chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.2603.0

Merge branch 'main' of https://gitea.alexlebens.net/alexlebens/infrastructure
ci: merge actions digests
2026-03-22 03:40:24 +00:00 · 2026-03-21 22:39:02 -05:00 · 2026-03-21 22:38:57 -05:00 · 2026-03-22 03:34:00 +00:00 · 2026-03-22 03:29:40 +00:00 · 2026-03-21 22:28:34 -05:00
38 changed files with 178 additions and 146 deletions
--- a/.gitea/workflows/lint-test-docker.yaml
+++ b/.gitea/workflows/lint-test-docker.yaml
@@ -21,14 +21,14 @@ jobs:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
-        uses: GuillaumeFalourd/branch-exists@v1.1
+        uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
        with:
          branch: "${{ github.base_ref }}"

@@ -51,7 +51,7 @@ jobs:

      - name: Set Up Node.js
        if: steps.branch-exists.outputs.exists == 'true'
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
          node-version: '24'

@@ -120,7 +120,7 @@ jobs:
          echo "----"

      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
--- a/.gitea/workflows/lint-test-helm.yaml
+++ b/.gitea/workflows/lint-test-helm.yaml
@@ -28,14 +28,14 @@ jobs:
      changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
-        uses: GuillaumeFalourd/branch-exists@v1.1
+        uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
        with:
          branch: ${{ github.base_ref }}

@@ -58,7 +58,7 @@ jobs:

      - name: Set Up Helm
        if: steps.branch-exists.outputs.exists == 'true'
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          # renovate: datasource=github-releases depName=helm/helm
@@ -67,7 +67,7 @@ jobs:

      - name: Cache Helm Dependencies
        if: steps.branch-exists.outputs.exists == 'true'
-        uses: actions/cache@v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
        with:
          path: |
            ~/.cache/helm
@@ -209,7 +209,7 @@ jobs:
          exit $EXIT_CODE

      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
@@ -232,7 +232,7 @@ jobs:
      github.event_name == 'pull_request'
    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

@@ -257,7 +257,7 @@ jobs:
          echo "----"

      - name: Set Up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          # renovate: datasource=github-releases depName=helm/helm
@@ -265,7 +265,7 @@ jobs:
          cache: true

      - name: Cache Helm Dependencies
-        uses: actions/cache@v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
        with:
          path: |
            ~/.cache/helm
@@ -352,7 +352,7 @@ jobs:
          exit $EXIT_CODE

      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
--- a/.gitea/workflows/render-manifests.yaml
+++ b/.gitea/workflows/render-manifests.yaml
@@ -31,32 +31,32 @@ jobs:
      (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
    steps:
      - name: Checkout Main
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          path: infrastructure
          fetch-depth: 0

      - name: Checkout Manifests
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: manifests
          path: infrastructure-manifests

      - name: Set Up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
          cache: true

      - name: Configure Kubeconfig
-        uses: azure/k8s-set-context@v4
+        uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
        with:
          method: kubeconfig
          kubeconfig: ${{ secrets.KUBECONFIG }}

      - name: Cache Helm Dependencies
-        uses: actions/cache@v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
        with:
          path: |
            ~/.cache/helm
@@ -568,7 +568,7 @@ jobs:
          echo "----"

      - name: ntfy Created
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
        with:
          url: "${{ secrets.NTFY_URL }}"
@@ -582,7 +582,7 @@ jobs:
          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'

      - name: ntfy Updated
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
        with:
          url: "${{ secrets.NTFY_URL }}"
@@ -596,7 +596,7 @@ jobs:
          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'

      - name: ntfy Merged
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: steps.merge-changes.outputs.pull-request-operation == 'merged'
        with:
          url: "${{ secrets.NTFY_URL }}"
@@ -610,7 +610,7 @@ jobs:
          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'

      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: failure()
        with:
          url: "${{ secrets.NTFY_URL }}"
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -13,10 +13,10 @@ on:
 jobs:
  renovate:
    runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43
+    container: ghcr.io/renovatebot/renovate:43.84.2@sha256:92285747b3aac062a4f567762c272a12dce037843a20177a02c95b7c420e20cb
    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Renovate
        run: renovate
--- a/clusters/cl01tl/helm/argocd/values.yaml
+++ b/clusters/cl01tl/helm/argocd/values.yaml
@@ -55,14 +55,7 @@ argo-cd:
  server:
    replicas: 2
    extensions:
-      enabled: true
-      extensionList:
-        - name: extension-trivy
-          env:
-            - name: EXTENSION_URL
-              value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
-            - name: EXTENSION_CHECKSUM_URL
-              value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
+      enabled: false
    metrics:
      enabled: true
      serviceMonitor:
--- a/clusters/cl01tl/helm/blocky/values.yaml
+++ b/clusters/cl01tl/helm/blocky/values.yaml
@@ -98,7 +98,7 @@ blocky:

              traefik-cl01tl                  IN      A       10.232.1.21
              blocky                          IN      A       10.232.1.22
-              cilium-cl01tl                   IN      A       10.232.1.23
+              plex-lb                         IN      A       10.232.1.23


              ;; Application Names
--- a/clusters/cl01tl/helm/eraser/values.yaml
+++ b/clusters/cl01tl/helm/eraser/values.yaml
@@ -34,27 +34,7 @@ eraser:
        request:
          cpu: 100m
          memory: 128Mi
-        config: "" # |
-          # cacheDir: /var/lib/trivy
-          # dbRepo: ghcr.io/aquasecurity/trivy-db
-          # deleteFailedImages: true
-          # deleteEOLImages: true
-          # vulnerabilities:
-          #   ignoreUnfixed: true
-          #   types:
-          #     - os
-          #     - library
-          #   securityChecks:
-          #     - vuln
-          #   severities:
-          #     - CRITICAL
-          #     - HIGH
-          #     - MEDIUM
-          #     - LOW
-          #   ignoredStatuses:
-          # timeout:
-          #   total: 23h
-          #   perImage: 1h
+        config: ""
      remover:
        request:
          cpu: 10m
--- a/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
+++ b/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
@@ -377,25 +377,6 @@ spec:
  resyncPeriod: 1h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json

---
-apiVersion: grafana.integreatly.org/v1beta1
-kind: GrafanaDashboard
-metadata:
-  name: grafana-dashboard-trivy
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: grafana-dashboard-trivy
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  instanceSelector:
-    matchLabels:
-      app: grafana-main
-  contentCacheDuration: 1h
-  folderUID: grafana-folder-service
-  resyncPeriod: 1h
-  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
-
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
--- a/clusters/cl01tl/helm/headlamp/values.yaml
+++ b/clusters/cl01tl/helm/headlamp/values.yaml
@@ -25,9 +25,6 @@ headlamp:
        - name: cert-manager
          source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager
          version: 0.1.0
-        - name: trivy
-          source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy
-          version: 0.3.1
        - name: external-secrets-operator
          source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator
          version: 0.1.0-beta7
--- a/clusters/cl01tl/helm/houndarr/Chart.lock
+++ b/clusters/cl01tl/helm/houndarr/Chart.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.6.2
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+digest: sha256:375d6c2eb2f097717c44c5a28cb162da24f4ff154a971e5a68ccd0e0b77e936f
+generated: "2026-03-21T22:31:01.142752-05:00"
--- a/clusters/cl01tl/helm/houndarr/values.yaml
+++ b/clusters/cl01tl/helm/houndarr/values.yaml
@@ -14,6 +14,10 @@ houndarr:
          env:
            - name: TZ
              value: America/Chicago
+            - name: PUID
+              value: 1000
+            - name: PGID
+              value: 1000
            - name: HOUNDARR_SECURE_COOKIES
              value: true
            - name: HOUNDARR_TRUSTED_PROXIES
@@ -64,6 +68,11 @@ houndarr:
              readOnly: false
 volsync-target-data:
  pvcTarget: houndarr-data
+  moverSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+    fsGroupChangePolicy: OnRootMismatch
  local:
    enabled: true
    schedule: 40 11 * * *
--- a/clusters/cl01tl/helm/matrix-synapse/values.yaml
+++ b/clusters/cl01tl/helm/matrix-synapse/values.yaml
@@ -345,7 +345,7 @@ mautrix-whatsapp:
        main:
          image:
            repository: dock.mau.dev/mautrix/whatsapp
-            tag: v0.2602.0
+            tag: v0.2603.0
            pullPolicy: IfNotPresent
          resources:
            requests:
--- a/clusters/cl01tl/helm/music-grabber/values.yaml
+++ b/clusters/cl01tl/helm/music-grabber/values.yaml
@@ -9,7 +9,7 @@ music-grabber:
        main:
          image:
            repository: g33kphr33k/musicgrabber
-            tag: 2.4.6
+            tag: 2.5.0
            pullPolicy: IfNotPresent
          env:
            - name: MUSIC_DIR
--- a/clusters/cl01tl/helm/plex/values.yaml
+++ b/clusters/cl01tl/helm/plex/values.yaml
@@ -26,6 +26,7 @@ plex:
  service:
    main:
      controller: main
+      type: LoadBalancer
      ports:
        http:
          port: 32400
--- a/clusters/cl01tl/helm/shelfmark/Chart.yaml
+++ b/clusters/cl01tl/helm/shelfmark/Chart.yaml
@@ -23,4 +23,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp
 # renovate: datasource=github-releases depName=calibrain/shelfmark
-appVersion: v1.2.0
+appVersion: v1.2.1
--- a/clusters/cl01tl/helm/shelfmark/values.yaml
+++ b/clusters/cl01tl/helm/shelfmark/values.yaml
@@ -9,7 +9,7 @@ shelfmark:
        main:
          image:
            repository: ghcr.io/calibrain/shelfmark
-            tag: v1.2.0
+            tag: v1.2.1
            pullPolicy: IfNotPresent
          env:
            - name: FLASK_PORT
--- a/hosts/pd05wd/ollama/compose.yaml
+++ b/hosts/pd05wd/ollama/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-ollama:
-        image: ghcr.io/tailscale/tailscale:latest
+        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-ollama
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    ollama:
-        image: ollama/ollama:latest
+        image: ollama/ollama:latest@sha256:5a5d014aa774f78ebe1340c0d4afc2e35afc12a2c3b34c84e71f78ea20af4ba3
        container_name: ollama
        environment:
            - OLLAMA_KEEP_ALIVE=24h
--- a/hosts/pd05wd/stable-diffusion/compose.yaml
+++ b/hosts/pd05wd/stable-diffusion/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-stable-diffusion:
-        image: ghcr.io/tailscale/tailscale:latest
+        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-stable-diffusion
        cap_add:
            - net_admin
@@ -22,7 +22,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    stable-diffusion:
-        image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda
+        image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda@sha256:bc4b2b12ac8d030cc5daf25e2c32517709b7c15f59a32685c4c1a14a9606eb42
        container_name: stable-diffusion
        environment:
            - WEBUI_ARGS="--api --listen"
--- a/hosts/ps08rp/blocky/compose.yaml
+++ b/hosts/ps08rp/blocky/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-blocky:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-blocky
        cap_add:
            - net_admin
@@ -18,7 +18,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    blocky:
-        image: ghcr.io/0xerr0r/blocky:v0.29.0
+        image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
        container_name: blocky
        environment:
            - TZ=America/Chicago
--- a/hosts/ps08rp/blocky/config.yml
+++ b/hosts/ps08rp/blocky/config.yml
@@ -73,7 +73,7 @@ customDNS:

    traefik-cl01tl                  IN      A       10.232.1.21
    blocky                          IN      A       10.232.1.22
-    cilium-cl01tl                   IN      A       10.232.1.23
+    plex-lb                         IN      A       10.232.1.23


    ;; Application Names
--- a/hosts/ps08rp/node-exporter/compose.yaml
+++ b/hosts/ps08rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.10.2
+        image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps08rp/traefik/compose.yaml
+++ b/hosts/ps08rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.11
+        image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps09rp/blocky/compose.yaml
+++ b/hosts/ps09rp/blocky/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-blocky:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-blocky
        cap_add:
            - net_admin
@@ -18,7 +18,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    blocky:
-        image: ghcr.io/0xerr0r/blocky:v0.29.0
+        image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
        container_name: blocky
        environment:
            - TZ=America/Chicago
--- a/hosts/ps09rp/blocky/config.yml
+++ b/hosts/ps09rp/blocky/config.yml
@@ -94,7 +94,7 @@ customDNS:

    traefik-cl01tl                  IN      A       10.232.1.21
    blocky                          IN      A       10.232.1.22
-    cilium-cl01tl                   IN      A       10.232.1.23
+    plex-lb                         IN      A       10.232.1.23


    ;; Application Names
--- a/hosts/ps09rp/node-exporter/compose.yaml
+++ b/hosts/ps09rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.10.2
+        image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps09rp/traefik/compose.yaml
+++ b/hosts/ps09rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.11
+        image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps10rp/blocky/compose.yaml
+++ b/hosts/ps10rp/blocky/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-blocky:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-blocky
        cap_add:
            - net_admin
@@ -18,7 +18,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    blocky:
-        image: ghcr.io/0xerr0r/blocky:v0.29.0
+        image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
        container_name: blocky
        environment:
            - TZ=America/Chicago
--- a/hosts/ps10rp/castsponsorskip/compose.yaml
+++ b/hosts/ps10rp/castsponsorskip/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    castsponsorskip:
-        image: ghcr.io/gabe565/castsponsorskip:0.8.3
+        image: ghcr.io/gabe565/castsponsorskip:0.8.3@sha256:f556d274aab94c3140058e9f192396bc75e04d8e075769223c1edfc8c4f4daa4
        container_name: castsponsorskip
        environment:
            - TZ=America/Chicago
--- a/hosts/ps10rp/cloudflare-ddns/compose.yaml
+++ b/hosts/ps10rp/cloudflare-ddns/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    cloudflare-ddns:
-        image: favonia/cloudflare-ddns:1.15.1
+        image: favonia/cloudflare-ddns:1.15.1@sha256:a4e2089b3531eec8c9328c7a9a586f80e8d67dcd94856e0b596b7896e1de3f62
        container_name: cloudflare-ddns
        cap_drop:
            - all
--- a/hosts/ps10rp/garage/compose.yaml
+++ b/hosts/ps10rp/garage/compose.yaml
@@ -1,6 +1,6 @@
 services:
    tailscale-garage:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-garage
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    tailscale-garage-ui:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-garage-ui
        cap_add:
            - net_admin
@@ -39,7 +39,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    garage:
-        image: dxflrs/garage:v2.2.0
+        image: dxflrs/garage:v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
        container_name: garage
        env_file:
            - .env
@@ -54,7 +54,7 @@ services:
            - data:/var/lib/garage/data

    garage-ui:
-        image: khairul169/garage-webui:1.1.0
+        image: khairul169/garage-webui:1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c
        container_name: garage-ui
        env_file:
            - .env
--- a/hosts/ps10rp/gitea/compose.yaml
+++ b/hosts/ps10rp/gitea/compose.yaml
@@ -1,6 +1,6 @@
 services:
    tailscale-gitea:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-gitea
        cap_add:
            - net_admin
@@ -19,7 +19,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    postgresql:
-        image: docker.io/postgres:18.1-alpine3.21
+        image: docker.io/postgres:18.1-alpine3.21@sha256:44d837eb4c2ed263474a95f0cc24745413c50924df60dd73ed6c4c3e36b84259
        container_name: gitea-postgres
        env_file:
            - .env
@@ -33,7 +33,7 @@ services:
            - postgresql18:/var/lib/postgresql

    gitea:
-        image: gitea/gitea:1.25.5
+        image: gitea/gitea:1.25.5@sha256:f846d26a4fc389c5806a580a765e00bfdd1fd181e6f2060da98ea2669d914472
        container_name: gitea
        depends_on:
            - postgresql
--- a/hosts/ps10rp/homepage/compose.yaml
+++ b/hosts/ps10rp/homepage/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-homepage:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-homepage
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    dockerproxy:
-        image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.2
+        image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.2@sha256:1f3a6f303320723d199d2316a3e82b2e2685d86c275d5e3deeaf182573b47476
        container_name: homepage-dockerproxy
        environment:
            - CONTAINERS=1
@@ -32,7 +32,7 @@ services:
            - /var/run/docker.sock:/var/run/docker.sock:ro

    homepage:
-        image: ghcr.io/gethomepage/homepage:v1.11.0
+        image: ghcr.io/gethomepage/homepage:v1.11.0@sha256:b129cb0f674bd6d204e215bde2c2fc3f11d6ad0e82f6d20007cf80f74e1acbb1
        container_name: homepage
        labels:
            traefik.enable: true
--- a/hosts/ps10rp/isponsorblocktv/compose.yaml
+++ b/hosts/ps10rp/isponsorblocktv/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    isponsorblocktv:
-        image: ghcr.io/dmunozv04/isponsorblocktv:v2.6.1
+        image: ghcr.io/dmunozv04/isponsorblocktv:v2.6.1@sha256:545856523283753ebcf4b400a46895b9906844be5265a0f4cab98a6b0bdf84be
        container_name: isponsorblocktv
        environment:
            - TZ=America/Chicago
--- a/hosts/ps10rp/komodo-periphery/compose.yaml
+++ b/hosts/ps10rp/komodo-periphery/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-komodo-periphery:
-        image: ghcr.io/tailscale/tailscale:latest
+        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-komodo-periphery
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    komodo-periphery:
-        image: ghcr.io/moghtech/komodo-periphery:latest
+        image: ghcr.io/moghtech/komodo-periphery:latest@sha256:bd79cf960ed054fe8e02384322303e462448679b1149dde48bbef151417255b1
        container_name: komodo-periphery
        env_file:
            - .env
--- a/hosts/ps10rp/node-exporter/compose.yaml
+++ b/hosts/ps10rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-node-exporter:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-node-exporter
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.10.2
+        image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps10rp/tailscale-subnet/compose.yaml
+++ b/hosts/ps10rp/tailscale-subnet/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-subnet
        cap_add:
            - net_admin
--- a/hosts/ps10rp/traefik/compose.yaml
+++ b/hosts/ps10rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-traefik:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-traefik
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.11
+        image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/renovate.json
+++ b/renovate.json
@@ -5,6 +5,14 @@
    "mergeConfidence:all-badges",
    ":rebaseStalePrs"
  ],
+  "timezone": "America/Chicago",
+  "labels": [],
+  "prHourlyLimit": 0,
+  "prConcurrentLimit": 0,
+  "pinDigests": true,
+  "baseBranchPatterns": [
+    "main"
+  ],
  "customManagers": [
    {
      "description": "Update appVersion in Chart.yaml",
@@ -23,7 +31,7 @@
        "/(^|/)templates/.*\\.yaml$/"
      ],
      "matchStrings": [
-        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+tag: (?<currentValue>.*)"
+        "# renovate: datasource=(?<datasource>[^\\s]+)\\s+depName=(?<depName>[^\\s]+)\\s+tag:\\s*[\"']?(?<currentValue>[^@\"'\\s\n]+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\"']?"
      ]
    },
    {
@@ -53,14 +61,30 @@
      "versioningTemplate": "semver"
    }
  ],
-  "timezone": "US/Central",
-  "labels": [],
-  "prHourlyLimit": 0,
-  "prConcurrentLimit": 0,
-  "baseBranchPatterns": [
-    "main"
-  ],
  "packageRules": [
+    {
+      "description": "Disable updates to digests",
+      "matchUpdateTypes": [
+        "digest"
+      ],
+      "enabled": false
+    },
+    {
+      "description": "Automerge digests for actions",
+      "matchManagers": [
+        "github-actions"
+      ],
+      "matchUpdateTypes": [
+        "digest"
+      ],
+      "addLabels": [
+        "actions",
+        "automerge"
+      ],
+      "enabled": true,
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
    {
      "description": "Label charts",
      "matchDatasources": [
@@ -102,20 +126,7 @@
      "automergeType": "branch"
    },
    {
-      "description": "Label images, helm",
-      "matchManagers": [
-        "custom.regex",
-        "helm-values"
-      ],
-      "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
-      "groupSlug": "unified-{{{groupName}}}",
-      "addLabels": [
-        "image"
-      ],
-      "automerge": false
-    },
-    {
-      "description": "Label images, docker",
+      "description": "Label images",
      "matchDatasources": [
        "docker"
      ],
@@ -125,17 +136,14 @@
      "automerge": false
    },
    {
-      "description": "Automerge image patches, helm",
+      "description": "Automerge image patches",
      "matchUpdateTypes": [
        "patch",
-        "digest"
+        "pinDigest"
      ],
-      "matchManagers": [
-        "custom.regex",
-        "helm-values"
+      "matchDatasources": [
+        "docker"
      ],
-      "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
-      "groupSlug": "unified-{{{groupName}}}",
      "addLabels": [
        "image",
        "automerge"
@@ -144,14 +152,68 @@
      "minimumReleaseAge": "1 days"
    },
    {
-      "description": "Automerge image patches, docker",
+      "description": "Automerge images, specific packages",
      "matchUpdateTypes": [
        "patch",
+        "minor"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchPackageNames": [
+        "ghcr.io/renovatebot/renovate"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge digest updates, specific packages",
+      "matchUpdateTypes": [
        "digest"
      ],
      "matchDatasources": [
        "docker"
      ],
+      "matchPackageNames": [
+        "searxng/searxng"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "enabled": true,
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Label appVersion and images, merged",
+      "matchManagers": [
+        "custom.regex",
+        "helm-values"
+      ],
+      "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
+      "groupSlug": "unified-{{{groupName}}}",
+      "addLabels": [
+        "image"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "Automerge appVersion and images, merged",
+      "matchUpdateTypes": [
+        "patch",
+        "pinDigest"
+      ],
+      "matchManagers": [
+        "custom.regex",
+        "helm-values"
+      ],
+      "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
+      "groupSlug": "unified-{{{groupName}}}",
      "addLabels": [
        "image",
        "automerge"
Author	SHA1	Message	Date
Renovate Bot	ac3f7ce225	chore(deps): update dock.mau.dev/mautrix/whatsapp docker tag to v0.2603.0 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 27s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 40s Details	2026-03-22 03:40:24 +00:00
Alex Lebens	8b5209fc4f	Merge branch 'main' of https://gitea.alexlebens.net/alexlebens/infrastructure All checks were successful renovate / renovate (push) Successful in 1m42s Details	2026-03-21 22:39:02 -05:00
Alex Lebens	e95924a9e9	ci: merge actions digests	2026-03-21 22:38:57 -05:00
Alex Lebens	702ed26cd5	tmp/houndarr (#4972 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 24s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m7s Details Reviewed-on: #4972	2026-03-22 03:34:00 +00:00
Renovate Bot	1093fdd93a	chore(deps): pin dependencies (#4970 ) All checks were successful renovate / renovate (push) Successful in 2m6s Details This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [ghcr.io/renovatebot/renovate](https://renovatebot.com) ([source](https://github.com/renovatebot/renovate)) \| container \| pinDigest \| → `9228574` \| \| [niniyas/ntfy-action](https://github.com/niniyas/ntfy-action) \| action \| pinDigest \| → `96acac5` \| --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44NC4yIiwidXBkYXRlZEluVmVyIjoiNDMuODQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4970 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-22 03:29:40 +00:00
Alex Lebens	1afae8052c	ci: add pin to automerge Some checks failed renovate / renovate (push) Failing after 1s Details	2026-03-21 22:28:34 -05:00
Alex Lebens	e1aee94515	ci: update descriptions Some checks failed renovate / renovate (push) Has been cancelled Details	2026-03-21 22:25:18 -05:00
Alex Lebens	bef2ff5c44	feat: give plex an lb (#4969 ) Some checks failed lint-test-helm / lint-helm (push) Successful in 1m16s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details lint-test-docker / lint-docker-compose (push) Successful in 1m11s Details Reviewed-on: #4969	2026-03-22 03:23:36 +00:00
Alex Lebens	c32f993351	feat: automerge renovate All checks were successful renovate / renovate (push) Successful in 3m44s Details	2026-03-21 22:13:58 -05:00
Renovate Bot	46922a6230	chore(deps): pin dependencies (#4968 ) Some checks failed renovate / renovate (push) Failing after 7s Details lint-test-docker / lint-docker-compose (push) Successful in 43s Details This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [GuillaumeFalourd/branch-exists](https://github.com/GuillaumeFalourd/branch-exists) \| action \| pinDigest \| → `0092904` \| \| [actions/cache](https://github.com/actions/cache) \| action \| pinDigest \| → `6682284` \| \| [actions/checkout](https://github.com/actions/checkout) \| action \| pinDigest \| → `de0fac2` \| \| [actions/setup-node](https://github.com/actions/setup-node) \| action \| pinDigest \| → `53b8394` \| \| [azure/k8s-set-context](https://github.com/azure/k8s-set-context) \| action \| pinDigest \| → `ae59a72` \| \| [azure/setup-helm](https://github.com/azure/setup-helm) \| action \| pinDigest \| → `1a275c3` \| \| docker.io/postgres \| \| pinDigest \| → `44d837e` \| \| dxflrs/garage \| \| pinDigest \| → `45a61ce` \| \| [favonia/cloudflare-ddns](https://github.com/favonia/cloudflare-ddns) \| \| pinDigest \| → `a4e2089` \| \| [ghcr.io/0xerr0r/blocky](https://github.com/0xERR0R/blocky) \| \| pinDigest \| → `a6d99f3` \| \| ghcr.io/ai-dock/stable-diffusion-webui \| \| pinDigest \| → `bc4b2b1` \| \| [ghcr.io/dmunozv04/isponsorblocktv](https://github.com/dmunozv04/iSponsorBlockTV) \| \| pinDigest \| → `5458565` \| \| ghcr.io/gabe565/castsponsorskip \| \| pinDigest \| → `f556d27` \| \| [ghcr.io/gethomepage/homepage](https://github.com/gethomepage/homepage) \| \| pinDigest \| → `b129cb0` \| \| ghcr.io/moghtech/komodo-periphery \| \| pinDigest \| → `bd79cf9` \| \| [ghcr.io/renovatebot/renovate](https://renovatebot.com) ([source](https://github.com/renovatebot/renovate)) \| container \| pinDigest \| → `9228574` \| \| [ghcr.io/tailscale/tailscale](https://tailscale.com/kb/1282/docker) ([source](https://github.com/tailscale/tailscale)) \| \| pinDigest \| → `95e5287` \| \| ghcr.io/tailscale/tailscale \| \| pinDigest \| → `95e5287` \| \| [ghcr.io/tecnativa/docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy) \| \| pinDigest \| → `1f3a6f3` \| \| [ghcr.io/traefik/traefik](https://hub.docker.com/_/traefik) ([source](https://github.com/traefik/traefik-library-image)) \| \| pinDigest \| → `acfc806` \| \| [gitea/gitea](https://github.com/go-gitea/gitea) \| \| pinDigest \| → `f846d26` \| \| khairul169/garage-webui \| \| pinDigest \| → `17c7935` \| \| ollama/ollama \| \| pinDigest \| → `5a5d014` \| \| quay.io/prometheus/node-exporter \| \| pinDigest \| → `337ff1d` \| --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4968 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-22 03:06:54 +00:00
Alex Lebens	9cdd5e85c4	feat: change tz All checks were successful renovate / renovate (push) Successful in 2m13s Details	2026-03-21 22:02:40 -05:00
Alex Lebens	589c24d3f2	feat: change order All checks were successful renovate / renovate (push) Successful in 1m57s Details	2026-03-21 21:57:44 -05:00
Alex Lebens	85b91e9a6b	feat: update renovate Some checks failed renovate / renovate (push) Has been cancelled Details	2026-03-21 21:54:42 -05:00
Alex Lebens	0811d84ef1	feat: remove trivy dashboards (#4966 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 30s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m47s Details Reviewed-on: #4966	2026-03-21 23:21:07 +00:00
Renovate Bot	50b7e8e647	chore(deps): update g33kphr33k/musicgrabber docker tag to v2.5.0 (#4964 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 20s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m23s Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| g33kphr33k/musicgrabber \| minor \| `2.4.6` → `2.5.0` \| --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4964 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-21 19:18:08 +00:00
Renovate Bot	f570ecc606	chore(deps): update av1155/houndarr to v1.6.0 (#4962 ) Some checks failed lint-test-helm / lint-helm (push) Successful in 14s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [av1155/houndarr](https://github.com/av1155/houndarr) \| minor \| `v1.5.0` → `v1.6.0` \| \| [ghcr.io/av1155/houndarr](https://github.com/av1155/houndarr) \| minor \| `v1.5.0` → `v1.6.0` \| --- ### Release Notes <details> <summary>av1155/houndarr (av1155/houndarr)</summary> ### [`v1.6.0`](https://github.com/av1155/houndarr/releases/tag/v1.6.0) [Compare Source](https://github.com/av1155/houndarr/compare/v1.5.0...v1.6.0) ##### Added - Opt-in upgrade search pass that periodically re-searches library items which already have a file and meet the quality cutoff, giving each `arr` instance a chance to find better releases; each instance has independent batch size, cooldown, and hourly cap controls ([#266](https://github.com/av1155/houndarr/issues/266)). ##### Changed - A 3-second pause is now inserted between consecutive real searches within the same cycle to spread downstream indexer fan-out; the delay applies only to dispatched searches, not to skipped or errored items ([#272](https://github.com/av1155/houndarr/issues/272)). ##### Fixed - Navigating to the settings help page via the "What do these settings mean?" link inside the instance modal no longer leaves the page scroll-locked until refresh ([#268](https://github.com/av1155/houndarr/issues/268)). - Instance modal on mobile no longer briefly appears compact before expanding; the dialog now animates in fully populated ([#268](https://github.com/av1155/houndarr/issues/268)). - Dashboard instance cards now enter with a smooth container-level fade that matches the shell animation instead of a per-card flash ([#268](https://github.com/av1155/houndarr/issues/268)). </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore*: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4962 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-21 19:17:16 +00:00
Renovate Bot	f8b9af1027	chore(deps): update calibrain/shelfmark to v1.2.1 (#4961 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 22s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m19s Details	2026-03-21 17:02:27 +00:00