remove trivy

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [freshrss/freshrss](https://freshrss.org/) ([source](https://github.com/FreshRSS/FreshRSS)) | minor | `1.27.1` -> `1.28.0` |

---

### Release Notes

<details>
<summary>FreshRSS/FreshRSS (freshrss/freshrss)</summary>

### [`v1.28.0`](https://github.com/FreshRSS/FreshRSS/blob/HEAD/CHANGELOG.md#2025-12-24-FreshRSS-1280)

[Compare Source](https://github.com/FreshRSS/FreshRSS/compare/1.27.1...1.28.0)

- Features
  - New sorting and filtering by date of *User modified* [#&#8203;7886](https://github.com/FreshRSS/FreshRSS/pull/7886), [#&#8203;8090](https://github.com/FreshRSS/FreshRSS/pull/8090),
    [#&#8203;8105](https://github.com/FreshRSS/FreshRSS/pull/8105), [#&#8203;8118](https://github.com/FreshRSS/FreshRSS/pull/8118), [#&#8203;8130](https://github.com/FreshRSS/FreshRSS/pull/8130)
    - Corresponding search operator, e.g. `userdate:PT1H` for the past hour [#&#8203;8093](https://github.com/FreshRSS/FreshRSS/pull/8093)
    - Allows finding articles marked by the local user as read/unread or starred/unstarred at specific dates for e.g. undo action.
  - New sorting by article length [#&#8203;8119](https://github.com/FreshRSS/FreshRSS/pull/8119)
  - New advanced search form [#&#8203;8103](https://github.com/FreshRSS/FreshRSS/pull/8103), [#&#8203;8122](https://github.com/FreshRSS/FreshRSS/pull/8122), [#&#8203;8226](https://github.com/FreshRSS/FreshRSS/pull/8226)
  - Add compatibility with PCRE word boundary `\b` and `\B` for regex search using PostgreSQL [#&#8203;8141](https://github.com/FreshRSS/FreshRSS/pull/8141)
  - More uniform SQL search and PHP search for accents and case-sensitivity (e.g. for automatically marking as read) [#&#8203;8329](https://github.com/FreshRSS/FreshRSS/pull/8329)
  - New overview of dates with most unread articles [#&#8203;8089](https://github.com/FreshRSS/FreshRSS/pull/8089)
  - Allow marking as read articles older than 1 or 7 days also when sorting by publication date [#&#8203;8163](https://github.com/FreshRSS/FreshRSS/pull/8163)
  - New option to show user labels instead of tags in RSS share [#&#8203;8112](https://github.com/FreshRSS/FreshRSS/pull/8112)
  - Add new feed visibility (priority) *Show in its feed* [#&#8203;7972](https://github.com/FreshRSS/FreshRSS/pull/7972)
  - New ability to share feed visibility through API (implemented by e.g. Capy Reader) [#&#8203;7583](https://github.com/FreshRSS/FreshRSS/pull/7583), [#&#8203;8158](https://github.com/FreshRSS/FreshRSS/pull/8158)
  - Configurable notification timeout [#&#8203;7942](https://github.com/FreshRSS/FreshRSS/pull/7942)
  - OPML export/import of unicity criteria [#&#8203;8243](https://github.com/FreshRSS/FreshRSS/pull/8243)
  - Ensure stable IDs (categories, feeds, labels) during export/import [#&#8203;7988](https://github.com/FreshRSS/FreshRSS/pull/7988)
  - Add username and timestamp to SQLite export from Web UI [#&#8203;8169](https://github.com/FreshRSS/FreshRSS/pull/8169)
  - Add option to apply filter actions to existing articles [#&#8203;7959](https://github.com/FreshRSS/FreshRSS/pull/7959), [#&#8203;8259](https://github.com/FreshRSS/FreshRSS/pull/8259)
  - Support CSS selector `~` *subsequent-sibling* [#&#8203;8154](https://github.com/FreshRSS/FreshRSS/pull/8154)
    - Upstream PR [phpgt/CssXPath#231](https://github.com/phpgt/CssXPath/pull/231)
  - Rework saving of configuration files for more reliability in case of e.g. full disk [#&#8203;8220](https://github.com/FreshRSS/FreshRSS/pull/8220)
  - Web scraping support date format as milliseconds for Unix epoch [#&#8203;8266](https://github.com/FreshRSS/FreshRSS/pull/8266)
  - Allow negative category sort numbers [#&#8203;8330](https://github.com/FreshRSS/FreshRSS/pull/8330)
- Performance
  - Improve SQL speed for updating cached information [#&#8203;6957](https://github.com/FreshRSS/FreshRSS/pull/6957), [#&#8203;8207](https://github.com/FreshRSS/FreshRSS/pull/8207),
    [#&#8203;8255](https://github.com/FreshRSS/FreshRSS/pull/8255), [#&#8203;8254](https://github.com/FreshRSS/FreshRSS/pull/8254), [#&#8203;8255](https://github.com/FreshRSS/FreshRSS/pull/8255)
  - Fix SQL performance issue with MySQL, using an index hint [#&#8203;8211](https://github.com/FreshRSS/FreshRSS/pull/8211)
  - Scaling of user statistics in Web UI and CLI, to help instances with 1k+ users [#&#8203;8277](https://github.com/FreshRSS/FreshRSS/pull/8277)
  - API streaming of large responses for reducing memory consumption and increasing speed [#&#8203;8041](https://github.com/FreshRSS/FreshRSS/pull/8041)
- Security
  - 💥 Move unsafe autologin to an extension [#&#8203;7958](https://github.com/FreshRSS/FreshRSS/pull/7958)
  - Fix some CSRFs [#&#8203;8035](https://github.com/FreshRSS/FreshRSS/pull/8035)
  - Strengthen some crypto (login, tokens, nonces) [#&#8203;8061](https://github.com/FreshRSS/FreshRSS/pull/8061), [#&#8203;8320](https://github.com/FreshRSS/FreshRSS/pull/8320)
  - Create separate HTTP `Retry-After` rules for proxies [#&#8203;8029](https://github.com/FreshRSS/FreshRSS/pull/8029), [#&#8203;8218](https://github.com/FreshRSS/FreshRSS/pull/8218)
  - Add `data:` to CSP in subscription controller [#&#8203;8253](https://github.com/FreshRSS/FreshRSS/pull/8253)
  - Improve anonymous authentication logic [#&#8203;8165](https://github.com/FreshRSS/FreshRSS/pull/8165)
  - Enable GitHub [release immutability](https://github.blog/changelog/2025-10-28-immutable-releases-are-now-generally-available/) [#&#8203;8205](https://github.com/FreshRSS/FreshRSS/issues/8205)
- Bug fixing
  - Exclude local networks for domain-wide HTTP `Retry-After` [#&#8203;8195](https://github.com/FreshRSS/FreshRSS/pull/8195)
  - Fix OpenID Connect with Debian 13 [#&#8203;8032](https://github.com/FreshRSS/FreshRSS/pull/8032)
  - Fix MySQL / MariaDB bug wrongly sorting new articles [#&#8203;8223](https://github.com/FreshRSS/FreshRSS/pull/8223)
  - Fix MySQL / MariaDB database size calculation [#&#8203;8282](https://github.com/FreshRSS/FreshRSS/pull/8282)
  - Fix SQLite bind bug when adding user label [#&#8203;8101](https://github.com/FreshRSS/FreshRSS/pull/8101)
  - Fix SQL auto-update of field `f.kind` to ease migrations from FreshRSS versions older than 1.20.0 [#&#8203;8148](https://github.com/FreshRSS/FreshRSS/pull/8148)
  - Fix search encoding and quoting [#&#8203;8311](https://github.com/FreshRSS/FreshRSS/pull/8311), [#&#8203;8324](https://github.com/FreshRSS/FreshRSS/pull/8324), [#&#8203;8338](https://github.com/FreshRSS/FreshRSS/pull/8338)
  - Fix handling of database unexpected null content (during migrations) [#&#8203;8319](https://github.com/FreshRSS/FreshRSS/pull/8319), [#&#8203;8321](https://github.com/FreshRSS/FreshRSS/pull/8321)
  - Fix drag & drop of user query losing information [#&#8203;8113](https://github.com/FreshRSS/FreshRSS/pull/8113)
  - Fix DOM error while filtering retrieved full content [#&#8203;8132](https://github.com/FreshRSS/FreshRSS/pull/8132), [#&#8203;8161](https://github.com/FreshRSS/FreshRSS/pull/8161)
  - Fix `config.custom.php` during install [#&#8203;8033](https://github.com/FreshRSS/FreshRSS/pull/8033)
  - Fix do not mark important feeds as read from category [#&#8203;8067](https://github.com/FreshRSS/FreshRSS/pull/8067)
  - Fix regression of warnings in Web browser console due to lack of `window.bcrypt` object [#&#8203;8166](https://github.com/FreshRSS/FreshRSS/pull/8166)
  - Fix chart resize regression due to `chart.js` v4 update [#&#8203;8298](https://github.com/FreshRSS/FreshRSS/pull/8298)
  - Fix CLI user creation warning when language is not given [#&#8203;8283](https://github.com/FreshRSS/FreshRSS/pull/8283)
  - Fix merging of custom HTTP headers [#&#8203;8251](https://github.com/FreshRSS/FreshRSS/pull/8251)
  - Fix bug in the case of duplicated mark-as-read filters [#&#8203;8322](https://github.com/FreshRSS/FreshRSS/pull/8322)
- SimplePie
  - Fix support of HTTP trailer headers [#&#8203;7983](https://github.com/FreshRSS/FreshRSS/pull/7983), [simplepie#943](https://github.com/simplepie/simplepie/pull/943)
  - Apply HTTPS policy also on GUIDs and permalinks [#&#8203;8037](https://github.com/FreshRSS/FreshRSS/pull/8037), [simplepie#951](https://github.com/simplepie/simplepie/pull/951)
    - Fix `WordPress.com` HTTP duplicates with WebSub [Automattic/pushpress#16](https://github.com/Automattic/pushpress/pull/16)
  - Implement HTML whitelist for SimplePie sanitizer [#&#8203;7924](https://github.com/FreshRSS/FreshRSS/pull/7924), [simplepie#947](https://github.com/simplepie/simplepie/pull/947)
  - Various upstream contributions [simplepie#940](https://github.com/simplepie/simplepie/pull/940), [simplepie#944](https://github.com/simplepie/simplepie/pull/944)
- Deployment
  - Docker default image updated to Debian 13 Trixie with PHP 8.4.11 and Apache 2.4.65 [#&#8203;8032](https://github.com/FreshRSS/FreshRSS/pull/8032)
  - Docker alternative image updated to Alpine 3.23 with PHP 8.4.15 and Apache 2.4.65 [#&#8203;8285](https://github.com/FreshRSS/FreshRSS/pull/8285)
  - Fix Docker healthcheck `cli/health.php` compatibility with OpenID Connect [#&#8203;8040](https://github.com/FreshRSS/FreshRSS/pull/8040)
  - Improve Docker for compatibility with other base images such as Arch Linux [#&#8203;8299](https://github.com/FreshRSS/FreshRSS/pull/8299)
    - Improve `cli/access-permissions.sh` to detect the correct permission Web group such as `www-data`, `apache`, or `http`
  - Update PostgreSQL volume for Docker [#&#8203;8216](https://github.com/FreshRSS/FreshRSS/pull/8216), [#&#8203;8224](https://github.com/FreshRSS/FreshRSS/pull/8224)
  - Catch lack of `exec()` function for git update [#&#8203;8228](https://github.com/FreshRSS/FreshRSS/pull/8228)
  - Work around `DOMDocument::saveHTML()` scrambling charset encoding in some versions of libxml2 [#&#8203;8296](https://github.com/FreshRSS/FreshRSS/pull/8296)
  - Improve configuration checks for PHP extensions (in Web UI and CLI), including recommending e.g. `php-intl` [#&#8203;8334](https://github.com/FreshRSS/FreshRSS/pull/8334)
- UI
  - New button for toggling sidebar on desktop view [#&#8203;8201](https://github.com/FreshRSS/FreshRSS/pull/8201), [#&#8203;8286](https://github.com/FreshRSS/FreshRSS/pull/8286)
  - Better transitions between groups of articles [#&#8203;8174](https://github.com/FreshRSS/FreshRSS/pull/8174)
  - New links in transitions and jump ⏭ to next transition [#&#8203;8294](https://github.com/FreshRSS/FreshRSS/pull/8294)
  - More visible selected article [#&#8203;8230](https://github.com/FreshRSS/FreshRSS/pull/8230)
  - Show the parsed search query instead of the original user input [#&#8203;8293](https://github.com/FreshRSS/FreshRSS/pull/8293),
    [#&#8203;8306](https://github.com/FreshRSS/FreshRSS/pull/8306), [#&#8203;8341](https://github.com/FreshRSS/FreshRSS/pull/8341)
  - Show search query in the page title [#&#8203;8217](https://github.com/FreshRSS/FreshRSS/pull/8217)
  - Scroll into filtered feed/category on page load in the sidebar [#&#8203;8281](https://github.com/FreshRSS/FreshRSS/pull/8281), [#&#8203;8307](https://github.com/FreshRSS/FreshRSS/pull/8307)
  - Fix autocomplete issues in change password form [#&#8203;7812](https://github.com/FreshRSS/FreshRSS/pull/7812)
  - Fix navigating between read feeds using shortcut <kbd>shift</kbd>+<kbd>j</kbd>/<kbd>k</kbd> [#&#8203;8057](https://github.com/FreshRSS/FreshRSS/pull/8057)
  - Dark background in Web app manifest to avoid white flash when opening [#&#8203;8140](https://github.com/FreshRSS/FreshRSS/pull/8140)
  - Increase button visibility in UI to change theme [#&#8203;8149](https://github.com/FreshRSS/FreshRSS/pull/8149)
  - Replace arrow navigation in theme switcher with `<select>` [#&#8203;8190](https://github.com/FreshRSS/FreshRSS/pull/8190)
  - Improve scroll of article after load of user labels [#&#8203;7962](https://github.com/FreshRSS/FreshRSS/pull/7962)
  - Keep scroll state of page when closing the slider [#&#8203;8295](https://github.com/FreshRSS/FreshRSS/pull/8295), [#&#8203;8301](https://github.com/FreshRSS/FreshRSS/pull/8301)
  - Scroll into filtered feed/category on page load [#&#8203;8281](https://github.com/FreshRSS/FreshRSS/pull/8281)
  - Display sidebar dropdowns above if no space below [#&#8203;8335](https://github.com/FreshRSS/FreshRSS/pull/8335), [#&#8203;8336](https://github.com/FreshRSS/FreshRSS/pull/8336)
  - Use native CSS instead of SCSS [#&#8203;8200](https://github.com/FreshRSS/FreshRSS/pull/8200), [#&#8203;8241](https://github.com/FreshRSS/FreshRSS/pull/8241)
    - Using [CSS nesting](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Nesting) and [relative colours](https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Colors/Using_relative_colors).
  - Various UI and style improvements: [#&#8203;8171](https://github.com/FreshRSS/FreshRSS/pull/8171), [#&#8203;8185](https://github.com/FreshRSS/FreshRSS/pull/8185), [#&#8203;8196](https://github.com/FreshRSS/FreshRSS/pull/8196)
  - JavaScript finalise migration from `Promise` to `async`/`await`: [#&#8203;8182](https://github.com/FreshRSS/FreshRSS/pull/8182)
- API
  - API performance optimisation: streaming of large responses [#&#8203;8041](https://github.com/FreshRSS/FreshRSS/pull/8041)
  - Fever API: Add `with_ids` parameter to mass-change read/unread/saved/unsaved on lists of articles [#&#8203;8312](https://github.com/FreshRSS/FreshRSS/pull/8312)
  - Misc API: better REST error semantics [#&#8203;8232](https://github.com/FreshRSS/FreshRSS/pull/8232)
- Extensions
  - Add support for extension priority [#&#8203;8038](https://github.com/FreshRSS/FreshRSS/pull/8038)
  - Add support for extension compatibility [#&#8203;8081](https://github.com/FreshRSS/FreshRSS/pull/8081)
  - Improve PHP code with hook enums [#&#8203;8036](https://github.com/FreshRSS/FreshRSS/pull/8036)
  - New hook `nav_entries` [#&#8203;8054](https://github.com/FreshRSS/FreshRSS/pull/8054)
  - Rename [Extensions](https://github.com/FreshRSS/Extensions) default branch from *master* to *main* [#&#8203;8194](https://github.com/FreshRSS/FreshRSS/pull/8194)
- I18n
  - Translation status as text in README [#&#8203;7842](https://github.com/FreshRSS/FreshRSS/pull/7842)
  - Add new translate CLI commands `move` [#&#8203;8214](https://github.com/FreshRSS/FreshRSS/pull/8214)
  - Change some regional language codes to comply with RFC 5646 / IETF BCP 47 / ISO 3166 / ISO 639-1 [#&#8203;8065](https://github.com/FreshRSS/FreshRSS/pull/8065)
  - Improve German [#&#8203;8028](https://github.com/FreshRSS/FreshRSS/pull/8028)
  - Improve Greek [#&#8203;8146](https://github.com/FreshRSS/FreshRSS/pull/8146)
  - Improve Finnish [#&#8203;8073](https://github.com/FreshRSS/FreshRSS/pull/8073), [#&#8203;8092](https://github.com/FreshRSS/FreshRSS/pull/8092)
  - Improve Hungarian [#&#8203;8244](https://github.com/FreshRSS/FreshRSS/pull/8244)
  - Improve Italian [#&#8203;8115](https://github.com/FreshRSS/FreshRSS/pull/8115), [#&#8203;8186](https://github.com/FreshRSS/FreshRSS/pull/8186)
  - Improve Polish [#&#8203;8134](https://github.com/FreshRSS/FreshRSS/pull/8134), [#&#8203;8135](https://github.com/FreshRSS/FreshRSS/pull/8135)
  - Improve Russian [#&#8203;8155](https://github.com/FreshRSS/FreshRSS/pull/8155), [#&#8203;8197](https://github.com/FreshRSS/FreshRSS/pull/8197)
  - Improve Simplified Chinese [#&#8203;8308](https://github.com/FreshRSS/FreshRSS/pull/8308), [#&#8203;8313](https://github.com/FreshRSS/FreshRSS/pull/8313)
- Misc.
  - Add code to modify a search expression [#&#8203;8293](https://github.com/FreshRSS/FreshRSS/pull/8293)
  - Remove *Pocket* sharing service [#&#8203;8127](https://github.com/FreshRSS/FreshRSS/pull/8127), [#&#8203;8128](https://github.com/FreshRSS/FreshRSS/pull/8128)
  - Update to PHPMailer 7.0.1 [#&#8203;8048](https://github.com/FreshRSS/FreshRSS/pull/8048), [#&#8203;8180](https://github.com/FreshRSS/FreshRSS/pull/8180), [#&#8203;8272](https://github.com/FreshRSS/FreshRSS/pull/8272)
  - 💥 Housekeeping of `lib_rss.php` with potential breaking changes for some extensions [#&#8203;8193](https://github.com/FreshRSS/FreshRSS/pull/8193),
  - Use native PHP `#[Deprecated]` [#&#8203;8325](https://github.com/FreshRSS/FreshRSS/pull/8325)
  - Improve PHP code [#&#8203;8156](https://github.com/FreshRSS/FreshRSS/pull/8156), [#&#8203;8203](https://github.com/FreshRSS/FreshRSS/pull/8203), [#&#8203;8284](https://github.com/FreshRSS/FreshRSS/pull/8284),
    [#&#8203;8292](https://github.com/FreshRSS/FreshRSS/pull/8292), [#&#8203;8297](https://github.com/FreshRSS/FreshRSS/pull/8297)
  - GitHub Actions: `--no-progress` [#&#8203;8315](https://github.com/FreshRSS/FreshRSS/pull/8315)
  - Update dev dependencies [#&#8203;8043](https://github.com/FreshRSS/FreshRSS/pull/8043), [#&#8203;8044](https://github.com/FreshRSS/FreshRSS/pull/8044),
    [#&#8203;8045](https://github.com/FreshRSS/FreshRSS/pull/8045), [#&#8203;8046](https://github.com/FreshRSS/FreshRSS/pull/8046), [#&#8203;8047](https://github.com/FreshRSS/FreshRSS/pull/8047),
    [#&#8203;8052](https://github.com/FreshRSS/FreshRSS/pull/8052), [#&#8203;8176](https://github.com/FreshRSS/FreshRSS/pull/8176), [#&#8203;8177](https://github.com/FreshRSS/FreshRSS/pull/8177),
    [#&#8203;8178](https://github.com/FreshRSS/FreshRSS/pull/8178), [#&#8203;8179](https://github.com/FreshRSS/FreshRSS/pull/8179), [#&#8203;8210](https://github.com/FreshRSS/FreshRSS/pull/8210),
    [#&#8203;8270](https://github.com/FreshRSS/FreshRSS/pull/8270), [#&#8203;8271](https://github.com/FreshRSS/FreshRSS/pull/8271), [#&#8203;8273](https://github.com/FreshRSS/FreshRSS/pull/8273),
    [#&#8203;8274](https://github.com/FreshRSS/FreshRSS/pull/8274), [#&#8203;8275](https://github.com/FreshRSS/FreshRSS/pull/8275), [#&#8203;8276](https://github.com/FreshRSS/FreshRSS/pull/8276)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zOS4xIiwidXBkYXRlZEluVmVyIjoiNDIuMzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2851
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

clusters/cl01tl/helm/actual/values.yaml

@@ -77,3 +77,9 @@ actual:
               readOnly: false
 volsync-target-data:
   pvcTarget: actual-data
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/argo-workflows/Chart.yaml

@@ -25,7 +25,7 @@ dependencies:
     repository: https://argoproj.github.io/argo-helm
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
 # renovate: github=argoproj/argo-workflows

clusters/cl01tl/helm/audiobookshelf/values.yaml

@@ -123,5 +123,17 @@ audiobookshelf:
               readOnly: false
 volsync-target-config:
   pvcTarget: audiobookshelf-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-metadata:
   pvcTarget: audiobookshelf-metadata
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/authentik/Chart.yaml

@@ -28,7 +28,7 @@ dependencies:
     version: 2.1.4
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     version: 0.5.0

clusters/cl01tl/helm/authentik/values.yaml

@@ -109,7 +109,7 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3

clusters/cl01tl/helm/backrest/values.yaml

@@ -107,5 +107,17 @@ backrest:
               readOnly: true
 volsync-target-data:
   pvcTarget: backrest-data
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-config:
   pvcTarget: backrest-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/bazarr/values.yaml

@@ -83,3 +83,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/blocky/values.yaml

@@ -135,7 +135,6 @@ blocky:
               lidatube                        IN      CNAME   traefik-cl01tl
               listenarr                       IN      CNAME   traefik-cl01tl
               mail                            IN      CNAME   traefik-cl01tl
-              n8n                             IN      CNAME   traefik-cl01tl
               navidrome                       IN      CNAME   traefik-cl01tl
               ntfy                            IN      CNAME   traefik-cl01tl
               objects                         IN      CNAME   traefik-cl01tl
@@ -319,6 +318,6 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
     enabled: false

clusters/cl01tl/helm/booklore/values.yaml

@@ -202,6 +202,12 @@ mariadb-cluster:
             key: secret
 volsync-target-config:
   pvcTarget: booklore-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-data:
   pvcTarget: booklore-data
   local:

clusters/cl01tl/helm/code-server/values.yaml

@@ -75,3 +75,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/directus/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 2.1.4
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     version: 0.5.0

clusters/cl01tl/helm/directus/values.yaml

@@ -216,7 +216,7 @@ redis-replication:
     name: directus-redis-config
     key: password
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3

clusters/cl01tl/helm/ephemera/values.yaml

@@ -129,3 +129,9 @@ ephemera:
               readOnly: false
 volsync-target-config:
   pvcTarget: ephemera
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/freshrss/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 2.1.4
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/freshrss/values.yaml

@@ -80,7 +80,7 @@ freshrss:
         main:
           image:
             repository: freshrss/freshrss
-            tag: 1.27.1
+            tag: 1.28.0
             pullPolicy: IfNotPresent
           env:
             - name: PGID
@@ -246,3 +246,9 @@ volsync-target-data:
       - 100
       - 109
       - 65539
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/gatus/Chart.yaml

@@ -22,7 +22,7 @@ dependencies:
     version: 1.4.4
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/gatus/values.yaml

@@ -185,9 +185,6 @@ gatus:
       - name: argo-workflows
         url: https://argo-workflows.alexlebens.net
         <<: *defaults
-      - name: n8n
-        url: https://n8n.alexlebens.net
-        <<: *defaults
       - name: omni-tools
         url: https://omni-tools.alexlebens.net
         <<: *defaults
@@ -426,3 +423,9 @@ postgres-18-cluster:
       #   backupName: external
 volsync-target-data:
   pvcTarget: gatus
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/gitea/Chart.yaml

@@ -39,7 +39,7 @@ dependencies:
     version: 2.1.4
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     alias: redis-replication-gitea

clusters/cl01tl/helm/gitea/values.yaml

@@ -1,7 +1,7 @@
 gitea:
   global:
     imageRegistry: registry.hub.docker.com
-  replicaCount: 3
+  replicaCount: 2
   image:
     repository: gitea/gitea
     tag: 1.25.3

clusters/cl01tl/helm/grafana-operator/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     repository: https://grafana.github.io/helm-charts
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     alias: redis-replication-unified-alerting

clusters/cl01tl/helm/harbor/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     repository: https://helm.goharbor.io
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
   - name: redis-replication
     version: 0.5.0

clusters/cl01tl/helm/harbor/values.yaml

@@ -142,7 +142,7 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3

clusters/cl01tl/helm/home-assistant/values.yaml

@@ -132,3 +132,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/homepage/values.yaml

@@ -331,12 +331,6 @@ homepage:
                   href: https://argo-workflows.alexlebens.net
                   siteMonitor: http://argo-workflows-server.argo-workflows:2746
                   statusStyle: dot
-              - API Workflows:
-                  icon: sh-n8n.webp
-                  description: n8n
-                  href: https://n8n.alexlebens.net
-                  siteMonitor: http://n8n-main.n8n:80
-                  statusStyle: dot
               - Uptime:
                   icon: sh-gatus.webp
                   description: Gatus

clusters/cl01tl/helm/huntarr/values.yaml

@@ -60,3 +60,9 @@ huntarr:
               readOnly: false
 volsync-target-config:
   pvcTarget: huntarr-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/immich/Chart.yaml

@@ -20,7 +20,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     version: 0.5.0

clusters/cl01tl/helm/immich/values.yaml

@@ -226,9 +226,9 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3
 volsync-target-data:
   pvcTarget: immich

clusters/cl01tl/helm/jellystat/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/jellystat/values.yaml

@@ -144,3 +144,9 @@ postgres-18-cluster:
 
 volsync-target-data:
   pvcTarget: jellystat-data
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/karakeep/values.yaml

@@ -170,3 +170,9 @@ meilisearch:
     enabled: true
 volsync-target-data:
   pvcTarget: karakeep
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/komodo/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgresql-17-fdb-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
 # renovate: github=moghtech/komodo

clusters/cl01tl/helm/kube-prometheus-stack/values.yaml

@@ -174,12 +174,12 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
     volumeClaimTemplate:
       spec:
         resources:
           requests:
             storage: 10Gi
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3

clusters/cl01tl/helm/libation/values.yaml

@@ -62,3 +62,9 @@ libation:
               readOnly: false
 volsync-target-config:
   pvcTarget: libation
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/lidarr/Chart.yaml

@@ -24,7 +24,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/lidarr/values.yaml

@@ -170,3 +170,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/lidatube/values.yaml

@@ -92,3 +92,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/listenarr/values.yaml

@@ -73,3 +73,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/local-path-provisioner/Chart.lock

@@ -3,4 +3,4 @@ dependencies:
   repository: https://charts.containeroo.ch
   version: 0.0.34
 digest: sha256:f4f946897660d5d65eb2a56144d907c0b48c9a72e20d10a73684eaeb0d50cfd3
-generated: "2025-12-26T15:01:44.39475407Z"
+generated: "2025-12-26T21:55:29.099967751Z"

clusters/cl01tl/helm/local-path-provisioner/values.yaml

@@ -1,7 +1,7 @@
 local-path-provisioner:
   image:
     repository: rancher/local-path-provisioner
-    tag: v0.0.32
+    tag: v0.0.33
   helperImage:
     repository: busybox
     tag: 1.37.0

clusters/cl01tl/helm/matrix-synapse/Chart.yaml

@@ -53,7 +53,7 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     alias: redis-replication-matrix-synapse

clusters/cl01tl/helm/matrix-synapse/values.yaml

@@ -477,15 +477,39 @@ redis-replication-hookshot:
     clusterSize: 3
 volsync-target-synapse:
   pvcTarget: matrix-synapse
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-hookshot:
   pvcTarget: matrix-hookshot
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-discord:
   pvcTarget: mautrix-discord
   moverSecurityContext:
     runAsUser: 1337
     runAsGroup: 1337
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-whatsapp:
   pvcTarget: mautrix-whatsapp
   moverSecurityContext:
     runAsUser: 1337
     runAsGroup: 1337
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/n8n/Chart.lock

@@ -1,15 +0,0 @@
-dependencies:
-- name: app-template
-  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.5.0
-- name: postgres-cluster
-  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.4.3
-- name: redis-replication
-  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.5.0
-- name: volsync-target
-  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.0
-digest: sha256:044b0cda285583d8cb792725b75887041f82e5d6906566cd3677d2f67186d7f1
-generated: "2025-12-23T22:38:27.330827-06:00"

clusters/cl01tl/helm/n8n/Chart.yaml

@@ -1,35 +0,0 @@
-apiVersion: v2
-name: n8n
-version: 1.0.0
-description: n8n
-keywords:
-  - n8n
-  - automation
-home: https://wiki.alexlebens.dev/s/e4544bd4-c66a-420c-8020-c54b2078181a
-sources:
-  - https://github.com/n8n-io/n8n
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://github.com/n8n-io/n8n/pkgs/container/n8n
-  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
-  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: n8n
-    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.5.0
-  - name: postgres-cluster
-    alias: postgres-18-cluster
-    version: 7.4.3
-    repository: oci://harbor.alexlebens.net/helm-charts
-  - name: redis-replication
-    version: 0.5.0
-    repository: oci://harbor.alexlebens.net/helm-charts
-  - name: volsync-target
-    alias: volsync-target-data
-    version: 0.6.0
-    repository: oci://harbor.alexlebens.net/helm-charts
-icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/n8n.png
-# renovate: github=n8n-io/n8n
-appVersion: 2.0.1

clusters/cl01tl/helm/n8n/templates/external-secret.yaml

@@ -1,21 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: n8n-config-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: n8n-config-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/n8n/config
-        metadataPolicy: None
-        property: key

clusters/cl01tl/helm/n8n/values.yaml

@@ -1,441 +0,0 @@
-n8n:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/n8n-io/n8n
-            tag: 2.2.1
-            pullPolicy: IfNotPresent
-          env:
-            - name: GENERIC_TIMEZONE
-              value: US/Central
-            - name: DB_TYPE
-              value: postgresdb
-            - name: DB_POSTGRESDB_DATABASE
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: dbname
-            - name: DB_POSTGRESDB_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: host
-            - name: DB_POSTGRESDB_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: port
-            - name: DB_POSTGRESDB_USER
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: user
-            - name: DB_POSTGRESDB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: password
-            - name: N8N_METRICS
-              value: true
-            - name: QUEUE_HEALTH_CHECK_ACTIVE
-              value: true
-            - name: EXECUTIONS_MODE
-              value: queue
-            - name: QUEUE_BULL_REDIS_HOST
-              value: redis-replication-n8n-master.n8n
-            - name: N8N_ENCRYPTION_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-config-secret
-                  key: key
-            - name: WEBHOOK_URL
-              value: https://n8n.alexlebens.net/
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                httpGet:
-                  path: /healthz
-                  port: 5678
-                initialDelaySeconds: 0
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-            readiness:
-              enabled: true
-              custom: true
-              spec:
-                httpGet:
-                  path: /healthz/readiness
-                  port: 5678
-                initialDelaySeconds: 0
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-    worker:
-      type: daemonset
-      revisionHistoryLimit: 3
-      pod:
-        nodeSelector:
-          kubernetes.io/arch: amd64
-      containers:
-        main:
-          image:
-            repository: ghcr.io/n8n-io/n8n
-            tag: 2.2.1
-            pullPolicy: IfNotPresent
-          command:
-            - n8n
-          args:
-            - worker
-            # - --concurrency=10
-          env:
-            - name: GENERIC_TIMEZONE
-              value: US/Central
-            - name: DB_TYPE
-              value: postgresdb
-            - name: DB_POSTGRESDB_DATABASE
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: dbname
-            - name: DB_POSTGRESDB_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: host
-            - name: DB_POSTGRESDB_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: port
-            - name: DB_POSTGRESDB_USER
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: user
-            - name: DB_POSTGRESDB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: password
-            - name: N8N_METRICS
-              value: true
-            - name: N8N_RUNNERS_ENABLED
-              value: true
-            - name: N8N_BLOCK_ENV_ACCESS_IN_NODE
-              value: true
-            - name: N8N_GIT_NODE_DISABLE_BARE_REPOS
-              value: true
-            - name: QUEUE_HEALTH_CHECK_ACTIVE
-              value: true
-            - name: EXECUTIONS_MODE
-              value: queue
-            - name: QUEUE_BULL_REDIS_HOST
-              value: redis-replication-n8n-master.n8n
-            - name: N8N_ENCRYPTION_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-config-secret
-                  key: key
-            - name: WEBHOOK_URL
-              value: https://n8n.alexlebens.net/
-          probes:
-            liveness:
-              enabled: false
-              custom: true
-              spec:
-                httpGet:
-                  path: /healthz
-                  port: 5678
-                initialDelaySeconds: 60
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-            readiness:
-              enabled: false
-              custom: true
-              spec:
-                httpGet:
-                  path: /healthz/readiness
-                  port: 5678
-                initialDelaySeconds: 60
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-    webhook:
-      type: daemonset
-      revisionHistoryLimit: 3
-      pod:
-        nodeSelector:
-          kubernetes.io/arch: amd64
-      containers:
-        main:
-          image:
-            repository: ghcr.io/n8n-io/n8n
-            tag: 2.2.1
-            pullPolicy: IfNotPresent
-          command:
-            - n8n
-          args:
-            - webhook
-          env:
-            - name: GENERIC_TIMEZONE
-              value: US/Central
-            - name: DB_TYPE
-              value: postgresdb
-            - name: DB_POSTGRESDB_DATABASE
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: dbname
-            - name: DB_POSTGRESDB_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: host
-            - name: DB_POSTGRESDB_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: port
-            - name: DB_POSTGRESDB_USER
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: user
-            - name: DB_POSTGRESDB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-postgresql-18-cluster-app
-                  key: password
-            - name: N8N_METRICS
-              value: true
-            - name: QUEUE_HEALTH_CHECK_ACTIVE
-              value: true
-            - name: EXECUTIONS_MODE
-              value: queue
-            - name: QUEUE_BULL_REDIS_HOST
-              value: redis-replication-n8n-master.n8n
-            - name: N8N_ENCRYPTION_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: n8n-config-secret
-                  key: key
-            - name: WEBHOOK_URL
-              value: https://n8n.alexlebens.net/
-            - name: N8N_DIAGNOSTICS_ENABLED
-              value: false
-            - name: N8N_VERSION_NOTIFICATIONS_ENABLED
-              value: false
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                httpGet:
-                  path: /healthz
-                  port: 5678
-                initialDelaySeconds: 0
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-            readiness:
-              enabled: true
-              custom: true
-              spec:
-                httpGet:
-                  path: /healthz/readiness
-                  port: 5678
-                initialDelaySeconds: 0
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 5678
-          protocol: HTTP
-    worker:
-      controller: worker
-      ports:
-        http:
-          port: 80
-          targetPort: 5678
-          protocol: HTTP
-    webhook:
-      controller: webhook
-      ports:
-        http:
-          port: 80
-          targetPort: 5678
-          protocol: HTTP
-  serviceMonitor:
-    main:
-      selector:
-        matchLabels:
-          app.kubernetes.io/name: n8n-main
-          app.kubernetes.io/instance: n8n-main
-      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
-      endpoints:
-        - port: http
-          interval: 3m
-          scrapeTimeout: 1m
-          path: /metrics
-    worker:
-      selector:
-        matchLabels:
-          app.kubernetes.io/name: n8n-worker
-          app.kubernetes.io/instance: n8n-worker
-      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
-      endpoints:
-        - port: http
-          interval: 3m
-          scrapeTimeout: 1m
-          path: /metrics
-    webhook:
-      selector:
-        matchLabels:
-          app.kubernetes.io/name: n8n-webhook
-          app.kubernetes.io/instance: n8n-webhook
-      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
-      endpoints:
-        - port: http
-          interval: 3m
-          scrapeTimeout: 1m
-          path: /metrics
-  route:
-    main:
-      kind: HTTPRoute
-      parentRefs:
-        - group: gateway.networking.k8s.io
-          kind: Gateway
-          name: traefik-gateway
-          namespace: traefik
-      hostnames:
-        - n8n.alexlebens.net
-      rules:
-        - backendRefs:
-            - group: ''
-              kind: Service
-              name: n8n-main
-              port: 80
-              weight: 100
-          matches:
-            - path:
-                type: PathPrefix
-                value: /
-            - path:
-                type: PathPrefix
-                value: /webhook-test/
-        - backendRefs:
-            - group: ''
-              kind: Service
-              name: n8n-webhook
-              port: 80
-              weight: 100
-          matches:
-            - path:
-                type: PathPrefix
-                value: /webhook/
-            - path:
-                type: PathPrefix
-                value: /webhook-waiting/
-            - path:
-                type: PathPrefix
-                value: /form/
-  persistence:
-    data:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 5Gi
-      advancedMounts:
-        main:
-          main:
-            - path: /data
-              readOnly: false
-    cache:
-      type: emptyDir
-      advancedMounts:
-        worker:
-          main:
-            - path: /home/node/.n8n
-              readOnly: false
-        webhook:
-          main:
-            - path: /home/node/.n8n
-              readOnly: false
-postgres-18-cluster:
-  mode: recovery
-  recovery:
-    method: objectStore
-    objectStore:
-      index: 1
-  backup:
-    objectStore:
-      - name: garage-local
-        index: 1
-        destinationBucket: postgres-backups
-        externalSecretCredentialPath: /garage/home-infra/postgres-backups
-        isWALArchiver: true
-      # - name: garage-remote
-      #   index: 1
-      #   destinationBucket: postgres-backups
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "90d"
-      #   data:
-      #     compression: bzip2
-      # - name: external
-      #   index: 1
-      #   endpointURL: https://nyc3.digitaloceanspaces.com
-      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   isWALArchiver: false
-    scheduledBackups:
-      - name: live-backup
-        suspend: false
-        immediate: true
-        schedule: "0 0 0 * * *"
-        backupName: garage-local
-      # - name: weekly-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 4 * * SAT"
-      #   backupName: garage-remote
-      # - name: daily-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
-redis-replication:
-  existingSecret:
-    enabled: false
-  redisReplication:
-    clusterSize: 3
-  redisSentinel:
-    enabled: true
-    clusterSize: 3
-volsync-target-data:
-  pvcTarget: n8n

clusters/cl01tl/helm/navidrome/values.yaml

@@ -153,3 +153,9 @@ volsync-target-data:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/ollama/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/ollama/values.yaml

@@ -306,3 +306,9 @@ volsync-target-data:
   moverSecurityContext:
     runAsUser: 1337
     runAsGroup: 1337
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/outline/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 2.1.4
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     version: 0.5.0

clusters/cl01tl/helm/outline/values.yaml

@@ -188,7 +188,7 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3

clusters/cl01tl/helm/photoview/Chart.yaml

@@ -20,7 +20,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png
 # renovate: github=photoview/photoview

clusters/cl01tl/helm/postiz/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 2.1.4
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     version: 0.5.0

clusters/cl01tl/helm/postiz/values.yaml

@@ -173,11 +173,23 @@ redis-replication:
     name: postiz-redis-config
     key: password
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3
 volsync-target-config:
   pvcTarget: postiz-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-upload:
   pvcTarget: postiz-uploads
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/prowlarr/values.yaml

@@ -82,3 +82,9 @@ volsync-target-config:
       - 100
       - 109
       - 65539
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/qbittorrent/values.yaml

@@ -453,5 +453,17 @@ volsync-target-config:
       volumeSnapshotClassName: ceph-filesystem-snapshot
 volsync-target-qbit-manage-config:
   pvcTarget: qbittorrent-qbit-manage-config-data
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-qui-config:
   pvcTarget: qbittorrent-qui-config-data
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/radarr-4k/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/radarr-4k/values.yaml

@@ -170,3 +170,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/radarr-anime/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/radarr-anime/values.yaml

@@ -168,3 +168,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/radarr-standup/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/radarr-standup/values.yaml

@@ -168,3 +168,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/radarr/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/radarr/values.yaml

@@ -170,3 +170,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/rayflume/Chart.yaml

@@ -24,4 +24,4 @@ dependencies:
     alias: volsync-target-data
     version: 0.6.0
     repository: oci://harbor.alexlebens.net/helm-charts
-appVersion: 0.0.1
+appVersion: 0.0.3

clusters/cl01tl/helm/rayflume/values.yaml

@@ -9,13 +9,13 @@ rayflume:
         main:
           image:
             repository: harbor.alexlebens.net/images/rayflume
-            tag: 0.0.2
+            tag: 0.0.7
             pullPolicy: IfNotPresent
           env:
             - name: DEBUG
               value: True
             - name: ALLOWED_HOSTS
-              value: rayflume.alexlebens.net
+              value: rayflume.alexlebens.net,rayflume.rayflume
             - name: SECRET_KEY
               valueFrom:
                 secretKeyRef:
@@ -88,9 +88,15 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3
 volsync-target-data:
   pvcTarget: rayflume-data
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/roundcube/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/roundcube/values.yaml

@@ -270,3 +270,9 @@ postgres-18-cluster:
       #   backupName: external
 volsync-target-data:
   pvcTarget: roundcube-data
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/searxng/values.yaml

@@ -9,7 +9,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:74c9ee6120b2c990999fcbe14b69b0dbb981bfbd70b2f2cf63b2c094f11bc883
+            tag: latest@sha256:8d98d5c1b678714c3b20dacfab5ea5e3b67f79e50df6d5dbc92ed4f0a964ccbd
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:74c9ee6120b2c990999fcbe14b69b0dbb981bfbd70b2f2cf63b2c094f11bc883
+            tag: latest@sha256:8d98d5c1b678714c3b20dacfab5ea5e3b67f79e50df6d5dbc92ed4f0a964ccbd
             pullPolicy: IfNotPresent
           env:
             - name: SEARXNG_BASE_URL
@@ -219,3 +219,9 @@ searxng:
               readOnly: false
 volsync-target-data:
   pvcTarget: searxng-browser-data
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/seerr/values.yaml

@@ -31,3 +31,9 @@ seerr-chart:
       memory: 128Mi
 volsync-target-config:
   pvcTarget: seerr-seerr-chart-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/sonarr-4k/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/sonarr-4k/values.yaml

@@ -168,3 +168,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/sonarr-anime/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/sonarr-anime/values.yaml

@@ -168,3 +168,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/sonarr/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-config

clusters/cl01tl/helm/sonarr/values.yaml

@@ -168,3 +168,9 @@ volsync-target-config:
     runAsGroup: 1000
     fsGroup: 1000
     fsGroupChangePolicy: OnRootMismatch
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/soulsync/values.yaml

@@ -150,5 +150,17 @@ soulsync:
               readOnly: true
 volsync-target-config:
   pvcTarget: soulsync-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-database:
   pvcTarget: soulsync-database
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/stalwart/Chart.yaml

@@ -23,7 +23,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     version: 0.5.0

clusters/cl01tl/helm/stalwart/values.yaml

@@ -118,9 +118,15 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3
 volsync-target-config:
   pvcTarget: stalwart-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/tautulli/values.yaml

@@ -169,3 +169,9 @@ tautulli:
               readOnly: false
 volsync-target-config:
   pvcTarget: tautulli-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/tdarr/values.yaml

@@ -179,5 +179,17 @@ tdarr-exporter:
       memory: 256Mi
 volsync-target-config:
   pvcTarget: tdarr-config
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false
 volsync-target-server:
   pvcTarget: tdarr-server
+  local:
+    enabled: false
+  remote:
+    enabled: false
+  external:
+    enabled: false

clusters/cl01tl/helm/trivy/Chart.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: trivy-operator
-  repository: https://aquasecurity.github.io/helm-charts/
-  version: 0.31.0
-digest: sha256:5a71d5ff43d5e36ea500c5dcade70cddc874621ad49ffe7c10ba202a14b9c87f
-generated: "2025-12-01T19:56:01.513264-06:00"

clusters/cl01tl/helm/trivy/Chart.yaml

@@ -1,23 +0,0 @@
-apiVersion: v2
-name: trivy
-version: 1.0.0
-description: Trivy
-keywords:
-  - trivy
-  - vulnerability
-  - monitoring
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/5cffa529-4c2e-4126-99eb-cc4aeb5a49b3
-sources:
-  - https://github.com/aquasecurity/trivy
-  - https://github.com/aquasecurity/trivy-operator
-  - https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: trivy-operator
-    version: 0.31.0
-    repository: https://aquasecurity.github.io/helm-charts/
-icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png
-# renovate: github=aquasecurity/trivy
-appVersion: 0.31.0

clusters/cl01tl/helm/trivy/templates/namespace.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: trivy
-  labels:
-    app.kubernetes.io/name: trivy
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    pod-security.kubernetes.io/audit: privileged
-    pod-security.kubernetes.io/enforce: privileged
-    pod-security.kubernetes.io/warn: privileged

clusters/cl01tl/helm/trivy/values.yaml

@@ -1,105 +0,0 @@
-trivy-operator:
-  targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
-  operator:
-    replicas: 1
-    vulnerabilityScannerEnabled: false
-    sbomGenerationEnabled: false
-    clusterSbomCacheEnabled: false
-    configAuditScannerEnabled: true
-    rbacAssessmentScannerEnabled: true
-    infraAssessmentScannerEnabled: false
-    clusterComplianceEnabled: false
-  serviceMonitor:
-    enabled: true
-  trivy:
-    createConfig: true
-    image:
-      registry: mirror.gcr.io
-      repository: aquasec/trivy
-      tag: 0.68.2
-    storageClassEnabled: true
-    storageClassName: ceph-block
-    storageSize: "5Gi"
-    registry:
-      mirror:
-        "registry-1.docker.io": proxy-registry-1.docker.io
-        "quay.io": proxy-quay.io
-        "registry.k8s.io": proxy-registry.k8s
-        "gcr.io": proxy-gcr.io
-        "ghcr.io": proxy-ghcr.io
-        "hub.docker": proxy-hub.docker
-    severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-    slow: true
-    resources:
-      requests:
-        cpu: 100m
-        memory: 128M
-    supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
-    server:
-      resources:
-        requests:
-          cpu: 200m
-          memory: 512Mi
-      replicas: 1
-  compliance:
-    reportType: summary
-    cron: 0 5 * * *
-    specs:
-      - k8s-cis-1.23
-      - k8s-nsa-1.0
-      - k8s-pss-baseline-0.1
-      - k8s-pss-restricted-0.1
-  volumeMounts:
-    - mountPath: /tmp
-      name: cache-policies
-      readOnly: false
-  volumes:
-    - name: cache-policies
-      emptyDir: {}
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-  nodeCollector:
-    tolerations:
-      - key: node-role.kubernetes.io/control-plane
-        operator: Exists
-        effect: NoSchedule
-    volumeMounts:
-      - name: var-lib-etcd
-        mountPath: /var/lib/etcd
-        readOnly: true
-      - name: var-lib-kubelet
-        mountPath: /var/lib/kubelet
-        readOnly: true
-      - name: var-lib-kube-scheduler
-        mountPath: /var/lib/kube-scheduler
-        readOnly: true
-      - name: var-lib-kube-controller-manager
-        mountPath: /var/lib/kube-controller-manager
-        readOnly: true
-      - name: etc-kubernetes
-        mountPath: /etc/kubernetes
-        readOnly: true
-      - name: etc-cni-netd
-        mountPath: /etc/cni/net.d/
-        readOnly: true
-    volumes:
-      - name: var-lib-etcd
-        hostPath:
-          path: /var/lib/etcd
-      - name: var-lib-kubelet
-        hostPath:
-          path: /var/lib/kubelet
-      - name: var-lib-kube-scheduler
-        hostPath:
-          path: /var/lib/kube-scheduler
-      - name: var-lib-kube-controller-manager
-        hostPath:
-          path: /var/lib/kube-controller-manager
-      - name: etc-kubernetes
-        hostPath:
-          path: /etc/kubernetes
-      - name: etc-cni-netd
-        hostPath:
-          path: /etc/cni/net.d/

clusters/cl01tl/helm/tubearchivist/values.yaml

@@ -148,7 +148,7 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
     resources:
       requests:
         cpu: 200m
@@ -159,5 +159,5 @@ redis-replication:
           requests:
             storage: 10Gi
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3

clusters/cl01tl/helm/vaultwarden/Chart.yaml

@@ -27,7 +27,7 @@ dependencies:
     version: 2.1.4
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: volsync-target
     alias: volsync-target-data

clusters/cl01tl/helm/yamtrack/Chart.yaml

@@ -22,7 +22,7 @@ dependencies:
     version: 4.5.0
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 7.4.3
+    version: 7.4.4
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: redis-replication
     version: 0.5.0

clusters/cl01tl/helm/yamtrack/values.yaml

@@ -136,7 +136,7 @@ redis-replication:
   existingSecret:
     enabled: false
   redisReplication:
-    clusterSize: 3
+    clusterSize: 1
   redisSentinel:
-    enabled: true
+    enabled: false
     clusterSize: 3

hosts/ps08rp/blocky/config.yml

@@ -111,7 +111,6 @@ customDNS:
     lidatube                        IN      CNAME   traefik-cl01tl
     listenarr                       IN      CNAME   traefik-cl01tl
     mail                            IN      CNAME   traefik-cl01tl
-    n8n                             IN      CNAME   traefik-cl01tl
     navidrome                       IN      CNAME   traefik-cl01tl
     ntfy                            IN      CNAME   traefik-cl01tl
     objects                         IN      CNAME   traefik-cl01tl

hosts/ps09rp/blocky/config.yml

@@ -111,7 +111,6 @@ customDNS:
     lidatube                        IN      CNAME   traefik-cl01tl
     listenarr                       IN      CNAME   traefik-cl01tl
     mail                            IN      CNAME   traefik-cl01tl
-    n8n                             IN      CNAME   traefik-cl01tl
     navidrome                       IN      CNAME   traefik-cl01tl
     ntfy                            IN      CNAME   traefik-cl01tl
     objects                         IN      CNAME   traefik-cl01tl

renovate.json

@@ -99,7 +99,6 @@
         "ghcr.io/linuxserver/prowlarr",
         "ghcr.io/linuxserver/radarr",
         "ghcr.io/linuxserver/sonarr",
-        "ghcr.io/n8n-io/n8n",
         "ghcr.io/prometheus-community/charts/kube-prometheus-stack",
         "vectorim/element-web"
       ],