chore(deps): update unpoller/unpoller to v2.35.0

tmp/refactor (#4986 )
Reviewed-on: #4986
2026-03-22 23:46:11 +00:00 · 2026-03-22 23:43:56 +00:00 · 2026-03-22 23:02:19 +00:00 · 2026-03-22 22:06:55 +00:00 · 2026-03-22 16:04:48 -05:00 · 2026-03-22 17:55:11 +00:00
53 changed files with 406 additions and 246 deletions
--- a/.gitea/workflows/lint-test-docker.yaml
+++ b/.gitea/workflows/lint-test-docker.yaml
@@ -21,14 +21,14 @@ jobs:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
-        uses: GuillaumeFalourd/branch-exists@v1.1
+        uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
        with:
          branch: "${{ github.base_ref }}"

@@ -51,7 +51,7 @@ jobs:

      - name: Set Up Node.js
        if: steps.branch-exists.outputs.exists == 'true'
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
        with:
          node-version: '24'

@@ -120,7 +120,7 @@ jobs:
          echo "----"

      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
--- a/.gitea/workflows/lint-test-helm.yaml
+++ b/.gitea/workflows/lint-test-helm.yaml
@@ -28,14 +28,14 @@ jobs:
      changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
-        uses: GuillaumeFalourd/branch-exists@v1.1
+        uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
        with:
          branch: ${{ github.base_ref }}

@@ -58,7 +58,7 @@ jobs:

      - name: Set Up Helm
        if: steps.branch-exists.outputs.exists == 'true'
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          # renovate: datasource=github-releases depName=helm/helm
@@ -67,7 +67,7 @@ jobs:

      - name: Cache Helm Dependencies
        if: steps.branch-exists.outputs.exists == 'true'
-        uses: actions/cache@v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
        with:
          path: |
            ~/.cache/helm
@@ -209,7 +209,7 @@ jobs:
          exit $EXIT_CODE

      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
@@ -232,7 +232,7 @@ jobs:
      github.event_name == 'pull_request'
    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

@@ -257,7 +257,7 @@ jobs:
          echo "----"

      - name: Set Up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          # renovate: datasource=github-releases depName=helm/helm
@@ -265,7 +265,7 @@ jobs:
          cache: true

      - name: Cache Helm Dependencies
-        uses: actions/cache@v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
        with:
          path: |
            ~/.cache/helm
@@ -352,7 +352,7 @@ jobs:
          exit $EXIT_CODE

      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
--- a/.gitea/workflows/render-manifests.yaml
+++ b/.gitea/workflows/render-manifests.yaml
@@ -31,32 +31,32 @@ jobs:
      (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
    steps:
      - name: Checkout Main
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          path: infrastructure
          fetch-depth: 0

      - name: Checkout Manifests
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: manifests
          path: infrastructure-manifests

      - name: Set Up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
          cache: true

      - name: Configure Kubeconfig
-        uses: azure/k8s-set-context@v4
+        uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
        with:
          method: kubeconfig
          kubeconfig: ${{ secrets.KUBECONFIG }}

      - name: Cache Helm Dependencies
-        uses: actions/cache@v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
        with:
          path: |
            ~/.cache/helm
@@ -568,7 +568,7 @@ jobs:
          echo "----"

      - name: ntfy Created
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
        with:
          url: "${{ secrets.NTFY_URL }}"
@@ -582,7 +582,7 @@ jobs:
          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'

      - name: ntfy Updated
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
        with:
          url: "${{ secrets.NTFY_URL }}"
@@ -596,7 +596,7 @@ jobs:
          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'

      - name: ntfy Merged
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: steps.merge-changes.outputs.pull-request-operation == 'merged'
        with:
          url: "${{ secrets.NTFY_URL }}"
@@ -610,7 +610,7 @@ jobs:
          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'

      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
+        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
        if: failure()
        with:
          url: "${{ secrets.NTFY_URL }}"
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -13,10 +13,10 @@ on:
 jobs:
  renovate:
    runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43
+    container: ghcr.io/renovatebot/renovate:43.84.2@sha256:92285747b3aac062a4f567762c272a12dce037843a20177a02c95b7c420e20cb
    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Renovate
        run: renovate
@@ -25,7 +25,7 @@ jobs:
          RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
          RENOVATE_REPOSITORIES: alexlebens/infrastructure
          RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
-          LOG_LEVEL: info
+          LOG_LEVEL: debug
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
--- a/clusters/cl01tl/helm/actual/Chart.yaml
+++ b/clusters/cl01tl/helm/actual/Chart.yaml
@@ -5,11 +5,12 @@ description: Actual
 keywords:
  - actual
  - budget
-home: https://wiki.alexlebens.dev/s/86192f45-94b7-45de-872c-6ef3fec7df5e
+home: https://docs.alexlebens.dev/applications/actual/
 sources:
  - https://github.com/actualbudget/actual
  - https://github.com/actualbudget/actual/pkgs/container/actual
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
--- a/clusters/cl01tl/helm/actual/values.yaml
+++ b/clusters/cl01tl/helm/actual/values.yaml
@@ -4,20 +4,18 @@ actual:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/actualbudget/actual
-            tag: 26.3.0
-            pullPolicy: IfNotPresent
+            tag: 26.3.0@sha256:eb8bc26f53025e07e464594c12d77c52c4b95840c8dadd9b95c4f0c4660f8ad2
          env:
-            - name: TZ
-              value: US/Central
+            - name: ACTUAL_PORT
+              value: 5006
          resources:
            requests:
-              cpu: 10m
-              memory: 128Mi
+              cpu: 25m
+              memory: 64Mi
          probes:
            liveness:
              enabled: true
@@ -54,11 +52,8 @@ actual:
        - actual.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
-              kind: Service
-              name: actual
+            - name: actual
              port: 80
-              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -69,7 +64,6 @@ actual:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 2Gi
-      retain: true
      advancedMounts:
        main:
          main:
--- a/clusters/cl01tl/helm/argo-workflows/Chart.yaml
+++ b/clusters/cl01tl/helm/argo-workflows/Chart.yaml
@@ -7,12 +7,13 @@ keywords:
  - argo-events
  - workflows
  - events
-home: https://wiki.alexlebens.dev/s/a268508f-d81d-4b4b-8bd5-9058edaea635
+home: https://docs.alexlebens.dev/applications/argo-workflows/
 sources:
  - https://github.com/argoproj/argo-workflows
  - https://github.com/argoproj/argo-events
  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://github.com/argoproj/argo-helm/tree/main/charts
+  - https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
+  - https://github.com/argoproj/argo-helm/tree/main/charts/argo-events
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
 maintainers:
  - name: alexlebens
--- a/clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
@@ -14,15 +14,9 @@ spec:
  data:
    - secretKey: secret
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/argo-workflows
-        metadataPolicy: None
        property: secret
    - secretKey: client
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/argo-workflows
-        metadataPolicy: None
        property: client
--- a/clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml
@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: argo-workflows
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: argo-workflows
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - argo-workflows.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: argo-workflows-server
-          port: 2746
-          weight: 100
--- a/clusters/cl01tl/helm/argo-workflows/values.yaml
+++ b/clusters/cl01tl/helm/argo-workflows/values.yaml
@@ -2,8 +2,6 @@ argo-workflows:
  crds:
    install: true
    keep: true
-    # -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
-    # Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
    full: true
    upgradeJob:
      image:
@@ -13,11 +11,6 @@ argo-workflows:
    metricsConfig:
      enabled: true
    persistence:
-      connectionPool:
-        maxIdleConns: 100
-        maxOpenConns: 0
-      nodeStatusOffLoad: true
-      archive: true
      postgresql:
        host: argo-workflows-postgresql-18-cluster-rw
        port: 5432
@@ -32,24 +25,34 @@ argo-workflows:
        ssl: false
        sslMode: disable
    workflowWorkers: 2
-    workflowTTLWorkers: 1
-    podCleanupWorkers: 1
-    cronWorkflowWorkers: 1
+    workflowTTLWorkers: 2
+    podCleanupWorkers: 2
+    cronWorkflowWorkers: 2
    resources:
      requests:
        cpu: 10m
-        memory: 128Mi
+        memory: 32Mi
    serviceMonitor:
      enabled: true
-    name: workflow-controller
    workflowNamespaces:
-      - argocd
      - argo-workflows
  server:
    authModes:
      - sso
-    ingress:
-      enabled: false
+    httproute:
+      enabled: true
+      parentRefs:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          name: traefik-gateway
+          namespace: traefik
+      hostnames:
+        - argo-workflows.alexlebens.net
+      rules:
+        - matches:
+            - path:
+                type: PathPrefix
+                value: /
    sso:
      enabled: true
      issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
@@ -66,15 +69,15 @@ argo-workflows:
        - openid
        - email
        - profile
-  useStaticCredentials: true
-  artifactRepository:
-    archiveLogs: false
 argo-events:
+  crds:
+    install: true
+    keep: true
  controller:
    resources:
      requests:
        cpu: 10m
-        memory: 128Mi
+        memory: 32Mi
    metrics:
      enabled: true
      serviceMonitor:
@@ -84,7 +87,7 @@ argo-events:
    resources:
      requests:
        cpu: 10m
-        memory: 128Mi
+        memory: 32Mi
 postgres-18-cluster:
  mode: recovery
  recovery:
@@ -98,32 +101,9 @@ postgres-18-cluster:
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
-      # - name: garage-remote
-      #   index: 1
-      #   destinationBucket: postgres-backups
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "90d"
-      #   data:
-      #     compression: bzip2
-      # - name: external
-      #   index: 1
-      #   endpointURL: https://nyc3.digitaloceanspaces.com
-      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 0 14 * * *"
        backupName: garage-local
-      # - name: weekly-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 4 * * SAT"
-      #   backupName: garage-remote
-      # - name: daily-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
--- a/clusters/cl01tl/helm/argocd/values.yaml
+++ b/clusters/cl01tl/helm/argocd/values.yaml
@@ -55,14 +55,7 @@ argo-cd:
  server:
    replicas: 2
    extensions:
-      enabled: true
-      extensionList:
-        - name: extension-trivy
-          env:
-            - name: EXTENSION_URL
-              value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
-            - name: EXTENSION_CHECKSUM_URL
-              value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
+      enabled: false
    metrics:
      enabled: true
      serviceMonitor:
--- a/clusters/cl01tl/helm/blocky/values.yaml
+++ b/clusters/cl01tl/helm/blocky/values.yaml
@@ -98,7 +98,7 @@ blocky:

              traefik-cl01tl                  IN      A       10.232.1.21
              blocky                          IN      A       10.232.1.22
-              cilium-cl01tl                   IN      A       10.232.1.23
+              plex-lb                         IN      A       10.232.1.23


              ;; Application Names
@@ -117,6 +117,7 @@ blocky:
              directus                        IN      CNAME   traefik-cl01tl
              excalidraw                      IN      CNAME   traefik-cl01tl
              feishin                         IN      CNAME   traefik-cl01tl
+              foldergram                      IN      CNAME   traefik-cl01tl
              garage-s3                       IN      CNAME   traefik-cl01tl
              garage-webui                    IN      CNAME   traefik-cl01tl
              gatus                           IN      CNAME   traefik-cl01tl
--- a/clusters/cl01tl/helm/dawarich/Chart.yaml
+++ b/clusters/cl01tl/helm/dawarich/Chart.yaml
@@ -26,4 +26,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
 # renovate: datasource=github-releases depName=Freika/dawarich
-appVersion: 1.3.4
+appVersion: 1.4.0
--- a/clusters/cl01tl/helm/dawarich/values.yaml
+++ b/clusters/cl01tl/helm/dawarich/values.yaml
@@ -9,7 +9,7 @@ dawarich:
        main:
          image:
            repository: freikin/dawarich
-            tag: 1.3.4
+            tag: 1.4.0
            pullPolicy: IfNotPresent
          command: ["web-entrypoint.sh"]
          args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
@@ -106,7 +106,7 @@ dawarich:
        sidekiq:
          image:
            repository: freikin/dawarich
-            tag: 1.3.4
+            tag: 1.4.0
            pullPolicy: IfNotPresent
          command: ["sidekiq-entrypoint.sh"]
          args: ["sidekiq"]
--- a/clusters/cl01tl/helm/eraser/values.yaml
+++ b/clusters/cl01tl/helm/eraser/values.yaml
@@ -34,27 +34,7 @@ eraser:
        request:
          cpu: 100m
          memory: 128Mi
-        config: "" # |
-          # cacheDir: /var/lib/trivy
-          # dbRepo: ghcr.io/aquasecurity/trivy-db
-          # deleteFailedImages: true
-          # deleteEOLImages: true
-          # vulnerabilities:
-          #   ignoreUnfixed: true
-          #   types:
-          #     - os
-          #     - library
-          #   securityChecks:
-          #     - vuln
-          #   severities:
-          #     - CRITICAL
-          #     - HIGH
-          #     - MEDIUM
-          #     - LOW
-          #   ignoredStatuses:
-          # timeout:
-          #   total: 23h
-          #   perImage: 1h
+        config: ""
      remover:
        request:
          cpu: 10m
--- a/clusters/cl01tl/helm/foldergram/Chart.lock
+++ b/clusters/cl01tl/helm/foldergram/Chart.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.6.2
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+digest: sha256:59100c6fbfb829f9d703b9ee1cf869c4fd77b6ff53c63b0c644a757223027e58
+generated: "2026-03-22T12:42:43.150705-05:00"
--- a/clusters/cl01tl/helm/foldergram/Chart.yaml
+++ b/clusters/cl01tl/helm/foldergram/Chart.yaml
@@ -0,0 +1,25 @@
+apiVersion: v2
+name: foldergram
+version: 1.0.0
+description: Foldergram
+keywords:
+  - foldergram
+  - pictures
+home: https://wiki.alexlebens.dev/
+sources:
+  - https://github.com/foldergram/foldergram
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: foldergram
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.6.2
+  - name: volsync-target
+    alias: volsync-target-data
+    version: 0.8.0
+    repository: oci://harbor.alexlebens.net/helm-charts
+icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
+# renovate: datasource=github-releases depName=foldergram/foldergram
+appVersion: v1.0.5
--- a/clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: foldergram-pictures-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: foldergram-pictures-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeName: foldergram-pictures-nfs-storage
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
--- a/clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: foldergram-pictures-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: foldergram-pictures-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: nfs-client
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/Storage/Pictures
+    server: synologybond.alexlebens.net
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac
--- a/clusters/cl01tl/helm/foldergram/values.yaml
+++ b/clusters/cl01tl/helm/foldergram/values.yaml
@@ -0,0 +1,87 @@
+foldergram:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: ghcr.io/foldergram/foldergram
+            tag: 1.0.5
+            pullPolicy: IfNotPresent
+          env:
+            - name: IMAGE_DETAIL_SOURCE
+              value: original
+            - name: DERIVATIVE_MODE
+              value: lazy
+            - name: DATA_ROOT
+              value: ./data
+            - name: GALLERY_ROOT
+              value: /gallery
+            - name: CSRF_TRUSTED_ORIGINS
+              value: https://foldergram.alexlebens.net
+          resources:
+            requests:
+              cpu: 10m
+              memory: 128Mi
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 80
+          targetPort: 4141
+          protocol: HTTP
+  route:
+    main:
+      kind: HTTPRoute
+      parentRefs:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          name: traefik-gateway
+          namespace: traefik
+      hostnames:
+        - foldergram.alexlebens.net
+      rules:
+        - backendRefs:
+            - group: ''
+              kind: Service
+              name: foldergram
+              port: 80
+              weight: 100
+          matches:
+            - path:
+                type: PathPrefix
+                value: /
+  persistence:
+    cache:
+      forceRename: foldergram-data
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 10Gi
+      retain: false
+      advancedMounts:
+        main:
+          main:
+            - path: /app/data
+              readOnly: false
+    pictures:
+      existingClaim: foldergram-pictures-nfs-storage
+      advancedMounts:
+        main:
+          main:
+            - path: /gallery/pictures
+              readOnly: true
+volsync-target-data:
+  pvcTarget: foldergram-data
+  local:
+    enabled: true
+    schedule: 46 11 * * *
+  remote:
+    enabled: true
+    schedule: 46 12 * * *
+  external:
+    enabled: true
+    schedule: 46 13 * * *
--- a/clusters/cl01tl/helm/gatus/values.yaml
+++ b/clusters/cl01tl/helm/gatus/values.yaml
@@ -161,6 +161,9 @@ gatus:
      - name: photoview
        url: https://photoview.alexlebens.net
        <<: *defaults
+      - name: foldergram
+        url: https://foldergram.alexlebens.net
+        <<: *defaults
      - name: booklore
        url: https://booklore.alexlebens.net
        <<: *defaults
--- a/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
+++ b/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
@@ -377,25 +377,6 @@ spec:
  resyncPeriod: 1h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json

---
-apiVersion: grafana.integreatly.org/v1beta1
-kind: GrafanaDashboard
-metadata:
-  name: grafana-dashboard-trivy
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: grafana-dashboard-trivy
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  instanceSelector:
-    matchLabels:
-      app: grafana-main
-  contentCacheDuration: 1h
-  folderUID: grafana-folder-service
-  resyncPeriod: 1h
-  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
-
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
--- a/clusters/cl01tl/helm/headlamp/values.yaml
+++ b/clusters/cl01tl/helm/headlamp/values.yaml
@@ -25,9 +25,6 @@ headlamp:
        - name: cert-manager
          source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager
          version: 0.1.0
-        - name: trivy
-          source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy
-          version: 0.3.1
        - name: external-secrets-operator
          source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator
          version: 0.1.0-beta7
--- a/clusters/cl01tl/helm/homepage/values.yaml
+++ b/clusters/cl01tl/helm/homepage/values.yaml
@@ -202,6 +202,12 @@ homepage:
                  href: https://photoview.alexlebens.net
                  siteMonitor: http://photoview.photoview:80
                  statusStyle: dot
+              - Pictures:
+                  icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
+                  description: Foldergram
+                  href: https://foldergram.alexlebens.net
+                  siteMonitor: http://foldergram.foldergram:80
+                  statusStyle: dot
              - Books:
                  icon: sh-booklore.webp
                  description: Grimmory
--- a/clusters/cl01tl/helm/houndarr/Chart.lock
+++ b/clusters/cl01tl/helm/houndarr/Chart.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.6.2
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+digest: sha256:375d6c2eb2f097717c44c5a28cb162da24f4ff154a971e5a68ccd0e0b77e936f
+generated: "2026-03-21T22:31:01.142752-05:00"
--- a/clusters/cl01tl/helm/houndarr/Chart.yaml
+++ b/clusters/cl01tl/helm/houndarr/Chart.yaml
@@ -22,4 +22,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
 # renovate: datasource=github-releases depName=av1155/houndarr
-appVersion: v1.6.0
+appVersion: v1.6.1
--- a/clusters/cl01tl/helm/houndarr/values.yaml
+++ b/clusters/cl01tl/helm/houndarr/values.yaml
@@ -14,6 +14,10 @@ houndarr:
          env:
            - name: TZ
              value: America/Chicago
+            - name: PUID
+              value: 1000
+            - name: PGID
+              value: 1000
            - name: HOUNDARR_SECURE_COOKIES
              value: true
            - name: HOUNDARR_TRUSTED_PROXIES
@@ -64,6 +68,11 @@ houndarr:
              readOnly: false
 volsync-target-data:
  pvcTarget: houndarr-data
+  moverSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+    fsGroupChangePolicy: OnRootMismatch
  local:
    enabled: true
    schedule: 40 11 * * *
--- a/clusters/cl01tl/helm/music-grabber/values.yaml
+++ b/clusters/cl01tl/helm/music-grabber/values.yaml
@@ -9,7 +9,7 @@ music-grabber:
        main:
          image:
            repository: g33kphr33k/musicgrabber
-            tag: 2.4.6
+            tag: 2.5.0
            pullPolicy: IfNotPresent
          env:
            - name: MUSIC_DIR
--- a/clusters/cl01tl/helm/plex/values.yaml
+++ b/clusters/cl01tl/helm/plex/values.yaml
@@ -26,6 +26,7 @@ plex:
  service:
    main:
      controller: main
+      type: LoadBalancer
      ports:
        http:
          port: 32400
--- a/clusters/cl01tl/helm/unpoller/Chart.yaml
+++ b/clusters/cl01tl/helm/unpoller/Chart.yaml
@@ -21,4 +21,4 @@ dependencies:
    version: 4.6.2
 icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67
 # renovate: datasource=github-releases depName=unpoller/unpoller
-appVersion: v2.34.0
+appVersion: v2.35.0
--- a/clusters/cl01tl/helm/unpoller/values.yaml
+++ b/clusters/cl01tl/helm/unpoller/values.yaml
@@ -9,7 +9,7 @@ unpoller:
        main:
          image:
            repository: ghcr.io/unpoller/unpoller
-            tag: v2.34.0
+            tag: v2.35.0
            pullPolicy: IfNotPresent
          env:
            - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS
--- a/hosts/pd05wd/ollama/compose.yaml
+++ b/hosts/pd05wd/ollama/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-ollama:
-        image: ghcr.io/tailscale/tailscale:latest
+        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-ollama
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    ollama:
-        image: ollama/ollama:latest
+        image: ollama/ollama:latest@sha256:5a5d014aa774f78ebe1340c0d4afc2e35afc12a2c3b34c84e71f78ea20af4ba3
        container_name: ollama
        environment:
            - OLLAMA_KEEP_ALIVE=24h
--- a/hosts/pd05wd/stable-diffusion/compose.yaml
+++ b/hosts/pd05wd/stable-diffusion/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-stable-diffusion:
-        image: ghcr.io/tailscale/tailscale:latest
+        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-stable-diffusion
        cap_add:
            - net_admin
@@ -22,7 +22,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    stable-diffusion:
-        image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda
+        image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda@sha256:bc4b2b12ac8d030cc5daf25e2c32517709b7c15f59a32685c4c1a14a9606eb42
        container_name: stable-diffusion
        environment:
            - WEBUI_ARGS="--api --listen"
--- a/hosts/ps08rp/blocky/compose.yaml
+++ b/hosts/ps08rp/blocky/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-blocky:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-blocky
        cap_add:
            - net_admin
@@ -18,7 +18,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    blocky:
-        image: ghcr.io/0xerr0r/blocky:v0.29.0
+        image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
        container_name: blocky
        environment:
            - TZ=America/Chicago
--- a/hosts/ps08rp/blocky/config.yml
+++ b/hosts/ps08rp/blocky/config.yml
@@ -73,7 +73,7 @@ customDNS:

    traefik-cl01tl                  IN      A       10.232.1.21
    blocky                          IN      A       10.232.1.22
-    cilium-cl01tl                   IN      A       10.232.1.23
+    plex-lb                         IN      A       10.232.1.23


    ;; Application Names
@@ -92,6 +92,7 @@ customDNS:
    directus                        IN      CNAME   traefik-cl01tl
    excalidraw                      IN      CNAME   traefik-cl01tl
    feishin                         IN      CNAME   traefik-cl01tl
+    foldergram                      IN      CNAME   traefik-cl01tl
    garage-s3                       IN      CNAME   traefik-cl01tl
    garage-webui                    IN      CNAME   traefik-cl01tl
    gatus                           IN      CNAME   traefik-cl01tl
--- a/hosts/ps08rp/node-exporter/compose.yaml
+++ b/hosts/ps08rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.10.2
+        image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps08rp/traefik/compose.yaml
+++ b/hosts/ps08rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.11
+        image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps09rp/blocky/compose.yaml
+++ b/hosts/ps09rp/blocky/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-blocky:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-blocky
        cap_add:
            - net_admin
@@ -18,7 +18,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    blocky:
-        image: ghcr.io/0xerr0r/blocky:v0.29.0
+        image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
        container_name: blocky
        environment:
            - TZ=America/Chicago
--- a/hosts/ps09rp/blocky/config.yml
+++ b/hosts/ps09rp/blocky/config.yml
@@ -94,7 +94,7 @@ customDNS:

    traefik-cl01tl                  IN      A       10.232.1.21
    blocky                          IN      A       10.232.1.22
-    cilium-cl01tl                   IN      A       10.232.1.23
+    plex-lb                         IN      A       10.232.1.23


    ;; Application Names
@@ -113,6 +113,7 @@ customDNS:
    directus                        IN      CNAME   traefik-cl01tl
    excalidraw                      IN      CNAME   traefik-cl01tl
    feishin                         IN      CNAME   traefik-cl01tl
+    foldergram                      IN      CNAME   traefik-cl01tl
    garage-s3                       IN      CNAME   traefik-cl01tl
    garage-webui                    IN      CNAME   traefik-cl01tl
    gatus                           IN      CNAME   traefik-cl01tl
--- a/hosts/ps09rp/node-exporter/compose.yaml
+++ b/hosts/ps09rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.10.2
+        image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps09rp/traefik/compose.yaml
+++ b/hosts/ps09rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.11
+        image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps10rp/blocky/compose.yaml
+++ b/hosts/ps10rp/blocky/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-blocky:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-blocky
        cap_add:
            - net_admin
@@ -18,7 +18,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    blocky:
-        image: ghcr.io/0xerr0r/blocky:v0.29.0
+        image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
        container_name: blocky
        environment:
            - TZ=America/Chicago
--- a/hosts/ps10rp/castsponsorskip/compose.yaml
+++ b/hosts/ps10rp/castsponsorskip/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    castsponsorskip:
-        image: ghcr.io/gabe565/castsponsorskip:0.8.3
+        image: ghcr.io/gabe565/castsponsorskip:0.8.3@sha256:f556d274aab94c3140058e9f192396bc75e04d8e075769223c1edfc8c4f4daa4
        container_name: castsponsorskip
        environment:
            - TZ=America/Chicago
--- a/hosts/ps10rp/cloudflare-ddns/compose.yaml
+++ b/hosts/ps10rp/cloudflare-ddns/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    cloudflare-ddns:
-        image: favonia/cloudflare-ddns:1.15.1
+        image: favonia/cloudflare-ddns:1.15.1@sha256:a4e2089b3531eec8c9328c7a9a586f80e8d67dcd94856e0b596b7896e1de3f62
        container_name: cloudflare-ddns
        cap_drop:
            - all
--- a/hosts/ps10rp/garage/compose.yaml
+++ b/hosts/ps10rp/garage/compose.yaml
@@ -1,6 +1,6 @@
 services:
    tailscale-garage:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-garage
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    tailscale-garage-ui:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-garage-ui
        cap_add:
            - net_admin
@@ -39,7 +39,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    garage:
-        image: dxflrs/garage:v2.2.0
+        image: dxflrs/garage:v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
        container_name: garage
        env_file:
            - .env
@@ -54,7 +54,7 @@ services:
            - data:/var/lib/garage/data

    garage-ui:
-        image: khairul169/garage-webui:1.1.0
+        image: khairul169/garage-webui:1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c
        container_name: garage-ui
        env_file:
            - .env
--- a/hosts/ps10rp/gitea/compose.yaml
+++ b/hosts/ps10rp/gitea/compose.yaml
@@ -1,6 +1,6 @@
 services:
    tailscale-gitea:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-gitea
        cap_add:
            - net_admin
@@ -19,7 +19,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    postgresql:
-        image: docker.io/postgres:18.1-alpine3.21
+        image: docker.io/postgres:18.1-alpine3.21@sha256:44d837eb4c2ed263474a95f0cc24745413c50924df60dd73ed6c4c3e36b84259
        container_name: gitea-postgres
        env_file:
            - .env
@@ -33,7 +33,7 @@ services:
            - postgresql18:/var/lib/postgresql

    gitea:
-        image: gitea/gitea:1.25.5
+        image: gitea/gitea:1.25.5@sha256:f846d26a4fc389c5806a580a765e00bfdd1fd181e6f2060da98ea2669d914472
        container_name: gitea
        depends_on:
            - postgresql
--- a/hosts/ps10rp/homepage/compose.yaml
+++ b/hosts/ps10rp/homepage/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-homepage:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-homepage
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    dockerproxy:
-        image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.2
+        image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.2@sha256:1f3a6f303320723d199d2316a3e82b2e2685d86c275d5e3deeaf182573b47476
        container_name: homepage-dockerproxy
        environment:
            - CONTAINERS=1
@@ -32,7 +32,7 @@ services:
            - /var/run/docker.sock:/var/run/docker.sock:ro

    homepage:
-        image: ghcr.io/gethomepage/homepage:v1.11.0
+        image: ghcr.io/gethomepage/homepage:v1.11.0@sha256:b129cb0f674bd6d204e215bde2c2fc3f11d6ad0e82f6d20007cf80f74e1acbb1
        container_name: homepage
        labels:
            traefik.enable: true
--- a/hosts/ps10rp/isponsorblocktv/compose.yaml
+++ b/hosts/ps10rp/isponsorblocktv/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    isponsorblocktv:
-        image: ghcr.io/dmunozv04/isponsorblocktv:v2.6.1
+        image: ghcr.io/dmunozv04/isponsorblocktv:v2.6.1@sha256:545856523283753ebcf4b400a46895b9906844be5265a0f4cab98a6b0bdf84be
        container_name: isponsorblocktv
        environment:
            - TZ=America/Chicago
--- a/hosts/ps10rp/komodo-periphery/compose.yaml
+++ b/hosts/ps10rp/komodo-periphery/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-komodo-periphery:
-        image: ghcr.io/tailscale/tailscale:latest
+        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-komodo-periphery
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    komodo-periphery:
-        image: ghcr.io/moghtech/komodo-periphery:latest
+        image: ghcr.io/moghtech/komodo-periphery:latest@sha256:bd79cf960ed054fe8e02384322303e462448679b1149dde48bbef151417255b1
        container_name: komodo-periphery
        env_file:
            - .env
--- a/hosts/ps10rp/node-exporter/compose.yaml
+++ b/hosts/ps10rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-node-exporter:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-node-exporter
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.10.2
+        image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps10rp/tailscale-subnet/compose.yaml
+++ b/hosts/ps10rp/tailscale-subnet/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-subnet
        cap_add:
            - net_admin
--- a/hosts/ps10rp/traefik/compose.yaml
+++ b/hosts/ps10rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-traefik:
-        image: ghcr.io/tailscale/tailscale:v1.94.2
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-traefik
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun

    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.11
+        image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/renovate.json
+++ b/renovate.json
@@ -5,6 +5,14 @@
    "mergeConfidence:all-badges",
    ":rebaseStalePrs"
  ],
+  "timezone": "America/Chicago",
+  "labels": [],
+  "prHourlyLimit": 0,
+  "prConcurrentLimit": 0,
+  "pinDigests": true,
+  "baseBranchPatterns": [
+    "main"
+  ],
  "customManagers": [
    {
      "description": "Update appVersion in Chart.yaml",
@@ -23,7 +31,7 @@
        "/(^|/)templates/.*\\.yaml$/"
      ],
      "matchStrings": [
-        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+tag: (?<currentValue>.*)"
+        "# renovate: datasource=(?<datasource>[^\\s]+)\\s+depName=(?<depName>[^\\s]+)\\s+tag:\\s*[\"']?(?<currentValue>[^@\"'\\s\n]+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\"']?"
      ]
    },
    {
@@ -53,14 +61,30 @@
      "versioningTemplate": "semver"
    }
  ],
-  "timezone": "US/Central",
-  "labels": [],
-  "prHourlyLimit": 0,
-  "prConcurrentLimit": 0,
-  "baseBranchPatterns": [
-    "main"
-  ],
  "packageRules": [
+    {
+      "description": "Disable updates to digests",
+      "matchUpdateTypes": [
+        "digest"
+      ],
+      "enabled": false
+    },
+    {
+      "description": "Automerge digests for actions",
+      "matchManagers": [
+        "github-actions"
+      ],
+      "matchUpdateTypes": [
+        "digest"
+      ],
+      "addLabels": [
+        "actions",
+        "automerge"
+      ],
+      "enabled": true,
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
    {
      "description": "Label charts",
      "matchDatasources": [
@@ -102,7 +126,71 @@
      "automergeType": "branch"
    },
    {
-      "description": "Label images, helm",
+      "description": "Label images",
+      "matchDatasources": [
+        "docker"
+      ],
+      "addLabels": [
+        "image"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "Automerge image patches",
+      "matchUpdateTypes": [
+        "patch",
+        "pinDigest"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge images, specific packages",
+      "matchUpdateTypes": [
+        "patch",
+        "minor"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchPackageNames": [
+        "ghcr.io/renovatebot/renovate"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge digest updates, specific packages",
+      "matchUpdateTypes": [
+        "digest"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchPackageNames": [
+        "searxng/searxng"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "enabled": true,
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Label appVersion and images, merged",
      "matchManagers": [
        "custom.regex",
        "helm-values"
@@ -115,20 +203,10 @@
      "automerge": false
    },
    {
-      "description": "Label images, docker",
-      "matchDatasources": [
-        "docker"
-      ],
-      "addLabels": [
-        "image"
-      ],
-      "automerge": false
-    },
-    {
-      "description": "Automerge image patches, helm",
+      "description": "Automerge appVersion and images, merged",
      "matchUpdateTypes": [
        "patch",
-        "digest"
+        "pinDigest"
      ],
      "matchManagers": [
        "custom.regex",
@@ -144,20 +222,17 @@
      "minimumReleaseAge": "1 days"
    },
    {
-      "description": "Automerge image patches, docker",
-      "matchUpdateTypes": [
-        "patch",
-        "digest"
+      "description": "Group unmatched Dawarich dependencies",
+      "matchPackageNames": [
+        "freikin/dawarich",
+        "freika/dawarich",
+        "ghcr.io/freikin/dawarich",
+        "ghcr.io/freika/dawarich",
+        "docker.io/freikin/dawarich",
+        "docker.io/freika/dawarich"
      ],
-      "matchDatasources": [
-        "docker"
-      ],
-      "addLabels": [
-        "image",
-        "automerge"
-      ],
-      "automerge": true,
-      "minimumReleaseAge": "1 days"
+      "groupName": "dawarich",
+      "groupSlug": "unified-dawarich"
    }
  ]
 }
Author	SHA1	Message	Date
Renovate Bot	5da801e822	chore(deps): update unpoller/unpoller to v2.35.0 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 14s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 21s Details	2026-03-22 23:46:11 +00:00
Alex Lebens	11b2efd332	tmp/refactor (#4986 ) Some checks failed lint-test-helm / lint-helm (push) Failing after 1s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m17s Details Reviewed-on: #4986	2026-03-22 23:43:56 +00:00
Renovate Bot	de8433f8d5	chore(deps): update dependency av1155/houndarr to v1.6.1 (#4985 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 24s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m43s Details	2026-03-22 23:02:19 +00:00
Alex Lebens	f5611385ab	Refactor Pass on Helm Charts (#4983 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 29s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m44s Details Reviewed-on: #4983	2026-03-22 22:06:55 +00:00
Alex Lebens	fff6f1b32b	ci: set to debug log All checks were successful renovate / renovate (push) Successful in 2m2s Details	2026-03-22 16:04:48 -05:00
Alex Lebens	bb02431114	tmp/folder (#4980 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 15s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m39s Details Reviewed-on: #4980	2026-03-22 17:55:11 +00:00
Alex Lebens	5e102d7b19	tmp/folder (#4978 ) All checks were successful lint-test-docker / lint-docker-compose (push) Successful in 17s Details lint-test-helm / lint-helm (push) Successful in 17s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m8s Details Reviewed-on: #4978	2026-03-22 17:49:42 +00:00
Renovate Bot	a6de6e60d6	chore(deps): update dawarich to v1.4.0 (#4976 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 20s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m49s Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [Freika/dawarich](https://github.com/Freika/dawarich) \| minor \| `1.3.4` → `1.4.0` \| \| [freikin/dawarich](https://github.com/Freika/dawarich) \| minor \| `1.3.4` → `1.4.0` \| --- ### Release Notes <details> <summary>Freika/dawarich (Freika/dawarich)</summary> ### [`v1.4.0`](https://github.com/Freika/dawarich/blob/HEAD/CHANGELOG.md#140--Unreleased) [Compare Source](https://github.com/Freika/dawarich/compare/1.3.4...1.4.0) ##### Added - Family page now contains a map with family members markers on it. - Visits page now have "Confirm all" and "Decline all" buttons to quickly confirm or decline all visit suggestions at once. ##### Changed - Updated look and feel - The point counting was changed to be more efficient on bigger accounts. - Redesigned raw data archival system for large instances (10M+ points). Archival now runs per-user via Sidekiq jobs instead of a single sequential process, uses PK cursor-based queries instead of full table scans, and processes in 50K-point chunks with 5K-batch flag updates to minimize DB lock contention. Inline verification removed in favor of daily spot-checks. FK constraint changed from `ON DELETE nullify` to `ON DELETE RESTRICT` to prevent cascading updates on large tables. ##### Fixed - Fix Lite plan archival warnings sending all three notifications (11-month, 11.5-month, and 12-month) simultaneously when a user's oldest data already exceeds all thresholds. Now only the most severe warning is sent, and lower thresholds are marked as already notified. - Fix intermittent 502/504 errors caused by `User.reset_counters(:points)` running synchronously during OwnTracks, Overland, and API point creation. The full `COUNT()` query blocked web workers for 60–500+ seconds on large accounts, starving all other requests. Counter reset now runs as a background job. - Misconfigured Prometheus settings will no longer litter logs with error messages, it will make multiple attempts to connect instead and then stop. - One of previous versions removed a database index making points upload very slow. The index is now added back to fix the issue. </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore*: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44NC4yIiwidXBkYXRlZEluVmVyIjoiNDMuODQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4976 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-22 17:28:11 +00:00
Alex Lebens	3b13e53f9e	ci: group dawarich All checks were successful renovate / renovate (push) Successful in 2m27s Details	2026-03-22 12:18:29 -05:00
Alex Lebens	8b5209fc4f	Merge branch 'main' of https://gitea.alexlebens.net/alexlebens/infrastructure All checks were successful render-manifests / render-manifests (push) Successful in 7m59s Details renovate / renovate (push) Successful in 1m51s Details	2026-03-21 22:39:02 -05:00
Alex Lebens	e95924a9e9	ci: merge actions digests	2026-03-21 22:38:57 -05:00
Alex Lebens	702ed26cd5	tmp/houndarr (#4972 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 24s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m7s Details Reviewed-on: #4972	2026-03-22 03:34:00 +00:00
Renovate Bot	1093fdd93a	chore(deps): pin dependencies (#4970 ) All checks were successful renovate / renovate (push) Successful in 2m6s Details This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [ghcr.io/renovatebot/renovate](https://renovatebot.com) ([source](https://github.com/renovatebot/renovate)) \| container \| pinDigest \| → `9228574` \| \| [niniyas/ntfy-action](https://github.com/niniyas/ntfy-action) \| action \| pinDigest \| → `96acac5` \| --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44NC4yIiwidXBkYXRlZEluVmVyIjoiNDMuODQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4970 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-22 03:29:40 +00:00
Alex Lebens	1afae8052c	ci: add pin to automerge Some checks failed renovate / renovate (push) Failing after 1s Details	2026-03-21 22:28:34 -05:00
Alex Lebens	e1aee94515	ci: update descriptions Some checks failed renovate / renovate (push) Has been cancelled Details	2026-03-21 22:25:18 -05:00
Alex Lebens	bef2ff5c44	feat: give plex an lb (#4969 ) Some checks failed lint-test-helm / lint-helm (push) Successful in 1m16s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details lint-test-docker / lint-docker-compose (push) Successful in 1m11s Details Reviewed-on: #4969	2026-03-22 03:23:36 +00:00
Alex Lebens	c32f993351	feat: automerge renovate All checks were successful renovate / renovate (push) Successful in 3m44s Details	2026-03-21 22:13:58 -05:00
Renovate Bot	46922a6230	chore(deps): pin dependencies (#4968 ) Some checks failed renovate / renovate (push) Failing after 7s Details lint-test-docker / lint-docker-compose (push) Successful in 43s Details This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [GuillaumeFalourd/branch-exists](https://github.com/GuillaumeFalourd/branch-exists) \| action \| pinDigest \| → `0092904` \| \| [actions/cache](https://github.com/actions/cache) \| action \| pinDigest \| → `6682284` \| \| [actions/checkout](https://github.com/actions/checkout) \| action \| pinDigest \| → `de0fac2` \| \| [actions/setup-node](https://github.com/actions/setup-node) \| action \| pinDigest \| → `53b8394` \| \| [azure/k8s-set-context](https://github.com/azure/k8s-set-context) \| action \| pinDigest \| → `ae59a72` \| \| [azure/setup-helm](https://github.com/azure/setup-helm) \| action \| pinDigest \| → `1a275c3` \| \| docker.io/postgres \| \| pinDigest \| → `44d837e` \| \| dxflrs/garage \| \| pinDigest \| → `45a61ce` \| \| [favonia/cloudflare-ddns](https://github.com/favonia/cloudflare-ddns) \| \| pinDigest \| → `a4e2089` \| \| [ghcr.io/0xerr0r/blocky](https://github.com/0xERR0R/blocky) \| \| pinDigest \| → `a6d99f3` \| \| ghcr.io/ai-dock/stable-diffusion-webui \| \| pinDigest \| → `bc4b2b1` \| \| [ghcr.io/dmunozv04/isponsorblocktv](https://github.com/dmunozv04/iSponsorBlockTV) \| \| pinDigest \| → `5458565` \| \| ghcr.io/gabe565/castsponsorskip \| \| pinDigest \| → `f556d27` \| \| [ghcr.io/gethomepage/homepage](https://github.com/gethomepage/homepage) \| \| pinDigest \| → `b129cb0` \| \| ghcr.io/moghtech/komodo-periphery \| \| pinDigest \| → `bd79cf9` \| \| [ghcr.io/renovatebot/renovate](https://renovatebot.com) ([source](https://github.com/renovatebot/renovate)) \| container \| pinDigest \| → `9228574` \| \| [ghcr.io/tailscale/tailscale](https://tailscale.com/kb/1282/docker) ([source](https://github.com/tailscale/tailscale)) \| \| pinDigest \| → `95e5287` \| \| ghcr.io/tailscale/tailscale \| \| pinDigest \| → `95e5287` \| \| [ghcr.io/tecnativa/docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy) \| \| pinDigest \| → `1f3a6f3` \| \| [ghcr.io/traefik/traefik](https://hub.docker.com/_/traefik) ([source](https://github.com/traefik/traefik-library-image)) \| \| pinDigest \| → `acfc806` \| \| [gitea/gitea](https://github.com/go-gitea/gitea) \| \| pinDigest \| → `f846d26` \| \| khairul169/garage-webui \| \| pinDigest \| → `17c7935` \| \| ollama/ollama \| \| pinDigest \| → `5a5d014` \| \| quay.io/prometheus/node-exporter \| \| pinDigest \| → `337ff1d` \| --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4968 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-22 03:06:54 +00:00
Alex Lebens	9cdd5e85c4	feat: change tz All checks were successful renovate / renovate (push) Successful in 2m13s Details	2026-03-21 22:02:40 -05:00
Alex Lebens	589c24d3f2	feat: change order All checks were successful renovate / renovate (push) Successful in 1m57s Details	2026-03-21 21:57:44 -05:00
Alex Lebens	85b91e9a6b	feat: update renovate Some checks failed renovate / renovate (push) Has been cancelled Details	2026-03-21 21:54:42 -05:00
Alex Lebens	0811d84ef1	feat: remove trivy dashboards (#4966 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 30s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m47s Details Reviewed-on: #4966	2026-03-21 23:21:07 +00:00
Renovate Bot	50b7e8e647	chore(deps): update g33kphr33k/musicgrabber docker tag to v2.5.0 (#4964 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 20s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m23s Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| g33kphr33k/musicgrabber \| minor \| `2.4.6` → `2.5.0` \| --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4964 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-21 19:18:08 +00:00
Renovate Bot	f570ecc606	chore(deps): update av1155/houndarr to v1.6.0 (#4962 ) Some checks failed lint-test-helm / lint-helm (push) Successful in 14s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [av1155/houndarr](https://github.com/av1155/houndarr) \| minor \| `v1.5.0` → `v1.6.0` \| \| [ghcr.io/av1155/houndarr](https://github.com/av1155/houndarr) \| minor \| `v1.5.0` → `v1.6.0` \| --- ### Release Notes <details> <summary>av1155/houndarr (av1155/houndarr)</summary> ### [`v1.6.0`](https://github.com/av1155/houndarr/releases/tag/v1.6.0) [Compare Source](https://github.com/av1155/houndarr/compare/v1.5.0...v1.6.0) ##### Added - Opt-in upgrade search pass that periodically re-searches library items which already have a file and meet the quality cutoff, giving each `arr` instance a chance to find better releases; each instance has independent batch size, cooldown, and hourly cap controls ([#266](https://github.com/av1155/houndarr/issues/266)). ##### Changed - A 3-second pause is now inserted between consecutive real searches within the same cycle to spread downstream indexer fan-out; the delay applies only to dispatched searches, not to skipped or errored items ([#272](https://github.com/av1155/houndarr/issues/272)). ##### Fixed - Navigating to the settings help page via the "What do these settings mean?" link inside the instance modal no longer leaves the page scroll-locked until refresh ([#268](https://github.com/av1155/houndarr/issues/268)). - Instance modal on mobile no longer briefly appears compact before expanding; the dialog now animates in fully populated ([#268](https://github.com/av1155/houndarr/issues/268)). - Dashboard instance cards now enter with a smooth container-level fade that matches the shell animation instead of a per-card flash ([#268](https://github.com/av1155/houndarr/issues/268)). </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore*: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4962 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-21 19:17:16 +00:00