Merge pull request 'chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273' (#5716 ) from renovate/unified-lidarr into main

chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273
Merge pull request 'chore(deps): update traefik to v3.6.13' (#5713 ) from renovate/unified-traefik into main
2026-04-08 05:02:47 +00:00 · 2026-04-08 05:02:30 +00:00 · 2026-04-08 02:28:17 +00:00 · 2026-04-08 02:27:41 +00:00 · 2026-04-08 02:25:52 +00:00 · 2026-04-08 02:25:52 +00:00
54 changed files with 188 additions and 563 deletions
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -13,7 +13,7 @@ on:
 jobs:
  renovate:
    runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43.109.0@sha256:262d3c2d7e61da7a7eef61fdbdcf26d80cb0d13f65baaa99ace4163a4d56c0fa
+    container: ghcr.io/renovatebot/renovate:43.109.1@sha256:3dc6493fd5846ee486ca26531db8b8dd2c028bc8e4c5b3464514f5f6b3e065d8
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
--- a/clusters/cl01tl/helm/authentik/Chart.lock
+++ b/clusters/cl01tl/helm/authentik/Chart.lock
@@ -1,7 +1,7 @@
 dependencies:
 - name: authentik
  repository: https://charts.goauthentik.io/
-  version: 2026.2.1
+  version: 2026.2.2
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 2.4.0
@@ -11,5 +11,5 @@ dependencies:
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.5.0
-digest: sha256:7302a85008aee7950aa345aa7d64563c1b0da8f07e348ec9709f9438503a41ff
-generated: "2026-04-04T21:00:59.689114-05:00"
+digest: sha256:86950b83ac8a4da2a89bb826616857fd5eca017c813d8def0eb905025a6e7687
+generated: "2026-04-08T02:23:25.175388081Z"
--- a/clusters/cl01tl/helm/authentik/Chart.yaml
+++ b/clusters/cl01tl/helm/authentik/Chart.yaml
@@ -18,7 +18,7 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: authentik
-    version: 2026.2.1
+    version: 2026.2.2
    repository: https://charts.goauthentik.io/
  - name: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
--- a/clusters/cl01tl/helm/harbor/Chart.lock
+++ b/clusters/cl01tl/helm/harbor/Chart.lock
@@ -4,9 +4,9 @@ dependencies:
  version: 1.18.3
 - name: postgres-cluster
  repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
-  version: 7.11.1
+  version: 7.11.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.5.0
-digest: sha256:fb17e2bad9c3a303da2b9d65ee5bd082a58ca6a5cee17d337e2536747982aa2c
-generated: "2026-03-31T18:38:15.510833-05:00"
+digest: sha256:2ef60d6315a21e0d92970570630cc74720643e7e51e0574107249684ddc2fab5
+generated: "2026-04-07T20:36:47.509644-05:00"
--- a/clusters/cl01tl/helm/harbor/Chart.yaml
+++ b/clusters/cl01tl/helm/harbor/Chart.yaml
@@ -20,7 +20,7 @@ dependencies:
    repository: https://helm.goharbor.io
  - name: postgres-cluster
    alias: postgres-18-cluster
-    version: 7.11.1
+    version: 7.11.2
    repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
  - name: valkey
    alias: valkey
--- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
@@ -5,6 +5,7 @@ description: Kube Prometheus Stack
 keywords:
  - kube-prometheus-stack
  - prometheus
+  - metrics
 home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/
 sources:
  - https://github.com/prometheus/prometheus
--- a/clusters/cl01tl/helm/lidarr/values.yaml
+++ b/clusters/cl01tl/helm/lidarr/values.yaml
@@ -14,7 +14,7 @@ lidarr:
        main:
          image:
            repository: ghcr.io/linuxserver/lidarr
-            tag: 3.1.2-nightly@sha256:0fc8d169a0740a77e03ec0e5eaee1ce2db0d882fc0bb8d0a26fd77a8beaad8e9
+            tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda
          env:
            - name: TZ
              value: America/Chicago
--- a/clusters/cl01tl/helm/roundcube/values.yaml
+++ b/clusters/cl01tl/helm/roundcube/values.yaml
@@ -56,7 +56,7 @@ roundcube:
        nginx:
          image:
            repository: nginx
-            tag: 1.29.7-alpine-slim@sha256:0848ca84c476868cbeb6a5c2c009a98821b8540f96c44b1ba06820db50262e35
+            tag: 1.29.8-alpine-slim@sha256:34311a2592ef8b857ca342b0d458d2978e4d05ae620ba2da5030f3d7c9b4774c
          env:
            - name: NGINX_HOST
              value: mail.alexlebens.net
--- a/clusters/cl01tl/helm/s3-exporter/Chart.yaml
+++ b/clusters/cl01tl/helm/s3-exporter/Chart.yaml
@@ -5,6 +5,7 @@ description: S3 Exporter
 keywords:
  - s3-exporter
  - storage
+  - metrics
 home: https://docs.alexlebens.dev/applications/s3-exporter/
 sources:
  - https://github.com/molu8bits/s3bucket_exporter
--- a/clusters/cl01tl/helm/searxng/values.yaml
+++ b/clusters/cl01tl/helm/searxng/values.yaml
@@ -57,7 +57,7 @@ searxng:
        valkey:
          image:
            repository: valkey/valkey
-            tag: 9.0.0-alpine@sha256:bef37d06d4856710973ee31dd1eac1482e4c8e6e7b847f999ad25433e646587b
+            tag: 9.0.3-alpine@sha256:e1095c6c76ee982cb2d1e07edbb7fb2a53606630a1d810d5a47c9f646b708bf5
  service:
    api:
      controller: api
--- a/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml
+++ b/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml
@@ -5,6 +5,7 @@ description: Speedtest Exporter
 keywords:
  - speedtest-exporter
  - internet-speed
+  - metrics
 home: https://docs.alexlebens.dev/applications/speedtest-exporter/
 sources:
  - https://github.com/MiguelNdeCarvalho/speedtest-exporter
--- a/clusters/cl01tl/helm/tailscale-operator/Chart.yaml
+++ b/clusters/cl01tl/helm/tailscale-operator/Chart.yaml
@@ -21,4 +21,4 @@ dependencies:
    repository: https://pkgs.tailscale.com/helmcharts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
 # renovate: datasource=docker depName=tailscale/tailscale
-appVersion: v1.94.2
+appVersion: v1.96.5
--- a/clusters/cl01tl/helm/tailscale-operator/values.yaml
+++ b/clusters/cl01tl/helm/tailscale-operator/values.yaml
@@ -5,7 +5,7 @@ tailscale-operator:
      - "tag:k8s-operator"
    image:
      repository: tailscale/k8s-operator
-      tag: v1.94.2
+      tag: v1.96.5
      digest: sha256:7956bd50dca9dc804b98720df94d112b54af85449ed0bf8cc7fad0346b225067
    hostname: tailscale-operator-cl01tl
  ingressClass:
@@ -13,6 +13,6 @@ tailscale-operator:
  proxyConfig:
    image:
      repository: tailscale/tailscale
-      tag: v1.94.2
+      tag: v1.96.5
      digest: sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
    defaultProxyClass: no-metrics
--- a/clusters/cl01tl/helm/talos/values.yaml
+++ b/clusters/cl01tl/helm/talos/values.yaml
@@ -376,7 +376,7 @@ etcd-defrag:
      cronjob:
        suspend: false
        timeZone: America/Chicago
-        schedule: "0 0 * * 0"
+        schedule: 0 0 * * 0
        backoffLimit: 3
        parallelism: 1
      containers:
@@ -404,7 +404,7 @@ etcd-defrag:
      cronjob:
        suspend: false
        timeZone: America/Chicago
-        schedule: "10 0 * * 0"
+        schedule: 10 0 * * 0
        backoffLimit: 3
        parallelism: 1
      containers:
@@ -432,7 +432,7 @@ etcd-defrag:
      cronjob:
        suspend: false
        timeZone: America/Chicago
-        schedule: "20 0 * * 0"
+        schedule: 20 0 * * 0
        backoffLimit: 3
        parallelism: 1
      containers:
--- a/clusters/cl01tl/helm/tdarr/Chart.yaml
+++ b/clusters/cl01tl/helm/tdarr/Chart.yaml
@@ -5,16 +5,16 @@ description: Tdarr
 keywords:
  - tdarr
  - video
-  - transcode
-  - healthchecks
-home: https://wiki.alexlebens.dev/s/0a8c0a10-7847-4081-8a4b-5e6ac4cb1d62
+home: https://docs.alexlebens.dev/applications/tdarr/
 sources:
  - https://github.com/HaveAGitGat/Tdarr
  - https://github.com/homeylab/tdarr-exporter
  - https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr
+  - https://github.com/users/haveagitgat/packages/container/package/tdarr_node
  - https://hub.docker.com/r/homeylab/tdarr-exporter
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
@@ -34,5 +34,5 @@ dependencies:
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png
-# renovate: datasource=github-releases depName=HaveAGitGat/Tdarr
+# renovate: datasource=docker depName=ghcr.io/haveagitgat/tdarr
 appVersion: 2.58.02
--- a/clusters/cl01tl/helm/tdarr/values.yaml
+++ b/clusters/cl01tl/helm/tdarr/values.yaml
@@ -4,16 +4,18 @@ tdarr:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
+      pod:
+        securityContext:
+          fsGroup: 1000
+          fsGroupChangePolicy: OnRootMismatch
      containers:
        main:
          image:
            repository: ghcr.io/haveagitgat/tdarr
-            tag: 2.67.01
-            pullPolicy: IfNotPresent
+            tag: 2.67.01@sha256:048ae8ed4de8e9f0de51ad739b2105bee3e4d1a8575120df468cec5f6ef2b1da
          env:
            - name: TZ
-              value: US/Central
+              value: America/Chicago
            - name: PUID
              value: "1001"
            - name: PGID
@@ -36,12 +38,11 @@ tdarr:
              value: "8265"
          resources:
            requests:
-              cpu: 200m
-              memory: 1Gi
+              cpu: 500m
+              memory: 2Gi
    node:
      type: statefulset
      replicas: 3
-      revisionHistoryLimit: 3
      statefulset:
        volumeClaimTemplates:
          - name: transcode-cache
@@ -67,11 +68,10 @@ tdarr:
        main:
          image:
            repository: ghcr.io/haveagitgat/tdarr_node
-            tag: 2.67.01
-            pullPolicy: IfNotPresent
+            tag: 2.67.01@sha256:dc23becc667f77d2489b1042bd3af87fdd2fd85c2802e126928ef2ced9a8f560
          env:
            - name: TZ
-              value: US/Central
+              value: America/Chicago
            - name: PUID
              value: "1001"
            - name: PGID
@@ -96,7 +96,7 @@ tdarr:
            requests:
              gpu.intel.com/i915: 1
              cpu: 10m
-              memory: 512Mi
+              memory: 100Mi
  service:
    api:
      controller: server
@@ -104,14 +104,12 @@ tdarr:
        http:
          port: 8266
          targetPort: 8266
-          protocol: HTTP
    web:
      controller: server
      ports:
        http:
          port: 8265
          targetPort: 8265
-          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
@@ -124,11 +122,8 @@ tdarr:
        - tdarr.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
-              kind: Service
-              name: tdarr-web
+            - name: tdarr-web
              port: 8265
-              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -139,7 +134,6 @@ tdarr:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 50Gi
-      retain: true
      advancedMounts:
        server:
          main:
@@ -150,7 +144,6 @@ tdarr:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 50Gi
-      retain: true
      advancedMounts:
        server:
          main:
@@ -177,8 +170,7 @@ tdarr:
 tdarr-exporter:
  image:
    name: homeylab/tdarr-exporter
-    # renovate: datasource=docker depName=homeylab/tdarr-exporter
-    tag: 1.4.3
+    tag: 1.4.3@sha256:88254cb505bfff20e86e04fa23a71789a411e7939e3bcbccbd5ef397ff91d052
  metrics:
    serviceMonitor:
      enabled: true
@@ -188,8 +180,8 @@ tdarr-exporter:
      verify_ssl: false
  resources:
    requests:
-      cpu: 10m
-      memory: 256Mi
+      cpu: 1m
+      memory: 10Mi
 volsync-target-config:
  pvcTarget: tdarr-config
  local:
--- a/clusters/cl01tl/helm/traefik/Chart.yaml
+++ b/clusters/cl01tl/helm/traefik/Chart.yaml
@@ -5,12 +5,11 @@ description: Traefik
 keywords:
  - traefik
  - reverse-proxy
-  - tls
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/541ec45c-6cf7-4be6-bb08-63cab175e7cb
+home: https://docs.alexlebens.dev/applications/traefik/
 sources:
  - https://github.com/traefik/traefik
-  - https://github.com/traefik/traefik-helm-chart
+  - https://github.com/traefik/traefik-helm-chart/tree/master/traefik
+  - https://github.com/traefik/traefik-helm-chart/tree/master/traefik-crds
 maintainers:
  - name: alexlebens
 dependencies:
--- a/clusters/cl01tl/helm/traefik/values.yaml
+++ b/clusters/cl01tl/helm/traefik/values.yaml
@@ -1,4 +1,8 @@
 traefik:
+  image:
+    registry: docker.io
+    repository: traefik
+    tag: v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
  deployment:
    kind: DaemonSet
  ingressClass:
@@ -39,6 +43,11 @@ traefik:
      enabled: true
      matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`)))
      entryPoints: ["websecure"]
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+      maxSurge: 1
  providers:
    kubernetesCRD:
      allowCrossNamespace: true
@@ -58,8 +67,23 @@ traefik:
      serviceMonitor:
        enabled: true
      prometheusRule:
-        enabled: false
+        enabled: true
+        rules:
+          - alert: TraefikDown
+            expr: up{job="traefik"} == 0
+            for: 5m
+            labels:
+              context: traefik
+              severity: warning
+            annotations:
+              summary: "Traefik Down"
+              description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
+  global:
+    checkNewVersion: false
  ports:
+    traefik:
+      expose:
+        default: false
    web:
      port: 8000
      expose:
@@ -77,14 +101,12 @@ traefik:
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
-        insecure: false
      proxyProtocol:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
-        insecure: false
    websecure:
      port: 8443
      expose:
@@ -102,22 +124,18 @@ traefik:
          allowEncodedPercent: true
          allowEncodedQuestionMark: true
          allowEncodedHash: true
-        tls:
-          enabled: true
      forwardedHeaders:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
-        insecure: false
      proxyProtocol:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
-        insecure: false
    ssh:
      port: 22
      expose:
@@ -129,14 +147,12 @@ traefik:
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
-        insecure: false
      proxyProtocol:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
-        insecure: false
    metrics:
      expose:
        default: false
@@ -145,6 +161,10 @@ traefik:
    type: LoadBalancer
    externalIPs:
      - 10.232.1.21
+  resources:
+    requests:
+      cpu: 10m
+      memory: 100Mi
 traefik-crds:
  enabled: true
  traefik: true
--- a/clusters/cl01tl/helm/tubearchivist/Chart.lock
+++ b/clusters/cl01tl/helm/tubearchivist/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
  version: 4.6.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.4.0
-digest: sha256:39a57c1505ed39180cffe9153ce69233c2376ba62c9287bc411071cf986f44de
-generated: "2026-03-09T23:08:53.501770729Z"
+  version: 0.5.0
+digest: sha256:bbceeb6ebc7a358798e706280aa2eaba8b47b018ea0fb736b30ece5419979c4e
+generated: "2026-04-07T19:36:53.116343-05:00"
--- a/clusters/cl01tl/helm/tubearchivist/Chart.yaml
+++ b/clusters/cl01tl/helm/tubearchivist/Chart.yaml
@@ -4,15 +4,17 @@ version: 1.0.0
 description: Tube Archivist
 keywords:
  - tubearchivist
-  - download
  - video
-  - youtube
-home: https://wiki.alexlebens.dev/s/9a5f89bb-3cae-43ab-b651-d39f69a05e93
+home: https://docs.alexlebens.dev/applications/tubearchivist/
 sources:
  - https://github.com/tubearchivist/tubearchivist
-  - https://github.com/elastic/elasticsearch
+  - https://github.com/Brainicism/bgutil-ytdlp-pot-provider
+  - https://github.com/qdm12/gluetun
  - https://hub.docker.com/r/bbilly1/tubearchivist
+  - https://hub.docker.com/r/brainicism/bgutil-ytdlp-pot-provider
+  - https://github.com/qdm12/gluetun/pkgs/container/gluetun
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
 maintainers:
  - name: alexlebens
 dependencies:
@@ -22,7 +24,7 @@ dependencies:
    version: 4.6.2
  - name: valkey
    alias: valkey
-    version: 0.4.0
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png
 # renovate: datasource=github-releases depName=tubearchivist/tubearchivist
--- a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
@@ -14,17 +14,11 @@ spec:
  data:
    - secretKey: ELASTIC_PASSWORD
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/tubearchivist/env
-        metadataPolicy: None
        property: ELASTIC_PASSWORD
    - secretKey: TA_PASSWORD
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/tubearchivist/env
-        metadataPolicy: None
        property: TA_PASSWORD

 ---
@@ -44,24 +38,15 @@ spec:
  data:
    - secretKey: username
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/tubearchivist/elasticsearch
-        metadataPolicy: None
        property: username
    - secretKey: password
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/tubearchivist/elasticsearch
-        metadataPolicy: None
        property: password
    - secretKey: roles
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/tubearchivist/elasticsearch
-        metadataPolicy: None
        property: roles

 ---
@@ -81,29 +66,17 @@ spec:
  data:
    - secretKey: private-key
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /airvpn/conf/cl01tl
-        metadataPolicy: None
        property: private-key
    - secretKey: preshared-key
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /airvpn/conf/cl01tl
-        metadataPolicy: None
        property: preshared-key
    - secretKey: addresses
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /airvpn/conf/cl01tl
-        metadataPolicy: None
        property: addresses
    - secretKey: input-ports
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /airvpn/conf/cl01tl
-        metadataPolicy: None
        property: input-ports
--- a/clusters/cl01tl/helm/tubearchivist/values.yaml
+++ b/clusters/cl01tl/helm/tubearchivist/values.yaml
@@ -4,13 +4,15 @@ tubearchivist:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
+      pod:
+        securityContext:
+          fsGroup: 1000
+          fsGroupChangePolicy: OnRootMismatch
      containers:
        main:
          image:
            repository: bbilly1/tubearchivist
-            tag: v0.5.10
-            pullPolicy: IfNotPresent
+            tag: v0.5.10@sha256:dfe723cf008520e1758ecc3e59e6ea8761dd10d5bb099cd87289e80f5bd66567
          env:
            - name: TZ
              value: America/Chicago
@@ -40,13 +42,11 @@ tubearchivist:
        bgutil:
          image:
            repository: brainicism/bgutil-ytdlp-pot-provider
-            tag: 1.3.1
-            pullPolicy: IfNotPresent
+            tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b
        gluetun:
          image:
            repository: ghcr.io/qdm12/gluetun
            tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
-            pullPolicy: IfNotPresent
          lifecycle:
            postStart:
              exec:
@@ -106,8 +106,6 @@ tubearchivist:
              devic.es/tun: "1"
            requests:
              devic.es/tun: "1"
-              cpu: 10m
-              memory: 128Mi
  service:
    main:
      controller: main
@@ -115,7 +113,6 @@ tubearchivist:
        http:
          port: 80
          targetPort: 24000
-          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
@@ -128,11 +125,8 @@ tubearchivist:
        - tubearchivist.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
-              kind: Service
-              name: tubearchivist
+            - name: tubearchivist
              port: 80
-              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -142,7 +136,6 @@ tubearchivist:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 40Gi
-      retain: true
      advancedMounts:
        main:
          main:
@@ -157,10 +150,6 @@ tubearchivist:
              readOnly: false
 valkey:
  valkey:
-    resources:
-      requests:
-        cpu: 100m
-        memory: 1Gi
    dataStorage:
      requestedSize: 10Gi
    replica:
--- a/clusters/cl01tl/helm/unpackerr/Chart.yaml
+++ b/clusters/cl01tl/helm/unpackerr/Chart.yaml
@@ -6,7 +6,7 @@ keywords:
  - unpackerr
  - archive
  - servarr
-home: https://wiki.alexlebens.dev/s/7d3193ee-4ca3-4477-bdb0-44f2258bc088
+home: https://docs.alexlebens.dev/applications/unpackerr/
 sources:
  - https://github.com/Unpackerr/unpackerr
  - https://hub.docker.com/r/golift/unpackerr
--- a/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml
@@ -14,57 +14,33 @@ spec:
  data:
    - secretKey: UN_SONARR_0_API_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/sonarr4/key
-        metadataPolicy: None
        property: key
    - secretKey: UN_SONARR_1_API_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/sonarr4-4k/key
-        metadataPolicy: None
        property: key
    - secretKey: UN_SONARR_2_API_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/sonarr4-anime/key
-        metadataPolicy: None
        property: key
    - secretKey: UN_RADARR_0_API_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/radarr5/key
-        metadataPolicy: None
        property: key
    - secretKey: UN_RADARR_1_API_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/radarr5-4k/key
-        metadataPolicy: None
        property: key
    - secretKey: UN_RADARR_2_API_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/radarr5-anime/key
-        metadataPolicy: None
        property: key
    - secretKey: UN_RADARR_3_API_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/radarr5-standup/key
-        metadataPolicy: None
        property: key
    - secretKey: UN_LIDARR_0_API_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/lidarr2/key
-        metadataPolicy: None
        property: key
--- a/clusters/cl01tl/helm/unpackerr/values.yaml
+++ b/clusters/cl01tl/helm/unpackerr/values.yaml
@@ -4,16 +4,18 @@ unpackerr:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
+      pod:
+        securityContext:
+          fsGroup: 1000
+          fsGroupChangePolicy: OnRootMismatch
      containers:
        main:
          image:
            repository: golift/unpackerr
-            tag: 0.15.2
-            pullPolicy: IfNotPresent
+            tag: 0.15.2@sha256:057e34740d26c34d81ec8e2faf8ec11f8dbfc77489b7a42826f52b37e5ee1b6c
          env:
            - name: TZ
-              value: US/Central
+              value: America/Chicago
            - name: UN_WEBSERVER_METRICS
              value: true
            - name: UN_SONARR_0_URL
@@ -54,7 +56,7 @@ unpackerr:
          resources:
            requests:
              cpu: 10m
-              memory: 128Mi
+              memory: 10Mi
  persistence:
    storage:
      existingClaim: unpackerr-nfs-storage
--- a/clusters/cl01tl/helm/unpoller/Chart.yaml
+++ b/clusters/cl01tl/helm/unpoller/Chart.yaml
@@ -5,9 +5,8 @@ description: Unpoller
 keywords:
  - unpoller
  - ubiquiti
-  - unifi
  - metrics
-home: https://wiki.alexlebens.dev/s/cac4e7b1-3d8e-4a32-993c-c6b3f1d2c344
+home: https://docs.alexlebens.dev/applications/unpoller/
 sources:
  - https://github.com/unpoller/unpoller
  - https://github.com/unpoller/unpoller/pkgs/container/unpoller
@@ -19,6 +18,6 @@ dependencies:
    alias: unpoller
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
-icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/ubiquiti-unifi.png
 # renovate: datasource=github-releases depName=unpoller/unpoller
 appVersion: v2.39.0
--- a/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml
@@ -14,15 +14,9 @@ spec:
  data:
    - secretKey: UP_UNIFI_CONTROLLER_0_USER
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /unifi/auth/cl01tl
-        metadataPolicy: None
        property: user
    - secretKey: UP_UNIFI_CONTROLLER_0_PASS
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /unifi/auth/cl01tl
-        metadataPolicy: None
        property: password
--- a/clusters/cl01tl/helm/unpoller/values.yaml
+++ b/clusters/cl01tl/helm/unpoller/values.yaml
@@ -4,16 +4,14 @@ unpoller:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/unpoller/unpoller
-            tag: v2.39.0
-            pullPolicy: IfNotPresent
+            tag: v2.39.0@sha256:1cf63ad43121acc6995da1bd636063de9023b4bfc16599a4297951a6fb6b7fd2
          env:
            - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS
-              value: 'false'
+              value: 'true'
            - name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES
              value: 'false'
            - name: UP_UNIFI_CONTROLLER_0_SAVE_DPI
@@ -21,7 +19,7 @@ unpoller:
            - name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS
              value: 'false'
            - name: UP_UNIFI_CONTROLLER_0_SAVE_IDS
-              value: 'false'
+              value: 'true'
            - name: UP_UNIFI_CONTROLLER_0_SAVE_SITES
              value: 'true'
            - name: UP_UNIFI_CONTROLLER_0_URL
@@ -44,7 +42,7 @@ unpoller:
          resources:
            requests:
              cpu: 10m
-              memory: 64Mi
+              memory: 20Mi
  service:
    main:
      controller: main
@@ -52,7 +50,6 @@ unpoller:
        metrics:
          port: 9130
          targetPort: 9130
-          protocol: TCP
  serviceMonitor:
    main:
      selector:
--- a/clusters/cl01tl/helm/vault/Chart.yaml
+++ b/clusters/cl01tl/helm/vault/Chart.yaml
@@ -5,7 +5,7 @@ description: Vault
 keywords:
  - vault
  - secrets
-home: https://wiki.alexlebens.dev/s/5e40fae1-53a5-4bd0-9953-6fcbe88f1987
+home: https://docs.alexlebens.dev/applications/vault/
 sources:
  - https://github.com/hashicorp/vault
  - https://github.com/Angatar/s3cmd
@@ -29,6 +29,6 @@ dependencies:
    alias: unseal
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png
 # renovate: datasource=github-releases depName=hashicorp/vault
 appVersion: 1.21.4
--- a/clusters/cl01tl/helm/vault/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/vault/templates/external-secret.yaml
@@ -14,17 +14,11 @@ spec:
  data:
    - secretKey: VAULT_APPROLE_ROLE_ID
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/snapshot
-        metadataPolicy: None
        property: VAULT_APPROLE_ROLE_ID
    - secretKey: VAULT_APPROLE_SECRET_ID
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/snapshot
-        metadataPolicy: None
        property: VAULT_APPROLE_SECRET_ID

 ---
@@ -44,17 +38,11 @@ spec:
  data:
    - secretKey: .s3cfg
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /garage/home-infra/vault-backups
-        metadataPolicy: None
        property: s3cfg-local
    - secretKey: BUCKET
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /garage/home-infra/vault-backups
-        metadataPolicy: None
        property: BUCKET

 ---
@@ -74,17 +62,11 @@ spec:
  data:
    - secretKey: .s3cfg
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /garage/home-infra/vault-backups
-        metadataPolicy: None
        property: s3cfg-remote
    - secretKey: BUCKET
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /garage/home-infra/vault-backups
-        metadataPolicy: None
        property: BUCKET

 ---
@@ -104,17 +86,11 @@ spec:
  data:
    - secretKey: .s3cfg
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /digital-ocean/home-infra/vault-backup
-        metadataPolicy: None
        property: s3cfg
    - secretKey: BUCKET
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /digital-ocean/home-infra/vault-backup
-        metadataPolicy: None
        property: BUCKET

 ---
@@ -134,24 +110,15 @@ spec:
  data:
    - secretKey: NTFY_TOKEN
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /ntfy/user/cl01tl
-        metadataPolicy: None
        property: token
    - secretKey: NTFY_ENDPOINT
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /ntfy/user/cl01tl
-        metadataPolicy: None
        property: endpoint
    - secretKey: NTFY_TOPIC
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/snapshot
-        metadataPolicy: None
        property: NTFY_TOPIC

 ---
@@ -171,66 +138,39 @@ spec:
  data:
    - secretKey: ENVIRONMENT
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
-        metadataPolicy: None
        property: ENVIRONMENT
    - secretKey: CHECK_INTERVAL
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
-        metadataPolicy: None
        property: CHECK_INTERVAL
    - secretKey: MAX_CHECK_INTERVAL
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
-        metadataPolicy: None
        property: MAX_CHECK_INTERVAL
    - secretKey: NODES
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
-        metadataPolicy: None
        property: NODES
    - secretKey: TLS_SKIP_VERIFY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
-        metadataPolicy: None
        property: TLS_SKIP_VERIFY
    - secretKey: TOKENS
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
-        metadataPolicy: None
        property: TOKENS
    - secretKey: EMAIL_ENABLED
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
-        metadataPolicy: None
        property: EMAIL_ENABLED
    - secretKey: NOTIFY_MAX_ELAPSED
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
-        metadataPolicy: None
        property: NOTIFY_MAX_ELAPSED
    - secretKey: NOTIFY_QUEUE_DELAY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
-        metadataPolicy: None
        property: NOTIFY_QUEUE_DELAY

 ---
@@ -250,66 +190,39 @@ spec:
  data:
    - secretKey: ENVIRONMENT
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
-        metadataPolicy: None
        property: ENVIRONMENT
    - secretKey: CHECK_INTERVAL
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
-        metadataPolicy: None
        property: CHECK_INTERVAL
    - secretKey: MAX_CHECK_INTERVAL
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
-        metadataPolicy: None
        property: MAX_CHECK_INTERVAL
    - secretKey: NODES
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
-        metadataPolicy: None
        property: NODES
    - secretKey: TLS_SKIP_VERIFY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
-        metadataPolicy: None
        property: TLS_SKIP_VERIFY
    - secretKey: TOKENS
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
-        metadataPolicy: None
        property: TOKENS
    - secretKey: EMAIL_ENABLED
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
-        metadataPolicy: None
        property: EMAIL_ENABLED
    - secretKey: NOTIFY_MAX_ELAPSED
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
-        metadataPolicy: None
        property: NOTIFY_MAX_ELAPSED
    - secretKey: NOTIFY_QUEUE_DELAY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
-        metadataPolicy: None
        property: NOTIFY_QUEUE_DELAY

 ---
@@ -329,66 +242,39 @@ spec:
  data:
    - secretKey: ENVIRONMENT
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
-        metadataPolicy: None
        property: ENVIRONMENT
    - secretKey: CHECK_INTERVAL
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
-        metadataPolicy: None
        property: CHECK_INTERVAL
    - secretKey: MAX_CHECK_INTERVAL
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
-        metadataPolicy: None
        property: MAX_CHECK_INTERVAL
    - secretKey: NODES
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
-        metadataPolicy: None
        property: NODES
    - secretKey: TLS_SKIP_VERIFY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
-        metadataPolicy: None
        property: TLS_SKIP_VERIFY
    - secretKey: TOKENS
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
-        metadataPolicy: None
        property: TOKENS
    - secretKey: EMAIL_ENABLED
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
-        metadataPolicy: None
        property: EMAIL_ENABLED
    - secretKey: NOTIFY_MAX_ELAPSED
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
-        metadataPolicy: None
        property: NOTIFY_MAX_ELAPSED
    - secretKey: NOTIFY_QUEUE_DELAY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
-        metadataPolicy: None
        property: NOTIFY_QUEUE_DELAY

 ---
@@ -408,43 +294,25 @@ spec:
  data:
    - secretKey: token
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/token
-        metadataPolicy: None
        property: token
    - secretKey: unseal_key_1
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/token
-        metadataPolicy: None
        property: unseal_key_1
    - secretKey: unseal_key_2
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/token
-        metadataPolicy: None
        property: unseal_key_2
    - secretKey: unseal_key_3
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/token
-        metadataPolicy: None
        property: unseal_key_3
    - secretKey: unseal_key_4
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/token
-        metadataPolicy: None
        property: unseal_key_4
    - secretKey: unseal_key_5
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/vault/token
-        metadataPolicy: None
        property: unseal_key_5
--- a/clusters/cl01tl/helm/vault/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/vault/templates/http-route.yaml
@@ -25,4 +25,3 @@ spec:
          kind: Service
          name: vault-active
          port: 8200
-          weight: 100
--- a/clusters/cl01tl/helm/vault/values.yaml
+++ b/clusters/cl01tl/helm/vault/values.yaml
@@ -1,9 +1,5 @@
 vault:
  global:
-    enabled: true
-    tlsDisable: true
-    psp:
-      enable: false
    serverTelemetry:
      prometheusOperator: true
  injector:
@@ -12,23 +8,16 @@ vault:
    enabled: true
    image:
      repository: hashicorp/vault
-      tag: 1.21.4
-    updateStrategyType: "RollingUpdate"
+      tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
+    updateStrategyType: RollingUpdate
    logLevel: debug
    logFormat: standard
    resources:
      requests:
        cpu: 50m
        memory: 512Mi
-    ingress:
-      enabled: false
-    route:
-      enabled: false
    authDelegator:
      enabled: false
-    readinessProbe:
-      enabled: true
-      port: 8200
    livenessProbe:
      enabled: false
    volumes:
@@ -39,43 +28,17 @@ vault:
      - mountPath: /opt/backups/
        name: vault-storage-backup
        readOnly: false
-    affinity: |
-      podAntiAffinity:
-        requiredDuringSchedulingIgnoredDuringExecution:
-          - labelSelector:
-              matchLabels:
-                app.kubernetes.io/name: {{ template "vault.name" . }}
-                app.kubernetes.io/instance: "{{ .Release.Name }}"
-                component: server
-            topologyKey: kubernetes.io/hostname
-    networkPolicy:
-      enabled: false
-    service:
-      enabled: true
-      active:
-        enabled: true
-      standby:
-        enabled: false
-      type: ClusterIP
-      port: 8200
-      targetPort: 8200
    dataStorage:
-      enabled: true
      size: 1Gi
-      mountPath: "/vault/data"
-      accessMode: ReadWriteOnce
+      storageClass: ceph-block
    auditStorage:
      enabled: false
      size: 5Gi
-      mountPath: "/vault/audit"
-      accessMode: ReadWriteOnce
-    dev:
-      enabled: false
+      storageClass: ceph-block
    standalone:
      enabled: false
    ha:
      enabled: true
-      replicas: 3
      raft:
        enabled: true
        config: |
@@ -109,30 +72,12 @@ vault:
            prometheus_retention_time = "30s"
            disable_hostname = true
          }
-
      disruptionBudget:
        enabled: true
-        maxUnavailable: null
-    serviceAccount:
-      create: true
-      serviceDiscovery:
-        enabled: true
-    hostNetwork: false
-  ui:
-    enabled: true
-    publishNotReadyAddresses: true
-    activeVaultPodOnly: false
-    serviceType: "ClusterIP"
-    serviceNodePort: null
-    externalPort: 8200
-    targetPort: 8200
-  csi:
-    enabled: false
+        maxUnavailable: 1
  serverTelemetry:
    serviceMonitor:
      enabled: true
-      interval: 30s
-      scrapeTimeout: 10s
    prometheusRules:
      enabled: true
      rules:
@@ -158,20 +103,15 @@ snapshot:
      type: cronjob
      cronjob:
        suspend: false
-        concurrencyPolicy: Forbid
-        timeZone: US/Central
+        timeZone: America/Chicago
        schedule: 0 4 * * *
-        startingDeadlineSeconds: 90
-        successfulJobsHistory: 1
-        failedJobsHistory: 3
        backoffLimit: 3
        parallelism: 1
      initContainers:
        snapshot:
          image:
            repository: hashicorp/vault
-            tag: 1.21.4
-            pullPolicy: IfNotPresent
+            tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
          command:
            - /bin/ash
          args:
@@ -328,53 +268,47 @@ unseal:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/lrstanley/vault-unseal
-            tag: 0.7.2
-            pullPolicy: IfNotPresent
+            tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
          envFrom:
            - secretRef:
                name: vault-unseal-config-1
          resources:
            requests:
-              cpu: 10m
-              memory: 24Mi
+              cpu: 1m
+              memory: 10Mi
    unseal-2:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/lrstanley/vault-unseal
-            tag: 0.7.2
-            pullPolicy: IfNotPresent
+            tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
          envFrom:
            - secretRef:
                name: vault-unseal-config-2
          resources:
            requests:
-              cpu: 10m
-              memory: 24Mi
+              cpu: 1m
+              memory: 10Mi
    unseal-3:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/lrstanley/vault-unseal
-            tag: 0.7.2
-            pullPolicy: IfNotPresent
+            tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
          envFrom:
            - secretRef:
                name: vault-unseal-config-3
          resources:
            requests:
-              cpu: 10m
-              memory: 24Mi
+              cpu: 1m
+              memory: 10Mi
--- a/clusters/cl01tl/helm/vaultwarden/Chart.lock
+++ b/clusters/cl01tl/helm/vaultwarden/Chart.lock
@@ -7,9 +7,9 @@ dependencies:
  version: 2.4.0
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.10.0
+  version: 7.11.2
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
-digest: sha256:6f78b41937412c1db5e0f612287d29ea81c1d9169b8a0efd98a0dd4be3e532d1
-generated: "2026-03-15T20:10:47.852109985Z"
+digest: sha256:1b1949361ed77479733f8634a2ac6d74d4d8ba3144339446f5508643a0b57a31
+generated: "2026-04-07T20:19:48.079671-05:00"
--- a/clusters/cl01tl/helm/vaultwarden/Chart.yaml
+++ b/clusters/cl01tl/helm/vaultwarden/Chart.yaml
@@ -4,17 +4,15 @@ version: 1.0.0
 description: Vaultwarden
 keywords:
  - vaultwarden
-  - bitwarden
-  - password
-home: https://wiki.alexlebens.dev/s/fecd00f9-ebce-43eb-b066-3721b15432e3
+  - password-manager
+home: https://docs.alexlebens.dev/applications/vault/
 sources:
  - https://github.com/dani-garcia/vaultwarden
-  - https://github.com/cloudflare/cloudflared
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://hub.docker.com/r/vaultwarden/server
+  - https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
@@ -27,7 +25,7 @@ dependencies:
    version: 2.4.0
  - name: postgres-cluster
    alias: postgres-18-cluster
-    version: 7.10.0
+    version: 7.11.2
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: volsync-target
    alias: volsync-target-data
--- a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml
@@ -14,15 +14,9 @@ spec:
  data:
    - secretKey: client
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/vaultwarden
-        metadataPolicy: None
        property: client
    - secretKey: secret
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/vaultwarden
-        metadataPolicy: None
        property: secret
--- a/clusters/cl01tl/helm/vaultwarden/values.yaml
+++ b/clusters/cl01tl/helm/vaultwarden/values.yaml
@@ -4,13 +4,11 @@ vaultwarden:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
      containers:
        main:
          image:
-            repository: vaultwarden/server
-            tag: 1.35.4
-            pullPolicy: IfNotPresent
+            repository: ghcr.io/dani-garcia/vaultwarden
+            tag: 1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664
          env:
            - name: DOMAIN
              value: https://passwords.alexlebens.dev
@@ -44,7 +42,7 @@ vaultwarden:
          resources:
            requests:
              cpu: 10m
-              memory: 128Mi
+              memory: 30Mi
  service:
    main:
      controller: main
@@ -52,14 +50,12 @@ vaultwarden:
        http:
          port: 80
          targetPort: 80
-          protocol: HTTP
  persistence:
    config:
      forceRename: vaultwarden-data
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
-      retain: true
      advancedMounts:
        main:
          main:
@@ -78,35 +74,12 @@ postgres-18-cluster:
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
-      # - name: garage-remote
-      #   index: 1
-      #   destinationBucket: postgres-backups
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "90d"
-      #   data:
-      #     compression: bzip2
-      # - name: external
-      #   index: 1
-      #   endpointURL: https://nyc3.digitaloceanspaces.com
-      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 0 0 * * *"
        backupName: garage-local
-      # - name: weekly-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 4 * * SAT"
-      #   backupName: garage-remote
-      # - name: daily-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
 volsync-target-data:
  pvcTarget: vaultwarden-data
  local:
--- a/clusters/cl01tl/helm/version-checker/Chart.yaml
+++ b/clusters/cl01tl/helm/version-checker/Chart.yaml
@@ -5,6 +5,7 @@ description: Version Checker
 keywords:
  - version-checker
  - update-tracker
+  - metrics
 home: https://docs.alexlebens.dev/applications/version-checker/
 sources:
  - https://github.com/jetstack/version-checker
--- a/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml
+++ b/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml
@@ -0,0 +1,16 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: version-checker
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: version-checker
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app: version-checker
+  endpoints:
+    - port: web
+      path: /metrics
--- a/clusters/cl01tl/helm/version-checker/values.yaml
+++ b/clusters/cl01tl/helm/version-checker/values.yaml
@@ -10,8 +10,7 @@ version-checker:
  resources:
    requests:
      cpu: 1m
-      memory: 40Mi
+      memory: 400Mi
  prometheus:
    enabled: true
-    replicas: 1
    serviceAccountName: version-checker-prometheus
--- a/clusters/cl01tl/helm/volsync/Chart.yaml
+++ b/clusters/cl01tl/helm/volsync/Chart.yaml
@@ -5,12 +5,10 @@ description: Volsync
 keywords:
  - volsync
  - backup
-  - storage
-  - s3
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/6858726b-5219-46ee-b9b7-6e1f6c125f6b
+home: https://docs.alexlebens.dev/applications/volsync/
 sources:
  - https://github.com/backube/volsync
+  - https://quay.io/repository/backube/volsync?tab=tags
  - https://github.com/backube/volsync/tree/main/helm/volsync
 maintainers:
  - name: alexlebens
--- a/clusters/cl01tl/helm/volsync/values.yaml
+++ b/clusters/cl01tl/helm/volsync/values.yaml
@@ -1,15 +1,15 @@
 volsync:
  replicaCount: 2
+  image:
+    repository: quay.io/backube/volsync
+    tag: 0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4
  manageCRDs: true
  metrics:
    disableAuth: true
-  securityContext:
-    allowPrivilegeEscalation: false
-    capabilities:
-      drop:
-        - ALL
-    readOnlyRootFilesystem: true
  resources:
+    limits:
+      cpu: null
+      memory: null
    requests:
-      cpu: 10m
-      memory: 128Mi
+      cpu: 1m
+      memory: 80Mi
--- a/clusters/cl01tl/helm/whodb/Chart.yaml
+++ b/clusters/cl01tl/helm/whodb/Chart.yaml
@@ -4,9 +4,8 @@ version: 1.0.0
 description: WhoDB
 keywords:
  - whodb
-  - postgresql
-  - database
-home: https://wiki.alexlebens.dev/s/f329e026-7ade-4a3c-a5f1-1ac1492b9786
+  - database-dashboard
+home: https://docs.alexlebens.dev/applications/whodb/
 sources:
  - https://github.com/clidey/whodb
  - https://hub.docker.com/r/clidey/whodb
--- a/clusters/cl01tl/helm/whodb/values.yaml
+++ b/clusters/cl01tl/helm/whodb/values.yaml
@@ -3,13 +3,11 @@ whodb:
    main:
      type: deployment
      replicas: 1
-      strategy: Recreate
      containers:
        main:
          image:
            repository: clidey/whodb
-            tag: 0.104.0
-            pullPolicy: IfNotPresent
+            tag: 0.104.0@sha256:ab485c021b862aac50bb88658f3342ca01d3eba33e933353692bc9989b2912c4
          env:
            - name: WHODB_OLLAMA_HOST
              value: ollama-server-2.ollama
@@ -17,8 +15,8 @@ whodb:
              value: 11434
          resources:
            requests:
-              cpu: 10m
-              memory: 256Mi
+              cpu: 1m
+              memory: 20Mi
  service:
    main:
      controller: main
@@ -26,7 +24,6 @@ whodb:
        http:
          port: 80
          targetPort: 8080
-          protocol: TCP
  route:
    main:
      kind: HTTPRoute
@@ -39,11 +36,8 @@ whodb:
        - whodb.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
-              kind: Service
-              name: whodb
+            - name: whodb
              port: 80
-              weight: 100
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/yamtrack/Chart.lock
+++ b/clusters/cl01tl/helm/yamtrack/Chart.lock
@@ -4,9 +4,9 @@ dependencies:
  version: 4.6.2
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.10.0
+  version: 7.11.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.4.0
-digest: sha256:71da007e1cef75e45b1678caa51b0d2317cb8f4dfdf7df675d534194f03650aa
-generated: "2026-03-15T20:11:03.591727143Z"
+  version: 0.5.0
+digest: sha256:473de03f0404ca8c53e85ea2a22797a8ba040102c6dca977face60f81f3130e4
+generated: "2026-04-07T20:57:56.63402-05:00"
--- a/clusters/cl01tl/helm/yamtrack/Chart.yaml
+++ b/clusters/cl01tl/helm/yamtrack/Chart.yaml
@@ -4,15 +4,14 @@ version: 1.0.0
 description: Yamtrack
 keywords:
  - yamtrack
-  - media
-  - jellyfin
-home: https://wiki.alexlebens.dev/s/74f31779-734e-42d0-852e-efd57ebdc797
+  - media-tracking
+home: https://docs.alexlebens.dev/applications/yamtrack/
 sources:
  - https://github.com/FuzzyGrim/Yamtrack
-  - https://github.com/cloudnative-pg/cloudnative-pg
  - https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
 maintainers:
  - name: alexlebens
 dependencies:
@@ -22,11 +21,11 @@ dependencies:
    version: 4.6.2
  - name: postgres-cluster
    alias: postgres-18-cluster
-    version: 7.10.0
+    version: 7.11.2
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: valkey
    alias: valkey
-    version: 0.4.0
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png
 # renovate: datasource=github-releases depName=FuzzyGrim/Yamtrack
--- a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml
@@ -14,10 +14,7 @@ spec:
  data:
    - secretKey: SECRET
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/yamtrack/config
-        metadataPolicy: None
        property: SECRET

 ---
@@ -37,8 +34,5 @@ spec:
  data:
    - secretKey: SOCIALACCOUNT_PROVIDERS
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/yamtrack
-        metadataPolicy: None
        property: SOCIALACCOUNT_PROVIDERS
--- a/clusters/cl01tl/helm/yamtrack/values.yaml
+++ b/clusters/cl01tl/helm/yamtrack/values.yaml
@@ -4,16 +4,14 @@ yamtrack:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/fuzzygrim/yamtrack
-            tag: 0.25.0
-            pullPolicy: IfNotPresent
+            tag: 0.25.0@sha256:df76008258452a6cda73d971dc4ffbcbca96c5220154a02c9b70bf0bb0e24931
          env:
            - name: TZ
-              value: US/Central
+              value: America/Chicago
            - name: URLS
              value: https://yamtrack.alexlebens.net
            - name: REGISTRATION
@@ -60,7 +58,7 @@ yamtrack:
          resources:
            requests:
              cpu: 10m
-              memory: 256Mi
+              memory: 380Mi
  service:
    main:
      controller: main
@@ -68,7 +66,6 @@ yamtrack:
        http:
          port: 80
          targetPort: 8000
-          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
@@ -81,11 +78,8 @@ yamtrack:
        - yamtrack.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
-              kind: Service
-              name: yamtrack
+            - name: yamtrack
              port: 80
-              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -103,32 +97,9 @@ postgres-18-cluster:
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
-      # - name: garage-remote
-      #   index: 1
-      #   destinationBucket: postgres-backups
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "90d"
-      #   data:
-      #     compression: bzip2
-      # - name: external
-      #   index: 1
-      #   endpointURL: https://nyc3.digitaloceanspaces.com
-      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 10 16 * * *"
        backupName: garage-local
-      # - name: weekly-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 4 * * SAT"
-      #   backupName: garage-remote
-      # - name: daily-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
--- a/clusters/cl01tl/helm/yubal/Chart.yaml
+++ b/clusters/cl01tl/helm/yubal/Chart.yaml
@@ -5,11 +5,11 @@ description: yubal
 keywords:
  - yubal
  - music
-  - youtube
-home: https://wiki.alexlebens.dev/s/
+home: https://docs.alexlebens.dev/applications/yamtrack/
 sources:
  - https://github.com/guillevc/yubal
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
@@ -21,5 +21,6 @@ dependencies:
    alias: volsync-target-config
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/yubal.png
 # renovate: datasource=github-releases depName=guillevc/yubal
 appVersion: v0.7.2
--- a/clusters/cl01tl/helm/yubal/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/yubal/templates/external-secret.yaml
@@ -1,42 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: yubal-wireguard-conf
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: yubal-wireguard-conf
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: private-key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /airvpn/conf/cl01tl
-        metadataPolicy: None
-        property: private-key
-    - secretKey: preshared-key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /airvpn/conf/cl01tl
-        metadataPolicy: None
-        property: preshared-key
-    - secretKey: addresses
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /airvpn/conf/cl01tl
-        metadataPolicy: None
-        property: addresses
-    - secretKey: input-ports
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /airvpn/conf/cl01tl
-        metadataPolicy: None
-        property: input-ports
--- a/clusters/cl01tl/helm/yubal/templates/namespace.yaml
+++ b/clusters/cl01tl/helm/yubal/templates/namespace.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: yubal
-  labels:
-    app.kubernetes.io/name: yubal
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    pod-security.kubernetes.io/audit: privileged
-    pod-security.kubernetes.io/enforce: privileged
-    pod-security.kubernetes.io/warn: privileged
--- a/clusters/cl01tl/helm/yubal/values.yaml
+++ b/clusters/cl01tl/helm/yubal/values.yaml
@@ -4,18 +4,17 @@ yubal:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
      pod:
        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
          fsGroup: 1000
+          fsGroupChangePolicy: OnRootMismatch
      containers:
        main:
          image:
            repository: ghcr.io/guillevc/yubal
            tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be
-            pullPolicy: IfNotPresent
          env:
            - name: YUBAL_TZ
              value: America/Chicago
@@ -28,7 +27,7 @@ yubal:
          resources:
            requests:
              cpu: 10m
-              memory: 128Mi
+              memory: 200Mi
  service:
    main:
      controller: main
@@ -36,7 +35,6 @@ yubal:
        http:
          port: 80
          targetPort: 8000
-          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
@@ -49,11 +47,8 @@ yubal:
        - yubal.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
-              kind: Service
-              name: yubal
+            - name: yubal
              port: 80
-              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -64,7 +59,6 @@ yubal:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 1Gi
-      retain: true
      advancedMounts:
        main:
          main:
--- a/hosts/ps08rp/traefik/compose.yaml
+++ b/hosts/ps08rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
+        image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps09rp/traefik/compose.yaml
+++ b/hosts/ps09rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
+        image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps10rp/traefik/compose.yaml
+++ b/hosts/ps10rp/traefik/compose.yaml
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
+        image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
Author	SHA1	Message	Date
Renovate Bot	4ad6904837	Merge pull request 'chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273' (#5716 ) from renovate/unified-lidarr into main All checks were successful lint-test-helm / lint-helm (push) Successful in 23s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 5m4s Details	2026-04-08 05:02:47 +00:00
Renovate Bot	988e6b21c1	chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 26s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 29s Details render-manifests / render-manifests (pull_request) Successful in 2m5s Details	2026-04-08 05:02:30 +00:00
Renovate Bot	7b34b8901e	Merge pull request 'chore(deps): update traefik to v3.6.13' (#5713 ) from renovate/unified-traefik into main All checks were successful lint-test-helm / lint-helm (push) Successful in 28s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details lint-test-docker / lint-docker-compose (push) Successful in 2m1s Details renovate / renovate (push) Successful in 2m17s Details	2026-04-08 02:28:17 +00:00
Renovate Bot	32870a7213	chore(deps): update traefik to v3.6.13 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 24s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 23s Details render-manifests / render-manifests (pull_request) Successful in 53s Details lint-test-docker / lint-docker-compose (pull_request) Successful in 1m54s Details	2026-04-08 02:27:41 +00:00
Alex Lebens	5b894cd50e	Merge pull request 'feat: remove pdb' (#5711 ) from tmp/fix-2 into main Some checks failed lint-test-helm / lint-helm (push) Successful in 25s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #5711	2026-04-08 02:25:52 +00:00
Alex Lebens	3168925715	feat: remove pdb	2026-04-08 02:25:52 +00:00
Renovate Bot	050576d5a6	Merge pull request 'chore(deps): update helm release authentik to v2026.2.2' (#5710 ) from renovate/unified-authentik into main Some checks failed lint-test-helm / lint-helm (push) Successful in 23s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details	2026-04-08 02:23:45 +00:00
Renovate Bot	2de4d79c58	chore(deps): update helm release authentik to v2026.2.2 Some checks failed renovate/stability-days Updates have not met minimum release age requirement Details render-manifests / render-manifests (pull_request) Failing after 5s Details lint-test-helm / lint-helm (pull_request) Successful in 22s Details lint-test-helm / validate-kubeconform (pull_request) Has been skipped Details	2026-04-08 02:23:29 +00:00
Alex Lebens	0c6edbae28	Merge pull request 'tmp/fix-1' (#5708 ) from tmp/fix-1 into main Some checks failed lint-test-helm / lint-helm (push) Successful in 23s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #5708	2026-04-08 02:21:22 +00:00
Alex Lebens	f6b11e17e4	fix: add log env All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 23s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 19s Details render-manifests / render-manifests (pull_request) Successful in 38s Details	2026-04-07 21:19:02 -05:00
Alex Lebens	7d36ea9c90	feat: change pod dis budget	2026-04-07 21:19:02 -05:00
Alex Lebens	0a7bbf21bd	Merge pull request 'chore(deps): update valkey/valkey docker tag to v9.0.3' (#5285 ) from renovate/unified-valkey into main All checks were successful lint-test-helm / lint-helm (push) Successful in 24s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m21s Details Reviewed-on: #5285	2026-04-08 02:14:23 +00:00
Renovate Bot	5456428592	chore(deps): update valkey/valkey docker tag to v9.0.3 All checks were successful renovate/stability-days Updates have met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 31s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 30s Details render-manifests / render-manifests (pull_request) Successful in 54s Details	2026-04-08 02:11:03 +00:00
Alex Lebens	88ab17c2f3	Merge pull request 'feat: refactor apps' (#5705 ) from tmp/refactor-43 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 44s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 5m9s Details Reviewed-on: #5705	2026-04-08 02:06:35 +00:00
Alex Lebens	cd0eefdbec	feat: refactor apps All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 1m23s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 49s Details render-manifests / render-manifests (pull_request) Successful in 1m13s Details	2026-04-07 21:03:04 -05:00
Alex Lebens	66cdec3eee	Merge pull request 'feat: refactor apps' (#5703 ) from tmp/refactor-42 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 36s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 8m53s Details Reviewed-on: #5703	2026-04-08 01:39:02 +00:00
Alex Lebens	2f8a695f04	fix: wrong sha	2026-04-08 01:39:02 +00:00
Alex Lebens	b024675f2e	feat: refactor apps	2026-04-08 01:39:02 +00:00
Alex Lebens	1ce8f18df7	feat: refactor apps	2026-04-08 01:39:02 +00:00
Renovate Bot	6825615229	Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.109.1' (#5702 ) from renovate/unified-renovate into main All checks were successful renovate / renovate (push) Successful in 5m9s Details	2026-04-08 01:04:00 +00:00
Renovate Bot	495cac7e10	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.109.1 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details	2026-04-08 01:03:28 +00:00
Alex Lebens	01dfc0cc67	Merge pull request 'feat: refactor apps' (#5700 ) from tmp/refactor-41 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 44s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 5m17s Details Reviewed-on: #5700	2026-04-08 00:55:05 +00:00
Alex Lebens	e4f8996477	feat: refactor apps All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 2m52s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 6m32s Details render-manifests / render-manifests (pull_request) Successful in 4m3s Details	2026-04-07 19:43:43 -05:00
Alex Lebens	309d087b66	Merge pull request 'chore(deps): update nginx docker tag to v1.29.8' (#5697 ) from renovate/unified-nginx into main All checks were successful lint-test-helm / lint-helm (push) Successful in 19s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m8s Details Reviewed-on: #5697	2026-04-07 23:54:20 +00:00
Renovate Bot	4b7fafbe88	chore(deps): update nginx docker tag to v1.29.8	2026-04-07 23:54:20 +00:00
Alex Lebens	aaef7d9783	Merge pull request 'chore(deps): update tailscale/tailscale docker tag to v1.96.5' (#5690 ) from renovate/unified-tailscale into main All checks were successful lint-test-helm / lint-helm (push) Successful in 33s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m44s Details Reviewed-on: #5690	2026-04-07 23:04:29 +00:00
Renovate Bot	10fa4e597f	chore(deps): update tailscale/tailscale docker tag to v1.96.5 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 27s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 32s Details render-manifests / render-manifests (pull_request) Successful in 49s Details	2026-04-07 23:02:34 +00:00
Alex Lebens	a6c035e52d	Merge pull request 'chore(deps): update tailscale/k8s-operator docker tag to v1.96.5' (#5689 ) from renovate/unified-k8s-operator into main All checks were successful lint-test-helm / lint-helm (push) Successful in 21s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m23s Details Reviewed-on: #5689	2026-04-07 23:00:07 +00:00
Renovate Bot	bc58ca657d	chore(deps): update tailscale/k8s-operator docker tag to v1.96.5 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 23s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 24s Details render-manifests / render-manifests (pull_request) Successful in 48s Details	2026-04-07 22:55:21 +00:00