chore(deps): update gitea/gitea docker tag to v1.26.0

Merge pull request 'chore(deps): update medialyze to v0.8.0' (#6105 ) from renovate/unified-medialyze into main
Reviewed-on: #6105
2026-04-20 02:13:30 +00:00 · 2026-04-20 02:09:42 +00:00 · 2026-04-20 02:04:52 +00:00 · 2026-04-20 01:22:26 +00:00 · 2026-04-20 01:21:37 +00:00 · 2026-04-20 01:17:39 +00:00
44 changed files with 102 additions and 122 deletions
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -13,7 +13,7 @@ on:
 jobs:
  renovate:
    runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43.132.0@sha256:fc54bbc724d1924fa72c331729eefb5acd1385a9ce30617b0264a7fb4b8878da
+    container: ghcr.io/renovatebot/renovate:43.132.1@sha256:2ccc5b1f0340593c40e1598547aa98feee4e521a0906a423fe0be0431a733dfa
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
--- a/clusters/cl01tl/helm/argocd/Chart.lock
+++ b/clusters/cl01tl/helm/argocd/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: argo-cd
  repository: https://argoproj.github.io/argo-helm
-  version: 9.5.1
-digest: sha256:52a9bcfdc287dac30b8833cd34654b7e62c864aa3d23bda7644a8acf5f75eb78
-generated: "2026-04-16T15:57:15.168206017Z"
+  version: 9.5.2
+digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
+generated: "2026-04-19T19:53:40.43789-05:00"
--- a/clusters/cl01tl/helm/argocd/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/argocd/templates/external-secret.yaml
@@ -1,70 +1,42 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: argocd-oidc-secret
+  name: argocd-oidc-authentik
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: argocd-oidc-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: secret
      remoteRef:
-        key: /authentik/oidc/argocd
+        key: /cl01tl/authentik/oidc/argocd
        property: secret
    - secretKey: client
      remoteRef:
-        key: /authentik/oidc/argocd
+        key: /cl01tk/authentik/oidc/argocd
        property: client

 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: argocd-notifications-secret
+  name: argocd-notifications-ntfy
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: argocd-notifications-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: ntfy-token
      remoteRef:
-        key: /ntfy/user/cl01tl
+        key: /cl01tl/ntfy/users/cl01tl
        property: token
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: argocd-gitea-repo-infrastructure-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: type
-      remoteRef:
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        property: type
-    - secretKey: url
-      remoteRef:
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        property: url
-    - secretKey: sshPrivateKey
-      remoteRef:
-        key: /cl01tl/argocd/credentials/repo/infrastructure
-        property: sshPrivateKey
--- a/clusters/cl01tl/helm/argocd/values.yaml
+++ b/clusters/cl01tl/helm/argocd/values.yaml
@@ -13,8 +13,8 @@ argo-cd:
        connectors:
        - config:
            issuer: https://authentik.alexlebens.net/application/o/argocd/
-            clientID: $argocd-oidc-secret:client
-            clientSecret: $argocd-oidc-secret:secret
+            clientID: $argocd-oidc-authentik:client
+            clientSecret: $argocd-oidc-authentik:secret
            insecureEnableGroups: true
            scopes:
              - openid
@@ -205,7 +205,7 @@ argo-cd:
    argocdUrl: https://argocd.alexlebens.net
    secret:
      create: false
-      name: argocd-notifications-secret
+      name: argocd-notifications-ntfy
    metrics:
      enabled: true
      serviceMonitor:
--- a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml
@@ -32,4 +32,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
 # renovate: datasource=github-releases depName=advplyr/audiobookshelf
-appVersion: 2.33.1
+appVersion: 2.33.2
--- a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
@@ -1,18 +1,24 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: audiobookshelf-apprise-config
+  name: audiobookshelf-config-apprise
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-apprise-config
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
  data:
-    - secretKey: ntfy-url
+    - secretKey: internal-endpoint-credential
      remoteRef:
-        key: /cl01tl/audiobookshelf/apprise
-        property: ntfy-url
+        key: /cl01tl/ntfy/users/cl01tl
+        property: internal-endpoint-credential
--- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
@@ -4,11 +4,11 @@ metadata:
  name: audiobookshelf-books-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-books-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: audiobookshelf-books-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -23,11 +23,11 @@ metadata:
  name: audiobookshelf-audiobooks-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: audiobookshelf-audiobooks-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -42,11 +42,11 @@ metadata:
  name: audiobookshelf-podcasts-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: audiobookshelf-podcasts-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
@@ -4,7 +4,7 @@ metadata:
  name: audiobookshelf-books-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-books-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -29,7 +29,7 @@ metadata:
  name: audiobookshelf-audiobooks-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -54,7 +54,7 @@ metadata:
  name: audiobookshelf-podcasts-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/audiobookshelf/values.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/values.yaml
@@ -12,7 +12,7 @@ audiobookshelf:
        main:
          image:
            repository: ghcr.io/advplyr/audiobookshelf
-            tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
+            tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
          env:
            - name: TZ
              value: America/Chicago
@@ -40,7 +40,7 @@ audiobookshelf:
            - name: APPRISE_STATELESS_URLS
              valueFrom:
                secretKeyRef:
-                  name: audiobookshelf-apprise-config
+                  name: audiobookshelf-config-apprise
                  key: ntfy-url
  service:
    main:
--- a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml
@@ -1,16 +1,16 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: authentik-key-secret
+  name: authentik-key
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: authentik-key-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: key
      remoteRef:
--- a/clusters/cl01tl/helm/authentik/templates/ingress.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/ingress.yaml
@@ -4,7 +4,7 @@ metadata:
  name: authentik-tailscale
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: authentik-tailscale
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
    tailscale.com/proxy-class: no-metrics
--- a/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
@@ -4,7 +4,7 @@ metadata:
  name: allow-outpost-cross-namespace-access
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: allow-outpost-cross-namespace-access
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/authentik/values.yaml
+++ b/clusters/cl01tl/helm/authentik/values.yaml
@@ -4,7 +4,7 @@ authentik:
      - name: AUTHENTIK_SECRET_KEY
        valueFrom:
          secretKeyRef:
-            name: authentik-key-secret
+            name: authentik-key
            key: key
      - name: AUTHENTIK_POSTGRESQL__HOST
        valueFrom:
--- a/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
@@ -4,11 +4,11 @@ metadata:
  name: backrest-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: backrest-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: backrest-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -23,11 +23,11 @@ metadata:
  name: backrest-nfs-share
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: backrest-nfs-share
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: backrest-nfs-share
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
@@ -4,7 +4,7 @@ metadata:
  name: backrest-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: backrest-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -29,7 +29,7 @@ metadata:
  name: backrest-nfs-share
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: backrest-nfs-share
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
@@ -1,16 +1,16 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: bazarr-key-secret
+  name: bazarr-key
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: bazarr-key-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: key
      remoteRef:
--- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
@@ -4,11 +4,11 @@ metadata:
  name: bazarr-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: bazarr-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: bazarr-nfs-storage
+  volumeName: {{ .Template.Name }}
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
@@ -4,7 +4,7 @@ metadata:
  name: bazarr-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: bazarr-nfs-storage
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/bazarr/values.yaml
+++ b/clusters/cl01tl/helm/bazarr/values.yaml
@@ -39,7 +39,7 @@ bazarr:
            - name: APIKEY
              valueFrom:
                secretKeyRef:
-                  name: bazarr-key-secret
+                  name: bazarr-key
                  key: key
            - name: ENABLE_ADDITIONAL_METRICS
              value: false
--- a/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
+++ b/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
@@ -4,7 +4,7 @@ metadata:
  name: letsencrypt-issuer
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: letsencrypt-issuer
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
@@ -4,15 +4,15 @@ metadata:
  name: cloudflare-api-token
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: cloudflare-api-token
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: api-token
      remoteRef:
-        key: /cloudflare/alexlebens.net/clusterissuer
+        key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
        property: token
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
@@ -4,7 +4,7 @@
 #   name: cilium-bgp-advertisements
 #   namespace: {{ .Release.Namespace }}
 #   labels:
-#     app.kubernetes.io/name: cilium-bgp-advertisements
+#     app.kubernetes.io/name: {{ .Template.Name }}
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 # spec:
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
@@ -4,7 +4,7 @@
 #   name: cilium-bgp
 #   namespace: {{ .Release.Namespace }}
 #   labels:
-#     app.kubernetes.io/name: cilium-bgp
+#     app.kubernetes.io/name: {{ .Template.Name }}
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 # spec:
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
@@ -4,7 +4,7 @@
 #   name: cilium-peer
 #   namespace: {{ .Release.Namespace }}
 #   labels:
-#     app.kubernetes.io/name: cilium-peer
+#     app.kubernetes.io/name: {{ .Template.Name }}
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 # spec:
--- a/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
@@ -4,7 +4,7 @@ metadata:
  name: default-ip-pool
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: default-ip-pool
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -19,7 +19,7 @@ metadata:
  name: bgp-ip-pool
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: bgp-ip-pool
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/gateway.yaml
@@ -4,7 +4,7 @@
 #   name: cilium-tls-gateway
 #   namespace: {{ .Release.Namespace }}
 #   labels:
-#     app.kubernetes.io/name: cilium-tls-gateway
+#     app.kubernetes.io/name: {{ .Template.Name }}
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 #   annotations:
--- a/clusters/cl01tl/helm/cilium/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/http-route.yaml
@@ -4,7 +4,7 @@ metadata:
  name: hubble
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: hubble
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
--- a/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
@@ -1,16 +1,16 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: dawarich-key-secret
+  name: dawarich-key
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: dawarich-key-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: key
      remoteRef:
@@ -21,22 +21,22 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: dawarich-oidc-secret
+  name: dawarich-oidc-authentik
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: dawarich-oidc-secret
+    app.kubernetes.io/name: {{ .Template.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: vault
+    name: openbao
  data:
    - secretKey: client
      remoteRef:
-        key: /authentik/oidc/dawarich
+        key: /cl01tl/authentik/oidc/dawarich
        property: client
    - secretKey: secret
      remoteRef:
-        key: /authentik/oidc/dawarich
+        key: /cl01tl/authentik/oidc/dawarich
        property: secret
--- a/clusters/cl01tl/helm/dawarich/values.yaml
+++ b/clusters/cl01tl/helm/dawarich/values.yaml
@@ -61,12 +61,12 @@ dawarich:
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
-                  name: dawarich-oidc-secret
+                  name: dawarich-oidc-authentik
                  key: client
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
-                  name: dawarich-oidc-secret
+                  name: dawarich-oidc-authentik
                  key: secret
            - name: OIDC_PROVIDER_NAME
              value: Authentik
@@ -81,7 +81,7 @@ dawarich:
            - name: SECRET_KEY_BASE
              valueFrom:
                secretKeyRef:
-                  name: dawarich-key-secret
+                  name: dawarich-key
                  key: key
            - name: RAILS_LOG_TO_STDOUT
              value: true
--- a/clusters/cl01tl/helm/gitea/values.yaml
+++ b/clusters/cl01tl/helm/gitea/values.yaml
@@ -9,7 +9,7 @@ gitea:
      maxUnavailable: 1
  image:
    repository: gitea/gitea
-    tag: 1.25.5
+    tag: 1.26.0
  service:
    http:
      type: ClusterIP
--- a/clusters/cl01tl/helm/medialyze/Chart.yaml
+++ b/clusters/cl01tl/helm/medialyze/Chart.yaml
@@ -24,4 +24,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
 # renovate: datasource=github-releases depName=frederikemmer/MediaLyze
-appVersion: 0.7.1
+appVersion: 0.8.0
--- a/clusters/cl01tl/helm/medialyze/values.yaml
+++ b/clusters/cl01tl/helm/medialyze/values.yaml
@@ -12,7 +12,7 @@ medialyze:
        main:
          image:
            repository: ghcr.io/frederikemmer/medialyze
-            tag: 0.7.1@sha256:c28cfd5cafe2b34136efaba5ba825440a2160cda3116ecb266454eac07a37e49
+            tag: 0.8.0@sha256:80aa5ce70d8644ce8321f97856a1c0ede5dfeaaba305c514ceefebf89c8985ef
          env:
            - name: HOST_PORT
              value: 8080
--- a/clusters/cl01tl/helm/radarr-4k/Chart.yaml
+++ b/clusters/cl01tl/helm/radarr-4k/Chart.yaml
@@ -33,4 +33,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
 # renovate: datasource=github-releases depName=linuxserver/docker-radarr
-appVersion: 6.1.1.10360-ls299
+appVersion: 6.1.1.10360-ls300
--- a/clusters/cl01tl/helm/radarr-4k/values.yaml
+++ b/clusters/cl01tl/helm/radarr-4k/values.yaml
@@ -14,7 +14,7 @@ radarr-4k:
        main:
          image:
            repository: ghcr.io/linuxserver/radarr
-            tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
+            tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
          env:
            - name: TZ
              value: America/Chicago
--- a/clusters/cl01tl/helm/radarr-anime/Chart.yaml
+++ b/clusters/cl01tl/helm/radarr-anime/Chart.yaml
@@ -33,4 +33,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
 # renovate: datasource=github-releases depName=linuxserver/docker-radarr
-appVersion: 6.1.1.10360-ls299
+appVersion: 6.1.1.10360-ls300
--- a/clusters/cl01tl/helm/radarr-anime/values.yaml
+++ b/clusters/cl01tl/helm/radarr-anime/values.yaml
@@ -14,7 +14,7 @@ radarr-anime:
        main:
          image:
            repository: ghcr.io/linuxserver/radarr
-            tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
+            tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
          env:
            - name: TZ
              value: America/Chicago
--- a/clusters/cl01tl/helm/radarr-standup/Chart.yaml
+++ b/clusters/cl01tl/helm/radarr-standup/Chart.yaml
@@ -33,4 +33,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
 # renovate: datasource=github-releases depName=linuxserver/docker-radarr
-appVersion: 6.1.1.10360-ls299
+appVersion: 6.1.1.10360-ls300
--- a/clusters/cl01tl/helm/radarr-standup/values.yaml
+++ b/clusters/cl01tl/helm/radarr-standup/values.yaml
@@ -14,7 +14,7 @@ radarr-standup:
        main:
          image:
            repository: ghcr.io/linuxserver/radarr
-            tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
+            tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
          env:
            - name: TZ
              value: America/Chicago
--- a/clusters/cl01tl/helm/radarr/Chart.yaml
+++ b/clusters/cl01tl/helm/radarr/Chart.yaml
@@ -33,4 +33,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
 # renovate: datasource=github-releases depName=linuxserver/docker-radarr
-appVersion: 6.1.1.10360-ls299
+appVersion: 6.1.1.10360-ls300
--- a/clusters/cl01tl/helm/radarr/values.yaml
+++ b/clusters/cl01tl/helm/radarr/values.yaml
@@ -14,7 +14,7 @@ radarr:
        main:
          image:
            repository: ghcr.io/linuxserver/radarr
-            tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
+            tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
          env:
            - name: TZ
              value: America/Chicago
--- a/clusters/cl01tl/helm/site-documentation/values.yaml
+++ b/clusters/cl01tl/helm/site-documentation/values.yaml
@@ -10,7 +10,7 @@ site-documentation:
        main:
          image:
            repository: harbor.alexlebens.net/images/site-documentation
-            tag: 0.26.0@sha256:fbd3167788a75a637aef0be6ef32bef685ce4af59f45e955cc6eb57ed8b1fd87
+            tag: 0.27.0@sha256:dafa3c8aa9401009c299bb274d140acc10d8531dd40c8253783b1f8ed8519d76
          resources:
            requests:
              cpu: 10m
--- a/clusters/cl01tl/helm/site-profile/values.yaml
+++ b/clusters/cl01tl/helm/site-profile/values.yaml
@@ -10,7 +10,7 @@ site-profile:
        main:
          image:
            repository: harbor.alexlebens.net/images/site-profile
-            tag: 3.18.4@sha256:3fb32ba981a059c1203c8716140bff20cc6484a90ec8694f8ac0604ac456c7f8
+            tag: 3.18.5@sha256:2ad5cbbdbf1011f74c5fa804584236ffea266c37f046f837625af79a97bc0b56
          resources:
            requests:
              cpu: 10m
--- a/clusters/cl01tl/helm/slskd/templates/secret-provider-class.yaml
+++ b/clusters/cl01tl/helm/slskd/templates/secret-provider-class.yaml
@@ -1,4 +1,4 @@
-apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
+apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata:
  name: slskd-config-secret
@@ -8,12 +8,12 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  provider: vault
+  provider: openbao
  parameters:
-    vaultAddress: "http://openbao-internal.openbao:8200"
+    baoAddress: "http://openbao-internal.openbao:8200"
    roleName: slskd
    objects: |
-      - objectName: slskd-config-secret
+      - objectName: slskd.yml
        fileName: slskd.yml
-        secretPath: cl01tl/slskd/config
+        secretPath: secret/data/cl01tl/slskd/config
        secretKey: slskd.yml
--- a/clusters/cl01tl/helm/slskd/values.yaml
+++ b/clusters/cl01tl/helm/slskd/values.yaml
@@ -48,6 +48,8 @@ slskd:
              value: 1000
            - name: SLSKD_UMASK
              value: 000
+            - name: SLSKD_CONFIG
+              value: /config/slskd.yml
          resources:
            requests:
              cpu: 100m
@@ -156,7 +158,7 @@ slskd:
      advancedMounts:
        main:
          main:
-            - path: /app/slskd.yml
+            - path: /config/slskd.yml
              readOnly: true
              mountPropagation: None
              subPath: slskd.yml
Author	SHA1	Message	Date
Renovate Bot	2c25d115e5	chore(deps): update gitea/gitea docker tag to v1.26.0 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 23s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 40s Details	2026-04-20 02:13:30 +00:00
Alex Lebens	3e6cd3df24	Merge pull request 'chore(deps): update medialyze to v0.8.0' (#6105 ) from renovate/unified-medialyze into main All checks were successful lint-test-helm / lint-helm (push) Successful in 24s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 4m3s Details Reviewed-on: #6105	2026-04-20 02:09:42 +00:00
Renovate Bot	70f1dac7c6	chore(deps): update medialyze to v0.8.0 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 37s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 43s Details render-manifests / render-manifests (pull_request) Successful in 1m26s Details	2026-04-20 02:04:52 +00:00
Renovate Bot	00d5109152	Merge pull request 'chore(deps): update radarr to v6.1.1.10360-ls300' (#6102 ) from renovate/unified-radarr into main All checks were successful lint-test-helm / lint-helm (push) Successful in 1m11s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 4m35s Details	2026-04-20 01:22:26 +00:00
Renovate Bot	9a68f8cf6a	chore(deps): update radarr to v6.1.1.10360-ls300 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 50s Details lint-test-helm / validate-kubeconform (pull_request) Has been skipped Details render-manifests / render-manifests (pull_request) Successful in 1m14s Details	2026-04-20 01:21:37 +00:00
Renovate Bot	753b67533d	Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.18.5' (#6100 ) from renovate/unified-site-profile into main Some checks failed lint-test-helm / lint-helm (push) Successful in 56s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details	2026-04-20 01:17:39 +00:00
Renovate Bot	a7771493a9	chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.18.5	2026-04-20 01:17:39 +00:00
Renovate Bot	eb4cf892f4	Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.132.1' (#6099 ) from renovate/unified-renovate into main Some checks failed renovate / renovate (push) Has been cancelled Details	2026-04-20 01:17:20 +00:00
Renovate Bot	fa47afea3a	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.132.1 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details	2026-04-20 01:16:58 +00:00
Renovate Bot	b5429bebea	Merge pull request 'chore(deps): update audiobookshelf to v2.33.2' (#6097 ) from renovate/unified-audiobookshelf into main Some checks failed lint-test-helm / lint-helm (push) Successful in 34s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details	2026-04-20 01:14:23 +00:00
Renovate Bot	345a234be9	chore(deps): update audiobookshelf to v2.33.2 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 21s Details render-manifests / render-manifests (pull_request) Successful in 1m0s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 54s Details	2026-04-20 01:13:53 +00:00
Alex Lebens	70917add01	Merge pull request 'feat: migrate to openbao' (#6095 ) from tmp/secrets-2 into main Some checks failed lint-test-helm / lint-helm (push) Successful in 56s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #6095	2026-04-20 01:09:28 +00:00
Alex Lebens	d40151ca3e	feat: migrate to openbao	2026-04-20 01:09:28 +00:00
Alex Lebens	10917de337	Merge pull request 'chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.27.0' (#6094 ) from renovate/unified-site-documentation into main Some checks failed lint-test-helm / lint-helm (push) Successful in 21s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #6094	2026-04-20 01:06:41 +00:00
Renovate Bot	7dcf32875a	chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.27.0 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 32s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 47s Details render-manifests / render-manifests (pull_request) Successful in 45s Details	2026-04-20 00:03:45 +00:00
Alex Lebens	775f408383	Merge pull request 'feat: change mount path' (#6092 ) from tmp/slskd-10 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 45s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 4m32s Details Reviewed-on: #6092	2026-04-19 22:33:41 +00:00
Alex Lebens	01090eda72	feat: change mount path All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 53s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 48s Details render-manifests / render-manifests (pull_request) Successful in 3m10s Details	2026-04-19 17:32:23 -05:00
Alex Lebens	b1db8003fa	Merge pull request 'feat: change parameter' (#6090 ) from tmp/slskd-9 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 35s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m45s Details Reviewed-on: #6090	2026-04-19 22:25:44 +00:00
Alex Lebens	aaf26450c1	feat: change parameter All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 52s Details lint-test-helm / validate-kubeconform (pull_request) Has been skipped Details render-manifests / render-manifests (pull_request) Successful in 1m11s Details	2026-04-19 17:23:06 -05:00
Alex Lebens	6f0f7027be	Merge pull request 'fix: wrong path' (#6088 ) from tmp/slskd-8 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 39s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m55s Details Reviewed-on: #6088	2026-04-19 22:08:50 +00:00
Alex Lebens	baa65fa99c	fix: wrong path All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 49s Details render-manifests / render-manifests (pull_request) Successful in 51s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 42s Details	2026-04-19 17:07:28 -05:00
Alex Lebens	5c0b667aad	Merge pull request 'fix: extend path to engine name' (#6086 ) from tmp/slskd-6 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 1m37s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m29s Details Reviewed-on: #6086	2026-04-19 21:54:01 +00:00
Alex Lebens	e85cc055bb	fix: extend path to engine name All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 44s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 46s Details render-manifests / render-manifests (pull_request) Successful in 1m25s Details	2026-04-19 16:50:08 -05:00
Alex Lebens	ad27b57adb	Merge pull request 'feat: use openbao provider' (#6084 ) from tmp/slskd-5 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 1m21s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m35s Details Reviewed-on: #6084	2026-04-19 21:44:56 +00:00
Alex Lebens	7237534b19	feat: use openbao provider All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 45s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 27s Details render-manifests / render-manifests (pull_request) Successful in 53s Details	2026-04-19 16:42:55 -05:00
Alex Lebens	ffc42fc585	Merge pull request 'feat: fix parameter' (#6082 ) from tmp/slskd-4 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 1m59s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m59s Details Reviewed-on: #6082	2026-04-19 21:36:19 +00:00