fix: change context (#5330)

Reviewed-on: #5330

.gitea/workflows/renovate.yaml

@@ -13,7 +13,7 @@ on:
 jobs:
   renovate:
     runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43.101.1@sha256:06c9297754f7d487adca6446b9970fecade3202190138259e7888c30ec8d4277
+    container: ghcr.io/renovatebot/renovate:43.102.0@sha256:7eec08ce3afcb26640c3976710173cbbae689f245d8248d3edab0874e21f9a94
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

clusters/cl01tl/helm/blocky/values.yaml

@@ -144,6 +144,7 @@ blocky:
               objects                         IN      CNAME   traefik-cl01tl
               ollama                          IN      CNAME   traefik-cl01tl
               omni-tools                      IN      CNAME   traefik-cl01tl
+              paperless-ngx                   IN      CNAME   traefik-cl01tl
               photoview                       IN      CNAME   traefik-cl01tl
               plex                            IN      CNAME   traefik-cl01tl
               postiz                          IN      CNAME   traefik-cl01tl

clusters/cl01tl/helm/directus/Chart.yaml

@@ -29,4 +29,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
 # renovate: datasource=github-releases depName=directus/directus
-appVersion: 11.17.0
+appVersion: 11.17.1

clusters/cl01tl/helm/gatus/values.yaml

@@ -164,15 +164,15 @@ gatus:
       - name: roundcube
         url: https://mail.alexlebens.net
         <<: *defaults
+      - name: paperless-ngx
+        url: https://paperless-ngx.alexlebens.net
+        <<: *defaults
       - name: kiwix
         url: https://kiwix.alexlebens.net
         <<: *defaults
       - name: excalidraw
         url: https://excalidraw.alexlebens.net
         <<: *defaults
-      - name: languagetool
-        url: https://languagetool.alexlebens.net
-        <<: *defaults
       - name: gitea
         url: https://gitea.alexlebens.net
         <<: *defaults

clusters/cl01tl/helm/generic-device-plugin/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: generic-device-plugin
   repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-  version: 0.20.26
-digest: sha256:47d12b7555d345dea0438d13ac538896994dbd44b142b9a546dbfe5c0939a92b
-generated: "2026-03-24T16:59:26.537547513Z"
+  version: 0.20.27
+digest: sha256:b66a7ab013f5eda47ccf94824796e026642e1abfc051e498957ee0f59743e9fc
+generated: "2026-03-31T21:37:08.823163353Z"

clusters/cl01tl/helm/generic-device-plugin/Chart.yaml

@@ -14,6 +14,6 @@ maintainers:
 dependencies:
   - name: generic-device-plugin
     repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-    version: 0.20.26
+    version: 0.20.27
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 1.0.0

clusters/cl01tl/helm/home-assistant/values.yaml

@@ -119,8 +119,6 @@ home-assistant:
 volsync-target-config:
   pvcTarget: home-assistant-config
   moverSecurityContext:
-    runAsUser: 1000
-    runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
   local:

clusters/cl01tl/helm/homepage/Chart.yaml

@@ -19,4 +19,4 @@ dependencies:
     version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
 # renovate: datasource=github-releases depName=gethomepage/homepage
-appVersion: v1.12.1
+appVersion: v1.12.2

clusters/cl01tl/helm/homepage/values.yaml

@@ -16,7 +16,7 @@ homepage:
         main:
           image:
             repository: ghcr.io/gethomepage/homepage
-            tag: v1.12.1
+            tag: v1.12.2
             pullPolicy: IfNotPresent
           env:
             - name: HOMEPAGE_ALLOWED_HOSTS
@@ -304,6 +304,12 @@ homepage:
                   href: https://mail.alexlebens.net
                   siteMonitor: http://roundcube.roundcube:80
                   statusStyle: dot
+              - Documents:
+                  icon: sh-paperless-ngx.webp
+                  description: Paperless-ngx
+                  href: https://paperless-ngx.alexlebens.net
+                  siteMonitor: http://paperless-ngx.paperless-ngx:80
+                  statusStyle: dot
               - Wiki:
                   icon: sh-kiwix-light.webp
                   description: Kiwix

clusters/cl01tl/helm/houndarr/Chart.yaml

@@ -22,4 +22,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
 # renovate: datasource=github-releases depName=av1155/houndarr
-appVersion: v1.6.3
+appVersion: v1.6.4

clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: kube-prometheus-stack
   repository: oci://ghcr.io/prometheus-community/charts
-  version: 82.15.1
+  version: 82.16.0
 - name: app-template
   repository: https://bjw-s-labs.github.io/helm-charts/
   version: 4.6.2
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:7be2f0d61a12e674af175046960df7ba06a7248dc92db0b2d9c9b63a77a5bc17
-generated: "2026-03-28T01:54:34.406941487Z"
+digest: sha256:a7086a19bfa46989e0db1d4c99b0ffa11f63115f41d60259f4467cc5dcf9bcaa
+generated: "2026-03-31T16:04:22.10025203Z"

clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml

@@ -20,7 +20,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: kube-prometheus-stack
-    version: 82.15.1
+    version: 82.16.0
     repository: oci://ghcr.io/prometheus-community/charts
   - name: app-template
     alias: ntfy-alertmanager

clusters/cl01tl/helm/medialyze/Chart.yaml

@@ -19,4 +19,4 @@ dependencies:
     version: 4.6.2
 icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
 # renovate: datasource=github-releases depName=frederikemmer/MediaLyze
-appVersion: 0.4.0
+appVersion: 0.4.1

clusters/cl01tl/helm/medialyze/values.yaml

@@ -9,7 +9,7 @@ medialyze:
         main:
           image:
             repository: ghcr.io/frederikemmer/medialyze
-            tag: 0.4.0
+            tag: 0.4.1
             pullPolicy: IfNotPresent
           env:
             - name: HOST_PORT

clusters/cl01tl/helm/ntfy/Chart.yaml

@@ -20,4 +20,4 @@ dependencies:
     version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
 # renovate: datasource=github-releases depName=binwiederhier/ntfy
-appVersion: 2.20.1
+appVersion: 2.21.0

clusters/cl01tl/helm/ntfy/values.yaml

@@ -9,7 +9,7 @@ ntfy:
         main:
           image:
             repository: binwiederhier/ntfy
-            tag: v2.20.1
+            tag: v2.21.0
             pullPolicy: IfNotPresent
           args: ["serve"]
           env:

clusters/cl01tl/helm/paperless-ngx/Chart.lock

@@ -0,0 +1,24 @@
+dependencies:
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.6.2
+- name: postgres-cluster
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 7.11.0
+- name: valkey
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.5.0
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+digest: sha256:08acc0818deaede4bb7515be7cbb1253f30036b70af6038caa69e4bd3cc02412
+generated: "2026-03-30T20:25:47.995874-05:00"

clusters/cl01tl/helm/paperless-ngx/Chart.yaml

@@ -0,0 +1,51 @@
+apiVersion: v2
+name: paperless-ngx
+version: 1.0.0
+description: Paperless-ngx
+keywords:
+  - paperless-ngx
+  - documents
+home: https://docs.alexlebens.dev/applications/paperless-ngx/
+sources:
+  - https://github.com/paperless-ngx/paperless-ngx
+  - https://github.com/gotenberg/gotenberg
+  - https://github.com/paperless-ngx/paperless-ngx/pkgs/container/paperless-ngx
+  - https://hub.docker.com/r/gotenberg/gotenberg
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: paperless-ngx
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.6.2
+  - name: postgres-cluster
+    alias: postgres-18-cluster
+    version: 7.11.0
+    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: valkey
+    alias: valkey
+    version: 0.5.0
+    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: volsync-target
+    alias: volsync-target-data
+    version: 0.8.0
+    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: volsync-target
+    alias: volsync-target-media
+    version: 0.8.0
+    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: volsync-target
+    alias: volsync-target-export
+    version: 0.8.0
+    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: volsync-target
+    alias: volsync-target-consume
+    version: 0.8.0
+    repository: oci://harbor.alexlebens.net/helm-charts
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/paperless-ngx.png
+# renovate: datasource=github-releases depName=paperless-ngx/paperless-ngx
+appVersion: 2.20.13

clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml

@@ -0,0 +1,54 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: paperless-ngx-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: paperless-ngx-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: secret-key
+      remoteRef:
+        key: /cl01tl/paperless-ngx/secret
+        property: secret-key
+    - secretKey: admin-user
+      remoteRef:
+        key: /cl01tl/paperless-ngx/secret
+        property: admin-user
+    - secretKey: admin-password
+      remoteRef:
+        key: /cl01tl/paperless-ngx/secret
+        property: admin-password
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: paperless-ngx-oidc-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: paperless-ngx-oidc-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: OIDC_CLIENT_ID
+      remoteRef:
+        key: /authentik/oidc/paperless-ngx
+        property: client
+    - secretKey: OIDC_CLIENT_SECRET
+      remoteRef:
+        key: /authentik/oidc/paperless-ngx
+        property: secret
+    - secretKey: PAPERLESS_SOCIALACCOUNT_PROVIDERS
+      remoteRef:
+        key: /authentik/oidc/paperless-ngx
+        property: PAPERLESS_SOCIALACCOUNT_PROVIDERS

clusters/cl01tl/helm/paperless-ngx/values.yaml

@@ -0,0 +1,212 @@
+paperless-ngx:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      containers:
+        main:
+          image:
+            repository: ghcr.io/paperless-ngx/paperless-ngx
+            tag: 2.20.13@sha256:4b05bcd28e6923768000b5d247cbf2c66fd49bdc3f3b05955bd4f6790a638b01
+          env:
+            - name: PAPERLESS_REDIS
+              value: redis://paperless-ngx-valkey.paperless-ngx:6379
+            - name: PAPERLESS_DBHOST
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-ngx-postgresql-18-cluster-app
+                  key: host
+            - name: PAPERLESS_DBPORT
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-ngx-postgresql-18-cluster-app
+                  key: port
+            - name: PAPERLESS_DBNAME
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-ngx-postgresql-18-cluster-app
+                  key: dbname
+            - name: PAPERLESS_DBUSER
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-ngx-postgresql-18-cluster-app
+                  key: user
+            - name: PAPERLESS_DBPASS
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-ngx-postgresql-18-cluster-app
+                  key: password
+            - name: PAPERLESS_TIKA_ENABLED
+              value: true
+            - name: PAPERLESS_TIKA_GOTENBERG_ENDPOINT
+              value: http://localhost:3000/
+            - name: PAPERLESS_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-ngx-secret
+                  key: secret-key
+            - name: PAPERLESS_URL
+              value: https://paperless-ngx.alexlebens.net
+            - name: PAPERLESS_ALLOWED_HOSTS
+              value: paperless-ngx.alexlebens.net, paperless-ngx.paperless-ngx
+            - name: PAPERLESS_ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-ngx-secret
+                  key: admin-user
+            - name: PAPERLESS_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-ngx-secret
+                  key: admin-password
+            - name: PAPERLESS_ACCOUNT_ALLOW_SIGNUPS
+              value: true
+            - name: PAPERLESS_SOCIAL_AUTO_SIGNUP
+              value: true
+            - name: PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS
+              value: true
+            - name: PAPERLESS_APPS
+              value: allauth.socialaccount.providers.openid_connect
+            - name: PAPERLESS_LOGOUT_REDIRECT_URL
+              value: https://authentik.alexlebens.net/application/o/paperless-ngx/end-session/
+            - name: PAPERLESS_SOCIALACCOUNT_PROVIDERS
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-ngx-oidc-secret
+                  key: PAPERLESS_SOCIALACCOUNT_PROVIDERS
+            - name: PAPERLESS_TIME_ZONE
+              value: America/Chicago
+          resources:
+            requests:
+              cpu: 1m
+              memory: 100Mi
+        gotenberg:
+          image:
+            repository: gotenberg/gotenberg
+            tag: 8.29.1@sha256:36c925776fa0db0fd1030408d131fde7ac3453027a559883555155b72adb16a7
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 80
+          targetPort: 8000
+  route:
+    main:
+      kind: HTTPRoute
+      parentRefs:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          name: traefik-gateway
+          namespace: traefik
+      hostnames:
+        - paperless-ngx.alexlebens.net
+      rules:
+        - backendRefs:
+            - name: paperless-ngx
+              port: 80
+          matches:
+            - path:
+                type: PathPrefix
+                value: /
+  persistence:
+    data:
+      forceRename: paperless-ngx-data
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 2Gi
+      advancedMounts:
+        main:
+          main:
+            - path: /usr/src/paperless/data
+    media:
+      forceRename: paperless-ngx-media
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 10Gi
+      advancedMounts:
+        main:
+          main:
+            - path: /usr/src/paperless/media
+    export:
+      forceRename: paperless-ngx-export
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 2Gi
+      advancedMounts:
+        main:
+          main:
+            - path: /usr/src/paperless/export
+    consume:
+      forceRename: paperless-ngx-consume
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 2Gi
+      advancedMounts:
+        main:
+          main:
+            - path: /usr/src/paperless/consume
+postgres-18-cluster:
+  mode: recovery
+  recovery:
+    method: objectStore
+    objectStore:
+      index: 1
+  backup:
+    objectStore:
+      - name: garage-local
+        index: 1
+        destinationBucket: postgres-backups
+        externalSecretCredentialPath: /garage/home-infra/postgres-backups
+        isWALArchiver: true
+    scheduledBackups:
+      - name: live-backup
+        suspend: false
+        immediate: true
+        schedule: "0 15 15 * * *"
+        backupName: garage-local
+volsync-target-data:
+  pvcTarget: paperless-ngx-data
+  local:
+    enabled: true
+    schedule: 2 8 * * *
+  remote:
+    enabled: true
+    schedule: 2 9 * * *
+  external:
+    enabled: true
+    schedule: 2 10 * * *
+volsync-target-media:
+  pvcTarget: paperless-ngx-metadata
+  local:
+    enabled: true
+    schedule: 4 8 * * *
+  remote:
+    enabled: true
+    schedule: 4 9 * * *
+  external:
+    enabled: true
+    schedule: 4 10 * * *
+volsync-target-export:
+  pvcTarget: paperless-ngx-data
+  local:
+    enabled: true
+    schedule: 2 8 * * *
+  remote:
+    enabled: true
+    schedule: 2 9 * * *
+  external:
+    enabled: true
+    schedule: 2 10 * * *
+volsync-target-consume:
+  pvcTarget: paperless-ngx-metadata
+  local:
+    enabled: true
+    schedule: 4 8 * * *
+  remote:
+    enabled: true
+    schedule: 4 9 * * *
+  external:
+    enabled: true
+    schedule: 4 10 * * *

clusters/cl01tl/helm/postiz/Chart.yaml

@@ -42,4 +42,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
 # renovate: datasource=github-releases depName=gitroomhq/postiz-app
-appVersion: v2.21.2
+appVersion: v2.21.4

clusters/cl01tl/helm/roundcube/Chart.yaml

@@ -29,4 +29,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png
 # renovate: datasource=github-releases depName=roundcube/roundcubemail
-appVersion: 1.6.14
+appVersion: 1.6.15

clusters/cl01tl/helm/roundcube/values.yaml

@@ -9,7 +9,7 @@ roundcube:
         main:
           image:
             repository: roundcube/roundcubemail
-            tag: 1.6.14-fpm-alpine
+            tag: 1.6.15-fpm-alpine
             pullPolicy: IfNotPresent
           env:
             - name: ROUNDCUBEMAIL_DB_TYPE
@@ -85,7 +85,7 @@ roundcube:
         backup:
           image:
             repository: roundcube/roundcubemail
-            tag: 1.6.14-fpm-alpine
+            tag: 1.6.15-fpm-alpine
             pullPolicy: IfNotPresent
           env:
             - name: ROUNDCUBEMAIL_DB_TYPE

clusters/cl01tl/helm/seerr/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: seerr-chart
   repository: oci://ghcr.io/seerr-team/seerr
-  version: 3.3.0
+  version: 3.3.1
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:6b3f76b56c20740f1f1c39df0b0f8ed2684051c698e287c113c9e311477fed82
-generated: "2026-03-06T01:16:36.098673586Z"
+digest: sha256:125b2384418dda2ccf6ee188d61daf1e78f2faa3bf1ee4a81c2d0f741967ca5f
+generated: "2026-03-31T13:05:18.964064368Z"

clusters/cl01tl/helm/seerr/Chart.yaml

@@ -17,7 +17,7 @@ maintainers:
 dependencies:
   - name: seerr-chart
     repository: oci://ghcr.io/seerr-team/seerr
-    version: 3.3.0
+    version: 3.3.1
   - name: volsync-target
     alias: volsync-target-config
     version: 0.8.0

clusters/cl01tl/helm/traefik/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: traefik
   repository: https://traefik.github.io/charts
-  version: 39.0.6
+  version: 39.0.7
 - name: traefik-crds
   repository: https://traefik.github.io/charts
   version: 1.16.0
-digest: sha256:7311d1720303d2930821ac085e246c09d2935aa5f4b8223040017afe3c5acfc4
-generated: "2026-03-24T14:04:56.829498329Z"
+digest: sha256:42a2f2844385eb79724b6d7b49ed8adfd4f8237ee63ea55aa6ec7b3b3636dd3e
+generated: "2026-03-31T21:37:50.410289754Z"

clusters/cl01tl/helm/traefik/Chart.yaml

@@ -15,7 +15,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: traefik
-    version: 39.0.6
+    version: 39.0.7
     repository: https://traefik.github.io/charts
   - name: traefik-crds
     version: 1.16.0

hosts/ps08rp/blocky/config.yml

@@ -121,6 +121,7 @@ customDNS:
     objects                         IN      CNAME   traefik-cl01tl
     ollama                          IN      CNAME   traefik-cl01tl
     omni-tools                      IN      CNAME   traefik-cl01tl
+    paperless-ngx                   IN      CNAME   traefik-cl01tl
     photoview                       IN      CNAME   traefik-cl01tl
     plex                            IN      CNAME   traefik-cl01tl
     postiz                          IN      CNAME   traefik-cl01tl

hosts/ps09rp/blocky/config.yml

@@ -142,6 +142,7 @@ customDNS:
     objects                         IN      CNAME   traefik-cl01tl
     ollama                          IN      CNAME   traefik-cl01tl
     omni-tools                      IN      CNAME   traefik-cl01tl
+    paperless-ngx                   IN      CNAME   traefik-cl01tl
     photoview                       IN      CNAME   traefik-cl01tl
     plex                            IN      CNAME   traefik-cl01tl
     postiz                          IN      CNAME   traefik-cl01tl

hosts/ps10rp/cloudflare-ddns/compose.yaml

@@ -1,7 +1,7 @@
 ---
 services:
     cloudflare-ddns:
-        image: favonia/cloudflare-ddns:1.15.1@sha256:a4e2089b3531eec8c9328c7a9a586f80e8d67dcd94856e0b596b7896e1de3f62
+        image: favonia/cloudflare-ddns:1.16.0@sha256:8e0f869aed97beeed4e172a01e97090673cb9b04e7e1d62fcb6cfc656f9761ad
         container_name: cloudflare-ddns
         cap_drop:
             - all

hosts/ps10rp/homepage/compose.yaml

@@ -32,7 +32,7 @@ services:
             - /var/run/docker.sock:/var/run/docker.sock:ro
 
     homepage:
-        image: ghcr.io/gethomepage/homepage:v1.12.1@sha256:9627769818fbfb14147d3e633e57cef9c27c0c5f07585f5a1d6c3d3425b3b33c
+        image: ghcr.io/gethomepage/homepage:v1.12.2@sha256:ea801368eac6b1f0d08ad35dabcbbd0a91147a49ba9761df84b2e047532d74e5
         container_name: homepage
         labels:
             traefik.enable: true