feat: switch to github, add sha (#5096 )

Reviewed-on: #5096
tmp/harbor (#5088 )
2026-03-24 22:13:09 +00:00 · 2026-03-24 22:02:37 +00:00 · 2026-03-24 21:31:01 +00:00 · 2026-03-24 21:02:49 +00:00 · 2026-03-24 20:49:35 +00:00 · 2026-03-24 15:47:26 -05:00
14 changed files with 162 additions and 195 deletions
--- a/.gitea/workflows/lint-test-docker.yaml
+++ b/.gitea/workflows/lint-test-docker.yaml
@@ -28,7 +28,7 @@ jobs:
      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
-        uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
+        uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2
        with:
          branch: "${{ github.base_ref }}"

--- a/.gitea/workflows/lint-test-helm.yaml
+++ b/.gitea/workflows/lint-test-helm.yaml
@@ -35,7 +35,7 @@ jobs:
      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
-        uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
+        uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2
        with:
          branch: ${{ github.base_ref }}

--- a/clusters/cl01tl/helm/audiobookshelf/values.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/values.yaml
@@ -23,7 +23,7 @@ audiobookshelf:
        apprise-api:
          image:
            repository: ghcr.io/caronc/apprise
-            tag: v1.3.2@sha256:1aafc2118b6eae5d70d17831d9a8a52adee7104fd6f2bb018e6421664699c903
+            tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977
          env:
            - name: TZ
              value: America/Chicago
--- a/clusters/cl01tl/helm/harbor/values.yaml
+++ b/clusters/cl01tl/helm/harbor/values.yaml
@@ -40,21 +40,21 @@ harbor:
    enabled: true
  portal:
    image:
-      repository: goharbor/harbor-portal
-      tag: v2.15.0
+      repository: ghcr.io/goharbor/harbor-portal
+      tag: v2.15.0@sha256:541d5fa95bf77240d46a438f86245cdfd6afa6dd7fdd0cf4dd4c905af6a980b1
    replicas: 2
  core:
    image:
-      repository: goharbor/harbor-core
-      tag: v2.15.0
+      repository: ghcr.io/goharbor/harbor-core
+      tag: v2.15.0@sha256:32a13f6693a278261e9c9cb7eb606c5e2aa021308ae44fdc73225755048500a8
    replicas: 2
    existingSecret: harbor-secret
    secretName: harbor-secret
    existingXsrfSecret: harbor-secret
  jobservice:
    image:
-      repository: goharbor/harbor-jobservice
-      tag: v2.15.0
+      repository: ghcr.io/goharbor/harbor-jobservice
+      tag: v2.15.0@sha256:a22c7cccba4673b26ffb96f5c37971d85d879dd837bc82448e01c0170b68cf28
    replicas: 2
    jobLoggers:
      - stdout
@@ -63,11 +63,11 @@ harbor:
    registry:
      image:
        repository: goharbor/registry-photon
-        tag: v2.15.0
+        tag: v2.15.0@sha256:beb49fd16cf0906c04a2bf51a22f7210289e7cc2ae43a733e2a0364380aceae6
    controller:
      image:
-        repository: goharbor/harbor-registryctl
-        tag: v2.15.0
+        repository: ghcr.io/goharbor/harbor-registryctl
+        tag: v2.15.0@sha256:463172f71d3a1e8d4f9e3b4e687a447f41fbc3126316d8c150dba04a903bbc47
    existingSecret: harbor-secret
    relativeurls: true
    credentials:
@@ -93,8 +93,8 @@ harbor:
      addr: harbor-valkey.harbor:6379
  exporter:
    image:
-      repository: goharbor/harbor-exporter
-      tag: v2.15.0
+      repository: ghcr.io/goharbor/harbor-exporter
+      tag: v2.15.0@sha256:ad065e4e1a0ee900a0bb1a03d57028ed4b51dc04933f5c1cb5c4aee301a72ddb
    replicas: 2
 postgres-18-cluster:
  mode: recovery
--- a/clusters/cl01tl/helm/komodo/Chart.lock
+++ b/clusters/cl01tl/helm/komodo/Chart.lock
@@ -5,5 +5,8 @@ dependencies:
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 7.10.0
-digest: sha256:a6f33512d929c5a1b70bde6c3294902f5d707855aabbaa815f32e23aa54b266f
-generated: "2026-03-15T20:06:49.233053802Z"
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+digest: sha256:c1bbed66c94b64ba44ef1caadf74d46d9bce551e37b62b1cd0a3af9b81046251
+generated: "2026-03-24T14:00:56.813765-05:00"
--- a/clusters/cl01tl/helm/komodo/Chart.yaml
+++ b/clusters/cl01tl/helm/komodo/Chart.yaml
@@ -25,6 +25,10 @@ dependencies:
    alias: postgresql-17-fdb-cluster
    version: 7.10.0
    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: volsync-target
+    alias: volsync-target-keys
+    version: 0.8.0
+    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
 # renovate: datasource=github-releases depName=moghtech/komodo
-appVersion: v1.19.5
+appVersion: v2.0.0
--- a/clusters/cl01tl/helm/komodo/values.yaml
+++ b/clusters/cl01tl/helm/komodo/values.yaml
@@ -9,7 +9,7 @@ komodo:
        main:
          image:
            repository: ghcr.io/moghtech/komodo-core
-            tag: 1.19.5
+            tag: 2.0.0@sha256:3cc134272b39313ae1fb34ea8a3c8a0c2f629a3c2eeaf71258702159f154f9e9
            pullPolicy: IfNotPresent
          env:
            - name: COMPOSE_LOGGING_DRIVER
@@ -145,6 +145,17 @@ komodo:
                type: PathPrefix
                value: /
  persistence:
+    keys:
+      forceRename: komodo-keys
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /config/keys
+              readOnly: false
    cache:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
@@ -242,3 +253,14 @@ postgresql-17-fdb-cluster:
      #   immediate: true
      #   schedule: "0 0 0 * * *"
      #   backupName: external
+volsync-target-keys:
+  pvcTarget: komodo-keys
+  local:
+    enabled: true
+    schedule: 54 11 * * *
+  remote:
+    enabled: true
+    schedule: 54 12 * * *
+  external:
+    enabled: true
+    schedule: 54 13 * * *
--- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: kube-prometheus-stack
  repository: oci://ghcr.io/prometheus-community/charts
-  version: 82.13.6
+  version: 82.14.0
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.6.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.4.0
-digest: sha256:6c29e37c4a0b08244b3ab0c60b2e07a2574f382f18183d98017d2d0dbcab7f21
-generated: "2026-03-24T17:20:56.086048387Z"
+digest: sha256:767eea1e633cefea72a9428ca888bfb47e82febdfd647d7d5f199523eace0154
+generated: "2026-03-24T20:52:31.377221183Z"
--- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
@@ -20,7 +20,7 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: kube-prometheus-stack
-    version: 82.13.6
+    version: 82.14.0
    repository: oci://ghcr.io/prometheus-community/charts
  - name: app-template
    alias: ntfy-alertmanager
--- a/clusters/cl01tl/helm/searxng/values.yaml
+++ b/clusters/cl01tl/helm/searxng/values.yaml
@@ -9,7 +9,7 @@ searxng:
        main:
          image:
            repository: searxng/searxng
-            tag: latest@sha256:5cb5844fcb0f6e739cca03352a9d48e6e936323cb90f717cd07cee872b6d081a
+            tag: latest@sha256:c4850cf4ad1954a4d93e0ad5aa8ce2c5b6ba067c889355ce970d820ac6080722
            pullPolicy: IfNotPresent
          env:
            - name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
        main:
          image:
            repository: searxng/searxng
-            tag: latest@sha256:5cb5844fcb0f6e739cca03352a9d48e6e936323cb90f717cd07cee872b6d081a
+            tag: latest@sha256:c4850cf4ad1954a4d93e0ad5aa8ce2c5b6ba067c889355ce970d820ac6080722
            pullPolicy: IfNotPresent
          env:
            - name: SEARXNG_BASE_URL
--- a/clusters/cl01tl/helm/yubal/Chart.yaml
+++ b/clusters/cl01tl/helm/yubal/Chart.yaml
@@ -22,4 +22,4 @@ dependencies:
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
 # renovate: datasource=github-releases depName=guillevc/yubal
-appVersion: v4.0.0
+appVersion: v0.7.2
--- a/clusters/cl01tl/helm/yubal/values.yaml
+++ b/clusters/cl01tl/helm/yubal/values.yaml
@@ -14,7 +14,7 @@ yubal:
        main:
          image:
            repository: ghcr.io/guillevc/yubal
-            tag: 4.0.0
+            tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be
            pullPolicy: IfNotPresent
          env:
            - name: YUBAL_TZ
@@ -29,72 +29,6 @@ yubal:
            requests:
              cpu: 10m
              memory: 128Mi
-        # gluetun:
-        #   image:
-        #     repository: ghcr.io/qdm12/gluetun
-        #     tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045
-        #     pullPolicy: IfNotPresent
-        #   lifecycle:
-        #     postStart:
-        #       exec:
-        #         command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
-        #   env:
-        #     - name: VPN_SERVICE_PROVIDER
-        #       value: airvpn
-        #     - name: VPN_TYPE
-        #       value: wireguard
-        #     - name: WIREGUARD_PRIVATE_KEY
-        #       valueFrom:
-        #         secretKeyRef:
-        #           name: yubal-wireguard-conf
-        #           key: private-key
-        #     - name: WIREGUARD_PRESHARED_KEY
-        #       valueFrom:
-        #         secretKeyRef:
-        #           name: yubal-wireguard-conf
-        #           key: preshared-key
-        #     - name: WIREGUARD_ADDRESSES
-        #       valueFrom:
-        #         secretKeyRef:
-        #           name: yubal-wireguard-conf
-        #           key: addresses
-        #     - name: FIREWALL_OUTBOUND_SUBNETS
-        #       value: 10.0.0.0/8
-        #     - name: FIREWALL_INPUT_PORTS
-        #       value: 8000
-        #     - name: DNS_UPSTREAM_RESOLVER_TYPE
-        #       value: dot
-        #     - name: HTTPPROXY
-        #       value: "off"
-        #     - name: SHADOWSOCKS
-        #       value: "off"
-        #   securityContext:
-        #     privileged: True
-        #     capabilities:
-        #       add:
-        #         - NET_ADMIN
-        #         - SYS_MODULE
-        #   probes:
-        #     liveness:
-        #       enabled: true
-        #       custom: true
-        #       spec:
-        #         exec:
-        #           command:
-        #             - /gluetun-entrypoint
-        #             - healthcheck
-        #         failureThreshold: 5
-        #         initialDelaySeconds: 30
-        #         periodSeconds: 30
-        #         successThreshold: 1
-        #         timeoutSeconds: 15
-        #   resources:
-        #     limits:
-        #       devic.es/tun: "1"
-        #     requests:
-        #       devic.es/tun: "1"
-        #       cpu: 10m
-        #       memory: 128Mi
  service:
    main:
      controller: main
--- a/hosts/ps10rp/komodo-periphery/compose.yaml
+++ b/hosts/ps10rp/komodo-periphery/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-komodo-periphery:
-        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
        container_name: tailscale-komodo-periphery
        cap_add:
            - net_admin
@@ -20,18 +20,20 @@ services:
            - /dev/net/tun:/dev/net/tun

    komodo-periphery:
-        image: ghcr.io/moghtech/komodo-periphery:latest@sha256:bd79cf960ed054fe8e02384322303e462448679b1149dde48bbef151417255b1
+        image: ghcr.io/moghtech/komodo-periphery:2.0.0@sha256:cc9aff8b621d49bbcca394e1538d9d9ea28c48bcfd2d6c8a6f9d5d3eef7f8341
        container_name: komodo-periphery
+        init: true
        env_file:
-            - .env
+            - .komodo-env
        environment:
            - TZ=America/Chicago
        restart: always
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - /proc:/proc
-            - /mnt/data/komodo/repos:/etc/komodo/repos
-            - /mnt/data/komodo/stacks:/etc/komodo/stacks
+            - /mnt/data/komodo:/etc/komodo
+            - keys:/config/keys

 volumes:
    tailscale:
+    keys:
--- a/renovate.json
+++ b/renovate.json
@@ -70,22 +70,6 @@
      ],
      "enabled": false
    },
-    {
-      "description": "Automerge digests for actions",
-      "matchManagers": [
-        "github-actions"
-      ],
-      "matchUpdateTypes": [
-        "digest"
-      ],
-      "addLabels": [
-        "actions",
-        "automerge"
-      ],
-      "enabled": true,
-      "automerge": true,
-      "minimumReleaseAge": "1 days"
-    },
    {
      "description": "Label charts",
      "matchDatasources": [
@@ -96,36 +80,6 @@
      ],
      "automerge": false
    },
-    {
-      "description": "Automerge chart patches",
-      "matchUpdateTypes": [
-        "patch"
-      ],
-      "matchDatasources": [
-        "helm"
-      ],
-      "addLabels": [
-        "chart",
-        "automerge"
-      ],
-      "automerge": true,
-      "minimumReleaseAge": "1 days"
-    },
-    {
-      "description": "Automerge helm chart lock files",
-      "matchManagers": [
-        "helm"
-      ],
-      "lockFileMaintenance": {
-        "enabled": true
-      },
-      "addLabels": [
-        "chart",
-        "automerge"
-      ],
-      "automerge": true,
-      "automergeType": "branch"
-    },
    {
      "description": "Label images",
      "matchDatasources": [
@@ -136,58 +90,7 @@
      ],
      "automerge": false
    },
-    {
-      "description": "Automerge image patches",
-      "matchUpdateTypes": [
-        "patch",
-        "pinDigest"
-      ],
-      "matchDatasources": [
-        "docker"
-      ],
-      "addLabels": [
-        "image",
-        "automerge"
-      ],
-      "automerge": true,
-      "minimumReleaseAge": "1 days"
-    },
-    {
-      "description": "Automerge images, specific packages",
-      "matchUpdateTypes": [
-        "patch",
-        "minor"
-      ],
-      "matchDatasources": [
-        "docker"
-      ],
-      "matchPackageNames": [
-        "ghcr.io/renovatebot/renovate"
-      ],
-      "addLabels": [
-        "image",
-        "automerge"
-      ],
-      "automerge": true
-    },
-    {
-      "description": "Automerge digest updates, specific packages",
-      "matchUpdateTypes": [
-        "digest"
-      ],
-      "matchDatasources": [
-        "docker"
-      ],
-      "matchPackageNames": [
-        "searxng/searxng"
-      ],
-      "addLabels": [
-        "image",
-        "automerge"
-      ],
-      "enabled": true,
-      "automerge": true
-    },
+
    {
      "description": "Label appVersion and images, merged",
      "matchManagers": [
@@ -220,6 +123,105 @@
      "automerge": true,
      "minimumReleaseAge": "1 days"
    },
+    {
+      "description": "Automerge digests for actions",
+      "matchManagers": [
+        "github-actions"
+      ],
+      "matchUpdateTypes": [
+        "digest"
+      ],
+      "addLabels": [
+        "actions",
+        "automerge"
+      ],
+      "enabled": true,
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge helm chart lock files",
+      "matchManagers": [
+        "helm"
+      ],
+      "lockFileMaintenance": {
+        "enabled": true
+      },
+      "addLabels": [
+        "chart",
+        "automerge"
+      ],
+      "automerge": true,
+      "automergeType": "branch"
+    },
+    {
+      "description": "Automerge chart patches",
+      "matchUpdateTypes": [
+        "patch"
+      ],
+      "matchDatasources": [
+        "helm"
+      ],
+      "addLabels": [
+        "chart",
+        "automerge"
+      ],
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge digest updates, specific packages",
+      "matchUpdateTypes": [
+        "digest"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchPackageNames": [
+        "searxng/searxng"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "enabled": true,
+      "automerge": true
+    },
+    {
+      "description": "Automerge image patches",
+      "matchUpdateTypes": [
+        "patch",
+        "pinDigest"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
+    },
+    {
+      "description": "Automerge images, specific packages",
+      "matchUpdateTypes": [
+        "patch",
+        "minor"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchPackageNames": [
+        "ghcr.io/renovatebot/renovate",
+        "ghcr.io/prometheus-community/charts/kube-prometheus-stack"
+      ],
+      "addLabels": [
+        "image",
+        "automerge"
+      ],
+      "automerge": true
+    },
    {
      "description": "Group Dawarich dependencies",
      "groupName": "dawarich",
Author	SHA1	Message	Date
Alex Lebens	27fe9e1cc5	feat: switch to github, add sha (#5096 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 1m9s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m34s Details Reviewed-on: #5096	2026-03-24 22:13:09 +00:00
Alex Lebens	9adfa37bfd	tmp/harbor (#5088 ) Some checks failed lint-test-helm / lint-helm (push) Failing after 57s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 5m26s Details Reviewed-on: #5088	2026-03-24 22:02:37 +00:00
Renovate Bot	335f5a968e	chore(deps): update searxng/searxng:latest docker digest to c4850cf (#5085 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 43s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m16s Details	2026-03-24 21:31:01 +00:00
Renovate Bot	2b97133438	chore(deps): update kube-prometheus-stack docker tag to v82.14.0 (#5077 )	2026-03-24 21:02:49 +00:00
Renovate Bot	3d86ba5fa2	chore(deps): update searxng/searxng:latest docker digest to 226577f (#5082 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 2m40s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 6m15s Details	2026-03-24 20:49:35 +00:00
Alex Lebens	680f7f22fb	ci: change stack Some checks failed renovate / renovate (push) Has been cancelled Details	2026-03-24 15:47:26 -05:00
Alex Lebens	46e7e1ce72	ci: change order, update source All checks were successful renovate / renovate (push) Successful in 1m53s Details	2026-03-24 15:29:27 -05:00
Renovate Bot	c8fce0ff3c	chore(deps): update searxng/searxng:latest docker digest to 62eb301 (#5080 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 25s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m7s Details	2026-03-24 19:59:44 +00:00
Renovate Bot	c41b3070f6	chore(deps): update searxng/searxng:latest docker digest to 68b5b56 (#5076 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 19s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m18s Details	2026-03-24 19:58:28 +00:00
Alex Lebens	3a9183035b	feat: update compose All checks were successful lint-test-docker / lint-docker-compose (push) Successful in 16s Details renovate / renovate (push) Successful in 2m12s Details	2026-03-24 14:38:53 -05:00
Alex Lebens	f52b52cdb5	feat: change order of rules All checks were successful renovate / renovate (push) Successful in 2m29s Details	2026-03-24 14:12:15 -05:00
Alex Lebens	f3dcecdd51	feat: upgrade to v2 (#5075 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 16s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details lint-test-docker / lint-docker-compose (push) Successful in 25s Details renovate / renovate (push) Successful in 3m27s Details Reviewed-on: #5075	2026-03-24 19:04:24 +00:00
Renovate Bot	0572ffac85	chore(deps): update guillaumefalourd/branch-exists action to v1.2 (#5041 ) All checks were successful renovate / renovate (push) Successful in 1m51s Details This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [GuillaumeFalourd/branch-exists](https://github.com/GuillaumeFalourd/branch-exists) \| action \| minor \| `v1.1` → `v1.2` \| --- ### Release Notes <details> <summary>GuillaumeFalourd/branch-exists (GuillaumeFalourd/branch-exists)</summary> ### [`v1.2`](https://github.com/GuillaumeFalourd/branch-exists/releases/tag/v1.2) [Compare Source](https://github.com/GuillaumeFalourd/branch-exists/compare/v1.1...v1.2) Update actions/checkout to v6.0.2. </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44NC4yIiwidXBkYXRlZEluVmVyIjoiNDMuODQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Reviewed-on: #5041 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-24 18:19:22 +00:00
Renovate Bot	41cab82d54	chore(deps): update ghcr.io/caronc/apprise docker tag to v1.3.3 (#5054 ) Some checks failed lint-test-helm / lint-helm (push) Successful in 17s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [ghcr.io/caronc/apprise](https://github.com/caronc/apprise-api) \| patch \| `v1.3.2` → `v1.3.3` \| --- ### Release Notes <details> <summary>caronc/apprise-api (ghcr.io/caronc/apprise)</summary> ### [`v1.3.3`](https://github.com/caronc/apprise-api/releases/tag/v1.3.3): Apprise API Release v1.3.3 [Compare Source](https://github.com/caronc/apprise-api/compare/v1.3.3...v1.3.3) ##### What's Changed This release: - integrates itself with the new [Apprise URL Builder](https://appriseit.com/tools/url-builder/) - Add support for Apprise v1.9.9 ##### ❤️ Life Cycle - docs: Newly added undocumented parameter by [@ciro-mota](https://github.com/ciro-mota) in [#292](https://github.com/caronc/apprise-api/pull/292) - fix: fixes reverse proxy port issues by [@Bruceforce](https://github.com/Bruceforce) in [#298](https://github.com/caronc/apprise-api/pull/298) - Case sensitive field mapping in place in [#299](https://github.com/caronc/apprise-api/pull/299) - APPRISE\_BASE\_URL settings now dynamically build nginx.conf in [#300](https://github.com/caronc/apprise-api/pull/300) - Updated copyright notices to reflect 2026 in [#303](https://github.com/caronc/apprise-api/pull/303) ##### New Contributors - [@ciro-mota](https://github.com/ciro-mota) made their first contribution in [#292](https://github.com/caronc/apprise-api/pull/292) - [@Bruceforce](https://github.com/Bruceforce) made their first contribution in [#298](https://github.com/caronc/apprise-api/pull/298) Full Changelog: <https://github.com/caronc/apprise-api/compare/v1.3.1...v1.3.3> ### [`v1.3.3`](https://github.com/caronc/apprise-api/releases/tag/v1.3.3): Apprise API Release v1.3.3 [Compare Source](https://github.com/caronc/apprise-api/compare/v1.3.2...v1.3.3) ##### What's Changed This release: - integrates itself with the new [Apprise URL Builder](https://appriseit.com/tools/url-builder/) - Add support for Apprise v1.9.9 ##### ❤️ Life Cycle - docs: Newly added undocumented parameter by [@ciro-mota](https://github.com/ciro-mota) in [#292](https://github.com/caronc/apprise-api/pull/292) - fix: fixes reverse proxy port issues by [@Bruceforce](https://github.com/Bruceforce) in [#298](https://github.com/caronc/apprise-api/pull/298) - Case sensitive field mapping in place in [#299](https://github.com/caronc/apprise-api/pull/299) - APPRISE\_BASE\_URL settings now dynamically build nginx.conf in [#300](https://github.com/caronc/apprise-api/pull/300) - Updated copyright notices to reflect 2026 in [#303](https://github.com/caronc/apprise-api/pull/303) ##### New Contributors - [@ciro-mota](https://github.com/ciro-mota) made their first contribution in [#292](https://github.com/caronc/apprise-api/pull/292) - [@Bruceforce](https://github.com/Bruceforce) made their first contribution in [#298](https://github.com/caronc/apprise-api/pull/298) Full Changelog: <https://github.com/caronc/apprise-api/compare/v1.3.1...v1.3.3> </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuODkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=--> Reviewed-on: #5054 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-24 18:18:32 +00:00
Renovate Bot	f95137baba	chore(deps): update dependency element-hq/synapse to v1.150.0 (#5040 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 22s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m48s Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [element-hq/synapse](https://github.com/element-hq/synapse) \| minor \| `v1.149.1` → `v1.150.0` \| --- ### Release Notes <details> <summary>element-hq/synapse (element-hq/synapse)</summary> ### [`v1.150.0`](https://github.com/element-hq/synapse/releases/tag/v1.150.0) [Compare Source](https://github.com/element-hq/synapse/compare/v1.149.1...v1.150.0) ### Synapse 1.150.0 (2026-03-24) No significant changes since 1.150.0rc1. ### Synapse 1.150.0rc1 (2026-03-17) #### Features - Add experimental support for the [MSC4370](https://github.com/matrix-org/matrix-spec-proposals/pull/4370) Federation API `GET /extremities` endpoint. ([#19314](https://github.com/element-hq/synapse/issues/19314)) - [MSC4140: Cancellable delayed events](https://github.com/matrix-org/matrix-spec-proposals/pull/4140): When persisting a delayed event to the timeline, include its `delay_id` in the event's `unsigned` section in `/sync` responses to the event sender. ([#19479](https://github.com/element-hq/synapse/issues/19479)) - Expose [MSC4354 Sticky Events](https://github.com/matrix-org/matrix-spec-proposals/pull/4354) over the legacy (v3) /sync API. ([#19487](https://github.com/element-hq/synapse/issues/19487)) - When Matrix Authentication Service (MAS) integration is enabled, allow MAS to set the user locked status in Synapse. ([#19554](https://github.com/element-hq/synapse/issues/19554)) #### Bugfixes - Fix `Build and push complement image` CI job pointing to non-existent image. ([#19523](https://github.com/element-hq/synapse/issues/19523)) - Fix a bug introduced in v1.26.0 that caused deactivated, erased users to not be removed from the user directory. ([#19542](https://github.com/element-hq/synapse/issues/19542)) #### Improved Documentation - In the Admin API documentation, always express path parameters as `/<param>` instead of as `/$param`. ([#19307](https://github.com/element-hq/synapse/issues/19307)) - Update docs to clarify `outbound_federation_restricted_to` can also be used with the [Secure Border Gateway (SBG)](https://element.io/en/server-suite/secure-border-gateways). ([#19517](https://github.com/element-hq/synapse/issues/19517)) - Unify Complement developer docs. ([#19518](https://github.com/element-hq/synapse/issues/19518)) #### Internal Changes - Put membership updates in a background resumable task when changing the avatar or the display name. ([#19311](https://github.com/element-hq/synapse/issues/19311)) - Add in-repo Complement test to sanity check Synapse version matches git checkout (testing what we think we are). ([#19476](https://github.com/element-hq/synapse/issues/19476)) - Migrate `dev` dependencies to [PEP 735](https://peps.python.org/pep-0735/) dependency groups. ([#19490](https://github.com/element-hq/synapse/issues/19490)) - Remove the optional `systemd-python` dependency and the `systemd` extra on the `synapse` package. ([#19491](https://github.com/element-hq/synapse/issues/19491)) - Avoid re-computing the event ID when cloning events. ([#19527](https://github.com/element-hq/synapse/issues/19527)) - Allow caching of the `/versions` and `/auth_metadata` public endpoints. ([#19530](https://github.com/element-hq/synapse/issues/19530)) - Add a few labels to the number groupings in the `Processed request` logs. ([#19548](https://github.com/element-hq/synapse/issues/19548)) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44NC4yIiwidXBkYXRlZEluVmVyIjoiNDMuODQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5040 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-24 18:14:45 +00:00