Update ghcr.io/sarperavci/cloudflarebypassforscraping:latest Docker digest to f113570 (#2050)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/postgres | minor | `17.6-alpine3.21` -> `17.7-alpine3.21` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0Mi41LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImltYWdlIl19-->

Reviewed-on: #2044
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

clusters/cl01tl/applications/booklore/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: booklore
+version: 1.0.0
+description: booklore
+keywords:
+  - booklore
+  - books
+home: https://wiki.alexlebens.dev/
+sources:
+  - https://github.com/booklore-app/BookLore
+  - https://github.com/booklore-app/booklore/pkgs/container/booklore
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: booklore
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.4.0
+  - name: mariadb-cluster
+    version: 25.10.2
+    repository: https://helm.mariadb.com/mariadb-operator
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
+appVersion: v.1.10.0

clusters/cl01tl/applications/booklore/templates/external-secret.yaml

@@ -0,0 +1,108 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-database-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-database-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/booklore/database
+        metadataPolicy: None
+        property: password
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-config-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-config-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-config"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: S3_BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: AWS_DEFAULT_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: secret_key
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-mariadb-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: access-key-id
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/mariadb-backups
+        metadataPolicy: None
+        property: access
+    - secretKey: secret-access-key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/mariadb-backups
+        metadataPolicy: None
+        property: secret

clusters/cl01tl/applications/booklore/templates/http-route.yaml

@@ -0,0 +1,28 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-booklore
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-booklore
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - booklore.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: booklore
+          port: 80
+          weight: 100

clusters/cl01tl/applications/booklore/templates/persistent-volume-claim.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: booklore-books-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-books-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: booklore-books-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: booklore-books-import-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-books-import-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: booklore-books-import-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/booklore/templates/persistent-volume.yaml

@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: booklore-books-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-books-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage/Books
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: booklore-books-import-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-books-import-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage/Books Import
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/booklore/templates/replication-source.yaml

@@ -0,0 +1,26 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: booklore-config-backup-source
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-config-backup-source
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  sourcePVC: booklore-config
+  trigger:
+    schedule: 0 4 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: booklore-config-backup-secret
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 10Gi

clusters/cl01tl/applications/booklore/values.yaml

@@ -0,0 +1,123 @@
+booklore:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: ghcr.io/booklore-app/booklore
+            tag: v1.10.0
+            pullPolicy: IfNotPresent
+          env:
+            - name: TZ
+              value: America/Chicago
+            - name: DATABASE_URL
+              value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore
+            - name: DATABASE_USERNAME
+              value: booklore
+            - name: DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: booklore-database-secret
+                  key: password
+            - name: BOOKLORE_PORT
+              value: 6060
+            - name: SWAGGER_ENABLED
+              value: false
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 80
+          targetPort: 6060
+          protocol: HTTP
+  persistence:
+    config:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 5Gi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /app/data
+              readOnly: false
+    books:
+      existingClaim: booklore-books-nfs-storage
+      advancedMounts:
+        main:
+          main:
+            - path: /books
+              readOnly: false
+    books-import:
+      existingClaim: booklore-books-import-nfs-storage
+      advancedMounts:
+        main:
+          main:
+            - path: /bookdrop
+              readOnly: false
+mariadb-cluster:
+  mariadb:
+    rootPasswordSecretKeyRef:
+      generate: false
+      name: booklore-database-secret
+      key: password
+    storage:
+      size: 5Gi
+    replicas: 3
+    galera:
+      enabled: true
+  databases:
+    - name: booklore
+      characterSet: utf8
+      collate: utf8_general_ci
+      cleanupPolicy: Delete
+      requeueInterval: 10h
+  users:
+    - name: booklore
+      passwordSecretKeyRef:
+        name: booklore-database-secret
+        key: password
+      host: '%'
+      cleanupPolicy: Delete
+      requeueInterval: 10h
+      retryInterval: 30s
+  grants:
+    - name: booklore
+      privileges:
+        - "ALL PRIVILEGES"
+      database: "booklore"
+      table: "*"
+      username: booklore
+      grantOption: true
+      host: '%'
+      cleanupPolicy: Delete
+      requeueInterval: 10h
+      retryInterval: 30s
+  backups:
+    - name: backup
+      schedule:
+        cron: "0 0 * * *"
+        suspend: true
+      compression: gzip
+      maxRetention: 720h # 30 days
+      storage:
+        s3:
+          bucket: mariadb-backups-b230a2f5aecf080a4b372c08
+          prefix: cl01tl
+          endpoint: https://nyc3.digitaloceanspaces.com
+          region:  us-east-1
+          accessKeyIdSecretKeyRef:
+            name: booklore-mariadb-cluster-backup-secret
+            key: access-key-id
+          secretAccessKeySecretKeyRef:
+            name: booklore-mariadb-cluster-backup-secret
+            key: secret-access-key

clusters/cl01tl/applications/calibre-web-automated/values.yaml

@@ -55,7 +55,7 @@ calibre-web-automated:
         bypass:
           image:
             repository: ghcr.io/sarperavci/cloudflarebypassforscraping
-            tag: latest@sha256:15675e4e5cb65c69de52edb491b1b82d76f815250745a0d4cebd91e5e53a87f8
+            tag: latest@sha256:f113570afd4924f10338890571a75e662d5d1b7deed7696ac40f7e063688eb48
             pullPolicy: IfNotPresent
           resources:
             requests:

clusters/cl01tl/applications/ephemera/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: ephemera
+version: 1.0.0
+description: ephemera
+keywords:
+  - ephemera
+  - books
+home: https://wiki.alexlebens.dev/
+sources:
+  - https://github.com/OrwellianEpilogue/ephemera
+  - https://github.com/FlareSolverr/FlareSolverr
+  - https://github.com/orwellianepilogue/ephemera/pkgs/container/ephemera
+  - https://github.com/flaresolverr/FlareSolverr/pkgs/container/flaresolverr
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: ephemera
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.4.0
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png
+appVersion: 1.3.1

clusters/cl01tl/applications/ephemera/templates/external-secret.yaml

@@ -0,0 +1,78 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: ephemera-key-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ephemera-key-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ephemera/config
+        metadataPolicy: None
+        property: key
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: ephemera-config-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ephemera-config-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ephemera/ephemera-config"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: S3_BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: AWS_DEFAULT_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/ephemera/templates/http-route.yaml

@@ -0,0 +1,28 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-ephemera
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-ephemera
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - ephemera.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: ephemera
+          port: 80
+          weight: 100

clusters/cl01tl/applications/ephemera/templates/persistent-volume-claim.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ephemera-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ephemera-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: ephemera-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/ephemera/templates/persistent-volume.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: ephemera-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ephemera-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage/Books Import
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/ephemera/templates/replication-source.yaml

@@ -0,0 +1,26 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: ephemera-config-backup-source
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ephemera-config-backup-source
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  sourcePVC: ephemera-config
+  trigger:
+    schedule: 0 4 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: ephemera-config-backup-secret
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 10Gi

clusters/cl01tl/applications/ephemera/values.yaml

@@ -0,0 +1,118 @@
+ephemera:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: ghcr.io/orwellianepilogue/ephemera
+            tag: 1.3.1
+            pullPolicy: IfNotPresent
+          env:
+            - name: AA_BASE_URL
+              value: 8080
+            - name: AA_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: ephemera-key-secret
+                  key: key
+            - name: FLARESOLVERR_URL
+              value: http://127.0.0.1:8191
+            - name: LG_BASE_URL
+              value: https://gen.com
+            - name: PUID
+              value: 0
+            - name: PGID
+              value: 0
+          probes:
+            liveness:
+              enabled: true
+              custom: true
+              spec:
+                exec:
+                  command:
+                  - CMD
+                  - wget
+                  - --no-verbose
+                  - --tries=1
+                  - --spider
+                  - http://127.0.0.1:8286/health
+                failureThreshold: 5
+                initialDelaySeconds: 60
+                periodSeconds: 10
+                successThreshold: 1
+                timeoutSeconds: 10
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+        flaresolverr:
+          image:
+            repository: ghcr.io/flaresolverr/flaresolverr
+            tag: v3.4.5
+            pullPolicy: IfNotPresent
+          env:
+            - name: LOG_LEVEL
+              value: info
+            - name: LOG_HTML
+              value: false
+            - name: CAPTCHA_SOLVER
+              value: none
+            - name: TZ
+              value: America/Chicago
+          probes:
+            liveness:
+              enabled: true
+              custom: true
+              spec:
+                exec:
+                  command:
+                  - CMD
+                  - curl
+                  - -f
+                  - http://127.0.0.1:8191/health
+                failureThreshold: 5
+                initialDelaySeconds: 60
+                periodSeconds: 10
+                successThreshold: 1
+                timeoutSeconds: 10
+          resources:
+            requests:
+              cpu: 10m
+              memory: 128Mi
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 80
+          targetPort: 8286
+          protocol: HTTP
+  persistence:
+    config:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 5Gi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /app/data
+              readOnly: false
+    cache:
+      type: emptyDir
+      advancedMounts:
+        main:
+          main:
+            - path: /app/downloads
+              readOnly: false
+    books-import:
+      existingClaim: ephemera-nfs-storage
+      advancedMounts:
+        main:
+          main:
+            - path: /app/ingest
+              readOnly: false

clusters/cl01tl/applications/homepage/values.yaml

@@ -76,6 +76,9 @@ homepage:
             - Storage:
                 tab: Services
                 icon: mdi-database-#ffffff
+            - Servarr:
+                tab: Services
+                icon: mdi-multimedia-#ffffff
             - TV Shows:
                 tab: Servarr
                 icon: mdi-television-#ffffff
@@ -85,9 +88,9 @@ homepage:
             - Music:
                 tab: Servarr
                 icon: mdi-music-box-multiple-#ffffff
-            - Services (Servarr):
+            - Books:
                 tab: Servarr
-                icon: mdi-radar-#ffffff
+                icon: mdi-book-open-variant-#ffffff
             - External Services:
                 tab: Bookmarks
                 icon: mdi-cloud-#ffffff
@@ -180,6 +183,12 @@ homepage:
                   href: https://calibre.alexlebens.net
                   siteMonitor: http://calibre-web-automated-main.calibre-web-automated:8083
                   statusStyle: dot
+              - Books (Booklore):
+                  icon: sh-booklore.webp
+                  description: Booklore
+                  href: https://booklore.alexlebens.net
+                  siteMonitor: http://booklore.booklore:80
+                  statusStyle: dot
           - Public:
               - Site:
                   icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
@@ -528,6 +537,44 @@ homepage:
                   href: https://backrest.alexlebens.net
                   siteMonitor: http://backrest.backrest:80
                   statusStyle: dot
+          - Servarr:
+              - qUI:
+                  icon: https://raw.githubusercontent.com/autobrr/qui/8487c818886df9abb2b1456f43b54e0ba180a2bd/web/public/icons.svg
+                  description: qbitorrent
+                  href: https://qui.alexlebens.net
+                  siteMonitor: http://qbittorrent-qui.qbittorrent:80
+                  statusStyle: dot
+                  widget:
+                    type: qbittorrent
+                    url: http://qbittorrent.qbittorrent:8080
+                    enableLeechProgress: true
+              - Prowlarr:
+                  icon: sh-prowlarr.webp
+                  description: Indexers
+                  href: https://prowlarr.alexlebens.net
+                  siteMonitor: http://prowlarr.prowlarr:80
+                  statusStyle: dot
+              - Huntarr:
+                  icon: https://raw.githubusercontent.com/plexguide/Huntarr.io/main/frontend/static/logo/128.png
+                  description: Content upgrader
+                  href: https://huntarr.alexlebens.net
+                  siteMonitor: http://huntarr.huntarr:80
+                  statusStyle: dot
+              - Bazarr:
+                  icon: sh-bazarr.webp
+                  description: Subtitles
+                  href: https://bazarr.alexlebens.net
+                  siteMonitor: http://bazarr.bazarr:80
+                  statusStyle: dot
+              - Tdarr:
+                  icon: sh-tdarr.webp
+                  description: Media transcoding and health checks
+                  href: https://tdarr.alexlebens.net
+                  siteMonitor: http://tdarr-web.tdarr:8265
+                  statusStyle: dot
+                  widget:
+                    type: tdarr
+                    url: http://tdarr-web.tdarr:8265
           - TV Shows:
               - Sonarr:
                   icon: sh-sonarr.webp
@@ -638,50 +685,25 @@ homepage:
                   href: https://slskd.alexlebens.net
                   siteMonitor: http://slskd.slskd:5030
                   statusStyle: dot
-          - Services (Servarr):
-              - qUI:
-                  icon: https://raw.githubusercontent.com/autobrr/qui/8487c818886df9abb2b1456f43b54e0ba180a2bd/web/public/icons.svg
-                  description: qbitorrent
-                  href: https://qui.alexlebens.net
-                  siteMonitor: http://qbittorrent-qui.qbittorrent:80
-                  statusStyle: dot
-                  widget:
-                    type: qbittorrent
-                    url: http://qbittorrent.qbittorrent:8080
-                    enableLeechProgress: true
-              - Prowlarr:
-                  icon: sh-prowlarr.webp
-                  description: Indexers
-                  href: https://prowlarr.alexlebens.net
-                  siteMonitor: http://prowlarr.prowlarr:80
-                  statusStyle: dot
-              - Bazarr:
-                  icon: sh-bazarr.webp
-                  description: Indexers
-                  href: https://bazarr.alexlebens.net
-                  siteMonitor: http://bazarr.bazarr:80
-                  statusStyle: dot
-              - Huntarr:
-                  icon: https://raw.githubusercontent.com/plexguide/Huntarr.io/main/frontend/static/logo/128.png
-                  description: Indexers
-                  href: https://huntarr.alexlebens.net
-                  siteMonitor: http://huntarr.huntarr:80
+          - Books:
+              - Ephemera:
+                  icon: sh-ephemera.webp
+                  description: Books
+                  href: https://ephemera.alexlebens.net
+                  siteMonitor: http://ephemera.ephemera:80
                   statusStyle: dot
               - CWA Downloader:
-                  icon: sh-calibre.webp
-                  description: Calibre Web Automated Book Downloader
+                  icon: sh-cwa-book-downloader.webp
+                  description: Books
                   href: https://calibre-downloader.alexlebens.net
                   siteMonitor: http://calibre-web-automated-downloader.calibre-web-automated:8084
                   statusStyle: dot
-              - Tdarr:
-                  icon: sh-tdarr.webp
-                  description: Media transcoding and health checks
-                  href: https://tdarr.alexlebens.net
-                  siteMonitor: http://tdarr-web.tdarr:8265
+              - Listenarr:
+                  icon: sh-audiobookrequest.webp
+                  description: Audiobooks
+                  href: https://listenarr.alexlebens.net
+                  siteMonitor: http://listenarr.listenarr:80
                   statusStyle: dot
-                  widget:
-                    type: tdarr
-                    url: http://tdarr-web.tdarr:8265
           - Other Homes:
               - Dev:
                   icon: sh-homepage.webp

clusters/cl01tl/applications/listenarr/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: listenarr
+version: 1.0.0
+description: Listenarr
+keywords:
+  - listenarr
+  - audiobooks
+home: https://wiki.alexlebens.dev/
+sources:
+  - https://github.com/therobbiedavis/Listenarr
+  - https://hub.docker.com/r/therobbiedavis/listenarr
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: listenarr
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.4.0
+appVersion: 0.2.35

clusters/cl01tl/applications/listenarr/templates/http-route.yaml

@@ -0,0 +1,28 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-listenarr
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-listenarr
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - listenarr.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: listenarr
+          port: 80
+          weight: 100

clusters/cl01tl/applications/listenarr/templates/persistent-volume-claim.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: listenarr-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: listenarr-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: listenarr-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/applications/listenarr/templates/persistent-volume.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: listenarr-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: listenarr-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage/Audiobooks
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

clusters/cl01tl/applications/listenarr/values.yaml

@@ -0,0 +1,46 @@
+listenarr:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: therobbiedavis/listenarr
+            tag: canary-0.2.35
+            pullPolicy: IfNotPresent
+          env:
+            - name: LISTENARR_PUBLIC_URL
+              value: https://listenarr.alexlebens.net
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 80
+          targetPort: 5000
+          protocol: HTTP
+  persistence:
+    config:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 5Gi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /app/config
+              readOnly: false
+    media:
+      existingClaim: listenarr-nfs-storage
+      advancedMounts:
+        main:
+          main:
+            - path: /data
+              readOnly: true

clusters/cl01tl/deployment/stack/values.yaml

@@ -100,6 +100,11 @@ applicationSet:
       syncOptions:
         serverSideApply: true
   - name: storage
+    ignoreDifferences:
+      - group: ""
+        kind: Service
+        jqPathExpressions:
+          - .spec.externalName
     syncPolicy:
       automated:
         prune: true

clusters/cl01tl/services/blocky/values.yaml

@@ -111,10 +111,12 @@ blocky:
               authentik                       IN      CNAME   traefik-cl01tl
               backrest                        IN      CNAME   traefik-cl01tl
               bazarr                          IN      CNAME   traefik-cl01tl
+              booklore                        IN      CNAME   traefik-cl01tl
               calibre                         IN      CNAME   traefik-cl01tl
               calibre-downloader              IN      CNAME   traefik-cl01tl
               ceph                            IN      CNAME   traefik-cl01tl
               code-server                     IN      CNAME   traefik-cl01tl
+              ephemera                        IN      CNAME   traefik-cl01tl
               garage-s3                       IN      CNAME   traefik-cl01tl
               garage-webui                    IN      CNAME   traefik-cl01tl
               gatus                           IN      CNAME   traefik-cl01tl
@@ -135,6 +137,7 @@ blocky:
               kronic                          IN      CNAME   traefik-cl01tl
               lidarr                          IN      CNAME   traefik-cl01tl
               lidatube                        IN      CNAME   traefik-cl01tl
+              listenarr                       IN      CNAME   traefik-cl01tl
               mail                            IN      CNAME   traefik-cl01tl
               n8n                             IN      CNAME   traefik-cl01tl
               ntfy                            IN      CNAME   traefik-cl01tl

clusters/cl01tl/storage/mariadb-operator/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: mariadb-operator
+version: 1.0.0
+description: MariaDB Operator
+keywords:
+  - mariadb-operator
+  - database
+  - storage
+  - kubernetes
+home: https://wiki.alexlebens.dev/
+sources:
+  - https://github.com/mariadb-operator/mariadb-operator
+  - https://github.com/mariadb-operator/mariadb-operator/tree/main/deploy/charts/mariadb-operator
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: mariadb-operator
+    version: 25.10.2
+    repository: https://helm.mariadb.com/mariadb-operator
+  - name: mariadb-operator-crds
+    version: 25.10.2
+    repository: https://helm.mariadb.com/mariadb-operator
+icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg
+appVersion: 25.10.2

clusters/cl01tl/storage/mariadb-operator/values.yaml

@@ -0,0 +1,11 @@
+mariadb-operator:
+  ha:
+    enabled: true
+    replicas: 3
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+  pdb:
+    enabled: true
+    maxUnavailable: 1

clusters/cl01tl/storage/rook-ceph/values.yaml

@@ -3,8 +3,8 @@ rook-ceph:
     enabled: true
   csi:
     rookUseCsiOperator: true
-    enableMetadata: true
     cephFSKernelMountOptions: "ms_mode=secure"
+    enableMetadata: true
     provisionerReplicas: 3
     serviceMonitor:
       enabled: true
@@ -13,7 +13,6 @@ rook-ceph:
     enabled: true
 
 rook-ceph-cluster:
-  operatorNamespace: rook-ceph
   toolbox:
     enabled: true
   monitoring:
@@ -22,12 +21,11 @@ rook-ceph-cluster:
     prometheusRuleOverrides:
       CephNodeDiskspaceWarning:
         disabled: true
+  cephImage:
+    # https://quay.io/repository/ceph/ceph?tab=tags
+    repository: quay.io/ceph/ceph
+    tag: v19.2.3-20250717
   cephClusterSpec:
-    cephVersion:
-      # https://quay.io/repository/ceph/ceph?tab=tags
-      image: quay.io/ceph/ceph:v19.2.3-20250717
-    mon:
-      count: 3
     mgr:
       count: 1
       modules:
@@ -85,11 +83,9 @@ rook-ceph-cluster:
           cpu: 100m
           memory: 128Mi
     storage:
-      useAllNodes: true
-      useAllDevices: true
       deviceFilter: sda
       config:
-          osdsPerDevice: "1"
+        osdsPerDevice: "1"
     csi:
       readAffinity:
         enabled: true

clusters/cl01tl/storage/whodb/values.yaml

@@ -8,7 +8,7 @@ whodb:
         main:
           image:
             repository: clidey/whodb
-            tag: 0.73.0
+            tag: 0.75.0
             pullPolicy: IfNotPresent
           env:
             - name: WHODB_OLLAMA_HOST

hosts/ps08rp/blocky/config.yml

@@ -87,10 +87,12 @@ customDNS:
     authentik                       IN      CNAME   traefik-cl01tl
     backrest                        IN      CNAME   traefik-cl01tl
     bazarr                          IN      CNAME   traefik-cl01tl
+    booklore                        IN      CNAME   traefik-cl01tl
     calibre                         IN      CNAME   traefik-cl01tl
     calibre-downloader              IN      CNAME   traefik-cl01tl
     ceph                            IN      CNAME   traefik-cl01tl
     code-server                     IN      CNAME   traefik-cl01tl
+    ephemera                        IN      CNAME   traefik-cl01tl
     garage-s3                       IN      CNAME   traefik-cl01tl
     garage-webui                    IN      CNAME   traefik-cl01tl
     gatus                           IN      CNAME   traefik-cl01tl
@@ -111,6 +113,7 @@ customDNS:
     kronic                          IN      CNAME   traefik-cl01tl
     lidarr                          IN      CNAME   traefik-cl01tl
     lidatube                        IN      CNAME   traefik-cl01tl
+    listenarr                       IN      CNAME   traefik-cl01tl
     mail                            IN      CNAME   traefik-cl01tl
     n8n                             IN      CNAME   traefik-cl01tl
     ntfy                            IN      CNAME   traefik-cl01tl

hosts/ps09rp/blocky/config.yml

@@ -87,10 +87,12 @@ customDNS:
     authentik                       IN      CNAME   traefik-cl01tl
     backrest                        IN      CNAME   traefik-cl01tl
     bazarr                          IN      CNAME   traefik-cl01tl
+    booklore                        IN      CNAME   traefik-cl01tl
     calibre                         IN      CNAME   traefik-cl01tl
     calibre-downloader              IN      CNAME   traefik-cl01tl
     ceph                            IN      CNAME   traefik-cl01tl
     code-server                     IN      CNAME   traefik-cl01tl
+    ephemera                        IN      CNAME   traefik-cl01tl
     garage-s3                       IN      CNAME   traefik-cl01tl
     garage-webui                    IN      CNAME   traefik-cl01tl
     gatus                           IN      CNAME   traefik-cl01tl
@@ -111,6 +113,7 @@ customDNS:
     kronic                          IN      CNAME   traefik-cl01tl
     lidarr                          IN      CNAME   traefik-cl01tl
     lidatube                        IN      CNAME   traefik-cl01tl
+    listenarr                       IN      CNAME   traefik-cl01tl
     mail                            IN      CNAME   traefik-cl01tl
     n8n                             IN      CNAME   traefik-cl01tl
     ntfy                            IN      CNAME   traefik-cl01tl