Update .gitea/workflows/renovate.yml

Reviewed-on: #375

.drone.yml

@@ -1,17 +0,0 @@
----
-kind: pipeline
-type: kubernetes
-name: renovate
-
-steps:
-  - name: renovate
-    image: renovate/renovate:41.97.7
-    commands:
-      - unset GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL
-      - renovate
-
-    environment:
-      RENOVATE_TOKEN:
-        from_secret: RENOVATE_TOKEN
-      GITHUB_COM_TOKEN:
-        from_secret: GITHUB_COM_TOKEN

.gitea/workflows/renovate.yml

@@ -0,0 +1,25 @@
+name: renovate
+
+on:
+  schedule:
+    - cron: "@daily"
+  workflow_dispatch:
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    container:
+      image: renovate/renovate:41.97.7
+      options: |-
+        --network=bridge
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run Renovate
+        env:
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          GITHUB_COM_TOKEN: ${{ secrets.PAT_TOKEN }}
+        run: |
+          renovate

cluster/apps/bazarr/bazarr-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: bazarr-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 5Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/code-server/code-server-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: code-server-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/code-server/code-server.yml

@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
       - name: code-server
-        image: lscr.io/linuxserver/code-server:4.104.2
+        image: lscr.io/linuxserver/code-server:4.104.3
         ports:
         - containerPort: 8443
         env:

cluster/apps/ersatztv/ersatztv-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: ersatztv-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/ersatztv/ersatztv.yml

@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
       - name: ersatztv
-        image: jasongdove/ersatztv:v25.7.0
+        image: jasongdove/ersatztv:v25.7.1
         ports:
         - containerPort: 8409
         volumeMounts:

cluster/apps/ghostfolio/ghostfolio-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: ghostfolio-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/ghostfolio/ghostfolio.yml

@@ -78,7 +78,7 @@ spec:
               key: postgres-password
       containers:
       - name: ghostfolio
-        image: docker.io/ghostfolio/ghostfolio:2.207.0
+        image: docker.io/ghostfolio/ghostfolio:2.208.0
         securityContext:
           capabilities:
             drop:

cluster/apps/gitea-act/gitea-act-pvc.yml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: gitea-act-runner-ceph
+  name: gitea-act-runner-longhorn
   namespace: default
 spec:
   accessModes:
@@ -11,4 +11,4 @@ spec:
   resources:
     requests:
       storage: 100Mi
-  storageClassName: csi-rbd-sc
+  storageClassName: longhorn

cluster/apps/gitea-act/gitea-act.yml

@@ -18,14 +18,14 @@ spec:
       labels:
         app: gitea-act-runner
     spec:
-      hostNetwork: true
       restartPolicy: Always
+      hostNetwork: true
       volumes:
       - name: docker-certs
         emptyDir: {}
       - name: runner-data
         persistentVolumeClaim:
-          claimName: gitea-act-runner-ceph
+          claimName: gitea-act-runner-longhorn
       initContainers:
       - name: wait-for-gitea
         image: busybox
@@ -52,7 +52,7 @@ spec:
         - name: GITEA_INSTANCE_URL
           value: "https://gitea.akshun-lab.cc"
         - name: GITEA_RUNNER_REGISTRATION_TOKEN
-          value: "NvAHP4f1in4Fpe6VFaiwiN98IR0poOQoDv4dDKcN"
+          value: "uxvKmGvtraocJMCcfJ101XC9kUoY8OlCEN18CvgZ"
         - name: CONFIG_FILE
           value: "/data/config.yaml"
         volumeMounts:
@@ -61,7 +61,7 @@ spec:
         - name: runner-data
           mountPath: /data
       - name: daemon
-        image: docker:28.4.0-dind
+        image: docker:28.5.1-dind
         env:
         - name: DOCKER_TLS_CERTDIR
           value: /certs
@@ -70,4 +70,3 @@ spec:
         volumeMounts:
         - name: docker-certs
           mountPath: /certs
- 

cluster/apps/gitea/gitea-pvc.yml

@@ -1,33 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: gitea-app-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 5Gi
-  storageClassName: csi-rbd-sc
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: gitea-db-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 5Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/gotenberg/gotenberg.yml

@@ -16,7 +16,7 @@ spec:
         runAsUser: 1001
       containers:
       - name: gotenberg
-        image: gotenberg/gotenberg:8.23
+        image: gotenberg/gotenberg:8.24
         command:
         - sh
         - -c

cluster/apps/homepage/homepage-config.yml

@@ -52,7 +52,7 @@ data:
         useEqualHeights: true
         hideErrors: true
         statusStyle: "dot"
-        background: /images/background.png
+        background: /images/sur.png
     services.yaml: |
         - Apps:
               - Sonarr:
@@ -259,13 +259,6 @@ data:
                     namespace: default
                     podSelector: app=paperless-ngx
                     app: paperless-ngx
-              - Open-WebUI:
-                    icon: ollama.png
-                    description: ollama Frontend
-                    href: https://ollama.akshun-lab.cc
-                    namespace: default
-                    podSelector: app=open-webui
-                    app: open-webui
               - Ghostfolio:
                     icon: ghostfolio.png
                     description: portfolio analyzer
@@ -273,12 +266,6 @@ data:
                     namespace: default
                     podSelector: app=ghostfolio
                     app: ghostfolio
-              - Drone:
-                    icon: drone.png
-                    description: CI/CD
-                    namespace: default
-                    app: drone
-                    href: https://drone.akshun-lab.cc
               - Searxng:
                     icon: searxng.png
                     description: search engine

cluster/apps/homepage/homepage-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: homepage-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 100Mi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/immich/immich-ml.yml

@@ -16,10 +16,9 @@ spec:
       labels:
         app: immich-ml
     spec:
-      runtimeClassName: nvidia
       containers:
       - name: immich-machine-learning
-        image: ghcr.io/immich-app/immich-machine-learning:v2.0.1-cuda
+        image: ghcr.io/immich-app/immich-machine-learning:v2.0.1-openvino
         ports:
         - containerPort: 3003
         env:
@@ -34,9 +33,9 @@ spec:
           mountPath: /cache
         resources:
           requests:
-            nvidia.com/gpu: "1"
+            gpu.intel.com/i915: "1"
           limits:
-            nvidia.com/gpu: "1"
+            gpu.intel.com/i915: "1"
       volumes:
       - name: model-cache
         persistentVolumeClaim:

cluster/apps/immich/immich-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: immich-cache-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 10Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/invidious/invidious-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: invidious-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/invidious/invidious.yml

@@ -66,7 +66,7 @@ spec:
         - name: postgres-data
           mountPath: /var/lib/postgresql/data
       - name: inv-companion
-        image: quay.io/invidious/invidious-companion@sha256:62e5ec92802bc6da3e7ca6f39879d869e20d065c5c6d9cfa8ec2296057c48a3d
+        image: quay.io/invidious/invidious-companion@sha256:a96f7a1eb88bf0d5882d519c9410f8c7b2d391cafc378b72f3bfd37dd5f0e587
         restartPolicy: Always
         env:
         - name: SERVER_SECRET_KEY

cluster/apps/jellyfin/jellyfin-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: jellyfin-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 20Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/jellyseerr/jellyseerr-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: jellyseerr-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/jellystat/jellystat-pvc.yml

@@ -1,33 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: jellystat-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: jellystat-backups
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/paperless-ngx/paperless-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: paperless-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/pihole/pihole-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pihole-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/prowlarr/prowlarr-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: prowlarr-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/pulse/pulse-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pulse-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 100Mi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/pulse/pulse.yml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
       - name: pulse
-        image: rcourtman/pulse:4.21.0
+        image: rcourtman/pulse:4.23.0
         volumeMounts:
         - name: pulse-data
           mountPath: /data

cluster/apps/qbittorrent/qbittorrent-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: qbittorrent-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/radarr/radarr-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: radarr-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 2Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/searxng/searxng-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: searxng-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 100Mi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/searxng/searxng.yml

@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
       - name: searxng
-        image: searxng/searxng@sha256:9438a9be3df82652ebc804a2ace2ab335704d92a6dc0e5b29d771acd404e9f6c
+        image: searxng/searxng@sha256:0e0493d1bff9ed55f774709c9113185aa3da0db3aea84bf86b356e97a21d54c6
         ports:
         - containerPort: 8080
         env:

cluster/apps/semaphore/semaphore-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: semaphore-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 2Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/semaphore/semaphore.yml

@@ -40,7 +40,7 @@ spec:
           subPath: db
       containers:
       - name: semaphore
-        image: public.ecr.aws/semaphore/pro/server:v2.16.31
+        image: public.ecr.aws/semaphore/pro/server:v2.16.34
         ports:
         - containerPort: 3000
         envFrom:

cluster/apps/sonarr/sonarr-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: sonarr-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 5Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/speedtest/speedtest-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: speedtest-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 100Mi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/apps/vaultwarden/vaultwarden-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: vaultwarden-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

cluster/config/namespaces/namespaces.yml

@@ -22,14 +22,6 @@ metadata:
   labels:
     name: monitoring
 
----
-kind: Namespace
-apiVersion: v1
-metadata:
-  name: ceph
-  labels:
-    name: ceph
-
 ---
 kind: Namespace
 apiVersion: v1

cluster/flux-system/gotk-components.yaml

@@ -1,6 +1,6 @@
 ---
 # This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v2.7.1
+# Flux Version: v2.7.2
 # Components: source-controller,kustomize-controller,helm-controller,notification-controller
 apiVersion: v1
 kind: Namespace
@@ -8,7 +8,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     pod-security.kubernetes.io/warn: restricted
     pod-security.kubernetes.io/warn-version: latest
   name: flux-system
@@ -19,7 +19,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: allow-egress
   namespace: flux-system
 spec:
@@ -39,7 +39,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: allow-scraping
   namespace: flux-system
 spec:
@@ -59,7 +59,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: allow-webhooks
   namespace: flux-system
 spec:
@@ -78,7 +78,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: critical-pods-flux-system
   namespace: flux-system
 spec:
@@ -98,7 +98,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: crd-controller-flux-system
 rules:
 - apiGroups:
@@ -204,7 +204,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: flux-edit-flux-system
@@ -230,7 +230,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-view: "true"
@@ -255,7 +255,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: cluster-reconciler-flux-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -275,7 +275,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: crd-controller-flux-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -313,7 +313,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: buckets.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -1084,7 +1084,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: externalartifacts.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -1280,7 +1280,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: gitrepositories.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -2234,7 +2234,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: helmcharts.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -2960,7 +2960,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: helmrepositories.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -3591,7 +3591,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: ocirepositories.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -4417,7 +4417,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: source-controller
   namespace: flux-system
 ---
@@ -4428,7 +4428,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     control-plane: controller
   name: source-controller
   namespace: flux-system
@@ -4449,7 +4449,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     control-plane: controller
   name: source-controller
   namespace: flux-system
@@ -4470,11 +4470,11 @@ spec:
         app.kubernetes.io/component: source-controller
         app.kubernetes.io/instance: flux-system
         app.kubernetes.io/part-of: flux
-        app.kubernetes.io/version: v2.7.1
+        app.kubernetes.io/version: v2.7.2
     spec:
       containers:
       - args:
-        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
+        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./
         - --watch-all-namespaces=true
         - --log-level=info
         - --log-encoding=json
@@ -4493,7 +4493,7 @@ spec:
             resourceFieldRef:
               containerName: manager
               resource: limits.memory
-        image: ghcr.io/fluxcd/source-controller:v1.7.1
+        image: ghcr.io/fluxcd/source-controller:v1.7.2
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -4557,7 +4557,7 @@ metadata:
     app.kubernetes.io/component: kustomize-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: kustomizations.kustomize.toolkit.fluxcd.io
 spec:
   group: kustomize.toolkit.fluxcd.io
@@ -5927,7 +5927,7 @@ metadata:
     app.kubernetes.io/component: kustomize-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: kustomize-controller
   namespace: flux-system
 ---
@@ -5938,7 +5938,7 @@ metadata:
     app.kubernetes.io/component: kustomize-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     control-plane: controller
   name: kustomize-controller
   namespace: flux-system
@@ -5957,11 +5957,11 @@ spec:
         app.kubernetes.io/component: kustomize-controller
         app.kubernetes.io/instance: flux-system
         app.kubernetes.io/part-of: flux
-        app.kubernetes.io/version: v2.7.1
+        app.kubernetes.io/version: v2.7.2
     spec:
       containers:
       - args:
-        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
+        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./
         - --watch-all-namespaces=true
         - --log-level=info
         - --log-encoding=json
@@ -5976,7 +5976,7 @@ spec:
             resourceFieldRef:
               containerName: manager
               resource: limits.memory
-        image: ghcr.io/fluxcd/kustomize-controller:v1.7.0
+        image: ghcr.io/fluxcd/kustomize-controller:v1.7.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -6033,7 +6033,7 @@ metadata:
     app.kubernetes.io/component: helm-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: helmreleases.helm.toolkit.fluxcd.io
 spec:
   group: helm.toolkit.fluxcd.io
@@ -8664,7 +8664,7 @@ metadata:
     app.kubernetes.io/component: helm-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: helm-controller
   namespace: flux-system
 ---
@@ -8675,7 +8675,7 @@ metadata:
     app.kubernetes.io/component: helm-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     control-plane: controller
   name: helm-controller
   namespace: flux-system
@@ -8694,11 +8694,11 @@ spec:
         app.kubernetes.io/component: helm-controller
         app.kubernetes.io/instance: flux-system
         app.kubernetes.io/part-of: flux
-        app.kubernetes.io/version: v2.7.1
+        app.kubernetes.io/version: v2.7.2
     spec:
       containers:
       - args:
-        - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
+        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./
         - --watch-all-namespaces=true
         - --log-level=info
         - --log-encoding=json
@@ -8713,7 +8713,7 @@ spec:
             resourceFieldRef:
               containerName: manager
               resource: limits.memory
-        image: ghcr.io/fluxcd/helm-controller:v1.4.1
+        image: ghcr.io/fluxcd/helm-controller:v1.4.2
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -8770,7 +8770,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: alerts.notification.toolkit.fluxcd.io
 spec:
   group: notification.toolkit.fluxcd.io
@@ -9160,7 +9160,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: providers.notification.toolkit.fluxcd.io
 spec:
   group: notification.toolkit.fluxcd.io
@@ -9572,7 +9572,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: receivers.notification.toolkit.fluxcd.io
 spec:
   group: notification.toolkit.fluxcd.io
@@ -10049,7 +10049,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
   name: notification-controller
   namespace: flux-system
 ---
@@ -10060,7 +10060,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     control-plane: controller
   name: notification-controller
   namespace: flux-system
@@ -10081,7 +10081,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     control-plane: controller
   name: webhook-receiver
   namespace: flux-system
@@ -10102,7 +10102,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.7.1
+    app.kubernetes.io/version: v2.7.2
     control-plane: controller
   name: notification-controller
   namespace: flux-system
@@ -10121,7 +10121,7 @@ spec:
         app.kubernetes.io/component: notification-controller
         app.kubernetes.io/instance: flux-system
         app.kubernetes.io/part-of: flux
-        app.kubernetes.io/version: v2.7.1
+        app.kubernetes.io/version: v2.7.2
     spec:
       containers:
       - args:
@@ -10139,7 +10139,7 @@ spec:
             resourceFieldRef:
               containerName: manager
               resource: limits.memory
-        image: ghcr.io/fluxcd/notification-controller:v1.7.2
+        image: ghcr.io/fluxcd/notification-controller:v1.7.3
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

cluster/helm/cert-manager/cert-manager-release.yml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: cert-manager
-      version: "v1.18.2"
+      version: "v1.19.0"
       sourceRef:
         kind: HelmRepository
         name: jetstack

cluster/helm/csi-driver-smb/csi-driver-smb-release.yml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: csi-driver-smb
-      version: "1.18.0"
+      version: "1.19.1"
       sourceRef:
         kind: HelmRepository
         name: csi-driver-smb

cluster/helm/longhorn/longhorn-release.yml

@@ -28,4 +28,4 @@ spec:
       enabled: false
     service:
       ui:
-        type: LoadBalancer
+        type: ClusterIP

cluster/helm/prometheus/prometheus-release.yml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: prometheus
-      version: "27.35.0"
+      version: "27.40.1"
       sourceRef:
         kind: HelmRepository
         name: prometheus-community

disabled/apps/drone/drone-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: drone-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

disabled/apps/open-webui/open-webui-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: open-webui-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 5Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

disabled/apps/open-webui/open-webui.yml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
       - name: open-webui
-        image: ghcr.io/open-webui/open-webui:0.6.32
+        image: ghcr.io/open-webui/open-webui:0.6.33
         ports:
         - containerPort: 8080
         env:

disabled/helm/ollama/ollama-pvc.yml

@@ -1,18 +1,3 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: ollama-ceph
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeMode: Filesystem
-  resources:
-    requests:
-      storage: 20Gi
-  storageClassName: csi-rbd-sc
-
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim