s4hz1IOZGNHLn4TuzkV3HzQ+2madOOkfJ11OYoT9xp8HkKJdYy1OkCRB/izbWpwGGl8ul35CNOhHg/nNYLSm8d6YLzYMw7ix9ds1nsUQysco2Lf2cwlMDPvv2HNT16cPUm8+Pr5/FMYuIgMfoTE1ZG1bxRxW92GQqOWzpY91/UxGEaOSkvxoY8rn2KqshVG50l1/GDRTXM4kUaH6sfI2DszfAc0ZPQpV3RnMMRNesbKpebbTljYjut6V08spskHvbcN6cG2KoVBbwaW7xdEiWJtwc/wBLu5lEBCHSgzrgDI8F/EP108a8aCNVzjsl2G+uJsVFj0YcRImTICLDCMC4zW/QBVU5LRtnwWBM8z4IPvKc5c5P+ci1/PVF5qM3WY5Lh1giZsL61kvCfRgJLK2aotlt7VF5fCmi0xj5fpwnSF0A8SdLOrflpJwn+1e69Q8EP/ErEyuyV6o7Bd98j505JYkNTDZigFccZ5k4i2olaTJBSSJsPu0ds92b56bl2/dgwzw2RimrSuztWGysNaC5t8fu3ntpKj2GmqPY4c24boAeuhSoKIhqfa03musDQFhRTmEmT+SIgNZLOKbGaQ== + SONARR_API_KEY: AgCIs/MR1p1HjdA1zc9vtDViYqhpLR2V5npw7qd9ueylmh2mdvyNGP9Oh0/v5ZDXiilfar/rUgUed5AwDVx1Z7KG5GpYnkQwchK2/X0kMxCnZPLfmVb7PMHyQq9Bl2O0n/TVoBpyUsbMg5L6Hz5OhrcgtQysE3QCcWwcXeUsrFNf48FEnPXh4jhPqaKmxyyoCwdhRg9XzuZXrMa/66jBQ0aLcPsQgewOXK+UuAtoo7iVxxkaRsebnBo+KX3vMZzzxpeORaDvPAK/QSC1XWynaxAWFbxrDNjL4kFahSwh1bbBaEQ86fu58BMRjJBbLQsnrsqhETZMVpCDX9I6tPMCWzLcsyozmKv/S/lVDb3wIX3D1x6bXYBQr7XcFpVDlMldNIM6hA0Fai2xeou7A8F6orxnhNFkn7l7lhCD3dixuyhyrrM1MhYrQBtSGvRaHHr3c56CzgPR8ZMVLjl6dRObS+A42k/2rqjPeuxre6+vjgzy73PLVfpTxZrH1vJp0eO8tfKfpR3s7jLXxVBmaraI3VmnQgtTuwK19WtbCZBMuDY4faB//291JctfYcG0Ai+uTuMCHWsnXaHRMcVVU2OiQuiweRXkkPAs0Cfkrzr3pG0qNUL8KsCqwO54IM59vf/riFAE2e2w0hzbj80yXLwcqQxU27VtAIJuG/WzO3UOn9uwEk61nkmwEhPue377CA/n6OMf2lFyykTEGOwKS2dzpxFXUDnEhpDqNIx/thg0MEoO7Q== template: metadata: name: homepage-secrets diff --git a/clusters/default/monitoring/homepage/homepage-config.yml b/clusters/default/monitoring/homepage/homepage-config.yml index 18e62c6..b712301 100644 --- a/clusters/default/monitoring/homepage/homepage-config.yml +++ b/clusters/default/monitoring/homepage/homepage-config.yml @@ -213,6 +213,18 @@ data: password: "${PROXMOX_BACKUP_SERVER_PASSWORD}" datastore: backups fields: ["datastore_usage", "cpu_usage", "memory_usage"] + - Pi-hole: + href: https://pihole.${DOMAIN} + description: network adblocker + icon: pi-hole.png + namespace: tools + podSelector: app=pihole + app: pihole + widget: + type: pihole + url: http://192.168.1.212 + key: "${PIHOLE_API_KEY}" + version: 6 - Invidious: href: https://invidious.${DOMAIN} description: youtube frontend @@ -270,7 +282,7 @@ data: podSelector: app=searxng app: searxng - Pulse: - icon: proxmox.png + icon: pulse.png description: Proxmox monitoring href: https://pulse.${DOMAIN} namespace: monitoring From 47e4726d6566e4924504c0ae75872a67ef99df6f Mon Sep 17 00:00:00 2001 From: Flux <> Date: Tue, 9 Dec 2025 16:58:49 +0530 Subject: [PATCH 019/108] Add Flux v2.7.0 component manifests --- .../default/flux-system/gotk-components.yaml | 90 +++++++++---------- 1 file changed, 44 insertions(+), 46 deletions(-) diff --git a/clusters/default/flux-system/gotk-components.yaml b/clusters/default/flux-system/gotk-components.yaml index 0c34642..915ae88 100644 --- a/clusters/default/flux-system/gotk-components.yaml +++ b/clusters/default/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.7.5 +# Flux Version: v2.7.0 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: allow-egress namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: allow-scraping namespace: flux-system spec: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: allow-webhooks namespace: flux-system spec: @@ -78,7 +78,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: critical-pods-flux-system namespace: flux-system spec: @@ -98,7 +98,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: crd-controller-flux-system rules: - apiGroups: @@ -204,7 +204,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -212,7 +212,6 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io - - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -231,7 +230,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -240,7 +239,6 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io - - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -257,7 +255,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -277,7 +275,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -315,7 +313,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1086,7 +1084,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: externalartifacts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1282,7 +1280,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2236,7 +2234,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2962,7 +2960,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3593,7 +3591,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -4419,7 +4417,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: source-controller namespace: flux-system --- @@ -4430,7 +4428,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: source-controller namespace: flux-system @@ -4451,7 +4449,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: source-controller namespace: flux-system @@ -4472,11 +4470,11 @@ spec: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 spec: containers: - args: - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -4495,7 +4493,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/source-controller:v1.7.4 + image: ghcr.io/fluxcd/source-controller:v1.7.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4559,7 +4557,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5929,7 +5927,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: kustomize-controller namespace: flux-system --- @@ -5940,7 +5938,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5959,11 +5957,11 @@ spec: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 spec: containers: - args: - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5978,7 +5976,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/kustomize-controller:v1.7.3 + image: ghcr.io/fluxcd/kustomize-controller:v1.7.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6035,7 +6033,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -8666,7 +8664,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: helm-controller namespace: flux-system --- @@ -8677,7 +8675,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: helm-controller namespace: flux-system @@ -8696,11 +8694,11 @@ spec: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 spec: containers: - args: - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -8715,7 +8713,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/helm-controller:v1.4.5 + image: ghcr.io/fluxcd/helm-controller:v1.4.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -8772,7 +8770,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9162,7 +9160,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9574,7 +9572,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -10051,7 +10049,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 name: notification-controller namespace: flux-system --- @@ -10062,7 +10060,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: notification-controller namespace: flux-system @@ -10083,7 +10081,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: webhook-receiver namespace: flux-system @@ -10104,7 +10102,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: notification-controller namespace: flux-system @@ -10123,7 +10121,7 @@ spec: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.5 + app.kubernetes.io/version: v2.7.0 spec: containers: - args: @@ -10141,7 +10139,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/notification-controller:v1.7.5 + image: ghcr.io/fluxcd/notification-controller:v1.7.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: From 103e1d7ac87f69004ad5b9f4528de9620086439e Mon Sep 17 00:00:00 2001 From: Flux <> Date: Tue, 9 Dec 2025 16:58:55 +0530 Subject: [PATCH 020/108] Add Flux sync manifests --- clusters/default/flux-system/gotk-sync.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/flux-system/gotk-sync.yaml b/clusters/default/flux-system/gotk-sync.yaml index 67b8838..f206d29 100644 --- a/clusters/default/flux-system/gotk-sync.yaml +++ b/clusters/default/flux-system/gotk-sync.yaml @@ -11,7 +11,7 @@ spec: branch: main secretRef: name: flux-system - url: ssh://git@gitea.akshun-lab.cc/aggarwalakshun/k3s + url: ssh://git@gitea.akshun-lab.cc/aggarwalakshun/k3s-at-home.git --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization From db69614fd3044cf02adb0496891c6c0196659a2f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 9 Dec 2025 11:42:42 +0000 Subject: [PATCH 021/108] Update dependency fluxcd/flux2 to v2.7.5 --- .../default/flux-system/gotk-components.yaml | 90 ++++++++++--------- 1 file changed, 46 insertions(+), 44 deletions(-) diff --git a/clusters/default/flux-system/gotk-components.yaml b/clusters/default/flux-system/gotk-components.yaml index 915ae88..0c34642 100644 --- a/clusters/default/flux-system/gotk-components.yaml +++ b/clusters/default/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.7.0 +# Flux Version: v2.7.5 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: allow-egress namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: allow-scraping namespace: flux-system spec: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: allow-webhooks namespace: flux-system spec: @@ -78,7 +78,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: critical-pods-flux-system namespace: flux-system spec: @@ -98,7 +98,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: crd-controller-flux-system rules: - apiGroups: @@ -204,7 +204,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -212,6 +212,7 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -230,7 +231,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -239,6 +240,7 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -255,7 +257,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -275,7 +277,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -313,7 +315,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1084,7 +1086,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: externalartifacts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1280,7 +1282,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2234,7 +2236,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2960,7 +2962,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3591,7 +3593,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -4417,7 +4419,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: source-controller namespace: flux-system --- @@ -4428,7 +4430,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: source-controller namespace: flux-system @@ -4449,7 +4451,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: source-controller namespace: flux-system @@ -4470,11 +4472,11 @@ spec: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -4493,7 +4495,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/source-controller:v1.7.0 + image: ghcr.io/fluxcd/source-controller:v1.7.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4557,7 +4559,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5927,7 +5929,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: kustomize-controller namespace: flux-system --- @@ -5938,7 +5940,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5957,11 +5959,11 @@ spec: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5976,7 +5978,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/kustomize-controller:v1.7.0 + image: ghcr.io/fluxcd/kustomize-controller:v1.7.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6033,7 +6035,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -8664,7 +8666,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: helm-controller namespace: flux-system --- @@ -8675,7 +8677,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: helm-controller namespace: flux-system @@ -8694,11 +8696,11 @@ spec: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -8713,7 +8715,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/helm-controller:v1.4.0 + image: ghcr.io/fluxcd/helm-controller:v1.4.5 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -8770,7 +8772,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9160,7 +9162,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9572,7 +9574,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -10049,7 +10051,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: notification-controller namespace: flux-system --- @@ -10060,7 +10062,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: notification-controller namespace: flux-system @@ -10081,7 +10083,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: webhook-receiver namespace: flux-system @@ -10102,7 +10104,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: notification-controller namespace: flux-system @@ -10121,7 +10123,7 @@ spec: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 spec: containers: - args: @@ -10139,7 +10141,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/notification-controller:v1.7.1 + image: ghcr.io/fluxcd/notification-controller:v1.7.5 imagePullPolicy: IfNotPresent livenessProbe: httpGet: From 3d0d789ae9145b0896de484fa3e5f7979006c090 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 17:13:29 +0530 Subject: [PATCH 022/108] change repo name --- config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.js b/config.js index 365d1c2..732e7f0 100644 --- a/config.js +++ b/config.js @@ -10,5 +10,5 @@ module.exports = { }, optimizeForDisabled: true, persistRepoData: true, - repositories: ["aggarwalakshun/k3s"], + repositories: ["aggarwalakshun/k3s-at-home"], } From 32086a30bce52fd3d8c19fac57c9839497729c8b Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 20:39:06 +0530 Subject: [PATCH 023/108] Update Pi-hole link to include /admin in homepage-config --- clusters/default/monitoring/homepage/homepage-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/homepage/homepage-config.yml b/clusters/default/monitoring/homepage/homepage-config.yml index b712301..a48c073 100644 --- a/clusters/default/monitoring/homepage/homepage-config.yml +++ b/clusters/default/monitoring/homepage/homepage-config.yml @@ -214,7 +214,7 @@ data: datastore: backups fields: ["datastore_usage", "cpu_usage", "memory_usage"] - Pi-hole: - href: https://pihole.${DOMAIN} + href: https://pihole.${DOMAIN}/admin description: network adblocker icon: pi-hole.png namespace: tools From eb48218ca4c9331e4703b1d10fe15ab8d79cf149 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 20:57:41 +0530 Subject: [PATCH 024/108] Add Ollama Helm charts and PersistentVolumeClaim configuration --- clusters/default/helm/ollama/ollama-pvc.yml | 14 +++++++ .../default/helm/ollama/ollama-release.yml | 38 +++++++++++++++++++ clusters/default/helm/ollama/ollama-repo.yml | 9 +++++ 3 files changed, 61 insertions(+) create mode 100644 clusters/default/helm/ollama/ollama-pvc.yml create mode 100644 clusters/default/helm/ollama/ollama-release.yml create mode 100644 clusters/default/helm/ollama/ollama-repo.yml diff --git a/clusters/default/helm/ollama/ollama-pvc.yml b/clusters/default/helm/ollama/ollama-pvc.yml new file mode 100644 index 0000000..01c5777 --- /dev/null +++ b/clusters/default/helm/ollama/ollama-pvc.yml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ollama-longhorn + namespace: tools +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 4Gi + storageClassName: longhorn diff --git a/clusters/default/helm/ollama/ollama-release.yml b/clusters/default/helm/ollama/ollama-release.yml new file mode 100644 index 0000000..1c5a037 --- /dev/null +++ b/clusters/default/helm/ollama/ollama-release.yml @@ -0,0 +1,38 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ollama + namespace: tools +spec: + interval: 24h + chart: + spec: + chart: ollama + version: "1.31.0" + sourceRef: + kind: HelmRepository + name: ollama + namespace: flux-system + interval: 24h + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + values: + ollama: + gpu: + enabled: true + type: nvidia + models: + pull: + - deepseek-r1:1.5b + service: + type: LoadBalancer + port: 2123 + runtimeClassName: nvidia + persistentVolume: + enabled: true + existingClaim: ollama-longhorn diff --git a/clusters/default/helm/ollama/ollama-repo.yml b/clusters/default/helm/ollama/ollama-repo.yml new file mode 100644 index 0000000..d775db7 --- /dev/null +++ b/clusters/default/helm/ollama/ollama-repo.yml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: ollama + namespace: flux-system +spec: + interval: 24h + url: https://otwld.github.io/ollama-helm/ From 5126dcecd61df546f82e9b69779f0910f59e3feb Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 20:58:01 +0530 Subject: [PATCH 025/108] Add Open Web UI deployment, service, and persistent volume claim configurations --- .../tools/open-webui/open-webui-pvc.yml | 14 ++++++++ .../tools/open-webui/open-webui-svc.yml | 16 ++++++++++ .../default/tools/open-webui/open-webui.yml | 32 +++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 clusters/default/tools/open-webui/open-webui-pvc.yml create mode 100644 clusters/default/tools/open-webui/open-webui-svc.yml create mode 100644 clusters/default/tools/open-webui/open-webui.yml diff --git a/clusters/default/tools/open-webui/open-webui-pvc.yml b/clusters/default/tools/open-webui/open-webui-pvc.yml new file mode 100644 index 0000000..cf2abec --- /dev/null +++ b/clusters/default/tools/open-webui/open-webui-pvc.yml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: open-webui-longhorn + namespace: tools +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: longhorn diff --git a/clusters/default/tools/open-webui/open-webui-svc.yml b/clusters/default/tools/open-webui/open-webui-svc.yml new file mode 100644 index 0000000..687372c --- /dev/null +++ b/clusters/default/tools/open-webui/open-webui-svc.yml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: open-webui-service + namespace: tools + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" +spec: + loadBalancerIP: 192.168.1.230 + type: LoadBalancer + selector: + app: open-webui + ports: + - port: 8123 + targetPort: 8080 diff --git a/clusters/default/tools/open-webui/open-webui.yml b/clusters/default/tools/open-webui/open-webui.yml new file mode 100644 index 0000000..e519ed4 --- /dev/null +++ b/clusters/default/tools/open-webui/open-webui.yml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: open-webui + namespace: tools +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: open-webui + template: + metadata: + labels: + app: open-webui + spec: + containers: + - name: open-webui + image: ghcr.io/open-webui/open-webui:0.6.33 + ports: + - containerPort: 8080 + env: + - name: OLLAMA_BASE_URL + value: "http://ollama.tools.svc.cluster.local:2123" + volumeMounts: + - name: config + mountPath: /app/backend/data + volumes: + - name: config + persistentVolumeClaim: + claimName: open-webui-longhorn From e5e3d6f249398bff9e9069e0b57afb0f368aeade Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 21:08:20 +0530 Subject: [PATCH 026/108] Add GPU operator cluster policy configuration --- .../default/helm/gpu-operator/gpu-operator-policy.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 clusters/default/helm/gpu-operator/gpu-operator-policy.yml diff --git a/clusters/default/helm/gpu-operator/gpu-operator-policy.yml b/clusters/default/helm/gpu-operator/gpu-operator-policy.yml new file mode 100644 index 0000000..ca98786 --- /dev/null +++ b/clusters/default/helm/gpu-operator/gpu-operator-policy.yml @@ -0,0 +1,10 @@ +apiVersion: nvidia.com/v1 +kind: ClusterPolicy +metadata: + name: cluster-policy + namespace: gpu-operator +spec: + devicePlugin: + config: + name: time-slicing-config + default: "any" From 81ca4b95bd902d7b4fb497057666b7de7c37a76e Mon Sep 17 00:00:00 2001 From: Akshun Aggarwal Date: Tue, 9 Dec 2025 15:41:02 +0000 Subject: [PATCH 027/108] Delete clusters/default/helm/gpu-operator/gpu-operator-policy.yml --- .../default/helm/gpu-operator/gpu-operator-policy.yml | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 clusters/default/helm/gpu-operator/gpu-operator-policy.yml diff --git a/clusters/default/helm/gpu-operator/gpu-operator-policy.yml b/clusters/default/helm/gpu-operator/gpu-operator-policy.yml deleted file mode 100644 index ca98786..0000000 --- a/clusters/default/helm/gpu-operator/gpu-operator-policy.yml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: nvidia.com/v1 -kind: ClusterPolicy -metadata: - name: cluster-policy - namespace: gpu-operator -spec: - devicePlugin: - config: - name: time-slicing-config - default: "any" From f7f7225e29365583a9fea91d278e6a849dfa24ec Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 21:16:58 +0530 Subject: [PATCH 028/108] add nvidia-gpu cluster policy --- .../helm/gpu-operator/gpu-operator-policy.yml | 292 ++++++++++++++++++ 1 file changed, 292 insertions(+) create mode 100644 clusters/default/helm/gpu-operator/gpu-operator-policy.yml diff --git a/clusters/default/helm/gpu-operator/gpu-operator-policy.yml b/clusters/default/helm/gpu-operator/gpu-operator-policy.yml new file mode 100644 index 0000000..3050339 --- /dev/null +++ b/clusters/default/helm/gpu-operator/gpu-operator-policy.yml @@ -0,0 +1,292 @@ +apiVersion: nvidia.com/v1 +kind: ClusterPolicy +metadata: + annotations: + meta.helm.sh/release-name: gpu-operator + meta.helm.sh/release-namespace: gpu-operator + generation: 2 + labels: + app.kubernetes.io/component: gpu-operator + app.kubernetes.io/instance: gpu-operator + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gpu-operator + app.kubernetes.io/version: v25.3.2 + helm.sh/chart: gpu-operator-v25.3.2 + helm.toolkit.fluxcd.io/name: gpu-operator + helm.toolkit.fluxcd.io/namespace: gpu-operator + name: cluster-policy +spec: + ccManager: + defaultMode: "off" + enabled: false + env: [] + image: k8s-cc-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.1.1 + cdi: + default: false + enabled: false + daemonsets: + labels: + app.kubernetes.io/managed-by: gpu-operator + helm.sh/chart: gpu-operator-v25.3.2 + priorityClassName: system-node-critical + rollingUpdate: + maxUnavailable: "1" + tolerations: + - effect: NoSchedule + key: nvidia.com/gpu + operator: Exists + updateStrategy: RollingUpdate + dcgm: + enabled: false + image: dcgm + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: 4.2.3-1-ubuntu22.04 + dcgmExporter: + enabled: true + env: + - name: DCGM_EXPORTER_LISTEN + value: :9400 + - name: DCGM_EXPORTER_KUBERNETES + value: "true" + - name: DCGM_EXPORTER_COLLECTORS + value: /etc/dcgm-exporter/dcp-metrics-included.csv + image: dcgm-exporter + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/k8s + service: + internalTrafficPolicy: Cluster + serviceMonitor: + additionalLabels: {} + enabled: false + honorLabels: false + interval: 15s + relabelings: [] + version: 4.2.3-4.1.3-ubuntu22.04 + devicePlugin: + config: + default: any + name: time-slicing-config + enabled: true + env: + - name: PASS_DEVICE_SPECS + value: "true" + - name: FAIL_ON_INIT_ERROR + value: "true" + - name: DEVICE_LIST_STRATEGY + value: envvar + - name: DEVICE_ID_STRATEGY + value: uuid + - name: NVIDIA_VISIBLE_DEVICES + value: all + - name: NVIDIA_DRIVER_CAPABILITIES + value: all + image: k8s-device-plugin + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: v0.17.3 + driver: + certConfig: + name: "" + enabled: false + image: driver + imagePullPolicy: IfNotPresent + kernelModuleConfig: + name: "" + kernelModuleType: auto + licensingConfig: + configMapName: "" + nlsEnabled: true + manager: + env: + - name: ENABLE_GPU_POD_EVICTION + value: "true" + - name: ENABLE_AUTO_DRAIN + value: "false" + - name: DRAIN_USE_FORCE + value: "false" + - name: DRAIN_POD_SELECTOR_LABEL + value: "" + - name: DRAIN_TIMEOUT_SECONDS + value: 0s + - name: DRAIN_DELETE_EMPTYDIR_DATA + value: "false" + image: k8s-driver-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.8.0 + rdma: + enabled: false + useHostMofed: false + repoConfig: + configMapName: "" + repository: nvcr.io/nvidia + startupProbe: + failureThreshold: 120 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 60 + upgradePolicy: + autoUpgrade: true + drain: + deleteEmptyDir: false + enable: false + force: false + timeoutSeconds: 300 + maxParallelUpgrades: 1 + maxUnavailable: 25% + podDeletion: + deleteEmptyDir: false + force: false + timeoutSeconds: 300 + waitForCompletion: + timeoutSeconds: 0 + useNvidiaDriverCRD: false + usePrecompiled: false + version: 570.148.08 + virtualTopology: + config: "" + gdrcopy: + enabled: false + image: gdrdrv + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v2.5 + gfd: + enabled: true + env: + - name: GFD_SLEEP_INTERVAL + value: 60s + - name: GFD_FAIL_ON_INIT_ERROR + value: "true" + image: k8s-device-plugin + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: v0.17.3 + hostPaths: + driverInstallDir: /run/nvidia/driver + rootFS: / + kataManager: + config: + artifactsDir: /opt/nvidia-gpu-operator/artifacts/runtimeclasses + runtimeClasses: + - artifacts: + pullSecret: "" + url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.54.03 + name: kata-nvidia-gpu + nodeSelector: {} + - artifacts: + pullSecret: "" + url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.86.10-snp + name: kata-nvidia-gpu-snp + nodeSelector: + nvidia.com/cc.capable: "true" + enabled: false + image: k8s-kata-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.2.3 + mig: + strategy: single + migManager: + config: + default: all-disabled + name: default-mig-parted-config + enabled: true + env: + - name: WITH_REBOOT + value: "false" + gpuClientsConfig: + name: "" + image: k8s-mig-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.12.2-ubuntu20.04 + nodeStatusExporter: + enabled: false + image: gpu-operator-validator + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v25.3.2 + operator: + defaultRuntime: docker + initContainer: + image: cuda + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: 12.8.1-base-ubi9 + runtimeClass: nvidia + psa: + enabled: false + sandboxDevicePlugin: + enabled: true + image: kubevirt-gpu-device-plugin + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: v1.3.1 + sandboxWorkloads: + defaultWorkload: container + enabled: false + toolkit: + enabled: true + env: + - name: CONTAINERD_SOCKET + value: /run/k3s/containerd/containerd.sock + - name: CONTAINERD_CONFIG + value: /var/lib/rancher/k3s/agent/etc/containerd/config.toml + image: container-toolkit + imagePullPolicy: IfNotPresent + installDir: /usr/local/nvidia + repository: nvcr.io/nvidia/k8s + version: v1.17.8-ubuntu20.04 + validator: + image: gpu-operator-validator + imagePullPolicy: IfNotPresent + plugin: + env: + - name: WITH_WORKLOAD + value: "false" + repository: nvcr.io/nvidia/cloud-native + version: v25.3.2 + vfioManager: + driverManager: + env: + - name: ENABLE_GPU_POD_EVICTION + value: "false" + - name: ENABLE_AUTO_DRAIN + value: "false" + image: k8s-driver-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.8.0 + enabled: true + image: cuda + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia + version: 12.8.1-base-ubi9 + vgpuDeviceManager: + config: + default: default + name: "" + enabled: true + image: vgpu-device-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.3.0 + vgpuManager: + driverManager: + env: + - name: ENABLE_GPU_POD_EVICTION + value: "false" + - name: ENABLE_AUTO_DRAIN + value: "false" + image: k8s-driver-manager + imagePullPolicy: IfNotPresent + repository: nvcr.io/nvidia/cloud-native + version: v0.8.0 + enabled: false + image: vgpu-manager + imagePullPolicy: IfNotPresent From 4b4d970205236fdc67f50517c159a14e9489cf1f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 9 Dec 2025 16:05:59 +0000 Subject: [PATCH 029/108] Update ghcr.io/open-webui/open-webui Docker tag to v0.6.41 --- clusters/default/tools/open-webui/open-webui.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/open-webui/open-webui.yml b/clusters/default/tools/open-webui/open-webui.yml index e519ed4..0dbb7b6 100644 --- a/clusters/default/tools/open-webui/open-webui.yml +++ b/clusters/default/tools/open-webui/open-webui.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: open-webui - image: ghcr.io/open-webui/open-webui:0.6.33 + image: ghcr.io/open-webui/open-webui:0.6.41 ports: - containerPort: 8080 env: From 02472f5ae698283a7a4b0ad9f60177810ca6e635 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 9 Dec 2025 16:06:11 +0000 Subject: [PATCH 030/108] Update Helm release cert-manager to v1.19.2 --- clusters/default/helm/cert-manager/cert-manager-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/cert-manager/cert-manager-release.yml b/clusters/default/helm/cert-manager/cert-manager-release.yml index 47e92fe..38a0372 100644 --- a/clusters/default/helm/cert-manager/cert-manager-release.yml +++ b/clusters/default/helm/cert-manager/cert-manager-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: cert-manager - version: "v1.19.1" + version: "v1.19.2" sourceRef: kind: HelmRepository name: jetstack From 15484565618c95e6c995f08d56b16010b2b44df1 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 9 Dec 2025 16:06:21 +0000 Subject: [PATCH 031/108] Update Helm release ollama to v1.35.0 --- clusters/default/helm/ollama/ollama-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/ollama/ollama-release.yml b/clusters/default/helm/ollama/ollama-release.yml index 1c5a037..cb78891 100644 --- a/clusters/default/helm/ollama/ollama-release.yml +++ b/clusters/default/helm/ollama/ollama-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: ollama - version: "1.31.0" + version: "1.35.0" sourceRef: kind: HelmRepository name: ollama From 4f0b030d2a239a7520318db629df2efca96ac9b2 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 21:41:34 +0530 Subject: [PATCH 032/108] add nvidia.com/clusterpolicy_v1.json crd to kubeconform workflow --- .gitea/workflows/kubeconform.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index c023e1d..e48fb83 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -45,8 +45,9 @@ jobs: ["L2Advertisement"]="metallb.io/l2advertisement_v1beta1.json" ["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json" ["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json" + ["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json" ) - + # Create cache directory export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache" mkdir -p "$KUBECONFORM_CACHE_DIR" From b1064540dd60751c76107620b548d4e92977e0b5 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 9 Dec 2025 21:48:57 +0530 Subject: [PATCH 033/108] remove unallowed fields in cluster-policy --- clusters/default/helm/gpu-operator/gpu-operator-policy.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/clusters/default/helm/gpu-operator/gpu-operator-policy.yml b/clusters/default/helm/gpu-operator/gpu-operator-policy.yml index 3050339..b595d03 100644 --- a/clusters/default/helm/gpu-operator/gpu-operator-policy.yml +++ b/clusters/default/helm/gpu-operator/gpu-operator-policy.yml @@ -57,8 +57,6 @@ spec: image: dcgm-exporter imagePullPolicy: IfNotPresent repository: nvcr.io/nvidia/k8s - service: - internalTrafficPolicy: Cluster serviceMonitor: additionalLabels: {} enabled: false @@ -96,7 +94,6 @@ spec: imagePullPolicy: IfNotPresent kernelModuleConfig: name: "" - kernelModuleType: auto licensingConfig: configMapName: "" nlsEnabled: true From 3a984cc73e4c0250a641c507044ef6b9a234c4e4 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 10 Dec 2025 03:39:03 +0530 Subject: [PATCH 034/108] split db and app into two deployments --- .../git-ops/semaphore/semaphore-configmap.yml | 2 +- .../git-ops/semaphore/semaphore-db.yml | 43 +++++++++++++++++++ .../git-ops/semaphore/semaphore-svc.yml | 13 ++++++ .../default/git-ops/semaphore/semaphore.yml | 28 ++---------- 4 files changed, 60 insertions(+), 26 deletions(-) create mode 100644 clusters/default/git-ops/semaphore/semaphore-db.yml diff --git a/clusters/default/git-ops/semaphore/semaphore-configmap.yml b/clusters/default/git-ops/semaphore/semaphore-configmap.yml index a101dd4..4cd6f6c 100644 --- a/clusters/default/git-ops/semaphore/semaphore-configmap.yml +++ b/clusters/default/git-ops/semaphore/semaphore-configmap.yml @@ -6,7 +6,7 @@ metadata: namespace: git-ops data: SEMAPHORE_DB_USER: "semaphore" - SEMAPHORE_DB_HOST: "localhost" + SEMAPHORE_DB_HOST: "semaphore-db-service" SEMAPHORE_DB_PORT: "3306" SEMAPHORE_DB_DIALECT: "mysql" SEMAPHORE_DB: "semaphore" diff --git a/clusters/default/git-ops/semaphore/semaphore-db.yml b/clusters/default/git-ops/semaphore/semaphore-db.yml new file mode 100644 index 0000000..cc04b70 --- /dev/null +++ b/clusters/default/git-ops/semaphore/semaphore-db.yml @@ -0,0 +1,43 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: semaphore-db + namespace: git-ops +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: semaphore-db + template: + metadata: + labels: + app: semaphore-db + spec: + containers: + - name: mysql + image: mysql:9.5.0 + ports: + - containerPort: 3306 + env: + - name: MYSQL_RANDOM_ROOT_PASSWORD + value: "'yes'" + - name: MYSQL_DATABASE + value: "semaphore" + - name: MYSQL_USER + value: "semaphore" + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: semaphore-secrets + key: mysql_password + volumeMounts: + - name: db + mountPath: /var/lib/mysql + subPath: db + volumes: + - name: db + persistentVolumeClaim: + claimName: semaphore-longhorn diff --git a/clusters/default/git-ops/semaphore/semaphore-svc.yml b/clusters/default/git-ops/semaphore/semaphore-svc.yml index 0b3b54a..add1116 100644 --- a/clusters/default/git-ops/semaphore/semaphore-svc.yml +++ b/clusters/default/git-ops/semaphore/semaphore-svc.yml @@ -14,3 +14,16 @@ spec: ports: - port: 3002 targetPort: 3000 + +--- +apiVersion: v1 +kind: Service +metadata: + name: semaphore-db-service + namespace: git-ops +spec: + selector: + app: semaphore-db + ports: + - port: 3306 + targetPort: 3306 diff --git a/clusters/default/git-ops/semaphore/semaphore.yml b/clusters/default/git-ops/semaphore/semaphore.yml index a4e62ef..302a5cd 100644 --- a/clusters/default/git-ops/semaphore/semaphore.yml +++ b/clusters/default/git-ops/semaphore/semaphore.yml @@ -17,27 +17,9 @@ spec: app: semaphore spec: initContainers: - - name: mysql - image: mysql:9.5.0 - restartPolicy: Always - ports: - - containerPort: 3306 - env: - - name: MYSQL_RANDOM_ROOT_PASSWORD - value: "'yes'" - - name: MYSQL_DATABASE - value: "semaphore" - - name: MYSQL_USER - value: "semaphore" - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: semaphore-secrets - key: mysql_password - volumeMounts: - - name: db - mountPath: /var/lib/mysql - subPath: db + - name: wait-for-db + image: busybox + command: ['sh', '-c', 'until nc -z -v -w30 semaphore-db-service 3306; do echo "Waiting for database connection..."; sleep 5; done;'] containers: - name: semaphore image: public.ecr.aws/semaphore/pro/server:v2.16.45 @@ -62,7 +44,3 @@ spec: secretKeyRef: name: semaphore-secrets key: key - volumes: - - name: db - persistentVolumeClaim: - claimName: semaphore-longhorn From fb8f41165e1584744b78d4dd75d983e4326a29b2 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 10 Dec 2025 03:39:31 +0530 Subject: [PATCH 035/108] split db, companion and app into three deployments --- .../media/invidious/invidious-companion.yml | 28 +++++++++ .../media/invidious/invidious-config.yml | 4 +- .../default/media/invidious/invidious-db.yml | 55 +++++++++++++++++ .../default/media/invidious/invidious-svc.yml | 26 ++++++++ .../default/media/invidious/invidious.yml | 60 ++++++------------- 5 files changed, 128 insertions(+), 45 deletions(-) create mode 100644 clusters/default/media/invidious/invidious-companion.yml create mode 100644 clusters/default/media/invidious/invidious-db.yml diff --git a/clusters/default/media/invidious/invidious-companion.yml b/clusters/default/media/invidious/invidious-companion.yml new file mode 100644 index 0000000..258eac2 --- /dev/null +++ b/clusters/default/media/invidious/invidious-companion.yml @@ -0,0 +1,28 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious-companion + namespace: media +spec: + selector: + matchLabels: + app: invidious-companion + template: + metadata: + labels: + app: invidious-companion + spec: + containers: + - name: inv-companion + image: quay.io/invidious/invidious-companion@sha256:d68a312073920572e39b0d4ae486f22885819567fae5fac23220f7b750f8e295 + env: + - name: SERVER_SECRET_KEY + valueFrom: + secretKeyRef: + name: invidious-secrets + key: INVIDIOUS_COMPANION_KEY + securityContext: + capabilities: + drop: + - ALL diff --git a/clusters/default/media/invidious/invidious-config.yml b/clusters/default/media/invidious/invidious-config.yml index 7970693..3e9d95b 100644 --- a/clusters/default/media/invidious/invidious-config.yml +++ b/clusters/default/media/invidious/invidious-config.yml @@ -10,10 +10,10 @@ data: dbname: invidious user: kemal password: ${INVIDIOUS_DB_PASSWORD} - host: localhost + host: invidious-db-service port: 5432 check_tables: true invidious_companion: - - private_url: "http://localhost:8282/companion" + - private_url: "http://invidious-companion-service:8282/companion" invidious_companion_key: ${INVIDIOUS_COMPANION_KEY} hmac_key: ${INVIDIOUS_HMAC_KEY} diff --git a/clusters/default/media/invidious/invidious-db.yml b/clusters/default/media/invidious/invidious-db.yml new file mode 100644 index 0000000..6b2e978 --- /dev/null +++ b/clusters/default/media/invidious/invidious-db.yml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious-db + namespace: media +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: invidious-db + template: + metadata: + labels: + app: invidious-db + spec: + initContainers: + - name: clean-db-dir + image: busybox + command: + - sh + - -c + - | + rm -rf /var/lib/postgresql/lost+found + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql + containers: + - name: postgres + image: postgres:18 + env: + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: invidious-db-secrets + key: postgres-db + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: invidious-db-secrets + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: invidious-db-secrets + key: postgres-password + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: invidious-longhorn diff --git a/clusters/default/media/invidious/invidious-svc.yml b/clusters/default/media/invidious/invidious-svc.yml index 7c68d2a..6476d71 100644 --- a/clusters/default/media/invidious/invidious-svc.yml +++ b/clusters/default/media/invidious/invidious-svc.yml @@ -15,3 +15,29 @@ spec: - port: 3111 targetPort: 3000 protocol: TCP + +--- +apiVersion: v1 +kind: Service +metadata: + name: invidious-companion-service + namespace: media +spec: + selector: + app: invidious-companion + ports: + - port: 8282 + targetPort: 8282 + +--- +apiVersion: v1 +kind: Service +metadata: + name: invidious-db-service + namespace: media +spec: + selector: + app: invidious-db + ports: + - port: 5432 + targetPort: 5432 diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml index 3221e95..ab443de 100644 --- a/clusters/default/media/invidious/invidious.yml +++ b/clusters/default/media/invidious/invidious.yml @@ -33,51 +33,28 @@ spec: - name: tmp mountPath: /mnt subPath: invidious.yml - - name: clean-db-dir + - name: wait-for-db image: busybox command: - sh - -c - | - rm -rf /var/lib/postgresql/lost+found - volumeMounts: - - name: postgres-data - mountPath: /var/lib/postgresql - - name: postgres - image: postgres:18 - restartPolicy: Always - env: - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: invidious-db-secrets - key: postgres-db - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: invidious-db-secrets - key: postgres-user - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: invidious-db-secrets - key: postgres-password - volumeMounts: - - name: postgres-data - mountPath: /var/lib/postgresql - - name: inv-companion - image: quay.io/invidious/invidious-companion@sha256:d68a312073920572e39b0d4ae486f22885819567fae5fac23220f7b750f8e295 - restartPolicy: Always - env: - - name: SERVER_SECRET_KEY - valueFrom: - secretKeyRef: - name: invidious-secrets - key: INVIDIOUS_COMPANION_KEY - securityContext: - capabilities: - drop: - - ALL + until nc -z -v -w30 invidious-db-service 5432 + do + echo "Waiting for database connection..." + sleep 5 + done + - name: wait-for-companion + image: busybox + command: + - sh + - -c + - | + until nc -z -v -w30 invidious-companion-service 8282 + do + echo "Waiting for invidious companion connection..." + sleep 5 + done containers: - name: invidious image: quay.io/invidious/invidious@sha256:2836b5b8226a53a9cc2afdbd5f5fe6bccdd200f2e17cd92a828b4dc8d8b5cc06 @@ -106,6 +83,3 @@ spec: - name: invidious-config configMap: name: invidious-config - - name: postgres-data - persistentVolumeClaim: - claimName: invidious-longhorn From 808bfb8b2f77e6dd66a0e5cf8def14c8a20bda45 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 10 Dec 2025 03:39:44 +0530 Subject: [PATCH 036/108] split db and app into two deployments --- .../monitoring/jellystat/jellystat-db.yml | 42 +++++++++++++++++++ .../monitoring/jellystat/jellystat-svc.yml | 13 ++++++ .../monitoring/jellystat/jellystat.yml | 42 +++++-------------- 3 files changed, 66 insertions(+), 31 deletions(-) create mode 100644 clusters/default/monitoring/jellystat/jellystat-db.yml diff --git a/clusters/default/monitoring/jellystat/jellystat-db.yml b/clusters/default/monitoring/jellystat/jellystat-db.yml new file mode 100644 index 0000000..54ace15 --- /dev/null +++ b/clusters/default/monitoring/jellystat/jellystat-db.yml @@ -0,0 +1,42 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellystat-db + namespace: monitoring +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: jellystat-db + template: + metadata: + labels: + app: jellystat-db + spec: + containers: + - name: jellystat-db + image: postgres:alpine + ports: + - containerPort: 5432 + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: jellystat-secret + key: password + - name: POSTGRES_DB + value: "jfstat" + - name: POSTGRES_USER + value: "postgres" + - name: PGDATA + value: /mnt/postgres/data + volumeMounts: + - name: postgres-data + mountPath: /mnt/postgres + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: jellystat-longhorn diff --git a/clusters/default/monitoring/jellystat/jellystat-svc.yml b/clusters/default/monitoring/jellystat/jellystat-svc.yml index 4addd04..1ca524e 100644 --- a/clusters/default/monitoring/jellystat/jellystat-svc.yml +++ b/clusters/default/monitoring/jellystat/jellystat-svc.yml @@ -15,3 +15,16 @@ spec: - port: 3001 targetPort: 3000 protocol: TCP + +--- +apiVersion: v1 +kind: Service +metadata: + name: jellystat-db-service + namespace: monitoring +spec: + selector: + app: jellystat-db + ports: + - port: 5432 + targetPort: 5432 diff --git a/clusters/default/monitoring/jellystat/jellystat.yml b/clusters/default/monitoring/jellystat/jellystat.yml index 5394ae1..c4a773a 100644 --- a/clusters/default/monitoring/jellystat/jellystat.yml +++ b/clusters/default/monitoring/jellystat/jellystat.yml @@ -17,55 +17,35 @@ spec: app: jellystat spec: initContainers: - - name: jellystat-db - image: postgres:alpine - restartPolicy: Always - ports: - - containerPort: 5432 - env: - - name: POSTGRES_DB - value: "jfstat" - - name: POSTGRES_USER - value: "postgres" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: jellystat-secret - key: password - - name: PGDATA - value: /mnt/postgres/data - volumeMounts: - - name: postgres-data - mountPath: /mnt/postgres + - name: wait-for-db + image: busybox + command: ['sh', '-c', 'until nc -z -v -w30 jellystat-db-service 5432; do echo "Waiting for database..."; sleep 5; done;'] containers: - name: jellystat image: cyfershepard/jellystat:1.1.6 ports: - containerPort: 3000 env: - - name: POSTGRES_USER - value: "postgres" + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: jellystat-secret + key: jwt - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: jellystat-secret key: password - name: POSTGRES_IP - value: "localhost" + value: "jellystat-db-service" - name: POSTGRES_PORT value: "5432" - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: jellystat-secret - key: jwt + - name: POSTGRES_USER + value: "postgres" volumeMounts: - name: backups mountPath: /app/backend/backup-data volumes: - - name: postgres-data - persistentVolumeClaim: - claimName: jellystat-longhorn - name: backups persistentVolumeClaim: claimName: jellystat-backups-longhorn From ae49f05be343037c104b55c8a4a2eb53122f03b4 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 10 Dec 2025 03:39:49 +0530 Subject: [PATCH 037/108] split db and app into two deployments --- .../tools/paperless-ngx/paperless-ngx-db.yml | 30 +++++++++++++++++++ .../tools/paperless-ngx/paperless-ngx-svc.yml | 13 ++++++++ .../tools/paperless-ngx/paperless-ngx.yml | 14 +++------ .../tools/paperless-ngx/paperless-pvc.yml | 15 ++++++++++ 4 files changed, 62 insertions(+), 10 deletions(-) create mode 100644 clusters/default/tools/paperless-ngx/paperless-ngx-db.yml diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx-db.yml b/clusters/default/tools/paperless-ngx/paperless-ngx-db.yml new file mode 100644 index 0000000..9984327 --- /dev/null +++ b/clusters/default/tools/paperless-ngx/paperless-ngx-db.yml @@ -0,0 +1,30 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: paperless-ngx-db + namespace: tools +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: paperless-ngx-db + template: + metadata: + labels: + app: paperless-ngx-db + spec: + containers: + - name: paperless-ngx-db + image: docker.io/library/redis:8 + ports: + - containerPort: 6379 + volumeMounts: + - name: data + mountPath: /data + subPath: redis + volumes: + - name: data + persistentVolumeClaim: + claimName: paperless-db-longhorn diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml b/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml index 931f156..b6f03e9 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml @@ -14,3 +14,16 @@ spec: ports: - port: 8001 targetPort: 8000 + +--- +apiVersion: v1 +kind: Service +metadata: + name: paperless-ngx-db-service + namespace: tools +spec: + selector: + app: paperless-ngx-db + ports: + - port: 6379 + targetPort: 6379 diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index 3543111..b6dbfb5 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -16,15 +16,9 @@ spec: app: paperless-ngx spec: initContainers: - - name: paperless-ngx-db - image: docker.io/library/redis:8 - restartPolicy: Always - ports: - - containerPort: 6379 - volumeMounts: - - name: data - mountPath: /data - subPath: redis + - name: wait-for-redis + image: busybox:latest + command: ['sh', '-c', 'until nc -z paperless-ngx-db-service 6379; do echo waiting for redis; sleep 2; done;'] containers: - name: paperless-ngx image: ghcr.io/paperless-ngx/paperless-ngx:2.20.1 @@ -32,7 +26,7 @@ spec: - containerPort: 8000 env: - name: PAPERLESS_REDIS - value: "redis://localhost:6379" + value: "redis://paperless-ngx-db-service:6379" - name: PAPERLESS_URL valueFrom: secretKeyRef: diff --git a/clusters/default/tools/paperless-ngx/paperless-pvc.yml b/clusters/default/tools/paperless-ngx/paperless-pvc.yml index 2a7034c..ad6255c 100644 --- a/clusters/default/tools/paperless-ngx/paperless-pvc.yml +++ b/clusters/default/tools/paperless-ngx/paperless-pvc.yml @@ -4,6 +4,21 @@ kind: PersistentVolumeClaim metadata: name: paperless-longhorn namespace: tools +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: longhorn + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: paperless-db-longhorn + namespace: tools spec: accessModes: - ReadWriteOnce From 9af8c47a8bba9da4acea7b85d0dbba6a3247e146 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 10 Dec 2025 12:53:51 +0000 Subject: [PATCH 038/108] Update searxng/searxng Docker digest to 95e59f5 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index c6eaca4..f42d20d 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:8354c2e3fdc4e400379c0fa906e42961dfc55a570d9769c70ab07e410dfb1468 + image: searxng/searxng@sha256:95e59f5ba7d48b4c7ee92f2705907e52c5b98715b0d8c4802863322a502a8c4a ports: - containerPort: 8080 env: From e202f3c3fd1a91eac747adb3ce30ad08d1afad44 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 10 Dec 2025 18:26:44 +0000 Subject: [PATCH 039/108] Update Helm release prometheus to v27.50.1 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index bfcf0f9..bbe9694 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.50.0" + version: "27.50.1" sourceRef: kind: HelmRepository name: prometheus-community From fd0bf09a58abac5123202be8c79a9ee46093db69 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 10 Dec 2025 18:27:23 +0000 Subject: [PATCH 040/108] Update ghcr.io/gethomepage/homepage Docker tag to v1.8.0 --- clusters/default/monitoring/homepage/homepage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/homepage/homepage.yml b/clusters/default/monitoring/homepage/homepage.yml index c9b462e..8ef0298 100644 --- a/clusters/default/monitoring/homepage/homepage.yml +++ b/clusters/default/monitoring/homepage/homepage.yml @@ -41,7 +41,7 @@ spec: subPath: services.yaml containers: - name: homepage - image: "ghcr.io/gethomepage/homepage:v1.7.0" + image: "ghcr.io/gethomepage/homepage:v1.8.0" imagePullPolicy: IfNotPresent env: - name: HOMEPAGE_ALLOWED_HOSTS From aff4e9194551b5f9b745f6431cc0aad609ea990a Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 11 Dec 2025 06:12:43 +0530 Subject: [PATCH 041/108] update ollama model version to deepseek-coder:1.3b --- clusters/default/helm/ollama/ollama-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/ollama/ollama-release.yml b/clusters/default/helm/ollama/ollama-release.yml index cb78891..41b7fd1 100644 --- a/clusters/default/helm/ollama/ollama-release.yml +++ b/clusters/default/helm/ollama/ollama-release.yml @@ -28,7 +28,7 @@ spec: type: nvidia models: pull: - - deepseek-r1:1.5b + - deepseek-coder:1.3b service: type: LoadBalancer port: 2123 From d2810a2fa39080f8a48320b071f0be8c5f0a33e4 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 11 Dec 2025 06:19:55 +0530 Subject: [PATCH 042/108] Update ollama-release.yml --- clusters/default/helm/ollama/ollama-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/ollama/ollama-release.yml b/clusters/default/helm/ollama/ollama-release.yml index 41b7fd1..b4315ba 100644 --- a/clusters/default/helm/ollama/ollama-release.yml +++ b/clusters/default/helm/ollama/ollama-release.yml @@ -28,7 +28,7 @@ spec: type: nvidia models: pull: - - deepseek-coder:1.3b + - qwen2.5-coder:0.5b service: type: LoadBalancer port: 2123 From d00cc5f2b1ca440f3af75e46379db51bb2956f45 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 11 Dec 2025 06:27:04 +0530 Subject: [PATCH 043/108] Update ollama-release.yml --- clusters/default/helm/ollama/ollama-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/ollama/ollama-release.yml b/clusters/default/helm/ollama/ollama-release.yml index b4315ba..6d29dce 100644 --- a/clusters/default/helm/ollama/ollama-release.yml +++ b/clusters/default/helm/ollama/ollama-release.yml @@ -28,7 +28,7 @@ spec: type: nvidia models: pull: - - qwen2.5-coder:0.5b + - qwen2.5-coder:1.5b service: type: LoadBalancer port: 2123 From fec29606f24988b66f3c7c573a4df92e097daccf Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 11 Dec 2025 14:12:52 +0000 Subject: [PATCH 044/108] Update Helm release intel-device-plugins-gpu to v0.34.1 --- clusters/default/helm/intel-gpu/intel-plugin-operator.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/intel-gpu/intel-plugin-operator.yml b/clusters/default/helm/intel-gpu/intel-plugin-operator.yml index c1f3d2c..1666362 100644 --- a/clusters/default/helm/intel-gpu/intel-plugin-operator.yml +++ b/clusters/default/helm/intel-gpu/intel-plugin-operator.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: intel-device-plugins-gpu - version: "0.34.0" + version: "0.34.1" sourceRef: kind: HelmRepository name: intel From 445a6405ce8fc35cda48b4cda1e3e9cf924ed338 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 11 Dec 2025 14:12:57 +0000 Subject: [PATCH 045/108] Update Helm release intel-device-plugins-operator to v0.34.1 --- clusters/default/helm/intel-gpu/intel-device-operator.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/intel-gpu/intel-device-operator.yml b/clusters/default/helm/intel-gpu/intel-device-operator.yml index a9a5f75..29ddca8 100644 --- a/clusters/default/helm/intel-gpu/intel-device-operator.yml +++ b/clusters/default/helm/intel-gpu/intel-device-operator.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: intel-device-plugins-operator - version: "0.34.0" + version: "0.34.1" sourceRef: kind: HelmRepository name: intel From e763027320ba04f5189fa6c66f9acd9e2e2e11fe Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 11 Dec 2025 14:12:58 +0000 Subject: [PATCH 046/108] Update lscr.io/linuxserver/nextcloud Docker tag to v32.0.3 --- clusters/default/tools/nextcloud/nextcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/nextcloud/nextcloud.yml b/clusters/default/tools/nextcloud/nextcloud.yml index fd192cc..230a5d7 100644 --- a/clusters/default/tools/nextcloud/nextcloud.yml +++ b/clusters/default/tools/nextcloud/nextcloud.yml @@ -28,7 +28,7 @@ spec: done containers: - name: nextcloud - image: lscr.io/linuxserver/nextcloud:32.0.2 + image: lscr.io/linuxserver/nextcloud:32.0.3 ports: - containerPort: 443 env: From bc35f5d7c1a2652b3cc3d9ba05ee5f6b9d6467c1 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 11 Dec 2025 22:28:38 +0530 Subject: [PATCH 047/108] Reduce Helm release update interval from 24h to 6h for multiple charts --- clusters/default/helm/cert-manager/cert-manager-release.yml | 4 ++-- clusters/default/helm/cert-manager/cert-manager-repo.yml | 2 +- .../default/helm/csi-driver-smb/csi-driver-smb-release.yml | 4 ++-- clusters/default/helm/csi-driver-smb/csi-driver-smb-repo.yml | 2 +- clusters/default/helm/gpu-operator/gpu-operator-release.yml | 4 ++-- clusters/default/helm/gpu-operator/gpu-operator-repo.yml | 2 +- clusters/default/helm/intel-gpu/intel-plugin-operator.yml | 4 ++-- clusters/default/helm/intel-gpu/intel-repo.yml | 2 +- clusters/default/helm/longhorn/longhorn-release.yml | 4 ++-- clusters/default/helm/longhorn/longhorn-repo.yml | 2 +- clusters/default/helm/metallb/metallb-release.yml | 4 ++-- clusters/default/helm/metallb/metallb-repo.yml | 2 +- clusters/default/helm/ollama/ollama-release.yml | 4 ++-- clusters/default/helm/ollama/ollama-repo.yml | 2 +- clusters/default/helm/prometheus/prometheus-release.yml | 4 ++-- clusters/default/helm/prometheus/prometheus-repo.yml | 2 +- .../default/helm/sealed-secrets/sealed-secrets-release.yaml | 2 +- clusters/default/helm/sealed-secrets/sealed-secrets-repo.yml | 2 +- 18 files changed, 26 insertions(+), 26 deletions(-) diff --git a/clusters/default/helm/cert-manager/cert-manager-release.yml b/clusters/default/helm/cert-manager/cert-manager-release.yml index 38a0372..2021fa0 100644 --- a/clusters/default/helm/cert-manager/cert-manager-release.yml +++ b/clusters/default/helm/cert-manager/cert-manager-release.yml @@ -5,7 +5,7 @@ metadata: name: cert-manager namespace: cert-manager spec: - interval: 24h + interval: 6h chart: spec: chart: cert-manager @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: jetstack namespace: flux-system - interval: 24h + interval: 6h install: remediation: retries: 3 diff --git a/clusters/default/helm/cert-manager/cert-manager-repo.yml b/clusters/default/helm/cert-manager/cert-manager-repo.yml index 197dc0d..c7e3692 100644 --- a/clusters/default/helm/cert-manager/cert-manager-repo.yml +++ b/clusters/default/helm/cert-manager/cert-manager-repo.yml @@ -5,5 +5,5 @@ metadata: name: jetstack namespace: flux-system spec: - interval: 24h + interval: 6h url: https://charts.jetstack.io diff --git a/clusters/default/helm/csi-driver-smb/csi-driver-smb-release.yml b/clusters/default/helm/csi-driver-smb/csi-driver-smb-release.yml index 835d4d5..b62b81a 100644 --- a/clusters/default/helm/csi-driver-smb/csi-driver-smb-release.yml +++ b/clusters/default/helm/csi-driver-smb/csi-driver-smb-release.yml @@ -5,7 +5,7 @@ metadata: name: csi-driver-smb namespace: kube-system spec: - interval: 24h + interval: 6h chart: spec: chart: csi-driver-smb @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: csi-driver-smb namespace: flux-system - interval: 24h + interval: 6h install: createNamespace: true upgrade: diff --git a/clusters/default/helm/csi-driver-smb/csi-driver-smb-repo.yml b/clusters/default/helm/csi-driver-smb/csi-driver-smb-repo.yml index 190253d..4a71ff4 100644 --- a/clusters/default/helm/csi-driver-smb/csi-driver-smb-repo.yml +++ b/clusters/default/helm/csi-driver-smb/csi-driver-smb-repo.yml @@ -5,5 +5,5 @@ metadata: name: csi-driver-smb namespace: flux-system spec: - interval: 24h + interval: 6h url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts diff --git a/clusters/default/helm/gpu-operator/gpu-operator-release.yml b/clusters/default/helm/gpu-operator/gpu-operator-release.yml index ad385e0..f7d4d00 100644 --- a/clusters/default/helm/gpu-operator/gpu-operator-release.yml +++ b/clusters/default/helm/gpu-operator/gpu-operator-release.yml @@ -5,7 +5,7 @@ metadata: name: gpu-operator namespace: gpu-operator spec: - interval: 24h + interval: 6h chart: spec: chart: gpu-operator @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: nvidia namespace: flux-system - interval: 24h + interval: 6h install: createNamespace: true upgrade: diff --git a/clusters/default/helm/gpu-operator/gpu-operator-repo.yml b/clusters/default/helm/gpu-operator/gpu-operator-repo.yml index cce718c..738c012 100644 --- a/clusters/default/helm/gpu-operator/gpu-operator-repo.yml +++ b/clusters/default/helm/gpu-operator/gpu-operator-repo.yml @@ -5,5 +5,5 @@ metadata: name: nvidia namespace: flux-system spec: - interval: 24h + interval: 6h url: https://helm.ngc.nvidia.com/nvidia diff --git a/clusters/default/helm/intel-gpu/intel-plugin-operator.yml b/clusters/default/helm/intel-gpu/intel-plugin-operator.yml index 1666362..04d653d 100644 --- a/clusters/default/helm/intel-gpu/intel-plugin-operator.yml +++ b/clusters/default/helm/intel-gpu/intel-plugin-operator.yml @@ -5,7 +5,7 @@ metadata: name: gpu-device-plugin namespace: gpu-operator spec: - interval: 24h + interval: 6h chart: spec: chart: intel-device-plugins-gpu @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: intel namespace: flux-system - interval: 24h + interval: 6h install: remediation: retries: 3 diff --git a/clusters/default/helm/intel-gpu/intel-repo.yml b/clusters/default/helm/intel-gpu/intel-repo.yml index d02121d..66dc372 100644 --- a/clusters/default/helm/intel-gpu/intel-repo.yml +++ b/clusters/default/helm/intel-gpu/intel-repo.yml @@ -5,5 +5,5 @@ metadata: name: intel namespace: flux-system spec: - interval: 24h + interval: 6h url: https://intel.github.io/helm-charts diff --git a/clusters/default/helm/longhorn/longhorn-release.yml b/clusters/default/helm/longhorn/longhorn-release.yml index f829f92..3d95d9c 100644 --- a/clusters/default/helm/longhorn/longhorn-release.yml +++ b/clusters/default/helm/longhorn/longhorn-release.yml @@ -5,7 +5,7 @@ metadata: name: longhorn namespace: longhorn-system spec: - interval: 24h + interval: 6h chart: spec: chart: longhorn @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: longhorn namespace: flux-system - interval: 24h + interval: 6h install: createNamespace: true upgrade: diff --git a/clusters/default/helm/longhorn/longhorn-repo.yml b/clusters/default/helm/longhorn/longhorn-repo.yml index a608b60..0ed3782 100644 --- a/clusters/default/helm/longhorn/longhorn-repo.yml +++ b/clusters/default/helm/longhorn/longhorn-repo.yml @@ -5,5 +5,5 @@ metadata: name: longhorn namespace: flux-system spec: - interval: 24h + interval: 6h url: https://charts.longhorn.io diff --git a/clusters/default/helm/metallb/metallb-release.yml b/clusters/default/helm/metallb/metallb-release.yml index d7d9209..bea9ba1 100644 --- a/clusters/default/helm/metallb/metallb-release.yml +++ b/clusters/default/helm/metallb/metallb-release.yml @@ -5,7 +5,7 @@ metadata: name: metallb namespace: metallb-system spec: - interval: 24h + interval: 6h chart: spec: chart: metallb @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: metallb namespace: flux-system - interval: 24h + interval: 6h install: createNamespace: true upgrade: diff --git a/clusters/default/helm/metallb/metallb-repo.yml b/clusters/default/helm/metallb/metallb-repo.yml index 378e684..95290f2 100644 --- a/clusters/default/helm/metallb/metallb-repo.yml +++ b/clusters/default/helm/metallb/metallb-repo.yml @@ -5,5 +5,5 @@ metadata: name: metallb namespace: flux-system spec: - interval: 24h + interval: 6h url: https://metallb.github.io/metallb diff --git a/clusters/default/helm/ollama/ollama-release.yml b/clusters/default/helm/ollama/ollama-release.yml index 6d29dce..b37ceb2 100644 --- a/clusters/default/helm/ollama/ollama-release.yml +++ b/clusters/default/helm/ollama/ollama-release.yml @@ -5,7 +5,7 @@ metadata: name: ollama namespace: tools spec: - interval: 24h + interval: 6h chart: spec: chart: ollama @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: ollama namespace: flux-system - interval: 24h + interval: 6h install: remediation: retries: 3 diff --git a/clusters/default/helm/ollama/ollama-repo.yml b/clusters/default/helm/ollama/ollama-repo.yml index d775db7..b366ca1 100644 --- a/clusters/default/helm/ollama/ollama-repo.yml +++ b/clusters/default/helm/ollama/ollama-repo.yml @@ -5,5 +5,5 @@ metadata: name: ollama namespace: flux-system spec: - interval: 24h + interval: 6h url: https://otwld.github.io/ollama-helm/ diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index bbe9694..cc6756b 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -5,7 +5,7 @@ metadata: name: prometheus namespace: monitoring spec: - interval: 24h + interval: 6h chart: spec: chart: prometheus @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: prometheus-community namespace: flux-system - interval: 24h + interval: 6h install: remediation: retries: 3 diff --git a/clusters/default/helm/prometheus/prometheus-repo.yml b/clusters/default/helm/prometheus/prometheus-repo.yml index 6e3b8d6..1546c10 100644 --- a/clusters/default/helm/prometheus/prometheus-repo.yml +++ b/clusters/default/helm/prometheus/prometheus-repo.yml @@ -5,5 +5,5 @@ metadata: name: prometheus-community namespace: flux-system spec: - interval: 24h + interval: 6h url: https://prometheus-community.github.io/helm-charts diff --git a/clusters/default/helm/sealed-secrets/sealed-secrets-release.yaml b/clusters/default/helm/sealed-secrets/sealed-secrets-release.yaml index f0fc8c0..803df2d 100644 --- a/clusters/default/helm/sealed-secrets/sealed-secrets-release.yaml +++ b/clusters/default/helm/sealed-secrets/sealed-secrets-release.yaml @@ -15,7 +15,7 @@ spec: version: '>=1.15.0-0' install: crds: Create - interval: 24h + interval: 6h releaseName: sealed-secrets-controller upgrade: crds: CreateReplace diff --git a/clusters/default/helm/sealed-secrets/sealed-secrets-repo.yml b/clusters/default/helm/sealed-secrets/sealed-secrets-repo.yml index 307ce61..c6eb17f 100644 --- a/clusters/default/helm/sealed-secrets/sealed-secrets-repo.yml +++ b/clusters/default/helm/sealed-secrets/sealed-secrets-repo.yml @@ -5,5 +5,5 @@ metadata: name: sealed-secrets namespace: flux-system spec: - interval: 24h + interval: 6h url: https://bitnami-labs.github.io/sealed-secrets From b91d813ea70eeb9f71530b7e957335f29ed188d2 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 15:33:48 +0530 Subject: [PATCH 048/108] add push trigger for kubeconform workflow --- .gitea/workflows/kubeconform.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index e48fb83..b578df4 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -3,6 +3,8 @@ name: Validate Kubernetes Manifests on: pull_request: branches: [main] + push: + branches: [main] jobs: kubeconform: @@ -51,27 +53,27 @@ jobs: # Create cache directory export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache" mkdir -p "$KUBECONFORM_CACHE_DIR" - + # Exit code tracking EXIT_CODE=0 - + # Process all YAML files while IFS= read -r file; do echo "=== Validating: $file ===" - + # Skip excluded paths if [[ "$file" == *".gitea/"* ]] || [[ "$file" == *"clusters/default/system-upgrade/"* ]]; then echo "Skipping excluded file" continue fi - + # Detect resource kind KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "") - + if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then echo "Found $KIND - using custom schema" SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" - + if ! /kubeconform \ -schema-location "$SCHEMA_URL" \ -cache "$KUBECONFORM_CACHE_DIR" \ @@ -89,8 +91,8 @@ jobs: EXIT_CODE=1 fi fi - + echo "" done < <(find . -type f \( -name "*.yml" \) -print) - + exit $EXIT_CODE From 5ea9494c24be58bcd2c3445e2eea1a4a4d997cb0 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:08:41 +0530 Subject: [PATCH 049/108] only validate changed files --- .gitea/workflows/kubeconform.yml | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index b578df4..2343b0f 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -29,6 +29,13 @@ jobs: with: fetch-depth: 0 + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v47 + with: + files: | + **.yml + - name: Create kubeconform configuration run: | cat > /tmp/kubeconform-config.yaml << 'EOF' @@ -38,9 +45,13 @@ jobs: EOF - name: Validate Manifests + if: steps.changed-files.outputs.any_changed == 'true' + env: + ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} shell: bash run: | - # Define schema mappings + set -o pipefail + declare -A SCHEMA_MAP=( ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json" ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json" @@ -50,24 +61,13 @@ jobs: ["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json" ) - # Create cache directory + EXIT_CODE=0 export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache" mkdir -p "$KUBECONFORM_CACHE_DIR" - # Exit code tracking - EXIT_CODE=0 - - # Process all YAML files while IFS= read -r file; do + [ -z "$file" ] && continue echo "=== Validating: $file ===" - - # Skip excluded paths - if [[ "$file" == *".gitea/"* ]] || [[ "$file" == *"clusters/default/system-upgrade/"* ]]; then - echo "Skipping excluded file" - continue - fi - - # Detect resource kind KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "") if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then @@ -75,6 +75,7 @@ jobs: SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" if ! /kubeconform \ + -config /tmp/kubeconform-config.yaml \ -schema-location "$SCHEMA_URL" \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ @@ -84,6 +85,7 @@ jobs: else echo "Validating with default schemas" if ! /kubeconform \ + -config /tmp/kubeconform-config.yaml \ -schema-location default \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ @@ -93,6 +95,6 @@ jobs: fi echo "" - done < <(find . -type f \( -name "*.yml" \) -print) + done <<< "${ALL_CHANGED_FILES}" exit $EXIT_CODE From c7e6aebc3e61259a3d2719c1b8a81ecca8061e14 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:10:44 +0530 Subject: [PATCH 050/108] add missing dep --- .gitea/workflows/kubeconform.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 2343b0f..e1e54d8 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -22,7 +22,8 @@ jobs: jq \ npm \ nodejs \ - bash + bash \ + git - name: Checkout code uses: actions/checkout@v6 From 22e25a1f9f0168e4dbdea81cbd860de839c4133a Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:17:44 +0530 Subject: [PATCH 051/108] try excluding workflows --- .gitea/workflows/kubeconform.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index e1e54d8..5f9c06f 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -36,6 +36,7 @@ jobs: with: files: | **.yml + !.gitea/workflows/** - name: Create kubeconform configuration run: | From 953de482a5ae85ab595ff42fe14f0ca32a0329d6 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:22:55 +0530 Subject: [PATCH 052/108] mess up paperless-secret for testing --- clusters/default/tools/paperless-ngx/paperless-secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-secrets.yml b/clusters/default/tools/paperless-ngx/paperless-secrets.yml index 7d48f4a..2e050fe 100644 --- a/clusters/default/tools/paperless-ngx/paperless-secrets.yml +++ b/clusters/default/tools/paperless-ngx/paperless-secrets.yml @@ -12,4 +12,4 @@ spec: metadata: name: paperless-secrets namespace: tools - type: Opaque + type: Opaque From dfb3b13317ede37fe58f4cb0e272eaa7ce08baf9 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:25:41 +0530 Subject: [PATCH 053/108] remove not needed code --- .gitea/workflows/kubeconform.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 5f9c06f..7a421db 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -38,14 +38,6 @@ jobs: **.yml !.gitea/workflows/** - - name: Create kubeconform configuration - run: | - cat > /tmp/kubeconform-config.yaml << 'EOF' - schema_location: - - default - - "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json" - EOF - - name: Validate Manifests if: steps.changed-files.outputs.any_changed == 'true' env: @@ -77,7 +69,6 @@ jobs: SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" if ! /kubeconform \ - -config /tmp/kubeconform-config.yaml \ -schema-location "$SCHEMA_URL" \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ @@ -87,7 +78,6 @@ jobs: else echo "Validating with default schemas" if ! /kubeconform \ - -config /tmp/kubeconform-config.yaml \ -schema-location default \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ From 41f83d571dfebc18fb5f3a2cad0b127f5dea9bd2 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:25:55 +0530 Subject: [PATCH 054/108] mess with papaerless secret for testing --- clusters/default/tools/paperless-ngx/paperless-secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-secrets.yml b/clusters/default/tools/paperless-ngx/paperless-secrets.yml index 2e050fe..6b36dff 100644 --- a/clusters/default/tools/paperless-ngx/paperless-secrets.yml +++ b/clusters/default/tools/paperless-ngx/paperless-secrets.yml @@ -12,4 +12,4 @@ spec: metadata: name: paperless-secrets namespace: tools - type: Opaque +type: Opaque From 6266f1bc09555905473020f2a346b9577c66b219 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:28:06 +0530 Subject: [PATCH 055/108] more testing on paperless-secret --- clusters/default/tools/paperless-ngx/paperless-secrets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-secrets.yml b/clusters/default/tools/paperless-ngx/paperless-secrets.yml index 6b36dff..243e7d1 100644 --- a/clusters/default/tools/paperless-ngx/paperless-secrets.yml +++ b/clusters/default/tools/paperless-ngx/paperless-secrets.yml @@ -5,11 +5,11 @@ metadata: name: paperless-secrets namespace: tools spec: - encryptedData: +encryptedData: PAPERLESS_CSRF_TRUSTED_ORIGINS: AgAhEaZe3HP8WQeap3HloSs0c4C1IxKyk3Frq0Peheu6adg2pgkaRsDFdIaftgXjMSDWm+thn7vpBtfKLnLI4vM5fGLhMRP7ufW87l9ugYUzEvZIax3/HjhUKpZDjzvIN49FlzMrurXtPA31dxjYAqzC2mrV9WSJ6nCOpUSMeuW71R/DJ5cxD6YM6gXEbepLAPLhrZCz2w0M9MLfkj7CJXkiuE99q03AV8YDwuv/k1xh+U/7VeewTBTk61+2bBGoqJNXby84tAbeI+mhuBvocmAr6Uc0tDR9eY9ruBL8/xkid8ewtzQ2wDGMF1PLN6E6CCEhbNcfsM+x/+okAOIle7XYPY5h5yxqLFV6fSXj/SNI1l3zD9h8DVoUGsVc/NH7WP6xC8kyO1gIDfEOzYNBTjMEUe2lXxzHa0AlF59u1o75Zz4MUbMaWnAn7LR6OMz8Fv4qCEtX8ek/lbr+sC2Hh2zyYI0C8RAQZ5eQJ2Zjstkn6/XqYoqF0d0QUEpN9l8yuXus7O60+JoRD5aVeFSRiQ+wSCrInSv1p0ZX4zZKqxNHaMZIxUfYzSKP/ea05p+500lZhkLmD5z34hxZK6/onvclW6WTtyOeURb6x9nLYuaDxOHiXzxfnrQmpbehtdHhM6wm1G4n7nhvHDEZTYWzsc6fSq+D/bPAlCFExs7LrMAyY9DRfDrwh2hPVQQIFTeIKUdQlg9RdVsM+4NPe9qgAb+LEZQGrME1Sg== PAPERLESS_URL: AgAs6ZzSqeDlof3DBp/yj4yvqDb5te4H+U6M3tlvfd5ZlccLWBHcf5A3bw8QvvEx0hXfRQlIycjCBDpdNlpo/wf7VMj4J+hut6ttPF3KFmK9yAwZikAXcjl680B0z847IvDUKILvj4pdrPJ/qx2M/3HgDiioHguTnR9jjwu1IgVflrGbWnOl+DMvK9TsbJHxVe4WZb5pgu48wF5ncllF4+aKrh5c3gFATaeR8A8T0LbeId8O885tiiT3wYKOhzRrFajJWG5P5ZHaVxTroU+PsPhGfaH6yqPLh37Ek/6MM1ktxzuxknrLIhhgG8rTTseLE9vGFNAl1Q8tgLmckPmVSzekTTYf5Ltfe676CPSM2KnCd+/KPs/wYinHImZGHQyx0ZOsXG3pphiouQ6witrQ0cXEGAEoef2cbLKFBS4VWbTPy/J/dLfY4SCbFya03oDfj0FRzyuMm4nN08lQvQN2UUL4IL535Hl65aNyTcH6ja/s0Y6u/ixE0Tl8klv/uNUhh5x1T4BJqSvB2Dr3UICR91VwYIU2gXMfyIOsTIhyBktU0/lABhB+MdWxCar01TsG/1HsCzyCMSws+IXl0Qppj2uu5Yp9/lmBqswR//+eXMUGoG1dOzAoupPlv28AqZkMSx1j0Ta/FtO1TvIFCOO9MJdEdzZrRtILahbsrkHKPYAuHn77qtxnzADmYnW4lP0H5j3RB6wlYQ6Dn8cNMIWiiIM79fedQNKHkuAA template: metadata: name: paperless-secrets namespace: tools -type: Opaque + type: Opaque From 3858ffc741292a70c5ad3ac971a9673c64c1b1f1 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:29:10 +0530 Subject: [PATCH 056/108] correct indentaion for paperless-secret --- clusters/default/tools/paperless-ngx/paperless-secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-secrets.yml b/clusters/default/tools/paperless-ngx/paperless-secrets.yml index 243e7d1..7d48f4a 100644 --- a/clusters/default/tools/paperless-ngx/paperless-secrets.yml +++ b/clusters/default/tools/paperless-ngx/paperless-secrets.yml @@ -5,7 +5,7 @@ metadata: name: paperless-secrets namespace: tools spec: -encryptedData: + encryptedData: PAPERLESS_CSRF_TRUSTED_ORIGINS: AgAhEaZe3HP8WQeap3HloSs0c4C1IxKyk3Frq0Peheu6adg2pgkaRsDFdIaftgXjMSDWm+thn7vpBtfKLnLI4vM5fGLhMRP7ufW87l9ugYUzEvZIax3/HjhUKpZDjzvIN49FlzMrurXtPA31dxjYAqzC2mrV9WSJ6nCOpUSMeuW71R/DJ5cxD6YM6gXEbepLAPLhrZCz2w0M9MLfkj7CJXkiuE99q03AV8YDwuv/k1xh+U/7VeewTBTk61+2bBGoqJNXby84tAbeI+mhuBvocmAr6Uc0tDR9eY9ruBL8/xkid8ewtzQ2wDGMF1PLN6E6CCEhbNcfsM+x/+okAOIle7XYPY5h5yxqLFV6fSXj/SNI1l3zD9h8DVoUGsVc/NH7WP6xC8kyO1gIDfEOzYNBTjMEUe2lXxzHa0AlF59u1o75Zz4MUbMaWnAn7LR6OMz8Fv4qCEtX8ek/lbr+sC2Hh2zyYI0C8RAQZ5eQJ2Zjstkn6/XqYoqF0d0QUEpN9l8yuXus7O60+JoRD5aVeFSRiQ+wSCrInSv1p0ZX4zZKqxNHaMZIxUfYzSKP/ea05p+500lZhkLmD5z34hxZK6/onvclW6WTtyOeURb6x9nLYuaDxOHiXzxfnrQmpbehtdHhM6wm1G4n7nhvHDEZTYWzsc6fSq+D/bPAlCFExs7LrMAyY9DRfDrwh2hPVQQIFTeIKUdQlg9RdVsM+4NPe9qgAb+LEZQGrME1Sg== PAPERLESS_URL: AgAs6ZzSqeDlof3DBp/yj4yvqDb5te4H+U6M3tlvfd5ZlccLWBHcf5A3bw8QvvEx0hXfRQlIycjCBDpdNlpo/wf7VMj4J+hut6ttPF3KFmK9yAwZikAXcjl680B0z847IvDUKILvj4pdrPJ/qx2M/3HgDiioHguTnR9jjwu1IgVflrGbWnOl+DMvK9TsbJHxVe4WZb5pgu48wF5ncllF4+aKrh5c3gFATaeR8A8T0LbeId8O885tiiT3wYKOhzRrFajJWG5P5ZHaVxTroU+PsPhGfaH6yqPLh37Ek/6MM1ktxzuxknrLIhhgG8rTTseLE9vGFNAl1Q8tgLmckPmVSzekTTYf5Ltfe676CPSM2KnCd+/KPs/wYinHImZGHQyx0ZOsXG3pphiouQ6witrQ0cXEGAEoef2cbLKFBS4VWbTPy/J/dLfY4SCbFya03oDfj0FRzyuMm4nN08lQvQN2UUL4IL535Hl65aNyTcH6ja/s0Y6u/ixE0Tl8klv/uNUhh5x1T4BJqSvB2Dr3UICR91VwYIU2gXMfyIOsTIhyBktU0/lABhB+MdWxCar01TsG/1HsCzyCMSws+IXl0Qppj2uu5Yp9/lmBqswR//+eXMUGoG1dOzAoupPlv28AqZkMSx1j0Ta/FtO1TvIFCOO9MJdEdzZrRtILahbsrkHKPYAuHn77qtxnzADmYnW4lP0H5j3RB6wlYQ6Dn8cNMIWiiIM79fedQNKHkuAA template: From 0bb6dcac6aceffc9187b9b2ad527d04b254c4f45 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:30:04 +0530 Subject: [PATCH 057/108] mess with paperless-pvc for testing --- clusters/default/tools/paperless-ngx/paperless-pvc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-pvc.yml b/clusters/default/tools/paperless-ngx/paperless-pvc.yml index ad6255c..a87b531 100644 --- a/clusters/default/tools/paperless-ngx/paperless-pvc.yml +++ b/clusters/default/tools/paperless-ngx/paperless-pvc.yml @@ -26,4 +26,4 @@ spec: resources: requests: storage: 1Gi - storageClassName: longhorn + storageClass: longhorn From 1766460069ecdd35e9f54dbbc6d84474f784fa3e Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 16:33:55 +0530 Subject: [PATCH 058/108] fix paperless-ngx pvc --- clusters/default/tools/paperless-ngx/paperless-pvc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-pvc.yml b/clusters/default/tools/paperless-ngx/paperless-pvc.yml index a87b531..ad6255c 100644 --- a/clusters/default/tools/paperless-ngx/paperless-pvc.yml +++ b/clusters/default/tools/paperless-ngx/paperless-pvc.yml @@ -26,4 +26,4 @@ spec: resources: requests: storage: 1Gi - storageClass: longhorn + storageClassName: longhorn From 30643496f46e0ba5d4b82a550dc407ee087fbf19 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 18:17:00 +0530 Subject: [PATCH 059/108] remove unused models configuration from ollama HelmRelease --- clusters/default/helm/ollama/ollama-release.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/clusters/default/helm/ollama/ollama-release.yml b/clusters/default/helm/ollama/ollama-release.yml index b37ceb2..19ca6e2 100644 --- a/clusters/default/helm/ollama/ollama-release.yml +++ b/clusters/default/helm/ollama/ollama-release.yml @@ -26,9 +26,6 @@ spec: gpu: enabled: true type: nvidia - models: - pull: - - qwen2.5-coder:1.5b service: type: LoadBalancer port: 2123 From ed380aca4000e0e97ba83f2fd23919b325cb0129 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 22:23:10 +0530 Subject: [PATCH 060/108] increase ollama-longhorn PVC size to 10Gi --- clusters/default/helm/ollama/ollama-pvc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/ollama/ollama-pvc.yml b/clusters/default/helm/ollama/ollama-pvc.yml index 01c5777..7d23a9a 100644 --- a/clusters/default/helm/ollama/ollama-pvc.yml +++ b/clusters/default/helm/ollama/ollama-pvc.yml @@ -10,5 +10,5 @@ spec: volumeMode: Filesystem resources: requests: - storage: 4Gi + storage: 10Gi storageClassName: longhorn From c5b8c84a3c53684dba8b7bb7fb179045aec5f0e4 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 22:59:55 +0530 Subject: [PATCH 061/108] better handle multiple manifests in same file --- .gitea/workflows/kubeconform.yml | 45 ++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 7a421db..1382ca7 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -53,6 +53,7 @@ jobs: ["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json" ["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json" ["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json" + ["Plan"]="upgrade.cattle.io/plan_v1.json" ) EXIT_CODE=0 @@ -62,29 +63,33 @@ jobs: while IFS= read -r file; do [ -z "$file" ] && continue echo "=== Validating: $file ===" - KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "") + MANIFESTS=$(yq e '.[]' "$file" | jq -c 'select(.kind != null)') - if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then - echo "Found $KIND - using custom schema" - SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" + for manifest in "${MANIFESTS[@]}"; do + KIND=$(echo $manifest | yq -r '.kind // ""') - if ! /kubeconform \ - -schema-location "$SCHEMA_URL" \ - -cache "$KUBECONFORM_CACHE_DIR" \ - -output json \ - "$file"; then - EXIT_CODE=1 + if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then + echo "Found $KIND - using custom schema" + SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" + + if ! /kubeconform \ + -schema-location "$SCHEMA_URL" \ + -cache "$KUBECONFORM_CACHE_DIR" \ + -output json \ + "$manifest"; then + EXIT_CODE=1 + fi + else + echo "Validating with default schemas" + if ! /kubeconform \ + -schema-location default \ + -cache "$KUBECONFORM_CACHE_DIR" \ + -output json \ + "$manifest"; then + EXIT_CODE=1 + fi fi - else - echo "Validating with default schemas" - if ! /kubeconform \ - -schema-location default \ - -cache "$KUBECONFORM_CACHE_DIR" \ - -output json \ - "$file"; then - EXIT_CODE=1 - fi - fi + done echo "" done <<< "${ALL_CHANGED_FILES}" From 944bc1f158bf3864eb1b537181aa615c15040790 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:00:14 +0530 Subject: [PATCH 062/108] change yaml to yml --- ...stem-upgrade-controller.yaml => system-upgrade-controller.yml} | 0 .../{system-upgrade-plan.yaml => system-upgrade-plan.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename clusters/default/system-upgrade/{system-upgrade-controller.yaml => system-upgrade-controller.yml} (100%) rename clusters/default/system-upgrade/{system-upgrade-plan.yaml => system-upgrade-plan.yml} (100%) diff --git a/clusters/default/system-upgrade/system-upgrade-controller.yaml b/clusters/default/system-upgrade/system-upgrade-controller.yml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-controller.yaml rename to clusters/default/system-upgrade/system-upgrade-controller.yml diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yaml b/clusters/default/system-upgrade/system-upgrade-plan.yml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-plan.yaml rename to clusters/default/system-upgrade/system-upgrade-plan.yml From 0345ca3f5bc5ab5b21f4dad8a03830d607a74e28 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:07:40 +0530 Subject: [PATCH 063/108] run workflow on push event --- .gitea/workflows/kubeconform.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 1382ca7..1e33203 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -1,10 +1,10 @@ name: Validate Kubernetes Manifests on: - pull_request: - branches: [main] push: - branches: [main] + paths: + - '**.yml' + - '! .gitea/workflows/**' jobs: kubeconform: From 4226377ff4075c7f3632010b91362fb7b08cf1c6 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:10:04 +0530 Subject: [PATCH 064/108] run kubeconform on push paths --- .gitea/workflows/kubeconform.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 1e33203..2473c17 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -4,7 +4,9 @@ on: push: paths: - '**.yml' + - '**.yaml' - '! .gitea/workflows/**' + - '! clusters/**/system-upgrade/crd.yml' jobs: kubeconform: From 7f7416de79f3c2bac787d5a49f78cf9fac3e2d10 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:10:12 +0530 Subject: [PATCH 065/108] change yml to yaml --- ...stem-upgrade-controller.yml => system-upgrade-controller.yaml} | 0 .../{system-upgrade-plan.yml => system-upgrade-plan.yaml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename clusters/default/system-upgrade/{system-upgrade-controller.yml => system-upgrade-controller.yaml} (100%) rename clusters/default/system-upgrade/{system-upgrade-plan.yml => system-upgrade-plan.yaml} (100%) diff --git a/clusters/default/system-upgrade/system-upgrade-controller.yml b/clusters/default/system-upgrade/system-upgrade-controller.yaml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-controller.yml rename to clusters/default/system-upgrade/system-upgrade-controller.yaml diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yml b/clusters/default/system-upgrade/system-upgrade-plan.yaml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-plan.yml rename to clusters/default/system-upgrade/system-upgrade-plan.yaml From 710afcb1e4ccb6e09944dc49417759ff40a6f869 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:11:13 +0530 Subject: [PATCH 066/108] exclude system-upgrade crd.yml from changed files in kubeconform workflow --- .gitea/workflows/kubeconform.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 2473c17..87e0d46 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -39,6 +39,7 @@ jobs: files: | **.yml !.gitea/workflows/** + !clusters/**/system-upgrade/crd.yml - name: Validate Manifests if: steps.changed-files.outputs.any_changed == 'true' From bb39ae220515c0262aeea5e0b95bef0e086997af Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:12:45 +0530 Subject: [PATCH 067/108] remove whitespace --- .gitea/workflows/kubeconform.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 87e0d46..360750e 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -5,8 +5,8 @@ on: paths: - '**.yml' - '**.yaml' - - '! .gitea/workflows/**' - - '! clusters/**/system-upgrade/crd.yml' + - '!.gitea/workflows/**' + - '!clusters/**/system-upgrade/crd.yml' jobs: kubeconform: From 574b37d001ad4cad769b17fb87e335889b594158 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:14:25 +0530 Subject: [PATCH 068/108] change yaml to yml --- ...stem-upgrade-controller.yaml => system-upgrade-controller.yml} | 0 .../{system-upgrade-plan.yaml => system-upgrade-plan.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename clusters/default/system-upgrade/{system-upgrade-controller.yaml => system-upgrade-controller.yml} (100%) rename clusters/default/system-upgrade/{system-upgrade-plan.yaml => system-upgrade-plan.yml} (100%) diff --git a/clusters/default/system-upgrade/system-upgrade-controller.yaml b/clusters/default/system-upgrade/system-upgrade-controller.yml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-controller.yaml rename to clusters/default/system-upgrade/system-upgrade-controller.yml diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yaml b/clusters/default/system-upgrade/system-upgrade-plan.yml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-plan.yaml rename to clusters/default/system-upgrade/system-upgrade-plan.yml From fbfce95e047a91bc4f9f07c92ace4d437777923c Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:15:48 +0530 Subject: [PATCH 069/108] use for loop --- .gitea/workflows/kubeconform.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 360750e..c035058 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -63,7 +63,7 @@ jobs: export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache" mkdir -p "$KUBECONFORM_CACHE_DIR" - while IFS= read -r file; do + for file in ${ALL_CHANGED_FILES}; do [ -z "$file" ] && continue echo "=== Validating: $file ===" MANIFESTS=$(yq e '.[]' "$file" | jq -c 'select(.kind != null)') @@ -95,6 +95,6 @@ jobs: done echo "" - done <<< "${ALL_CHANGED_FILES}" + done exit $EXIT_CODE From 0dbb31218369c18e0bf9b02fd9874b04f8ac3b19 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:16:13 +0530 Subject: [PATCH 070/108] change yml to yaml --- ...stem-upgrade-controller.yml => system-upgrade-controller.yaml} | 0 .../{system-upgrade-plan.yml => system-upgrade-plan.yaml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename clusters/default/system-upgrade/{system-upgrade-controller.yml => system-upgrade-controller.yaml} (100%) rename clusters/default/system-upgrade/{system-upgrade-plan.yml => system-upgrade-plan.yaml} (100%) diff --git a/clusters/default/system-upgrade/system-upgrade-controller.yml b/clusters/default/system-upgrade/system-upgrade-controller.yaml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-controller.yml rename to clusters/default/system-upgrade/system-upgrade-controller.yaml diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yml b/clusters/default/system-upgrade/system-upgrade-plan.yaml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-plan.yml rename to clusters/default/system-upgrade/system-upgrade-plan.yaml From afaf34bd03a8e54563edb852124937677d538595 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:18:12 +0530 Subject: [PATCH 071/108] update upgrade channel to v1.33 in system-upgrade-plan.yaml --- clusters/default/system-upgrade/system-upgrade-plan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yaml b/clusters/default/system-upgrade/system-upgrade-plan.yaml index cbf64b5..e4b661d 100644 --- a/clusters/default/system-upgrade/system-upgrade-plan.yaml +++ b/clusters/default/system-upgrade/system-upgrade-plan.yaml @@ -16,7 +16,7 @@ spec: serviceAccountName: system-upgrade upgrade: image: rancher/k3s-upgrade - channel: https://update.k3s.io/v1-release/channels/stable + channel: https://update.k3s.io/v1-release/channels/v1.33 --- # Agent plan apiVersion: upgrade.cattle.io/v1 @@ -39,4 +39,4 @@ spec: serviceAccountName: system-upgrade upgrade: image: rancher/k3s-upgrade - channel: https://update.k3s.io/v1-release/channels/stable + channel: https://update.k3s.io/v1-release/channels/v1.33 From 43eb949c42c629fef62221064cca635f15e0dd31 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:21:20 +0530 Subject: [PATCH 072/108] update kubeconform.yml to specify exact path for crd.yml exclusion --- .gitea/workflows/kubeconform.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index c035058..c2f2da1 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -6,7 +6,7 @@ on: - '**.yml' - '**.yaml' - '!.gitea/workflows/**' - - '!clusters/**/system-upgrade/crd.yml' + - '!clusters/default/system-upgrade/crd.yml' jobs: kubeconform: @@ -39,7 +39,7 @@ jobs: files: | **.yml !.gitea/workflows/** - !clusters/**/system-upgrade/crd.yml + !clusters/default/system-upgrade/crd.yml - name: Validate Manifests if: steps.changed-files.outputs.any_changed == 'true' From 7153d73e91e2e897286641d8f634dca27cac6919 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:21:42 +0530 Subject: [PATCH 073/108] change yaml to yml --- ...stem-upgrade-controller.yaml => system-upgrade-controller.yml} | 0 .../{system-upgrade-plan.yaml => system-upgrade-plan.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename clusters/default/system-upgrade/{system-upgrade-controller.yaml => system-upgrade-controller.yml} (100%) rename clusters/default/system-upgrade/{system-upgrade-plan.yaml => system-upgrade-plan.yml} (100%) diff --git a/clusters/default/system-upgrade/system-upgrade-controller.yaml b/clusters/default/system-upgrade/system-upgrade-controller.yml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-controller.yaml rename to clusters/default/system-upgrade/system-upgrade-controller.yml diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yaml b/clusters/default/system-upgrade/system-upgrade-plan.yml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-plan.yaml rename to clusters/default/system-upgrade/system-upgrade-plan.yml From 0eac330ab1f46d1e5b1e2b8a36c5f0c4cbc88fdc Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:25:14 +0530 Subject: [PATCH 074/108] fix yq. set -o=json --- .gitea/workflows/kubeconform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index c2f2da1..5360fd5 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -66,7 +66,7 @@ jobs: for file in ${ALL_CHANGED_FILES}; do [ -z "$file" ] && continue echo "=== Validating: $file ===" - MANIFESTS=$(yq e '.[]' "$file" | jq -c 'select(.kind != null)') + MANIFESTS=$(yq e -o=json '.[]' "$file" | jq -c 'select(.kind != null)') for manifest in "${MANIFESTS[@]}"; do KIND=$(echo $manifest | yq -r '.kind // ""') From d6e50190f6cf613e7787aa7fe7486db7b51c828c Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:25:49 +0530 Subject: [PATCH 075/108] change channel to stable --- clusters/default/system-upgrade/system-upgrade-plan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yml b/clusters/default/system-upgrade/system-upgrade-plan.yml index e4b661d..cbf64b5 100644 --- a/clusters/default/system-upgrade/system-upgrade-plan.yml +++ b/clusters/default/system-upgrade/system-upgrade-plan.yml @@ -16,7 +16,7 @@ spec: serviceAccountName: system-upgrade upgrade: image: rancher/k3s-upgrade - channel: https://update.k3s.io/v1-release/channels/v1.33 + channel: https://update.k3s.io/v1-release/channels/stable --- # Agent plan apiVersion: upgrade.cattle.io/v1 @@ -39,4 +39,4 @@ spec: serviceAccountName: system-upgrade upgrade: image: rancher/k3s-upgrade - channel: https://update.k3s.io/v1-release/channels/v1.33 + channel: https://update.k3s.io/v1-release/channels/stable From 5db735d5bedbf1952d6312ac80a16c77a53045ae Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:27:57 +0530 Subject: [PATCH 076/108] split yaml into individual docs --- .gitea/workflows/kubeconform.yml | 49 ++++++++++++++++---------------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 5360fd5..b81c116 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -66,33 +66,34 @@ jobs: for file in ${ALL_CHANGED_FILES}; do [ -z "$file" ] && continue echo "=== Validating: $file ===" - MANIFESTS=$(yq e -o=json '.[]' "$file" | jq -c 'select(.kind != null)') + # Split YAML into individual docs, output as JSON, and process each + yq e -o=json '. as $item ireduce ([]; . + [$item])' "$file" | \ + jq -c '.[] | select(.kind != null)' | \ + while read -r manifest; do + KIND=$(echo "$manifest" | jq -r '.kind // ""') - for manifest in "${MANIFESTS[@]}"; do - KIND=$(echo $manifest | yq -r '.kind // ""') + if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then + echo "Found $KIND - using custom schema" + SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" - if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then - echo "Found $KIND - using custom schema" - SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" - - if ! /kubeconform \ - -schema-location "$SCHEMA_URL" \ - -cache "$KUBECONFORM_CACHE_DIR" \ - -output json \ - "$manifest"; then - EXIT_CODE=1 + if ! echo "$manifest" | /kubeconform \ + -schema-location "$SCHEMA_URL" \ + -cache "$KUBECONFORM_CACHE_DIR" \ + -output json \ + -; then + EXIT_CODE=1 + fi + else + echo "Validating with default schemas" + if ! echo "$manifest" | /kubeconform \ + -schema-location default \ + -cache "$KUBECONFORM_CACHE_DIR" \ + -output json \ + -; then + EXIT_CODE=1 + fi fi - else - echo "Validating with default schemas" - if ! /kubeconform \ - -schema-location default \ - -cache "$KUBECONFORM_CACHE_DIR" \ - -output json \ - "$manifest"; then - EXIT_CODE=1 - fi - fi - done + done echo "" done From 425d2ed0e07a5ed0f7b3fb5e6db28ed74fecaaef Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 12 Dec 2025 23:28:25 +0530 Subject: [PATCH 077/108] change to v1.33 --- clusters/default/system-upgrade/system-upgrade-plan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yml b/clusters/default/system-upgrade/system-upgrade-plan.yml index cbf64b5..e4b661d 100644 --- a/clusters/default/system-upgrade/system-upgrade-plan.yml +++ b/clusters/default/system-upgrade/system-upgrade-plan.yml @@ -16,7 +16,7 @@ spec: serviceAccountName: system-upgrade upgrade: image: rancher/k3s-upgrade - channel: https://update.k3s.io/v1-release/channels/stable + channel: https://update.k3s.io/v1-release/channels/v1.33 --- # Agent plan apiVersion: upgrade.cattle.io/v1 @@ -39,4 +39,4 @@ spec: serviceAccountName: system-upgrade upgrade: image: rancher/k3s-upgrade - channel: https://update.k3s.io/v1-release/channels/stable + channel: https://update.k3s.io/v1-release/channels/v1.33 From d05a7c19c8a82f6bae291c8e064e064838959fab Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 12 Dec 2025 18:01:16 +0000 Subject: [PATCH 078/108] Update rancher/system-upgrade-controller Docker tag to v0.18.0 --- clusters/default/system-upgrade/system-upgrade-controller.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/system-upgrade/system-upgrade-controller.yml b/clusters/default/system-upgrade/system-upgrade-controller.yml index 3a178e3..2240d63 100644 --- a/clusters/default/system-upgrade/system-upgrade-controller.yml +++ b/clusters/default/system-upgrade/system-upgrade-controller.yml @@ -264,7 +264,7 @@ spec: envFrom: - configMapRef: name: default-controller-env - image: rancher/system-upgrade-controller:v0.16.3 + image: rancher/system-upgrade-controller:v0.18.0 imagePullPolicy: IfNotPresent name: system-upgrade-controller securityContext: From 1c2d139941ecbe148525080e324d400469116bce Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 13 Dec 2025 00:02:11 +0000 Subject: [PATCH 079/108] Update searxng/searxng Docker digest to b88ef00 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index f42d20d..4c3eb1c 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:95e59f5ba7d48b4c7ee92f2705907e52c5b98715b0d8c4802863322a502a8c4a + image: searxng/searxng@sha256:b88ef002ab1d9a901766f9eb59779089a74e8f444477e0151fa8cd1f91a02006 ports: - containerPort: 8080 env: From 3c6d66009075784c0443a016cb4c39df55313517 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 13 Dec 2025 00:02:13 +0000 Subject: [PATCH 080/108] Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.20.2 --- clusters/default/tools/paperless-ngx/paperless-ngx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index b6dbfb5..e51cde7 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -21,7 +21,7 @@ spec: command: ['sh', '-c', 'until nc -z paperless-ngx-db-service 6379; do echo waiting for redis; sleep 2; done;'] containers: - name: paperless-ngx - image: ghcr.io/paperless-ngx/paperless-ngx:2.20.1 + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.2 ports: - containerPort: 8000 env: From 07c879498a1f1a40fb1723aa740b8864d0e53285 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 14 Dec 2025 00:02:50 +0000 Subject: [PATCH 081/108] Update docker Docker tag to v29.1.3 --- clusters/default/git-ops/gitea-act/gitea-act.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml index daf8889..50f729c 100644 --- a/clusters/default/git-ops/gitea-act/gitea-act.yml +++ b/clusters/default/git-ops/gitea-act/gitea-act.yml @@ -67,7 +67,7 @@ spec: - name: runner-data mountPath: /data - name: daemon - image: docker:29.1.2-dind + image: docker:29.1.3-dind env: - name: DOCKER_TLS_CERTDIR value: /certs From 4a5b7be9626566017d20faec3cf74724fc7bd691 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 15 Dec 2025 00:02:52 +0000 Subject: [PATCH 082/108] Update Helm release ollama to v1.36.0 --- clusters/default/helm/ollama/ollama-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/ollama/ollama-release.yml b/clusters/default/helm/ollama/ollama-release.yml index 19ca6e2..c6baee1 100644 --- a/clusters/default/helm/ollama/ollama-release.yml +++ b/clusters/default/helm/ollama/ollama-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: ollama - version: "1.35.0" + version: "1.36.0" sourceRef: kind: HelmRepository name: ollama From 630699e7afc439268db721e1339db659122f9d7e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 15 Dec 2025 18:01:07 +0000 Subject: [PATCH 083/108] Update jellyfin/jellyfin Docker tag to v10.11.5 --- clusters/default/media/jellyfin/jellyfin.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/jellyfin/jellyfin.yml b/clusters/default/media/jellyfin/jellyfin.yml index 1058724..285f838 100644 --- a/clusters/default/media/jellyfin/jellyfin.yml +++ b/clusters/default/media/jellyfin/jellyfin.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: jellyfin - image: jellyfin/jellyfin:10.11.4 + image: jellyfin/jellyfin:10.11.5 ports: - containerPort: 8096 volumeMounts: From 0607d9d9d188bcb35c60636fba16c50526f5c5a6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 15 Dec 2025 18:01:11 +0000 Subject: [PATCH 084/108] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.12.4 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index fc6c38b..e550220 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.12.3 + image: lscr.io/linuxserver/speedtest-tracker:1.12.4 ports: - containerPort: 80 env: From 9c96d94dd59c95a9aa45dd6e420640a773d2e610 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 16 Dec 2025 00:02:05 +0000 Subject: [PATCH 085/108] Update quay.io/invidious/invidious-companion Docker digest to 07a1dd6 --- clusters/default/media/invidious/invidious-companion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/invidious/invidious-companion.yml b/clusters/default/media/invidious/invidious-companion.yml index 258eac2..154ab43 100644 --- a/clusters/default/media/invidious/invidious-companion.yml +++ b/clusters/default/media/invidious/invidious-companion.yml @@ -15,7 +15,7 @@ spec: spec: containers: - name: inv-companion - image: quay.io/invidious/invidious-companion@sha256:d68a312073920572e39b0d4ae486f22885819567fae5fac23220f7b750f8e295 + image: quay.io/invidious/invidious-companion@sha256:07a1dd6893e6311e341067cf61ba5f920184e40339e4b4e195f5713f99311343 env: - name: SERVER_SECRET_KEY valueFrom: From 12073c6160b325c719f55b58bfb801e2ed5c2572 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 16 Dec 2025 00:02:08 +0000 Subject: [PATCH 086/108] Update public.ecr.aws/semaphore/pro/server Docker tag to v2.16.46 --- clusters/default/git-ops/semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/semaphore/semaphore.yml b/clusters/default/git-ops/semaphore/semaphore.yml index 302a5cd..a55d458 100644 --- a/clusters/default/git-ops/semaphore/semaphore.yml +++ b/clusters/default/git-ops/semaphore/semaphore.yml @@ -22,7 +22,7 @@ spec: command: ['sh', '-c', 'until nc -z -v -w30 semaphore-db-service 3306; do echo "Waiting for database connection..."; sleep 5; done;'] containers: - name: semaphore - image: public.ecr.aws/semaphore/pro/server:v2.16.45 + image: public.ecr.aws/semaphore/pro/server:v2.16.46 ports: - containerPort: 3000 envFrom: From eb37c3e8d9d6f3f57bdb8ef2be7c0c5b3a481487 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 16 Dec 2025 17:47:03 +0000 Subject: [PATCH 087/108] Update collabora/code Docker tag to v25.04.8.1.1 --- clusters/default/tools/nextcloud/collabora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/nextcloud/collabora.yml b/clusters/default/tools/nextcloud/collabora.yml index be50d65..7ae1fff 100644 --- a/clusters/default/tools/nextcloud/collabora.yml +++ b/clusters/default/tools/nextcloud/collabora.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: collabora - image: collabora/code:25.04.7.3.1 + image: collabora/code:25.04.8.1.1 ports: - containerPort: 9980 env: From f771cb46d8927780c8ac05909151dbf5c67f92bf Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 16 Dec 2025 17:47:13 +0000 Subject: [PATCH 088/108] Update Helm release prometheus to v27.51.0 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index cc6756b..4db54b5 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.50.1" + version: "27.51.0" sourceRef: kind: HelmRepository name: prometheus-community From 3cd55c9063c4beca1660797b051f85fc47640f7c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 16 Dec 2025 17:48:02 +0000 Subject: [PATCH 089/108] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.13.0 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index e550220..13b7429 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.12.4 + image: lscr.io/linuxserver/speedtest-tracker:1.13.0 ports: - containerPort: 80 env: From 2bc8629208d6fe50bf880f9d15a48ff8f55f47f6 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 17 Dec 2025 20:43:24 +0530 Subject: [PATCH 090/108] use statefulSets and readinessProbes instead of initContainers --- .../default/git-ops/gitea-act/gitea-act.yml | 23 ++++++++----------- clusters/default/git-ops/gitea/gitea-db.yml | 19 +++++++++------ clusters/default/git-ops/gitea/gitea-pvc.yml | 15 ------------ clusters/default/git-ops/gitea/gitea-svc.yml | 10 ++++---- clusters/default/git-ops/gitea/gitea.yml | 23 +++++++++---------- 5 files changed, 38 insertions(+), 52 deletions(-) diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml index 50f729c..2661c42 100644 --- a/clusters/default/git-ops/gitea-act/gitea-act.yml +++ b/clusters/default/git-ops/gitea-act/gitea-act.yml @@ -19,29 +19,26 @@ spec: app: gitea-act-runner spec: restartPolicy: Always - hostNetwork: true volumes: - name: docker-certs emptyDir: {} - name: runner-data persistentVolumeClaim: claimName: gitea-act-runner-longhorn - initContainers: - - name: wait-for-gitea - image: busybox - command: - - sh - - -c - - | - while ! nc -z gitea.akshun-lab.cc 443; do - echo "Waiting for Gitea to be ready..." - sleep 5 - done - echo "Gitea is ready!" containers: - name: runner image: gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944 command: ["sh", "-c", "while ! nc -z localhost 2376 Date: Wed, 17 Dec 2025 20:43:59 +0530 Subject: [PATCH 091/108] use statefulSets and readinessProbes instead of initContainers --- .../git-ops/semaphore/semaphore-configmap.yml | 2 +- .../git-ops/semaphore/semaphore-db.yml | 23 +++++++++++-------- .../git-ops/semaphore/semaphore-pvc.yml | 14 ----------- .../git-ops/semaphore/semaphore-svc.yml | 6 +++-- .../default/git-ops/semaphore/semaphore.yml | 17 ++++++++++---- 5 files changed, 30 insertions(+), 32 deletions(-) delete mode 100644 clusters/default/git-ops/semaphore/semaphore-pvc.yml diff --git a/clusters/default/git-ops/semaphore/semaphore-configmap.yml b/clusters/default/git-ops/semaphore/semaphore-configmap.yml index 4cd6f6c..65e15b8 100644 --- a/clusters/default/git-ops/semaphore/semaphore-configmap.yml +++ b/clusters/default/git-ops/semaphore/semaphore-configmap.yml @@ -6,7 +6,7 @@ metadata: namespace: git-ops data: SEMAPHORE_DB_USER: "semaphore" - SEMAPHORE_DB_HOST: "semaphore-db-service" + SEMAPHORE_DB_HOST: "semaphore-db" SEMAPHORE_DB_PORT: "3306" SEMAPHORE_DB_DIALECT: "mysql" SEMAPHORE_DB: "semaphore" diff --git a/clusters/default/git-ops/semaphore/semaphore-db.yml b/clusters/default/git-ops/semaphore/semaphore-db.yml index cc04b70..9ce4304 100644 --- a/clusters/default/git-ops/semaphore/semaphore-db.yml +++ b/clusters/default/git-ops/semaphore/semaphore-db.yml @@ -1,16 +1,15 @@ --- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: semaphore-db namespace: git-ops spec: - strategy: - type: Recreate - replicas: 1 selector: matchLabels: app: semaphore-db + serviceName: semaphore-db + replicas: 1 template: metadata: labels: @@ -34,10 +33,14 @@ spec: name: semaphore-secrets key: mysql_password volumeMounts: - - name: db + - name: semaphore-db mountPath: /var/lib/mysql - subPath: db - volumes: - - name: db - persistentVolumeClaim: - claimName: semaphore-longhorn + volumeClaimTemplates: + - metadata: + name: semaphore-db + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 2Gi + storageClassName: longhorn diff --git a/clusters/default/git-ops/semaphore/semaphore-pvc.yml b/clusters/default/git-ops/semaphore/semaphore-pvc.yml deleted file mode 100644 index b83e2ba..0000000 --- a/clusters/default/git-ops/semaphore/semaphore-pvc.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: semaphore-longhorn - namespace: git-ops -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 2Gi - storageClassName: longhorn diff --git a/clusters/default/git-ops/semaphore/semaphore-svc.yml b/clusters/default/git-ops/semaphore/semaphore-svc.yml index add1116..659eba5 100644 --- a/clusters/default/git-ops/semaphore/semaphore-svc.yml +++ b/clusters/default/git-ops/semaphore/semaphore-svc.yml @@ -12,14 +12,15 @@ spec: selector: app: semaphore ports: - - port: 3002 + - name: http + port: 3002 targetPort: 3000 --- apiVersion: v1 kind: Service metadata: - name: semaphore-db-service + name: semaphore-db namespace: git-ops spec: selector: @@ -27,3 +28,4 @@ spec: ports: - port: 3306 targetPort: 3306 + clusterIP: None diff --git a/clusters/default/git-ops/semaphore/semaphore.yml b/clusters/default/git-ops/semaphore/semaphore.yml index a55d458..2308396 100644 --- a/clusters/default/git-ops/semaphore/semaphore.yml +++ b/clusters/default/git-ops/semaphore/semaphore.yml @@ -16,15 +16,22 @@ spec: labels: app: semaphore spec: - initContainers: - - name: wait-for-db - image: busybox - command: ['sh', '-c', 'until nc -z -v -w30 semaphore-db-service 3306; do echo "Waiting for database connection..."; sleep 5; done;'] containers: - name: semaphore image: public.ecr.aws/semaphore/pro/server:v2.16.46 + readinessProbe: + exec: + command: + - sh + - -c + - | + nc -z semaphore-db.git-ops.svc.cluster.local 3306 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 3 ports: - - containerPort: 3000 + - name: http + containerPort: 3000 envFrom: - configMapRef: name: semaphore-config From d9fad4fa927396e5d274747a05ae3d6f00b78628 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 17 Dec 2025 20:44:13 +0530 Subject: [PATCH 092/108] use statefulSets and readinessProbes instead of initContainers --- clusters/default/media/immich/immich-db.yml | 41 ++++++++++------- .../default/media/immich/immich-redis.yml | 23 ++++++++++ clusters/default/media/immich/immich-svc.yml | 14 +++--- clusters/default/media/immich/immich.yml | 45 +++++++------------ 4 files changed, 72 insertions(+), 51 deletions(-) create mode 100644 clusters/default/media/immich/immich-redis.yml diff --git a/clusters/default/media/immich/immich-db.yml b/clusters/default/media/immich/immich-db.yml index 4c19bd8..43f33b4 100644 --- a/clusters/default/media/immich/immich-db.yml +++ b/clusters/default/media/immich/immich-db.yml @@ -1,30 +1,33 @@ --- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: - name: immich-db + name: immich-psql namespace: media spec: selector: matchLabels: - app: immich-db + app: immich-psql + serviceName: immich-psql + replicas: 1 template: metadata: labels: - app: immich-db + app: immich-psql spec: + initContainers: + - name: cleanup + image: busybox + command: ['sh', '-c', 'rm -rf /var/lib/postgresql/data/lost+found'] + volumeMounts: + - name: immich-db + mountPath: /var/lib/postgresql/data containers: - - name: redis - image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571 - env: - - name: REDIS_HOSTNAME - value: "localhost" - ports: - - containerPort: 6379 - name: immich-psql image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0 ports: - containerPort: 5432 + name: postgres env: - name: POSTGRES_PASSWORD valueFrom: @@ -39,9 +42,13 @@ spec: value: "--data-checksums" volumeMounts: - mountPath: /var/lib/postgresql/data - name: immich - volumes: - - name: immich - nfs: - server: 10.0.0.10 - path: /home/akshun/immich-data + name: immich-db + volumeClaimTemplates: + - metadata: + name: immich-db + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 5Gi + storageClassName: longhorn diff --git a/clusters/default/media/immich/immich-redis.yml b/clusters/default/media/immich/immich-redis.yml new file mode 100644 index 0000000..eb78e64 --- /dev/null +++ b/clusters/default/media/immich/immich-redis.yml @@ -0,0 +1,23 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: immich-redis + namespace: media +spec: + selector: + matchLabels: + app: immich-redis + serviceName: immich-redis + replicas: 1 + template: + metadata: + labels: + app: immich-redis + spec: + containers: + - name: redis + image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571 + ports: + - containerPort: 6379 + name: redis diff --git a/clusters/default/media/immich/immich-svc.yml b/clusters/default/media/immich/immich-svc.yml index 5c6b54f..69b3e44 100644 --- a/clusters/default/media/immich/immich-svc.yml +++ b/clusters/default/media/immich/immich-svc.yml @@ -36,26 +36,28 @@ spec: apiVersion: v1 kind: Service metadata: - name: immich-psql-service + name: immich-psql namespace: media spec: selector: - app: immich-db + app: immich-psql ports: - - protocol: TCP + - name: postgres port: 5432 targetPort: 5432 + clusterIP: None --- apiVersion: v1 kind: Service metadata: - name: immich-redis-service + name: immich-redis namespace: media spec: selector: - app: immich-db + app: immich-redis ports: - - protocol: TCP + - name: redis port: 6379 targetPort: 6379 + clusterIP: None diff --git a/clusters/default/media/immich/immich.yml b/clusters/default/media/immich/immich.yml index 9d33892..7820bed 100644 --- a/clusters/default/media/immich/immich.yml +++ b/clusters/default/media/immich/immich.yml @@ -16,48 +16,37 @@ spec: labels: app: immich-app spec: - initContainers: - - name: wait-for-redis - image: busybox - command: - - sh - - -c - - | - until nc -z -v -w30 immich-redis-service 6379; do - echo "Waiting for redis database to be ready..." - sleep 2 - done - - name: wait-for-psql - image: busybox - command: - - sh - - -c - - | - until nc -z -v -w30 immich-psql-service 5432; do - echo "Waiting for psql database to be ready" - sleep 2 - done containers: - name: immich-server image: ghcr.io/immich-app/immich-server:v2.3.1 + readinessProbe: + exec: + command: + - sh + - -c + - | + pg_isready -h immich-psql.media.svc.cluster.local -U postgres -p 5432 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 5 ports: - containerPort: 2283 env: - name: TZ value: "Asia/Kolkata" - name: REDIS_HOSTNAME - value: "immich-redis-service" - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: immich-postgres-secret - key: password + value: "immich-redis.media.svc.cluster.local" - name: DB_USERNAME value: "postgres" - name: DB_DATABASE_NAME value: "immich" - name: DB_HOSTNAME - value: "immich-psql-service" + value: "immich-psql.media.svc.cluster.local" + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: immich-postgres-secret + key: password volumeMounts: - mountPath: /usr/src/app/upload name: pictures From 5f63f58099ff0ac008f615a723aec70bf19ebb54 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 17 Dec 2025 20:44:45 +0530 Subject: [PATCH 093/108] use statefulSets and readinessProbes instead of initContainers --- .../media/invidious/invidious-config.yml | 4 +-- .../default/media/invidious/invidious-db.yml | 20 ++++++++----- .../default/media/invidious/invidious-pvc.yml | 14 --------- .../default/media/invidious/invidious-svc.yml | 3 +- .../default/media/invidious/invidious.yml | 29 +++++-------------- 5 files changed, 23 insertions(+), 47 deletions(-) delete mode 100644 clusters/default/media/invidious/invidious-pvc.yml diff --git a/clusters/default/media/invidious/invidious-config.yml b/clusters/default/media/invidious/invidious-config.yml index 3e9d95b..5bdcfab 100644 --- a/clusters/default/media/invidious/invidious-config.yml +++ b/clusters/default/media/invidious/invidious-config.yml @@ -10,10 +10,10 @@ data: dbname: invidious user: kemal password: ${INVIDIOUS_DB_PASSWORD} - host: invidious-db-service + host: invidious-db.media.svc.cluster.local port: 5432 check_tables: true invidious_companion: - - private_url: "http://invidious-companion-service:8282/companion" + - private_url: "http://invidious-companion-service.media.svc.cluster.local:8282/companion" invidious_companion_key: ${INVIDIOUS_COMPANION_KEY} hmac_key: ${INVIDIOUS_HMAC_KEY} diff --git a/clusters/default/media/invidious/invidious-db.yml b/clusters/default/media/invidious/invidious-db.yml index 6b2e978..460efce 100644 --- a/clusters/default/media/invidious/invidious-db.yml +++ b/clusters/default/media/invidious/invidious-db.yml @@ -1,16 +1,15 @@ --- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: invidious-db namespace: media spec: - strategy: - type: Recreate - replicas: 1 selector: matchLabels: app: invidious-db + serviceName: invidious-db + replicas: 1 template: metadata: labels: @@ -49,7 +48,12 @@ spec: volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql - volumes: - - name: postgres-data - persistentVolumeClaim: - claimName: invidious-longhorn + volumeClaimTemplates: + - metadata: + name: postgres-data + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + storageClassName: longhorn diff --git a/clusters/default/media/invidious/invidious-pvc.yml b/clusters/default/media/invidious/invidious-pvc.yml deleted file mode 100644 index 01a4360..0000000 --- a/clusters/default/media/invidious/invidious-pvc.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: invidious-longhorn - namespace: media -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 1Gi - storageClassName: longhorn diff --git a/clusters/default/media/invidious/invidious-svc.yml b/clusters/default/media/invidious/invidious-svc.yml index 6476d71..9bb3108 100644 --- a/clusters/default/media/invidious/invidious-svc.yml +++ b/clusters/default/media/invidious/invidious-svc.yml @@ -33,7 +33,7 @@ spec: apiVersion: v1 kind: Service metadata: - name: invidious-db-service + name: invidious-db namespace: media spec: selector: @@ -41,3 +41,4 @@ spec: ports: - port: 5432 targetPort: 5432 + clusterIP: None diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml index ab443de..eeaa879 100644 --- a/clusters/default/media/invidious/invidious.yml +++ b/clusters/default/media/invidious/invidious.yml @@ -33,28 +33,6 @@ spec: - name: tmp mountPath: /mnt subPath: invidious.yml - - name: wait-for-db - image: busybox - command: - - sh - - -c - - | - until nc -z -v -w30 invidious-db-service 5432 - do - echo "Waiting for database connection..." - sleep 5 - done - - name: wait-for-companion - image: busybox - command: - - sh - - -c - - | - until nc -z -v -w30 invidious-companion-service 8282 - do - echo "Waiting for invidious companion connection..." - sleep 5 - done containers: - name: invidious image: quay.io/invidious/invidious@sha256:2836b5b8226a53a9cc2afdbd5f5fe6bccdd200f2e17cd92a828b4dc8d8b5cc06 @@ -64,6 +42,13 @@ spec: - | export INVIDIOUS_CONFIG="$(cat /mnt/invidious.yml)" && exec /invidious/invidious + readinessProbe: + exec: + command: + - sh + - -c + - | + nc -z invidious-db.media.svc.cluster.local 5432 && nc -z invidious-companion-service.media.svc.cluster.local 8282 env: - name: INVIDIOUS_PORT value: "3000" From 66f824d41dedbb67296f07593400f2d32c0b1720 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 17 Dec 2025 20:44:53 +0530 Subject: [PATCH 094/108] use statefulSets and readinessProbes instead of initContainers --- .../monitoring/jellystat/jellystat-db.yml | 22 +++++++++++-------- .../monitoring/jellystat/jellystat-pvc.yml | 15 ------------- .../monitoring/jellystat/jellystat-svc.yml | 3 ++- .../monitoring/jellystat/jellystat.yml | 18 +++++++++------ 4 files changed, 26 insertions(+), 32 deletions(-) diff --git a/clusters/default/monitoring/jellystat/jellystat-db.yml b/clusters/default/monitoring/jellystat/jellystat-db.yml index 54ace15..85bceff 100644 --- a/clusters/default/monitoring/jellystat/jellystat-db.yml +++ b/clusters/default/monitoring/jellystat/jellystat-db.yml @@ -1,16 +1,15 @@ --- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: jellystat-db namespace: monitoring spec: - strategy: - type: Recreate - replicas: 1 selector: matchLabels: app: jellystat-db + serviceName: jellystat-db + replicas: 1 template: metadata: labels: @@ -18,7 +17,7 @@ spec: spec: containers: - name: jellystat-db - image: postgres:alpine + image: postgres:18-alpine ports: - containerPort: 5432 env: @@ -36,7 +35,12 @@ spec: volumeMounts: - name: postgres-data mountPath: /mnt/postgres - volumes: - - name: postgres-data - persistentVolumeClaim: - claimName: jellystat-longhorn + volumeClaimTemplates: + - metadata: + name: postgres-data + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + storageClassName: longhorn diff --git a/clusters/default/monitoring/jellystat/jellystat-pvc.yml b/clusters/default/monitoring/jellystat/jellystat-pvc.yml index ffd914f..c21e273 100644 --- a/clusters/default/monitoring/jellystat/jellystat-pvc.yml +++ b/clusters/default/monitoring/jellystat/jellystat-pvc.yml @@ -1,18 +1,3 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: jellystat-longhorn - namespace: monitoring -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 1Gi - storageClassName: longhorn - --- apiVersion: v1 kind: PersistentVolumeClaim diff --git a/clusters/default/monitoring/jellystat/jellystat-svc.yml b/clusters/default/monitoring/jellystat/jellystat-svc.yml index 1ca524e..c0e2061 100644 --- a/clusters/default/monitoring/jellystat/jellystat-svc.yml +++ b/clusters/default/monitoring/jellystat/jellystat-svc.yml @@ -20,7 +20,7 @@ spec: apiVersion: v1 kind: Service metadata: - name: jellystat-db-service + name: jellystat-db namespace: monitoring spec: selector: @@ -28,3 +28,4 @@ spec: ports: - port: 5432 targetPort: 5432 + clusterIP: None diff --git a/clusters/default/monitoring/jellystat/jellystat.yml b/clusters/default/monitoring/jellystat/jellystat.yml index c4a773a..4fdf1e4 100644 --- a/clusters/default/monitoring/jellystat/jellystat.yml +++ b/clusters/default/monitoring/jellystat/jellystat.yml @@ -16,15 +16,19 @@ spec: labels: app: jellystat spec: - initContainers: - - name: wait-for-db - image: busybox - command: ['sh', '-c', 'until nc -z -v -w30 jellystat-db-service 5432; do echo "Waiting for database..."; sleep 5; done;'] containers: - name: jellystat image: cyfershepard/jellystat:1.1.6 - ports: - - containerPort: 3000 + readinessProbe: + exec: + command: + - bash + - -c + - | + (echo >/dev/tcp/jellystat-db.monitoring.svc.cluster.local/5432) + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 3 env: - name: JWT_SECRET valueFrom: @@ -37,7 +41,7 @@ spec: name: jellystat-secret key: password - name: POSTGRES_IP - value: "jellystat-db-service" + value: "jellystat-db.monitoring.svc.cluster.local" - name: POSTGRES_PORT value: "5432" - name: POSTGRES_USER From 0e6a52c1be325ed746297524731a309255baa112 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 17 Dec 2025 20:45:01 +0530 Subject: [PATCH 095/108] use statefulSets and readinessProbes instead of initContainers --- .../default/tools/nextcloud/nextcloud-db.yml | 19 ++++++++++++------ .../default/tools/nextcloud/nextcloud-pvc.yml | 15 -------------- .../default/tools/nextcloud/nextcloud-svc.yml | 3 ++- .../default/tools/nextcloud/nextcloud.yml | 20 +++++++++---------- 4 files changed, 24 insertions(+), 33 deletions(-) diff --git a/clusters/default/tools/nextcloud/nextcloud-db.yml b/clusters/default/tools/nextcloud/nextcloud-db.yml index 40c48df..163d7bf 100644 --- a/clusters/default/tools/nextcloud/nextcloud-db.yml +++ b/clusters/default/tools/nextcloud/nextcloud-db.yml @@ -1,6 +1,6 @@ --- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: nextcloud-db namespace: tools @@ -8,6 +8,8 @@ spec: selector: matchLabels: app: nextcloud-db + serviceName: nextcloud-db + replicas: 1 template: metadata: labels: @@ -36,9 +38,14 @@ spec: - name: MARIADB_AUTO_UPGRADE value: "1" volumeMounts: - - name: nextcloud-db-storage + - name: nextcloud-db mountPath: /var/lib/mysql - volumes: - - name: nextcloud-db-storage - persistentVolumeClaim: - claimName: nextcloud-db-longhorn + volumeClaimTemplates: + - metadata: + name: nextcloud-db + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 2Gi + storageClassName: longhorn diff --git a/clusters/default/tools/nextcloud/nextcloud-pvc.yml b/clusters/default/tools/nextcloud/nextcloud-pvc.yml index 32694af..f53e2a1 100644 --- a/clusters/default/tools/nextcloud/nextcloud-pvc.yml +++ b/clusters/default/tools/nextcloud/nextcloud-pvc.yml @@ -1,18 +1,3 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-db-longhorn - namespace: tools -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 2Gi - storageClassName: longhorn - --- apiVersion: v1 kind: PersistentVolumeClaim diff --git a/clusters/default/tools/nextcloud/nextcloud-svc.yml b/clusters/default/tools/nextcloud/nextcloud-svc.yml index 6f1eea4..1decd68 100644 --- a/clusters/default/tools/nextcloud/nextcloud-svc.yml +++ b/clusters/default/tools/nextcloud/nextcloud-svc.yml @@ -38,7 +38,7 @@ spec: apiVersion: v1 kind: Service metadata: - name: nextcloud-db-service + name: nextcloud-db namespace: tools spec: selector: @@ -47,3 +47,4 @@ spec: - protocol: TCP port: 3306 targetPort: 3306 + clusterIP: None diff --git a/clusters/default/tools/nextcloud/nextcloud.yml b/clusters/default/tools/nextcloud/nextcloud.yml index 230a5d7..72bf19d 100644 --- a/clusters/default/tools/nextcloud/nextcloud.yml +++ b/clusters/default/tools/nextcloud/nextcloud.yml @@ -15,20 +15,18 @@ spec: labels: app: nextcloud spec: - initContainers: - - name: wait-for-db - image: busybox - command: - - sh - - -c - - | - until nc -z -v -w30 nextcloud-db-service 3306; do - echo "Waiting for database to be ready..." - sleep 2 - done containers: - name: nextcloud image: lscr.io/linuxserver/nextcloud:32.0.3 + readinessProbe: + exec: + command: + - sh + - -c + - nc -z nextcloud-db.tools.svc.cluster.local 3306 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 3 ports: - containerPort: 443 env: From 8675fbe70de0dbaa93f26f14714e850425ea3dff Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 17 Dec 2025 20:45:08 +0530 Subject: [PATCH 096/108] use statefulSets and readinessProbes instead of initContainers --- .../tools/paperless-ngx/paperless-ngx-db.yml | 21 ++++++++++++------- .../tools/paperless-ngx/paperless-ngx-svc.yml | 2 +- .../tools/paperless-ngx/paperless-ngx.yml | 20 +++++++++++------- .../tools/paperless-ngx/paperless-pvc.yml | 15 ------------- 4 files changed, 27 insertions(+), 31 deletions(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx-db.yml b/clusters/default/tools/paperless-ngx/paperless-ngx-db.yml index 9984327..b84e290 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx-db.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx-db.yml @@ -1,15 +1,15 @@ --- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: paperless-ngx-db namespace: tools spec: - strategy: - type: Recreate selector: matchLabels: app: paperless-ngx-db + serviceName: paperless-ngx-db + replicas: 1 template: metadata: labels: @@ -21,10 +21,15 @@ spec: ports: - containerPort: 6379 volumeMounts: - - name: data + - name: paperless-ngx-db mountPath: /data subPath: redis - volumes: - - name: data - persistentVolumeClaim: - claimName: paperless-db-longhorn + volumeClaimTemplates: + - metadata: + name: paperless-ngx-db + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 500Mi + storageClassName: longhorn diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml b/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml index b6f03e9..b6d0625 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml @@ -19,7 +19,7 @@ spec: apiVersion: v1 kind: Service metadata: - name: paperless-ngx-db-service + name: paperless-ngx-db namespace: tools spec: selector: diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index e51cde7..9fca8a1 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -15,18 +15,24 @@ spec: labels: app: paperless-ngx spec: - initContainers: - - name: wait-for-redis - image: busybox:latest - command: ['sh', '-c', 'until nc -z paperless-ngx-db-service 6379; do echo waiting for redis; sleep 2; done;'] containers: - name: paperless-ngx image: ghcr.io/paperless-ngx/paperless-ngx:2.20.2 + readinessProbe: + exec: + command: + - bash + - -c + - | + (echo >/dev/tcp/paperless-ngx-db.tools.svc.cluster.local/6379) + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 3 ports: - containerPort: 8000 env: - name: PAPERLESS_REDIS - value: "redis://paperless-ngx-db-service:6379" + value: "redis://paperless-ngx-db.tools.svc.cluster.local:6379" - name: PAPERLESS_URL valueFrom: secretKeyRef: @@ -47,9 +53,9 @@ spec: - name: PAPERLESS_TIKA_ENABLED value: "1" - name: PAPERLESS_TIKA_ENDPOINT - value: "http://tika-service:9998" + value: "http://tika-service.tools.svc.cluster.local:9998" - name: PAPERLESS_TIKA_GOTENBERG_ENDPOINT - value: "http://gotenberg-service:3000" + value: "http://gotenberg-service.tools.svc.cluster.local:3000" volumeMounts: - name: data mountPath: /usr/src/paperless/data diff --git a/clusters/default/tools/paperless-ngx/paperless-pvc.yml b/clusters/default/tools/paperless-ngx/paperless-pvc.yml index ad6255c..2c10821 100644 --- a/clusters/default/tools/paperless-ngx/paperless-pvc.yml +++ b/clusters/default/tools/paperless-ngx/paperless-pvc.yml @@ -12,18 +12,3 @@ spec: requests: storage: 2Gi storageClassName: longhorn - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: paperless-db-longhorn - namespace: tools -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 1Gi - storageClassName: longhorn From 046e1a78855b990d3635001f70d13018c0a517b9 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 18 Dec 2025 00:02:05 +0000 Subject: [PATCH 097/108] Update searxng/searxng Docker digest to a39ce90 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 4c3eb1c..6dd753f 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:b88ef002ab1d9a901766f9eb59779089a74e8f444477e0151fa8cd1f91a02006 + image: searxng/searxng@sha256:a39ce90965a1650655c10f6e1b83bf0d1f09caf9af3ea182196e53f158f2bc5d ports: - containerPort: 8080 env: From a6a20f281c148b19ea8f53c8f754660dd384e2ed Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 18 Dec 2025 00:02:07 +0000 Subject: [PATCH 098/108] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.13.1 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index 13b7429..20f5b95 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.13.0 + image: lscr.io/linuxserver/speedtest-tracker:1.13.1 ports: - containerPort: 80 env: From 5dfb4b9f5dc6f7e604c9c780dcd1cc35adfc46c2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 18 Dec 2025 00:02:11 +0000 Subject: [PATCH 099/108] Update public.ecr.aws/semaphore/pro/server Docker tag to v2.16.47 --- clusters/default/git-ops/semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/semaphore/semaphore.yml b/clusters/default/git-ops/semaphore/semaphore.yml index 2308396..9eaf85c 100644 --- a/clusters/default/git-ops/semaphore/semaphore.yml +++ b/clusters/default/git-ops/semaphore/semaphore.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: semaphore - image: public.ecr.aws/semaphore/pro/server:v2.16.46 + image: public.ecr.aws/semaphore/pro/server:v2.16.47 readinessProbe: exec: command: From 98019248d91d8a19dd79ecfd7b8e1640ada7a46a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 18 Dec 2025 00:02:20 +0000 Subject: [PATCH 100/108] Update Helm release prometheus to v27.52.0 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index 4db54b5..4935d44 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.51.0" + version: "27.52.0" sourceRef: kind: HelmRepository name: prometheus-community From 22f9321d54cc10e936012dd065213752f1f27d44 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 18 Dec 2025 00:02:58 +0000 Subject: [PATCH 101/108] Update lscr.io/linuxserver/code-server Docker tag to v4.107.0 --- clusters/default/tools/code-server/code-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/code-server/code-server.yml b/clusters/default/tools/code-server/code-server.yml index b71727b..e83080d 100644 --- a/clusters/default/tools/code-server/code-server.yml +++ b/clusters/default/tools/code-server/code-server.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: code-server - image: lscr.io/linuxserver/code-server:4.106.3 + image: lscr.io/linuxserver/code-server:4.107.0 ports: - containerPort: 8443 env: From 6d468570fc9ad5c4c1731b7c7df70e28a42955ac Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 19 Dec 2025 01:25:17 +0530 Subject: [PATCH 102/108] create a new jellyfin-pvc with smaller size --- clusters/default/media/jellyfin/jellyfin-pvc.yml | 10 +++++----- clusters/default/media/jellyfin/jellyfin.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/clusters/default/media/jellyfin/jellyfin-pvc.yml b/clusters/default/media/jellyfin/jellyfin-pvc.yml index cc7cdb5..d87c0cc 100644 --- a/clusters/default/media/jellyfin/jellyfin-pvc.yml +++ b/clusters/default/media/jellyfin/jellyfin-pvc.yml @@ -2,13 +2,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: jellyfin-longhorn + name: jellyfin-pvc namespace: media spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem resources: requests: - storage: 15Gi + storage: 5Gi storageClassName: longhorn + volumeMode: Filesystem + accessModes: + - ReadWriteOnce diff --git a/clusters/default/media/jellyfin/jellyfin.yml b/clusters/default/media/jellyfin/jellyfin.yml index 285f838..df36f6d 100644 --- a/clusters/default/media/jellyfin/jellyfin.yml +++ b/clusters/default/media/jellyfin/jellyfin.yml @@ -40,7 +40,7 @@ spec: volumes: - name: config persistentVolumeClaim: - claimName: jellyfin-longhorn + claimName: jellyfin-pvc - name: cache emptyDir: {} - name: media From 925f7437e9f57ca493a552abaaa88776b9cfc7c3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 19 Dec 2025 00:02:04 +0000 Subject: [PATCH 103/108] Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.20.3 --- clusters/default/tools/paperless-ngx/paperless-ngx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index 9fca8a1..5dd269d 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: paperless-ngx - image: ghcr.io/paperless-ngx/paperless-ngx:2.20.2 + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.3 readinessProbe: exec: command: From c5d5f24acd18a67e692a02180b659ac0d6df5ac0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 19 Dec 2025 00:02:10 +0000 Subject: [PATCH 104/108] Update gitea/gitea Docker tag to v1.25.3 --- clusters/default/git-ops/gitea/gitea.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea/gitea.yml b/clusters/default/git-ops/gitea/gitea.yml index 9150fbb..b8d4879 100644 --- a/clusters/default/git-ops/gitea/gitea.yml +++ b/clusters/default/git-ops/gitea/gitea.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: gitea - image: gitea/gitea:1.25.2 + image: gitea/gitea:1.25.3 readinessProbe: exec: command: From d160f8f0ccff50f291b16bb484dc1210ec94e9f4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 19 Dec 2025 00:02:19 +0000 Subject: [PATCH 105/108] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.13.2 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index 20f5b95..dd76ffa 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.13.1 + image: lscr.io/linuxserver/speedtest-tracker:1.13.2 ports: - containerPort: 80 env: From df69563b1e3eafd193a85e762174db6acd7360b4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 19 Dec 2025 00:02:27 +0000 Subject: [PATCH 106/108] Update immich monorepo to v2.4.0 --- clusters/default/media/immich/immich-ml.yml | 2 +- clusters/default/media/immich/immich.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/default/media/immich/immich-ml.yml b/clusters/default/media/immich/immich-ml.yml index 5b66598..c139aa4 100644 --- a/clusters/default/media/immich/immich-ml.yml +++ b/clusters/default/media/immich/immich-ml.yml @@ -19,7 +19,7 @@ spec: runtimeClassName: nvidia containers: - name: immich-machine-learning - image: ghcr.io/immich-app/immich-machine-learning:v2.3.1-cuda + image: ghcr.io/immich-app/immich-machine-learning:v2.4.0-cuda ports: - containerPort: 3003 env: diff --git a/clusters/default/media/immich/immich.yml b/clusters/default/media/immich/immich.yml index 7820bed..a3493a3 100644 --- a/clusters/default/media/immich/immich.yml +++ b/clusters/default/media/immich/immich.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: immich-server - image: ghcr.io/immich-app/immich-server:v2.3.1 + image: ghcr.io/immich-app/immich-server:v2.4.0 readinessProbe: exec: command: From 09819d7f04040338246b13c0e992041f3aa2854d Mon Sep 17 00:00:00 2001 From: Akshun Aggarwal Date: Fri, 19 Dec 2025 01:42:58 +0000 Subject: [PATCH 107/108] Update renovate image to version 42.64.1 --- .gitea/workflows/renovate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml index 80ef187..06d258a 100644 --- a/.gitea/workflows/renovate.yml +++ b/.gitea/workflows/renovate.yml @@ -9,7 +9,7 @@ jobs: renovate: runs-on: ubuntu-latest container: - image: renovate/renovate:42.41.0 + image: renovate/renovate:42.64.1 steps: - name: Checkout repository From f45ed439ff086db37b111d81c329b50eb4341026 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 19 Dec 2025 08:21:24 +0530 Subject: [PATCH 108/108] use custom image for kubeconform workflow --- .gitea/workflows/kubeconform.yml | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index b81c116..34c402b 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -12,21 +12,8 @@ jobs: kubeconform: runs-on: ubuntu-latest container: - image: ghcr.io/yannh/kubeconform:v0.7.0-alpine + image: gitea.akshun-lab.cc/aggarwalakshun/kube-tools:1.0.0 steps: - - - name: Install dependencies - run: | - apk add --no-cache \ - yq \ - findutils \ - curl \ - jq \ - npm \ - nodejs \ - bash \ - git - - name: Checkout code uses: actions/checkout@v6 with: @@ -76,7 +63,7 @@ jobs: echo "Found $KIND - using custom schema" SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" - if ! echo "$manifest" | /kubeconform \ + if ! echo "$manifest" | kubeconform \ -schema-location "$SCHEMA_URL" \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ @@ -85,7 +72,7 @@ jobs: fi else echo "Validating with default schemas" - if ! echo "$manifest" | /kubeconform \ + if ! echo "$manifest" | kubeconform \ -schema-location default \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \