Merge pull request 'chore(deps): update dxflrs/garage docker tag to v2.3.0' (#6007) from renovate/unified-garage into main

Reviewed-on: #6007

.gitea/workflows/renovate.yaml

@@ -13,7 +13,7 @@ on:
 jobs:
   renovate:
     runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43.113.0@sha256:9dd3f426078a6ce9461c87264e4bcd1853698dc5ebb594fe5fab1f0afd25ef9b
+    container: ghcr.io/renovatebot/renovate:43.125.1@sha256:c85cf1a918a3deaaed3d60ffb885ae8b0afaf9eb43effef0e857a2fe246a234a
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

clusters/cl01tl/helm/argocd/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: argo-cd
   repository: https://argoproj.github.io/argo-helm
-  version: 9.5.0
+  version: 9.5.1
-digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1
+digest: sha256:52a9bcfdc287dac30b8833cd34654b7e62c864aa3d23bda7644a8acf5f75eb78
-generated: "2026-04-08T22:05:49.003208408Z"
+generated: "2026-04-16T15:57:15.168206017Z"

clusters/cl01tl/helm/argocd/Chart.yaml

@@ -13,8 +13,8 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: argo-cd
-    version: 9.5.0
+    version: 9.5.1
     repository: https://argoproj.github.io/argo-helm
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
 # renovate: datasource=github-releases depName=argoproj/argo-cd
-appVersion: v3.3.6
+appVersion: v3.3.7

clusters/cl01tl/helm/blocky/values.yaml

@@ -106,6 +106,7 @@ blocky:
               audiobookshelf                  IN      CNAME   traefik-cl01tl
               authentik                       IN      CNAME   traefik-cl01tl
               backrest                        IN      CNAME   traefik-cl01tl
+              bao                             IN      CNAME   traefik-cl01tl
               bazarr                          IN      CNAME   traefik-cl01tl
               ceph                            IN      CNAME   traefik-cl01tl
               dawarich                        IN      CNAME   traefik-cl01tl
@@ -160,6 +161,7 @@ blocky:
               sonarr                          IN      CNAME   traefik-cl01tl
               sonarr-4k                       IN      CNAME   traefik-cl01tl
               sonarr-anime                    IN      CNAME   traefik-cl01tl
+              sparkyfitness                   IN      CNAME   traefik-cl01tl
               stalwart                        IN      CNAME   traefik-cl01tl
               tdarr                           IN      CNAME   traefik-cl01tl
               tubearchivist                   IN      CNAME   traefik-cl01tl

clusters/cl01tl/helm/cert-manager/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: cert-manager
   repository: https://charts.jetstack.io
-  version: v1.20.1
+  version: v1.20.2
-digest: sha256:1bf36eba44cf096b40355a697b8cffb302f07f9135374222aabdf686f017b7a9
+digest: sha256:f218239b4538c64d57e098a56c69dcbc4e076ffcc3d320c5a5fef1e6309e38cf
-generated: "2026-03-28T01:35:24.542754563Z"
+generated: "2026-04-13T23:02:59.380767677Z"

clusters/cl01tl/helm/cert-manager/Chart.yaml

@@ -13,8 +13,8 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: cert-manager
-    version: v1.20.1
+    version: v1.20.2
     repository: https://charts.jetstack.io
 icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
 # renovate: datasource=github-releases depName=cert-manager/cert-manager
-appVersion: v1.20.1
+appVersion: v1.20.2

clusters/cl01tl/helm/cloudnative-pg/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 0.28.0
 - name: plugin-barman-cloud
   repository: https://cloudnative-pg.io/charts/
-  version: 0.5.0
+  version: 0.6.0
-digest: sha256:3e9b26d00fdb61af60f003bcb327e05d02799eb6088e30aaabd01c49c6021aac
+digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3
-generated: "2026-04-01T20:05:40.198140255Z"
+generated: "2026-04-14T09:03:10.332065288Z"

clusters/cl01tl/helm/cloudnative-pg/Chart.yaml

@@ -20,7 +20,7 @@ dependencies:
     version: 0.28.0
     repository: https://cloudnative-pg.io/charts/
   - name: plugin-barman-cloud
-    version: 0.5.0
+    version: 0.6.0
     repository: https://cloudnative-pg.io/charts/
 icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
 # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg

clusters/cl01tl/helm/directus/Chart.yaml

@@ -29,4 +29,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
 # renovate: datasource=github-releases depName=directus/directus
-appVersion: 11.17.2
+appVersion: 11.17.3

clusters/cl01tl/helm/directus/values.yaml

@@ -8,7 +8,7 @@ directus:
         main:
           image:
             repository: ghcr.io/directus/directus
-            tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
+            tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5
           env:
             - name: PUBLIC_URL
               value: https://directus.alexlebens.net

clusters/cl01tl/helm/foldergram/values.yaml

@@ -70,7 +70,7 @@ foldergram:
       forceRename: foldergram-data
       storageClass: synology-iscsi-delete
       accessMode: ReadWriteOnce
-      size: 100Gi
+      size: 150Gi
       advancedMounts:
         main:
           main:

clusters/cl01tl/helm/garage/Chart.yaml

@@ -21,4 +21,4 @@ dependencies:
     version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
 # renovate: datasource=docker depName=dxflrs/garage
-appVersion: v2.2.0
+appVersion: v2.3.0

clusters/cl01tl/helm/garage/values.yaml

@@ -21,7 +21,7 @@ garage:
         main:
           image:
             repository: dxflrs/garage
-            tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
+            tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
           envFrom:
             - secretRef:
                 name: garage-token-secret
@@ -50,7 +50,7 @@ garage:
         main:
           image:
             repository: dxflrs/garage
-            tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
+            tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
           envFrom:
             - secretRef:
                 name: garage-token-secret
@@ -79,7 +79,7 @@ garage:
         main:
           image:
             repository: dxflrs/garage
-            tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
+            tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
           envFrom:
             - secretRef:
                 name: garage-token-secret

clusters/cl01tl/helm/gatus/values.yaml

@@ -155,8 +155,8 @@ gatus:
       - name: searxng
         url: https://searxng.alexlebens.net
         <<: *defaults
-      - name: roundcube
+      - name: sparkyfitness
-        url: https://mail.alexlebens.net
+        url: https://sparkyfitness.alexlebens.net
         <<: *defaults
       - name: paperless-ngx
         url: https://paperless-ngx.alexlebens.net
@@ -212,6 +212,9 @@ gatus:
       - name: authentik
         url: https://authentik.alexlebens.net
         <<: *defaults
+      - name: roundcube
+        url: https://mail.alexlebens.net
+        <<: *defaults
       - name: stalwart
         url: https://stalwart.alexlebens.net
         <<: *defaults
@@ -263,6 +266,9 @@ gatus:
       - name: vault
         url: https://vault.alexlebens.net
         <<: *defaults
+      - name: openbao
+        url: https://bao.alexlebens.net
+        <<: *defaults
       - name: backrest
         url: https://backrest.alexlebens.net
         <<: *defaults

clusters/cl01tl/helm/generic-device-plugin/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: generic-device-plugin
   repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-  version: 0.20.29
+  version: 0.20.31
-digest: sha256:927c4aaf7484f3522ecd92d456f184555f4c742adc1c63b32a149cbb847e9eee
+digest: sha256:2e073f735a5ff699844eb67715ab20d403261b3e9c035ebdc4292cee9666b4f4
-generated: "2026-04-10T17:19:10.852938614Z"
+generated: "2026-04-15T01:16:30.361061773Z"

clusters/cl01tl/helm/generic-device-plugin/Chart.yaml

@@ -14,6 +14,6 @@ maintainers:
 dependencies:
   - name: generic-device-plugin
     repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-    version: 0.20.29
+    version: 0.20.31
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 1.0.0

clusters/cl01tl/helm/gitea/Chart.lock

@@ -1,13 +1,13 @@
 dependencies:
 - name: gitea
   repository: https://dl.gitea.com/charts/
-  version: 12.5.0
+  version: 12.5.3
 - name: actions
   repository: https://dl.gitea.com/charts/
-  version: 0.0.5
+  version: 0.1.0
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.30.0
+  version: 0.32.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 2.5.0
@@ -23,5 +23,5 @@ dependencies:
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:c2d6fcbbaffacda0598d81d7d3745e83040d59525ecaccd35d57dce773cf5309
+digest: sha256:2144d55ea34ba25bd81c1e479ee5cd27097fafb5676b96e63aa0e32ad2868925
-generated: "2026-04-13T20:33:29.673072156Z"
+generated: "2026-04-16T20:09:26.031592859Z"

clusters/cl01tl/helm/gitea/Chart.yaml

@@ -26,14 +26,14 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: gitea
-    version: 12.5.0
+    version: 12.5.3
     repository: https://dl.gitea.com/charts/
   - name: actions
     alias: gitea-actions
     repository: https://dl.gitea.com/charts/
-    version: 0.0.5
+    version: 0.1.0
   - name: meilisearch
-    version: 0.30.0
+    version: 0.32.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts

clusters/cl01tl/helm/gitea/values.yaml

@@ -194,7 +194,7 @@ gitea-actions:
       registry: docker.io
       repository: gitea/act_runner
       # renovate: datasource=docker depName=gitea/act_runner
-      tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
+      tag: 0.4.0@sha256:e7364b8252e74d5eb047abe64c98a856da37d9dad848af51e011b249206b36ba
       extraVolumeMounts:
         - name: workspace-vol
           mountPath: /workspace

clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml

@@ -567,6 +567,25 @@ spec:
   resyncPeriod: 6h
   url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json
 
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: grafana-dashboard-openbao
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grafana-dashboard-openbao
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  instanceSelector:
+    matchLabels:
+      app: grafana-main
+  contentCacheDuration: 6h
+  folderUID: grafana-folder-platform
+  resyncPeriod: 6h
+  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/openbao.json
+
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard

clusters/cl01tl/helm/headlamp/values.yaml

@@ -12,8 +12,6 @@ headlamp:
         enabled: true
         name: headlamp-oidc-secret
     watchPlugins: true
-    # Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
-    sessionTTL: null
   httpRoute:
     enabled: true
     parentRefs:

clusters/cl01tl/helm/home-assistant/values.yaml

@@ -23,7 +23,7 @@ home-assistant:
         code-server:
           image:
             repository: ghcr.io/linuxserver/code-server
-            tag: 4.115.0-ls331@sha256:308f49acac8734542560f797d79b15e4c872c4d3f97d1b22862633fcce2af62a
+            tag: 4.116.0-ls333@sha256:4620adace18935dd6ca79d77e3bc1c379e21875392192f970cf5d6b0fb4aefcd
           env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/helm/homepage/values.yaml

@@ -285,11 +285,11 @@ homepage:
                   href: https://searxng.alexlebens.net/
                   siteMonitor: http://searxng-browser.searxng:80
                   statusStyle: dot
-              - Email:
+              - Fitness Tracker:
-                  icon: sh-roundcube.webp
+                  icon: sh-sparkyfitness.webp
-                  description: Roundcube
+                  description: Sparky Fitness
-                  href: https://mail.alexlebens.net
+                  href: https://sparkyfitness.alexlebens.net
-                  siteMonitor: http://roundcube.roundcube:80
+                  siteMonitor: http://sparkyfitness-frontend.sparkyfitness:80
                   statusStyle: dot
               - Documents:
                   icon: sh-paperless-ngx.webp
@@ -487,7 +487,13 @@ homepage:
                   href: https://authentik.alexlebens.net
                   siteMonitor: http://authentik-server.authentik:80
                   statusStyle: dot
-              - Email:
+              - Email Client:
+                  icon: sh-roundcube.webp
+                  description: Roundcube
+                  href: https://mail.alexlebens.net
+                  siteMonitor: http://roundcube.roundcube:80
+                  statusStyle: dot
+              - Email Server:
                   icon: sh-stalwart.webp
                   description: Stalwart
                   href: https://stalwart.alexlebens.net
@@ -631,6 +637,18 @@ homepage:
                       app.kubernetes.io/instance in (
                           vault
                       )
+              - Secrets:
+                  icon: sh-openbao.webp
+                  description: OpenBao
+                  href: https://bao.alexlebens.net
+                  siteMonitor: http://openbao.openbao:8200
+                  statusStyle: dot
+                  namespace: openbao
+                  app: openbao
+                  podSelector: >-
+                      app.kubernetes.io/instance in (
+                          openbao
+                      )
               - Backups:
                   icon: sh-backrest-light.webp
                   description: Backrest

clusters/cl01tl/helm/jellyfin/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.6.2
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.30.0
+  version: 0.32.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:32b9a206e77eabcdf1bbbc4d7e93067c40d6a621e4a07c1827e4d23961e2d82b
+digest: sha256:09e0de3cf33b4b463b07237d547172ad72fcc77c0fcb8e5ed7542f9ee3b1df3a
-generated: "2026-03-30T16:13:40.879082765Z"
+generated: "2026-04-16T14:10:45.330521031Z"

clusters/cl01tl/helm/jellyfin/Chart.yaml

@@ -22,7 +22,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.6.2
   - name: meilisearch
-    version: 0.30.0
+    version: 0.32.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/karakeep/Chart.lock

@@ -4,12 +4,12 @@ dependencies:
   version: 4.6.2
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.30.0
+  version: 0.32.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 2.5.0
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:9939407bba4f0ac9d5ed47250490d0a80dc48881cfeb7bc924ece655fa0b5b05
+digest: sha256:a5074b9aa3d0ad4e8e3f0d5d10e92e7112bf1fd263d6bade8ae47e36d544cb6d
-generated: "2026-04-10T01:17:47.911315172Z"
+generated: "2026-04-16T14:11:10.620563905Z"

clusters/cl01tl/helm/karakeep/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.6.2
   - name: meilisearch
-    version: 0.30.0
+    version: 0.32.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts

clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock

@@ -1,7 +1,7 @@
 dependencies:
 - name: kube-prometheus-stack
   repository: oci://ghcr.io/prometheus-community/charts
-  version: 83.4.1
+  version: 83.5.0
 - name: prometheus-operator-crds
   repository: oci://ghcr.io/prometheus-community/charts
   version: 28.0.1
@@ -11,5 +11,5 @@ dependencies:
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.6.1
-digest: sha256:cdc5f72d9531ec26bfa06a71819a17ba9944ceb6ec8fbf67d3ac8f22431535a5
+digest: sha256:555ebcb0a43ef44e1c0eb4b0603a54027e757eb24c6041e0051075641656fdd2
-generated: "2026-04-13T22:34:25.816994271Z"
+generated: "2026-04-16T16:11:08.272959931Z"

clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml

@@ -20,7 +20,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: kube-prometheus-stack
-    version: 83.4.1
+    version: 83.5.0
     repository: oci://ghcr.io/prometheus-community/charts
   - name: prometheus-operator-crds
     version: 28.0.1

clusters/cl01tl/helm/libation/Chart.yaml

@@ -26,4 +26,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
 # renovate: datasource=github-releases depName=rmcrackan/Libation
-appVersion: 13.3.3
+appVersion: 13.3.4

clusters/cl01tl/helm/libation/values.yaml

@@ -12,7 +12,7 @@ libation:
         main:
           image:
             repository: rmcrackan/libation
-            tag: 13.3.3@sha256:fbeb84916c81b654412801367b7e96796ffdba83d987a1ed5fed9896cf7cabee
+            tag: 13.3.4@sha256:eb0357e8a880ed0049dffd2a99a9d2eda322ed33b3b9e16f4fb93eb15275f396
           env:
             - name: SLEEP_TIME
               value: "-1"
@@ -30,7 +30,7 @@ libation:
         main:
           image:
             repository: ubuntu
-            tag: resolute-20260404@sha256:cc925e589b7543b910fea57a240468940003fbfc0515245a495dd0ad8fe7cef1
+            tag: resolute-20260413@sha256:5e275723f82c67e387ba9e3c24baa0abdcb268917f276a0561c97bef9450d0b4
           command:
             - "sleep"
             - "infinity"

clusters/cl01tl/helm/lidarr/values.yaml

@@ -14,7 +14,7 @@ lidarr:
         main:
           image:
             repository: ghcr.io/linuxserver/lidarr
-            tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda
+            tag: 3.1.2-nightly@sha256:9ec74111343f3648f2ab9a80931e05f1695622ff5a2587f1f2006e0415322a65
           env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/helm/matrix-synapse/values.yaml

@@ -133,7 +133,7 @@ matrix-synapse:
     gid: 666
     image:
       repository: alpine
-      tag: 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
+      tag: 3.23.4@sha256:c7989ac7a27b473e1795973c98d714f62b4dd0b134594d36880505ce0bfd716b
   ingress:
     enabled: false
   gateway:
@@ -332,7 +332,7 @@ mautrix-whatsapp:
         main:
           image:
             repository: dock.mau.dev/mautrix/whatsapp
-            tag: v0.2603.0@sha256:b49009312361d9ea0d7090716fd09f2323f477b32bd119648c6ca2d558a3e236
+            tag: v0.2604.0@sha256:9f28c04c746af9fe8e93163489dae0f4191626e2ca02a9302df62afbeefc9eba
           resources:
             requests:
               cpu: 1m

clusters/cl01tl/helm/medialyze/Chart.yaml

@@ -24,4 +24,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
 # renovate: datasource=github-releases depName=frederikemmer/MediaLyze
-appVersion: 0.6.0
+appVersion: 0.7.1

clusters/cl01tl/helm/medialyze/values.yaml

@@ -12,7 +12,7 @@ medialyze:
         main:
           image:
             repository: ghcr.io/frederikemmer/medialyze
-            tag: 0.6.0@sha256:7bf772454c7baeaf5c86ad59eee7fe59ef47b5366248e253647cfc79642a72bf
+            tag: 0.7.1@sha256:c28cfd5cafe2b34136efaba5ba825440a2160cda3116ecb266454eac07a37e49
           env:
             - name: HOST_PORT
               value: 8080

clusters/cl01tl/helm/music-grabber/Chart.yaml

@@ -24,4 +24,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png
 # renovate: datasource=docker depName=g33kphr33k/musicgrabber
-appVersion: 2.6.1
+appVersion: 2.6.3

clusters/cl01tl/helm/music-grabber/values.yaml

@@ -12,7 +12,7 @@ music-grabber:
         main:
           image:
             repository: g33kphr33k/musicgrabber
-            tag: 2.6.1@sha256:52b81df8e69062b4023a416fa4168d4bc0e6d8fba48901a5a5a3080bdd748696
+            tag: 2.6.3@sha256:33ccf823b27387c5080da6df7e1b22f1e6443f878cfbf14fb06a6abcef79991d
           env:
             - name: MUSIC_DIR
               value: /mnt/store/Music Grabber/

clusters/cl01tl/helm/navidrome/values.yaml

@@ -12,7 +12,7 @@ navidrome:
         main:
           image:
             repository: ghcr.io/navidrome/navidrome
-            tag: 0.61.1@sha256:1e1660054a856cc09f227d6929252e45a519fdb16004b464dd637f7294ca3ec1
+            tag: 0.61.2@sha256:9fa40b3d8dec43ceb2213d1fa551da3dcfef6ac6d19c2e534efb92527c2bafd2
           env:
             - name: ND_MUSICFOLDER
               value: /music

clusters/cl01tl/helm/ollama/Chart.yaml

@@ -31,4 +31,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
 # renovate: datasource=github-releases depName=ollama/ollama
-appVersion: 0.20.5
+appVersion: 0.20.7

clusters/cl01tl/helm/ollama/values.yaml

@@ -21,7 +21,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.20.5@sha256:662109db8037f17257cfc6e816289c0d4c9ae8a2a4ff760b653d8d410e234ba0
+            tag: 0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
           env:
             - name: OLLAMA_KEEP_ALIVE
               value: 24h
@@ -55,7 +55,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.20.5@sha256:662109db8037f17257cfc6e816289c0d4c9ae8a2a4ff760b653d8d410e234ba0
+            tag: 0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
           env:
             - name: OLLAMA_KEEP_ALIVE
               value: 24h
@@ -89,7 +89,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.20.5@sha256:662109db8037f17257cfc6e816289c0d4c9ae8a2a4ff760b653d8d410e234ba0
+            tag: 0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
           env:
             - name: OLLAMA_KEEP_ALIVE
               value: 24h

clusters/cl01tl/helm/openbao/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: openbao
+  repository: https://openbao.github.io/openbao-helm
+  version: 0.27.1
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.6.2
+digest: sha256:2a48dda8dad91d967fceeec4c50d3358f58b0255ba823e04bea726bf187f8f40
+generated: "2026-04-15T19:55:47.720376-05:00"

clusters/cl01tl/helm/openbao/Chart.yaml

@@ -0,0 +1,30 @@
+apiVersion: v2
+name: openbao
+version: 1.0.0
+description: OpenBao
+keywords:
+  - openbao
+  - secrets
+home: https://docs.alexlebens.dev/applications/openbao/
+sources:
+  - https://github.com/openbao/openbao
+  - https://github.com/lrstanley/vault-unseal
+  - https://quay.io/repository/openbao/openbao?tab=tags
+  - https://quay.io/repository/openbao/openbao-csi-provider?tab=tags
+  - https://github.com/openbao/openbao-snapshot-agent/pkgs/container/openbao-snapshot-agent
+  - https://github.com/lrstanley/vault-unseal/pkgs/container/vault-unseal
+  - https://github.com/openbao/openbao-helm/tree/main/charts/openbao
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: openbao
+    version: 0.27.1
+    repository: https://openbao.github.io/openbao-helm
+  - name: app-template
+    alias: unseal
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.6.2
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/openbao.png
+# renovate: datasource=github-releases depName=openbao/openbao
+appVersion: v2.5.2

clusters/cl01tl/helm/openbao/templates/external-secret.yaml

@@ -0,0 +1,166 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: openbao-snapshot-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: openbao-snapshot-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        key: /garage/home-infra/openbao-backups
+        property: ACCESS_KEY_ID
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        key: /garage/home-infra/openbao-backups
+        property: ACCESS_REGION
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        key: /garage/home-infra/openbao-backups
+        property: ACCESS_SECRET_KEY
+    - secretKey: BUCKET
+      remoteRef:
+        key: /garage/home-infra/openbao-backups
+        property: BUCKET
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: openbao-unseal-config-1
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: openbao-unseal-config-1
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ENVIRONMENT
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: ENVIRONMENT
+    - secretKey: NODES
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: NODES
+    - secretKey: TOKENS
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: TOKENS_1
+    - secretKey: NOTIFY_QUEUE_URLS
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: NOTIFY_QUEUE_URLS
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: openbao-unseal-config-2
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: openbao-unseal-config-2
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ENVIRONMENT
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: ENVIRONMENT
+    - secretKey: NODES
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: NODES
+    - secretKey: TOKENS
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: TOKENS_2
+    - secretKey: NOTIFY_QUEUE_URLS
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: NOTIFY_QUEUE_URLS
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: openbao-unseal-config-3
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: openbao-unseal-config-3
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ENVIRONMENT
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: ENVIRONMENT
+    - secretKey: NODES
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: NODES
+    - secretKey: TOKENS
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: TOKENS_3
+    - secretKey: NOTIFY_QUEUE_URLS
+      remoteRef:
+        key: /cl01tl/openbao/unseal
+        property: NOTIFY_QUEUE_URLS
+
+# ---
+# apiVersion: external-secrets.io/v1
+# kind: ExternalSecret
+# metadata:
+#   name: openbao-token
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: openbao-token
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   secretStoreRef:
+#     kind: ClusterSecretStore
+#     name: openbao
+#   data:
+#     - secretKey: token
+#       remoteRef:
+#         key: /cl01tl/openbao/token
+#         property: token
+#     - secretKey: unseal_key_1
+#       remoteRef:
+#         key: /cl01tl/openbao/token
+#         property: unseal_key_1
+#     - secretKey: unseal_key_2
+#       remoteRef:
+#         key: /cl01tl/openbao/token
+#         property: unseal_key_2
+#     - secretKey: unseal_key_3
+#       remoteRef:
+#         key: /cl01tl/openbao/token
+#         property: unseal_key_3
+#     - secretKey: unseal_key_4
+#       remoteRef:
+#         key: /cl01tl/openbao/token
+#         property: unseal_key_4
+#     - secretKey: unseal_key_5
+#       remoteRef:
+#         key: /cl01tl/openbao/token
+#         property: unseal_key_5

clusters/cl01tl/helm/openbao/templates/ingress.yaml

@@ -0,0 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: openbao-tailscale
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: openbao-tailscale
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    tailscale.com/proxy-class: no-metrics
+  annotations:
+    tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
+spec:
+  ingressClassName: tailscale
+  tls:
+    - hosts:
+        - openbao-cl01tl
+      secretName: openbao-cl01tl
+  rules:
+    - host: openbao-cl01tl
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: openbao-active
+                port:
+                  number: 8200

clusters/cl01tl/helm/openbao/templates/namespace.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openbao
+  labels:
+    app.kubernetes.io/name: openbao
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged

clusters/cl01tl/helm/openbao/values.yaml

@@ -0,0 +1,182 @@
+openbao:
+  global:
+    serverTelemetry:
+      prometheusOperator: true
+  injector:
+    enabled: false
+  server:
+    updateStrategyType: RollingUpdate
+    image:
+      registry: quay.io
+      repository: openbao/openbao
+      tag: 2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
+    resources:
+      requests:
+        cpu: 50m
+        memory: 500Mi
+    gateway:
+      tlsRoute:
+        enabled: true
+        hosts:
+          - bao.alexlebens.net
+        apiVersion: gateway.networking.k8s.io/v1
+        parentRefs:
+          - group: gateway.networking.k8s.io
+            kind: Gateway
+            name: traefik-gateway
+            namespace: traefik
+    authDelegator:
+      enabled: true
+    livenessProbe:
+      enabled: true
+    dataStorage:
+      size: 1Gi
+      storageClass: ceph-block
+    auditStorage:
+      enabled: true
+      size: 10Gi
+      storageClass: ceph-block
+    standalone:
+      enabled: false
+    ha:
+      enabled: true
+      replicas: 3
+      raft:
+        enabled: true
+        config: |
+          ui = true
+
+          listener "tcp" {
+            tls_disable = 1
+            address = "[::]:8200"
+            cluster_address = "[::]:8201"
+            telemetry {
+              unauthenticated_metrics_access = "true"
+            }
+          }
+
+          storage "raft" {
+            path = "/openbao/data"
+            retry_join {
+              leader_api_addr = "http://openbao-0.openbao-internal:8200"
+            }
+            retry_join {
+              leader_api_addr = "http://openbao-1.openbao-internal:8200"
+            }
+            retry_join {
+              leader_api_addr = "http://openbao-2.openbao-internal:8200"
+            }
+          }
+
+          service_registration "kubernetes" {}
+
+          telemetry {
+            prometheus_retention_time = "30s"
+            disable_hostname = true
+          }
+  csi:
+    enabled: true
+    image:
+      registry: quay.io
+      repository: openbao/openbao-csi-provider
+      tag: 2.0.1@sha256:a3bd5e8183da778b5dc79ee1a3d7313ac77dc599b623b4106a91b19362674f27
+    resources:
+      requests:
+        cpu: 50m
+        memory: 100Mi
+    agent:
+      image:
+        registry: quay.io
+        repository: openbao/openbao
+        tag: 2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
+      resources:
+        requests:
+          cpu: 10m
+          memory: 100Mi
+  serverTelemetry:
+    serviceMonitor:
+      enabled: true
+    prometheusRules:
+      enabled: true
+      rules:
+        - alert: vault-HighResponseTime
+          annotations:
+            message: The response time of Vault is over 500ms on average over the last 5 minutes.
+          expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500
+          for: 5m
+          labels:
+            severity: warning
+        - alert: vault-HighResponseTime
+          annotations:
+            message: The response time of Vault is over 1s on average over the last 5 minutes.
+          expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000
+          for: 5m
+          labels:
+            severity: critical
+  snapshotAgent:
+    enabled: true
+    schedule: 0 4 * * *
+    image:
+      repository: ghcr.io/openbao/openbao-snapshot-agent
+      tag: 0.3.0@sha256:d7a8ca9d26b12cf226ce093b9051f243c53aefbb8a419b3dc0b554e7575c931c
+    s3CredentialsSecret: openbao-snapshot-secret
+    config:
+      s3Host: garage-main.garage:3900
+      s3Bucket: openbao-backups
+      s3Uri: s3://openbao-backups
+      s3ExpireDays: "30"
+      s3cmdExtraFlag: "-v"
+      baoAuthPath: kubernetes
+      baoRole: bao-snapshot
+unseal:
+  global:
+    fullnameOverride: openbao-unseal
+  controllers:
+    unseal-1:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      containers:
+        main:
+          image:
+            repository: ghcr.io/lrstanley/vault-unseal
+            tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
+          envFrom:
+            - secretRef:
+                name: openbao-unseal-config-1
+          resources:
+            requests:
+              cpu: 1m
+              memory: 10Mi
+    unseal-2:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      containers:
+        main:
+          image:
+            repository: ghcr.io/lrstanley/vault-unseal
+            tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
+          envFrom:
+            - secretRef:
+                name: openbao-unseal-config-2
+          resources:
+            requests:
+              cpu: 1m
+              memory: 10Mi
+    unseal-3:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      containers:
+        main:
+          image:
+            repository: ghcr.io/lrstanley/vault-unseal
+            tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
+          envFrom:
+            - secretRef:
+                name: openbao-unseal-config-3
+          resources:
+            requests:
+              cpu: 1m
+              memory: 10Mi

clusters/cl01tl/helm/paperless-ngx/Chart.yaml

@@ -48,4 +48,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/paperless-ngx.png
 # renovate: datasource=github-releases depName=paperless-ngx/paperless-ngx
-appVersion: 2.20.13
+appVersion: 2.20.14

clusters/cl01tl/helm/paperless-ngx/values.yaml

@@ -8,7 +8,7 @@ paperless-ngx:
         main:
           image:
             repository: ghcr.io/paperless-ngx/paperless-ngx
-            tag: 2.20.13@sha256:4b05bcd28e6923768000b5d247cbf2c66fd49bdc3f3b05955bd4f6790a638b01
+            tag: 2.20.14@sha256:b89f83345532cfba72690185257eb6c4f92fc2a782332a42abe19c07b7a6595f
           env:
             - name: PAPERLESS_REDIS
               value: redis://paperless-ngx-valkey.paperless-ngx:6379

clusters/cl01tl/helm/plex/values.yaml

@@ -22,7 +22,7 @@ plex:
         main:
           image:
             repository: ghcr.io/linuxserver/plex
-            tag: 1.43.1.10576-06378bdcd-ls300@sha256:09fe33e5efd991681ea3cbd3e3cb262cd1ae26d4a0145a4141ead284d8f21de6
+            tag: 1.43.1.10611-1e34174b1-ls301@sha256:1dd281365d61fb76fd4474ba67e36ec94d2e8dbc67a8032ba10731c01701c97e
           env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/helm/postiz/Chart.lock

@@ -4,7 +4,7 @@ dependencies:
   version: 4.6.2
 - name: temporal
   repository: https://go.temporal.io/helm-charts
-  version: 1.0.0
+  version: 1.1.1
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 2.5.0
@@ -20,5 +20,5 @@ dependencies:
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:5534bfc9e9086db50f191d6369d92dcee2aef4736f40b1a905dfa7b967d3e0b9
+digest: sha256:c2f97973de65b7ab76b42a5b9131e084de2333ba82c85b75d9e186ec88335ef4
-generated: "2026-04-13T20:36:42.977624488Z"
+generated: "2026-04-15T18:59:31.36700149Z"

clusters/cl01tl/helm/postiz/Chart.yaml

@@ -29,7 +29,7 @@ dependencies:
     version: 4.6.2
   - name: temporal
     repository: https://go.temporal.io/helm-charts
-    version: 1.0.0
+    version: 1.1.1
   - name: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
     version: 2.5.0

clusters/cl01tl/helm/postiz/values.yaml

@@ -232,7 +232,7 @@ temporal:
   web:
     image:
       repository: temporalio/ui
-      tag: 2.48.2@sha256:8625626deb0b2447eff6fc81a1fba1d782c9e41e72d527016f1297a62e715241
+      tag: 2.48.3@sha256:e5523746f54a8b908b0be69f6274ca1abf2aa0a51714a85b6a4641310ff60286
     resources:
       requests:
         cpu: 10m

clusters/cl01tl/helm/prowlarr/Chart.yaml

@@ -28,4 +28,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png
 # renovate: datasource=github-releases depName=linuxserver/docker-prowlarr
-appVersion: 2.3.5.5327-ls141
+appVersion: 2.3.5.5327-ls142

clusters/cl01tl/helm/prowlarr/values.yaml

@@ -12,7 +12,7 @@ prowlarr:
         main:
           image:
             repository: ghcr.io/linuxserver/prowlarr
-            tag: 2.3.5.5327-ls141@sha256:35f48abb3e976fcf077fae756866c582e4a90f8b24810ae4067b3558f7cdbbdf
+            tag: 2.3.5.5327-ls142@sha256:6df73ab9e99d0dbaad27c39d8a47c600333eebea80fcb56253a0bb8b630c8115
           env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/helm/reloader/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: reloader
   repository: https://stakater.github.io/stakater-charts
-  version: 2.2.10
+  version: 2.2.11
-digest: sha256:87ae8d844f1b602a109e306e00b2f06060443fd9ef5d97689e89a84950b9fdd6
+digest: sha256:09bd15e46f5b5c09da317bda9dfe5dd4b74e5e2aecd8271e8e66eaabfd0df521
-generated: "2026-04-13T20:31:19.310944569Z"
+generated: "2026-04-15T18:46:43.186024471Z"

clusters/cl01tl/helm/reloader/Chart.yaml

@@ -13,8 +13,8 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: reloader
-    version: 2.2.10
+    version: 2.2.11
     repository: https://stakater.github.io/stakater-charts
 icon: https://raw.githubusercontent.com/stakater/Reloader/refs/heads/master/assets/web/reloader.jpg
 # renovate: datasource=github-releases depName=stakater/Reloader
-appVersion: v1.4.15
+appVersion: v1.4.16

clusters/cl01tl/helm/rook-ceph/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: rook-ceph
   repository: https://charts.rook.io/release
-  version: v1.19.3
+  version: v1.19.4
 - name: rook-ceph-cluster
   repository: https://charts.rook.io/release
-  version: v1.19.3
+  version: v1.19.4
-digest: sha256:f485e0ac0fe7a70972491078f37b8be4aff2c6dfa7346bdb18d296f1dbd15b1e
+digest: sha256:c7e8bd547272f7f8294f9237f997d5898882293cd10cb59efc59c7452d720ea3
-generated: "2026-03-24T22:57:30.323965591Z"
+generated: "2026-04-15T18:07:10.535464016Z"

clusters/cl01tl/helm/rook-ceph/Chart.yaml

@@ -15,11 +15,11 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: rook-ceph
-    version: v1.19.3
+    version: v1.19.4
     repository: https://charts.rook.io/release
   - name: rook-ceph-cluster
-    version: v1.19.3
+    version: v1.19.4
     repository: https://charts.rook.io/release
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
 # renovate: datasource=github-releases depName=rook/rook
-appVersion: v1.19.3
+appVersion: v1.19.4

clusters/cl01tl/helm/roundcube/values.yaml

@@ -56,7 +56,7 @@ roundcube:
         nginx:
           image:
             repository: nginx
-            tag: 1.29.8-alpine-slim@sha256:34311a2592ef8b857ca342b0d458d2978e4d05ae620ba2da5030f3d7c9b4774c
+            tag: 1.30.0-alpine-slim@sha256:830b40ff1beb5e018e56aef2ed1f9fe87a7797e35a555b75fea5c9568e316b04
           env:
             - name: NGINX_HOST
               value: mail.alexlebens.net

clusters/cl01tl/helm/rybbit/values.yaml

@@ -112,7 +112,7 @@ rybbit:
         main:
           image:
             repository: clickhouse/clickhouse-server
-            tag: 26.3.5@sha256:0115c4aa8d29ef873a533bcebaf5a65ec12815cf3b08b4fe6a20c30d460e8133
+            tag: 26.3.9@sha256:537014a67ce8bf1f5c79c2e2b26fb30b8285a86ffff03875bb14ed17ea35db62
           env:
             - name: CLICKHOUSE_DB
               value: analytics

clusters/cl01tl/helm/searxng/values.yaml

@@ -8,7 +8,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:4c6b4f3e1fc10a907a40b7eaaf5b92d50f5b4097d6fb5b02041c0f9926233b36
+            tag: latest@sha256:222b4c11534e0bd9b5ed80081680094a1d663413cbe1d142e184515c4035fc23
           env:
             - name: SEARXNG_BASE_URL
               value: http://searxng-api.searxng:8080
@@ -36,7 +36,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:4c6b4f3e1fc10a907a40b7eaaf5b92d50f5b4097d6fb5b02041c0f9926233b36
+            tag: latest@sha256:222b4c11534e0bd9b5ed80081680094a1d663413cbe1d142e184515c4035fc23
           env:
             - name: SEARXNG_BASE_URL
               value: https://searxng.alexlebens.net/

clusters/cl01tl/helm/secrets-store-csi-driver/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: secrets-store-csi-driver
+  repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
+  version: 1.5.6
+digest: sha256:8bebc25b54a231446dce2d67b9cd65024a1458fc106ee93dcfd539759edf2ca5
+generated: "2026-04-15T17:29:48.143994-05:00"

clusters/cl01tl/helm/secrets-store-csi-driver/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: secrets-store-csi-driver
+version: 1.0.0
+description: Secrets Store CSI driver
+keywords:
+  - secrets-store-csi-driver
+  - secrets
+home: https://docs.alexlebens.dev/applications/secrets-store-csi-driver/
+sources:
+  - https://github.com/kubernetes-sigs/secrets-store-csi-driver
+  - https://explore.ggcr.dev/?repo=registry.k8s.io%2Fcsi-secrets-store%2Fdriver
+  - https://explore.ggcr.dev/?repo=registry.k8s.io%2Fcsi-secrets-store%2Fdriver-crds
+  - https://explore.ggcr.dev/?repo=registry.k8s.io%2Fsig-storage%2Fcsi-node-driver-registrar
+  - https://explore.ggcr.dev/?repo=registry.k8s.io%2Fsig-storage%2Flivenessprobe
+  - https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/main/charts/secrets-store-csi-driver
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: secrets-store-csi-driver
+    version: 1.5.6
+    repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
+# renovate: datasource=github-releases depName=kubernetes-sigs/secrets-store-csi-driver
+appVersion: v1.5.6

clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: secrets-store-csi-driver
+  labels:
+    app.kubernetes.io/name: secrets-store-csi-driver
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged

clusters/cl01tl/helm/secrets-store-csi-driver/values.yaml

@@ -0,0 +1,41 @@
+secrets-store-csi-driver:
+  linux:
+    enabled: true
+    image:
+      repository: registry.k8s.io/csi-secrets-store/driver
+      tag: v1.5.6@sha256:6df2b3b3817136d2ade3d53306dbbd98385c1c01e8b3c373192c0e5b8d183f7b
+    crds:
+      enabled: true
+      image:
+        repository: registry.k8s.io/csi-secrets-store/driver-crds
+        tag: v1.5.6@sha256:d40d9212beb62ee0f9f09b75d024ed807816879f38e75eca309497c3df89568c
+    driver:
+      resources:
+        limits:
+          cpu: null
+          memory: null
+        requests:
+          cpu: 10m
+          memory: 100Mi
+    registrarImage:
+      repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
+      tag: v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70
+    registrar:
+      resources:
+        limits:
+          cpu: null
+          memory: null
+        requests:
+          cpu: 10m
+          memory: 20Mi
+    livenessProbeImage:
+      repository: registry.k8s.io/sig-storage/livenessprobe
+      tag: v2.18.0@sha256:c4cc074199c045dd73ab85f28897e2a32f4d6f38ffdba4f3b13b8007ccbd3570
+    livenessProbe:
+      resources:
+        limits:
+          cpu: null
+          memory: null
+        requests:
+          cpu: 10m
+          memory: 20Mi

clusters/cl01tl/helm/seerr/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: seerr-chart
   repository: oci://ghcr.io/seerr-team/seerr
-  version: 3.4.2
+  version: 3.5.1
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:f9f2649fcd5ae23d2e8bedc81c8dec7c65464328901c4fd4e47b00549e315514
+digest: sha256:84f0e23ceedb5b4eedbad1de94ea4e18785360d2125d465ed6f2bcccd7e38e5d
-generated: "2026-04-13T18:43:39.927316242Z"
+generated: "2026-04-16T14:11:50.866475988Z"

clusters/cl01tl/helm/seerr/Chart.yaml

@@ -17,11 +17,11 @@ maintainers:
 dependencies:
   - name: seerr-chart
     repository: oci://ghcr.io/seerr-team/seerr
-    version: 3.4.2
+    version: 3.5.1
   - name: volsync-target
     alias: volsync-target-config
     version: 0.8.0
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/seerr.png
 # renovate: datasource=github-releases depName=seerr-team/seerr
-appVersion: v3.1.1
+appVersion: v3.2.0

clusters/cl01tl/helm/seerr/values.yaml

@@ -2,7 +2,7 @@ seerr-chart:
   image:
     registry: ghcr.io
     repository: seerr-team/seerr
-    tag: v3.1.1
+    tag: v3.2.0
     sha: b35ba0461c4a1033d117ac1e5968fd4cbe777899e4cbfbdeaf3d10a42a0eb7e9
   config:
     persistence:

clusters/cl01tl/helm/site-documentation/values.yaml

@@ -10,7 +10,7 @@ site-documentation:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-documentation
-            tag: 0.24.0@sha256:4de96b40683bdb4998219b38b728a46e821de7ccd28b2ff6cc69ff26a712e7af
+            tag: 0.25.0@sha256:1509b20e703617ce8e6fc78fa599a56c09be178541adc82da406632f9af15d97
           resources:
             requests:
               cpu: 10m

clusters/cl01tl/helm/site-profile/values.yaml

@@ -10,7 +10,7 @@ site-profile:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-profile
-            tag: 3.18.0@sha256:1219a291faaaef87761e9f8b0857270165c505d95c0a30325fe4e2be422ba377
+            tag: 3.18.2@sha256:8deb9624b2564fabd1f5cc6822306fd198b245858317be2d9ab4ca044ae3ded5
           resources:
             requests:
               cpu: 10m

clusters/cl01tl/helm/site-saralebens/values.yaml

@@ -10,7 +10,7 @@ site-saralebens:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-saralebens
-            tag: 1.1.0@sha256:118dd5c65edcc0c77b00bbb6d9c70aab307aa04ba211f3fd74435e9b06c38304
+            tag: 1.1.1@sha256:b1a92f492127dd0e6b1756dd6798e72fbc991c7b334c0bec87ba39cb9bb14ee3
           resources:
             requests:
               cpu: 10m

clusters/cl01tl/helm/sparkyfitness/Chart.lock

@@ -0,0 +1,12 @@
+dependencies:
+- name: sparkyfitness
+  repository: oci://ghcr.io/codewithcj/charts
+  version: 0.16.5-7
+- name: postgres-cluster
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 7.11.2
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+digest: sha256:cbe47d5c90cb22ba40b6de948b0a49733c6ce40b1be92555d5df3f0f1e610950
+generated: "2026-04-13T19:27:44.289967-05:00"

clusters/cl01tl/helm/sparkyfitness/Chart.yaml

@@ -0,0 +1,32 @@
+apiVersion: v2
+name: sparkyfitness
+version: 1.0.0
+description: Sparky Fitness
+keywords:
+  - sparky-fitness
+  - fitness-tracking
+home: https://docs.alexlebens.dev/applications/sparkyfitness/
+sources:
+  - https://github.com/CodeWithCJ/SparkyFitness
+  - https://github.com/CodeWithCJ/SparkyFitness/pkgs/container/sparkyfitness-server
+  - https://github.com/CodeWithCJ/SparkyFitness/pkgs/container/sparkyfitness-frontend
+  - https://github.com/CodeWithCJ/SparkyFitness/tree/main/helm/chart
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: sparkyfitness
+    version: 0.16.5-7
+    repository: oci://ghcr.io/codewithcj/charts
+  - name: postgres-cluster
+    alias: postgres-18-cluster
+    version: 7.11.2
+    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: volsync-target
+    alias: volsync-target-backup
+    version: 0.8.0
+    repository: oci://harbor.alexlebens.net/helm-charts
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/sparkyfitness.png
+# renovate: datasource=github-releases depName=CodeWithCJ/SparkyFitness
+appVersion: v0.16.5.7

clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml

@@ -0,0 +1,46 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: sparkyfitness-key-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: sparkyfitness-key-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: api_encryption_key
+      remoteRef:
+        key: /cl01tl/sparkyfitness/key
+        property: api_encryption_key
+    - secretKey: better_auth_secret
+      remoteRef:
+        key: /cl01tl/sparkyfitness/key
+        property: better_auth_secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: sparkyfitness-oidc-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: sparkyfitness-oidc-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: client_id
+      remoteRef:
+        key: /authentik/oidc/sparkyfitness
+        property: client
+    - secretKey: client_secret
+      remoteRef:
+        key: /authentik/oidc/sparkyfitness
+        property: secret

clusters/cl01tl/helm/sparkyfitness/values.yaml

@@ -0,0 +1,101 @@
+sparkyfitness:
+  config:
+    timezone: America/Chicago
+    allowPrivateNetworkCors: true
+    extraTrustedOrigins: https://sparkyfitness.alexlebens.net
+    oidc:
+      enabled: true
+      providerSlug: sparky-fitness
+      providerName: Authentik
+      issuerUrl: https://authentik.alexlebens.net/application/o/sparky-fitness
+      logoUrl: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp
+      secrets:
+        existingSecret: sparkyfitness-oidc-secret
+  httpRoute:
+    enabled: true
+    hostname: sparkyfitness.alexlebens.net
+    parentRef:
+      name: traefik-gateway
+      namespace: traefik
+  server:
+    image:
+      repository: ghcr.io/codewithcj/sparkyfitness-server
+      tag: v0.16.5.7@sha256:7cdb8cb3ae7f90c7590dac3b92cea3a8e24d51b28eb836a1f6d5201cd45bc080
+    resources:
+      requests:
+        cpu: 100m
+        memory: 200Mi
+      limits:
+        cpu: null
+        memory: null
+    secrets:
+      generate: false
+      existingSecret: sparkyfitness-key-secret
+    appDatabase:
+      existingSecret: sparkyfitness-postgresql-18-cluster-app
+    persistence:
+      backup:
+        size: 5Gi
+        accessMode: ReadWriteOnce
+        storageClass: ceph-block
+      uploads:
+        size: 10Gi
+        accessMode: ReadWriteOnce
+        storageClass: ceph-block
+  frontend:
+    image:
+      repository: ghcr.io/codewithcj/sparkyfitness-frontend
+      tag: v0.16.5.7@sha256:c57a0a07b3470bd0c280d63d02b45adfe7360441b396e9bd445d7b0d22823356
+    resources:
+      requests:
+        cpu: 10m
+        memory: 40Mi
+      limits:
+        cpu: null
+        memory: null
+  postgresql:
+    enabled: false
+  externalDatabase:
+    host: sparkyfitness-postgresql-18-cluster-rw
+    port: 5432
+    database: app
+    auth:
+      existingSecret: sparkyfitness-postgresql-18-cluster-superuser
+postgres-18-cluster:
+  mode: recovery
+  cluster:
+    enableSuperuserAccess: true
+    initdb:
+      postInitTemplateSQL:
+        - CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+        - CREATE EXTENSION IF NOT EXISTS "pgcrypto";
+        - CREATE EXTENSION IF NOT EXISTS "pg_stat_statements";
+        - GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO "app" WITH GRANT OPTION;
+  recovery:
+    method: objectStore
+    objectStore:
+      index: 1
+  backup:
+    objectStore:
+      - name: garage-local
+        index: 1
+        destinationBucket: postgres-backups
+        externalSecretCredentialPath: /garage/home-infra/postgres-backups
+        isWALArchiver: true
+    scheduledBackups:
+      - name: live-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 16 * * *"
+        backupName: garage-local
+volsync-target-backup:
+  pvcTarget: sparkyfitness-server-backup
+  local:
+    enabled: true
+    schedule: 26 11 * * *
+  remote:
+    enabled: true
+    schedule: 26 12 * * *
+  external:
+    enabled: true
+    schedule: 26 13 * * *

clusters/cl01tl/helm/tdarr/values.yaml

@@ -12,7 +12,7 @@ tdarr:
         main:
           image:
             repository: ghcr.io/haveagitgat/tdarr
-            tag: 2.68.01@sha256:db9520315f83974cb5b8f2a8ed89a8a2be3d97d29575f54cbe4b5cc5e6daf5a5
+            tag: 2.69.01@sha256:29995d5fd044fd3e1493942970c42c6fdf9be0ded36ec3a527b2493f39a8c6df
           env:
             - name: TZ
               value: America/Chicago
@@ -68,7 +68,7 @@ tdarr:
         main:
           image:
             repository: ghcr.io/haveagitgat/tdarr_node
-            tag: 2.68.01@sha256:6359991d297ec23e2a5fe3a6b5b19c65d9eabdc63172d2cbe6aa576bbe5356c2
+            tag: 2.69.01@sha256:ab37d6a90a7f4654c6543117b923f3930e258e40e73f127ba34634082c722e8c
           env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/helm/vaultwarden/Chart.yaml

@@ -33,4 +33,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png
 # renovate: datasource=github-releases depName=dani-garcia/vaultwarden
-appVersion: 1.35.6
+appVersion: 1.35.7

clusters/cl01tl/helm/vaultwarden/values.yaml

@@ -8,7 +8,7 @@ vaultwarden:
         main:
           image:
             repository: ghcr.io/dani-garcia/vaultwarden
-            tag: 1.35.6@sha256:93072633c6b125628419097fc951d1ce448422a1af1d653805520a8ba90f6956
+            tag: 1.35.7@sha256:9a8eec71f4a52411cc43edc7a50f33e9b6f62b5baca0dd95f0c6e7fd60f1a341
           env:
             - name: DOMAIN
               value: https://passwords.alexlebens.dev

clusters/cl01tl/helm/whodb/Chart.yaml

@@ -19,4 +19,4 @@ dependencies:
     version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png
 # renovate: datasource=github-releases depName=clidey/whodb
-appVersion: 0.105.0
+appVersion: 0.106.0

clusters/cl01tl/helm/whodb/values.yaml

@@ -7,7 +7,7 @@ whodb:
         main:
           image:
             repository: clidey/whodb
-            tag: 0.105.0@sha256:f4c7139554ef65e162b88792b9d28f793d1b3e50c3838f3d35f37c05a1b51413
+            tag: 0.106.0@sha256:f872bfcdf2f1cd6d9e97fa4c5d8dd521636bea1bfc0efe0a27ab6c9c11137010
           env:
             - name: WHODB_OLLAMA_HOST
               value: ollama-server-2.ollama

clusters/cl01tl/helm/yamtrack/Chart.yaml

@@ -29,4 +29,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png
 # renovate: datasource=github-releases depName=FuzzyGrim/Yamtrack
-appVersion: 0.25.0
+appVersion: 0.25.2

clusters/cl01tl/helm/yamtrack/values.yaml

@@ -8,7 +8,7 @@ yamtrack:
         main:
           image:
             repository: ghcr.io/fuzzygrim/yamtrack
-            tag: 0.25.0@sha256:df76008258452a6cda73d971dc4ffbcbca96c5220154a02c9b70bf0bb0e24931
+            tag: 0.25.2@sha256:928df13c46c9f615b37f5ef1eb5a87fc8813f5941f28c7d8227af73d291b0d19
           env:
             - name: TZ
               value: America/Chicago

hosts/ps08rp/blocky/config.yml

@@ -83,6 +83,7 @@ customDNS:
     audiobookshelf                  IN      CNAME   traefik-cl01tl
     authentik                       IN      CNAME   traefik-cl01tl
     backrest                        IN      CNAME   traefik-cl01tl
+    bao                             IN      CNAME   traefik-cl01tl
     bazarr                          IN      CNAME   traefik-cl01tl
     ceph                            IN      CNAME   traefik-cl01tl
     dawarich                        IN      CNAME   traefik-cl01tl
@@ -118,6 +119,7 @@ customDNS:
     objects                         IN      CNAME   traefik-cl01tl
     ollama                          IN      CNAME   traefik-cl01tl
     omni-tools                      IN      CNAME   traefik-cl01tl
+    openbao                         IN      CNAME   traefik-cl01tl
     paperless-ngx                   IN      CNAME   traefik-cl01tl
     plex                            IN      CNAME   traefik-cl01tl
     postiz-spotlight                IN      CNAME   traefik-cl01tl
@@ -137,6 +139,7 @@ customDNS:
     sonarr                          IN      CNAME   traefik-cl01tl
     sonarr-4k                       IN      CNAME   traefik-cl01tl
     sonarr-anime                    IN      CNAME   traefik-cl01tl
+    sparkyfitness                   IN      CNAME   traefik-cl01tl
     stalwart                        IN      CNAME   traefik-cl01tl
     tdarr                           IN      CNAME   traefik-cl01tl
     tubearchivist                   IN      CNAME   traefik-cl01tl

hosts/ps09rp/blocky/config.yml

@@ -104,6 +104,7 @@ customDNS:
     audiobookshelf                  IN      CNAME   traefik-cl01tl
     authentik                       IN      CNAME   traefik-cl01tl
     backrest                        IN      CNAME   traefik-cl01tl
+    bao                             IN      CNAME   traefik-cl01tl
     bazarr                          IN      CNAME   traefik-cl01tl
     ceph                            IN      CNAME   traefik-cl01tl
     dawarich                        IN      CNAME   traefik-cl01tl
@@ -139,6 +140,7 @@ customDNS:
     objects                         IN      CNAME   traefik-cl01tl
     ollama                          IN      CNAME   traefik-cl01tl
     omni-tools                      IN      CNAME   traefik-cl01tl
+    openbao                         IN      CNAME   traefik-cl01tl
     paperless-ngx                   IN      CNAME   traefik-cl01tl
     plex                            IN      CNAME   traefik-cl01tl
     postiz-spotlight                IN      CNAME   traefik-cl01tl
@@ -158,6 +160,7 @@ customDNS:
     sonarr                          IN      CNAME   traefik-cl01tl
     sonarr-4k                       IN      CNAME   traefik-cl01tl
     sonarr-anime                    IN      CNAME   traefik-cl01tl
+    sparkyfitness                   IN      CNAME   traefik-cl01tl
     stalwart                        IN      CNAME   traefik-cl01tl
     tdarr                           IN      CNAME   traefik-cl01tl
     tubearchivist                   IN      CNAME   traefik-cl01tl

hosts/ps10rp/garage/compose.yaml

@@ -39,7 +39,7 @@ services:
             - /dev/net/tun:/dev/net/tun
 
     garage:
-        image: dxflrs/garage:v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
+        image: dxflrs/garage:v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
         container_name: garage
         env_file:
             - .env

hosts/ps10rp/isponsorblocktv/compose.yaml

@@ -1,7 +1,7 @@
 ---
 services:
     isponsorblocktv:
-        image: ghcr.io/dmunozv04/isponsorblocktv:v2.6.1@sha256:545856523283753ebcf4b400a46895b9906844be5265a0f4cab98a6b0bdf84be
+        image: ghcr.io/dmunozv04/isponsorblocktv:v2.7.0@sha256:ff292ed53c9208ebfa7da3be7084bd863339d545a799bfefed5092396f5e8b4b
         container_name: isponsorblocktv
         environment:
             - TZ=America/Chicago

renovate.json

@@ -89,10 +89,10 @@
     {
       "description": "Specific app grouping overrides",
       "matchPackageNames": [
-        "/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik)/",
+        "/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik)/",
         "/^rook(-ceph|/rook|/ceph)/"
       ],
-      "groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' depName}}}{{/if}}",
+      "groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' depName}}}{{/if}}",
       "groupSlug": "unified-{{{groupName}}}"
     },
     {