Merge pull request 'feat: change to init sidecar' (#7079) from tmp/gluetun-3 into main

Reviewed-on: #7079

.gitea/workflows/renovate.yaml

@@ -13,7 +13,7 @@ on:
 jobs:
   renovate:
     runs-on: ubuntu-js
-    container: ghcr.io/renovatebot/renovate:43.181.1@sha256:1fe2e881665aa6f33670d0f78e70113e3b5e924e573da9c003827acb0990159c
+    container: ghcr.io/renovatebot/renovate:43.182.1@sha256:64690503f0e4935e6e667b323bdcdc1996a2ad59b9bfa44d7ce6319758bc6ff8
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

clusters/cl01tl/helm/dawarich/Chart.yaml

@@ -42,4 +42,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
 # renovate: datasource=github-releases depName=Freika/dawarich
-appVersion: 1.7.7
+appVersion: 1.7.8

clusters/cl01tl/helm/dawarich/values.yaml

@@ -8,7 +8,7 @@ dawarich:
         main:
           image:
             repository: freikin/dawarich
-            tag: 1.7.7@sha256:f7eea22def731ef98f0644b191c477917790bb0e5449b0014bac2f349ce178a7
+            tag: 1.7.8@sha256:dea326d03e728cd3b8d051b72d293cf375d0db6c00e22c55f338daedfdfdb3a4
           command:
             - "web-entrypoint.sh"
           args:
@@ -136,7 +136,7 @@ dawarich:
         sidekiq:
           image:
             repository: freikin/dawarich
-            tag: 1.7.7@sha256:f7eea22def731ef98f0644b191c477917790bb0e5449b0014bac2f349ce178a7
+            tag: 1.7.8@sha256:dea326d03e728cd3b8d051b72d293cf375d0db6c00e22c55f338daedfdfdb3a4
           command:
             - "sidekiq-entrypoint.sh"
           args:

clusters/cl01tl/helm/generic-device-plugin/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: generic-device-plugin
   repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-  version: 0.21.4
+  version: 0.21.5
-digest: sha256:9154e9dfff7a48de8e03e9b79fc5f1d95b94535674b11bd7d559ba1c4abab570
+digest: sha256:251f49de55063d4b8cd0b035cc18f6ad10798975c7817c15d00c4adee003cbd9
-generated: "2026-05-15T17:04:02.681904109Z"
+generated: "2026-05-17T01:21:31.249733118Z"

clusters/cl01tl/helm/generic-device-plugin/Chart.yaml

@@ -14,6 +14,6 @@ maintainers:
 dependencies:
   - name: generic-device-plugin
     repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-    version: 0.21.4
+    version: 0.21.5
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 1.0.0

clusters/cl01tl/helm/gitea/Chart.lock

@@ -1,7 +1,7 @@
 dependencies:
 - name: gitea
   repository: https://dl.gitea.com/charts/
-  version: 12.5.3
+  version: 12.6.0
 - name: actions
   repository: https://dl.gitea.com/charts/
   version: 0.1.0
@@ -23,5 +23,5 @@ dependencies:
 - name: volsync-target
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 2.0.0
-digest: sha256:d4f3ba631c0a2e0b6b57bda23544f32a25dee0e0b4b8a7be2dc7f648704b6d92
+digest: sha256:0ed2df9ddb849bf5b0734e346e8a0e2f96c50fdf3409266ec075db051de4881d
-generated: "2026-05-14T14:05:30.803843042Z"
+generated: "2026-05-17T18:11:08.598465161Z"

clusters/cl01tl/helm/gitea/Chart.yaml

@@ -26,7 +26,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: gitea
-    version: 12.5.3
+    version: 12.6.0
     repository: https://dl.gitea.com/charts/
   - name: actions
     alias: gitea-actions
@@ -56,4 +56,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
 # renovate: datasource=github-releases depName=go-gitea/gitea
-appVersion: 1.26.0
+appVersion: 1.26.1

clusters/cl01tl/helm/gitea/values.yaml

@@ -9,7 +9,7 @@ gitea:
       maxUnavailable: 1
   image:
     repository: gitea/gitea
-    tag: 1.25.5
+    tag: 1.26.1
   service:
     http:
       type: ClusterIP
@@ -212,7 +212,7 @@ gitea-actions:
       registry: docker.io
       repository: docker
       # renovate: datasource=docker depName=docker
-      tag: 29.4.3-dind@sha256:685b91dca8eab7de1dce1c303dbb7a763e4082d6a60db10968adf3295fbd2495
+      tag: 29.5.0-dind@sha256:8e3fae900cbfbdc14e8abca89a9e44363065cb535f34a09283c59cc0dde2de20
       extraVolumeMounts:
         - name: docker-vol
           mountPath: /var/lib/docker

clusters/cl01tl/helm/home-assistant/Chart.yaml

@@ -24,4 +24,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
 # renovate: datasource=github-releases depName=home-assistant/core
-appVersion: 2026.5.1
+appVersion: 2026.5.2

clusters/cl01tl/helm/komodo/templates/ingress.yaml

@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}-tailscale
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}-tailscale
+    {{- include "custom.labels" . | nindent 4 }}
+    tailscale.com/proxy-class: no-metrics
+  annotations:
+    tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
+spec:
+  ingressClassName: tailscale
+  tls:
+    - hosts:
+        - komodo-cl01tl
+      secretName: komodo-cl01tl
+  rules:
+    - host: komodo-cl01tl
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: komodo-main
+                port:
+                  name: http

clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock

@@ -1,7 +1,7 @@
 dependencies:
 - name: kube-prometheus-stack
   repository: oci://ghcr.io/prometheus-community/charts
-  version: 85.1.2
+  version: 85.1.3
 - name: prometheus-operator-crds
   repository: oci://ghcr.io/prometheus-community/charts
   version: 29.0.0
@@ -11,5 +11,5 @@ dependencies:
 - name: valkey
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 0.8.0
-digest: sha256:7c7504aaf6283c681f6ce8d044d4a2d61669f3237c33f434f955ad96b072fe9a
+digest: sha256:67a7c994af3e36ed3668123a1c5add5144e5460149dce40e7686e71c79c5123a
-generated: "2026-05-16T19:05:00.763646788Z"
+generated: "2026-05-17T15:05:47.249164073Z"

clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml

@@ -20,7 +20,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: kube-prometheus-stack
-    version: 85.1.2
+    version: 85.1.3
     repository: oci://ghcr.io/prometheus-community/charts
   - name: prometheus-operator-crds
     version: 29.0.0

clusters/cl01tl/helm/loki/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: loki
   repository: oci://ghcr.io/grafana-community/helm-charts
-  version: 14.2.1
+  version: 16.0.0
 - name: alloy
   repository: https://grafana.github.io/helm-charts
   version: 1.8.1
-digest: sha256:715dad001b933b0b86d7cdf31498efe103a939a1f827c49ea21026b8edf28850
+digest: sha256:d193d6954e39080db717baf7f48ff1dd08ab9a544d6e39fe54dea146f1e2057c
-generated: "2026-05-16T16:07:36.518769631Z"
+generated: "2026-05-17T14:10:38.197763019Z"

clusters/cl01tl/helm/loki/Chart.yaml

@@ -15,7 +15,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: loki
-    version: 14.2.1
+    version: 16.0.0
     repository: oci://ghcr.io/grafana-community/helm-charts
   - name: alloy
     version: 1.8.1

clusters/cl01tl/helm/matrix-synapse/values.yaml

@@ -367,7 +367,7 @@ mautrix-whatsapp:
         main:
           image:
             repository: dock.mau.dev/mautrix/whatsapp
-            tag: v0.2604.0@sha256:9f28c04c746af9fe8e93163489dae0f4191626e2ca02a9302df62afbeefc9eba
+            tag: v0.2605.0@sha256:d126438cc0eb989c31ff32ab66a95a16d1fc47198eaabcba0fb4f4672e7a3412
           resources:
             requests:
               cpu: 1m

clusters/cl01tl/helm/qbittorrent/values.yaml

@@ -32,6 +32,62 @@ qbittorrent:
             - |
               sysctl -w net.ipv4.ip_forward=1;
               sysctl -w net.ipv6.conf.all.disable_ipv6=1
+        gluetun:
+          restartPolicy: Always
+          image:
+            repository: ghcr.io/qdm12/gluetun
+            tag: latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472
+          lifecycle:
+            postStart:
+              exec:
+                command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
+          env:
+            - name: VPN_SERVICE_PROVIDER
+              value: protonvpn
+            - name: VPN_TYPE
+              value: wireguard
+            - name: WIREGUARD_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: protonvpn-wireguard-conf
+                  key: private-key
+            - name: FIREWALL_OUTBOUND_SUBNETS
+              value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
+            - name: FIREWALL_INPUT_PORTS
+              value: 8080,9022
+            - name: VPN_PORT_FORWARDING
+              value: "on"
+            - name: VPN_PORT_FORWARDING_UP_COMMAND
+              value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORT}}" }}"'
+            - name: PORT_FORWARD_ONLY
+              value: "on"
+            - name: BLOCK_MALICIOUS
+              value: "off"
+          securityContext:
+            privileged: True
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+          probes:
+            readiness:
+              enabled: true
+              custom: true
+              spec:
+                exec:
+                  command:
+                    - /gluetun-entrypoint
+                    - healthcheck
+                failureThreshold: 5
+                initialDelaySeconds: 30
+                periodSeconds: 30
+                successThreshold: 1
+                timeoutSeconds: 15
+          resources:
+            limits:
+              devic.es/tun: "1"
+            requests:
+              devic.es/tun: "1"
       containers:
         qbittorrent:
           image:
@@ -52,65 +108,6 @@ qbittorrent:
             requests:
               cpu: 500m
               memory: 1Gi
-        gluetun:
-          image:
-            repository: ghcr.io/qdm12/gluetun
-            tag: latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472
-          lifecycle:
-            postStart:
-              exec:
-                command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
-          env:
-            - name: VPN_SERVICE_PROVIDER
-              value: protonvpn
-            - name: VPN_TYPE
-              value: wireguard
-            - name: WIREGUARD_PRIVATE_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: protonvpn-wireguard-conf
-                  key: private-key
-            - name: FIREWALL_OUTBOUND_SUBNETS
-              value: 192.168.1.0/24,10.244.0.0/16,10.96.0.0/16
-            - name: FIREWALL_INPUT_PORTS
-              value: 8080,9022
-            - name: VPN_PORT_FORWARDING
-              value: "on"
-            - name: VPN_PORT_FORWARDING_UP_COMMAND
-              value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
-            - name: DNS_UPSTREAM_RESOLVER_TYPE
-              value: dot
-            - name: BLOCK_MALICIOUS
-              value: "off"
-            - name: HTTPPROXY
-              value: "off"
-            - name: SHADOWSOCKS
-              value: "off"
-          securityContext:
-            privileged: True
-            capabilities:
-              add:
-                - NET_ADMIN
-                - SYS_MODULE
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                exec:
-                  command:
-                    - /gluetun-entrypoint
-                    - healthcheck
-                failureThreshold: 5
-                initialDelaySeconds: 30
-                periodSeconds: 30
-                successThreshold: 1
-                timeoutSeconds: 15
-          resources:
-            limits:
-              devic.es/tun: "1"
-            requests:
-              devic.es/tun: "1"
         exporter:
           image:
             repository: esanchezm/prometheus-qbittorrent-exporter

clusters/cl01tl/helm/radarr-4k/values.yaml

@@ -14,7 +14,7 @@ radarr-4k:
         main:
           image:
             repository: ghcr.io/linuxserver/radarr
-            tag: 6.1.1.10360-ls302@sha256:15417a594ebda4c660a9fa9748e7199d33e2d17b31bbc5ad7ba2e86f0b414763
+            tag: 6.1.1.10360-ls303@sha256:079e48870584baf2a3e7e43e7ba6d3c834555931851a59c82c51cc792d285caf
           env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/helm/radarr-anime/values.yaml

@@ -14,7 +14,7 @@ radarr-anime:
         main:
           image:
             repository: ghcr.io/linuxserver/radarr
-            tag: 6.1.1.10360-ls302@sha256:15417a594ebda4c660a9fa9748e7199d33e2d17b31bbc5ad7ba2e86f0b414763
+            tag: 6.1.1.10360-ls303@sha256:079e48870584baf2a3e7e43e7ba6d3c834555931851a59c82c51cc792d285caf
           env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/helm/radarr-standup/values.yaml

@@ -14,7 +14,7 @@ radarr-standup:
         main:
           image:
             repository: ghcr.io/linuxserver/radarr
-            tag: 6.1.1.10360-ls302@sha256:15417a594ebda4c660a9fa9748e7199d33e2d17b31bbc5ad7ba2e86f0b414763
+            tag: 6.1.1.10360-ls303@sha256:079e48870584baf2a3e7e43e7ba6d3c834555931851a59c82c51cc792d285caf
           env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/helm/radarr/values.yaml

@@ -14,7 +14,7 @@ radarr:
         main:
           image:
             repository: ghcr.io/linuxserver/radarr
-            tag: 6.1.1.10360-ls302@sha256:15417a594ebda4c660a9fa9748e7199d33e2d17b31bbc5ad7ba2e86f0b414763
+            tag: 6.1.1.10360-ls303@sha256:079e48870584baf2a3e7e43e7ba6d3c834555931851a59c82c51cc792d285caf
           env:
             - name: TZ
               value: America/Chicago

clusters/cl01tl/helm/searxng/values.yaml

@@ -10,7 +10,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:654eff5a61e7a768b233b89da64ba71904d06c67c2f43fb31ab5ce20b6f1e44c
+            tag: latest@sha256:25ff3c045548971d12726e54bea4564b8ec3bedb3d6951aecdefd01caf840974
           env:
             - name: SEARXNG_BASE_URL
               value: http://searxng-api.searxng:8080
@@ -38,7 +38,7 @@ searxng:
         main:
           image:
             repository: searxng/searxng
-            tag: latest@sha256:654eff5a61e7a768b233b89da64ba71904d06c67c2f43fb31ab5ce20b6f1e44c
+            tag: latest@sha256:25ff3c045548971d12726e54bea4564b8ec3bedb3d6951aecdefd01caf840974
           env:
             - name: SEARXNG_BASE_URL
               value: https://searxng.alexlebens.net/

clusters/cl01tl/helm/site-documentation/values.yaml

@@ -10,7 +10,7 @@ site-documentation:
         main:
           image:
             repository: harbor.alexlebens.net/images/site-documentation
-            tag: 0.33.1@sha256:440f85c89c6451fd1bb9863b41b45c3e027baf6d2735670b65afc4b024d3abea
+            tag: 0.34.0@sha256:e2805132fec427006ad0e9ea87ec3d660b1a03673399415e7dad32ee79cc769d
           resources:
             requests:
               cpu: 10m

clusters/cl01tl/helm/slskd/values.yaml

@@ -33,6 +33,56 @@ slskd:
             - |
               sysctl -w net.ipv4.ip_forward=1;
               sysctl -w net.ipv6.conf.all.disable_ipv6=1
+        gluetun:
+          restartPolicy: Always
+          image:
+            repository: ghcr.io/qdm12/gluetun
+            tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
+          lifecycle:
+            postStart:
+              exec:
+                command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
+          env:
+            - name: VPN_SERVICE_PROVIDER
+              value: protonvpn
+            - name: VPN_TYPE
+              value: wireguard
+            - name: WIREGUARD_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: protonvpn-wireguard-conf
+                  key: private-key
+            - name: FIREWALL_OUTBOUND_SUBNETS
+              value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
+            - name: FIREWALL_INPUT_PORTS
+              value: 5030
+            - name: BLOCK_MALICIOUS
+              value: "off"
+          securityContext:
+            privileged: true
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+          probes:
+            readiness:
+              enabled: true
+              custom: true
+              spec:
+                exec:
+                  command:
+                    - /gluetun-entrypoint
+                    - healthcheck
+                failureThreshold: 5
+                initialDelaySeconds: 30
+                periodSeconds: 30
+                successThreshold: 1
+                timeoutSeconds: 15
+          resources:
+            limits:
+              devic.es/tun: "1"
+            requests:
+              devic.es/tun: "1"
       containers:
         main:
           image:
@@ -53,61 +103,6 @@ slskd:
             requests:
               cpu: 100m
               memory: 330Mi
-        gluetun:
-          image:
-            repository: ghcr.io/qdm12/gluetun
-            tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
-          lifecycle:
-            postStart:
-              exec:
-                command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
-          env:
-            - name: VPN_SERVICE_PROVIDER
-              value: protonvpn
-            - name: VPN_TYPE
-              value: wireguard
-            - name: WIREGUARD_PRIVATE_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: protonvpn-wireguard-conf
-                  key: private-key
-            - name: FIREWALL_OUTBOUND_SUBNETS
-              value: 192.168.1.0/24,10.0.0.0/8
-            - name: FIREWALL_INPUT_PORTS
-              value: 5030,50300
-            - name: DNS_UPSTREAM_RESOLVER_TYPE
-              value: dot
-            - name: BLOCK_MALICIOUS
-              value: "off"
-            - name: HTTPPROXY
-              value: "off"
-            - name: SHADOWSOCKS
-              value: "off"
-          securityContext:
-            privileged: true
-            capabilities:
-              add:
-                - NET_ADMIN
-                - SYS_MODULE
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                exec:
-                  command:
-                    - /gluetun-entrypoint
-                    - healthcheck
-                failureThreshold: 5
-                initialDelaySeconds: 30
-                periodSeconds: 30
-                successThreshold: 1
-                timeoutSeconds: 15
-          resources:
-            limits:
-              devic.es/tun: "1"
-            requests:
-              devic.es/tun: "1"
   service:
     main:
       controller: main

clusters/cl01tl/helm/tubearchivist/values.yaml

@@ -9,42 +9,9 @@ tubearchivist:
         securityContext:
           fsGroup: 1000
           fsGroupChangePolicy: OnRootMismatch
-      containers:
+      initContainers:
-        main:
-          image:
-            repository: bbilly1/tubearchivist
-            tag: v0.5.10@sha256:dfe723cf008520e1758ecc3e59e6ea8761dd10d5bb099cd87289e80f5bd66567
-          env:
-            - name: TZ
-              value: America/Chicago
-            - name: HOST_UID
-              value: 1000
-            - name: HOST_GID
-              value: 1000
-            - name: ES_URL
-              value: https://elasticsearch-tubearchivist-es-http.tubearchivist:9200
-            - name: ES_DISABLE_VERIFY_SSL
-              value: true
-            - name: REDIS_CON
-              value: redis://tubearchivist-valkey.tubearchivist:6379
-            - name: TA_HOST
-              value: https://tubearchivist.alexlebens.net http://tubearchivist.tubearchivist:80/
-            - name: TA_PORT
-              value: 24000
-            - name: TA_USERNAME
-              value: admin
-          envFrom:
-            - secretRef:
-                name: tubearchivist-config
-          resources:
-            requests:
-              cpu: 10m
-              memory: 1Gi
-        bgutil:
-          image:
-            repository: brainicism/bgutil-ytdlp-pot-provider
-            tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b
         gluetun:
+          restartPolicy: Always
           image:
             repository: ghcr.io/qdm12/gluetun
             tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
@@ -63,23 +30,19 @@ tubearchivist:
                   name: protonvpn-wireguard-conf
                   key: private-key
             - name: FIREWALL_OUTBOUND_SUBNETS
-              value: 192.168.1.0/24,10.0.0.0/8
+              value: 127.0.0.0/8,192.168.1.0/24,10.244.0.0/16,10.96.0.0/12
             - name: FIREWALL_INPUT_PORTS
-              value: 80,8000,24000
+              value: "24000"
-            - name: DNS_UPSTREAM_RESOLVER_TYPE
+            - name: DNS_CACHING
-              value: dot
-            - name: HTTPPROXY
-              value: "off"
-            - name: SHADOWSOCKS
               value: "off"
           securityContext:
-            privileged: True
+            privileged: true
             capabilities:
               add:
                 - NET_ADMIN
                 - SYS_MODULE
           probes:
-            liveness:
+            readiness:
               enabled: true
               custom: true
               spec:
@@ -88,15 +51,65 @@ tubearchivist:
                     - /gluetun-entrypoint
                     - healthcheck
                 failureThreshold: 5
-                initialDelaySeconds: 30
+                initialDelaySeconds: 15
-                periodSeconds: 30
+                periodSeconds: 10
                 successThreshold: 1
-                timeoutSeconds: 15
+                timeoutSeconds: 5
           resources:
             limits:
               devic.es/tun: "1"
             requests:
               devic.es/tun: "1"
+      containers:
+        main:
+          image:
+            repository: bbilly1/tubearchivist
+            tag: v0.5.10@sha256:dfe723cf008520e1758ecc3e59e6ea8761dd10d5bb099cd87289e80f5bd66567
+          env:
+            - name: TZ
+              value: America/Chicago
+            - name: HOST_UID
+              value: 1000
+            - name: HOST_GID
+              value: 1000
+            - name: ES_URL
+              value: https://elasticsearch-tubearchivist-es-http.tubearchivist:9200
+            - name: ES_DISABLE_VERIFY_SSL
+              value: true
+            - name: REDIS_CON
+              value: redis://tubearchivist-valkey.tubearchivist.svc.cluster.local:6379
+            - name: TA_HOST
+              value: https://tubearchivist.alexlebens.net http://tubearchivist.tubearchivist:80/
+            - name: TA_PORT
+              value: 24000
+            - name: TA_USERNAME
+              value: admin
+          envFrom:
+            - secretRef:
+                name: tubearchivist-config
+          probes:
+            liveness:
+              enabled: true
+              custom: true
+              spec:
+                exec:
+                  command:
+                    - curl
+                    - -f
+                    - http://localhost:24000/api/health/
+                failureThreshold: 5
+                initialDelaySeconds: 30
+                periodSeconds: 30
+                successThreshold: 1
+                timeoutSeconds: 15
+          resources:
+            requests:
+              cpu: 10m
+              memory: 1Gi
+        bgutil:
+          image:
+            repository: brainicism/bgutil-ytdlp-pot-provider
+            tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b
     metrics:
       type: deployment
       replicas: 1

hosts/ps10rp/gitea/compose.yaml

@@ -33,7 +33,7 @@ services:
             - postgresql18:/var/lib/postgresql
 
     gitea:
-        image: gitea/gitea:1.26.0@sha256:af07b88edbb2173d20932f9c75ebcf4e61d7d5c2d6a7ab5cc6b97cba28aea352
+        image: gitea/gitea:1.26.1@sha256:d8667667b4ccbd1f67b86a376bffcc0a17b16cf71309ed04e3918231776d47dd
         container_name: gitea
         depends_on:
             - postgresql