Update Helm release traefik to v37.4.0

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| ollama/ollama | minor | `0.12.11` -> `0.13.0` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0Mi41LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImltYWdlIl19-->

Reviewed-on: #2070
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

clusters/cl01tl/applications/booklore/templates/external-secret.yaml

@@ -20,6 +20,29 @@ spec:
         metadataPolicy: None
         property: password
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-data-replication-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-data-replication-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: psk.txt
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/booklore/replication
+        metadataPolicy: None
+        property: psk.txt
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
@@ -45,21 +68,21 @@ spec:
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
+        key: /volsync/restic/digital-ocean
         metadataPolicy: None
-        property: S3_BUCKET_ENDPOINT
+        property: BUCKET_ENDPOINT
     - secretKey: RESTIC_PASSWORD
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
+        key: /volsync/restic/digital-ocean
         metadataPolicy: None
         property: RESTIC_PASSWORD
     - secretKey: AWS_DEFAULT_REGION
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
+        key: /digital-ocean/home-infra/volsync-backups
         metadataPolicy: None
         property: AWS_DEFAULT_REGION
     - secretKey: AWS_ACCESS_KEY_ID
@@ -68,23 +91,194 @@ spec:
         decodingStrategy: None
         key: /digital-ocean/home-infra/volsync-backups
         metadataPolicy: None
-        property: access_key
+        property: AWS_ACCESS_KEY_ID
     - secretKey: AWS_SECRET_ACCESS_KEY
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
         key: /digital-ocean/home-infra/volsync-backups
         metadataPolicy: None
-        property: secret_key
+        property: AWS_SECRET_ACCESS_KEY
 
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: booklore-mariadb-cluster-backup-secret
+  name: booklore-data-backup-secret-local
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret
+    app.kubernetes.io/name: booklore-data-backup-secret-local
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-local
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-data-backup-secret-remote
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-data-backup-secret-remote
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/garage-remote
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/volsync-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-data-backup-secret-external
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-data-backup-secret-external
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/digital-ocean
+        metadataPolicy: None
+        property: BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /volsync/restic/digital-ocean
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: AWS_DEFAULT_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: AWS_ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: AWS_SECRET_ACCESS_KEY
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-mariadb-cluster-backup-secret-external
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-external
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -92,17 +286,47 @@ spec:
     kind: ClusterSecretStore
     name: vault
   data:
-    - secretKey: access-key-id
+    - secretKey: access
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
         key: /digital-ocean/home-infra/mariadb-backups
         metadataPolicy: None
         property: access
-    - secretKey: secret-access-key
+    - secretKey: secret
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
         key: /digital-ocean/home-infra/mariadb-backups
         metadataPolicy: None
         property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: booklore-mariadb-cluster-backup-secret-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: access
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/mariadb-backups
+        metadataPolicy: None
+        property: access
+    - secretKey: secret
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/mariadb-backups
+        metadataPolicy: None
+        property: secret

clusters/cl01tl/applications/booklore/templates/namespace.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: booklore
+  annotations:
+    volsync.backube/privileged-movers: "true"
+  labels:
+    app.kubernetes.io/name: booklore
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}

clusters/cl01tl/applications/booklore/templates/persistent-volume-claim.yaml

@@ -15,22 +15,3 @@ spec:
   resources:
     requests:
       storage: 1Gi
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: booklore-books-import-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: booklore-books-import-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: booklore-books-import-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi

clusters/cl01tl/applications/booklore/templates/persistent-volume.yaml

@@ -21,28 +21,3 @@ spec:
     - vers=4
     - minorversion=1
     - noac
-
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: booklore-books-import-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: booklore-books-import-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Books Import
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac

clusters/cl01tl/applications/booklore/templates/replication-destination.yaml

@@ -0,0 +1,15 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationDestination
+metadata:
+  name: booklore-data-replication-destination
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-data-replication-destination
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  rsyncTLS:
+    copyMethod: Direct
+    accessModes: ["ReadWriteMany"]
+    destinationPVC: booklore-books-nfs-storage
+    keySecret: booklore-data-replication-secret

clusters/cl01tl/applications/booklore/templates/replication-source.yaml

@@ -1,5 +1,24 @@
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
+metadata:
+  name: booklore-data-replication-source
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-data-replication-source
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  sourcePVC: booklore-data
+  trigger:
+    schedule: "0 0 * * *"
+  rsyncTLS:
+    keySecret: booklore-data-replication-secret
+    address: 10.97.132.22
+    copyMethod: Snapshot
+
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
 metadata:
   name: booklore-config-backup-source
   namespace: {{ .Release.Namespace }}
@@ -24,3 +43,87 @@ spec:
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot
     cacheCapacity: 10Gi
+
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: booklore-data-backup-source-local
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-data-backup-source-local
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  sourcePVC: booklore-data
+  trigger:
+    schedule: 0 2 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: booklore-data-backup-secret-local
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 10Gi
+
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: booklore-data-backup-source-remote
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-data-backup-source-remote
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  sourcePVC: booklore-data
+  trigger:
+    schedule: 0 3 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: booklore-data-backup-secret-remote
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 10Gi
+
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: booklore-data-backup-source-external
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: booklore-data-backup-source-external
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  sourcePVC: booklore-data
+  trigger:
+    schedule: 0 4 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: booklore-data-backup-secret-external
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
+    cacheCapacity: 10Gi

clusters/cl01tl/applications/booklore/templates/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: garage-ps10rp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: garage-ps10rp
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
+spec:
+  externalName: placeholder
+  type: ExternalName

clusters/cl01tl/applications/booklore/values.yaml

@@ -50,15 +50,18 @@ booklore:
           main:
             - path: /app/data
               readOnly: false
-    books:
-      existingClaim: booklore-books-nfs-storage
+    data:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 10Gi
+      retain: true
       advancedMounts:
         main:
           main:
-            - path: /books
+            - path: /data
               readOnly: false
     books-import:
-      existingClaim: booklore-books-import-nfs-storage
+      type: emptyDir
       advancedMounts:
         main:
           main:
@@ -102,22 +105,44 @@ mariadb-cluster:
       cleanupPolicy: Delete
       requeueInterval: 10h
       retryInterval: 30s
-  # backups:
-  #   - name: backup
-  #     schedule:
-  #       cron: "0 0 * * *"
-  #       suspend: true
-  #     compression: gzip
-  #     maxRetention: 720h # 30 days
-  #     storage:
-  #       s3:
-  #         bucket: mariadb-backups-b230a2f5aecf080a4b372c08
-  #         prefix: cl01tl
-  #         endpoint: https://nyc3.digitaloceanspaces.com
-  #         region:  us-east-1
-  #         accessKeyIdSecretKeyRef:
-  #           name: booklore-mariadb-cluster-backup-secret
-  #           key: access-key-id
-  #         secretAccessKeySecretKeyRef:
-  #           name: booklore-mariadb-cluster-backup-secret
-  #           key: secret-access-key
+  physicalBackups:
+    - name: backup-external
+      schedule:
+        cron: "0 0 * * 0"
+        suspend: false
+        immediate: true
+      compression: gzip
+      maxRetention: 720h
+      storage:
+        s3:
+          bucket: mariadb-backups-b230a2f5aecf080a4b372c08
+          prefix: cl01tl/booklore
+          endpoint: nyc3.digitaloceanspaces.com
+          region: us-east-1
+          accessKeyIdSecretKeyRef:
+            name: booklore-mariadb-cluster-backup-secret-external
+            key: access
+          secretAccessKeySecretKeyRef:
+            name: booklore-mariadb-cluster-backup-secret-external
+            key: secret
+          tls:
+            enabled: true
+    - name: backup-garage
+      schedule:
+        cron: "0 0 * * *"
+        suspend: false
+        immediate: true
+      compression: gzip
+      maxRetention: 360h
+      storage:
+        s3:
+          bucket: mariadb-backups
+          prefix: cl01tl/booklore
+          endpoint: garage-main.garage:3900
+          region: us-east-1
+          accessKeyIdSecretKeyRef:
+            name: booklore-mariadb-cluster-backup-secret-garage
+            key: access
+          secretAccessKeySecretKeyRef:
+            name: booklore-mariadb-cluster-backup-secret-garage
+            key: secret

clusters/cl01tl/applications/calibre-web-automated/values.yaml

@@ -55,7 +55,7 @@ calibre-web-automated:
         bypass:
           image:
             repository: ghcr.io/sarperavci/cloudflarebypassforscraping
-            tag: latest@sha256:15675e4e5cb65c69de52edb491b1b82d76f815250745a0d4cebd91e5e53a87f8
+            tag: latest@sha256:53b50a04bc9bc70cac350040a13bb23e9f31de59ca94d50d0bf8e4c50a73c656
             pullPolicy: IfNotPresent
           resources:
             requests:

clusters/cl01tl/applications/directus/values.yaml

@@ -9,7 +9,7 @@ directus:
         main:
           image:
             repository: directus/directus
-            tag: 11.13.2
+            tag: 11.13.3
             pullPolicy: IfNotPresent
           env:
             - name: PUBLIC_URL

clusters/cl01tl/applications/element-web/Chart.yaml

@@ -17,7 +17,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: element-web
-    version: 1.4.23
+    version: 1.4.24
     repository: https://ananace.gitlab.io/charts
   - name: cloudflared
     alias: cloudflared

clusters/cl01tl/applications/element-web/values.yaml

@@ -2,7 +2,7 @@ element-web:
   replicaCount: 1
   image:
     repository: vectorim/element-web
-    tag: v1.12.3
+    tag: v1.12.4
     pullPolicy: IfNotPresent
   defaultServer:
     url: https://matrix.alexlebens.dev

clusters/cl01tl/applications/ephemera/templates/external-secret.yaml

@@ -20,6 +20,29 @@ spec:
         metadataPolicy: None
         property: key
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: ephemera-apprise-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ephemera-apprise-config
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ntfy-url
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/ephemera/config
+        metadataPolicy: None
+        property: ntfy-url
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret

clusters/cl01tl/applications/ephemera/templates/persistent-volume-claim.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: ephemera-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: ephemera-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: ephemera-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi

clusters/cl01tl/applications/ephemera/templates/persistent-volume.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: ephemera-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: ephemera-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Books Import
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac

clusters/cl01tl/applications/ephemera/values.yaml

@@ -13,7 +13,7 @@ ephemera:
             pullPolicy: IfNotPresent
           env:
             - name: AA_BASE_URL
-              value: 8080
+              value: https://annas-archive.org
             - name: AA_API_KEY
               valueFrom:
                 secretKeyRef:
@@ -27,24 +27,6 @@ ephemera:
               value: 0
             - name: PGID
               value: 0
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                exec:
-                  command:
-                  - CMD
-                  - wget
-                  - --no-verbose
-                  - --tries=1
-                  - --spider
-                  - http://127.0.0.1:8286/health
-                failureThreshold: 5
-                initialDelaySeconds: 60
-                periodSeconds: 10
-                successThreshold: 1
-                timeoutSeconds: 10
           resources:
             requests:
               cpu: 50m
@@ -63,22 +45,29 @@ ephemera:
               value: none
             - name: TZ
               value: America/Chicago
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                exec:
-                  command:
-                  - CMD
-                  - curl
-                  - -f
-                  - http://127.0.0.1:8191/health
-                failureThreshold: 5
-                initialDelaySeconds: 60
-                periodSeconds: 10
-                successThreshold: 1
-                timeoutSeconds: 10
+          resources:
+            requests:
+              cpu: 10m
+              memory: 128Mi
+        apprise-api:
+          image:
+            repository: caronc/apprise
+            tag: 1.2.2
+            pullPolicy: IfNotPresent
+          env:
+            - name: TZ
+              value: US/Central
+            - name: APPRISE_STORAGE_MODE
+              value: memory
+            - name: APPRISE_STATEFUL_MODE
+              value: disabled
+            - name: APPRISE_WORKER_COUNT
+              value: 1
+            - name: APPRISE_STATELESS_URLS
+              valueFrom:
+                secretKeyRef:
+                  name: ephemera-apprise-config
+                  key: ntfy-url
           resources:
             requests:
               cpu: 10m
@@ -109,10 +98,3 @@ ephemera:
           main:
             - path: /app/downloads
               readOnly: false
-    books-import:
-      existingClaim: ephemera-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /app/ingest
-              readOnly: false

clusters/cl01tl/applications/homepage/values.yaml

@@ -693,13 +693,13 @@ homepage:
                   siteMonitor: http://ephemera.ephemera:80
                   statusStyle: dot
               - CWA Downloader:
-                  icon: sh-calibre.webp
+                  icon: sh-cwa-book-downloader.webp
                   description: Books
                   href: https://calibre-downloader.alexlebens.net
                   siteMonitor: http://calibre-web-automated-downloader.calibre-web-automated:8084
                   statusStyle: dot
               - Listenarr:
-                  icon: sh-listenarr.webp
+                  icon: sh-audiobookrequest.webp
                   description: Audiobooks
                   href: https://listenarr.alexlebens.net
                   siteMonitor: http://listenarr.listenarr:80

clusters/cl01tl/applications/listenarr/values.yaml

@@ -43,4 +43,4 @@ listenarr:
         main:
           main:
             - path: /data
-              readOnly: true
+              readOnly: false

clusters/cl01tl/applications/outline/values.yaml

@@ -9,7 +9,7 @@ outline:
         main:
           image:
             repository: outlinewiki/outline
-            tag: 1.0.1
+            tag: 1.1.0
             pullPolicy: IfNotPresent
           env:
             - name: NODE_ENV

clusters/cl01tl/applications/searxng/values.yaml

@@ -9,7 +9,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:d5a54dde3968851d6a15f394bd1d64e0ac5e440e6b21c73bddf215dfcd82fe16
+            tag: latest@sha256:7914267d4a3b91132aa888b889dbe0657bdb9e1af5a13eb6fbab99a94990c235
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL
@@ -43,7 +43,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:d5a54dde3968851d6a15f394bd1d64e0ac5e440e6b21c73bddf215dfcd82fe16
+            tag: latest@sha256:7914267d4a3b91132aa888b889dbe0657bdb9e1af5a13eb6fbab99a94990c235
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL

clusters/cl01tl/applications/sonarr-4k/values.yaml

@@ -13,7 +13,7 @@ sonarr-4k:
         main:
           image:
             repository: ghcr.io/linuxserver/sonarr
-            tag: 4.0.16@sha256:4b8a853b76337cd5de5f69961e23b7d0792ce7bf0a8be083dd7202ef670bfc34
+            tag: 4.0.16@sha256:2fc9c36769a3f50ab529e7ccc37687d118ab42199b01588573f03b3393cc3223
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/applications/sonarr-anime/values.yaml

@@ -13,7 +13,7 @@ sonarr-anime:
         main:
           image:
             repository: ghcr.io/linuxserver/sonarr
-            tag: 4.0.16@sha256:4b8a853b76337cd5de5f69961e23b7d0792ce7bf0a8be083dd7202ef670bfc34
+            tag: 4.0.16@sha256:2fc9c36769a3f50ab529e7ccc37687d118ab42199b01588573f03b3393cc3223
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/applications/sonarr/values.yaml

@@ -13,7 +13,7 @@ sonarr:
         main:
           image:
             repository: ghcr.io/linuxserver/sonarr
-            tag: 4.0.16@sha256:4b8a853b76337cd5de5f69961e23b7d0792ce7bf0a8be083dd7202ef670bfc34
+            tag: 4.0.16@sha256:2fc9c36769a3f50ab529e7ccc37687d118ab42199b01588573f03b3393cc3223
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/monitoring/shelly-plug/values.yaml

@@ -36,7 +36,7 @@ shelly-plug:
         main:
           image:
             repository: php
-            tag: 8.4.14-apache-bookworm
+            tag: 8.5.0-apache-bookworm
             pullPolicy: IfNotPresent
           env:
             - name: SHELLY_HOSTNAME

clusters/cl01tl/platform/authentik/Chart.yaml

@@ -21,7 +21,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: authentik
-    version: 2025.10.1
+    version: 2025.10.2
     repository: https://charts.goauthentik.io/
   - name: cloudflared
     alias: cloudflared

clusters/cl01tl/platform/gitea/values.yaml

@@ -212,7 +212,7 @@ backup:
         s3-backup:
           image:
             repository: d3fk/s3cmd
-            tag: latest@sha256:4252b3d04c18dc7fec2117259ab5dc0e51cb46b8719e661762222b44f6559189
+            tag: latest@sha256:caccff69634d420705b9f676d69e15d574fb65d1dd475b7412d3bc18df99e00f
             pullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -236,7 +236,7 @@ backup:
         s3-prune:
           image:
             repository: d3fk/s3cmd
-            tag: latest@sha256:4252b3d04c18dc7fec2117259ab5dc0e51cb46b8719e661762222b44f6559189
+            tag: latest@sha256:caccff69634d420705b9f676d69e15d574fb65d1dd475b7412d3bc18df99e00f
             pullPolicy: IfNotPresent
           command:
             - /bin/sh

clusters/cl01tl/platform/matrix-synapse/Chart.yaml

@@ -29,7 +29,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: matrix-synapse
-    version: 3.12.14
+    version: 3.12.15
     repository: https://ananace.gitlab.io/charts
   - name: app-template
     alias: matrix-hookshot

clusters/cl01tl/platform/ntfy/values.yaml

@@ -9,7 +9,7 @@ ntfy:
         main:
           image:
             repository: binwiederhier/ntfy
-            tag: v2.14.0
+            tag: v2.15.0
             pullPolicy: IfNotPresent
           args: ["serve"]
           env:

clusters/cl01tl/platform/ollama/values.yaml

@@ -22,7 +22,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.12.11
+            tag: 0.13.0
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.12.11
+            tag: 0.13.0
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.12.11
+            tag: 0.13.0
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE

clusters/cl01tl/platform/vault/values.yaml

@@ -12,7 +12,7 @@ vault:
     enabled: true
     image:
       repository: hashicorp/vault
-      tag: 1.21.0
+      tag: 1.21.1
     updateStrategyType: "RollingUpdate"
     logLevel: debug
     logFormat: standard
@@ -170,7 +170,7 @@ snapshot:
         snapshot:
           image:
             repository: hashicorp/vault
-            tag: 1.21.0
+            tag: 1.21.1
             pullPolicy: IfNotPresent
           command:
             - /bin/ash
@@ -198,7 +198,7 @@ snapshot:
         s3-backup:
           image:
             repository: d3fk/s3cmd
-            tag: latest@sha256:4252b3d04c18dc7fec2117259ab5dc0e51cb46b8719e661762222b44f6559189
+            tag: latest@sha256:caccff69634d420705b9f676d69e15d574fb65d1dd475b7412d3bc18df99e00f
             pullPolicy: IfNotPresent
           command:
             - /bin/sh

clusters/cl01tl/services/harbor/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     repository: https://helm.goharbor.io
   - name: postgres-cluster
     alias: postgres-17-cluster
-    version: 6.15.0
+    version: 6.16.0
     repository: http://gitea-http.gitea:3000/api/packages/alexlebens/helm
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
 appVersion: v2.13.0

clusters/cl01tl/services/tailscale-operator/Chart.yaml

@@ -17,7 +17,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: tailscale-operator
-    version: 1.90.6
+    version: 1.90.8
     repository: https://pkgs.tailscale.com/helmcharts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
 appVersion: v1.82.5

clusters/cl01tl/services/tailscale-operator/templates/dns-config.yaml

@@ -11,4 +11,4 @@ spec:
   nameserver:
     image:
       repo: tailscale/k8s-nameserver
-      tag: unstable-v1.83.106
+      tag: unstable-v1.91.88

clusters/cl01tl/services/talos/values.yaml

@@ -73,7 +73,7 @@ etcd-backup:
         s3-prune:
           image:
             repository: d3fk/s3cmd
-            tag: latest@sha256:4252b3d04c18dc7fec2117259ab5dc0e51cb46b8719e661762222b44f6559189
+            tag: latest@sha256:caccff69634d420705b9f676d69e15d574fb65d1dd475b7412d3bc18df99e00f
             pullPolicy: IfNotPresent
           command:
             - /bin/sh

clusters/cl01tl/services/traefik/Chart.yaml

@@ -15,7 +15,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: traefik
-    version: 37.3.0
+    version: 37.4.0
     repository: https://traefik.github.io/charts
   # enable pending:
   # https://github.com/traefik/traefik-helm-chart/pull/1340

clusters/cl01tl/storage/volsync/Chart.yaml

@@ -16,7 +16,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: volsync
-    version: 0.13.1
+    version: 0.14.0
     repository: https://backube.github.io/helm-charts/
 icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true
 appVersion: 0.12.1

clusters/cl01tl/storage/whodb/values.yaml

@@ -8,7 +8,7 @@ whodb:
         main:
           image:
             repository: clidey/whodb
-            tag: 0.74.0
+            tag: 0.75.0
             pullPolicy: IfNotPresent
           env:
             - name: WHODB_OLLAMA_HOST