Update docker.io/postgres Docker tag to v18

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [postgres-cluster](https://github.com/cloudnative-pg/cloudnative-pg) | patch | `6.16.0` -> `6.16.1` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0Mi41LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImF1dG9tZXJnZSIsImltYWdlIl19-->

Reviewed-on: #2237
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

.gitea/workflows/lint-test-docker-pull.yaml

@@ -1,86 +0,0 @@
-name: lint-test-docker
-
-on:
-  pull_request:
-    branches:
-      - main
-    paths:
-      - 'hosts/**'
-
-jobs:
-  docker-lint:
-    runs-on: ubuntu-js
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-
-      - name: Check Branch Exists
-        id: check-branch-exists
-        uses: GuillaumeFalourd/branch-exists@v1.1
-        with:
-          branch: "${{ github.base_ref }}"
-
-      - name: Branch Does Not Exist
-        if: steps.check-branch-exists.outputs.exists == 'false'
-        run: echo "Branch ${{ github.base_ref }} was not found, likely already merged"
-
-      - name: Set up Node.js
-        if: steps.check-branch-exists.outputs.exists == 'true'
-        uses: actions/setup-node@v6
-        with:
-          node-version: '24'
-
-      - name: Lint Docker Compose
-        if: steps.check-branch-exists.outputs.exists == 'true'
-        run: |
-          set -e  # Exit immediately if a command exits with a non-zero status.
-
-          TARGET_BRANCH="origin/${{ github.base_ref }}"
-          echo ">> Target branch for diff is: $TARGET_BRANCH"
-
-          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'hosts/**')
-
-          echo ">> Found changed files:"
-          echo "$CHANGED_FILES"
-
-          # For each changed file, find its parent chart directory (the one with compose.yaml).
-          # Then, create a unique list of those directories.
-          CHANGED_COMPOSE=$(echo "$CHANGED_FILES" | while read -r file; do
-            dir=$(dirname "$file")
-            while [[ "$dir" != "." && ! -f "$dir/compose.yaml" ]]; do
-              dir=$(dirname "$dir")
-            done
-            if [[ "$dir" != "." ]]; then
-              echo "$dir"
-            fi
-          done | sort -u)
-
-          if [[ -z "$CHANGED_COMPOSE" ]]; then
-            echo ">> Could not determine changed compose files. This will happen if only files outside a compose file were changed."
-            exit 0
-          fi
-
-          echo ">> Running dclint on changed compose files:"
-          echo "$CHANGED_COMPOSE"
-
-          echo "$CHANGED_COMPOSE" | while read -r compose; do
-            echo ">> Linting $compose ..."
-            npx dclint $compose
-          done
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Test Failure - Infrastructure'
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: 'Docker linting on Pull Request for Infrastructure has failed!'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-pull.yaml", "clear": true}]'
-          image: true

.gitea/workflows/lint-test-docker-push.yaml

@@ -1,74 +0,0 @@
-name: lint-test-docker
-
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'hosts/**'
-
-jobs:
-  docker-lint:
-    runs-on: ubuntu-js
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: '24'
-
-      - name: Lint Docker Compose
-        run: |
-          set -e  # Exit immediately if a command exits with a non-zero status.
-
-          TARGET_BRANCH="origin/main"
-          echo ">> Target branch for diff is: $TARGET_BRANCH"
-
-          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'hosts/**')
-
-          echo ">> Found changed files:"
-          echo "$CHANGED_FILES"
-
-          # For each changed file, find its parent chart directory (the one with compose.yaml).
-          # Then, create a unique list of those directories.
-          CHANGED_COMPOSE=$(echo "$CHANGED_FILES" | while read -r file; do
-            dir=$(dirname "$file")
-            while [[ "$dir" != "." && ! -f "$dir/compose.yaml" ]]; do
-              dir=$(dirname "$dir")
-            done
-            if [[ "$dir" != "." ]]; then
-              echo "$dir"
-            fi
-          done | sort -u)
-
-          if [[ -z "$CHANGED_COMPOSE" ]]; then
-            echo ">> Could not determine changed compose files. This will happen if only files outside a compose file were changed."
-            exit 0
-          fi
-
-          echo ">> Running dclint on changed compose files:"
-          echo "$CHANGED_COMPOSE"
-
-          echo "$CHANGED_COMPOSE" | while read -r compose; do
-            echo ">> Linting $compose ..."
-            npx dclint $compose
-          done
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Test Failure - Infrastructure'
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: 'Docker linting on Push for Infrastructure has failed!'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-push.yaml", "clear": true}]'
-          image: true

.gitea/workflows/lint-test-docker.yaml

@@ -0,0 +1,125 @@
+name: lint-test-docker
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'hosts/**'
+
+  push:
+    branches:
+      - main
+    paths:
+      - 'hosts/**'
+
+env:
+  BASE_BRANCH: "origin/${{ gitea.base_ref }}"
+
+jobs:
+  lint-docker-compose:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Check Branch Exists
+        id: check-branch-exists
+        if: github.event_name == 'pull_request'
+        uses: GuillaumeFalourd/branch-exists@v1.1
+        with:
+          branch: "${{ github.base_ref }}"
+
+      - name: Report Branch Exists
+        id: branch-exists
+        if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
+        run: |
+          echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
+
+          echo "----"
+
+          echo "exists=true" >> $GITEA_OUTPUT
+
+      - name: Set up Node.js
+        if: steps.check-branch-exists.outputs.exists == 'true'
+        uses: actions/setup-node@v6
+        with:
+          node-version: '24'
+
+      - name: Check Directories for Changes
+        id: check-dir-changes
+        if: steps.branch-exists.outputs.exists == 'true'
+        run: |
+          CHANGED_COMPOSE=()
+
+          echo ">> Target branch for diff is: ${BASE_BRANCH}"
+
+          if [ "${{ github.event_name }}" == "pull_request" ]; then
+            echo ""
+            echo ">> Checking for changes in a pull request ..."
+            GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "hosts/[^/]+/[^/]+")
+          else
+            echo ""
+            echo ">> Checking for changes from a push ..."
+            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "hosts/[^/]+/[^/]+")
+          fi
+
+          if [ -n "${GIT_DIFF}" ]; then
+            echo ""
+            echo ">> Changes detected:"
+            echo "$GIT_DIFF"
+
+            for path in $GIT_DIFF; do
+              CHANGED_COMPOSE+=$(echo "$path")
+            done
+
+          else
+            echo ""
+            echo ">> No changes detected"
+
+          fi
+
+          if [ -n "${CHANGED_COMPOSE}" ]; then
+            echo ""
+            echo ">> Compose to Lint:"
+            echo "$(echo "${CHANGED_COMPOSE[@]}" | sort -u)"
+
+            echo "----"
+
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "compose-dir<<EOF" >> $GITEA_OUTPUT
+            echo "$(echo "${CHANGED_COMPOSE[@]}" | sort -u)" >> $GITEA_OUTPUT
+            echo "EOF" >> $GITEA_OUTPUT
+          else
+            echo "changes-detected=false" >> $GITEA_OUTPUT
+          fi
+
+      - name: Lint Docker Compose
+        if: steps.check-branch-exists.outputs.exists == 'true'
+        env:
+          CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }}
+        run: |
+          echo ">> Running dclint on changed compose files:"
+          echo "$CHANGED_COMPOSE"
+
+          echo "$CHANGED_COMPOSE" | while read -r compose; do
+            echo ">> Linting $compose ..."
+            npx dclint $compose
+          done
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Test Failure - Infrastructure'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Docker linting on Pull Request for Infrastructure has failed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-pull.yaml", "clear": true}]'
+          image: true

.gitea/workflows/lint-test-helm-pull.yaml

@@ -1,94 +0,0 @@
-name: lint-test-helm
-
-on:
-  pull_request:
-    branches:
-      - main
-    paths:
-      - 'clusters/**'
-
-jobs:
-  helm-lint:
-    runs-on: ubuntu-js
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-
-      - name: Check Branch Exists
-        id: check-branch-exists
-        uses: GuillaumeFalourd/branch-exists@v1.1
-        with:
-          branch: ${{ github.base_ref }}
-
-      - name: Branch Does Not Exist
-        if: steps.check-branch-exists.outputs.exists == 'false'
-        run: echo "Branch ${{ github.base_ref }} was not found, likely already merged"
-
-      - name: Set up Helm
-        if: steps.check-branch-exists.outputs.exists == 'true'
-        uses: azure/setup-helm@v4
-        with:
-          token: ${{ secrets.GITEA_TOKEN }}
-          version: v3.19.2
-
-      - name: Lint Helm Chart
-        if: steps.check-branch-exists.outputs.exists == 'true'
-        run: |
-          set -e  # Exit immediately if a command exits with a non-zero status.
-
-          TARGET_BRANCH="origin/${{ github.base_ref }}"
-          echo ">> Target branch for diff is: $TARGET_BRANCH"
-
-          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'clusters/**')
-
-          echo ">> Found changed files:"
-          echo "$CHANGED_FILES"
-
-          # For each changed file, find its parent chart directory (the one with Chart.yaml).
-          # Then, create a unique list of those directories.
-          CHANGED_CHARTS=$(echo "$CHANGED_FILES" | while read -r file; do
-            dir=$(dirname "$file")
-            while [[ "$dir" != "." && ! -f "$dir/Chart.yaml" ]]; do
-              dir=$(dirname "$dir")
-            done
-            if [[ "$dir" != "." ]]; then
-              echo "$dir"
-            fi
-          done | sort -u)
-
-          if [[ -z "$CHANGED_CHARTS" ]]; then
-            echo ">> Could not determine changed charts. This could happen if only files outside a chart were changed."
-            exit 0
-          fi
-
-          echo ">> Running helm lint on changed charts:"
-          echo "$CHANGED_CHARTS"
-
-          echo "$CHANGED_CHARTS" | while read -r chart; do
-            helm dependency list --max-col-width 120 $chart 2> /dev/null \
-              | tail +2 | head -n -1 \
-              | awk '{ print "helm repo add " $1 " " $3 }' \
-              | while read cmd; do echo "$cmd" | sh; done || true
-
-            echo ">> Building dependency for "$chart" ..."
-            helm dependency build "$chart"
-            echo ">> Linting $chart..."
-            helm lint "$chart"
-          done
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Test Failure - Infrastructure'
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: 'Helm linting on Pull Request for Infrastructure has failed!'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-pull.yaml", "clear": true}]'
-          image: true

.gitea/workflows/lint-test-helm-push.yaml

@@ -1,80 +0,0 @@
-name: lint-test-helm
-
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'clusters/**'
-
-jobs:
-  helm-lint:
-    runs-on: ubuntu-js
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-        with:
-          token: ${{ secrets.GITEA_TOKEN }}
-          version: v3.19.2
-
-      - name: Lint Helm Chart
-        run: |
-          TARGET_BRANCH="origin/main"
-          echo ">> Target branch for diff is: $TARGET_BRANCH"
-
-          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'clusters/**')
-
-          echo ">> Found changed files:"
-          echo "$CHANGED_FILES"
-
-          # For each changed file, find its parent chart directory (the one with Chart.yaml).
-          # Then, create a unique list of those directories.
-          CHANGED_CHARTS=$(echo "$CHANGED_FILES" | while read -r file; do
-            dir=$(dirname "$file")
-            while [[ "$dir" != "." && ! -f "$dir/Chart.yaml" ]]; do
-              dir=$(dirname "$dir")
-            done
-            if [[ "$dir" != "." ]]; then
-              echo "$dir"
-            fi
-          done | sort -u)
-
-          if [[ -z "$CHANGED_CHARTS" ]]; then
-            echo ">> Could not determine changed charts. This could happen if only files outside a chart were changed."
-            exit 0
-          fi
-
-          echo ">> Running helm lint on changed charts:"
-          echo "$CHANGED_CHARTS"
-
-          echo "$CHANGED_CHARTS" | while read -r chart; do
-            helm dependency list --max-col-width 120 $chart 2> /dev/null \
-              | tail +2 | head -n -1 \
-              | awk '{ print "helm repo add " $1 " " $3 }' \
-              | while read cmd; do echo "$cmd" | sh; done || true
-
-            echo ">> Building dependency for "$chart" ..."
-            helm dependency build "$chart"
-            echo ">> Linting $chart..."
-            helm lint "$chart"
-          done
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Test Failure - Infrastructure'
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: 'Helm linting on Push for Infrastructure has failed!'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-push.yaml", "clear": true}]'
-          image: true

.gitea/workflows/lint-test-helm.yaml

@@ -0,0 +1,164 @@
+name: lint-test-helm
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'clusters/*/helm/**'
+
+  push:
+    branches:
+      - main
+    paths:
+      - 'clusters/*/helm/**'
+
+env:
+  CLUSTER: cl01tl
+  BASE_BRANCH: "origin/${{ gitea.base_ref }}"
+
+jobs:
+  lint-helm:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Check Branch Exists
+        id: check-branch-exists
+        if: github.event_name == 'pull_request'
+        uses: GuillaumeFalourd/branch-exists@v1.1
+        with:
+          branch: ${{ gitea.base_ref }}
+
+      - name: Report Branch Exists
+        id: branch-exists
+        if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
+        run: |
+          echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
+
+          echo "----"
+
+          echo "exists=true" >> $GITEA_OUTPUT
+
+      - name: Set up Helm
+        if: steps.branch-exists.outputs.exists == 'true'
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: v3
+
+      - name: Check Directories for Changes
+        id: check-dir-changes
+        if: steps.branch-exists.outputs.exists == 'true'
+        run: |
+          CHANGED_CHARTS=()
+
+          echo ">> Target branch for diff is: ${BASE_BRANCH}"
+
+          if [ "${{ github.event_name }}" == "pull_request" ]; then
+            echo ""
+            echo ">> Checking for changes in a pull request ..."
+            GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
+          else
+            echo ""
+            echo ">> Checking for changes from a push ..."
+            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
+          fi
+
+          if [ -n "${GIT_DIFF}" ]; then
+            echo ""
+            echo ">> Changes detected:"
+            echo "$GIT_DIFF"
+
+            for path in $GIT_DIFF; do
+              CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
+            done
+
+          else
+            echo ""
+            echo ">> No changes detected"
+
+          fi
+
+          if [ -n "${CHANGED_CHARTS}" ]; then
+            echo ""
+            echo ">> Chart to Lint:"
+            echo "$(echo "${CHANGED_CHARTS[@]}" | sort -u)"
+
+            echo "----"
+
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "chart-dir<<EOF" >> $GITEA_OUTPUT
+            echo "$(echo "${CHANGED_CHARTS[@]}" | sort -u)" >> $GITEA_OUTPUT
+            echo "EOF" >> $GITEA_OUTPUT
+          else
+            echo "changes-detected=false" >> $GITEA_OUTPUT
+          fi
+
+      - name: Add Repositories
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
+        run: |
+          echo ">> Adding repositories for chart dependencies ..."
+          for dir in ${CHANGED_CHARTS}; do
+            helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+              | tail +2 | head -n -1 \
+              | awk '{ print "helm repo add " $1 " " $3 }' \
+              | while read cmd; do echo "$cmd" | sh; done || true
+          done
+
+          if helm repo list | tail +2 | read -r; then
+            echo ""
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
+          echo "----"
+
+      - name: Lint Helm Chart
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
+        run: |
+          echo ">> Running linting on changed charts ..."
+
+          for dir in ${CHANGED_CHARTS}; do
+            chart_path=clusters/${CLUSTER}/helm/$dir
+            chart_name=$(basename "$chart_path")
+
+            if [ -f "$chart_path/Chart.yaml" ]; then
+              cd $chart_path
+
+              echo ""
+              echo ">> Building helm dependency ..."
+              helm dependency build --skip-refresh
+
+              echo ""
+              echo ">> Linting helm ..."
+              helm lint --namespace "$chart_name"
+
+            else
+              echo ""
+              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ""
+            fi
+          done
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Test Failure - Infrastructure'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Helm linting on Pull Request for Infrastructure has failed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-pull.yaml", "clear": true}]'
+          image: true

.gitea/workflows/render-manifests-automerge.yaml

@@ -1,4 +1,4 @@
-name: render-manfiest-automerge
+name: render-manifests-automerge
 
 on:
   pull_request:
@@ -17,7 +17,7 @@ env:
   MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
 
 jobs:
-  render-manfiest-automerge:
+  render-manifests-automerge:
     runs-on: ubuntu-js
     if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'automerge')) }}
     steps:
@@ -64,10 +64,10 @@ jobs:
 
           RENDER_DIR=()
 
-          echo ">> Checking for changes ..."
-          GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep "clusters/cl01tl/helm/")
+          echo ">> Checking for changes from HEAD^..HEAD ..."
+          GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
 
-          if [ -n $GIT_DIFF ]; then
+          if [ -n "${GIT_DIFF}" ]; then
             echo ">> Changes detected:"
             echo "$GIT_DIFF"
             for path in $GIT_DIFF; do
@@ -79,15 +79,15 @@ jobs:
 
           fi
 
-          if [ -n $RENDER_DIR ]; then
+          if [ -n "${RENDER_DIR}" ]; then
             echo ">> Directories to Render:"
-            echo "$(printf "%s\n" "${RENDER_DIR[@]}" | sort -u)"
+            echo "$(echo "${RENDER_DIR[@]}" | sort -u)"
 
             echo "----"
 
             echo "changes-detected=true" >> $GITEA_OUTPUT
             echo "render-dir<<EOF" >> $GITEA_OUTPUT
-            echo "$(printf "%s\n" "${RENDER_DIR[@]}" | sort -u)" >> $GITEA_OUTPUT
+            echo "$(echo "${RENDER_DIR[@]}" | sort -u)" >> $GITEA_OUTPUT
             echo "EOF" >> $GITEA_OUTPUT
           else
             echo "changes-detected=false" >> $GITEA_OUTPUT
@@ -108,6 +108,11 @@ jobs:
               | while read cmd; do echo "$cmd" | sh; done || true
           done
 
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
           echo "----"
 
       - name: Remove Changed Manifest Files
@@ -142,18 +147,22 @@ jobs:
             chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
             chart_name=$(basename "$chart_path")
 
+            echo ""
+            echo ""
             echo ">> Rendering chart: $chart_name"
             echo ">> Chart path $chart_path"
 
             if [ -f "$chart_path/Chart.yaml" ]; then
+              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
+              TEMPLATE=""
+
               mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
-              OUTPUT_FILE="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/$chart_name.yaml"
 
               cd $chart_path
 
               echo ""
               echo ">> Building helm dependency ..."
-              helm dependency build
+              helm dependency build --skip-refresh
 
               echo ""
               echo ">> Linting helm ..."
@@ -161,10 +170,31 @@ jobs:
 
               echo ""
               echo ">> Rendering templates ..."
-              helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+              case "$chart_name" in
+                "stack")
+                  echo ""
+                  echo ">> Special Rendering for stack into argocd namespace ..."
+                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
+                  ;;
+                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
+                  echo ""
+                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
+                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
+                  ;;
+                *)
+                  echo ""
+                  echo ">> Standard Rendering for $chart_name ..."
+                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
+                  ;;
+              esac
 
               echo ""
-              echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
+              echo ">> Formating rendered template ..."
+              echo "$TEMPLATE" | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
+
+              echo ""
+              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
+              ls $OUTPUT_FOLDER
               echo ""
             else
               echo ""
@@ -227,9 +257,9 @@ jobs:
           PAYLOAD=$( jq -n \
             --arg head "${BRANCH_NAME}" \
             --arg base "${BASE_BRANCH}" \
-            --arg title "Automated Manifest Update" \
+            --arg title "Automated Manifest Update - Automerge" \
             --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. This is expected to be automerged." \
-            '{head: $head, base: $base, title: $title, body: $body'} )
+            '{head: $head, base: $base, title: $title, body: $body}' )
 
           echo ">> Creating PR from branch ${BRANCH_NAME} into ${BASE_BRANCH}"
           echo ">> With Endpoint of:"
@@ -287,7 +317,7 @@ jobs:
           GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
           GITEA_URL: ${{ secrets.REPO_URL }}
           BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
-          PR_ID: ${{ steps.prepare-manifest-branch.outputs.pull-request-id }}
+          PR_ID: ${{ steps.create-pull-request.outputs.pull-request-id }}
         run: |
           cd ${MANIFEST_DIR}
 
@@ -296,7 +326,7 @@ jobs:
           PAYLOAD=$( jq -n \
             --arg Do "merge" \
             --arg delete_branch_after_merge "true" \
-            '{Do: $Do, delete_branch_after_merge: $delete_branch_after_merge'} )
+            '{Do: $Do, delete_branch_after_merge: $delete_branch_after_merge}' )
 
           echo ">> Merging PR with ID: ${PR_ID}"
           echo ">> With Endpoint of:"
@@ -363,7 +393,6 @@ jobs:
           details: "Automerge Manifest rendering for Infrastructure!"
           icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
           actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
-          image: true
 
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master

.gitea/workflows/render-manifests-dispatch.yaml

@@ -0,0 +1,381 @@
+name: render-manifests-dispatch
+
+on:
+  workflow_dispatch:
+
+env:
+  CLUSTER: cl01tl
+  BASE_BRANCH: manifests
+  BRANCH_NAME: auto/update-manifests
+  ASSIGNEE: alexlebens
+  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
+  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
+
+jobs:
+  render-manifests-dispatch:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout Main
+        uses: actions/checkout@v6
+        with:
+          path: infrastructure
+          fetch-depth: 0
+
+      - name: Checkout Manifests
+        uses: actions/checkout@v6
+        with:
+          ref: manifests
+          path: infrastructure-manifests
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
+
+      - name: Prepare Manifest Branch
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Configure git to use gitea-bot as user ..."
+          git config user.name "gitea-bot"
+          git config user.email "gitea-bot@alexlebens.net"
+
+          echo ">> Checking if PR branch exists ..."
+          if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
+            echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
+            git fetch origin "${BRANCH_NAME}"
+            git checkout "${BRANCH_NAME}"
+            git pull --rebase
+
+          else
+            echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
+            git checkout -b $BRANCH_NAME
+          fi
+
+          echo "----"
+
+      - name: Check which Directories have Changes
+        id: check-dir-changes
+        run: |
+          cd ${MAIN_DIR}
+
+          RENDER_DIR=()
+
+          echo ">> Triggered on dispatch, will check all paths ..."
+          RENDER_DIR+=$(ls clusters/cl01tl/helm/)
+
+          if [ -n "${RENDER_DIR}" ]; then
+            echo ">> Directories to Render:"
+            echo "$(echo "${RENDER_DIR[@]}" | sort -u)"
+
+            echo "----"
+
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "render-dir<<EOF" >> $GITEA_OUTPUT
+            echo "$(echo "${RENDER_DIR[@]}" | sort -u)" >> $GITEA_OUTPUT
+            echo "EOF" >> $GITEA_OUTPUT
+          else
+            echo "changes-detected=false" >> $GITEA_OUTPUT
+          fi
+
+      - name: Add Repositories
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MAIN_DIR}
+
+          echo ">> Adding repositories for chart dependencies ..."
+          for dir in ${RENDER_DIR}; do
+            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+              | tail +2 | head -n -1 \
+              | awk '{ print "helm repo add " $1 " " $3 }' \
+              | while read cmd; do echo "$cmd" | sh; done || true
+          done
+
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
+          echo "----"
+
+      - name: Remove Changed Manifest Files
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Remove manfiest files and rebuild from source ..."
+
+          for dir in ${RENDER_DIR}; do
+            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
+
+            echo "$chart_path"
+            rm -rf $chart_path/*
+          done
+
+          echo "----"
+
+      - name: Render Helm Manifests
+        id: render-manifests
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MAIN_DIR}
+
+          echo ">> Rendering Manifests ..."
+
+          for dir in ${RENDER_DIR}; do
+            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
+            chart_name=$(basename "$chart_path")
+
+            echo ""
+            echo ""
+            echo ">> Rendering chart: $chart_name"
+            echo ">> Chart path $chart_path"
+
+            if [ -f "$chart_path/Chart.yaml" ]; then
+              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
+              TEMPLATE=""
+
+              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
+
+              cd $chart_path
+
+              echo ""
+              echo ">> Building helm dependency ..."
+              helm dependency build --skip-refresh
+
+              echo ""
+              echo ">> Linting helm ..."
+              helm lint --namespace "$chart_name"
+
+              echo ""
+              echo ">> Rendering templates ..."
+              case "$chart_name" in
+                "stack")
+                  echo ""
+                  echo ">> Special Rendering for stack into argocd namespace ..."
+                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
+                  ;;
+                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
+                  echo ""
+                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
+                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
+                  ;;
+                *)
+                  echo ""
+                  echo ">> Standard Rendering for $chart_name ..."
+                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
+                  ;;
+              esac
+
+              echo ""
+              echo ">> Formating rendered template ..."
+              echo "$TEMPLATE" | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
+
+              echo ""
+              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
+              ls $OUTPUT_FOLDER
+              echo ""
+            else
+              echo ""
+              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ""
+            fi
+          done
+
+          echo "----"
+
+      - name: Check for Changes
+        id: check-changes
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          if git status --porcelain --untracked-files=all | grep -q '^.' ; then
+            echo ">> Changes detected"
+            # git status --porcelain --untracked-files=all
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+
+          else
+            echo ">> No changes detected, skipping PR creation"
+
+          fi
+
+          echo "----"
+
+      - name: Commit and Push Changes
+        id: commit-push
+        if: steps.check-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Commiting changes to ${BRANCH_NAME} ..."
+          git add .
+          git commit -m "chore: Update manifests after change"
+
+          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
+          echo ">> Pushing changes to $REPO_URL ..."
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
+
+          echo "----"
+
+          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
+          echo "push=true" >> $GITEA_OUTPUT
+
+      - name: Check for Pull Request
+        id: check-for-pull-requst
+        if: steps.commit-push.outputs.push == 'true'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
+
+          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+
+          HTTP_STATUS=$(
+            curl -X GET \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
+            echo ">> Pull Request has been found open, will update"
+            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
+            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
+            echo "pull-request-index=true" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
+            echo ">> Pull Request found, but was closed"
+            echo "pull-request-exists=false" >> $GITEA_OUTPUT
+
+          else
+            echo ">> Pull Request not found"
+            echo "pull-request-exists=false" >> $GITEA_OUTPUT
+          fi
+
+          echo "----"
+
+      - name: Create Pull Request
+        id: create-pull-request
+        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
+
+          PAYLOAD=$( jq -n \
+            --arg head "${HEAD_BRANCH}" \
+            --arg base "${BASE_BRANCH}" \
+            --arg assignee "${ASSIGNEE}" \
+            --arg title "Automated Manifest Update" \
+            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
+            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
+
+          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+          echo ">> With Payload of:"
+          echo "$PAYLOAD"
+
+          HTTP_STATUS=$(
+            curl -X POST \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              --data "$PAYLOAD" \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "201" ]; then
+            echo ">> Pull Request created successfully!"
+            PR_URL=$(cat response_body.json | jq -r .html_url)
+            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
+            PR_ID=$(cat response_body.json | jq -r .id)
+            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
+            echo "pull-request-operation=created" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "422" ]; then
+            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
+
+          elif [ "$HTTP_STATUS" == "409" ]; then
+            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
+
+          else
+            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
+            exit 1
+          fi
+
+          echo "----"
+
+      - name: ntfy Created
+        uses: niniyas/ntfy-action@master
+        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render PR Created - Infrastructure"
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render Failure - Infrastructure"
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: "Manifest rendering for Infrastructure has failed!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
+          image: true

.gitea/workflows/render-manifests-merge.yaml

@@ -0,0 +1,399 @@
+name: render-manifests-merge
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'clusters/cl01tl/helm/**'
+    types:
+      - closed
+
+env:
+  CLUSTER: cl01tl
+  BASE_BRANCH: manifests
+  BRANCH_NAME: auto/update-manifests
+  ASSIGNEE: alexlebens
+  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
+  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
+
+jobs:
+  render-manifests-merge:
+    runs-on: ubuntu-js
+    if: ${{ (github.event.pull_request.merged == true) && !(contains(github.event.pull_request.labels.*.name, 'automerge')) }}
+    steps:
+      - name: Checkout Main
+        uses: actions/checkout@v6
+        with:
+          path: infrastructure
+          fetch-depth: 0
+
+      - name: Checkout Manifests
+        uses: actions/checkout@v6
+        with:
+          ref: manifests
+          path: infrastructure-manifests
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
+
+      - name: Prepare Manifest Branch
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Configure git to use gitea-bot as user ..."
+          git config user.name "gitea-bot"
+          git config user.email "gitea-bot@alexlebens.net"
+
+          echo ">> Checking if PR branch exists ..."
+          if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
+            echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
+            git fetch origin "${BRANCH_NAME}"
+            git checkout "${BRANCH_NAME}"
+            git pull --rebase
+
+          else
+            echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
+            git checkout -b $BRANCH_NAME
+          fi
+
+          echo "----"
+
+      - name: Check which Directories have Changes
+        id: check-dir-changes
+        run: |
+          cd ${MAIN_DIR}
+
+          RENDER_DIR=()
+
+          echo ">> Checking for changes from HEAD^..HEAD ..."
+          GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
+
+          if [ -n "${GIT_DIFF}" ]; then
+            echo ">> Changes detected:"
+            echo "$GIT_DIFF"
+            for path in $GIT_DIFF; do
+              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
+            done
+
+          else
+            echo ">> No changes detected"
+
+          fi
+
+          if [ -n "${RENDER_DIR}" ]; then
+            echo ">> Directories to Render:"
+            echo "$(echo "${RENDER_DIR[@]}" | sort -u)"
+
+            echo "----"
+
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+            echo "render-dir<<EOF" >> $GITEA_OUTPUT
+            echo "$(echo "${RENDER_DIR[@]}" | sort -u)" >> $GITEA_OUTPUT
+            echo "EOF" >> $GITEA_OUTPUT
+          else
+            echo "changes-detected=false" >> $GITEA_OUTPUT
+          fi
+
+      - name: Add Repositories
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MAIN_DIR}
+
+          echo ">> Adding repositories for chart dependencies ..."
+          for dir in ${RENDER_DIR}; do
+            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
+              | tail +2 | head -n -1 \
+              | awk '{ print "helm repo add " $1 " " $3 }' \
+              | while read cmd; do echo "$cmd" | sh; done || true
+          done
+
+          if helm repo list | tail +2 | read -r; then
+            echo ">> Update repository cache ..."
+            helm repo update
+          fi
+
+          echo "----"
+
+      - name: Remove Changed Manifest Files
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Remove manfiest files and rebuild from source ..."
+
+          for dir in ${RENDER_DIR}; do
+            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
+
+            echo "$chart_path"
+            rm -rf $chart_path/*
+          done
+
+          echo "----"
+
+      - name: Render Helm Manifests
+        id: render-manifests
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        env:
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
+        run: |
+          cd ${MAIN_DIR}
+
+          echo ">> Rendering Manifests ..."
+
+          for dir in ${RENDER_DIR}; do
+            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
+            chart_name=$(basename "$chart_path")
+
+            echo ""
+            echo ""
+            echo ">> Rendering chart: $chart_name"
+            echo ">> Chart path $chart_path"
+
+            if [ -f "$chart_path/Chart.yaml" ]; then
+              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
+              TEMPLATE=""
+
+              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
+
+              cd $chart_path
+
+              echo ""
+              echo ">> Building helm dependency ..."
+              helm dependency build --skip-refresh
+
+              echo ""
+              echo ">> Linting helm ..."
+              helm lint --namespace "$chart_name"
+
+              echo ""
+              echo ">> Rendering templates ..."
+              case "$chart_name" in
+                "stack")
+                  echo ""
+                  echo ">> Special Rendering for stack into argocd namespace ..."
+                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
+                  ;;
+                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
+                  echo ""
+                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
+                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
+                  ;;
+                *)
+                  echo ""
+                  echo ">> Standard Rendering for $chart_name ..."
+                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
+                  ;;
+              esac
+
+              echo ""
+              echo ">> Formating rendered template ..."
+              echo "$TEMPLATE" | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
+
+              echo ""
+              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
+              ls $OUTPUT_FOLDER
+              echo ""
+            else
+              echo ""
+              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+              echo ""
+            fi
+          done
+
+          echo "----"
+
+      - name: Check for Changes
+        id: check-changes
+        if: steps.check-dir-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          if git status --porcelain | grep -q .; then
+            echo ">> Changes detected"
+            git status --porcelain
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+          else
+            echo ">> No changes detected, skipping PR creation"
+            exit 0
+          fi
+
+          echo "----"
+
+      - name: Commit and Push Changes
+        id: commit-push
+        if: steps.check-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          echo ">> Commiting changes to ${BRANCH_NAME} ..."
+          git add .
+          git commit -m "chore: Update manifests after change"
+
+          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
+          echo ">> Pushing changes to $REPO_URL ..."
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
+
+          echo "----"
+
+          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
+          echo "push=true" >> $GITEA_OUTPUT
+
+      - name: Check for Pull Request
+        id: check-for-pull-requst
+        if: steps.commit-push.outputs.push == 'true'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
+
+          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+
+          HTTP_STATUS=$(
+            curl -X GET \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
+            echo ">> Pull Request has been found open, will update"
+            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
+            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
+            echo "pull-request-index=true" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
+            echo ">> Pull Request found, but was closed"
+            echo "pull-request-exists=false" >> $GITEA_OUTPUT
+
+          else
+            echo ">> Pull Request not found"
+            echo "pull-request-exists=false" >> $GITEA_OUTPUT
+          fi
+
+          echo "----"
+
+      - name: Create Pull Request
+        id: create-pull-request
+        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
+
+          PAYLOAD=$( jq -n \
+            --arg head "${HEAD_BRANCH}" \
+            --arg base "${BASE_BRANCH}" \
+            --arg assignee "${ASSIGNEE}" \
+            --arg title "Automated Manifest Update" \
+            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
+            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
+
+          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+          echo ">> With Payload of:"
+          echo "$PAYLOAD"
+
+          HTTP_STATUS=$(
+            curl -X POST \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              --data "$PAYLOAD" \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "201" ]; then
+            echo ">> Pull Request created successfully!"
+            PR_URL=$(cat response_body.json | jq -r .html_url)
+            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
+            PR_ID=$(cat response_body.json | jq -r .id)
+            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
+            echo "pull-request-operation=created" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "422" ]; then
+            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
+
+          elif [ "$HTTP_STATUS" == "409" ]; then
+            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
+
+          else
+            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
+            exit 1
+          fi
+
+          echo "----"
+
+      - name: ntfy Created
+        uses: niniyas/ntfy-action@master
+        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render PR Created - Infrastructure"
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render Failure - Infrastructure"
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: "Manifest rendering for Infrastructure has failed!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
+          image: true

.gitea/workflows/render-manifests-push.yaml

@@ -1,4 +1,4 @@
-name: render-manifests
+name: render-manifests-push
 
 on:
   push:
@@ -7,8 +7,6 @@ on:
     paths:
       - 'clusters/cl01tl/helm/**'
 
-  workflow_dispatch:
-
 env:
   CLUSTER: cl01tl
   BASE_BRANCH: manifests
@@ -18,8 +16,9 @@ env:
   MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
 
 jobs:
-  render-manifests:
+  render-manifests-push:
     runs-on: ubuntu-js
+    if: gitea.event.commits[0].author.username != 'renovate-bot'
     steps:
       - name: Checkout Main
         uses: actions/checkout@v6
@@ -68,36 +67,30 @@ jobs:
 
           RENDER_DIR=()
 
-          if [ "$GITHUB_EVENT_NAME" == "workflow_dispatch" ]; then
-            echo ">> Triggered on dispatch, will check all paths ..."
-            RENDER_DIR+=$(ls clusters/cl01tl/helm/)
+          echo ">> Checking for changes ..."
+          GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
+
+          if [ -n "${GIT_DIFF}" ]; then
+            echo ">> Changes detected:"
+            echo "$GIT_DIFF"
+            for path in $GIT_DIFF; do
+              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
+            done
 
           else
-            echo ">> Checking for changes ..."
-            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep "clusters/cl01tl/helm/")
+            echo ">> No changes detected"
 
-            if [ -n "${GIT_DIFF}" ]; then
-              echo ">> Changes detected:"
-              echo "$GIT_DIFF"
-              for path in $GIT_DIFF; do
-                RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
-              done
-
-            else
-              echo ">> No changes detected"
-
-            fi
           fi
 
           if [ -n "${RENDER_DIR}" ]; then
             echo ">> Directories to Render:"
-            echo "$(printf "%s\n" "${RENDER_DIR[@]}" | sort -u)"
+            echo "$(echo "${RENDER_DIR[@]}" | sort -u)"
 
             echo "----"
 
             echo "changes-detected=true" >> $GITEA_OUTPUT
             echo "render-dir<<EOF" >> $GITEA_OUTPUT
-            echo "$(printf "%s\n" "${RENDER_DIR[@]}" | sort -u)" >> $GITEA_OUTPUT
+            echo "$(echo "${RENDER_DIR[@]}" | sort -u)" >> $GITEA_OUTPUT
             echo "EOF" >> $GITEA_OUTPUT
           else
             echo "changes-detected=false" >> $GITEA_OUTPUT
@@ -157,12 +150,16 @@ jobs:
             chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
             chart_name=$(basename "$chart_path")
 
+            echo ""
+            echo ""
             echo ">> Rendering chart: $chart_name"
             echo ">> Chart path $chart_path"
 
             if [ -f "$chart_path/Chart.yaml" ]; then
+              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
+              TEMPLATE=""
+
               mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
-              OUTPUT_FILE="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/$chart_name.yaml"
 
               cd $chart_path
 
@@ -176,36 +173,31 @@ jobs:
 
               echo ""
               echo ">> Rendering templates ..."
-
               case "$chart_name" in
                 "stack")
-                  echo ">> Special Rendering for stack ..."
-                  helm template stack ./ --namespace argocd --include-crds > "$OUTPUT_FILE"
+                  echo ""
+                  echo ">> Special Rendering for stack into argocd namespace ..."
+                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
                   ;;
-                "cilium")
-                  echo ">> Special Rendering for cilium ..."
-                  helm template cilium ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
-                  ;;
-                "coredns")
-                  echo ">> Special Rendering for coredns ..."
-                  helm template coredns ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
-                  ;;
-                "metrics-server")
-                  echo ">> Special Rendering for metrics-server ..."
-                  helm template metrics-server ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
-                  ;;
-                "prometheus-operator-crds")
-                  echo ">> Special Rendering for prometheus-operator-crds ..."
-                  helm template prometheus-operator-crds ./ --namespace kube-system --include-crds > "$OUTPUT_FILE"
+                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
+                  echo ""
+                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
+                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
                   ;;
                 *)
+                  echo ""
                   echo ">> Standard Rendering for $chart_name ..."
-                  helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
                   ;;
               esac
 
               echo ""
-              echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
+              echo ">> Formating rendered template ..."
+              echo "$TEMPLATE" | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
+
+              echo ""
+              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
+              ls $OUTPUT_FOLDER
               echo ""
             else
               echo ""
@@ -324,7 +316,7 @@ jobs:
             --arg assignee "${ASSIGNEE}" \
             --arg title "Automated Manifest Update" \
             --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
-            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body'} )
+            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
 
           echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
           echo ">> With Endpoint of:"
@@ -385,10 +377,9 @@ jobs:
           priority: 3
           headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
           tags: action,successfully,completed
-          details: "Manifest rendering for Infrastructure has created a new Pull Request!"
+          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
           icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
           actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
-          image: true
 
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master

clusters/cl01tl/helm/actual/values.yaml

@@ -9,7 +9,7 @@ actual:
         main:
           image:
             repository: ghcr.io/actualbudget/actual
-            tag: 25.11.0
+            tag: 25.12.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/argo-workflows/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: argo-workflows
   repository: https://argoproj.github.io/argo-helm
-  version: 0.45.28
+  version: 0.46.1
 - name: argo-events
   repository: https://argoproj.github.io/argo-helm
-  version: 2.4.17
+  version: 2.4.18
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:b00fd479a9d9e606661b3799182c8e24395b4f531f8d2bda87bdc5db16a8d66c
-generated: "2025-12-01T19:55:40.18149-06:00"
+  version: 6.16.1
+digest: sha256:6cc24f6ce2b7f67c2eeab9bb6f64ebfedc082a2e809fc1f03f691f99a3006143
+generated: "2025-12-04T01:01:06.532396136Z"

clusters/cl01tl/helm/argo-workflows/Chart.yaml

@@ -18,14 +18,14 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: argo-workflows
-    version: 0.45.28
+    version: 0.46.1
     repository: https://argoproj.github.io/argo-helm
   - name: argo-events
-    version: 2.4.17
+    version: 2.4.18
     repository: https://argoproj.github.io/argo-helm
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
 appVersion: v3.6.7

clusters/cl01tl/helm/audiobookshelf/values.yaml

@@ -9,7 +9,7 @@ audiobookshelf:
         main:
           image:
             repository: ghcr.io/advplyr/audiobookshelf
-            tag: 2.30.0
+            tag: 2.31.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/authentik/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 2025.10.2
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.1
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:ad51c94c1125890ef60d179205d14c55eb9fdbc2702e3455e233042a48d00146
-generated: "2025-12-01T20:25:07.016724-06:00"
+  version: 6.16.1
+digest: sha256:c3bafb322ca02710c8f325fefef20678957a8c6fd86894e44e5e318997e5cb80
+generated: "2025-12-03T23:59:57.54998859Z"

clusters/cl01tl/helm/authentik/Chart.yaml

@@ -26,10 +26,10 @@ dependencies:
   - name: cloudflared
     alias: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
 appVersion: 2025.4.1

clusters/cl01tl/helm/booklore/values.yaml

@@ -9,7 +9,7 @@ booklore:
         main:
           image:
             repository: ghcr.io/booklore-app/booklore
-            tag: v1.12.0
+            tag: v1.13.1
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/code-server/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
-digest: sha256:99eb4f940077dc916f5425d196232fcd363223fa7b7b5d3889f5965aa59e26f5
-generated: "2025-11-30T21:05:26.699161-06:00"
+  version: 1.23.1
+digest: sha256:dd687a71edc2f7f03cba6d5f3e3221e2bb5172ed4c00659e327c79da5c01e89f
+generated: "2025-12-03T06:02:20.44367742Z"

clusters/cl01tl/helm/code-server/Chart.yaml

@@ -23,6 +23,6 @@ dependencies:
   - name: cloudflared
     alias: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
 appVersion: 4.100.2

clusters/cl01tl/helm/code-server/values.yaml

@@ -9,7 +9,7 @@ code-server:
         main:
           image:
             repository: ghcr.io/linuxserver/code-server
-            tag: 4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0
+            tag: 4.106.3@sha256:aab9520fe923b2d93dccc2c806f3dc60649c2f4a2847fcd40c942227d0f1ae8f
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/directus/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.4.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.1
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:2f3d9f7a8d8d71b19ff3292993647d22a89aa6c444a6f0819b82cd0a577f1ebc
-generated: "2025-11-30T21:05:28.43692-06:00"
+  version: 6.16.1
+digest: sha256:0bb36c0da68b901a005703e354f3f00f65c60ec3d1eddc2d08fa190062076944
+generated: "2025-12-04T00:00:11.07185823Z"

clusters/cl01tl/helm/directus/Chart.yaml

@@ -24,10 +24,10 @@ dependencies:
   - name: cloudflared
     alias: cloudflared-directus
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
 appVersion: 11.7.2

clusters/cl01tl/helm/element-web/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: element-web
   repository: https://ananace.gitlab.io/charts
-  version: 1.4.24
+  version: 1.4.26
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
-digest: sha256:05aa032adca6d808215d6dcd5d7e38b821a740a53868238f79adaa606444b3ae
-generated: "2025-11-30T21:05:30.356497-06:00"
+  version: 1.23.1
+digest: sha256:601cbb43296add7470b663f64b7bc18a2220d3cfff7bef397f72174929d9ff76
+generated: "2025-12-03T23:41:18.74872215Z"

clusters/cl01tl/helm/element-web/Chart.yaml

@@ -17,11 +17,11 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: element-web
-    version: 1.4.24
+    version: 1.4.26
     repository: https://ananace.gitlab.io/charts
   - name: cloudflared
     alias: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
 appVersion: v1.11.100

clusters/cl01tl/helm/element-web/values.yaml

@@ -2,7 +2,7 @@ element-web:
   replicaCount: 1
   image:
     repository: vectorim/element-web
-    tag: v1.12.4
+    tag: v1.12.6
     pullPolicy: IfNotPresent
   defaultServer:
     url: https://matrix.alexlebens.dev

clusters/cl01tl/helm/ephemera/values.yaml

@@ -34,7 +34,7 @@ ephemera:
         flaresolverr:
           image:
             repository: ghcr.io/flaresolverr/flaresolverr
-            tag: v3.4.5
+            tag: v3.4.6
             pullPolicy: IfNotPresent
           env:
             - name: LOG_LEVEL

clusters/cl01tl/helm/eraser/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: eraser
   repository: https://eraser-dev.github.io/eraser/charts
-  version: 1.3.1
-digest: sha256:17b561a00acc809810dccd226e7b6d757db39b34a6095dee879da761098125f9
-generated: "2025-12-01T20:25:36.491841-06:00"
+  version: 1.4.1
+digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
+generated: "2025-12-03T22:53:20.200917773Z"

clusters/cl01tl/helm/eraser/Chart.yaml

@@ -14,7 +14,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: eraser
-    version: v1.3.1
+    version: 1.4.1
     repository: https://eraser-dev.github.io/eraser/charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: v1.3.1

clusters/cl01tl/helm/freshrss/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.4.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.1
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:1c1355c247383bb5aef029eaadaf0c6bbcc23c0e42868178c1ea9a9ab21cc704
-generated: "2025-11-30T21:05:34.030606-06:00"
+  version: 6.16.1
+digest: sha256:e4d7c431d7c88cf31d53d611b4fe901fb68c11a2666e48d38ac40feb45b904b5
+generated: "2025-12-04T00:00:29.398819751Z"

clusters/cl01tl/helm/freshrss/Chart.yaml

@@ -24,10 +24,10 @@ dependencies:
   - name: cloudflared
     alias: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
 appVersion: 1.26.2

clusters/cl01tl/helm/freshrss/values.yaml

@@ -11,7 +11,7 @@ freshrss:
             runAsUser: 0
           image:
             repository: alpine
-            tag: 3.22.2
+            tag: 3.23.0
             pullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -35,7 +35,7 @@ freshrss:
             runAsUser: 0
           image:
             repository: alpine
-            tag: 3.22.2
+            tag: 3.23.0
             pullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -59,7 +59,7 @@ freshrss:
             runAsUser: 0
           image:
             repository: alpine
-            tag: 3.22.2
+            tag: 3.23.0
             pullPolicy: IfNotPresent
           command:
             - /bin/sh

clusters/cl01tl/helm/gatus/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 1.4.4
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:9424c70bc46b5582f19b695196586546c69862ccca8950b906d5532cf03c7792
-generated: "2025-12-01T19:55:44.159963-06:00"
+  version: 6.16.1
+digest: sha256:53e3b31b3fa3916ac4478c0ca3733a18f7145a0129b6a9c7aefdaf8169cb525c
+generated: "2025-12-04T00:00:45.882393108Z"

clusters/cl01tl/helm/gatus/Chart.yaml

@@ -22,7 +22,7 @@ dependencies:
     version: 1.4.4
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
 appVersion: v5.12.0

clusters/cl01tl/helm/gitea/Chart.lock

@@ -10,12 +10,12 @@ dependencies:
   version: 4.4.0
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.17.1
+  version: 0.17.2
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.1
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:6e72cd4abc36e238a5129d0ee471bc296435f8ff1c8be7f3132fc33193a39f23
-generated: "2025-12-01T20:25:50.496342-06:00"
+  version: 6.16.1
+digest: sha256:b753b6ab3bced4892f4a4662b4c353f1f59345e42f155aef06124e72b3e72468
+generated: "2025-12-04T00:01:03.661689761Z"

clusters/cl01tl/helm/gitea/Chart.yaml

@@ -36,15 +36,15 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.4.0
   - name: meilisearch
-    version: 0.17.1
+    version: 0.17.2
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: cloudflared
     alias: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
 appVersion: 1.23.7

clusters/cl01tl/helm/grafana-operator/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: v5.20.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:d70b284b771af610116564e5f47d72415ab0d3520ecb552159ee8dc8acd2ab46
-generated: "2025-12-01T19:55:46.485062-06:00"
+  version: 6.16.1
+digest: sha256:3bd7096e4401df5818733b3e0b08f281c12af9b54a272fbe3e753b2616d725dd
+generated: "2025-12-04T00:01:28.278027037Z"

clusters/cl01tl/helm/grafana-operator/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     repository: https://grafana.github.io/helm-charts
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
 appVersion: v5.18.0

clusters/cl01tl/helm/home-assistant/values.yaml

@@ -9,7 +9,7 @@ home-assistant:
         main:
           image:
             repository: ghcr.io/home-assistant/home-assistant
-            tag: 2025.11.3
+            tag: 2025.12.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ
@@ -21,7 +21,7 @@ home-assistant:
         code-server:
           image:
             repository: ghcr.io/linuxserver/code-server
-            tag: 4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0
+            tag: 4.106.3@sha256:aab9520fe923b2d93dccc2c806f3dc60649c2f4a2847fcd40c942227d0f1ae8f
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/homepage-dev/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
-digest: sha256:1bcc384dc2dc0a521600c90b8040f0cac9d706bde76419386d5eb7408e45169a
-generated: "2025-11-30T21:07:07.275267-06:00"
+  version: 1.23.1
+digest: sha256:30b7ad7125b89026f6832679e083f746ef69424e6f1d3dce0cb4304f215ea375
+generated: "2025-12-03T06:03:31.055093376Z"

clusters/cl01tl/helm/homepage-dev/Chart.yaml

@@ -22,6 +22,6 @@ dependencies:
   - name: cloudflared
     alias: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
 appVersion: v1.2.0

clusters/cl01tl/helm/immich/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:6c1412459bf39357f20db21735f64dc4f5fe2a0a746d19a78ddff43801610991
-generated: "2025-11-30T21:07:10.484678-06:00"
+  version: 6.16.1
+digest: sha256:65d33f10a17d25234358734184d3bc637209a12dc5f2122a594efdb02df15b41
+generated: "2025-12-04T00:01:45.803341058Z"

clusters/cl01tl/helm/immich/Chart.yaml

@@ -20,7 +20,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
 appVersion: v2.0.1

clusters/cl01tl/helm/jellyfin/values.yaml

@@ -9,7 +9,7 @@ jellyfin:
         main:
           image:
             repository: ghcr.io/jellyfin/jellyfin
-            tag: 10.11.3
+            tag: 10.11.4
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/jellystat/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:4d14b684813eac9fcae1be18bcc5644c8583e2c014da6941705b58b118bbd6ee
-generated: "2025-11-30T21:07:13.230393-06:00"
+  version: 6.16.1
+digest: sha256:d22093f32435743617e91c5e1453d6c9ce6846362925c96d5edd0500a2e9f53d
+generated: "2025-12-04T00:01:59.998640158Z"

clusters/cl01tl/helm/jellystat/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
 appVersion: 1.1.6

clusters/cl01tl/helm/karakeep/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.4.0
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.17.1
+  version: 0.17.2
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
-digest: sha256:87a67950901f8a047f790ed21e8fc1cbfd076e05a3a55377b1cb0aa081f10f8d
-generated: "2025-11-30T21:07:14.824697-06:00"
+  version: 1.23.1
+digest: sha256:c11fe08d5b2f088016d3752960cc7e8cb8cae040f77cf74975e24afcf349805c
+generated: "2025-12-03T23:42:04.01972761Z"

clusters/cl01tl/helm/karakeep/Chart.yaml

@@ -22,11 +22,11 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.4.0
   - name: meilisearch
-    version: 0.17.1
+    version: 0.17.2
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: cloudflared
     alias: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
 appVersion: 0.26.0

clusters/cl01tl/helm/karakeep/values.yaml

@@ -9,7 +9,7 @@ karakeep:
         main:
           image:
             repository: ghcr.io/karakeep-app/karakeep
-            tag: 0.28.0
+            tag: 0.29.1
             pullPolicy: IfNotPresent
           env:
             - name: DATA_DIR

clusters/cl01tl/helm/kiwix/values.yaml

@@ -9,7 +9,7 @@ kiwix:
         main:
           image:
             repository: ghcr.io/kiwix/kiwix-serve
-            tag: 3.8.0
+            tag: 3.8.1
             pullPolicy: IfNotPresent
           args:
             - '*.zim'

clusters/cl01tl/helm/komodo/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:2e3d60887a3f063401c22e5403ed9d55eed07ffb7fbe4bac39eaafc951830f18
-generated: "2025-12-01T19:55:50.498761-06:00"
+  version: 6.16.1
+digest: sha256:21c6f653942386f953fb2165351464a4cc08a64ba4c441896c23295635b1e93b
+generated: "2025-12-04T00:02:13.463643682Z"

clusters/cl01tl/helm/komodo/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgresql-17-fdb-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
 appVersion: v1.17.5

clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: kube-prometheus-stack
   repository: oci://ghcr.io/prometheus-community/charts
-  version: 79.7.1
+  version: 79.11.0
 - name: app-template
   repository: https://bjw-s-labs.github.io/helm-charts/
   version: 4.4.0
-digest: sha256:e046e7599ad195b57a8cf63b373a82d950778ac5dcc661f2ea135d433b46dacc
-generated: "2025-12-01T19:55:54.093624-06:00"
+digest: sha256:d2539cec03ef75627d94ff85e55349d3c8c71de0227b4eb1caf3344869b91ae9
+generated: "2025-12-03T06:21:52.770404462Z"

clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml

@@ -19,7 +19,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: kube-prometheus-stack
-    version: 79.7.1
+    version: 79.11.0
     repository: oci://ghcr.io/prometheus-community/charts
   - name: app-template
     alias: ntfy-alertmanager

clusters/cl01tl/helm/libation/values.yaml

@@ -16,7 +16,7 @@ libation:
         main:
           image:
             repository: rmcrackan/libation
-            tag: 12.7.5
+            tag: 12.8.0
             pullPolicy: IfNotPresent
           env:
             - name: SLEEP_TIME

clusters/cl01tl/helm/lidarr/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:e2c50f16d20f551ea2e05f75239eba37af5b5cf7f64dbc208870b063e7135d03
-generated: "2025-11-30T21:07:19.863423-06:00"
+  version: 6.16.1
+digest: sha256:d5f01022bab45b50149c74d1aedcc636cad649d92bfeb1e5b4c32d0b20428d4a
+generated: "2025-12-04T00:02:27.103752082Z"

clusters/cl01tl/helm/lidarr/Chart.yaml

@@ -24,7 +24,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png
 appVersion: 2.13.3

clusters/cl01tl/helm/matrix-synapse/Chart.lock

@@ -7,12 +7,12 @@ dependencies:
   version: 4.4.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.1
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.1
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:afe8733bac2a302bb2140c8217e8e07cc8c017bb64a49e572443363aacc8d189
-generated: "2025-12-01T20:26:37.153765-06:00"
+  version: 6.16.1
+digest: sha256:1bf6e5f4693930d4f0ee8753eae5afee055894f01ddbefbae969bf834c8cad99
+generated: "2025-12-04T00:02:43.058364936Z"

clusters/cl01tl/helm/matrix-synapse/Chart.yaml

@@ -45,15 +45,15 @@ dependencies:
   #   version: 4.0.1
   - name: cloudflared
     alias: cloudflared-synapse
-    version: 1.23.0
+    version: 1.23.1
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: cloudflared
     alias: cloudflared-hookshot
-    version: 1.23.0
+    version: 1.23.1
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
 appVersion: 1.129.0

clusters/cl01tl/helm/n8n/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:eb9251fdb5f24f1680aef05115caddfb5788f95a3655a5360e96da0019cef9a0
-generated: "2025-12-01T20:26:40.022092-06:00"
+  version: 6.16.1
+digest: sha256:e1dfc9657a3d926d9ba82f3bab3a56c9b737e9d43470c84167914b658c659ea3
+generated: "2025-12-04T00:03:06.662631361Z"

clusters/cl01tl/helm/n8n/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/n8n.png
 appVersion: 1.93.0

clusters/cl01tl/helm/n8n/values.yaml

@@ -9,7 +9,7 @@ n8n:
         main:
           image:
             repository: ghcr.io/n8n-io/n8n
-            tag: 1.121.2
+            tag: 1.123.1
             pullPolicy: IfNotPresent
           env:
             - name: GENERIC_TIMEZONE
@@ -93,7 +93,7 @@ n8n:
         main:
           image:
             repository: ghcr.io/n8n-io/n8n
-            tag: 1.121.2
+            tag: 1.123.1
             pullPolicy: IfNotPresent
           command:
             - n8n
@@ -188,7 +188,7 @@ n8n:
         main:
           image:
             repository: ghcr.io/n8n-io/n8n
-            tag: 1.121.2
+            tag: 1.123.1
             pullPolicy: IfNotPresent
           command:
             - n8n

clusters/cl01tl/helm/ollama/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:9e80b01f4667b8f8646f813b0831161ef6c6913132c212b9ffa94efe60364c76
-generated: "2025-12-01T20:26:47.169848-06:00"
+  version: 6.16.1
+digest: sha256:acb3614df881e62f4e0c9ae21a09353cfd731beae376bba0461f834abb84b070
+generated: "2025-12-04T00:03:18.892421017Z"

clusters/cl01tl/helm/ollama/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
 appVersion: 0.7.0

clusters/cl01tl/helm/ollama/values.yaml

@@ -22,7 +22,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.13.0
+            tag: 0.13.1
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.13.0
+            tag: 0.13.1
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.13.0
+            tag: 0.13.1
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -117,7 +117,7 @@ ollama:
         main:
           image:
             repository: ghcr.io/open-webui/open-webui
-            tag: v0.6.37
+            tag: 0.6.41
             pullPolicy: IfNotPresent
           env:
             - name: ENV

clusters/cl01tl/helm/outline/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.4.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.1
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:4c36df51e831ff5431e9c60cf4f13a8ad7436ed070f4ce082c2793fc9773958c
-generated: "2025-11-30T21:07:25.868245-06:00"
+  version: 6.16.1
+digest: sha256:fdf82a6c450624d70404817e92d96626b87ee5c011215ca3c15338c6c3d9b181
+generated: "2025-12-04T00:03:31.441035529Z"

clusters/cl01tl/helm/outline/Chart.yaml

@@ -25,10 +25,10 @@ dependencies:
   - name: cloudflared
     alias: cloudflared-outline
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
 appVersion: 0.84.0

clusters/cl01tl/helm/photoview/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:6e32298738e136a5c8cd51f84bc125a7f19443afe71978002fb3d1924e1d37d8
-generated: "2025-11-30T21:07:29.196717-06:00"
+  version: 6.16.1
+digest: sha256:4cba2d50c7be189d6e9d70eebb25c86b6231e205cbf3e9af6671ebeb0b660c22
+generated: "2025-12-04T00:03:44.041965843Z"

clusters/cl01tl/helm/photoview/Chart.yaml

@@ -20,7 +20,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png
 appVersion: 2.4.0

clusters/cl01tl/helm/postiz/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.4.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.1
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:9a80f885ed38b0a6addd2c9be8ffa5670cd03f89ba86c821b6dd91d8ba370d2b
-generated: "2025-11-30T21:07:32.067121-06:00"
+  version: 6.16.1
+digest: sha256:427e54610c6c59529dda67a52358660a47b1a44880136ebff4949bdfa4a5c73d
+generated: "2025-12-04T00:03:55.095377057Z"

clusters/cl01tl/helm/postiz/Chart.yaml

@@ -23,10 +23,10 @@ dependencies:
     version: 4.4.0
   - name: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
 appVersion: v1.43.3

clusters/cl01tl/helm/postiz/values.yaml

@@ -9,7 +9,7 @@ postiz:
         main:
           image:
             repository: ghcr.io/gitroomhq/postiz-app
-            tag: v2.8.3
+            tag: v2.9.0
             pullPolicy: IfNotPresent
           env:
             - name: MAIN_URL

clusters/cl01tl/helm/qbittorrent/values.yaml

@@ -28,7 +28,7 @@ qbittorrent:
         qbittorrent:
           image:
             repository: ghcr.io/linuxserver/qbittorrent
-            tag: 5.1.4@sha256:a2eedc99b4876916943bd33e7c415efc448f6b514aa39b4f98c1e6472a717301
+            tag: 5.1.4@sha256:f0465dbb2aa14397fd205a0240ee562eb062354c036ccc444084fe46c6c75091
             pullPolicy: IfNotPresent
           env:
             - name: TZ
@@ -135,7 +135,7 @@ qbittorrent:
         qbit-manage:
           image:
             repository: ghcr.io/stuffanthings/qbit_manage
-            tag: v4.6.4
+            tag: v4.6.5
             pullPolicy: IfNotPresent
           env:
             - name: TZ
@@ -190,7 +190,7 @@ qbittorrent:
         qui:
           image:
             repository: ghcr.io/autobrr/qui
-            tag: v1.7.0
+            tag: v1.8.1
             pullPolicy: IfNotPresent
           env:
             - name: QUI__METRICS_ENABLED

clusters/cl01tl/helm/radarr-4k/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:d42d3c3a011e9e6252da987e7f86712eb1bccde7721ec067881192182c3ac709
-generated: "2025-11-30T21:07:36.660188-06:00"
+  version: 6.16.1
+digest: sha256:ff043dfbfcff54587838ae8289377c7412eeb507572d42f1b19fd528758a4eb9
+generated: "2025-12-04T00:04:12.153886381Z"

clusters/cl01tl/helm/radarr-4k/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
 appVersion: 5.22.4

clusters/cl01tl/helm/radarr-anime/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:f21d624fcafe0fc8e4f8d1c140f1fbefc40a74bdc29d6267a4d71e95ac81b95a
-generated: "2025-11-30T21:07:38.187061-06:00"
+  version: 6.16.1
+digest: sha256:34a598cda9f762b3f4ae7f7138f5183a4942fca9fafe2611162a9e3f2e293635
+generated: "2025-12-04T00:04:31.751157172Z"

clusters/cl01tl/helm/radarr-anime/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
 appVersion: 5.22.4

clusters/cl01tl/helm/radarr-standup/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:caaa532c1be0452935259f03f992836b060ee212434abc5b1d81f939c6e33a2b
-generated: "2025-11-30T21:07:39.820192-06:00"
+  version: 6.16.1
+digest: sha256:e343a4ab6603b661eee718af7fabe97c5a9315e288b4b9332bb27d58241b5a13
+generated: "2025-12-04T00:04:44.730167395Z"

clusters/cl01tl/helm/radarr-standup/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
 appVersion: 5.22.4

clusters/cl01tl/helm/radarr/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:5bd176d6017208f08b9c8108b0df2330e16ef4dffcd8c1e95cff5d32af79d06c
-generated: "2025-11-30T21:07:35.121161-06:00"
+  version: 6.16.1
+digest: sha256:4c327d7eac20b2a96f540aecf9ac2652064bf0cf734ffd288a058e57ab6c0f68
+generated: "2025-12-04T00:05:10.246917041Z"

clusters/cl01tl/helm/radarr/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
 appVersion: 5.22.4

clusters/cl01tl/helm/rook-ceph/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: rook-ceph
   repository: https://charts.rook.io/release
-  version: v1.18.7
+  version: v1.18.8
 - name: rook-ceph-cluster
   repository: https://charts.rook.io/release
-  version: v1.18.7
+  version: v1.18.8
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
-digest: sha256:af8dd1358e17c5b88a9ac10a9864b960da1cbdd7f6d0aa9bdadcb8d0a65c6d31
-generated: "2025-12-01T20:27:15.315208-06:00"
+  version: 1.23.1
+digest: sha256:28467614c6854e04a8733fb95b689d5a12f23878a030c56e529f06f490e5f9d8
+generated: "2025-12-03T21:00:36.655017976Z"

clusters/cl01tl/helm/rook-ceph/Chart.yaml

@@ -16,14 +16,14 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: rook-ceph
-    version: v1.18.7
+    version: v1.18.8
     repository: https://charts.rook.io/release
   - name: rook-ceph-cluster
-    version: v1.18.7
+    version: v1.18.8
     repository: https://charts.rook.io/release
   - name: cloudflared
     alias: cloudflared-rgw
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
 appVersion: v1.17.1

clusters/cl01tl/helm/roundcube/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:bf4ddb79b0fa0e266d5c5a18e37508bd1e4eaac98ad8c373c4bb44dba4a17fd0
-generated: "2025-11-30T21:07:41.680426-06:00"
+  version: 6.16.1
+digest: sha256:77330bdfa1da43d65b188105cf66cc1cd656a904789ee1761da16e8a4104f166
+generated: "2025-12-04T00:05:22.617898927Z"

clusters/cl01tl/helm/roundcube/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png
 appVersion: 1.6.10

clusters/cl01tl/helm/searxng/values.yaml

@@ -9,7 +9,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:277cb4b82fbdd69d88812089a5755860d379de907f09fb511443ff03d35191af
+            tag: latest@sha256:67c90fe48b64ab5774aa8c139f48c144fbaf81764ca9268997c88b0278a1de91
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL
@@ -43,7 +43,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:277cb4b82fbdd69d88812089a5755860d379de907f09fb511443ff03d35191af
+            tag: latest@sha256:67c90fe48b64ab5774aa8c139f48c144fbaf81764ca9268997c88b0278a1de91
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL

clusters/cl01tl/helm/site-documentation/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
-digest: sha256:5a7b3c34f9eb198ea91b40d341daaf28c5fe425e344d4d247a5592f742aaf760
-generated: "2025-11-30T21:07:44.522489-06:00"
+  version: 1.23.1
+digest: sha256:1d05db11156ee1d17ed72f9d4e29a6b6c30a654051c36c669b2b772710bf32c9
+generated: "2025-12-03T06:04:55.685279696Z"

clusters/cl01tl/helm/site-documentation/Chart.yaml

@@ -23,6 +23,6 @@ dependencies:
   - name: cloudflared
     alias: cloudflared-site
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
 icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png
 appVersion: 0.8.1

clusters/cl01tl/helm/site-documentation/values.yaml

@@ -11,7 +11,7 @@ site-documentation:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-documentation
-            tag: 0.0.3
+            tag: 0.0.4
             pullPolicy: IfNotPresent
           resources:
             requests:

clusters/cl01tl/helm/site-profile/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
-digest: sha256:2894c66ba8f97a04b37305fc59a8ef376ef7b8ac20280851d6b86f18af6f5a47
-generated: "2025-11-30T21:07:46.422263-06:00"
+  version: 1.23.1
+digest: sha256:2253dc4ef0331336571ae668919771228ddaa69c365ab9bf5a58ea29f854c70a
+generated: "2025-12-03T06:05:14.720363471Z"

clusters/cl01tl/helm/site-profile/Chart.yaml

@@ -23,6 +23,6 @@ dependencies:
   - name: cloudflared
     alias: cloudflared-site
     repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.1
 icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png
 appVersion: 2.0.1

clusters/cl01tl/helm/site-profile/values.yaml

@@ -11,7 +11,7 @@ site-profile:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-profile
-            tag: 2.1.0
+            tag: 2.1.1
             pullPolicy: IfNotPresent
           resources:
             requests:

clusters/cl01tl/helm/sonarr-4k/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:ac50ec7248debdffce8b12291db854979b7822b1254c1ad6c995436f4ade0427
-generated: "2025-11-30T21:07:51.092459-06:00"
+  version: 6.16.1
+digest: sha256:bbecefd5c20585a9fcde532663e06698a4a8057066de9483b0b2de50f210037f
+generated: "2025-12-04T00:05:35.118162699Z"

clusters/cl01tl/helm/sonarr-4k/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
 appVersion: 4.0.14

clusters/cl01tl/helm/sonarr-anime/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:ab4aba37d148cac38d557c908a4c0939a53511f2c1a38813ff11713594e1309f
-generated: "2025-11-30T21:07:52.725934-06:00"
+  version: 6.16.1
+digest: sha256:00f958cebd996abfbb1335aa45dac1e0cb945257e2111c00dbb419d0d21e4369
+generated: "2025-12-04T00:05:46.502013847Z"

clusters/cl01tl/helm/sonarr-anime/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
 appVersion: 4.0.14

clusters/cl01tl/helm/sonarr/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:a21b89ea41950e5c87de9e6f68b5844ce158398d40a1f811dca9401961f68188
-generated: "2025-11-30T21:07:49.423227-06:00"
+  version: 6.16.1
+digest: sha256:b133ec7f906fdab9426e3014801cba376eb61e7b490d42c22bce058e640f779d
+generated: "2025-12-04T00:05:58.76880801Z"

clusters/cl01tl/helm/sonarr/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.4.0
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
 appVersion: 4.0.14

clusters/cl01tl/helm/stalwart/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.4.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
-digest: sha256:88a8c0f96b046372d76ae0ebdd3f2fd2a5bc049eba3c145832a3c1c8704dc1bb
-generated: "2025-12-01T20:27:35.237977-06:00"
+  version: 6.16.1
+digest: sha256:87a9e98c0de182dec42160186a57ced84a62782c9a84fe0dbea56789de9606bf
+generated: "2025-12-04T00:06:09.631961901Z"

clusters/cl01tl/helm/stalwart/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/stalwart.png
 appVersion: v0.11.8

clusters/cl01tl/helm/trivy/values.yaml

@@ -16,7 +16,7 @@ trivy-operator:
     image:
       registry: mirror.gcr.io
       repository: aquasec/trivy
-      tag: 0.67.2
+      tag: 0.68.1
     storageClassEnabled: true
     storageClassName: ceph-block
     storageSize: "5Gi"