chore(deps): update helm release cilium to v1.19.1

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [booklore-app/BookLore](https://github.com/booklore-app/BookLore) | minor | `v2.1.0` → `v2.2.0` |
| [ghcr.io/booklore-app/booklore](https://github.com/booklore-app/booklore) | minor | `v2.1.0` → `v2.2.0` |

---

### Release Notes

<details>
<summary>booklore-app/BookLore (booklore-app/BookLore)</summary>

### [`v2.2.0`](https://github.com/booklore-app/booklore/releases/tag/v2.2.0)

[Compare Source](https://github.com/booklore-app/BookLore/compare/v2.1.0...v2.2.0)

#### 🌟 What's New in v2.2.0

This release introduces (or brings back) two new library organization modes: **Book per File** and **Book per Folder**, giving you explicit control over how Booklore groups files into books during scanning.

When Booklore first started, the philosophy was simple: don't worry about how files are organized on disk, just scan everything and figure it out. This worked well when libraries only contained single-file formats like EPUB and PDF. But as support grew for multi-format books and multi-file audiobooks, that approach started to break down. The existing Auto-detect mode uses fuzzy filename matching and heuristics to guess how files should be grouped, and while it works in many cases, it has some real problems: files can get missed during scans, multi-file audiobooks sometimes show up as separate books (one per file), and the grouping behavior is unpredictable since it depends on how your files happen to be named.

Rather than continuing to patch Auto-detect, I'm introducing two new modes that are simple, predictable, and thoroughly-tested:

- **Book per File**: Every file becomes its own book. One file, one book, no guessing. This is now the default for new libraries.

- **Book per Folder**: Files in the same folder are grouped into a single book. Great for organized libraries with an `Author/Title/` structure, and it handles multi-format books and folder-based audiobooks naturally. If you have a folder with an EPUB, a MOBI, and an `audiobook/` subfolder, they all become one book.

**Auto-detect is not going away.** Existing libraries using it will continue to work as before. But it's now marked as legacy, and I strongly recommend switching to one of the new modes. They're simpler, more reliable, and will be the focus of ongoing development and support going forward.

You can set the organization mode when creating a new library, but cannot change it on an existing library. For a detailed breakdown of each mode with examples, check out the [documentation](https://booklore.org/docs/library/organization-modes).

#### 🚀 New Features

- Scanner organization modes and monitoring rework ([#&#8203;3279](https://github.com/booklore-app/BookLore/issues/3279)) by [@&#8203;acx10](https://github.com/acx10)

#### ✨ Enhancements

- Add configurable magnifier zoom and lens size for CBX reader ([#&#8203;3260](https://github.com/booklore-app/BookLore/issues/3260)) ([#&#8203;3268](https://github.com/booklore-app/BookLore/issues/3268)) by [@&#8203;acx10](https://github.com/acx10)

#### 🐛 Bug Fixes

- Make OIDC scopes configurable ([#&#8203;3261](https://github.com/booklore-app/BookLore/issues/3261)) ([#&#8203;3265](https://github.com/booklore-app/BookLore/issues/3265)) by [@&#8203;acx10](https://github.com/acx10)

#### 🛠️ Refactoring & Maintenance

- Lock organization mode dropdown for AUTO\_DETECT libraries ([#&#8203;3284](https://github.com/booklore-app/BookLore/issues/3284)) by [@&#8203;acx10](https://github.com/acx10)
- Lock organization mode for AUTO\_DETECT libraries ([#&#8203;3283](https://github.com/booklore-app/BookLore/issues/3283)) by [@&#8203;acx10](https://github.com/acx10)
- Translations update from Hosted Weblate ([#&#8203;3248](https://github.com/booklore-app/BookLore/issues/3248)) by [@&#8203;acx10](https://github.com/acx10)

#### 🐳 Docker Images

- **Docker Hub:** `booklore/booklore:v2.2.0`
- **GitHub Container Registry:** `ghcr.io/booklore-app/booklore:v2.2.0`

**Full Changelog**: <https://github.com/booklore-app/booklore/compare/v2.1.0...v2.2.0>

<img width="728" height="942" alt="Screenshot 2026-03-11 at 8 51 59 AM" src="https://github.com/user-attachments/assets/a8decbd8-e80f-4865-b6ee-bbb612fd20b7" />
<img width="728" height="942" alt="Screenshot 2026-03-11 at 8 51 20 AM" src="https://github.com/user-attachments/assets/51a11cb8-d4ec-47b8-ac09-61cc222a8ab4" />

</details>

<details>
<summary>booklore-app/booklore (ghcr.io/booklore-app/booklore)</summary>

### [`v2.2.0`](https://github.com/booklore-app/booklore/releases/tag/v2.2.0)

[Compare Source](https://github.com/booklore-app/booklore/compare/v2.1.0...v2.2.0)

#### 🌟 What's New in v2.2.0

This release introduces (or brings back) two new library organization modes: **Book per File** and **Book per Folder**, giving you explicit control over how Booklore groups files into books during scanning.

When Booklore first started, the philosophy was simple: don't worry about how files are organized on disk, just scan everything and figure it out. This worked well when libraries only contained single-file formats like EPUB and PDF. But as support grew for multi-format books and multi-file audiobooks, that approach started to break down. The existing Auto-detect mode uses fuzzy filename matching and heuristics to guess how files should be grouped, and while it works in many cases, it has some real problems: files can get missed during scans, multi-file audiobooks sometimes show up as separate books (one per file), and the grouping behavior is unpredictable since it depends on how your files happen to be named.

Rather than continuing to patch Auto-detect, I'm introducing two new modes that are simple, predictable, and thoroughly-tested:

- **Book per File**: Every file becomes its own book. One file, one book, no guessing. This is now the default for new libraries.

- **Book per Folder**: Files in the same folder are grouped into a single book. Great for organized libraries with an `Author/Title/` structure, and it handles multi-format books and folder-based audiobooks naturally. If you have a folder with an EPUB, a MOBI, and an `audiobook/` subfolder, they all become one book.

**Auto-detect is not going away.** Existing libraries using it will continue to work as before. But it's now marked as legacy, and I strongly recommend switching to one of the new modes. They're simpler, more reliable, and will be the focus of ongoing development and support going forward.

You can set the organization mode when creating a new library, but cannot change it on an existing library. For a detailed breakdown of each mode with examples, check out the [documentation](https://booklore.org/docs/library/organization-modes).

#### 🚀 New Features

- Scanner organization modes and monitoring rework ([#&#8203;3279](https://github.com/booklore-app/booklore/issues/3279)) by [@&#8203;acx10](https://github.com/acx10)

#### ✨ Enhancements

- Add configurable magnifier zoom and lens size for CBX reader ([#&#8203;3260](https://github.com/booklore-app/booklore/issues/3260)) ([#&#8203;3268](https://github.com/booklore-app/booklore/issues/3268)) by [@&#8203;acx10](https://github.com/acx10)

#### 🐛 Bug Fixes

- Make OIDC scopes configurable ([#&#8203;3261](https://github.com/booklore-app/booklore/issues/3261)) ([#&#8203;3265](https://github.com/booklore-app/booklore/issues/3265)) by [@&#8203;acx10](https://github.com/acx10)

#### 🛠️ Refactoring & Maintenance

- Lock organization mode dropdown for AUTO\_DETECT libraries ([#&#8203;3284](https://github.com/booklore-app/booklore/issues/3284)) by [@&#8203;acx10](https://github.com/acx10)
- Lock organization mode for AUTO\_DETECT libraries ([#&#8203;3283](https://github.com/booklore-app/booklore/issues/3283)) by [@&#8203;acx10](https://github.com/acx10)
- Translations update from Hosted Weblate ([#&#8203;3248](https://github.com/booklore-app/booklore/issues/3248)) by [@&#8203;acx10](https://github.com/acx10)

#### 🐳 Docker Images

- **Docker Hub:** `booklore/booklore:v2.2.0`
- **GitHub Container Registry:** `ghcr.io/booklore-app/booklore:v2.2.0`

**Full Changelog**: <https://github.com/booklore-app/booklore/compare/v2.1.0...v2.2.0>

<img width="728" height="942" alt="Screenshot 2026-03-11 at 8 51 59 AM" src="https://github.com/user-attachments/assets/a8decbd8-e80f-4865-b6ee-bbb612fd20b7" />
<img width="728" height="942" alt="Screenshot 2026-03-11 at 8 51 20 AM" src="https://github.com/user-attachments/assets/51a11cb8-d4ec-47b8-ac09-61cc222a8ab4" />

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4633
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

clusters/cl01tl/helm/actual/values.yaml

@@ -81,7 +81,8 @@ volsync-target-data:
     enabled: true
     schedule: 0 8 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 0 9 * * *
+  external:
+    enabled: true
+    schedule: 0 10 * * *

clusters/cl01tl/helm/argo-workflows/values.yaml

@@ -105,7 +105,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 0 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true

clusters/cl01tl/helm/audiobookshelf/values.yaml

@@ -127,17 +127,19 @@ volsync-target-config:
     enabled: true
     schedule: 2 8 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 2 9 * * *
+  external:
+    enabled: true
+    schedule: 2 10 * * *
 volsync-target-metadata:
   pvcTarget: audiobookshelf-metadata
   local:
     enabled: true
     schedule: 4 8 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 4 9 * * *
+  external:
+    enabled: true
+    schedule: 4 10 * * *

clusters/cl01tl/helm/authentik/values.yaml

@@ -68,7 +68,7 @@ postgres-18-cluster:
   recovery:
     method: objectStore
     objectStore:
-      index: 1
+      index: 2
   backup:
     objectStore:
       - name: garage-local
@@ -91,9 +91,9 @@ postgres-18-cluster:
       #   isWALArchiver: false
     scheduledBackups:
       - name: live-backup
-        suspend: true
+        suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 5 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true

clusters/cl01tl/helm/backrest/values.yaml

@@ -111,17 +111,19 @@ volsync-target-data:
     enabled: true
     schedule: 6 8 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 6 9 * * *
+  external:
+    enabled: true
+    schedule: 6 10 * * *
 volsync-target-config:
   pvcTarget: backrest-config
   local:
     enabled: true
     schedule: 8 8 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 8 9 * * *
+  external:
+    enabled: true
+    schedule: 8 10 * * *

clusters/cl01tl/helm/bazarr/values.yaml

@@ -87,7 +87,8 @@ volsync-target-config:
     enabled: true
     schedule: 10 8 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 10 9 * * *
+  external:
+    enabled: true
+    schedule: 10 10 * * *

clusters/cl01tl/helm/booklore/Chart.yaml

@@ -30,4 +30,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
 # renovate: datasource=github-releases depName=booklore-app/BookLore
-appVersion: v2.1.0
+appVersion: v2.2.0

clusters/cl01tl/helm/booklore/values.yaml

@@ -9,7 +9,7 @@ booklore:
         main:
           image:
             repository: ghcr.io/booklore-app/booklore
-            tag: v2.1.0
+            tag: v2.2.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ
@@ -225,10 +225,11 @@ volsync-target-config:
     enabled: true
     schedule: 12 8 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 12 9 * * *
+  external:
+    enabled: true
+    schedule: 12 10 * * *
 volsync-target-data:
   pvcTarget: booklore-data
   local:
@@ -238,11 +239,11 @@ volsync-target-data:
       cacheCapacity: 10Gi
   remote:
     enabled: true
-    schedule: 14 10 * * *
+    schedule: 14 9 * * *
     restic:
       cacheCapacity: 10Gi
   external:
     enabled: true
-    schedule: 14 9 * * *
+    schedule: 14 10 * * *
     restic:
       cacheCapacity: 10Gi

clusters/cl01tl/helm/cilium/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: cilium
   repository: https://helm.cilium.io/
-  version: 1.18.6
-digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
-generated: "2026-02-05T12:00:20.15778-06:00"
+  version: 1.19.1
+digest: sha256:bf5e8b3233c18bdb9409bb98c9a7ea4114e0e04e8489a49fdb2d29ded0cfa429
+generated: "2026-03-11T22:54:29.796812083Z"

clusters/cl01tl/helm/cilium/Chart.yaml

@@ -15,7 +15,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: cilium
-    version: 1.18.6
+    version: 1.19.1
     repository: https://helm.cilium.io/
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
 # renovate: datasource=github-releases depName=cilium/cilium

clusters/cl01tl/helm/code-server/values.yaml

@@ -79,7 +79,8 @@ volsync-target-config:
     enabled: true
     schedule: 16 8 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 16 9 * * *
+  external:
+    enabled: true
+    schedule: 16 10 * * *

clusters/cl01tl/helm/dawarich/values.yaml

@@ -330,7 +330,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 10 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true

clusters/cl01tl/helm/directus/Chart.yaml

@@ -31,4 +31,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
 # renovate: datasource=github-releases depName=directus/directus
-appVersion: 11.16.0
+appVersion: 11.16.1

clusters/cl01tl/helm/directus/templates/external-secret.yaml

@@ -94,6 +94,43 @@ spec:
         metadataPolicy: None
         property: metric-token
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: directus-bucket-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: directus-bucket-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/directus-assets
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/directus-assets
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/directus-assets
+        metadataPolicy: None
+        property: ACCESS_REGION
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret

clusters/cl01tl/helm/directus/templates/object-bucket-claim.yaml

@@ -1,11 +0,0 @@
-apiVersion: objectbucket.io/v1alpha1
-kind: ObjectBucketClaim
-metadata:
-  name: ceph-bucket-directus
-  labels:
-    app.kubernetes.io/name: ceph-bucket-directus
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  generateBucketName: bucket-directus
-  storageClassName: ceph-bucket

clusters/cl01tl/helm/directus/values.yaml

@@ -9,7 +9,7 @@ directus:
         main:
           image:
             repository: directus/directus
-            tag: 11.16.0
+            tag: 11.16.1
             pullPolicy: IfNotPresent
           env:
             - name: PUBLIC_URL
@@ -90,22 +90,22 @@ directus:
             - name: STORAGE_S3_KEY
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-directus
-                  key: AWS_ACCESS_KEY_ID
+                  name: directus-bucket-garage
+                  key: ACCESS_KEY_ID
             - name: STORAGE_S3_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-directus
-                  key: AWS_SECRET_ACCESS_KEY
-            - name: STORAGE_S3_BUCKET
-              valueFrom:
-                configMapKeyRef:
-                  name: ceph-bucket-directus
-                  key: BUCKET_NAME
+                  name: directus-bucket-garage
+                  key: ACCESS_SECRET_KEY
             - name: STORAGE_S3_REGION
-              value: us-east-1
+              valueFrom:
+                secretKeyRef:
+                  name: directus-bucket-garage
+                  key: ACCESS_REGION
+            - name: STORAGE_S3_BUCKET
+              value: directus-assets
             - name: STORAGE_S3_ENDPOINT
-              value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
+              value: http://garage-main.garage:3900
             - name: STORAGE_S3_FORCE_PATH_STYLE
               value: true
             - name: AUTH_PROVIDERS
@@ -219,7 +219,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 15 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true

clusters/cl01tl/helm/element-web/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: element-web
   repository: https://ananace.gitlab.io/charts
-  version: 1.4.31
+  version: 1.4.32
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 2.4.0
-digest: sha256:5066932d870c4803fca9bc4d7b686793e801d96b14026c299e467d8c107fb7eb
-generated: "2026-03-09T22:04:10.470135964Z"
+digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934
+generated: "2026-03-11T16:04:17.556777286Z"

clusters/cl01tl/helm/element-web/Chart.yaml

@@ -17,7 +17,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: element-web
-    version: 1.4.31
+    version: 1.4.32
     repository: https://ananace.gitlab.io/charts
   - name: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts

clusters/cl01tl/helm/freshrss/values.yaml

@@ -197,7 +197,7 @@ postgres-18-cluster:
   recovery:
     method: objectStore
     objectStore:
-      index: 1
+      index: 2
   backup:
     objectStore:
       - name: garage-local
@@ -222,7 +222,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 20 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -250,7 +250,8 @@ volsync-target-data:
     enabled: true
     schedule: 18 8 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 18 9 * * *
+  external:
+    enabled: true
+    schedule: 18 10 * * *

clusters/cl01tl/helm/garage/templates/service.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: garage-main
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: garage-main
+    app.kubernetes.io/service: garage-main
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  ports:
+    - name: admin
+      port: 3903
+      protocol: TCP
+      targetPort: 3903
+    - name: rpc
+      port: 3901
+      protocol: TCP
+      targetPort: 3901
+    - name: s3
+      port: 3900
+      protocol: TCP
+      targetPort: 3900
+    - name: web
+      port: 3902
+      protocol: TCP
+      targetPort: 3902
+  selector:
+    app.kubernetes.io/instance: garage
+    app.kubernetes.io/name: garage
+    garage-type: server

clusters/cl01tl/helm/garage/values.yaml

@@ -118,9 +118,9 @@ garage:
             pullPolicy: IfNotPresent
           env:
             - name: API_BASE_URL
-              value: http://garage-1.garage:3903
+              value: http://garage-main.garage:3903
             - name: S3_ENDPOINT_URL
-              value: http://garage-1.garage:3900
+              value: http://garage-main.garage:3900
             - name: API_ADMIN_KEY
               valueFrom:
                 secretKeyRef:
@@ -225,26 +225,6 @@ garage:
           api_bind_addr = "[::]:3903"
           metrics_require_token = true
   service:
-    garage-main:
-      forceRename: garage-main
-      controller: server-2
-      ports:
-        s3:
-          port: 3900
-          targetPort: 3900
-          protocol: HTTP
-        rpc:
-          port: 3901
-          targetPort: 3901
-          protocol: HTTP
-        web:
-          port: 3902
-          targetPort: 3902
-          protocol : HTTP
-        admin:
-          port: 3903
-          targetPort: 3903
-          protocol: HTTP
     server-1:
       forceRename: garage-1
       controller: server-1

clusters/cl01tl/helm/gatus/values.yaml

@@ -430,7 +430,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 25 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -446,9 +446,10 @@ volsync-target-data:
   pvcTarget: gatus
   local:
     enabled: true
-    schedule: 22 8 * * *
+    schedule: 20 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 20 9 * * *
   external:
     enabled: true
-    schedule: 22 9 * * *
+    schedule: 20 10 * * *

clusters/cl01tl/helm/gitea/values.yaml

@@ -222,7 +222,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 0 7 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -259,7 +259,7 @@ volsync-target-storage:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 0 0 0 * * *
+    schedule: 0 0 7 * * *
     restic:
       pruneIntervalDays: 3
       retain:

clusters/cl01tl/helm/grafana-operator/values.yaml

@@ -42,7 +42,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 30 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true

clusters/cl01tl/helm/harbor/values.yaml

@@ -101,7 +101,7 @@ postgres-18-cluster:
   recovery:
     method: objectStore
     objectStore:
-      index: 1
+      index: 2
   backup:
     objectStore:
       - name: garage-local
@@ -126,7 +126,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 35 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true

clusters/cl01tl/helm/home-assistant/values.yaml

@@ -134,9 +134,10 @@ volsync-target-config:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 24 8 * * *
+    schedule: 22 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 22 9 * * *
   external:
     enabled: true
-    schedule: 24 9 * * *
+    schedule: 22 10 * * *

clusters/cl01tl/helm/immich/values.yaml

@@ -209,7 +209,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 40 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -225,16 +225,16 @@ volsync-target-data:
   pvcTarget: immich
   local:
     enabled: true
-    schedule: 28 8 * * *
+    schedule: 24 8 * * *
     restic:
       cacheCapacity: 10Gi
   remote:
     enabled: true
-    schedule: 28 10 * * *
+    schedule: 24 9 * * *
     restic:
       cacheCapacity: 10Gi
   external:
     enabled: true
-    schedule: 28 9 * * *
+    schedule: 24 10 * * *
     restic:
       cacheCapacity: 10Gi

clusters/cl01tl/helm/jellyfin/values.yaml

@@ -143,14 +143,16 @@ volsync-target-config:
   pvcTarget: jellyfin-config
   local:
     enabled: true
-    schedule: 30 8 * * *
+    schedule: 26 8 * * *
     restic:
       cacheCapacity: 10Gi
   remote:
+    enabled: true
+    schedule: 26 9 * * *
     restic:
       cacheCapacity: 10Gi
   external:
     enabled: true
-    schedule: 30 9 * * *
+    schedule: 26 10 * * *
     restic:
       cacheCapacity: 10Gi

clusters/cl01tl/helm/jellystat/values.yaml

@@ -129,7 +129,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 45 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -145,9 +145,10 @@ volsync-target-data:
   pvcTarget: jellystat-data
   local:
     enabled: true
-    schedule: 32 8 * * *
+    schedule: 28 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 28 9 * * *
   external:
     enabled: true
-    schedule: 32 9 * * *
+    schedule: 28 10 * * *

clusters/cl01tl/helm/karakeep/templates/external-secret.yaml

@@ -57,6 +57,43 @@ spec:
         metadataPolicy: None
         property: secret
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: karakeep-bucket-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: karakeep-bucket-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/karakeep-assets
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/karakeep-assets
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/karakeep-assets
+        metadataPolicy: None
+        property: ACCESS_REGION
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret

clusters/cl01tl/helm/karakeep/templates/object-bucket-claim.yaml

@@ -1,11 +0,0 @@
-apiVersion: objectbucket.io/v1alpha1
-kind: ObjectBucketClaim
-metadata:
-  name: ceph-bucket-karakeep
-  labels:
-    app.kubernetes.io/name: ceph-bucket-karakeep
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  generateBucketName: bucket-karakeep
-  storageClassName: ceph-bucket

clusters/cl01tl/helm/karakeep/values.yaml

@@ -29,24 +29,24 @@ karakeep:
                   name: karakeep-key-secret
                   key: prometheus-token
             - name: ASSET_STORE_S3_ENDPOINT
-              value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
+              value: http://garage-main.garage:3900
             - name: ASSET_STORE_S3_REGION
-              value: us-east-1
-            - name: ASSET_STORE_S3_BUCKET
               valueFrom:
-                configMapKeyRef:
-                  name: ceph-bucket-karakeep
-                  key: BUCKET_NAME
+                secretKeyRef:
+                  name: karakeep-bucket-garage
+                  key: ACCESS_REGION
+            - name: ASSET_STORE_S3_BUCKET
+              value: karakeep-assets
             - name: ASSET_STORE_S3_ACCESS_KEY_ID
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-karakeep
-                  key: AWS_ACCESS_KEY_ID
+                  name: karakeep-bucket-garage
+                  key: ACCESS_KEY_ID
             - name: ASSET_STORE_S3_SECRET_ACCESS_KEY
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-karakeep
-                  key: AWS_SECRET_ACCESS_KEY
+                  name: karakeep-bucket-garage
+                  key: ACCESS_SECRET_KEY
             - name: ASSET_STORE_S3_FORCE_PATH_STYLE
               value: true
             - name: MEILI_ADDR
@@ -172,9 +172,10 @@ volsync-target-data:
   pvcTarget: karakeep
   local:
     enabled: true
-    schedule: 34 8 * * *
+    schedule: 30 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 30 9 * * *
   external:
     enabled: true
-    schedule: 34 9 * * *
+    schedule: 30 10 * * *

clusters/cl01tl/helm/komodo/values.yaml

@@ -205,7 +205,7 @@ postgresql-17-fdb-cluster:
   recovery:
     method: objectStore
     objectStore:
-      index: 1
+      index: 2
   backup:
     objectStore:
       - name: garage-local
@@ -230,7 +230,7 @@ postgresql-17-fdb-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 50 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true

clusters/cl01tl/helm/libation/values.yaml

@@ -75,9 +75,10 @@ volsync-target-config:
   pvcTarget: libation
   local:
     enabled: true
-    schedule: 36 8 * * *
+    schedule: 32 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 32 9 * * *
   external:
     enabled: true
-    schedule: 36 9 * * *
+    schedule: 32 10 * * *

clusters/cl01tl/helm/lidarr/values.yaml

@@ -167,7 +167,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 55 14 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -188,9 +188,10 @@ volsync-target-config:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 38 8 * * *
+    schedule: 34 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 34 9 * * *
   external:
     enabled: true
-    schedule: 38 9 * * *
+    schedule: 34 10 * * *

clusters/cl01tl/helm/matrix-synapse/values.yaml

@@ -434,7 +434,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 0 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -470,22 +470,24 @@ volsync-target-synapse:
   pvcTarget: matrix-synapse
   local:
     enabled: true
-    schedule: 44 8 * * *
+    schedule: 36 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 36 9 * * *
   external:
     enabled: true
-    schedule: 44 9 * * *
+    schedule: 36 10 * * *
 volsync-target-hookshot:
   pvcTarget: matrix-hookshot
   local:
     enabled: true
-    schedule: 46 8 * * *
+    schedule: 38 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 38 9 * * *
   external:
     enabled: true
-    schedule: 46 9 * * *
+    schedule: 38 10 * * *
 volsync-target-discord:
   pvcTarget: mautrix-discord
   moverSecurityContext:
@@ -493,12 +495,13 @@ volsync-target-discord:
     runAsGroup: 1337
   local:
     enabled: true
-    schedule: 48 8 * * *
+    schedule: 40 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 40 9 * * *
   external:
     enabled: true
-    schedule: 48 9 * * *
+    schedule: 40 10 * * *
 volsync-target-whatsapp:
   pvcTarget: mautrix-whatsapp
   moverSecurityContext:
@@ -506,9 +509,10 @@ volsync-target-whatsapp:
     runAsGroup: 1337
   local:
     enabled: true
-    schedule: 50 8 * * *
+    schedule: 42 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 42 9 * * *
   external:
     enabled: true
-    schedule: 50 9 * * *
+    schedule: 42 10 * * *

clusters/cl01tl/helm/movie-roulette/values.yaml

@@ -119,9 +119,10 @@ volsync-target-data:
   pvcTarget: movie-roulette-data
   local:
     enabled: true
-    schedule: 44 11 * * *
+    schedule: 44 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 44 9 * * *
   external:
     enabled: true
-    schedule: 44 12 * * *
+    schedule: 44 10 * * *

clusters/cl01tl/helm/navidrome/values.yaml

@@ -178,9 +178,10 @@ volsync-target-data:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 52 8 * * *
+    schedule: 46 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 46 9 * * *
   external:
     enabled: true
-    schedule: 52 9 * * *
+    schedule: 46 10 * * *

clusters/cl01tl/helm/ollama/values.yaml

@@ -289,7 +289,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 5 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -308,9 +308,10 @@ volsync-target-data:
     runAsGroup: 1337
   local:
     enabled: true
-    schedule: 54 8 * * *
+    schedule: 48 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 48 9 * * *
   external:
     enabled: true
-    schedule: 54 9 * * *
+    schedule: 48 10 * * *

clusters/cl01tl/helm/outline/Chart.lock

@@ -11,5 +11,8 @@ dependencies:
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.4.0
-digest: sha256:315941cca92632a42d42fe2d98f01d3e8a18dbde1c729e466f76a446a7d93440
-generated: "2026-03-09T23:08:20.752831748Z"
+- name: volsync-target
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.8.0
+digest: sha256:e1f1a6ebdee3146e028c4df1762a4c60c1e62733a91e54d615190f8138be117d
+generated: "2026-03-11T16:37:32.297394-05:00"

clusters/cl01tl/helm/outline/Chart.yaml

@@ -33,6 +33,10 @@ dependencies:
     alias: valkey
     version: 0.4.0
     repository: oci://harbor.alexlebens.net/helm-charts
+  - name: volsync-target
+    alias: volsync-target-data
+    version: 0.8.0
+    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
 # renovate: datasource=github-releases depName=outline/outline
 appVersion: 1.5.0

clusters/cl01tl/helm/outline/templates/object-bucket-claim.yaml

@@ -1,30 +0,0 @@
-apiVersion: objectbucket.io/v1alpha1
-kind: ObjectBucketClaim
-metadata:
-  name: ceph-bucket-outline
-  labels:
-    app.kubernetes.io/name: ceph-bucket-outline
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  generateBucketName: bucket-outline
-  storageClassName: ceph-bucket
-  # additionalConfig:
-  #   bucketPolicy: |
-  #       {
-  #           "Version": "2012-10-17",
-  #           "Statement": [
-  #               {
-  #                   "Sid": "VisualEditor",
-  #                   "Effect": "Allow",
-  #                   "Action": [
-  #                       "s3:GetObjectAcl",
-  #                       "s3:DeleteObject",
-  #                       "s3:PutObject",
-  #                       "s3:GetObject",
-  #                       "s3:PutObjectAcl"
-  #                   ],
-  #                   "Resource": "arn:aws:s3:::bucket-outline-630c57e0-d475-4d78-926c-c1c082291d73/*"
-  #               }
-  #           ]
-  #       }

clusters/cl01tl/helm/outline/values.yaml

@@ -5,6 +5,9 @@ outline:
       replicas: 1
       strategy: Recreate
       revisionHistoryLimit: 3
+      pod:
+        securityContext:
+          fsGroup: 1001
       containers:
         main:
           image:
@@ -66,30 +69,7 @@ outline:
             - name: REDIS_URL
               value: redis://outline-valkey.outline:6379
             - name: FILE_STORAGE
-              value: s3
-            - name: AWS_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: ceph-bucket-outline
-                  key: AWS_ACCESS_KEY_ID
-            - name: AWS_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: ceph-bucket-outline
-                  key: AWS_SECRET_ACCESS_KEY
-            - name: AWS_REGION
-              value: us-east-1
-            - name: AWS_S3_UPLOAD_BUCKET_NAME
-              valueFrom:
-                configMapKeyRef:
-                  name: ceph-bucket-outline
-                  key: BUCKET_NAME
-            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: https://objects.alexlebens.dev
-            - name: AWS_S3_FORCE_PATH_STYLE
-              value: true
-            - name: AWS_S3_ACL
-              value: private
+              value: local
             - name: FILE_STORAGE_UPLOAD_MAX_SIZE
               value: "26214400"
             - name: FORCE_HTTPS
@@ -142,6 +122,18 @@ outline:
           port: 3000
           targetPort: 3000
           protocol: HTTP
+  persistence:
+    data:
+      forceRename: outline-data
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 5Gi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /var/lib/outline/data
+              readOnly: false
 postgres-18-cluster:
   mode: recovery
   recovery:
@@ -172,7 +164,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 10 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -184,3 +176,16 @@ postgres-18-cluster:
       #   immediate: true
       #   schedule: "0 0 0 * * *"
       #   backupName: external
+volsync-target-data:
+  pvcTarget: outline-data
+  moverSecurityContext:
+    fsGroup: 1001
+  local:
+    enabled: true
+    schedule: 50 8 * * *
+  remote:
+    enabled: true
+    schedule: 50 9 * * *
+  external:
+    enabled: true
+    schedule: 50 10 * * *

clusters/cl01tl/helm/photoview/values.yaml

@@ -123,7 +123,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 15 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true

clusters/cl01tl/helm/postiz/values.yaml

@@ -155,7 +155,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 20 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -181,19 +181,21 @@ volsync-target-config:
   pvcTarget: postiz-config
   local:
     enabled: true
-    schedule: 56 8 * * *
+    schedule: 52 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 52 9 * * *
   external:
     enabled: true
-    schedule: 56 9 * * *
+    schedule: 52 10 * * *
 volsync-target-upload:
   pvcTarget: postiz-uploads
   local:
     enabled: true
-    schedule: 58 8 * * *
+    schedule: 54 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 54 9 * * *
   external:
     enabled: true
-    schedule: 58 9 * * *
+    schedule: 54 10 * * *

clusters/cl01tl/helm/prowlarr/values.yaml

@@ -20,7 +20,7 @@ prowlarr:
         main:
           image:
             repository: ghcr.io/linuxserver/prowlarr
-            tag: 2.3.0@sha256:a8fe7b9c502f979146b6d0f22438b825c38e068241bb8a708c473062dffdbb03
+            tag: 2.3.0@sha256:9ef5d8bf832edcacb6082f9262cb36087854e78eb7b1c3e1d4375056055b2d82
             pullPolicy: IfNotPresent
           env:
             - name: TZ
@@ -84,9 +84,10 @@ volsync-target-config:
       - 65539
   local:
     enabled: true
-    schedule: 0 11 * * *
+    schedule: 56 8 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 56 9 * * *
   external:
     enabled: true
-    schedule: 0 12 * * *
+    schedule: 56 10 * * *

clusters/cl01tl/helm/qbittorrent/values.yaml

@@ -452,19 +452,21 @@ volsync-target-config:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 2 11 * * *
+    schedule: 58 8 * * *
     restic:
       copyMethod: Snapshot
       storageClassName: ceph-filesystem
       volumeSnapshotClassName: ceph-filesystem-snapshot
   remote:
+    enabled: true
+    schedule: 58 9 * * *
     restic:
       copyMethod: Snapshot
       storageClassName: ceph-filesystem
       volumeSnapshotClassName: ceph-filesystem-snapshot
   external:
     enabled: true
-    schedule: 2 12 * * *
+    schedule: 58 10 * * *
     restic:
       copyMethod: Snapshot
       storageClassName: ceph-filesystem
@@ -473,19 +475,21 @@ volsync-target-qbit-manage-config:
   pvcTarget: qbittorrent-qbit-manage-config-data
   local:
     enabled: true
-    schedule: 4 11 * * *
+    schedule: 0 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 0 12 * * *
   external:
     enabled: true
-    schedule: 4 12 * * *
+    schedule: 0 13 * * *
 volsync-target-qui-config:
   pvcTarget: qbittorrent-qui-config-data
   local:
     enabled: true
-    schedule: 6 11 * * *
+    schedule: 2 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 2 12 * * *
   external:
     enabled: true
-    schedule: 6 12 * * *
+    schedule: 2 13 * * *

clusters/cl01tl/helm/radarr-4k/values.yaml

@@ -167,7 +167,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 30 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -188,9 +188,10 @@ volsync-target-config:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 10 11 * * *
+    schedule: 6 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 6 12 * * *
   external:
     enabled: true
-    schedule: 10 12 * * *
+    schedule: 6 13 * * *

clusters/cl01tl/helm/radarr-anime/values.yaml

@@ -165,7 +165,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 30 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -186,9 +186,10 @@ volsync-target-config:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 12 11 * * *
+    schedule: 8 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 8 12 * * *
   external:
     enabled: true
-    schedule: 12 12 * * *
+    schedule: 8 13 * * *

clusters/cl01tl/helm/radarr-standup/values.yaml

@@ -165,7 +165,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 35 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -186,9 +186,10 @@ volsync-target-config:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 14 11 * * *
+    schedule: 10 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 10 12 * * *
   external:
     enabled: true
-    schedule: 14 12 * * *
+    schedule: 10 13 * * *

clusters/cl01tl/helm/radarr/values.yaml

@@ -167,7 +167,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 25 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -188,9 +188,10 @@ volsync-target-config:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 8 11 * * *
+    schedule: 4 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 4 12 * * *
   external:
     enabled: true
-    schedule: 8 12 * * *
+    schedule: 4 13 * * *

clusters/cl01tl/helm/rook-ceph/Chart.yaml

@@ -21,10 +21,6 @@ dependencies:
   - name: rook-ceph-cluster
     version: v1.19.2
     repository: https://charts.rook.io/release
-  - name: cloudflared
-    alias: cloudflared-rgw
-    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 2.4.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
 # renovate: datasource=github-releases depName=rook/rook
 appVersion: v1.19.2

clusters/cl01tl/helm/rook-ceph/values.yaml

@@ -177,51 +177,4 @@ rook-ceph-cluster:
     name: ceph-blockpool-snapshot
     isDefault: true
     deletionPolicy: Delete
-  cephObjectStores:
-    - name: ceph-objectstore
-      spec:
-        metadataPool:
-          failureDomain: host
-          replicated:
-            size: 3
-        dataPool:
-          failureDomain: host
-          erasureCoded:
-            dataChunks: 2
-            codingChunks: 1
-          parameters:
-            bulk: "true"
-        preservePoolsOnDelete: true
-        gateway:
-          port: 80
-          resources:
-            requests:
-              cpu: "1000m"
-              memory: "1Gi"
-          instances: 1
-          priorityClassName: system-cluster-critical
-        hosting:
-          dnsNames:
-            - objects.alexlebens.dev
-            - objects.alexlebens.net
-      storageClass:
-        enabled: true
-        name: ceph-bucket
-        reclaimPolicy: Delete
-        volumeBindingMode: "Immediate"
-        parameters:
-          region: us-east-1
-      route:
-        enabled: true
-        port: 80
-        host:
-          name: objects.alexlebens.net
-          path: /
-          pathType: PathPrefix
-        parentRefs:
-          - group: gateway.networking.k8s.io
-            kind: Gateway
-            name: traefik-gateway
-            namespace: traefik
-cloudflared-rgw:
-  name: rgw
+  cephObjectStores: []

clusters/cl01tl/helm/roundcube/values.yaml

@@ -256,7 +256,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 40 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -272,9 +272,10 @@ volsync-target-data:
   pvcTarget: roundcube-data
   local:
     enabled: true
-    schedule: 16 11 * * *
+    schedule: 12 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 12 12 * * *
   external:
     enabled: true
-    schedule: 16 12 * * *
+    schedule: 12 13 * * *

clusters/cl01tl/helm/rybbit/values.yaml

@@ -288,7 +288,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 45 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -309,9 +309,10 @@ volsync-target-clickhouse-data:
     fsGroupChangePolicy: OnRootMismatch
   local:
     enabled: true
-    schedule: 40 11 * * *
+    schedule: 14 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 14 12 * * *
   external:
     enabled: true
-    schedule: 40 12 * * *
+    schedule: 14 13 * * *

clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml

@@ -34,43 +34,6 @@ spec:
         metadataPolicy: None
         property: AWS_REGION
 
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: s3-ceph-directus-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: s3-ceph-directus-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/ceph
-        metadataPolicy: None
-        property: AWS_ACCESS_KEY_ID
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/ceph
-        metadataPolicy: None
-        property: AWS_SECRET_ACCESS_KEY
-    - secretKey: BUCKET_HOST
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/ceph
-        metadataPolicy: None
-        property: BUCKET_HOST
-
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret

clusters/cl01tl/helm/s3-exporter/values.yaml

@@ -39,45 +39,6 @@ s3-exporter:
             requests:
               cpu: 10m
               memory: 64Mi
-    ceph-directus:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: molu8bits/s3bucket_exporter
-            tag: 1.0.2
-            pullPolicy: IfNotPresent
-          env:
-            - name: S3_NAME
-              value: ceph-directus
-            - name: S3_ENDPOINT
-              valueFrom:
-                secretKeyRef:
-                  name: s3-ceph-directus-secret
-                  key: BUCKET_HOST
-            - name: S3_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: s3-ceph-directus-secret
-                  key: AWS_ACCESS_KEY_ID
-            - name: S3_SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: s3-ceph-directus-secret
-                  key: AWS_SECRET_ACCESS_KEY
-            - name: S3_REGION
-              value: us-east-1
-            - name: LOG_LEVEL
-              value: info
-            - name: S3_FORCE_PATH_STYLE
-              value: true
-          resources:
-            requests:
-              cpu: 10m
-              memory: 64Mi
     garage-local:
       type: deployment
       replicas: 1
@@ -158,13 +119,6 @@ s3-exporter:
           port: 9655
           targetPort: 9655
           protocol: TCP
-    ceph-directus:
-      controller: ceph-directus
-      ports:
-        metrics:
-          port: 9655
-          targetPort: 9655
-          protocol: TCP
     garage-local:
       controller: garage-local
       ports:
@@ -192,18 +146,6 @@ s3-exporter:
           interval: 5m
           scrapeTimeout: 120s
           path: /metrics
-    ceph-directus:
-      selector:
-        matchLabels:
-          app.kubernetes.io/name: s3-exporter
-          app.kubernetes.io/instance: s3-exporter
-          app.kubernetes.io/service: s3-exporter-ceph-directus
-      serviceName: s3-exporter-ceph-directus
-      endpoints:
-        - port: metrics
-          interval: 5m
-          scrapeTimeout: 120s
-          path: /metrics
     garage-local:
       selector:
         matchLabels:

clusters/cl01tl/helm/searxng/values.yaml

@@ -171,9 +171,10 @@ volsync-target-data:
   pvcTarget: searxng-browser-data
   local:
     enabled: true
-    schedule: 18 11 * * *
+    schedule: 16 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 16 12 * * *
   external:
     enabled: true
-    schedule: 18 12 * * *
+    schedule: 16 12 * * *

clusters/cl01tl/helm/seerr/values.yaml

@@ -48,9 +48,10 @@ volsync-target-config:
   pvcTarget: seerr-seerr-chart-config
   local:
     enabled: true
-    schedule: 20 11 * * *
+    schedule: 18 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 18 12 * * *
   external:
     enabled: true
-    schedule: 20 12 * * *
+    schedule: 18 13 * * *

clusters/cl01tl/helm/shelfmark/values.yaml

@@ -170,9 +170,10 @@ volsync-target-config:
     runAsGroup: 1000
   local:
     enabled: true
-    schedule: 38 11 * * *
+    schedule: 20 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 20 12 * * *
   external:
     enabled: true
-    schedule: 38 12 * * *
+    schedule: 20 13 * * *

clusters/cl01tl/helm/site-profile/values.yaml

@@ -11,7 +11,7 @@ site-profile:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-profile
-            tag: 2.25.0
+            tag: 3.1.0
             pullPolicy: IfNotPresent
           resources:
             requests:

clusters/cl01tl/helm/sonarr-4k/values.yaml

@@ -165,7 +165,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 55 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -188,7 +188,8 @@ volsync-target-config:
     enabled: true
     schedule: 24 11 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 24 12 * * *
+  external:
+    enabled: true
+    schedule: 24 13 * * *

clusters/cl01tl/helm/sonarr-anime/values.yaml

@@ -165,7 +165,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 0 16 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -188,7 +188,8 @@ volsync-target-config:
     enabled: true
     schedule: 26 11 * * *
   remote:
-    enabled: false
-  external:
     enabled: true
     schedule: 26 12 * * *
+  external:
+    enabled: true
+    schedule: 26 13 * * *

clusters/cl01tl/helm/sonarr/values.yaml

@@ -165,7 +165,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 50 15 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -188,7 +188,8 @@ volsync-target-config:
     enabled: true
     schedule: 22 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 22 12 * *
   external:
     enabled: true
-    schedule: 22 12 * * *
+    schedule: 22 13 * * *

clusters/cl01tl/helm/stalwart/values.yaml

@@ -102,7 +102,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 5 16 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true
@@ -118,9 +118,10 @@ volsync-target-config:
   pvcTarget: stalwart-config
   local:
     enabled: true
-    schedule: 32 11 * * *
+    schedule: 28 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 28 12 * * *
   external:
     enabled: true
-    schedule: 32 12 * * *
+    schedule: 28 13 * * *

clusters/cl01tl/helm/tdarr/values.yaml

@@ -181,19 +181,21 @@ volsync-target-config:
   pvcTarget: tdarr-config
   local:
     enabled: true
-    schedule: 36 11 * * *
+    schedule: 30 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 30 12 * * *
   external:
     enabled: true
-    schedule: 36 12 * * *
+    schedule: 30 13 * * *
 volsync-target-server:
   pvcTarget: tdarr-server
   local:
     enabled: true
-    schedule: 38 11 * * *
+    schedule: 32 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 32 12 * * *
   external:
     enabled: true
-    schedule: 38 12 * * *
+    schedule: 32 13 * * *

clusters/cl01tl/helm/vaultwarden/values.yaml

@@ -113,6 +113,7 @@ volsync-target-data:
     enabled: true
     schedule: 0 0 0 * * *
   remote:
+    enabled: true
     schedule: 0 0 0 * * *
   external:
     enabled: true

clusters/cl01tl/helm/yamtrack/values.yaml

@@ -120,7 +120,7 @@ postgres-18-cluster:
       - name: live-backup
         suspend: false
         immediate: true
-        schedule: "0 0 0 * * *"
+        schedule: "0 10 16 * * *"
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: true

clusters/cl01tl/helm/yubal/values.yaml

@@ -147,9 +147,10 @@ volsync-target-config:
   pvcTarget: yubal
   local:
     enabled: true
-    schedule: 42 11 * * *
+    schedule: 34 11 * * *
   remote:
-    enabled: false
+    enabled: true
+    schedule: 34 12 * * *
   external:
     enabled: true
-    schedule: 42 12 * * *
+    schedule: 34 14 * * *