From ad89a094826de9b3e68f3ffa598b46e99cb7a67b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 23 Mar 2026 01:21:10 +0000 Subject: [PATCH 1/7] chore(deps): update haproxy docker tag to v3.3.6 (#4991) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | haproxy | minor | `3.0.19-alpine` → `3.3.6-alpine` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4991 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/argocd/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/argocd/values.yaml b/clusters/cl01tl/helm/argocd/values.yaml index 3aadbd496..68cc4de7e 100644 --- a/clusters/cl01tl/helm/argocd/values.yaml +++ b/clusters/cl01tl/helm/argocd/values.yaml @@ -103,7 +103,7 @@ argo-cd: enabled: true image: repository: haproxy - tag: 3.0.19-alpine@sha256:ec781a129b8c4837c76fcb26f7b585708966873b536b9d7aa7cbcc342ae8a76f + tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e resources: requests: cpu: 10m From 9189706ab17a23ec230ce41a8e76b8d393e6fc32 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 23 Mar 2026 01:33:54 +0000 Subject: [PATCH 2/7] chore(deps): update unpoller/unpoller to v2.35.0 (#4982) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/unpoller/unpoller](https://github.com/unpoller/unpoller) | minor | `v2.34.0` → `v2.35.0` | | [unpoller/unpoller](https://github.com/unpoller/unpoller) | minor | `v2.34.0` → `v2.35.0` | --- ### Release Notes
unpoller/unpoller (ghcr.io/unpoller/unpoller) ### [`v2.35.0`](https://github.com/unpoller/unpoller/releases/tag/v2.35.0) [Compare Source](https://github.com/unpoller/unpoller/compare/v2.34.0...v2.35.0) ##### Changelog - [`873202a`](https://github.com/unpoller/unpoller/commit/873202ab5b00468c1edf219cd7d51ffaa4663511) fix(inputunifi): recover from GetActiveDHCPLeasesWithAssociations panic ([#​969](https://github.com/unpoller/unpoller/issues/969)) - [`38c74f1`](https://github.com/unpoller/unpoller/commit/38c74f19c491ab9997c6ab8edb0346de43b06bc7) build(deps): bump the all group with 2 updates ([#​967](https://github.com/unpoller/unpoller/issues/967)) - [`54bb3bf`](https://github.com/unpoller/unpoller/commit/54bb3bfe8e6fbd2bba19f2ac94cf72e84ef60ff3) feat(devices): add UDB (UniFi Device Bridge) support ([#​968](https://github.com/unpoller/unpoller/issues/968)) - [`4248d2e`](https://github.com/unpoller/unpoller/commit/4248d2e3044c069415293a6361a09d8c70f1fc21) build(deps): bump the all group with 4 updates ([#​964](https://github.com/unpoller/unpoller/issues/964)) - [`f94d10d`](https://github.com/unpoller/unpoller/commit/f94d10d223b394674f7b12444b9706cf9f2bfeff) build(deps): bump the all group with 3 updates ([#​960](https://github.com/unpoller/unpoller/issues/960)) - [`a70e521`](https://github.com/unpoller/unpoller/commit/a70e52180d07f2c7fe029f46163ffa6706efab8d) build(deps): bump goreleaser/goreleaser-action in the all group ([#​961](https://github.com/unpoller/unpoller/issues/961)) - [`074595c`](https://github.com/unpoller/unpoller/commit/074595c0a9bb481ea7c2f8b87581c615d105134f) Fix remote API (Fabric/API key): 429 handling, NVR filter, updateWeb nil panic ([#​958](https://github.com/unpoller/unpoller/issues/958))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4982 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/unpoller/Chart.yaml | 2 +- clusters/cl01tl/helm/unpoller/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/cl01tl/helm/unpoller/Chart.yaml b/clusters/cl01tl/helm/unpoller/Chart.yaml index a8fded15e..d3c88f62a 100644 --- a/clusters/cl01tl/helm/unpoller/Chart.yaml +++ b/clusters/cl01tl/helm/unpoller/Chart.yaml @@ -21,4 +21,4 @@ dependencies: version: 4.6.2 icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67 # renovate: datasource=github-releases depName=unpoller/unpoller -appVersion: v2.34.0 +appVersion: v2.35.0 diff --git a/clusters/cl01tl/helm/unpoller/values.yaml b/clusters/cl01tl/helm/unpoller/values.yaml index e36b3d293..1143100e8 100644 --- a/clusters/cl01tl/helm/unpoller/values.yaml +++ b/clusters/cl01tl/helm/unpoller/values.yaml @@ -9,7 +9,7 @@ unpoller: main: image: repository: ghcr.io/unpoller/unpoller - tag: v2.34.0 + tag: v2.35.0 pullPolicy: IfNotPresent env: - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS From 6a7a96f167d848e7d1f3a2c0db8262e71997518c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 23 Mar 2026 01:34:27 +0000 Subject: [PATCH 3/7] chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.5.0 (#4989) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [harbor.alexlebens.net/images/site-documentation](https://gitea.alexlebens.dev/alexlebens/site-documentation) | minor | `0.3.0` → `0.5.0` | --- ### Release Notes
alexlebens/site-documentation (harbor.alexlebens.net/images/site-documentation) ### [`v0.5.0`](https://gitea.alexlebens.dev/alexlebens/site-documentation/releases/tag/0.5.0) [Compare Source](https://gitea.alexlebens.dev/alexlebens/site-documentation/compare/0.4.0...0.5.0) ### [0.5.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.4.0...0.5.0) (2026-03-23) ##### Features - add argo-cd ([36be56e](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/36be56e4502cbc40a7380ef1f7124b002ba7c583)) ### [`v0.4.0`](https://gitea.alexlebens.dev/alexlebens/site-documentation/releases/tag/0.4.0) [Compare Source](https://gitea.alexlebens.dev/alexlebens/site-documentation/compare/0.3.0...0.4.0) ### [0.4.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.3.0...0.4.0) (2026-03-23) ##### Bug Fixes - remove react deps ([5e97a52](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/5e97a524ba045398267f80f55c40288ab40f0d47)) ##### Features - add and update pre-commit ([95805dc](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/95805dcd071dd08e1e6451d96b2d0d1058abedaf)) - add applications, actual ([e21d142](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/e21d1426d23c7deee7ccd415e8ad528f3a9c0b08)) - add argo-workflows ([abde3db](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/abde3db3c76a37ffda8232f8293b8b402eaef81e)) - merge ([a3e6e65](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/a3e6e65c79a92d34cc4b0fffdbba7719bcb14b5d)) - remove splash template ([3fecb72](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/3fecb72e89af7eac1d4fa04e7ec5280c6cf546c8))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4989 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/site-documentation/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/site-documentation/values.yaml b/clusters/cl01tl/helm/site-documentation/values.yaml index f7e9b9b9b..e0c399c87 100644 --- a/clusters/cl01tl/helm/site-documentation/values.yaml +++ b/clusters/cl01tl/helm/site-documentation/values.yaml @@ -11,7 +11,7 @@ site-documentation: main: image: repository: harbor.alexlebens.net/images/site-documentation - tag: 0.3.0 + tag: 0.5.0 pullPolicy: IfNotPresent resources: requests: From 29999cb82fd4187c70a00a0d6399e187bdefc65d Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 20:53:43 -0500 Subject: [PATCH 4/7] feat: refactor audiobookshelf --- .../cl01tl/helm/audiobookshelf/Chart.yaml | 3 ++- .../templates/external-secret.yaml | 3 --- .../cl01tl/helm/audiobookshelf/values.yaml | 26 +++++-------------- 3 files changed, 9 insertions(+), 23 deletions(-) diff --git a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml index 56fdbdefd..89ab61998 100644 --- a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml @@ -7,11 +7,12 @@ keywords: - books - podcasts - audiobooks -home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7 +home: https://docs.alexlebens.dev/applications/audiobookshelf/ sources: - https://github.com/advplyr/audiobookshelf - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml index d049b5b1d..f2e93853c 100644 --- a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: ntfy-url remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/audiobookshelf/apprise - metadataPolicy: None property: ntfy-url diff --git a/clusters/cl01tl/helm/audiobookshelf/values.yaml b/clusters/cl01tl/helm/audiobookshelf/values.yaml index 4af74a2c6..de2e313a1 100644 --- a/clusters/cl01tl/helm/audiobookshelf/values.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/values.yaml @@ -4,28 +4,25 @@ audiobookshelf: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/advplyr/audiobookshelf - tag: 2.33.1 - pullPolicy: IfNotPresent + tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708 env: - name: TZ - value: US/Central + value: America/Chicago resources: requests: cpu: 10m - memory: 128Mi + memory: 200Mi apprise-api: image: - repository: caronc/apprise - tag: v1.3.2 - pullPolicy: IfNotPresent + repository: ghcr.io/caronc/apprise + tag: v1.3.2@sha256:1aafc2118b6eae5d70d17831d9a8a52adee7104fd6f2bb018e6421664699c903 env: - name: TZ - value: US/Central + value: America/Chicago - name: PGID value: "1000" - name: PUID @@ -41,10 +38,6 @@ audiobookshelf: secretKeyRef: name: audiobookshelf-apprise-config key: ntfy-url - resources: - requests: - cpu: 10m - memory: 128Mi service: main: controller: main @@ -82,11 +75,8 @@ audiobookshelf: - audiobookshelf.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: audiobookshelf + - name: audiobookshelf port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -97,7 +87,6 @@ audiobookshelf: storageClass: ceph-block accessMode: ReadWriteOnce size: 2Gi - retain: true advancedMounts: main: main: @@ -108,7 +97,6 @@ audiobookshelf: storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi - retain: true advancedMounts: main: main: From e927906fa36f69f6a0eceafe9fe8dbe4c5026a0a Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 21:27:36 -0500 Subject: [PATCH 5/7] feat: add reference --- clusters/cl01tl/helm/audiobookshelf/Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml index 89ab61998..d7e522a06 100644 --- a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml @@ -10,7 +10,9 @@ keywords: home: https://docs.alexlebens.dev/applications/audiobookshelf/ sources: - https://github.com/advplyr/audiobookshelf + - https://github.com/caronc/apprise - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf + - https://github.com/caronc/apprise-api/pkgs/container/apprise - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: From 2beff516d615880721e9b08b3972c1caf650c426 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 21:27:52 -0500 Subject: [PATCH 6/7] feat: refactor authentik --- clusters/cl01tl/helm/authentik/Chart.yaml | 5 +- .../authentik/templates/external-secret.yaml | 3 - clusters/cl01tl/helm/authentik/values.yaml | 63 ++++++++----------- 3 files changed, 28 insertions(+), 43 deletions(-) diff --git a/clusters/cl01tl/helm/authentik/Chart.yaml b/clusters/cl01tl/helm/authentik/Chart.yaml index 835427327..313143d47 100644 --- a/clusters/cl01tl/helm/authentik/Chart.yaml +++ b/clusters/cl01tl/helm/authentik/Chart.yaml @@ -6,10 +6,8 @@ keywords: - authentik - sso - oidc - - ldap - - idp - authentication -home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d +home: https://docs.alexlebens.dev/applications/authentik/ sources: - https://github.com/goauthentik/authentik - https://github.com/cloudflare/cloudflared @@ -17,6 +15,7 @@ sources: - https://github.com/goauthentik/helm - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml index 244e4eb04..dfbf0456a 100644 --- a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/authentik/key - metadataPolicy: None property: key diff --git a/clusters/cl01tl/helm/authentik/values.yaml b/clusters/cl01tl/helm/authentik/values.yaml index f3eb618f9..a093e7e91 100644 --- a/clusters/cl01tl/helm/authentik/values.yaml +++ b/clusters/cl01tl/helm/authentik/values.yaml @@ -30,8 +30,23 @@ authentik: redis: host: authentik-valkey server: - name: server - replicas: 1 + replicas: 2 + resources: + requests: + cpu: 100m + memory: 700Mi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 metrics: enabled: true serviceMonitor: @@ -39,8 +54,6 @@ authentik: route: main: enabled: true - apiVersion: gateway.networking.k8s.io/v1 - kind: HTTPRoute hostnames: - authentik.alexlebens.net parentRefs: @@ -48,21 +61,20 @@ authentik: kind: Gateway name: traefik-gateway namespace: traefik - httpsRedirect: false - matches: - - path: - type: PathPrefix - value: / worker: name: worker - replicas: 1 + replicas: 2 + resources: + requests: + cpu: 100m + memory: 512Mi + metrics: + enabled: true + serviceMonitor: + enabled: true prometheus: rules: enabled: true - postgresql: - enabled: false - redis: - enabled: false postgres-18-cluster: mode: recovery recovery: @@ -76,32 +88,9 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 5 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external From 4e2027b979abed3a24f49bbf5f83ff764c657290 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 21:28:08 -0500 Subject: [PATCH 7/7] feat: add template to detect authentik versioning --- renovate.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index 772ddb0e1..0b2d7e359 100644 --- a/renovate.json +++ b/renovate.json @@ -22,7 +22,8 @@ ], "matchStrings": [ "#\\s*renovate:\\s*datasource=(?.*?) depName=(?.*?)\\s+appVersion:\\s*[\"']?(?[^\"'\\s]+)[\"']?" - ] + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}" }, { "description": "Update images in templates",