diff --git a/.gitea/workflows/lint-test-docker.yaml b/.gitea/workflows/lint-test-docker.yaml index ceee8c2ec..47f0dd72c 100644 --- a/.gitea/workflows/lint-test-docker.yaml +++ b/.gitea/workflows/lint-test-docker.yaml @@ -21,14 +21,14 @@ jobs: runs-on: ubuntu-js steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: Check Branch Exists id: check-branch-exists if: github.event_name == 'pull_request' - uses: GuillaumeFalourd/branch-exists@v1.1 + uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1 with: branch: "${{ github.base_ref }}" @@ -51,7 +51,7 @@ jobs: - name: Set Up Node.js if: steps.branch-exists.outputs.exists == 'true' - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: '24' diff --git a/.gitea/workflows/lint-test-helm.yaml b/.gitea/workflows/lint-test-helm.yaml index f369f5d2e..027ff30d7 100644 --- a/.gitea/workflows/lint-test-helm.yaml +++ b/.gitea/workflows/lint-test-helm.yaml @@ -28,14 +28,14 @@ jobs: changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: Check Branch Exists id: check-branch-exists if: github.event_name == 'pull_request' - uses: GuillaumeFalourd/branch-exists@v1.1 + uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1 with: branch: ${{ github.base_ref }} @@ -58,7 +58,7 @@ jobs: - name: Set Up Helm if: steps.branch-exists.outputs.exists == 'true' - uses: azure/setup-helm@v4 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 with: token: ${{ secrets.GITEA_TOKEN }} # renovate: datasource=github-releases depName=helm/helm @@ -67,7 +67,7 @@ jobs: - name: Cache Helm Dependencies if: steps.branch-exists.outputs.exists == 'true' - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: | ~/.cache/helm @@ -232,7 +232,7 @@ jobs: github.event_name == 'pull_request' steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -257,7 +257,7 @@ jobs: echo "----" - name: Set Up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 with: token: ${{ secrets.GITEA_TOKEN }} # renovate: datasource=github-releases depName=helm/helm @@ -265,7 +265,7 @@ jobs: cache: true - name: Cache Helm Dependencies - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: | ~/.cache/helm diff --git a/.gitea/workflows/render-manifests.yaml b/.gitea/workflows/render-manifests.yaml index f28a39bc8..602da9b63 100644 --- a/.gitea/workflows/render-manifests.yaml +++ b/.gitea/workflows/render-manifests.yaml @@ -31,32 +31,32 @@ jobs: (github.event_name == 'pull_request' && github.event.pull_request.merged == true) steps: - name: Checkout Main - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: path: infrastructure fetch-depth: 0 - name: Checkout Manifests - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: manifests path: infrastructure-manifests - name: Set Up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 with: token: ${{ secrets.GITEA_TOKEN }} version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 cache: true - name: Configure Kubeconfig - uses: azure/k8s-set-context@v4 + uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} - name: Cache Helm Dependencies - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: | ~/.cache/helm diff --git a/.gitea/workflows/renovate.yaml b/.gitea/workflows/renovate.yaml index 937cf1832..d41919583 100644 --- a/.gitea/workflows/renovate.yaml +++ b/.gitea/workflows/renovate.yaml @@ -13,10 +13,10 @@ on: jobs: renovate: runs-on: ubuntu-latest - container: ghcr.io/renovatebot/renovate:43 + container: ghcr.io/renovatebot/renovate:43@sha256:92285747b3aac062a4f567762c272a12dce037843a20177a02c95b7c420e20cb steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Renovate run: renovate diff --git a/hosts/pd05wd/ollama/compose.yaml b/hosts/pd05wd/ollama/compose.yaml index 673737453..e86df0bd1 100644 --- a/hosts/pd05wd/ollama/compose.yaml +++ b/hosts/pd05wd/ollama/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale-ollama: - image: ghcr.io/tailscale/tailscale:latest + image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-ollama cap_add: - net_admin @@ -20,7 +20,7 @@ services: - /dev/net/tun:/dev/net/tun ollama: - image: ollama/ollama:latest + image: ollama/ollama:latest@sha256:5a5d014aa774f78ebe1340c0d4afc2e35afc12a2c3b34c84e71f78ea20af4ba3 container_name: ollama environment: - OLLAMA_KEEP_ALIVE=24h diff --git a/hosts/pd05wd/stable-diffusion/compose.yaml b/hosts/pd05wd/stable-diffusion/compose.yaml index c4c929fd9..ec9028aaa 100644 --- a/hosts/pd05wd/stable-diffusion/compose.yaml +++ b/hosts/pd05wd/stable-diffusion/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale-stable-diffusion: - image: ghcr.io/tailscale/tailscale:latest + image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-stable-diffusion cap_add: - net_admin @@ -22,7 +22,7 @@ services: - /dev/net/tun:/dev/net/tun stable-diffusion: - image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda + image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda@sha256:bc4b2b12ac8d030cc5daf25e2c32517709b7c15f59a32685c4c1a14a9606eb42 container_name: stable-diffusion environment: - WEBUI_ARGS="--api --listen" diff --git a/hosts/ps08rp/blocky/compose.yaml b/hosts/ps08rp/blocky/compose.yaml index 211d648e9..d23161f05 100644 --- a/hosts/ps08rp/blocky/compose.yaml +++ b/hosts/ps08rp/blocky/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale-blocky: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-blocky cap_add: - net_admin @@ -18,7 +18,7 @@ services: - /dev/net/tun:/dev/net/tun blocky: - image: ghcr.io/0xerr0r/blocky:v0.29.0 + image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0 container_name: blocky environment: - TZ=America/Chicago diff --git a/hosts/ps08rp/node-exporter/compose.yaml b/hosts/ps08rp/node-exporter/compose.yaml index 63a16dbeb..d0a082997 100644 --- a/hosts/ps08rp/node-exporter/compose.yaml +++ b/hosts/ps08rp/node-exporter/compose.yaml @@ -1,7 +1,7 @@ --- services: node-exporter: - image: quay.io/prometheus/node-exporter:v1.10.2 + image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565 container_name: node-exporter command: - '--path.rootfs=/rootfs' diff --git a/hosts/ps08rp/traefik/compose.yaml b/hosts/ps08rp/traefik/compose.yaml index 85d00c04f..beb9ce11e 100644 --- a/hosts/ps08rp/traefik/compose.yaml +++ b/hosts/ps08rp/traefik/compose.yaml @@ -1,7 +1,7 @@ --- services: traefik: - image: ghcr.io/traefik/traefik:v3.6.11 + image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c container_name: traefik command: - "--global.checkNewVersion=false" diff --git a/hosts/ps09rp/blocky/compose.yaml b/hosts/ps09rp/blocky/compose.yaml index 7c408cd12..0d0dda22f 100644 --- a/hosts/ps09rp/blocky/compose.yaml +++ b/hosts/ps09rp/blocky/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale-blocky: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-blocky cap_add: - net_admin @@ -18,7 +18,7 @@ services: - /dev/net/tun:/dev/net/tun blocky: - image: ghcr.io/0xerr0r/blocky:v0.29.0 + image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0 container_name: blocky environment: - TZ=America/Chicago diff --git a/hosts/ps09rp/node-exporter/compose.yaml b/hosts/ps09rp/node-exporter/compose.yaml index 63a16dbeb..d0a082997 100644 --- a/hosts/ps09rp/node-exporter/compose.yaml +++ b/hosts/ps09rp/node-exporter/compose.yaml @@ -1,7 +1,7 @@ --- services: node-exporter: - image: quay.io/prometheus/node-exporter:v1.10.2 + image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565 container_name: node-exporter command: - '--path.rootfs=/rootfs' diff --git a/hosts/ps09rp/traefik/compose.yaml b/hosts/ps09rp/traefik/compose.yaml index fd084bce3..1dbd4f882 100644 --- a/hosts/ps09rp/traefik/compose.yaml +++ b/hosts/ps09rp/traefik/compose.yaml @@ -1,7 +1,7 @@ --- services: traefik: - image: ghcr.io/traefik/traefik:v3.6.11 + image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c container_name: traefik command: - "--global.checkNewVersion=false" diff --git a/hosts/ps10rp/blocky/compose.yaml b/hosts/ps10rp/blocky/compose.yaml index d77843bc5..34fd627c6 100644 --- a/hosts/ps10rp/blocky/compose.yaml +++ b/hosts/ps10rp/blocky/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale-blocky: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-blocky cap_add: - net_admin @@ -18,7 +18,7 @@ services: - /dev/net/tun:/dev/net/tun blocky: - image: ghcr.io/0xerr0r/blocky:v0.29.0 + image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0 container_name: blocky environment: - TZ=America/Chicago diff --git a/hosts/ps10rp/castsponsorskip/compose.yaml b/hosts/ps10rp/castsponsorskip/compose.yaml index 9c982b6a8..3d2717b96 100644 --- a/hosts/ps10rp/castsponsorskip/compose.yaml +++ b/hosts/ps10rp/castsponsorskip/compose.yaml @@ -1,7 +1,7 @@ --- services: castsponsorskip: - image: ghcr.io/gabe565/castsponsorskip:0.8.3 + image: ghcr.io/gabe565/castsponsorskip:0.8.3@sha256:f556d274aab94c3140058e9f192396bc75e04d8e075769223c1edfc8c4f4daa4 container_name: castsponsorskip environment: - TZ=America/Chicago diff --git a/hosts/ps10rp/cloudflare-ddns/compose.yaml b/hosts/ps10rp/cloudflare-ddns/compose.yaml index 144c5308e..0503cb97e 100644 --- a/hosts/ps10rp/cloudflare-ddns/compose.yaml +++ b/hosts/ps10rp/cloudflare-ddns/compose.yaml @@ -1,7 +1,7 @@ --- services: cloudflare-ddns: - image: favonia/cloudflare-ddns:1.15.1 + image: favonia/cloudflare-ddns:1.15.1@sha256:a4e2089b3531eec8c9328c7a9a586f80e8d67dcd94856e0b596b7896e1de3f62 container_name: cloudflare-ddns cap_drop: - all diff --git a/hosts/ps10rp/garage/compose.yaml b/hosts/ps10rp/garage/compose.yaml index b5da40785..ba9c83272 100644 --- a/hosts/ps10rp/garage/compose.yaml +++ b/hosts/ps10rp/garage/compose.yaml @@ -1,6 +1,6 @@ services: tailscale-garage: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-garage cap_add: - net_admin @@ -20,7 +20,7 @@ services: - /dev/net/tun:/dev/net/tun tailscale-garage-ui: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-garage-ui cap_add: - net_admin @@ -39,7 +39,7 @@ services: - /dev/net/tun:/dev/net/tun garage: - image: dxflrs/garage:v2.2.0 + image: dxflrs/garage:v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 container_name: garage env_file: - .env @@ -54,7 +54,7 @@ services: - data:/var/lib/garage/data garage-ui: - image: khairul169/garage-webui:1.1.0 + image: khairul169/garage-webui:1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c container_name: garage-ui env_file: - .env diff --git a/hosts/ps10rp/gitea/compose.yaml b/hosts/ps10rp/gitea/compose.yaml index 4e6df77bf..189c4d64b 100644 --- a/hosts/ps10rp/gitea/compose.yaml +++ b/hosts/ps10rp/gitea/compose.yaml @@ -1,6 +1,6 @@ services: tailscale-gitea: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-gitea cap_add: - net_admin @@ -19,7 +19,7 @@ services: - /dev/net/tun:/dev/net/tun postgresql: - image: docker.io/postgres:18.1-alpine3.21 + image: docker.io/postgres:18.1-alpine3.21@sha256:44d837eb4c2ed263474a95f0cc24745413c50924df60dd73ed6c4c3e36b84259 container_name: gitea-postgres env_file: - .env @@ -33,7 +33,7 @@ services: - postgresql18:/var/lib/postgresql gitea: - image: gitea/gitea:1.25.5 + image: gitea/gitea:1.25.5@sha256:f846d26a4fc389c5806a580a765e00bfdd1fd181e6f2060da98ea2669d914472 container_name: gitea depends_on: - postgresql diff --git a/hosts/ps10rp/homepage/compose.yaml b/hosts/ps10rp/homepage/compose.yaml index 8f826d7b1..e8b95a096 100644 --- a/hosts/ps10rp/homepage/compose.yaml +++ b/hosts/ps10rp/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale-homepage: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-homepage cap_add: - net_admin @@ -20,7 +20,7 @@ services: - /dev/net/tun:/dev/net/tun dockerproxy: - image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.2 + image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.2@sha256:1f3a6f303320723d199d2316a3e82b2e2685d86c275d5e3deeaf182573b47476 container_name: homepage-dockerproxy environment: - CONTAINERS=1 @@ -32,7 +32,7 @@ services: - /var/run/docker.sock:/var/run/docker.sock:ro homepage: - image: ghcr.io/gethomepage/homepage:v1.11.0 + image: ghcr.io/gethomepage/homepage:v1.11.0@sha256:b129cb0f674bd6d204e215bde2c2fc3f11d6ad0e82f6d20007cf80f74e1acbb1 container_name: homepage labels: traefik.enable: true diff --git a/hosts/ps10rp/isponsorblocktv/compose.yaml b/hosts/ps10rp/isponsorblocktv/compose.yaml index 1c92b17bc..b59f55e87 100644 --- a/hosts/ps10rp/isponsorblocktv/compose.yaml +++ b/hosts/ps10rp/isponsorblocktv/compose.yaml @@ -1,7 +1,7 @@ --- services: isponsorblocktv: - image: ghcr.io/dmunozv04/isponsorblocktv:v2.6.1 + image: ghcr.io/dmunozv04/isponsorblocktv:v2.6.1@sha256:545856523283753ebcf4b400a46895b9906844be5265a0f4cab98a6b0bdf84be container_name: isponsorblocktv environment: - TZ=America/Chicago diff --git a/hosts/ps10rp/komodo-periphery/compose.yaml b/hosts/ps10rp/komodo-periphery/compose.yaml index c943322aa..ee8a96c0c 100644 --- a/hosts/ps10rp/komodo-periphery/compose.yaml +++ b/hosts/ps10rp/komodo-periphery/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale-komodo-periphery: - image: ghcr.io/tailscale/tailscale:latest + image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-komodo-periphery cap_add: - net_admin @@ -20,7 +20,7 @@ services: - /dev/net/tun:/dev/net/tun komodo-periphery: - image: ghcr.io/moghtech/komodo-periphery:latest + image: ghcr.io/moghtech/komodo-periphery:latest@sha256:bd79cf960ed054fe8e02384322303e462448679b1149dde48bbef151417255b1 container_name: komodo-periphery env_file: - .env diff --git a/hosts/ps10rp/node-exporter/compose.yaml b/hosts/ps10rp/node-exporter/compose.yaml index dc75e3835..fa82d659a 100644 --- a/hosts/ps10rp/node-exporter/compose.yaml +++ b/hosts/ps10rp/node-exporter/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale-node-exporter: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-node-exporter cap_add: - net_admin @@ -20,7 +20,7 @@ services: - /dev/net/tun:/dev/net/tun node-exporter: - image: quay.io/prometheus/node-exporter:v1.10.2 + image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565 container_name: node-exporter command: - '--path.rootfs=/rootfs' diff --git a/hosts/ps10rp/tailscale-subnet/compose.yaml b/hosts/ps10rp/tailscale-subnet/compose.yaml index cebb60112..12d3295fc 100644 --- a/hosts/ps10rp/tailscale-subnet/compose.yaml +++ b/hosts/ps10rp/tailscale-subnet/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-subnet cap_add: - net_admin diff --git a/hosts/ps10rp/traefik/compose.yaml b/hosts/ps10rp/traefik/compose.yaml index 41d945735..19ac9a57d 100644 --- a/hosts/ps10rp/traefik/compose.yaml +++ b/hosts/ps10rp/traefik/compose.yaml @@ -1,7 +1,7 @@ --- services: tailscale-traefik: - image: ghcr.io/tailscale/tailscale:v1.94.2 + image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1 container_name: tailscale-traefik cap_add: - net_admin @@ -20,7 +20,7 @@ services: - /dev/net/tun:/dev/net/tun traefik: - image: ghcr.io/traefik/traefik:v3.6.11 + image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c container_name: traefik command: - "--global.checkNewVersion=false"