Update php Docker tag to v8.5.0

Update Helm release generic-device-plugin to v0.20.5 (#2320 )
change user
2025-12-08 03:03:35 +00:00 · 2025-12-08 03:02:22 +00:00 · 2025-12-07 18:00:18 -06:00 · 2025-12-07 17:35:27 -06:00 · 2025-12-07 17:35:27 -06:00 · 2025-12-07 22:48:02 +00:00
246 changed files with 2542 additions and 1276 deletions
--- a/.gitea/workflows/lint-test-docker-pull.yaml
+++ b/.gitea/workflows/lint-test-docker-pull.yaml
@@ -1,86 +0,0 @@
 name: lint-test-docker
 on:
  pull_request:
    branches:
      - main
    paths:
      - 'hosts/**'
 jobs:
  docker-lint:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Check Branch Exists
        id: check-branch-exists
        uses: GuillaumeFalourd/branch-exists@v1.1
        with:
          branch: "${{ github.base_ref }}"
      - name: Branch Does Not Exist
        if: steps.check-branch-exists.outputs.exists == 'false'
        run: echo "Branch ${{ github.base_ref }} was not found, likely already merged"
      - name: Set up Node.js
        if: steps.check-branch-exists.outputs.exists == 'true'
        uses: actions/setup-node@v6
        with:
          node-version: '24'
      - name: Lint Docker Compose
        if: steps.check-branch-exists.outputs.exists == 'true'
        run: |
          set -e  # Exit immediately if a command exits with a non-zero status.
          TARGET_BRANCH="origin/${{ github.base_ref }}"
          echo ">> Target branch for diff is: $TARGET_BRANCH"
          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'hosts/**')
          echo ">> Found changed files:"
          echo "$CHANGED_FILES"
          # For each changed file, find its parent chart directory (the one with compose.yaml).
          # Then, create a unique list of those directories.
          CHANGED_COMPOSE=$(echo "$CHANGED_FILES" | while read -r file; do
            dir=$(dirname "$file")
            while [[ "$dir" != "." && ! -f "$dir/compose.yaml" ]]; do
              dir=$(dirname "$dir")
            done
            if [[ "$dir" != "." ]]; then
              echo "$dir"
            fi
          done | sort -u)
          if [[ -z "$CHANGED_COMPOSE" ]]; then
            echo ">> Could not determine changed compose files. This will happen if only files outside a compose file were changed."
            exit 0
          fi
          echo ">> Running dclint on changed compose files:"
          echo "$CHANGED_COMPOSE"
          echo "$CHANGED_COMPOSE" | while read -r compose; do
            echo ">> Linting $compose ..."
            npx dclint $compose
          done
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Infrastructure'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Docker linting on Pull Request for Infrastructure has failed!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-pull.yaml", "clear": true}]'
          image: true
--- a/.gitea/workflows/lint-test-docker-push.yaml
+++ b/.gitea/workflows/lint-test-docker-push.yaml
@@ -1,74 +0,0 @@
 name: lint-test-docker
 on:
  push:
    branches:
      - main
    paths:
      - 'hosts/**'
 jobs:
  docker-lint:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Set up Node.js
        uses: actions/setup-node@v6
        with:
          node-version: '24'
      - name: Lint Docker Compose
        run: |
          set -e  # Exit immediately if a command exits with a non-zero status.
          TARGET_BRANCH="origin/main"
          echo ">> Target branch for diff is: $TARGET_BRANCH"
          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'hosts/**')
          echo ">> Found changed files:"
          echo "$CHANGED_FILES"
          # For each changed file, find its parent chart directory (the one with compose.yaml).
          # Then, create a unique list of those directories.
          CHANGED_COMPOSE=$(echo "$CHANGED_FILES" | while read -r file; do
            dir=$(dirname "$file")
            while [[ "$dir" != "." && ! -f "$dir/compose.yaml" ]]; do
              dir=$(dirname "$dir")
            done
            if [[ "$dir" != "." ]]; then
              echo "$dir"
            fi
          done | sort -u)
          if [[ -z "$CHANGED_COMPOSE" ]]; then
            echo ">> Could not determine changed compose files. This will happen if only files outside a compose file were changed."
            exit 0
          fi
          echo ">> Running dclint on changed compose files:"
          echo "$CHANGED_COMPOSE"
          echo "$CHANGED_COMPOSE" | while read -r compose; do
            echo ">> Linting $compose ..."
            npx dclint $compose
          done
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Infrastructure'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Docker linting on Push for Infrastructure has failed!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-push.yaml", "clear": true}]'
          image: true
--- a/.gitea/workflows/lint-test-docker.yaml
+++ b/.gitea/workflows/lint-test-docker.yaml
@@ -0,0 +1,134 @@
 name: lint-test-docker
 on:
  pull_request:
    branches:
      - main
    paths:
      - 'hosts/**'
      - '!clusters/**'
  push:
    branches:
      - main
    paths:
      - 'hosts/**'
      - '!clusters/**'
 env:
  BASE_BRANCH: "origin/${{ gitea.base_ref }}"
 jobs:
  lint-docker-compose:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
        uses: GuillaumeFalourd/branch-exists@v1.1
        with:
          branch: "${{ github.base_ref }}"
      - name: Report Branch Exists
        id: branch-exists
        if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
        run: |
          if [ ${{ github.event_name == 'push' }} ]; then
            echo ">> Action is from a push event, will continue with linting"
          else
            echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
          fi
          echo "----"
          echo "exists=true" >> $GITEA_OUTPUT
      - name: Set up Node.js
        if: steps.branch-exists.outputs.exists == 'true'
        uses: actions/setup-node@v6
        with:
          node-version: '24'
      - name: Check Directories for Changes
        id: check-dir-changes
        if: steps.branch-exists.outputs.exists == 'true'
        run: |
          CHANGED_COMPOSE=()
          echo ">> Target branch for diff is: ${BASE_BRANCH}"
          if [ "${{ github.event_name }}" == "pull_request" ]; then
            echo ""
            echo ">> Checking for changes in a pull request ..."
            GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "hosts/[^/]+/[^/]+")
          else
            echo ""
            echo ">> Checking for changes from a push ..."
            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "hosts/[^/]+/[^/]+")
          fi
          if [ -n "${GIT_DIFF}" ]; then
            echo ""
            echo ">> Changes detected:"
            echo "$GIT_DIFF"
            for path in $GIT_DIFF; do
              CHANGED_COMPOSE+=$(echo "$path")
              CHANGED_COMPOSE+=$(echo " ")
            done
          else
            echo ""
            echo ">> No changes detected"
          fi
          if [ -n "${CHANGED_COMPOSE}" ]; then
            echo ""
            echo ">> Compose to Lint:"
            echo "$(echo "${CHANGED_COMPOSE}" | sort -u)"
            echo "----"
            echo "changes-detected=true" >> $GITEA_OUTPUT
            echo "compose-dir<<EOF" >> $GITEA_OUTPUT
            echo "$(echo "${CHANGED_COMPOSE}" | sort -u)" >> $GITEA_OUTPUT
            echo "EOF" >> $GITEA_OUTPUT
          else
            echo "changes-detected=false" >> $GITEA_OUTPUT
          fi
      - name: Lint Docker Compose
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }}
        run: |
          echo ">> Running dclint on changed compose files:"
          echo "$CHANGED_COMPOSE"
          for compose in $CHANGED_COMPOSE; do
            echo ">> Linting $compose ..."
            npx dclint $compose
          done
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Infrastructure'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Docker linting on Pull Request for Infrastructure has failed!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-pull.yaml", "clear": true}]'
          image: true
--- a/.gitea/workflows/lint-test-helm-pull.yaml
+++ b/.gitea/workflows/lint-test-helm-pull.yaml
@@ -1,94 +0,0 @@
 name: lint-test-helm
 on:
  pull_request:
    branches:
      - main
    paths:
      - 'clusters/**'
 jobs:
  helm-lint:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Check Branch Exists
        id: check-branch-exists
        uses: GuillaumeFalourd/branch-exists@v1.1
        with:
          branch: ${{ github.base_ref }}
      - name: Branch Does Not Exist
        if: steps.check-branch-exists.outputs.exists == 'false'
        run: echo "Branch ${{ github.base_ref }} was not found, likely already merged"
      - name: Set up Helm
        if: steps.check-branch-exists.outputs.exists == 'true'
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Lint Helm Chart
        if: steps.check-branch-exists.outputs.exists == 'true'
        run: |
          set -e  # Exit immediately if a command exits with a non-zero status.
          TARGET_BRANCH="origin/${{ github.base_ref }}"
          echo ">> Target branch for diff is: $TARGET_BRANCH"
          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'clusters/**')
          echo ">> Found changed files:"
          echo "$CHANGED_FILES"
          # For each changed file, find its parent chart directory (the one with Chart.yaml).
          # Then, create a unique list of those directories.
          CHANGED_CHARTS=$(echo "$CHANGED_FILES" | while read -r file; do
            dir=$(dirname "$file")
            while [[ "$dir" != "." && ! -f "$dir/Chart.yaml" ]]; do
              dir=$(dirname "$dir")
            done
            if [[ "$dir" != "." ]]; then
              echo "$dir"
            fi
          done | sort -u)
          if [[ -z "$CHANGED_CHARTS" ]]; then
            echo ">> Could not determine changed charts. This could happen if only files outside a chart were changed."
            exit 0
          fi
          echo ">> Running helm lint on changed charts:"
          echo "$CHANGED_CHARTS"
          echo "$CHANGED_CHARTS" | while read -r chart; do
            helm dependency list --max-col-width 120 $chart 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do echo "$cmd" | sh; done || true
            echo ">> Building dependency for "$chart" ..."
            helm dependency build "$chart"
            echo ">> Linting $chart..."
            helm lint "$chart"
          done
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Infrastructure'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm linting on Pull Request for Infrastructure has failed!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-pull.yaml", "clear": true}]'
          image: true
--- a/.gitea/workflows/lint-test-helm-push.yaml
+++ b/.gitea/workflows/lint-test-helm-push.yaml
@@ -1,80 +0,0 @@
 name: lint-test-helm
 on:
  push:
    branches:
      - main
    paths:
      - 'clusters/**'
 jobs:
  helm-lint:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Lint Helm Chart
        run: |
          TARGET_BRANCH="origin/main"
          echo ">> Target branch for diff is: $TARGET_BRANCH"
          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'clusters/**')
          echo ">> Found changed files:"
          echo "$CHANGED_FILES"
          # For each changed file, find its parent chart directory (the one with Chart.yaml).
          # Then, create a unique list of those directories.
          CHANGED_CHARTS=$(echo "$CHANGED_FILES" | while read -r file; do
            dir=$(dirname "$file")
            while [[ "$dir" != "." && ! -f "$dir/Chart.yaml" ]]; do
              dir=$(dirname "$dir")
            done
            if [[ "$dir" != "." ]]; then
              echo "$dir"
            fi
          done | sort -u)
          if [[ -z "$CHANGED_CHARTS" ]]; then
            echo ">> Could not determine changed charts. This could happen if only files outside a chart were changed."
            exit 0
          fi
          echo ">> Running helm lint on changed charts:"
          echo "$CHANGED_CHARTS"
          echo "$CHANGED_CHARTS" | while read -r chart; do
            helm dependency list --max-col-width 120 $chart 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do echo "$cmd" | sh; done || true
            echo ">> Building dependency for "$chart" ..."
            helm dependency build "$chart"
            echo ">> Linting $chart..."
            helm lint "$chart"
          done
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Infrastructure'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm linting on Push for Infrastructure has failed!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-push.yaml", "clear": true}]'
          image: true
--- a/.gitea/workflows/lint-test-helm.yaml
+++ b/.gitea/workflows/lint-test-helm.yaml
@@ -0,0 +1,174 @@
 name: lint-test-helm
 on:
  pull_request:
    branches:
      - main
    paths:
      - 'clusters/cl01tl/helm/**'
      - '!hosts/**'
  push:
    branches:
      - main
    paths:
      - 'clusters/cl01tl/helm/**'
      - '!hosts/**'
 env:
  CLUSTER: cl01tl
  BASE_BRANCH: "origin/${{ gitea.base_ref }}"
 jobs:
  lint-helm:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
        uses: GuillaumeFalourd/branch-exists@v1.1
        with:
          branch: ${{ gitea.base_ref }}
      - name: Report Branch Exists
        id: branch-exists
        if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
        run: |
          if [ ${{ github.event_name == 'push' }} ]; then
            echo ">> Action is from a push event, will continue with linting"
          else
            echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
          fi
          echo "----"
          echo "exists=true" >> $GITEA_OUTPUT
      - name: Set up Helm
        if: steps.branch-exists.outputs.exists == 'true'
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Check Directories for Changes
        id: check-dir-changes
        if: steps.branch-exists.outputs.exists == 'true'
        run: |
          CHANGED_CHARTS=()
          echo ">> Target branch for diff is: ${BASE_BRANCH}"
          if [ "${{ github.event_name }}" == "pull_request" ]; then
            echo ""
            echo ">> Checking for changes in a pull request ..."
            git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+"
            GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
          else
            echo ""
            echo ">> Checking for changes from a push ..."
            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
          fi
          if [ -n "${GIT_DIFF}" ]; then
            echo ""
            echo ">> Changes detected:"
            echo "$GIT_DIFF"
            for path in $GIT_DIFF; do
              CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
              CHANGED_CHARTS+=$(echo " ")
            done
          else
            echo ""
            echo ">> No changes detected"
          fi
          if [ -n "${CHANGED_CHARTS}" ]; then
            echo ""
            echo ">> Chart to Lint:"
            echo "$(echo "${CHANGED_CHARTS}" | sort -u)"
            echo "----"
            echo "changes-detected=true" >> $GITEA_OUTPUT
            echo "chart-dir<<EOF" >> $GITEA_OUTPUT
            echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
            echo "EOF" >> $GITEA_OUTPUT
          else
            echo "changes-detected=false" >> $GITEA_OUTPUT
          fi
      - name: Add Repositories
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
        run: |
          echo ">> Adding repositories for chart dependencies ..."
          for dir in ${CHANGED_CHARTS}; do
            helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/$dir 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do echo "$cmd" | sh; done || true
          done
          if helm repo list | tail +2 | read -r; then
            echo ""
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Lint Helm Chart
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
        run: |
          echo ">> Running linting on changed charts ..."
          for dir in ${CHANGED_CHARTS}; do
            chart_path=clusters/${CLUSTER}/helm/$dir
            chart_name=$(basename "$chart_path")
            if [ -f "$chart_path/Chart.yaml" ]; then
              cd $chart_path
              echo ""
              echo ">> Building helm dependency ..."
              helm dependency build --skip-refresh
              echo ""
              echo ">> Linting helm ..."
              helm lint --namespace "$chart_name"
            else
              echo ""
              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
              echo ""
            fi
          done
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Infrastructure'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm linting on Pull Request for Infrastructure has failed!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-pull.yaml", "clear": true}]'
          image: true
--- a/.gitea/workflows/render-manifests-automerge.yaml
+++ b/.gitea/workflows/render-manifests-automerge.yaml
@@ -0,0 +1,418 @@
 name: render-manifests-automerge
 on:
  pull_request:
    branches:
      - main
    paths:
      - 'clusters/cl01tl/helm/**'
    types:
      - closed
 env:
  CLUSTER: cl01tl
  BASE_BRANCH: manifests
  BRANCH_NAME_BASE: auto/update-manifests-automerge
  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
 jobs:
  render-manifests-automerge:
    runs-on: ubuntu-js
    if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'automerge')) }}
    steps:
      - name: Checkout Main
        uses: actions/checkout@v6
        with:
          path: infrastructure
          fetch-depth: 0
      - name: Checkout Manifests
        uses: actions/checkout@v6
        with:
          ref: manifests
          path: infrastructure-manifests
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
      - name: Prepare Manifest Branch
        id: prepare-manifest-branch
        run: |
          cd ${MANIFEST_DIR}
          BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)"
          echo ">> Configure git to use gitea-bot as user ..."
          git config user.name "gitea-bot"
          git config user.email "gitea-bot@alexlebens.net"
          echo ">> Creating branch ..."
          git checkout -b $BRANCH_NAME
          echo "----"
          echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITEA_OUTPUT
      - name: Check which Directories have Changes
        id: check-dir-changes
        run: |
          cd ${MAIN_DIR}
          RENDER_DIR=()
          echo ">> Checking for changes from HEAD^..HEAD ..."
          GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
          if [ -n "${GIT_DIFF}" ]; then
            echo ">> Changes detected:"
            echo "$GIT_DIFF"
            for path in $GIT_DIFF; do
              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
              RENDER_DIR+=$(echo " ")
            done
          else
            echo ">> No changes detected"
          fi
          if [ -n "${RENDER_DIR}" ]; then
            echo ">> Directories to Render:"
            echo "$(echo "${RENDER_DIR}" | sort -u)"
            echo "----"
            echo "changes-detected=true" >> $GITEA_OUTPUT
            echo "render-dir<<EOF" >> $GITEA_OUTPUT
            echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
            echo "EOF" >> $GITEA_OUTPUT
          else
            echo "changes-detected=false" >> $GITEA_OUTPUT
          fi
      - name: Add Repositories
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MAIN_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          for dir in ${RENDER_DIR}; do
            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do echo "$cmd" | sh; done || true
          done
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Remove Changed Manifest Files
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Remove manfiest files and rebuild from source ..."
          for dir in ${RENDER_DIR}; do
            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
            echo "$chart_path"
            rm -rf $chart_path/*
          done
          echo "----"
      - name: Render Helm Manifests
        id: render-manifests
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MAIN_DIR}
          echo ">> Rendering Manifests ..."
          for dir in ${RENDER_DIR}; do
            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
            chart_name=$(basename "$chart_path")
            echo ""
            echo ""
            echo ">> Rendering chart: $chart_name"
            echo ">> Chart path $chart_path"
            if [ -f "$chart_path/Chart.yaml" ]; then
              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
              TEMPLATE=""
              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
              cd $chart_path
              echo ""
              echo ">> Building helm dependency ..."
              helm dependency build --skip-refresh
              echo ""
              echo ">> Linting helm ..."
              helm lint --namespace "$chart_name"
              echo ""
              echo ">> Rendering templates ..."
              case "$chart_name" in
                "stack")
                  echo ""
                  echo ">> Special Rendering for stack into argocd namespace ..."
                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
                  ;;
                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
                  echo ""
                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
                  ;;
                *)
                  echo ""
                  echo ">> Standard Rendering for $chart_name ..."
                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
                  ;;
              esac
              echo ""
              echo ">> Formating rendered template ..."
              echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
              echo ""
              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
              ls $OUTPUT_FOLDER
              echo ""
            else
              echo ""
              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
              echo ""
            fi
          done
          echo "----"
      - name: Check for Changes
        id: check-changes
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        run: |
          cd ${MANIFEST_DIR}
          GIT_CHANGES=$(git status --porcelain)
          if [ -n "$GIT_CHANGES" ]; then
            echo ">> Changes detected"
            git status --porcelain
            echo "changes-detected=true" >> $GITEA_OUTPUT
          else
            echo ">> No changes detected, skipping PR creation"
          fi
          echo "----"
      - name: Commit and Push Changes
        id: commit-push
        if: steps.check-changes.outputs.changes-detected == 'true'
        env:
          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Commiting changes to ${BRANCH_NAME} ..."
          git add .
          git commit -m "chore: Update manifests after automerge"
          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
          echo ">> Pushing changes to $REPO_URL ..."
          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
          echo "----"
          echo "push=true" >> $GITEA_OUTPUT
      - name: Create Pull Request
        id: create-pull-request
        if: steps.commit-push.outputs.push == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
          GITEA_URL: ${{ secrets.REPO_URL }}
          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
        run: |
          cd ${MANIFEST_DIR}
          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
          PAYLOAD=$( jq -n \
            --arg head "${BRANCH_NAME}" \
            --arg base "${BASE_BRANCH}" \
            --arg title "Automated Manifest Update - Automerge" \
            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. This is expected to be automerged." \
            '{head: $head, base: $base, title: $title, body: $body}' )
          echo ">> Creating PR from branch ${BRANCH_NAME} into ${BASE_BRANCH}"
          echo ">> With Endpoint of:"
          echo "$API_ENDPOINT"
          echo ">> With Payload of:"
          echo "$PAYLOAD"
          HTTP_STATUS=$(
            curl -X POST \
              --silent \
              --write-out '%{http_code}' \
              --output response_body.json \
              --dump-header response_headers.txt \
              --data "$PAYLOAD" \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/json" \
              "$API_ENDPOINT" 2> response_errors.txt
          )
          echo ">> HTTP Status Code: $HTTP_STATUS"
          echo ">> Response Output ..."
          echo "----"
          cat response_body.json
          echo "----"
          cat response_headers.txt
          echo "----"
          cat response_errors.txt
          echo "----"
          if [ "$HTTP_STATUS" == "201" ]; then
            echo ">> Pull Request created successfully!"
            PR_URL=$(cat response_body.json | jq -r .html_url)
            echo ">> Pull Request URL: $PR_URL"
            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
            PR_NUMBER=$(cat response_body.json | jq -r .number)
            echo ">> Pull Request Number: $PR_NUMBER"
            echo "pull-request-number=${PR_NUMBER}" >> $GITEA_OUTPUT
            echo "pull-request-operation=created" >> $GITEA_OUTPUT
          elif [ "$HTTP_STATUS" == "422" ]; then
            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
          elif [ "$HTTP_STATUS" == "409" ]; then
            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
          else
            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
            exit 1
          fi
          echo "----"
      - name: Merge Changes
        id: merge-changes
        if: steps.commit-push.outputs.push == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
          GITEA_URL: ${{ secrets.REPO_URL }}
          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
          PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
        run: |
          cd ${MANIFEST_DIR}
          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}/merge"
          PAYLOAD=$( jq -n \
            --arg Do "merge" \
            '{Do: $Do}' )
          echo ">> Merging PR with ID: ${PR_NUMBER}"
          echo ">> With Endpoint of:"
          echo "$API_ENDPOINT"
          echo ">> With Payload of:"
          echo "$PAYLOAD"
          HTTP_STATUS=$(
            curl -X POST \
              --silent \
              --write-out '%{http_code}' \
              --output response_body.json \
              --dump-header response_headers.txt \
              --data "$PAYLOAD" \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/json" \
              "$API_ENDPOINT" 2> response_errors.txt
          )
          echo ">> HTTP Status Code: $HTTP_STATUS"
          echo ">> Response Output ..."
          echo "----"
          cat response_body.json
          echo "----"
          cat response_headers.txt
          echo "----"
          cat response_errors.txt
          echo "----"
          if [ "$HTTP_STATUS" == "200" ]; then
            echo ">> Pull Request merged successfully!"
            echo "pull-request-operation=merged" >> $GITEA_OUTPUT
          else
            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
            echo "pull-request-operation=failed" >> $GITEA_OUTPUT
            exit 1
          fi
          echo "----"
      - name: Cleanup Branch
        if: failure()
        env:
          BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Removing branch: ${BRANCH_NAME}"
          git push origin --delete ${BRANCH_NAME}
          echo "----"
      - name: ntfy Merged
        uses: niniyas/ntfy-action@master
        if: steps.merge-changes.outputs.pull-request-operation == 'merged'
        with:
          url: "${{ secrets.NTFY_URL }}"
          topic: "${{ secrets.NTFY_TOPIC }}"
          title: "Manifest Render PR Merged - Infrastructure"
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: "Automerge Manifest rendering for Infrastructure!"
          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: "${{ secrets.NTFY_URL }}"
          topic: "${{ secrets.NTFY_TOPIC }}"
          title: "Manifest Render Failure - Infrastructure"
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: "Automerge Manifest rendering for Infrastructure has failed!"
          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests-automerge.yaml", "clear": true}]'
          image: true
--- a/.gitea/workflows/render-manifests-dispatch.yaml
+++ b/.gitea/workflows/render-manifests-dispatch.yaml
@@ -1,12 +1,6 @@
-name: render-manifests
+name: render-manifests-dispatch
 on:
  push:
    branches:
      - main
    paths:
      - 'clusters/cl01tl/helm/**'
  workflow_dispatch:
 env:
@@ -18,7 +12,7 @@ env:
  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
 jobs:
-  render-manifests:
+  render-manifests-dispatch:
    runs-on: ubuntu-js
    steps:
      - name: Checkout Main
@@ -59,91 +53,102 @@ jobs:
            git checkout -b $BRANCH_NAME
          fi
          echo "----"
      - name: Check which Directories have Changes
        id: check-dir-changes
        run: |
          cd ${MAIN_DIR}
-          GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep "clusters/cl01tl/helm/")
+          RENDER_DIR=()
          CHANGED_DIR=()
-          echo ">> Checking for changes .."
+          echo ">> Triggered on dispatch, will check all paths ..."
-          echo "$GIT_DIFF"
+          RENDER_DIR+=$(ls clusters/cl01tl/helm/)
-          if [ -n $GIT_DIFF ]; then
+          if [ -n "${RENDER_DIR}" ]; then
-            echo ">> Changes detected"
+            echo ">> Directories to Render:"
            echo "$(echo "${RENDER_DIR}" | sort -u)"
-            for path in $GIT_DIFF; do
+            echo "----"
              CHANGED_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
            done
            echo ">> Changes Directories:"
            echo "$(printf "%s\n" "$CHANGED_DIR" | sort -u)"
            echo "changes-detected=true" >> $GITEA_OUTPUT
-            echo "changed-dir=$(printf "%s\n" "$CHANGED_DIR" | sort -u)" >> $GITEA_OUTPUT
+            echo "render-dir<<EOF" >> $GITEA_OUTPUT
            echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
            echo "EOF" >> $GITEA_OUTPUT
          else
-            echo ">> No changes detected, skipping rendering"
+            echo "changes-detected=false" >> $GITEA_OUTPUT
            exit 0
          fi
      - name: Add Repositories
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
-          CHANGED_DIR: ${{ steps.check-dir-changes.outputs.changed-dir }}
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MAIN_DIR}
          echo ">> Adding repositories for chart dependencies ..."
-          for dir in ${CHANGED_DIR}; do
+          for dir in ${RENDER_DIR}; do
            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do echo "$cmd" | sh; done || true
          done
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Remove Changed Manifest Files
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
-          CHANGED_DIR: ${{ steps.check-dir-changes.outputs.changed-dir }}
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Remove manfiest files and rebuild from source ..."
-          for dir in ${CHANGED_DIR}; do
+          for dir in ${RENDER_DIR}; do
            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
-            echo ">> Removing from $chart_path ..."
+            echo "$chart_path"
            rm -rf $chart_path/*
          done
          echo "----"
      - name: Render Helm Manifests
        id: render-manifests
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
-          CHANGED_DIR: ${{ steps.check-dir-changes.outputs.changed-dir }}
+          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MAIN_DIR}
          echo ">> Rendering Manifests ..."
-          for dir in ${CHANGED_DIR}; do
+          for dir in ${RENDER_DIR}; do
            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
            chart_name=$(basename "$chart_path")
            echo ""
            echo ""
            echo ">> Rendering chart: $chart_name"
            echo ">> Chart path $chart_path"
            if [ -f "$chart_path/Chart.yaml" ]; then
              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
              TEMPLATE=""
              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
              OUTPUT_FILE="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/$chart_name.yaml"
              cd $chart_path
              echo ""
              echo ">> Building helm dependency ..."
-              helm dependency build
+              helm dependency build --skip-refresh
              echo ""
              echo ">> Linting helm ..."
@@ -151,10 +156,31 @@ jobs:
              echo ""
              echo ">> Rendering templates ..."
-              helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+              case "$chart_name" in
                "stack")
                  echo ""
                  echo ">> Special Rendering for stack into argocd namespace ..."
                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
                  ;;
                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
                  echo ""
                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
                  ;;
                *)
                  echo ""
                  echo ">> Standard Rendering for $chart_name ..."
                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
                  ;;
              esac
              echo ""
-              echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
+              echo ">> Formating rendered template ..."
              echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
              echo ""
              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
              ls $OUTPUT_FOLDER
              echo ""
            else
              echo ""
@@ -163,21 +189,28 @@ jobs:
            fi
          done
          echo "----"
      - name: Check for Changes
        id: check-changes
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        run: |
          cd ${MANIFEST_DIR}
-          if git status --porcelain | grep -q .; then
+          GIT_CHANGES=$(git status --porcelain)
          if [ -n "$GIT_CHANGES" ]; then
            echo ">> Changes detected"
            git status --porcelain
            echo "changes-detected=true" >> $GITEA_OUTPUT
          else
            echo ">> No changes detected, skipping PR creation"
-            exit 0
+
          fi
          echo "----"
      - name: Commit and Push Changes
        id: commit-push
        if: steps.check-changes.outputs.changes-detected == 'true'
@@ -188,10 +221,12 @@ jobs:
          git add .
          git commit -m "chore: Update manifests after change"
          echo ">> Pushing changes to $REPO_URL ..."
          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
          echo ">> Pushing changes to $REPO_URL ..."
          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
          echo "----"
          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
          echo "push=true" >> $GITEA_OUTPUT
@@ -205,7 +240,7 @@ jobs:
        run: |
          cd ${MANIFEST_DIR}
-          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${BASE_BRANCH}/${HEAD_BRANCH}"
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
          echo ">> With Endpoint of:"
@@ -232,17 +267,23 @@ jobs:
          cat response_errors.txt
          echo "----"
-          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .state)" == "open" ]; then
+          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
            echo ">> Pull Request has been found open, will update"
-            PR_INDEX=$(cat response_body.json | jq -r .number)
+            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
            echo "pull-request-index=true" >> $GITEA_OUTPUT
          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
            echo ">> Pull Request found, but was closed"
            echo "pull-request-exists=false" >> $GITEA_OUTPUT
          else
            echo ">> Pull Request not found"
            echo "pull-request-exists=false" >> $GITEA_OUTPUT
          fi
          echo "----"
      - name: Create Pull Request
        id: create-pull-request
        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
@@ -261,7 +302,7 @@ jobs:
            --arg assignee "${ASSIGNEE}" \
            --arg title "Automated Manifest Update" \
            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
-            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body'} )
+            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
          echo ">> With Endpoint of:"
@@ -295,23 +336,22 @@ jobs:
            echo ">> Pull Request created successfully!"
            PR_URL=$(cat response_body.json | jq -r .html_url)
            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
            PR_ID=$(cat response_body.json | jq -r .id)
            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
            echo "pull-request-operation=created" >> $GITEA_OUTPUT
          elif [ "$HTTP_STATUS" == "422" ]; then
            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
          elif [ "$HTTP_STATUS" == "409" ]; then
            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
          else
            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
            exit 1
          fi
-      - name: Cleanup Branch
+          echo "----"
        if: failure() && steps.create-pull-request.outcome == 'failure'
        env:
          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
        run: |
          echo ">> Removing branch: ${HEAD_BRANCH}"
          git push origin --delete ${HEAD_BRANCH}
      - name: ntfy Created
        uses: niniyas/ntfy-action@master
@@ -323,7 +363,7 @@ jobs:
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
-          details: "Manifest rendering for Infrastructure has created a new Pull Request!"
+          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
--- a/.gitea/workflows/render-manifests-merge.yaml
+++ b/.gitea/workflows/render-manifests-merge.yaml
@@ -0,0 +1,403 @@
 name: render-manifests-merge
 on:
  pull_request:
    branches:
      - main
    paths:
      - 'clusters/cl01tl/helm/**'
    types:
      - closed
 env:
  CLUSTER: cl01tl
  BASE_BRANCH: manifests
  BRANCH_NAME: auto/update-manifests
  ASSIGNEE: alexlebens
  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
 jobs:
  render-manifests-merge:
    runs-on: ubuntu-js
    if: ${{ (github.event.pull_request.merged == true) && !(contains(github.event.pull_request.labels.*.name, 'automerge')) }}
    steps:
      - name: Checkout Main
        uses: actions/checkout@v6
        with:
          path: infrastructure
          fetch-depth: 0
      - name: Checkout Manifests
        uses: actions/checkout@v6
        with:
          ref: manifests
          path: infrastructure-manifests
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
      - name: Prepare Manifest Branch
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Configure git to use gitea-bot as user ..."
          git config user.name "gitea-bot"
          git config user.email "gitea-bot@alexlebens.net"
          echo ">> Checking if PR branch exists ..."
          if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
            echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
            git fetch origin "${BRANCH_NAME}"
            git checkout "${BRANCH_NAME}"
            git pull --rebase
          else
            echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
            git checkout -b $BRANCH_NAME
          fi
          echo "----"
      - name: Check which Directories have Changes
        id: check-dir-changes
        run: |
          cd ${MAIN_DIR}
          RENDER_DIR=()
          echo ">> Checking for changes from HEAD^..HEAD ..."
          GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
          if [ -n "${GIT_DIFF}" ]; then
            echo ">> Changes detected:"
            echo "$GIT_DIFF"
            for path in $GIT_DIFF; do
              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
              RENDER_DIR+=$(echo " ")
            done
          else
            echo ">> No changes detected"
          fi
          if [ -n "${RENDER_DIR}" ]; then
            echo ">> Directories to Render:"
            echo "$(echo "${RENDER_DIR}" | sort -u)"
            echo "----"
            echo "changes-detected=true" >> $GITEA_OUTPUT
            echo "render-dir<<EOF" >> $GITEA_OUTPUT
            echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
            echo "EOF" >> $GITEA_OUTPUT
          else
            echo "changes-detected=false" >> $GITEA_OUTPUT
          fi
      - name: Add Repositories
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MAIN_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          for dir in ${RENDER_DIR}; do
            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do echo "$cmd" | sh; done || true
          done
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Remove Changed Manifest Files
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Remove manfiest files and rebuild from source ..."
          for dir in ${RENDER_DIR}; do
            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
            echo "$chart_path"
            rm -rf $chart_path/*
          done
          echo "----"
      - name: Render Helm Manifests
        id: render-manifests
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MAIN_DIR}
          echo ">> Rendering Manifests ..."
          for dir in ${RENDER_DIR}; do
            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
            chart_name=$(basename "$chart_path")
            echo ""
            echo ""
            echo ">> Rendering chart: $chart_name"
            echo ">> Chart path $chart_path"
            if [ -f "$chart_path/Chart.yaml" ]; then
              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
              TEMPLATE=""
              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
              cd $chart_path
              echo ""
              echo ">> Building helm dependency ..."
              helm dependency build --skip-refresh
              echo ""
              echo ">> Linting helm ..."
              helm lint --namespace "$chart_name"
              echo ""
              echo ">> Rendering templates ..."
              case "$chart_name" in
                "stack")
                  echo ""
                  echo ">> Special Rendering for stack into argocd namespace ..."
                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
                  ;;
                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
                  echo ""
                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
                  ;;
                *)
                  echo ""
                  echo ">> Standard Rendering for $chart_name ..."
                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
                  ;;
              esac
              echo ""
              echo ">> Formating rendered template ..."
              echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
              echo ""
              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
              ls $OUTPUT_FOLDER
              echo ""
            else
              echo ""
              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
              echo ""
            fi
          done
          echo "----"
      - name: Check for Changes
        id: check-changes
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        run: |
          cd ${MANIFEST_DIR}
          GIT_CHANGES=$(git status --porcelain)
          if [ -n "$GIT_CHANGES" ]; then
            echo ">> Changes detected"
            git status --porcelain
            echo "changes-detected=true" >> $GITEA_OUTPUT
          else
            echo ">> No changes detected, skipping PR creation"
          fi
          echo "----"
      - name: Commit and Push Changes
        id: commit-push
        if: steps.check-changes.outputs.changes-detected == 'true'
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Commiting changes to ${BRANCH_NAME} ..."
          git add .
          git commit -m "chore: Update manifests after change"
          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
          echo ">> Pushing changes to $REPO_URL ..."
          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
          echo "----"
          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
          echo "push=true" >> $GITEA_OUTPUT
      - name: Check for Pull Request
        id: check-for-pull-requst
        if: steps.commit-push.outputs.push == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
          GITEA_URL: ${{ secrets.REPO_URL }}
          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
        run: |
          cd ${MANIFEST_DIR}
          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
          echo ">> With Endpoint of:"
          echo "$API_ENDPOINT"
          HTTP_STATUS=$(
            curl -X GET \
              --silent \
              --write-out '%{http_code}' \
              --output response_body.json \
              --dump-header response_headers.txt \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/json" \
              "$API_ENDPOINT" 2> response_errors.txt
          )
          echo ">> HTTP Status Code: $HTTP_STATUS"
          echo ">> Response Output ..."
          echo "----"
          cat response_body.json
          echo "----"
          cat response_headers.txt
          echo "----"
          cat response_errors.txt
          echo "----"
          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
            echo ">> Pull Request has been found open, will update"
            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
            echo "pull-request-index=true" >> $GITEA_OUTPUT
          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
            echo ">> Pull Request found, but was closed"
            echo "pull-request-exists=false" >> $GITEA_OUTPUT
          else
            echo ">> Pull Request not found"
            echo "pull-request-exists=false" >> $GITEA_OUTPUT
          fi
          echo "----"
      - name: Create Pull Request
        id: create-pull-request
        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
        env:
          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
          GITEA_URL: ${{ secrets.REPO_URL }}
          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
        run: |
          cd ${MANIFEST_DIR}
          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
          PAYLOAD=$( jq -n \
            --arg head "${HEAD_BRANCH}" \
            --arg base "${BASE_BRANCH}" \
            --arg assignee "${ASSIGNEE}" \
            --arg title "Automated Manifest Update" \
            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
          echo ">> With Endpoint of:"
          echo "$API_ENDPOINT"
          echo ">> With Payload of:"
          echo "$PAYLOAD"
          HTTP_STATUS=$(
            curl -X POST \
              --silent \
              --write-out '%{http_code}' \
              --output response_body.json \
              --dump-header response_headers.txt \
              --data "$PAYLOAD" \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/json" \
              "$API_ENDPOINT" 2> response_errors.txt
          )
          echo ">> HTTP Status Code: $HTTP_STATUS"
          echo ">> Response Output ..."
          echo "----"
          cat response_body.json
          echo "----"
          cat response_headers.txt
          echo "----"
          cat response_errors.txt
          echo "----"
          if [ "$HTTP_STATUS" == "201" ]; then
            echo ">> Pull Request created successfully!"
            PR_URL=$(cat response_body.json | jq -r .html_url)
            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
            PR_ID=$(cat response_body.json | jq -r .id)
            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
            echo "pull-request-operation=created" >> $GITEA_OUTPUT
          elif [ "$HTTP_STATUS" == "422" ]; then
            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
          elif [ "$HTTP_STATUS" == "409" ]; then
            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
          else
            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
            exit 1
          fi
          echo "----"
      - name: ntfy Created
        uses: niniyas/ntfy-action@master
        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
        with:
          url: "${{ secrets.NTFY_URL }}"
          topic: "${{ secrets.NTFY_TOPIC }}"
          title: "Manifest Render PR Created - Infrastructure"
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: "${{ secrets.NTFY_URL }}"
          topic: "${{ secrets.NTFY_TOPIC }}"
          title: "Manifest Render Failure - Infrastructure"
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: "Manifest rendering for Infrastructure has failed!"
          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
          image: true
--- a/.gitea/workflows/render-manifests-push.yaml
+++ b/.gitea/workflows/render-manifests-push.yaml
@@ -0,0 +1,401 @@
 name: render-manifests-push
 on:
  push:
    branches:
      - main
    paths:
      - 'clusters/cl01tl/helm/**'
 env:
  CLUSTER: cl01tl
  BASE_BRANCH: manifests
  BRANCH_NAME: auto/update-manifests
  ASSIGNEE: alexlebens
  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
 jobs:
  render-manifests-push:
    runs-on: ubuntu-js
    if: gitea.event.commits[0].author.username != 'renovate-bot'
    steps:
      - name: Checkout Main
        uses: actions/checkout@v6
        with:
          path: infrastructure
          fetch-depth: 0
      - name: Checkout Manifests
        uses: actions/checkout@v6
        with:
          ref: manifests
          path: infrastructure-manifests
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
      - name: Prepare Manifest Branch
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Configure git to use gitea-bot as user ..."
          git config user.name "gitea-bot"
          git config user.email "gitea-bot@alexlebens.net"
          echo ">> Checking if PR branch exists ..."
          if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
            echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
            git fetch origin "${BRANCH_NAME}"
            git checkout "${BRANCH_NAME}"
            git pull --rebase
          else
            echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
            git checkout -b $BRANCH_NAME
          fi
          echo "----"
      - name: Check which Directories have Changes
        id: check-dir-changes
        run: |
          cd ${MAIN_DIR}
          RENDER_DIR=()
          echo ">> Checking for changes ..."
          GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
          if [ -n "${GIT_DIFF}" ]; then
            echo ">> Changes detected:"
            echo "$GIT_DIFF"
            for path in $GIT_DIFF; do
              RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
              RENDER_DIR+=$(echo " ")
            done
          else
            echo ">> No changes detected"
          fi
          if [ -n "${RENDER_DIR}" ]; then
            echo ">> Directories to Render:"
            echo "$(echo "${RENDER_DIR}" | sort -u)"
            echo "----"
            echo "changes-detected=true" >> $GITEA_OUTPUT
            echo "render-dir<<EOF" >> $GITEA_OUTPUT
            echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
            echo "EOF" >> $GITEA_OUTPUT
          else
            echo "changes-detected=false" >> $GITEA_OUTPUT
          fi
      - name: Add Repositories
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MAIN_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          for dir in ${RENDER_DIR}; do
            helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do echo "$cmd" | sh; done || true
          done
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Remove Changed Manifest Files
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Remove manfiest files and rebuild from source ..."
          for dir in ${RENDER_DIR}; do
            chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
            echo "$chart_path"
            rm -rf $chart_path/*
          done
          echo "----"
      - name: Render Helm Manifests
        id: render-manifests
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
        run: |
          cd ${MAIN_DIR}
          echo ">> Rendering Manifests ..."
          for dir in ${RENDER_DIR}; do
            chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
            chart_name=$(basename "$chart_path")
            echo ""
            echo ""
            echo ">> Rendering chart: $chart_name"
            echo ">> Chart path $chart_path"
            if [ -f "$chart_path/Chart.yaml" ]; then
              OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
              TEMPLATE=""
              mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
              cd $chart_path
              echo ""
              echo ">> Building helm dependency ..."
              helm dependency build --skip-refresh
              echo ""
              echo ">> Linting helm ..."
              helm lint --namespace "$chart_name"
              echo ""
              echo ">> Rendering templates ..."
              case "$chart_name" in
                "stack")
                  echo ""
                  echo ">> Special Rendering for stack into argocd namespace ..."
                  TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
                  ;;
                "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
                  echo ""
                  echo ">> Special Rendering for $chart_name into kube-system namespace ..."
                  TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
                  ;;
                *)
                  echo ""
                  echo ">> Standard Rendering for $chart_name ..."
                  TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
                  ;;
              esac
              echo ""
              echo ">> Formating rendered template ..."
              echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
              echo ""
              echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
              ls $OUTPUT_FOLDER
              echo ""
            else
              echo ""
              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
              echo ""
            fi
          done
          echo "----"
      - name: Check for Changes
        id: check-changes
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        run: |
          cd ${MANIFEST_DIR}
          GIT_CHANGES=$(git status --porcelain)
          if [ -n "$GIT_CHANGES" ]; then
            echo ">> Changes detected"
            git status --porcelain
            echo "changes-detected=true" >> $GITEA_OUTPUT
          else
            echo ">> No changes detected, skipping PR creation"
          fi
          echo "----"
      - name: Commit and Push Changes
        id: commit-push
        if: steps.check-changes.outputs.changes-detected == 'true'
        run: |
          cd ${MANIFEST_DIR}
          echo ">> Commiting changes to ${BRANCH_NAME} ..."
          git add .
          git commit -m "chore: Update manifests after change"
          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
          echo ">> Pushing changes to $REPO_URL ..."
          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
          echo "----"
          echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
          echo "push=true" >> $GITEA_OUTPUT
      - name: Check for Pull Request
        id: check-for-pull-requst
        if: steps.commit-push.outputs.push == 'true'
        env:
          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
          GITEA_URL: ${{ secrets.REPO_URL }}
          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
        run: |
          cd ${MANIFEST_DIR}
          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
          echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
          echo ">> With Endpoint of:"
          echo "$API_ENDPOINT"
          HTTP_STATUS=$(
            curl -X GET \
              --silent \
              --write-out '%{http_code}' \
              --output response_body.json \
              --dump-header response_headers.txt \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/json" \
              "$API_ENDPOINT" 2> response_errors.txt
          )
          echo ">> HTTP Status Code: $HTTP_STATUS"
          echo ">> Response Output ..."
          echo "----"
          cat response_body.json
          echo "----"
          cat response_headers.txt
          echo "----"
          cat response_errors.txt
          echo "----"
          if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
            echo ">> Pull Request has been found open, will update"
            PR_INDEX=$(cat response_body.json | jq -r .[0].number)
            echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
            echo "pull-request-index=true" >> $GITEA_OUTPUT
          elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
            echo ">> Pull Request found, but was closed"
            echo "pull-request-exists=false" >> $GITEA_OUTPUT
          else
            echo ">> Pull Request not found"
            echo "pull-request-exists=false" >> $GITEA_OUTPUT
          fi
          echo "----"
      - name: Create Pull Request
        id: create-pull-request
        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
        env:
          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
          GITEA_URL: ${{ secrets.REPO_URL }}
          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
        run: |
          cd ${MANIFEST_DIR}
          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
          PAYLOAD=$( jq -n \
            --arg head "${HEAD_BRANCH}" \
            --arg base "${BASE_BRANCH}" \
            --arg assignee "${ASSIGNEE}" \
            --arg title "Automated Manifest Update" \
            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
            '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
          echo ">> With Endpoint of:"
          echo "$API_ENDPOINT"
          echo ">> With Payload of:"
          echo "$PAYLOAD"
          HTTP_STATUS=$(
            curl -X POST \
              --silent \
              --write-out '%{http_code}' \
              --output response_body.json \
              --dump-header response_headers.txt \
              --data "$PAYLOAD" \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/json" \
              "$API_ENDPOINT" 2> response_errors.txt
          )
          echo ">> HTTP Status Code: $HTTP_STATUS"
          echo ">> Response Output ..."
          echo "----"
          cat response_body.json
          echo "----"
          cat response_headers.txt
          echo "----"
          cat response_errors.txt
          echo "----"
          if [ "$HTTP_STATUS" == "201" ]; then
            echo ">> Pull Request created successfully!"
            PR_URL=$(cat response_body.json | jq -r .html_url)
            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
            PR_ID=$(cat response_body.json | jq -r .id)
            echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
            echo "pull-request-operation=created" >> $GITEA_OUTPUT
          elif [ "$HTTP_STATUS" == "422" ]; then
            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
          elif [ "$HTTP_STATUS" == "409" ]; then
            echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
          else
            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
            exit 1
          fi
          echo "----"
      - name: ntfy Created
        uses: niniyas/ntfy-action@master
        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
        with:
          url: "${{ secrets.NTFY_URL }}"
          topic: "${{ secrets.NTFY_TOPIC }}"
          title: "Manifest Render PR Created - Infrastructure"
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: "${{ secrets.NTFY_URL }}"
          topic: "${{ secrets.NTFY_TOPIC }}"
          title: "Manifest Render Failure - Infrastructure"
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: "Manifest rendering for Infrastructure has failed!"
          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
          image: true
--- a/clusters/cl01tl/deployment/stack/Chart.yaml
+++ b/clusters/cl01tl/deployment/stack/Chart.yaml
@@ -1,16 +0,0 @@
 apiVersion: v2
 name: stack
 version: 1.0.0
 description: Stack
 keywords:
  - argo-cd
  - stack
  - deployment
 home: https://wiki.alexlebens.dev/s/0c2d1896-710d-4972-9bc8-08d71987428a
 sources:
  - https://github.com/argoproj/argo-cd
  - https://gitea.alexlebens.dev/alexlebens/infrastructure
 maintainers:
  - name: alexlebens
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
 appVersion: 1.0.0
--- a/clusters/cl01tl/deployment/stack/templates/application-set.yaml
+++ b/clusters/cl01tl/deployment/stack/templates/application-set.yaml
@@ -1,59 +0,0 @@
 {{- range $index, $stack := .Values.applicationSet }}
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
  name: {{ $stack.name }}
  namespace: {{ $.Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ $stack.name }}
    app.kubernetes.io/instance: {{ $stack.name }}
    app.kubernetes.io/part-of: {{ $.Release.Name }}
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  syncPolicy:
    applicationsSync: create-update
    preserveResourcesOnDeletion: true
  generators:
    - git:
        repoURL: {{ $.Values.git.repo }}
        revision: {{ $.Values.git.revision }}
        directories:
          - path: "clusters/{{ $.Values.cluster.name }}/{{ $stack.name }}/*"
  template:
    metadata:
      name: '{{ `{{path.basename}}` }}'
    spec:
      destination:
        name: in-cluster
        namespace: '{{ $stack.namespace | default `{{path.basename}}` }}'
      project: default
      revisionHistoryLimit: 3
      source:
        repoURL: {{ $.Values.git.repo }}
        targetRevision: {{ $.Values.git.revision }}
        path: '{{ `{{path}}` }}'
        helm:
          releaseName: "{{ `{{path.basename}}` }}"
      {{- if $stack.ignoreDifferences }}
      ignoreDifferences:
        {{- toYaml $stack.ignoreDifferences | nindent 8 }}
      {{ end }}
      syncPolicy:
        automated:
          prune: {{ $stack.syncPolicy.automated.prune | default false }}
          selfHeal: {{ $stack.syncPolicy.automated.selfHeal | default false }}
        retry:
          limit: 3
          backoff:
            duration: 1m
            factor: 2
            maxDuration: 15m
        syncOptions:
          - CreateNamespace={{ $stack.syncPolicy.syncOptions.createNamespace | default true }}
          - ApplyOutOfSyncOnly={{ $stack.syncPolicy.syncOptions.applyOutOfSyncOnly | default true }}
          - ServerSideApply={{ $stack.syncPolicy.syncOptions.serverSideApply | default true }}
          - PruneLast={{ $stack.syncPolicy.syncOptions.pruneLast | default true }}
          - RespectIgnoreDifferences={{ $stack.syncPolicy.syncOptions.respectIgnoreDifferences | default true }}
 {{- end }}
--- a/clusters/cl01tl/deployment/stack/templates/application.yaml
+++ b/clusters/cl01tl/deployment/stack/templates/application.yaml
@@ -1,192 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: cilium
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: cilium
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: {{ .Values.git.repo }}
    targetRevision: {{ .Values.git.revision }}
    path: clusters/{{ .Values.cluster.name }}/standalone/cilium
  destination:
    name: in-cluster
    namespace: kube-system
  revisionHistoryLimit: 3
  ignoreDifferences:
    - group: monitoring.coreos.com
      kind: ServiceMonitor
      jqPathExpressions:
        - .spec.endpoints[]?.relabelings[]?.action
  syncPolicy:
    automated:
      prune: true
    retry:
      limit: 10
      backoff:
        duration: 1m
        factor: 2
        maxDuration: 16m
    syncOptions:
      - CreateNamespace=false
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - PruneLast=true
      - RespectIgnoreDifferences=true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: coredns
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: coredns
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: {{ .Values.git.repo }}
    targetRevision: {{ .Values.git.revision }}
    path: clusters/{{ .Values.cluster.name }}/standalone/coredns
  destination:
    name: in-cluster
    namespace: kube-system
  revisionHistoryLimit: 10
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    retry:
      limit: 10
      backoff:
        duration: 1m
        factor: 2
        maxDuration: 16m
    syncOptions:
      - CreateNamespace=false
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - PruneLast=true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: metrics-server
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: metrics-server
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: {{ .Values.git.repo }}
    targetRevision: {{ .Values.git.revision }}
    path: clusters/{{ .Values.cluster.name }}/standalone/metrics-server
  destination:
    name: in-cluster
    namespace: kube-system
  revisionHistoryLimit: 3
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    retry:
      limit: 10
      backoff:
        duration: 1m
        factor: 2
        maxDuration: 16m
    syncOptions:
      - CreateNamespace=false
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - PruneLast=true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: kubelet-serving-cert-approver
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: kubelet-serving-cert-approver
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: {{ .Values.git.repo }}
    targetRevision: {{ .Values.git.revision }}
    path: clusters/{{ .Values.cluster.name }}/standalone/kubelet-serving-cert-approver
  destination:
    name: in-cluster
    namespace: kubelet-serving-cert-approver
  revisionHistoryLimit: 3
  syncPolicy:
    automated:
      prune: true
    retry:
      limit: 10
      backoff:
        duration: 1m
        factor: 2
        maxDuration: 16m
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - PruneLast=true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: prometheus-operator-crds
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: prometheus-operator-crds
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: {{ .Values.git.repo }}
    targetRevision: {{ .Values.git.revision }}
    path: clusters/{{ .Values.cluster.name }}/standalone/prometheus-operator-crds
  destination:
    name: in-cluster
    namespace: kube-system
  revisionHistoryLimit: 3
  syncPolicy:
    automated:
      prune: true
      selfHeal: false
    retry:
      limit: 10
      backoff:
        duration: 1m
        factor: 2
        maxDuration: 16m
    syncOptions:
      - CreateNamespace=false
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - PruneLast=true
--- a/clusters/cl01tl/deployment/stack/values.yaml
+++ b/clusters/cl01tl/deployment/stack/values.yaml
@@ -1,27 +0,0 @@
 cluster:
  name: cl01tl
 git:
  # repo: git@github.com:alexlebens/infrastructure.git
  # repo: https://github.com/alexlebens/infrastructure.git
  repo: http://gitea-http.gitea:3000/alexlebens/infrastructure
  # repo: ssh://git@gitea-ssh.gitea/alexlebens/infrastructure
  revision: HEAD
 applicationSet:
  - name: deployment
    namespace: argocd
    syncPolicy:
      automated:
        prune: true
      syncOptions:
        serverSideApply: true
  - name: storage
    ignoreDifferences:
      - group: ""
        kind: Service
        jqPathExpressions:
          - .spec.externalName
    syncPolicy:
      automated:
        prune: true
      syncOptions:
        serverSideApply: true
--- a/clusters/cl01tl/helm/actual/Chart.lock
+++ b/clusters/cl01tl/helm/actual/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:b5d823171e1b4dc1d3856f782f0c67cbb5d49e4fa170df2f21b06303c7aff7f5
+digest: sha256:926b8da839684072fd79954aff0c9852c2ff3b618b0fa35177bdec8e2dff4986
-generated: "2025-11-30T21:05:19.732832-06:00"
+generated: "2025-12-05T17:02:01.15162583Z"
--- a/clusters/cl01tl/helm/actual/Chart.yaml
+++ b/clusters/cl01tl/helm/actual/Chart.yaml
@@ -16,6 +16,6 @@ dependencies:
  - name: app-template
    alias: actual
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
 appVersion: 25.11.0
--- a/clusters/cl01tl/helm/actual/values.yaml
+++ b/clusters/cl01tl/helm/actual/values.yaml
@@ -9,7 +9,7 @@ actual:
        main:
          image:
            repository: ghcr.io/actualbudget/actual
-            tag: 25.11.0
+            tag: 25.12.0
            pullPolicy: IfNotPresent
          env:
            - name: TZ
--- a/clusters/cl01tl/helm/argo-workflows/Chart.lock
+++ b/clusters/cl01tl/helm/argo-workflows/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: argo-workflows
  repository: https://argoproj.github.io/argo-helm
-  version: 0.45.28
+  version: 0.46.1
 - name: argo-events
  repository: https://argoproj.github.io/argo-helm
-  version: 2.4.17
+  version: 2.4.19
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
+  version: 6.16.1
-digest: sha256:b00fd479a9d9e606661b3799182c8e24395b4f531f8d2bda87bdc5db16a8d66c
+digest: sha256:1f98e04526d7b61fa9ee690c46542bcc2ae6b69bf7619e1107a1592386de9bf2
-generated: "2025-12-01T19:55:40.18149-06:00"
+generated: "2025-12-07T03:02:14.909953853Z"
--- a/clusters/cl01tl/helm/argo-workflows/Chart.yaml
+++ b/clusters/cl01tl/helm/argo-workflows/Chart.yaml
@@ -18,14 +18,14 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: argo-workflows
-    version: 0.45.28
+    version: 0.46.1
    repository: https://argoproj.github.io/argo-helm
  - name: argo-events
-    version: 2.4.17
+    version: 2.4.19
    repository: https://argoproj.github.io/argo-helm
  - name: postgres-cluster
    alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
 appVersion: v3.6.7
--- a/clusters/cl01tl/helm/argocd/Chart.lock
+++ b/clusters/cl01tl/helm/argocd/Chart.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: argo-cd
  repository: https://argoproj.github.io/argo-helm
  version: 9.1.6
 digest: sha256:488b8e826e7cc7179f154c1b7555e2cec78b69becb9f8cdbe4937b3546d87e5d
 generated: "2025-12-05T04:02:40.060511766Z"
--- a/clusters/cl01tl/deployment/argocd/Chart.yaml
+++ b/clusters/cl01tl/deployment/argocd/Chart.yaml
@@ -15,7 +15,7 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: argo-cd
-    version: 9.1.5
+    version: 9.1.6
    repository: https://argoproj.github.io/argo-helm
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
 appVersion: 3.0.0
--- a/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml
+++ b/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml
--- a/clusters/cl01tl/deployment/argocd/templates/http-route.yaml
+++ b/clusters/cl01tl/deployment/argocd/templates/http-route.yaml
--- a/clusters/cl01tl/deployment/argocd/values.yaml
+++ b/clusters/cl01tl/deployment/argocd/values.yaml
@@ -60,7 +60,7 @@ argo-cd:
    enabled: true
    auth: false
  redisSecretInit:
-    enabled: true
+    enabled: false
  server:
    replicas: 2
    extensions:
@@ -279,7 +279,7 @@ argo-cd:
        - description: Application has degraded
          send:
            - app-health-degraded
-          when: app.status.health.status == 'Degraded' and time.Now().Sub(time.Parse(app.status.health.lastTransitionTime).Minutes() >= 15
+          when: app.status.health.status == 'Degraded'
      trigger.on-sync-failed: |
        - description: Application syncing has failed
          send:
--- a/clusters/cl01tl/helm/audiobookshelf/Chart.lock
+++ b/clusters/cl01tl/helm/audiobookshelf/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:f3a9990542f24965fadad0b5493059b78cdc3fae91c8214577fa6f41ca5f7de3
+digest: sha256:977ed15091e9ed30d647a626214701d22f3a8a5232a900e33f753cc7e090042f
-generated: "2025-11-30T21:05:21.317114-06:00"
+generated: "2025-12-05T17:02:13.674405673Z"
--- a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml
@@ -18,6 +18,6 @@ dependencies:
  - name: app-template
    alias: audiobookshelf
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
 appVersion: 2.21.0
--- a/clusters/cl01tl/helm/audiobookshelf/values.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/values.yaml
@@ -9,7 +9,7 @@ audiobookshelf:
        main:
          image:
            repository: ghcr.io/advplyr/audiobookshelf
-            tag: 2.30.0
+            tag: 2.31.0
            pullPolicy: IfNotPresent
          env:
            - name: TZ
--- a/clusters/cl01tl/helm/authentik/Chart.lock
+++ b/clusters/cl01tl/helm/authentik/Chart.lock
@@ -4,9 +4,9 @@ dependencies:
  version: 2025.10.2
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.2
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
+  version: 6.16.1
-digest: sha256:ad51c94c1125890ef60d179205d14c55eb9fdbc2702e3455e233042a48d00146
+digest: sha256:e6ea05d8bdb96164bc19da117078b5101f329ad5f1b461fa02f198bef45454f3
-generated: "2025-12-01T20:25:07.016724-06:00"
+generated: "2025-12-07T02:54:01.695741198Z"
--- a/clusters/cl01tl/helm/authentik/Chart.yaml
+++ b/clusters/cl01tl/helm/authentik/Chart.yaml
@@ -26,10 +26,10 @@ dependencies:
  - name: cloudflared
    alias: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.2
  - name: postgres-cluster
    alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
 appVersion: 2025.4.1
--- a/clusters/cl01tl/helm/backrest/Chart.lock
+++ b/clusters/cl01tl/helm/backrest/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:aa797b99d6d8b7aafe142811938408b7f234df6d429a7e076196337cc63876cb
+digest: sha256:6e6f20320a485b57288a6febae1b7623076059c370f88b7fbe92460fc4047db3
-generated: "2025-12-01T20:25:09.888407-06:00"
+generated: "2025-12-05T17:02:26.599646463Z"
--- a/clusters/cl01tl/helm/backrest/Chart.yaml
+++ b/clusters/cl01tl/helm/backrest/Chart.yaml
@@ -16,6 +16,6 @@ dependencies:
  - name: app-template
    alias: backrest
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
 appVersion: v1.10.1
--- a/clusters/cl01tl/helm/bazarr/Chart.lock
+++ b/clusters/cl01tl/helm/bazarr/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:c6f6d1f2fb9fedf54094920737a6f0bd1a2ab89f0a4122966ca98f6c9d3f11fa
+digest: sha256:54c88d51b4067dec5b22623957970b64092bf3f417fabb58277f6bc3e01eca20
-generated: "2025-11-30T21:05:22.694344-06:00"
+generated: "2025-12-05T17:02:40.843820962Z"
--- a/clusters/cl01tl/helm/bazarr/Chart.yaml
+++ b/clusters/cl01tl/helm/bazarr/Chart.yaml
@@ -18,6 +18,6 @@ dependencies:
  - name: app-template
    alias: bazarr
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
 appVersion: 1.5.2
--- a/clusters/cl01tl/helm/bazarr/values.yaml
+++ b/clusters/cl01tl/helm/bazarr/values.yaml
@@ -15,7 +15,7 @@ bazarr:
        main:
          image:
            repository: ghcr.io/linuxserver/bazarr
-            tag: 1.5.3@sha256:2be164c02c0bb311b6c32e57d3d0ddc2813d524e89ab51a3408c1bf6fafecda5
+            tag: 1.5.3@sha256:ec11e988e8e13411c994a4d9f43ed9b97409aa92c1da54d9f23926c3da7c2032
            pullPolicy: IfNotPresent
          env:
            - name: TZ
--- a/clusters/cl01tl/helm/blocky/Chart.lock
+++ b/clusters/cl01tl/helm/blocky/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:0009729bcf7f1941401b767fd4ae952b7a8d44f80053090b4a9224de912a14ef
+digest: sha256:b8516161886b87344848ad2b3bdafbd66da61ca8ffc5e9a5ebed462f205c9912
-generated: "2025-12-01T20:25:13.511406-06:00"
+generated: "2025-12-05T17:02:59.562863413Z"
--- a/clusters/cl01tl/helm/blocky/Chart.yaml
+++ b/clusters/cl01tl/helm/blocky/Chart.yaml
@@ -16,6 +16,6 @@ dependencies:
  - name: app-template
    alias: blocky
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
 appVersion: v0.25
--- a/clusters/cl01tl/helm/booklore/Chart.lock
+++ b/clusters/cl01tl/helm/booklore/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
 - name: mariadb-cluster
  repository: https://helm.mariadb.com/mariadb-operator
  version: 25.10.2
-digest: sha256:264725306c1d1f38140293c0820abdc7e8aa4f39764b4d91e20200705ce2ec91
+digest: sha256:58d978bd46c61285b06acc6d9a40404d8059f2df7b953dea13c528b35350d0a8
-generated: "2025-11-30T21:05:24.649316-06:00"
+generated: "2025-12-05T17:03:15.7199669Z"
--- a/clusters/cl01tl/helm/booklore/Chart.yaml
+++ b/clusters/cl01tl/helm/booklore/Chart.yaml
@@ -16,7 +16,7 @@ dependencies:
  - name: app-template
    alias: booklore
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
  - name: mariadb-cluster
    version: 25.10.2
    repository: https://helm.mariadb.com/mariadb-operator
--- a/clusters/cl01tl/helm/booklore/values.yaml
+++ b/clusters/cl01tl/helm/booklore/values.yaml
@@ -9,7 +9,7 @@ booklore:
        main:
          image:
            repository: ghcr.io/booklore-app/booklore
-            tag: v1.12.0
+            tag: v1.13.2
            pullPolicy: IfNotPresent
          env:
            - name: TZ
--- a/clusters/cl01tl/helm/cilium/Chart.lock
+++ b/clusters/cl01tl/helm/cilium/Chart.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: cilium
  repository: https://helm.cilium.io/
  version: 1.18.4
 digest: sha256:e38eb92ee87c9a52b0f45a2451142ade02bac7d484b246d32379eacce3800bc8
 generated: "2025-12-02T17:17:49.043599-06:00"
--- a/clusters/cl01tl/standalone/cilium/Chart.yaml
+++ b/clusters/cl01tl/standalone/cilium/Chart.yaml
--- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml
--- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml
--- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml
--- a/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml
--- a/clusters/cl01tl/standalone/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/gateway.yaml
--- a/clusters/cl01tl/standalone/cilium/templates/http-route.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/http-route.yaml
--- a/clusters/cl01tl/standalone/cilium/values.yaml
+++ b/clusters/cl01tl/standalone/cilium/values.yaml
@@ -75,6 +75,7 @@ cilium:
  prometheus:
    enabled: true
    serviceMonitor:
      trustCRDsExist: true
      enabled: true
  envoy:
    enabled: true
--- a/clusters/cl01tl/helm/code-server/Chart.lock
+++ b/clusters/cl01tl/helm/code-server/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.2
-digest: sha256:99eb4f940077dc916f5425d196232fcd363223fa7b7b5d3889f5965aa59e26f5
+digest: sha256:3cf78630cd7670e1157a87fc7ccbeca248ef4ced8a3170e69140ea3e1b0ff564
-generated: "2025-11-30T21:05:26.699161-06:00"
+generated: "2025-12-07T02:54:11.675097664Z"
--- a/clusters/cl01tl/helm/code-server/Chart.yaml
+++ b/clusters/cl01tl/helm/code-server/Chart.yaml
@@ -19,10 +19,10 @@ dependencies:
  - name: app-template
    alias: code-server
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
  - name: cloudflared
    alias: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
 appVersion: 4.100.2
--- a/clusters/cl01tl/helm/code-server/values.yaml
+++ b/clusters/cl01tl/helm/code-server/values.yaml
@@ -9,7 +9,7 @@ code-server:
        main:
          image:
            repository: ghcr.io/linuxserver/code-server
-            tag: 4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0
+            tag: 4.106.3@sha256:aab9520fe923b2d93dccc2c806f3dc60649c2f4a2847fcd40c942227d0f1ae8f
            pullPolicy: IfNotPresent
          env:
            - name: TZ
--- a/clusters/cl01tl/helm/coredns/Chart.lock
+++ b/clusters/cl01tl/helm/coredns/Chart.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: coredns
  repository: https://coredns.github.io/helm
  version: 1.45.0
 digest: sha256:cfcb22a7d0bce4d6000800706597ae43faec74255f1deb5cc3279b2d0a81f6c6
 generated: "2025-12-02T17:17:52.206039-06:00"
--- a/clusters/cl01tl/standalone/coredns/Chart.yaml
+++ b/clusters/cl01tl/standalone/coredns/Chart.yaml
--- a/clusters/cl01tl/standalone/coredns/values.yaml
+++ b/clusters/cl01tl/standalone/coredns/values.yaml
--- a/clusters/cl01tl/helm/descheduler/values.yaml
+++ b/clusters/cl01tl/helm/descheduler/values.yaml
@@ -39,16 +39,27 @@ descheduler:
          - name: RemovePodsViolatingNodeTaints
          - name: RemovePodsViolatingInterPodAntiAffinity
          - name: RemovePodsViolatingTopologySpreadConstraint
          - name: "HighNodeUtilization"
            args:
              thresholds:
                cpu : 80
                memory: 80
                pods: 90
              evictableNamespaces:
                exclude:
                  - "kube-system"
              evictionModes:
                - "OnlyThresholdingResources"
          - name: LowNodeUtilization
            args:
              thresholds:
-                cpu: 20
+                cpu: 30
-                memory: 20
+                memory: 30
-                pods: 20
+                pods: 50
              targetThresholds:
                cpu: 60
-                memory: 60
+                memory: 40
-                pods: 60
+                pods: 80
        plugins:
          balance:
            enabled:
--- a/clusters/cl01tl/helm/directus/Chart.lock
+++ b/clusters/cl01tl/helm/directus/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.2
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
+  version: 6.16.1
-digest: sha256:2f3d9f7a8d8d71b19ff3292993647d22a89aa6c444a6f0819b82cd0a577f1ebc
+digest: sha256:73ab37385c3d0ec2db83a3640bc03b08ddd06fd015e1b7138e49bc8c3be9382e
-generated: "2025-11-30T21:05:28.43692-06:00"
+generated: "2025-12-07T02:54:20.639142398Z"
--- a/clusters/cl01tl/helm/directus/Chart.yaml
+++ b/clusters/cl01tl/helm/directus/Chart.yaml
@@ -20,14 +20,14 @@ dependencies:
  - name: app-template
    alias: directus
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
  - name: cloudflared
    alias: cloudflared-directus
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.2
  - name: postgres-cluster
    alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
 appVersion: 11.7.2
--- a/clusters/cl01tl/helm/element-web/Chart.lock
+++ b/clusters/cl01tl/helm/element-web/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: element-web
  repository: https://ananace.gitlab.io/charts
-  version: 1.4.24
+  version: 1.4.26
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.2
-digest: sha256:05aa032adca6d808215d6dcd5d7e38b821a740a53868238f79adaa606444b3ae
+digest: sha256:f9196cbede894c6da6ecedd9ae05d3f1fd0e20304eca8ca38c18334a923b2235
-generated: "2025-11-30T21:05:30.356497-06:00"
+generated: "2025-12-07T02:54:29.895481505Z"
--- a/clusters/cl01tl/helm/element-web/Chart.yaml
+++ b/clusters/cl01tl/helm/element-web/Chart.yaml
@@ -17,11 +17,11 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: element-web
-    version: 1.4.24
+    version: 1.4.26
    repository: https://ananace.gitlab.io/charts
  - name: cloudflared
    alias: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
 appVersion: v1.11.100
--- a/clusters/cl01tl/helm/element-web/values.yaml
+++ b/clusters/cl01tl/helm/element-web/values.yaml
@@ -2,7 +2,7 @@ element-web:
  replicaCount: 1
  image:
    repository: vectorim/element-web
-    tag: v1.12.4
+    tag: v1.12.6
    pullPolicy: IfNotPresent
  defaultServer:
    url: https://matrix.alexlebens.dev
--- a/clusters/cl01tl/helm/ephemera/Chart.lock
+++ b/clusters/cl01tl/helm/ephemera/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:9900009eb6415344d8c5387371a0052259092d92f34c21774f6a6abe9f11f43e
+digest: sha256:b08b2d3923734ba8844754727803a4b4e1de2ad418c3f755ccd64927266c1b5c
-generated: "2025-11-30T21:05:32.524168-06:00"
+generated: "2025-12-05T17:04:04.30013278Z"
--- a/clusters/cl01tl/helm/ephemera/Chart.yaml
+++ b/clusters/cl01tl/helm/ephemera/Chart.yaml
@@ -18,6 +18,6 @@ dependencies:
  - name: app-template
    alias: ephemera
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png
 appVersion: 1.3.1
--- a/clusters/cl01tl/helm/ephemera/values.yaml
+++ b/clusters/cl01tl/helm/ephemera/values.yaml
@@ -34,7 +34,7 @@ ephemera:
        flaresolverr:
          image:
            repository: ghcr.io/flaresolverr/flaresolverr
-            tag: v3.4.5
+            tag: v3.4.6
            pullPolicy: IfNotPresent
          env:
            - name: LOG_LEVEL
--- a/clusters/cl01tl/helm/eraser/Chart.lock
+++ b/clusters/cl01tl/helm/eraser/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: eraser
  repository: https://eraser-dev.github.io/eraser/charts
-  version: 1.3.1
+  version: 1.4.1
-digest: sha256:17b561a00acc809810dccd226e7b6d757db39b34a6095dee879da761098125f9
+digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
-generated: "2025-12-01T20:25:36.491841-06:00"
+generated: "2025-12-03T22:53:20.200917773Z"
--- a/clusters/cl01tl/helm/eraser/Chart.yaml
+++ b/clusters/cl01tl/helm/eraser/Chart.yaml
@@ -14,7 +14,7 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: eraser
-    version: v1.3.1
+    version: 1.4.1
    repository: https://eraser-dev.github.io/eraser/charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: v1.3.1
--- a/clusters/cl01tl/helm/external-secrets/Chart.lock
+++ b/clusters/cl01tl/helm/external-secrets/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: external-secrets
  repository: https://charts.external-secrets.io
-  version: 1.1.0
+  version: 1.1.1
-digest: sha256:543c98c4f4014f91b05c823444d87990dcdcd9710a0e5ccd953c5dc4e70006ee
+digest: sha256:d346563864c95c4ca3fe5f04f6b292e417069d171f5866b5af0fe84277481493
-generated: "2025-12-01T20:25:40.642486-06:00"
+generated: "2025-12-06T18:01:23.564488208Z"
--- a/clusters/cl01tl/helm/external-secrets/Chart.yaml
+++ b/clusters/cl01tl/helm/external-secrets/Chart.yaml
@@ -12,7 +12,7 @@ sources:
  - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
 dependencies:
  - name: external-secrets
-    version: 1.1.0
+    version: 1.1.1
    repository: https://charts.external-secrets.io
 icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
 appVersion: 0.17.0
--- a/clusters/cl01tl/helm/freshrss/Chart.lock
+++ b/clusters/cl01tl/helm/freshrss/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.2
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
+  version: 6.16.1
-digest: sha256:1c1355c247383bb5aef029eaadaf0c6bbcc23c0e42868178c1ea9a9ab21cc704
+digest: sha256:d4b26fd1608a0c767c6ebb226173cef133ed53f45098851713121e429bc614a1
-generated: "2025-11-30T21:05:34.030606-06:00"
+generated: "2025-12-07T02:54:39.594902963Z"
--- a/clusters/cl01tl/helm/freshrss/Chart.yaml
+++ b/clusters/cl01tl/helm/freshrss/Chart.yaml
@@ -20,14 +20,14 @@ dependencies:
  - name: app-template
    alias: freshrss
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
  - name: cloudflared
    alias: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.2
  - name: postgres-cluster
    alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
 appVersion: 1.26.2
--- a/clusters/cl01tl/helm/freshrss/values.yaml
+++ b/clusters/cl01tl/helm/freshrss/values.yaml
@@ -11,7 +11,7 @@ freshrss:
            runAsUser: 0
          image:
            repository: alpine
-            tag: 3.22.2
+            tag: 3.23.0
            pullPolicy: IfNotPresent
          command:
            - /bin/sh
@@ -35,7 +35,7 @@ freshrss:
            runAsUser: 0
          image:
            repository: alpine
-            tag: 3.22.2
+            tag: 3.23.0
            pullPolicy: IfNotPresent
          command:
            - /bin/sh
@@ -59,7 +59,7 @@ freshrss:
            runAsUser: 0
          image:
            repository: alpine
-            tag: 3.22.2
+            tag: 3.23.0
            pullPolicy: IfNotPresent
          command:
            - /bin/sh
--- a/clusters/cl01tl/helm/garage/Chart.lock
+++ b/clusters/cl01tl/helm/garage/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:7977708d7681e8d5cbc066bcda4241144b0c8b5b590be89a394740df167c90da
+digest: sha256:36e920ce6efee3b33b40641652f814c888ae3c50272895ef286fb8236a010924
-generated: "2025-12-01T20:25:44.910074-06:00"
+generated: "2025-12-05T17:04:29.153093714Z"
--- a/clusters/cl01tl/helm/garage/Chart.yaml
+++ b/clusters/cl01tl/helm/garage/Chart.yaml
@@ -17,6 +17,6 @@ dependencies:
  - name: app-template
    alias: garage
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: v2.1.0
--- a/clusters/cl01tl/helm/gatus/Chart.lock
+++ b/clusters/cl01tl/helm/gatus/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
  version: 1.4.4
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
+  version: 6.16.1
-digest: sha256:9424c70bc46b5582f19b695196586546c69862ccca8950b906d5532cf03c7792
+digest: sha256:53e3b31b3fa3916ac4478c0ca3733a18f7145a0129b6a9c7aefdaf8169cb525c
-generated: "2025-12-01T19:55:44.159963-06:00"
+generated: "2025-12-04T00:00:45.882393108Z"
--- a/clusters/cl01tl/helm/gatus/Chart.yaml
+++ b/clusters/cl01tl/helm/gatus/Chart.yaml
@@ -22,7 +22,7 @@ dependencies:
    version: 1.4.4
  - name: postgres-cluster
    alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
 appVersion: v5.12.0
--- a/clusters/cl01tl/helm/gatus/values.yaml
+++ b/clusters/cl01tl/helm/gatus/values.yaml
@@ -140,6 +140,9 @@ gatus:
      - name: audiobookshelf
        url: https://audiobookshelf.alexlebens.net
        <<: *defaults
      - name: booklore
        url: https://booklore.alexlebens.net
        <<: *defaults
      - name: home-assistant
        url: https://home-assistant.alexlebens.net
        <<: *defaults
@@ -176,6 +179,11 @@ gatus:
      - name: n8n
        url: https://n8n.alexlebens.net
        <<: *defaults
      - name: kronic
        url: https://kronic.alexlebens.net
        <<: *defaults
        conditions:
          - "[STATUS] == 401"
      - name: omni-tools
        url: https://omni-tools.alexlebens.net
        <<: *defaults
@@ -245,6 +253,9 @@ gatus:
      - name: ceph
        url: https://ceph.alexlebens.net
        <<: *defaults
      - name: garage
        url: https://garage-webui.alexlebens.net
        <<: *defaults
      - name: pgadmin
        url: https://pgadmin.alexlebens.net
        <<: *defaults
@@ -254,6 +265,29 @@ gatus:
      - name: vault
        url: https://vault.alexlebens.net
        <<: *defaults
      - name: backrest
        url: https://backrest.alexlebens.net
        <<: *defaults
      - name: qui
        url: https://qui.alexlebens.net
        <<: *defaults
      - name: qbittorrent
        url: https://qbittorrent.alexlebens.net
        <<: *defaults
      - name: prowlarr
        url: https://prowlarr.alexlebens.net
        <<: *defaults
      - name: huntarr
        url: https://huntarr.alexlebens.net
        <<: *defaults
      - name: bazarr
        url: https://bazarr.alexlebens.net
        <<: *defaults
        conditions:
          - "[STATUS] == 401"
      - name: tdarr
        url: https://tdarr.alexlebens.net
        <<: *defaults
      - name: sonarr
        url: https://sonarr.alexlebens.net
        <<: *defaults
@@ -284,25 +318,11 @@ gatus:
      - name: slskd
        url: https://slskd.alexlebens.net
        <<: *defaults
-      - name: qui
+      - name: ephemera
-        url: https://qui.alexlebens.net
+        url: https://ephemera.alexlebens.net
        <<: *defaults
-      - name: qbittorrent
+      - name: listenarr
-        url: https://qbittorrent.alexlebens.net
+        url: https://listenarr.alexlebens.net
        <<: *defaults
      - name: prowlarr
        url: https://prowlarr.alexlebens.net
        <<: *defaults
      - name: bazarr
        url: https://bazarr.alexlebens.net
        <<: *defaults
        conditions:
          - "[STATUS] == 401"
      - name: huntarr
        url: https://huntarr.alexlebens.net
        <<: *defaults
      - name: tdarr
        url: https://tdarr.alexlebens.net
        <<: *defaults
      - name: www
        url: https://www.alexlebens.dev
@@ -347,24 +367,14 @@ gatus:
        url: https://codeserver.alexlebens.dev
        <<: *defaults
        group: external
      - name: authentik
        url: https://auth.alexlebens.dev
        <<: *defaults
        group: external
      - name: public homepage
        url: https://home.alexlebens.dev
        <<: *defaults
        group: external
      - name: discord
        group: public
        url: https://discord.com/app
        conditions:
          - "[STATUS] == 200"
          - "[RESPONSE_TIME] < 400"
        interval: 10s
      - name: reddit
        group: public
        url: https://reddit.com
        conditions:
          - "[STATUS] == 200"
          - "[RESPONSE_TIME] < 400"
        interval: 10s
 postgres-17-cluster:
  mode: recovery
  cluster:
--- a/clusters/cl01tl/helm/generic-device-plugin/Chart.lock
+++ b/clusters/cl01tl/helm/generic-device-plugin/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: generic-device-plugin
  repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-  version: 0.20.1
+  version: 0.20.5
-digest: sha256:4579605b405a55d66fd5deae5c12259afe98f5ad93843bf4e75fe6f4d45929de
+digest: sha256:329b2d00301ab1467a8654dd92febfd7078db121c00c0960548010c01dee66b6
-generated: "2025-12-01T20:25:48.389977-06:00"
+generated: "2025-12-08T03:02:06.697075532Z"
--- a/clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
+++ b/clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
@@ -15,6 +15,6 @@ maintainers:
 dependencies:
  - name: generic-device-plugin
    repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-    version: 0.20.1
+    version: 0.20.5
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 1.0.0
--- a/clusters/cl01tl/helm/gitea/Chart.lock
+++ b/clusters/cl01tl/helm/gitea/Chart.lock
@@ -7,15 +7,15 @@ dependencies:
  version: 0.2.1
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
 - name: meilisearch
  repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.17.1
+  version: 0.17.2
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.2
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
+  version: 6.16.1
-digest: sha256:6e72cd4abc36e238a5129d0ee471bc296435f8ff1c8be7f3132fc33193a39f23
+digest: sha256:392636c97a9be96f21c70f9b53559398aa15e67a0cae551041ee64f23088b59a
-generated: "2025-12-01T20:25:50.496342-06:00"
+generated: "2025-12-07T02:54:49.861996743Z"
--- a/clusters/cl01tl/helm/gitea/Chart.yaml
+++ b/clusters/cl01tl/helm/gitea/Chart.yaml
@@ -34,17 +34,17 @@ dependencies:
  - name: app-template
    alias: backup
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
  - name: meilisearch
-    version: 0.17.1
+    version: 0.17.2
    repository: https://meilisearch.github.io/meilisearch-kubernetes
  - name: cloudflared
    alias: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.2
  - name: postgres-cluster
    alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
 appVersion: 1.23.7
--- a/clusters/cl01tl/helm/gitea/templates/service-monitor.yaml
+++ b/clusters/cl01tl/helm/gitea/templates/service-monitor.yaml
@@ -12,8 +12,6 @@ spec:
    matchLabels:
      app.kubernetes.io/name: gitea
      app.kubernetes.io/instance: {{ .Release.Name }}
    matchExpressions:
      - { key: app.kubernetes.io/controller, operator: NotIn, values: [backup] }
  endpoints:
    - port: http
--- a/clusters/cl01tl/helm/gitea/values.yaml
+++ b/clusters/cl01tl/helm/gitea/values.yaml
@@ -174,6 +174,9 @@ gitea-actions:
 backup:
  global:
    fullnameOverride: gitea-backup
    labels:
      app.kubernetes.io/instance: gitea-backup
      app.kubernetes.io/name: gitea-backup
  controllers:
    backup:
      type: cronjob
@@ -212,7 +215,7 @@ backup:
        s3-backup:
          image:
            repository: d3fk/s3cmd
-            tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91
+            tag: latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551
            pullPolicy: IfNotPresent
          command:
            - /bin/sh
@@ -236,7 +239,7 @@ backup:
        s3-prune:
          image:
            repository: d3fk/s3cmd
-            tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91
+            tag: latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551
            pullPolicy: IfNotPresent
          command:
            - /bin/sh
--- a/clusters/cl01tl/helm/grafana-operator/Chart.lock
+++ b/clusters/cl01tl/helm/grafana-operator/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
  version: v5.20.0
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
+  version: 6.16.1
-digest: sha256:d70b284b771af610116564e5f47d72415ab0d3520ecb552159ee8dc8acd2ab46
+digest: sha256:3bd7096e4401df5818733b3e0b08f281c12af9b54a272fbe3e753b2616d725dd
-generated: "2025-12-01T19:55:46.485062-06:00"
+generated: "2025-12-04T00:01:28.278027037Z"
--- a/clusters/cl01tl/helm/grafana-operator/Chart.yaml
+++ b/clusters/cl01tl/helm/grafana-operator/Chart.yaml
@@ -21,7 +21,7 @@ dependencies:
    repository: https://grafana.github.io/helm-charts
  - name: postgres-cluster
    alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
 appVersion: v5.18.0
--- a/clusters/cl01tl/helm/harbor/Chart.yaml
+++ b/clusters/cl01tl/helm/harbor/Chart.yaml
@@ -21,7 +21,7 @@ dependencies:
    repository: https://helm.goharbor.io
  - name: postgres-cluster
    alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
    repository: http://gitea-http.gitea:3000/api/packages/alexlebens/helm
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
 appVersion: v2.13.0
--- a/clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml
+++ b/clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml
@@ -13,7 +13,7 @@ roleRef:
  apiGroup: rbac.authorization.k8s.io
 subjects:
  - kind: User
-    name: alexanderlebens@gmail.com
+    name: https://authentik.alexlebens.net/application/o/headlamp/#alexanderlebens@gmail.com
    apiGroup: rbac.authorization.k8s.io
  - kind: ServiceAccount
    name: headlamp-admin
--- a/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
@@ -40,14 +40,14 @@ spec:
        key: /authentik/oidc/headlamp
        metadataPolicy: None
        property: scopes
-    - secretKey: OIDC_VALIDATOR_ISSUER_URL
+    - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /authentik/oidc/headlamp
        metadataPolicy: None
        property: validator-issuer-url
-    - secretKey: OIDC_VALIDATOR_CLIENT_ID
+    - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
--- a/clusters/cl01tl/helm/headlamp/values.yaml
+++ b/clusters/cl01tl/helm/headlamp/values.yaml
@@ -26,6 +26,9 @@ headlamp:
        - name: trivy
          source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy
          version: 0.3.1
        - name: external-secrets-operator
          source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator
          version: 0.1.0-beta7
      installOptions:
-        parallel: true
+        parallel: false
-        maxConcurrent: 2
+        maxConcurrent: 1
--- a/clusters/cl01tl/helm/home-assistant/Chart.lock
+++ b/clusters/cl01tl/helm/home-assistant/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:ae6008e107c25dc25e6f595f783d137273207aeb06a8ece9fbba0d895cc0d729
+digest: sha256:a1961e446ba4361fa5d7ae31260c2ce472f27d0d2de2170cc8303586ef5c33ac
-generated: "2025-11-30T21:07:04.566378-06:00"
+generated: "2025-12-05T17:04:59.022729608Z"
--- a/clusters/cl01tl/helm/home-assistant/Chart.yaml
+++ b/clusters/cl01tl/helm/home-assistant/Chart.yaml
@@ -18,6 +18,6 @@ dependencies:
  - name: app-template
    alias: home-assistant
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
 appVersion: 2025.5.2
--- a/clusters/cl01tl/helm/home-assistant/values.yaml
+++ b/clusters/cl01tl/helm/home-assistant/values.yaml
@@ -9,7 +9,7 @@ home-assistant:
        main:
          image:
            repository: ghcr.io/home-assistant/home-assistant
-            tag: 2025.11.3
+            tag: 2025.12.1
            pullPolicy: IfNotPresent
          env:
            - name: TZ
@@ -21,7 +21,7 @@ home-assistant:
        code-server:
          image:
            repository: ghcr.io/linuxserver/code-server
-            tag: 4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0
+            tag: 4.106.3@sha256:aab9520fe923b2d93dccc2c806f3dc60649c2f4a2847fcd40c942227d0f1ae8f
            pullPolicy: IfNotPresent
          env:
            - name: TZ
--- a/clusters/cl01tl/helm/homepage-dev/Chart.lock
+++ b/clusters/cl01tl/helm/homepage-dev/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 1.23.0
+  version: 1.23.2
-digest: sha256:1bcc384dc2dc0a521600c90b8040f0cac9d706bde76419386d5eb7408e45169a
+digest: sha256:fbfdebf734560044cfe5d2c4771b63cbcabc121d13c44b751f914877b5bdc83f
-generated: "2025-11-30T21:07:07.275267-06:00"
+generated: "2025-12-07T02:55:01.91141803Z"
--- a/clusters/cl01tl/helm/homepage-dev/Chart.yaml
+++ b/clusters/cl01tl/helm/homepage-dev/Chart.yaml
@@ -18,10 +18,10 @@ dependencies:
  - name: app-template
    alias: homepage
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
  - name: cloudflared
    alias: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 1.23.0
+    version: 1.23.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
 appVersion: v1.2.0
--- a/clusters/cl01tl/helm/homepage/Chart.lock
+++ b/clusters/cl01tl/helm/homepage/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:fe69d34709d7f0c3674453013c0e76d6064531134404de8f4e72fb509b98bcb0
+digest: sha256:cbaccff17c1d80c4b9637a321d07f41960e66510edb83258254ebbbda08f82df
-generated: "2025-11-30T21:07:05.997919-06:00"
+generated: "2025-12-05T17:05:23.539922773Z"
--- a/clusters/cl01tl/helm/homepage/Chart.yaml
+++ b/clusters/cl01tl/helm/homepage/Chart.yaml
@@ -16,6 +16,6 @@ dependencies:
  - name: app-template
    alias: homepage
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
 appVersion: v1.2.0
--- a/clusters/cl01tl/helm/huntarr/Chart.lock
+++ b/clusters/cl01tl/helm/huntarr/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:23e60d425ef97edda213f29628f29adca4b82dd68c75f764fd83fd865acd8c70
+digest: sha256:44805f836d7cfcd7511616ad0d93da02b3e6cfdb58d823f6dcf17b17bb47d3a1
-generated: "2025-11-30T21:07:08.851326-06:00"
+generated: "2025-12-05T17:05:35.445002111Z"
--- a/clusters/cl01tl/helm/huntarr/Chart.yaml
+++ b/clusters/cl01tl/helm/huntarr/Chart.yaml
@@ -16,6 +16,6 @@ dependencies:
  - name: app-template
    alias: huntarr
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/huntarr.png
 appVersion: 7.0.0
--- a/clusters/cl01tl/helm/immich/Chart.lock
+++ b/clusters/cl01tl/helm/immich/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.0
+  version: 6.16.1
-digest: sha256:6c1412459bf39357f20db21735f64dc4f5fe2a0a746d19a78ddff43801610991
+digest: sha256:fa72554b2aeb7710212e3cbff3f7d080d04ee205c4cee95f27f5e12cdeab78a9
-generated: "2025-11-30T21:07:10.484678-06:00"
+generated: "2025-12-05T17:05:47.565602786Z"
--- a/clusters/cl01tl/helm/immich/Chart.yaml
+++ b/clusters/cl01tl/helm/immich/Chart.yaml
@@ -17,10 +17,10 @@ dependencies:
  - name: app-template
    alias: immich
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
  - name: postgres-cluster
    alias: postgres-17-cluster
-    version: 6.16.0
+    version: 6.16.1
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
 appVersion: v2.0.1
--- a/clusters/cl01tl/helm/jellyfin/Chart.lock
+++ b/clusters/cl01tl/helm/jellyfin/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.4.0
+  version: 4.5.0
-digest: sha256:5394000890e1bcc83f94b138c148c591f6a091850e734acbd6e1e7d053469f38
+digest: sha256:042995f7609eaf4036fa416dcdf60e9c7f3fb90a5614322f4e2f6cce17c236ff
-generated: "2025-11-30T21:07:11.924605-06:00"
+generated: "2025-12-05T17:05:59.576358789Z"
--- a/clusters/cl01tl/helm/jellyfin/Chart.yaml
+++ b/clusters/cl01tl/helm/jellyfin/Chart.yaml
@@ -20,6 +20,6 @@ dependencies:
  - name: app-template
    alias: jellyfin
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
+    version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png
 appVersion: 10.10.7
--- a/Show More
+++ b/Show More