remove actual from old set

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| php | minor | `8.4.15-apache-bookworm` -> `8.5.0-apache-bookworm` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0Mi41LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImltYWdlIl19-->

Reviewed-on: #2119
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

.gitea/workflows/lint-test-docker-pull.yaml

@@ -6,7 +6,6 @@ on:
       - main
     paths:
       - 'hosts/**'
-      - ! 'hosts/archive'
 
 jobs:
   docker-lint:

.gitea/workflows/lint-test-docker-push.yaml

@@ -6,7 +6,6 @@ on:
       - main
     paths:
       - 'hosts/**'
-      - ! 'hosts/archive'
 
 jobs:
   docker-lint:

.gitea/workflows/lint-test-helm-pull.yaml

@@ -6,7 +6,6 @@ on:
       - main
     paths:
       - 'clusters/**'
-      - ! 'clusters/*/archive'
 
 jobs:
   helm-lint:

.gitea/workflows/lint-test-helm-push.yaml

@@ -6,7 +6,6 @@ on:
       - main
     paths:
       - 'clusters/**'
-      - ! 'clusters/*/archive'
 
 jobs:
   helm-lint:

.gitea/workflows/render-manifests.yaml

@@ -0,0 +1,229 @@
+name: render-manifests
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'clusters/cl01tl/helm/**'
+
+  workflow_dispatch:
+
+env:
+  CLUSTERS: cl01tl
+  BASE_BRANCH: manifests
+  MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
+  MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
+
+jobs:
+  render-manifests-helm:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          path: infrastructure
+
+      - name: Checkout Manifests
+        uses: actions/checkout@v6
+        with:
+          ref: manifests
+          path: infrastructure-manifests
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
+
+      - name: Remove Prior Manifests
+        run: |
+          cd ${MANIFEST_DIR}/clusters
+          rm -rf ./*
+
+      - name: Add Repositories
+        run: |
+          for cluster in ${CLUSTERS}; do
+            echo ">> Adding repositories for chart dependencies of cluster $cluster ..."
+            for chart_path in ${MAIN_DIR}/clusters/$cluster/helm/*; do
+              helm dependency list --max-col-width 120 $chart_path 2> /dev/null \
+                | tail +2 | head -n -1 \
+                | awk '{ print "helm repo add " $1 " " $3 }' \
+                | while read cmd; do echo "$cmd" | sh; done || true
+            done
+          done
+
+      - name: Render Helm Manifests
+        run: |
+          for cluster in ${CLUSTERS}; do
+            for chart_path in ${MAIN_DIR}/clusters/$cluster/helm/*; do
+              chart_name=$(basename "$chart_path")
+              echo ">> Rendering chart: $chart_name"
+
+              if [ -f "$chart_path/Chart.yaml" ]; then
+                mkdir -p ${MANIFEST_DIR}/clusters/$cluster/manifests/$chart_name
+                OUTPUT_FILE="${MANIFEST_DIR}/clusters/$cluster/manifests/$chart_name/$chart_name.yaml"
+
+                cd $chart_path
+
+                echo ""
+                echo ">> Building helm dependency ..."
+                helm dependency build
+
+                echo ""
+                echo ">> Linting helm ..."
+                helm lint --namespace "$chart_name" --with-subcharts
+
+                echo ""
+                echo ">> Rendering templates ..."
+                helm template "$chart_name" ./ --namespace "$chart_name" --include-crds > "$OUTPUT_FILE"
+
+                echo ""
+                echo ">> Manifests for $chart_name rendered to $OUTPUT_FILE"
+                echo ""
+              else
+                echo ""
+                echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
+                echo ""
+              fi
+            done
+          done
+
+      - name: Check for Changes
+        id: check-changes
+        run: |
+          cd ${MANIFEST_DIR}
+
+          if git status --porcelain | grep -q .; then
+            echo ">> Changes detected"
+            git status --porcelain
+            echo "changes-detected=true" >> $GITEA_OUTPUT
+          else
+            echo ">> No changes detected, skipping PR creation"
+            exit 0
+          fi
+
+      - name: Commit and Push Changes
+        id: commit-push
+        if: steps.check-changes.outputs.changes-detected == 'true'
+        run: |
+          cd ${MANIFEST_DIR}
+
+          BRANCH_NAME="auto/update-manifests-$(date +%s)"
+
+          # Configure Git
+          echo ">> Configure git to use gitea-bot as user ..."
+          git config user.name "gitea-bot"
+          git config user.email "gitea-bot@alexlebens.net"
+
+          # Create a new branch and stage all changes
+          echo ">> Creating and commiting to $BRANCH_NAME ..."
+          git checkout -b $BRANCH_NAME
+          git add .
+          git commit -m "chore: Update manifests after change"
+
+          # Push the new branch to the remote repository
+          REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
+          echo ">> Pushing changes to $REPO_URL ..."
+          git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" $BRANCH_NAME
+
+          echo "HEAD_BRANCH=$BRANCH_NAME" >> $GITEA_OUTPUT
+          echo "push=true" >> $GITEA_OUTPUT
+
+      - name: Create Pull Request
+        id: create-pull-request
+        if: steps.commit-push.outputs.push == 'true'
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITEA_URL: ${{ secrets.REPO_URL }}
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          cd ${MANIFEST_DIR}
+
+          API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
+
+          PAYLOAD=$( jq -n \
+            --arg head "${HEAD_BRANCH}" \
+            --arg base "${BASE_BRANCH}" \
+            --arg title "Automated Manifest Update: $(date +%F)" \
+            --arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
+            '{head: $head, base: $base, title: $title, body: $body'} )
+
+          echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          echo ">> With Endpoint of:"
+          echo "$API_ENDPOINT"
+          echo ">> With Payload of:"
+          echo "$PAYLOAD"
+
+          HTTP_STATUS=$(
+            curl -X POST \
+              --silent \
+              --write-out '%{http_code}' \
+              --output response_body.json \
+              --dump-header response_headers.txt \
+              --data "$PAYLOAD" \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "$API_ENDPOINT" 2> response_errors.txt
+          )
+
+          echo ">> HTTP Status Code: $HTTP_STATUS"
+          echo ">> Response Output ..."
+          echo "----"
+          cat response_body.json
+          echo "----"
+          cat response_headers.txt
+          echo "----"
+          cat response_errors.txt
+          echo "----"
+
+          if [ "$HTTP_STATUS" == "201" ]; then
+            echo ">> Pull Request created successfully!"
+
+            PR_URL=$(cat response_body.json | jq -r .html_url)
+            echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
+            echo "pull-request-operation=created" >> $GITEA_OUTPUT
+
+          elif [ "$HTTP_STATUS" == "422" ]; then
+            echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
+          else
+            echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
+            exit 1
+          fi
+
+      - name: Cleanup Branch
+        if: failure() && steps.create-pull-request.outcome == 'failure'
+        env:
+          HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
+        run: |
+          echo ">> Removing branch: ${HEAD_BRANCH}"
+          git push origin --delete ${HEAD_BRANCH}
+
+      - name: ntfy Created
+        uses: niniyas/ntfy-action@master
+        if: steps.create-pull-request.outputs.pull-request-operation == 'created'
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render PR Created - Infrastructure"
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: "Manifest rendering for Infrastructure has created a new Pull Request!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: "${{ secrets.NTFY_URL }}"
+          topic: "${{ secrets.NTFY_TOPIC }}"
+          title: "Manifest Render Failure - Infrastructure"
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: "Manifest rendering for Infrastructure has failed!"
+          icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
+          image: true

.gitignore

@@ -0,0 +1,3 @@
+/**/archive/
+/**/charts/
+/**/manifests/

clusters/cl01tl/applications/bazarr/values.yaml

@@ -15,7 +15,7 @@ bazarr:
         main:
           image:
             repository: ghcr.io/linuxserver/bazarr
-            tag: 1.5.3@sha256:a42fef2a5ffa1dca8714e12892ba0b8de5c6c513f1bcdb1ffe4143e715cffb45
+            tag: 1.5.3@sha256:2be164c02c0bb311b6c32e57d3d0ddc2813d524e89ab51a3408c1bf6fafecda5
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/applications/booklore/values.yaml

@@ -9,7 +9,7 @@ booklore:
         main:
           image:
             repository: ghcr.io/booklore-app/booklore
-            tag: v1.11.0
+            tag: v1.12.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/applications/calibre-web-automated/Chart.yaml

@@ -1,21 +0,0 @@
-apiVersion: v2
-name: calibre-web-automated
-version: 1.0.0
-description: Calibre Web Automated
-keywords:
-  - calibre-web-automated
-  - books
-home: https://wiki.alexlebens.dev/s/fdcfdb7e-8f73-438e-b59c-3c2de2081885
-sources:
-  - https://github.com/crocodilestick/Calibre-Web-Automator
-  - https://hub.docker.com/r/crocodilestick/calibre-web-automated
-  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: calibre-web-automated
-    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.4.0
-icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/calibre-web.png
-appVersion: V3.0.4

clusters/cl01tl/applications/calibre-web-automated/templates/external-secret.yaml

@@ -1,78 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: calibre-web-automated-gmail-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-gmail-config
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: gmail.json
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/calibre-web/gmail
-        metadataPolicy: None
-        property: gmail.json
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: calibre-web-automated-config-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-config-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  target:
-    template:
-      mergePolicy: Merge
-      engineVersion: v2
-      data:
-        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/calibre-web-automated/calibre-web-automated-config"
-  data:
-    - secretKey: BUCKET_ENDPOINT
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: S3_BUCKET_ENDPOINT
-    - secretKey: RESTIC_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: RESTIC_PASSWORD
-    - secretKey: AWS_DEFAULT_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: AWS_DEFAULT_REGION
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/volsync-backups
-        metadataPolicy: None
-        property: access_key
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/volsync-backups
-        metadataPolicy: None
-        property: secret_key

clusters/cl01tl/applications/calibre-web-automated/templates/http-route.yaml

@@ -1,58 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-calibre
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-calibre
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - calibre.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: calibre-web-automated-main
-          port: 8083
-          weight: 100
-
----
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-calibre-downloader
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-calibre-downloader
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - calibre-downloader.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: calibre-web-automated-downloader
-          port: 8084
-          weight: 100

clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume-claim.yaml

@@ -1,36 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: calibre-web-automated-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: calibre-web-automated-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: calibre-web-automated-ingest-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-ingest-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: calibre-web-automated-ingest-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi

clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume.yaml

@@ -1,48 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: calibre-web-automated-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Calibre
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
-
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: calibre-web-automated-ingest-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-ingest-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Calibre Import
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac

clusters/cl01tl/applications/calibre-web-automated/templates/replication-source.yaml

@@ -1,28 +0,0 @@
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
-  name: calibre-web-automated-config-backup-source
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-config-backup-source
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  sourcePVC: calibre-web-automated-config
-  trigger:
-    schedule: 0 4 * * *
-  restic:
-    pruneIntervalDays: 7
-    repository: calibre-web-automated-config-backup-secret
-    retain:
-      hourly: 1
-      daily: 3
-      weekly: 2
-      monthly: 2
-      yearly: 4
-    moverSecurityContext:
-      runAsUser: 1000
-      runAsGroup: 100
-    copyMethod: Snapshot
-    storageClassName: ceph-block
-    volumeSnapshotClassName: ceph-blockpool-snapshot

clusters/cl01tl/applications/calibre-web-automated/values.yaml

@@ -1,119 +0,0 @@
-calibre-web-automated:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: crocodilestick/calibre-web-automated
-            tag: V3.0.4
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-            - name: PUID
-              value: 1000
-            - name: PGID
-              value: 100
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-    downloader:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/calibrain/calibre-web-automated-book-downloader
-            tag: latest@sha256:b1296c5edc89eee8742d86392ce40707233671044a454e002821e5c76cd58deb
-            pullPolicy: IfNotPresent
-          env:
-            - name: FLASK_PORT
-              value: 8084
-            - name: UID
-              value: 1000
-            - name: GID
-              value: 100
-            - name: USE_CF_BYPASS
-              value: false
-            - name: CLOUDFLARE_PROXY_URL
-              value: http://localhost:8000
-            - name: INGEST_DIR
-              value: /cwa-book-ingest
-            - name: BOOK_LANGUAGE
-              value: end
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-        bypass:
-          image:
-            repository: ghcr.io/sarperavci/cloudflarebypassforscraping
-            tag: latest@sha256:fc8443dd96450ab10ed455a05397c8a17bab89b8408b7cbb6242fa6e4fb9edf5
-            pullPolicy: IfNotPresent
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 8083
-          targetPort: 8083
-          protocol: HTTP
-    downloader:
-      controller: downloader
-      ports:
-        http:
-          port: 8084
-          targetPort: 8084
-          protocol: HTTP
-  persistence:
-    config:
-      forceRename: calibre-web-automated-config
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 5Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /config
-              readOnly: false
-    gmail:
-      enabled: true
-      type: secret
-      name: calibre-web-automated-gmail-config
-      advancedMounts:
-        main:
-          main:
-            - path: /app/calibre-web/gmail.json
-              readOnly: true
-              mountPropagation: None
-              subPath: gmail.json
-    books:
-      existingClaim: calibre-web-automated-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /calibre-library
-              readOnly: false
-    ingest:
-      existingClaim: calibre-web-automated-ingest-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /cwa-book-ingest
-              readOnly: false
-        downloader:
-          main:
-            - path: /cwa-book-ingest
-              readOnly: false

clusters/cl01tl/applications/ephemera/values.yaml

@@ -52,7 +52,7 @@ ephemera:
         apprise-api:
           image:
             repository: caronc/apprise
-            tag: 1.2.5
+            tag: 1.2.6
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/applications/homepage/values.yaml

@@ -76,20 +76,20 @@ homepage:
             - Storage:
                 tab: Services
                 icon: mdi-database-#ffffff
-            - Servarr:
+            - Content:
                 tab: Services
                 icon: mdi-multimedia-#ffffff
             - TV Shows:
-                tab: Servarr
+                tab: Content
                 icon: mdi-television-#ffffff
             - Movies:
-                tab: Servarr
+                tab: Content
                 icon: mdi-filmstrip-#ffffff
             - Music:
-                tab: Servarr
+                tab: Content
                 icon: mdi-music-box-multiple-#ffffff
             - Books:
-                tab: Servarr
+                tab: Content
                 icon: mdi-book-open-variant-#ffffff
             - External Services:
                 tab: Bookmarks
@@ -178,12 +178,6 @@ homepage:
                   siteMonitor: http://audiobookshelf.audiobookshelf:80
                   statusStyle: dot
               - Books:
-                  icon: sh-calibre-web.webp
-                  description: Calibre Web Automated
-                  href: https://calibre.alexlebens.net
-                  siteMonitor: http://calibre-web-automated-main.calibre-web-automated:8083
-                  statusStyle: dot
-              - Books (Booklore):
                   icon: sh-booklore.webp
                   description: Booklore
                   href: https://booklore.alexlebens.net
@@ -537,7 +531,7 @@ homepage:
                   href: https://backrest.alexlebens.net
                   siteMonitor: http://backrest.backrest:80
                   statusStyle: dot
-          - Servarr:
+          - Content:
               - qUI:
                   icon: https://raw.githubusercontent.com/autobrr/qui/8487c818886df9abb2b1456f43b54e0ba180a2bd/web/public/icons.svg
                   description: qbitorrent
@@ -692,12 +686,6 @@ homepage:
                   href: https://ephemera.alexlebens.net
                   siteMonitor: http://ephemera.ephemera:80
                   statusStyle: dot
-              - CWA Downloader:
-                  icon: sh-cwa-book-downloader.webp
-                  description: Books
-                  href: https://calibre-downloader.alexlebens.net
-                  siteMonitor: http://calibre-web-automated-downloader.calibre-web-automated:8084
-                  statusStyle: dot
               - Listenarr:
                   icon: sh-audiobookrequest.webp
                   description: Audiobooks

clusters/cl01tl/applications/libation/values.yaml

@@ -16,7 +16,7 @@ libation:
         main:
           image:
             repository: rmcrackan/libation
-            tag: 12.7.1
+            tag: 12.7.5
             pullPolicy: IfNotPresent
           env:
             - name: SLEEP_TIME

clusters/cl01tl/applications/prowlarr/values.yaml

@@ -20,7 +20,7 @@ prowlarr:
         main:
           image:
             repository: ghcr.io/linuxserver/prowlarr
-            tag: 2.3.0@sha256:3dd3a316f60ea4e6714863286549a6ccaf0b8cf4efe5578ce3fe0e85475cb1cf
+            tag: 2.3.0@sha256:475853535de3de8441b87c1457c30f2e695f4831228b12b6b7274e9da409d874
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/applications/searxng/values.yaml

@@ -9,7 +9,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:fc076352d72154feb1d8c0eb42dd5570a3ebc9ca8c6b9c8318ce545a8dfd1ea4
+            tag: latest@sha256:faa7118f9167c2c1e09a3fbb9bd87eee0905d76456d297e62e815646afc97037
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL
@@ -43,7 +43,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:fc076352d72154feb1d8c0eb42dd5570a3ebc9ca8c6b9c8318ce545a8dfd1ea4
+            tag: latest@sha256:faa7118f9167c2c1e09a3fbb9bd87eee0905d76456d297e62e815646afc97037
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL

clusters/cl01tl/applications/sonarr-4k/values.yaml

@@ -13,7 +13,7 @@ sonarr-4k:
         main:
           image:
             repository: ghcr.io/linuxserver/sonarr
-            tag: 4.0.16@sha256:2fc9c36769a3f50ab529e7ccc37687d118ab42199b01588573f03b3393cc3223
+            tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/applications/sonarr-anime/values.yaml

@@ -13,7 +13,7 @@ sonarr-anime:
         main:
           image:
             repository: ghcr.io/linuxserver/sonarr
-            tag: 4.0.16@sha256:2fc9c36769a3f50ab529e7ccc37687d118ab42199b01588573f03b3393cc3223
+            tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/applications/sonarr/values.yaml

@@ -13,7 +13,7 @@ sonarr:
         main:
           image:
             repository: ghcr.io/linuxserver/sonarr
-            tag: 4.0.16@sha256:2fc9c36769a3f50ab529e7ccc37687d118ab42199b01588573f03b3393cc3223
+            tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/deployment/argocd/Chart.yaml

@@ -15,7 +15,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: argo-cd
-    version: 9.1.4
+    version: 9.1.5
     repository: https://argoproj.github.io/argo-helm
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
 appVersion: 3.0.0

clusters/cl01tl/deployment/stack/templates/application-set.yaml

@@ -9,10 +9,12 @@ metadata:
     app.kubernetes.io/name: {{ $stack.name }}
     app.kubernetes.io/instance: {{ $stack.name }}
     app.kubernetes.io/part-of: {{ $.Release.Name }}
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
 spec:
   syncPolicy:
     applicationsSync: create-update
-    preserveResourcesOnDeletion: false
+    preserveResourcesOnDeletion: true
   generators:
     - git:
         repoURL: {{ $.Values.git.repo }}

clusters/cl01tl/helm/actual/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.4.0
+digest: sha256:b5d823171e1b4dc1d3856f782f0c67cbb5d49e4fa170df2f21b06303c7aff7f5
+generated: "2025-11-30T21:05:19.732832-06:00"

clusters/cl01tl/helm/actual/Chart.yaml

@@ -18,4 +18,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.4.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
-appVersion: v25.5.0
+appVersion: 25.11.0

clusters/cl01tl/helm/stack/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: stack
+version: 1.0.0
+description: Stack
+keywords:
+  - argocd
+  - stack
+  - deployment
+home: https://wiki.alexlebens.dev/s/0c2d1896-710d-4972-9bc8-08d71987428a
+sources:
+  - https://github.com/argoproj/argo-cd
+  - https://gitea.alexlebens.dev/alexlebens/infrastructure
+maintainers:
+  - name: alexlebens
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
+appVersion: 1.0.0

clusters/cl01tl/helm/stack/templates/application-set.yaml

@@ -0,0 +1,80 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: application-set-cl01tl
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: application-set-cl01tl
+    app.kubernetes.io/instance: argocd
+    app.kubernetes.io/part-of: argocd
+spec:
+  syncPolicy:
+    applicationsSync: create-update
+    preserveResourcesOnDeletion: true
+  generators:
+    - git:
+        repoURL: http://gitea-http.gitea:3000/alexlebens/infrastructure
+        revision: manifests
+        directories:
+          - path: clusters/cl01tl/manifests/*
+          - path: clusters/cl01tl/manifests/stack
+            exclude: true
+  template:
+    metadata:
+      name: '{{ `{{path.basename}}` }}'
+    spec:
+      project: default
+      source:
+        repoURL: http://gitea-http.gitea:3000/alexlebens/infrastructure
+        targetRevision: manifests
+        path: '{{ `{{.path.path}}` }}'
+        helm:
+          releaseName: '{{ `{{path.basename}}` }}'
+      destination:
+        name: in-cluster
+        namespace: '{{ `{{path.basename}}` }}'
+      revisionHistoryLimit: 3
+      ignoreDifferences:
+        - group: ""
+          kind: Service
+          jqPathExpressions:
+            - .spec.externalName
+        - group: "apps"
+          kind: "Deployment"
+          jsonPointers:
+            - /spec/template/metadata/annotations/checksum~1secret
+            - /spec/template/metadata/annotations/checksum~1secret-core
+            - /spec/template/metadata/annotations/checksum~1secret-jobservice
+            - /spec/template/metadata/annotations/checksum~1tls
+        - group: "apps"
+          kind: "StatefulSet"
+          jsonPointers:
+            - /spec/template/metadata/annotations/checksum~1secret
+            - /spec/template/metadata/annotations/checksum~1tls
+        - group: "apps"
+          kind: StatefulSet
+          jqPathExpressions:
+            - .spec.volumeClaimTemplates[]?.apiVersion
+            - .spec.volumeClaimTemplates[]?.kind
+            - .spec.volumeClaimTemplates[]?.metadata.creationTimestamp
+        - group: ""
+          kind: GpuDevicePlugin
+          jqPathExpressions:
+            - .metadata.annotations[]
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: false
+        retry:
+          limit: 3
+          backoff:
+            duration: 1m
+            factor: 2
+            maxDuration: 15m
+        syncOptions:
+          - CreateNamespace=true
+          - ApplyOutOfSyncOnly=true
+          - ServerSideApply=true
+          - PruneLast=true
+          - RespectIgnoreDifferences=true

clusters/cl01tl/helm/stack/templates/application.yaml

@@ -0,0 +1,37 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: stack-cl01tl
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: stack-cl01tl
+    app.kubernetes.io/instance: argocd
+    app.kubernetes.io/part-of: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: http://gitea-http.gitea:3000/alexlebens/infrastructure
+    targetRevision: manifests
+    path: clusters/cl01tl/manifests/stack
+  destination:
+    name: in-cluster
+    namespace: argocd
+  revisionHistoryLimit: 3
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: false
+    retry:
+      limit: 3
+      backoff:
+        duration: 1m
+        factor: 2
+        maxDuration: 15m
+    syncOptions:
+      - CreateNamespace=false
+      - ApplyOutOfSyncOnly=true
+      - ServerSideApply=true
+      - PruneLast=true
+      - RespectIgnoreDifferences=true

clusters/cl01tl/monitoring/gatus/values.yaml

@@ -140,9 +140,6 @@ gatus:
       - name: audiobookshelf
         url: https://audiobookshelf.alexlebens.net
         <<: *defaults
-      - name: calibre
-        url: https://calibre.alexlebens.net
-        <<: *defaults
       - name: home-assistant
         url: https://home-assistant.alexlebens.net
         <<: *defaults
@@ -304,9 +301,6 @@ gatus:
       - name: huntarr
         url: https://huntarr.alexlebens.net
         <<: *defaults
-      - name: calibre-downloader
-        url: https://calibre-downloader.alexlebens.net
-        <<: *defaults
       - name: tdarr
         url: https://tdarr.alexlebens.net
         <<: *defaults

clusters/cl01tl/monitoring/grafana-operator/templates/grafana-dashboard.yaml

@@ -54,6 +54,25 @@ spec:
   resyncPeriod: 1h
   url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json
 
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  name: grafana-dashboard-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: grafana-dashboard-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  instanceSelector:
+    matchLabels:
+      app: grafana-main
+  contentCacheDuration: 1h
+  folderUID: grafana-folder-system
+  resyncPeriod: 1h
+  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/garage.json
+
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard

clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml

@@ -109,7 +109,7 @@ kube-prometheus-stack:
             accessModes: ["ReadWriteOnce"]
             resources:
               requests:
-                storage: 200Gi
+                storage: 250Gi
 ntfy-alertmanager:
   global:
     fullnameOverride: ntfy-alertmanager

clusters/cl01tl/monitoring/loki/values.yaml

@@ -42,7 +42,7 @@ loki:
     persistence:
       enableStatefulSetAutoDeletePVC: true
       enabled: true
-      size: 100Gi
+      size: 150Gi
       storageClass: synology-iscsi-delete
   write:
     replicas: 0

clusters/cl01tl/monitoring/s3-exporter/templates/external-secret.yaml

@@ -75,10 +75,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: s3-garage-local-secret
+  name: s3-garage-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: s3-garage-local-secret
+    app.kubernetes.io/name: s3-garage-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -90,57 +90,13 @@ spec:
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
+        key: /garage/home-infra/s3-exporter
         metadataPolicy: None
         property: ACCESS_KEY_ID
     - secretKey: AWS_SECRET_ACCESS_KEY
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
+        key: /garage/home-infra/s3-exporter
         metadataPolicy: None
         property: ACCESS_SECRET_KEY
-    - secretKey: AWS_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_REGION
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: s3-garage-remote-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: s3-garage-remote-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_KEY_ID
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_SECRET_KEY
-    - secretKey: AWS_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /garage/home-infra/postgres-backups
-        metadataPolicy: None
-        property: ACCESS_REGION

clusters/cl01tl/monitoring/s3-exporter/templates/service-monitor.yaml

@@ -11,11 +11,11 @@ spec:
   selector:
     matchLabels:
       app.kubernetes.io/name: s3-exporter
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/instance: s3-exporter
       app.kubernetes.io/service: s3-exporter-digital-ocean
   endpoints:
     - port: metrics
-      interval: 6h
+      interval: 5m
       scrapeTimeout: 120s
       path: /metrics
 
@@ -33,11 +33,11 @@ spec:
   selector:
     matchLabels:
       app.kubernetes.io/name: s3-exporter
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/instance: s3-exporter
       app.kubernetes.io/service: s3-exporter-ceph-directus
   endpoints:
     - port: metrics
-      interval: 6h
+      interval: 5m
       scrapeTimeout: 120s
       path: /metrics
 
@@ -55,11 +55,11 @@ spec:
   selector:
     matchLabels:
       app.kubernetes.io/name: s3-exporter
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/instance: s3-exporter
       app.kubernetes.io/service: s3-exporter-garage-local
   endpoints:
     - port: metrics
-      interval: 6h
+      interval: 5m
       scrapeTimeout: 120s
       path: /metrics
 
@@ -77,10 +77,10 @@ spec:
   selector:
     matchLabels:
       app.kubernetes.io/name: s3-exporter
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/instance: s3-exporter
       app.kubernetes.io/service: s3-exporter-garage-remote
   endpoints:
     - port: metrics
-      interval: 6h
+      interval: 5m
       scrapeTimeout: 120s
       path: /metrics

clusters/cl01tl/monitoring/s3-exporter/values.yaml

@@ -97,18 +97,15 @@ s3-exporter:
             - name: S3_ACCESS_KEY
               valueFrom:
                 secretKeyRef:
-                  name: s3-garage-local-secret
+                  name: s3-garage-secret
                   key: AWS_ACCESS_KEY_ID
             - name: S3_SECRET_KEY
               valueFrom:
                 secretKeyRef:
-                  name: s3-garage-local-secret
+                  name: s3-garage-secret
                   key: AWS_SECRET_ACCESS_KEY
             - name: S3_REGION
-              valueFrom:
-                secretKeyRef:
-                  name: s3-garage-local-secret
-                  key: AWS_REGION
+              value: us-east-1
             - name: LOG_LEVEL
               value: debug
             - name: S3_FORCE_PATH_STYLE
@@ -136,18 +133,15 @@ s3-exporter:
             - name: S3_ACCESS_KEY
               valueFrom:
                 secretKeyRef:
-                  name: s3-garage-remote-secret
+                  name: s3-garage-secret
                   key: AWS_ACCESS_KEY_ID
             - name: S3_SECRET_KEY
               valueFrom:
                 secretKeyRef:
-                  name: s3-garage-remote-secret
+                  name: s3-garage-secret
                   key: AWS_SECRET_ACCESS_KEY
             - name: S3_REGION
-              valueFrom:
-                secretKeyRef:
-                  name: s3-garage-remote-secret
-                  key: AWS_REGION
+              value: us-east-1
             - name: LOG_LEVEL
               value: debug
             - name: S3_FORCE_PATH_STYLE

clusters/cl01tl/monitoring/shelly-plug/values.yaml

@@ -36,7 +36,7 @@ shelly-plug:
         main:
           image:
             repository: php
-            tag: 8.4.15-apache-bookworm
+            tag: 8.5.0-apache-bookworm
             pullPolicy: IfNotPresent
           env:
             - name: SHELLY_HOSTNAME

clusters/cl01tl/platform/gitea/values.yaml

@@ -212,7 +212,7 @@ backup:
         s3-backup:
           image:
             repository: d3fk/s3cmd
-            tag: latest@sha256:caccff69634d420705b9f676d69e15d574fb65d1dd475b7412d3bc18df99e00f
+            tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91
             pullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -236,7 +236,7 @@ backup:
         s3-prune:
           image:
             repository: d3fk/s3cmd
-            tag: latest@sha256:caccff69634d420705b9f676d69e15d574fb65d1dd475b7412d3bc18df99e00f
+            tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91
             pullPolicy: IfNotPresent
           command:
             - /bin/sh

clusters/cl01tl/platform/matrix-synapse/Chart.yaml

@@ -29,7 +29,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: matrix-synapse
-    version: 3.12.15
+    version: 3.12.16
     repository: https://ananace.gitlab.io/charts
   - name: app-template
     alias: matrix-hookshot

clusters/cl01tl/platform/qbittorrent/values.yaml

@@ -28,7 +28,7 @@ qbittorrent:
         qbittorrent:
           image:
             repository: ghcr.io/linuxserver/qbittorrent
-            tag: 5.1.4@sha256:26a08cd60d81e632aba8947b2c64dfd5f870a5f4a837ec4abedf2e1d174df891
+            tag: 5.1.4@sha256:a2eedc99b4876916943bd33e7c415efc448f6b514aa39b4f98c1e6472a717301
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/platform/vault/values.yaml

@@ -198,7 +198,7 @@ snapshot:
         s3-backup:
           image:
             repository: d3fk/s3cmd
-            tag: latest@sha256:caccff69634d420705b9f676d69e15d574fb65d1dd475b7412d3bc18df99e00f
+            tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91
             pullPolicy: IfNotPresent
           command:
             - /bin/sh

clusters/cl01tl/services/blocky/values.yaml

@@ -112,8 +112,6 @@ blocky:
               backrest                        IN      CNAME   traefik-cl01tl
               bazarr                          IN      CNAME   traefik-cl01tl
               booklore                        IN      CNAME   traefik-cl01tl
-              calibre                         IN      CNAME   traefik-cl01tl
-              calibre-downloader              IN      CNAME   traefik-cl01tl
               ceph                            IN      CNAME   traefik-cl01tl
               code-server                     IN      CNAME   traefik-cl01tl
               ephemera                        IN      CNAME   traefik-cl01tl

clusters/cl01tl/services/generic-device-plugin/Chart.yaml

@@ -15,6 +15,6 @@ maintainers:
 dependencies:
   - name: generic-device-plugin
     repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-    version: 0.20.0
+    version: 0.20.1
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 1.0.0

clusters/cl01tl/services/harbor/values.yaml

@@ -44,7 +44,7 @@ harbor:
   core:
     image:
       repository: goharbor/harbor-core
-      tag: v2.14.0
+      tag: v2.14.1
     replicas: 2
     existingSecret: harbor-secret
     secretName: harbor-secret

clusters/cl01tl/services/tailscale-operator/Chart.yaml

@@ -17,7 +17,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: tailscale-operator
-    version: 1.90.8
+    version: 1.90.9
     repository: https://pkgs.tailscale.com/helmcharts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
 appVersion: v1.82.5

clusters/cl01tl/services/talos/values.yaml

@@ -73,7 +73,7 @@ etcd-backup:
         s3-prune:
           image:
             repository: d3fk/s3cmd
-            tag: latest@sha256:caccff69634d420705b9f676d69e15d574fb65d1dd475b7412d3bc18df99e00f
+            tag: latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91
             pullPolicy: IfNotPresent
           command:
             - /bin/sh

clusters/cl01tl/storage/garage/templates/service-monitor.yaml

@@ -10,7 +10,7 @@ metadata:
 spec:
   selector:
     matchLabels:
-      app.kubernetes.io/name: garage-main
+      app.kubernetes.io/name: garage
       app.kubernetes.io/instance: {{ .Release.Name }}
   endpoints:
     - port: admin

clusters/cl01tl/storage/garage/values.yaml

@@ -135,7 +135,7 @@ garage:
     data:
       storageClass: synology-iscsi-delete
       accessMode: ReadWriteOnce
-      size: 500Gi
+      size: 800Gi
       retain: true
       advancedMounts:
         main:

clusters/cl01tl/storage/whodb/values.yaml

@@ -8,7 +8,7 @@ whodb:
         main:
           image:
             repository: clidey/whodb
-            tag: 0.75.0
+            tag: 0.80.0
             pullPolicy: IfNotPresent
           env:
             - name: WHODB_OLLAMA_HOST

hosts/ps08rp/blocky/config.yml

@@ -88,8 +88,6 @@ customDNS:
     backrest                        IN      CNAME   traefik-cl01tl
     bazarr                          IN      CNAME   traefik-cl01tl
     booklore                        IN      CNAME   traefik-cl01tl
-    calibre                         IN      CNAME   traefik-cl01tl
-    calibre-downloader              IN      CNAME   traefik-cl01tl
     ceph                            IN      CNAME   traefik-cl01tl
     code-server                     IN      CNAME   traefik-cl01tl
     ephemera                        IN      CNAME   traefik-cl01tl

hosts/ps09rp/blocky/config.yml

@@ -88,8 +88,6 @@ customDNS:
     backrest                        IN      CNAME   traefik-cl01tl
     bazarr                          IN      CNAME   traefik-cl01tl
     booklore                        IN      CNAME   traefik-cl01tl
-    calibre                         IN      CNAME   traefik-cl01tl
-    calibre-downloader              IN      CNAME   traefik-cl01tl
     ceph                            IN      CNAME   traefik-cl01tl
     code-server                     IN      CNAME   traefik-cl01tl
     ephemera                        IN      CNAME   traefik-cl01tl

hosts/ps10rp/garage/garage.toml

@@ -5,7 +5,7 @@ data_dir = "/var/lib/garage/data"
 
 db_engine = "sqlite"
 
-compression_level = 1
+compression_level = 3
 
 rpc_bind_addr = "[::]:3901"
 rpc_public_addr = "127.0.0.1:3901"