chore(deps): update dependency clidey/whodb to v0.95.0 (#4252 )

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [clidey/whodb](https://github.com/clidey/whodb) | minor | `0.94.0` → `0.95.0` | --- ### Release Notes <details> <summary>clidey/whodb (clidey/whodb)</summary> ### [`v0.95.0`](https://github.com/clidey/whodb/releases/tag/0.95.0) [Compare Source](https://github.com/clidey/whodb/compare/0.94.0...0.95.0) - Logging system has been refactored to be more flexible - we now have the option to log directly to a file using the environmental variables WHODB\_LOG\_FILE and WHODB\_ACCESS\_LOG\_FILE - WHODB\_LOG\_FILE is for directing the non-http logs to a file. If it is not set, then the logs go to stdout. If it is set to "default", then the logs go to /var/log/whodb/whodb.log. Otherwise a user can pass in a path like /home/ah/whodb.log. - WHODB\_ACCESS\_LOG\_FILE is for directing the http only access logs to a file. If it is not set, then the http access logs do NOT go to stdout (so this reduces what gets sent to stdout as usually these logs aren't super helpful for debugging). If it is set to "default", then the access logs go to /var/log/whodb/whodb.access.log. Otherwise a user can pass in a path like /home/ah/whodb.access.log. - Iif nothing is set, then the defaults are stdout and non-http logging - Please note you may have to run WhoDB as root in order to be able to write to /var/log if you specify the "default" location. - Accessibility updates - we're trying to improve app accessibility across the board. Any issues you run into, please let us know! #### Installation ##### Mac App Store [Download from the Apple Store](https://apps.apple.com/app/whodb/id6754566536) ##### Microsoft Store [Download from the Microsoft Store](https://apps.microsoft.com/detail/9pftx5bv4ds6) ##### Snap Store ```bash sudo snap install whodb ``` [View on Snapcraft](https://snapcraft.io/whodb) ##### Docker ```bash docker pull clidey/whodb:0.95.0 docker pull clidey/whodb:latest ``` ##### Direct Downloads See assets below for platform-specific packages (DMG, MSIX, etc.). #### Documentation - [Documentation](https://docs.whodb.com) - [Report Issues](https://github.com/clidey/whodb/issues) #### Upgrade Notes To upgrade from a previous version: - **Docker**: Pull the latest image and restart your container - **Snap**: Run `sudo snap refresh whodb` - **Desktop Apps**: Download and install the new version *** **Full Changelog**: <https://github.com/clidey/whodb/compare/0.94.0...0.95.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: #4252 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
chore(deps): update searxng/searxng:latest docker digest to 2c86f95 (#4250 )
2026-02-26 17:34:08 +00:00 · 2026-02-26 11:03:37 +00:00 · 2026-02-26 04:14:15 +00:00 · 2026-02-26 04:12:25 +00:00 · 2026-02-26 00:02:47 +00:00 · 2026-02-25 17:42:52 -06:00
31 changed files with 397 additions and 22 deletions
--- a/clusters/cl01tl/helm/authentik/Chart.lock
+++ b/clusters/cl01tl/helm/authentik/Chart.lock
@@ -1,7 +1,7 @@
 dependencies:
 - name: authentik
  repository: https://charts.goauthentik.io/
-  version: 2025.12.4
+  version: 2026.2.0
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 2.3.0
@@ -11,5 +11,5 @@ dependencies:
 - name: redis-replication
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 1.0.4
-digest: sha256:9e8f037f9d581ad83edde8d4a68672860cbe9d0192b10c37708710315a017469
-generated: "2026-02-24T17:34:02.304009-06:00"
+digest: sha256:c8602f093e78af87eac0c99d622f0815ec89ebc1305e097ca4d6f72b003ae57c
+generated: "2026-02-25T03:06:14.95787836Z"
--- a/clusters/cl01tl/helm/authentik/Chart.yaml
+++ b/clusters/cl01tl/helm/authentik/Chart.yaml
@@ -21,7 +21,7 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: authentik
-    version: 2025.12.4
+    version: 2026.2.0
    repository: https://charts.goauthentik.io/
  - name: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
--- a/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
@@ -0,0 +1,39 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: ReferenceGrant
+metadata:
+  name: allow-outpost-cross-namespace-access
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: allow-outpost-cross-namespace-access
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  from:
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: lidarr
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: radarr
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: radarr-4k
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: radarr-anime
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: radarr-standup
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: sonarr
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: sonarr-4k
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: sonarr-anime
+  to:
+    - group: ""
+      kind: Service
+      name: ak-outpost-traefik-proxy-auth
--- a/clusters/cl01tl/helm/booklore/Chart.yaml
+++ b/clusters/cl01tl/helm/booklore/Chart.yaml
@@ -30,4 +30,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
 # renovate: datasource=github-releases depName=booklore-app/BookLore
-appVersion: v2.0.1
+appVersion: v2.0.2
--- a/clusters/cl01tl/helm/booklore/values.yaml
+++ b/clusters/cl01tl/helm/booklore/values.yaml
@@ -9,7 +9,7 @@ booklore:
        main:
          image:
            repository: ghcr.io/booklore-app/booklore
-            tag: v2.0.1
+            tag: v2.0.2
            pullPolicy: IfNotPresent
          env:
            - name: TZ
--- a/clusters/cl01tl/helm/elastic-operator/Chart.lock
+++ b/clusters/cl01tl/helm/elastic-operator/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: eck-operator
  repository: https://helm.elastic.co
-  version: 3.3.0
-digest: sha256:d2b00de6c03bf7624fdf496b326262149a2d2635012f14e900ed0724545c95d9
-generated: "2026-02-03T18:05:00.461644575Z"
+  version: 3.3.1
+digest: sha256:8585f3ea3e4cafc4ff2969ea7e797017b7cfe4becb3385f0b080725908c02f09
+generated: "2026-02-25T18:48:55.77034549Z"
--- a/clusters/cl01tl/helm/elastic-operator/Chart.yaml
+++ b/clusters/cl01tl/helm/elastic-operator/Chart.yaml
@@ -15,8 +15,8 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: eck-operator
-    version: 3.3.0
+    version: 3.3.1
    repository: https://helm.elastic.co
 icon: https://helm.elastic.co/icons/eck.png
 # renovate: datasource=github-releases depName=elastic/cloud-on-k8s
-appVersion: v3.3.0
+appVersion: v3.3.1
--- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: kube-prometheus-stack
  repository: oci://ghcr.io/prometheus-community/charts
-  version: 82.3.0
+  version: 82.4.0
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.6.2
 - name: redis-replication
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 1.0.4
-digest: sha256:41de0559e2f4e85a33ca006520cf67c85abaf5691f3cd0aacf7b66ba0d95ce50
-generated: "2026-02-24T20:10:32.588038295Z"
+digest: sha256:24214c0bc1e6aed9954385aa61b403a7fa4b4e92bac09777504635cba98735ba
+generated: "2026-02-25T23:46:14.059155578Z"
--- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
@@ -20,7 +20,7 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: kube-prometheus-stack
-    version: 82.3.0
+    version: 82.4.0
    repository: oci://ghcr.io/prometheus-community/charts
  - name: app-template
    alias: ntfy-alertmanager
--- a/clusters/cl01tl/helm/lidarr/templates/middleware.yaml
+++ b/clusters/cl01tl/helm/lidarr/templates/middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-forward-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: oidc-forward-auth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-entitlements
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
--- a/clusters/cl01tl/helm/lidarr/values.yaml
+++ b/clusters/cl01tl/helm/lidarr/values.yaml
@@ -84,12 +84,28 @@ lidarr:
      hostnames:
        - lidarr.alexlebens.net
      rules:
+        - backendRefs:
+            - name: ak-outpost-traefik-proxy-auth
+              namespace: authentik
+              port: 9000
+              weight: 100
+          filters: []
+          matches:
+            - path:
+                type: PathPrefix
+                value: /outpost.goauthentik.io
        - backendRefs:
            - group: ''
              kind: Service
              name: lidarr
              port: 80
              weight: 100
+          filters:
+            - type: ExtensionRef
+              extensionRef:
+                group: traefik.io
+                kind: Middleware
+                name: oidc-forward-auth
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/radarr-4k/templates/middleware.yaml
+++ b/clusters/cl01tl/helm/radarr-4k/templates/middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-forward-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: oidc-forward-auth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-entitlements
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
--- a/clusters/cl01tl/helm/radarr-4k/values.yaml
+++ b/clusters/cl01tl/helm/radarr-4k/values.yaml
@@ -84,12 +84,28 @@ radarr-4k:
      hostnames:
        - radarr-4k.alexlebens.net
      rules:
+        - backendRefs:
+            - name: ak-outpost-traefik-proxy-auth
+              namespace: authentik
+              port: 9000
+              weight: 100
+          filters: []
+          matches:
+            - path:
+                type: PathPrefix
+                value: /outpost.goauthentik.io
        - backendRefs:
            - group: ''
              kind: Service
              name: radarr-4k
              port: 80
              weight: 100
+          filters:
+            - type: ExtensionRef
+              extensionRef:
+                group: traefik.io
+                kind: Middleware
+                name: oidc-forward-auth
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/radarr-anime/templates/middleware.yaml
+++ b/clusters/cl01tl/helm/radarr-anime/templates/middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-forward-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: oidc-forward-auth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-entitlements
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
--- a/clusters/cl01tl/helm/radarr-anime/values.yaml
+++ b/clusters/cl01tl/helm/radarr-anime/values.yaml
@@ -82,12 +82,28 @@ radarr-anime:
      hostnames:
        - radarr-anime.alexlebens.net
      rules:
+        - backendRefs:
+            - name: ak-outpost-traefik-proxy-auth
+              namespace: authentik
+              port: 9000
+              weight: 100
+          filters: []
+          matches:
+            - path:
+                type: PathPrefix
+                value: /outpost.goauthentik.io
        - backendRefs:
            - group: ''
              kind: Service
              name: radarr-anime
              port: 80
              weight: 100
+          filters:
+            - type: ExtensionRef
+              extensionRef:
+                group: traefik.io
+                kind: Middleware
+                name: oidc-forward-auth
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/radarr-standup/templates/middleware.yaml
+++ b/clusters/cl01tl/helm/radarr-standup/templates/middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-forward-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: oidc-forward-auth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-entitlements
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
--- a/clusters/cl01tl/helm/radarr-standup/values.yaml
+++ b/clusters/cl01tl/helm/radarr-standup/values.yaml
@@ -82,12 +82,28 @@ radarr-standup:
      hostnames:
        - radarr-standup.alexlebens.net
      rules:
+        - backendRefs:
+            - name: ak-outpost-traefik-proxy-auth
+              namespace: authentik
+              port: 9000
+              weight: 100
+          filters: []
+          matches:
+            - path:
+                type: PathPrefix
+                value: /outpost.goauthentik.io
        - backendRefs:
            - group: ''
              kind: Service
              name: radarr-standup
              port: 80
              weight: 100
+          filters:
+            - type: ExtensionRef
+              extensionRef:
+                group: traefik.io
+                kind: Middleware
+                name: oidc-forward-auth
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/radarr/templates/middleware.yaml
+++ b/clusters/cl01tl/helm/radarr/templates/middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-forward-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: oidc-forward-auth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-entitlements
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
--- a/clusters/cl01tl/helm/radarr/values.yaml
+++ b/clusters/cl01tl/helm/radarr/values.yaml
@@ -84,12 +84,28 @@ radarr:
      hostnames:
        - radarr.alexlebens.net
      rules:
+        - backendRefs:
+            - name: ak-outpost-traefik-proxy-auth
+              namespace: authentik
+              port: 9000
+              weight: 100
+          filters: []
+          matches:
+            - path:
+                type: PathPrefix
+                value: /outpost.goauthentik.io
        - backendRefs:
            - group: ''
              kind: Service
              name: radarr
              port: 80
              weight: 100
+          filters:
+            - type: ExtensionRef
+              extensionRef:
+                group: traefik.io
+                kind: Middleware
+                name: oidc-forward-auth
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/searxng/values.yaml
+++ b/clusters/cl01tl/helm/searxng/values.yaml
@@ -9,7 +9,7 @@ searxng:
        main:
          image:
            repository: searxng/searxng
-            tag: latest@sha256:edf110a2816d8963949d03879c72a7e19c221b5f7bfb7952a33ae073f96ccb18
+            tag: latest@sha256:2c86f95c22dde03f5354a81b027ec882830748c5fe6454f03c7ec8fc384e54ea
            pullPolicy: IfNotPresent
          env:
            - name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
        main:
          image:
            repository: searxng/searxng
-            tag: latest@sha256:edf110a2816d8963949d03879c72a7e19c221b5f7bfb7952a33ae073f96ccb18
+            tag: latest@sha256:2c86f95c22dde03f5354a81b027ec882830748c5fe6454f03c7ec8fc384e54ea
            pullPolicy: IfNotPresent
          env:
            - name: SEARXNG_BASE_URL
--- a/clusters/cl01tl/helm/site-documentation/values.yaml
+++ b/clusters/cl01tl/helm/site-documentation/values.yaml
@@ -11,7 +11,7 @@ site-documentation:
        main:
          image:
            repository: harbor.alexlebens.net/images/site-documentation
-            tag: 0.1.5
+            tag: 0.1.6
            pullPolicy: IfNotPresent
          resources:
            requests:
--- a/clusters/cl01tl/helm/site-profile/values.yaml
+++ b/clusters/cl01tl/helm/site-profile/values.yaml
@@ -11,7 +11,7 @@ site-profile:
        main:
          image:
            repository: harbor.alexlebens.net/images/site-profile
-            tag: 2.15.1
+            tag: 2.16.0
            pullPolicy: IfNotPresent
          resources:
            requests:
--- a/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml
+++ b/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-forward-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: oidc-forward-auth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-entitlements
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
--- a/clusters/cl01tl/helm/sonarr-4k/values.yaml
+++ b/clusters/cl01tl/helm/sonarr-4k/values.yaml
@@ -82,12 +82,28 @@ sonarr-4k:
      hostnames:
        - sonarr-4k.alexlebens.net
      rules:
+        - backendRefs:
+            - name: ak-outpost-traefik-proxy-auth
+              namespace: authentik
+              port: 9000
+              weight: 100
+          filters: []
+          matches:
+            - path:
+                type: PathPrefix
+                value: /outpost.goauthentik.io
        - backendRefs:
            - group: ''
              kind: Service
              name: sonarr-4k
              port: 80
              weight: 100
+          filters:
+            - type: ExtensionRef
+              extensionRef:
+                group: traefik.io
+                kind: Middleware
+                name: oidc-forward-auth
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/sonarr-anime/templates/middleware.yaml
+++ b/clusters/cl01tl/helm/sonarr-anime/templates/middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-forward-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: oidc-forward-auth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-entitlements
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
--- a/clusters/cl01tl/helm/sonarr-anime/values.yaml
+++ b/clusters/cl01tl/helm/sonarr-anime/values.yaml
@@ -82,12 +82,28 @@ sonarr-anime:
      hostnames:
        - sonarr-anime.alexlebens.net
      rules:
+        - backendRefs:
+            - name: ak-outpost-traefik-proxy-auth
+              namespace: authentik
+              port: 9000
+              weight: 100
+          filters: []
+          matches:
+            - path:
+                type: PathPrefix
+                value: /outpost.goauthentik.io
        - backendRefs:
            - group: ''
              kind: Service
              name: sonarr-anime
              port: 80
              weight: 100
+          filters:
+            - type: ExtensionRef
+              extensionRef:
+                group: traefik.io
+                kind: Middleware
+                name: oidc-forward-auth
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/sonarr/templates/middleware.yaml
+++ b/clusters/cl01tl/helm/sonarr/templates/middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-forward-auth
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: oidc-forward-auth
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-entitlements
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
--- a/clusters/cl01tl/helm/sonarr/values.yaml
+++ b/clusters/cl01tl/helm/sonarr/values.yaml
@@ -82,12 +82,28 @@ sonarr:
      hostnames:
        - sonarr.alexlebens.net
      rules:
+        - backendRefs:
+            - name: ak-outpost-traefik-proxy-auth
+              namespace: authentik
+              port: 9000
+              weight: 100
+          filters: []
+          matches:
+            - path:
+                type: PathPrefix
+                value: /outpost.goauthentik.io
        - backendRefs:
            - group: ''
              kind: Service
              name: sonarr
              port: 80
              weight: 100
+          filters:
+            - type: ExtensionRef
+              extensionRef:
+                group: traefik.io
+                kind: Middleware
+                name: oidc-forward-auth
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/tailscale-operator/Chart.yaml
+++ b/clusters/cl01tl/helm/tailscale-operator/Chart.yaml
@@ -21,4 +21,4 @@ dependencies:
    repository: https://pkgs.tailscale.com/helmcharts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
 # renovate: datasource=github-releases depName=tailscale/tailscale
-appVersion: v1.94.1
+appVersion: v1.94.2
--- a/clusters/cl01tl/helm/whodb/Chart.yaml
+++ b/clusters/cl01tl/helm/whodb/Chart.yaml
@@ -20,4 +20,4 @@ dependencies:
    version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png
 # renovate: datasource=github-releases depName=clidey/whodb
-appVersion: 0.94.0
+appVersion: 0.95.0
--- a/clusters/cl01tl/helm/whodb/values.yaml
+++ b/clusters/cl01tl/helm/whodb/values.yaml
@@ -8,7 +8,7 @@ whodb:
        main:
          image:
            repository: clidey/whodb
-            tag: 0.94.0
+            tag: 0.95.0
            pullPolicy: IfNotPresent
          env:
            - name: WHODB_OLLAMA_HOST
Author	SHA1	Message	Date
Renovate Bot	2c2bf733bd	chore(deps): update dependency clidey/whodb to v0.95.0 (#4252 ) All checks were successful render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Successful in 1m18s Details renovate / renovate (push) Successful in 2m29s Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [clidey/whodb](https://github.com/clidey/whodb) \| minor \| `0.94.0` → `0.95.0` \| --- ### Release Notes <details> <summary>clidey/whodb (clidey/whodb)</summary> ### [`v0.95.0`](https://github.com/clidey/whodb/releases/tag/0.95.0) [Compare Source](https://github.com/clidey/whodb/compare/0.94.0...0.95.0) - Logging system has been refactored to be more flexible - we now have the option to log directly to a file using the environmental variables WHODB\_LOG\_FILE and WHODB\_ACCESS\_LOG\_FILE - WHODB\_LOG\_FILE is for directing the non-http logs to a file. If it is not set, then the logs go to stdout. If it is set to "default", then the logs go to /var/log/whodb/whodb.log. Otherwise a user can pass in a path like /home/ah/whodb.log. - WHODB\_ACCESS\_LOG\_FILE is for directing the http only access logs to a file. If it is not set, then the http access logs do NOT go to stdout (so this reduces what gets sent to stdout as usually these logs aren't super helpful for debugging). If it is set to "default", then the access logs go to /var/log/whodb/whodb.access.log. Otherwise a user can pass in a path like /home/ah/whodb.access.log. - Iif nothing is set, then the defaults are stdout and non-http logging - Please note you may have to run WhoDB as root in order to be able to write to /var/log if you specify the "default" location. - Accessibility updates - we're trying to improve app accessibility across the board. Any issues you run into, please let us know! #### Installation ##### Mac App Store [Download from the Apple Store](https://apps.apple.com/app/whodb/id6754566536) ##### Microsoft Store [Download from the Microsoft Store](https://apps.microsoft.com/detail/9pftx5bv4ds6) ##### Snap Store ```bash sudo snap install whodb ``` [View on Snapcraft](https://snapcraft.io/whodb) ##### Docker ```bash docker pull clidey/whodb:0.95.0 docker pull clidey/whodb:latest ``` ##### Direct Downloads See assets below for platform-specific packages (DMG, MSIX, etc.). #### Documentation - [Documentation](https://docs.whodb.com) - [Report Issues](https://github.com/clidey/whodb/issues) #### Upgrade Notes To upgrade from a previous version: - Docker: Pull the latest image and restart your container - Snap: Run `sudo snap refresh whodb` - Desktop Apps: Download and install the new version * Full Changelog: <https://github.com/clidey/whodb/compare/0.94.0...0.95.0> </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS43IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuNyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4252 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-02-26 17:34:08 +00:00
Renovate Bot	e1b62113c1	chore(deps): update searxng/searxng:latest docker digest to 2c86f95 (#4250 ) All checks were successful render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Successful in 19s Details renovate / renovate (push) Successful in 2m36s Details	2026-02-26 11:03:37 +00:00
Renovate Bot	4fde64a6a1	chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.1.6 (#4247 ) All checks were successful render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Successful in 21s Details renovate / renovate (push) Successful in 3m41s Details	2026-02-26 04:14:15 +00:00
Renovate Bot	45159022c9	chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v2.16.0 (#4246 ) Some checks failed render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Successful in 1m37s Details renovate / renovate (push) Has been cancelled Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [harbor.alexlebens.net/images/site-profile](https://gitea.alexlebens.dev/alexlebens/site-profile) \| minor \| `2.15.1` → `2.16.0` \| --- ### Release Notes <details> <summary>alexlebens/site-profile (harbor.alexlebens.net/images/site-profile)</summary> ### [`v2.16.0`](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/2.15.1...2.16.0) [Compare Source](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/2.15.1...2.16.0) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS43IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuNyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4246 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-02-26 04:12:25 +00:00
Renovate Bot	fbc8b4014f	chore(deps): update kube-prometheus-stack docker tag to v82.4.0 (#4232 ) All checks were successful render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Successful in 1m37s Details render-manifests-dispatch / render-manifests-dispatch (push) Successful in 43m25s Details renovate / renovate (push) Successful in 3m11s Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [kube-prometheus-stack](https://github.com/prometheus-operator/kube-prometheus) ([source](https://github.com/prometheus-community/helm-charts)) \| minor \| `82.3.0` → `82.4.0` \| --- ### Release Notes <details> <summary>prometheus-community/helm-charts (kube-prometheus-stack)</summary> ### [`v82.4.0`](https://github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-82.4.0) [Compare Source](https://github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-82.3.0...kube-prometheus-stack-82.4.0) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. #### What's Changed - \[kube-prometheus-stack] unify PodDisruptionBudget configuration by [@mkmet](https://github.com/mkmet) in [#6669](https://github.com/prometheus-community/helm-charts/pull/6669) #### New Contributors - [@mkmet](https://github.com/mkmet) made their first contribution in [#6669](https://github.com/prometheus-community/helm-charts/pull/6669) Full Changelog: <https://github.com/prometheus-community/helm-charts/compare/prometheus-nginx-exporter-1.19.1...kube-prometheus-stack-82.4.0> </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS43IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuNyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: #4232 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-02-26 00:02:47 +00:00
Alex Lebens	7411f391e8	feat: add proxy auth All checks were successful lint-test-helm / lint-helm (push) Successful in 1m21s Details render-manifests-push / render-manifests-push (push) Successful in 4m17s Details renovate / renovate (push) Successful in 5m3s Details	2026-02-25 17:42:52 -06:00
Alex Lebens	536e164b03	fix: change headers All checks were successful lint-test-helm / lint-helm (push) Successful in 40s Details render-manifests-push / render-manifests-push (push) Successful in 2m26s Details renovate / renovate (push) Successful in 3m3s Details	2026-02-25 17:25:18 -06:00
Alex Lebens	ade761cc85	feat: add reference grant All checks were successful lint-test-helm / lint-helm (push) Successful in 47s Details render-manifests-push / render-manifests-push (push) Successful in 2m2s Details renovate / renovate (push) Successful in 3m24s Details	2026-02-25 17:08:38 -06:00
Alex Lebens	218cb6c9de	fix: apply rule for routing All checks were successful lint-test-helm / lint-helm (push) Successful in 40s Details render-manifests-push / render-manifests-push (push) Successful in 1m52s Details renovate / renovate (push) Successful in 3m30s Details	2026-02-25 17:03:38 -06:00
Alex Lebens	9ba91dd00b	fix: fix headers All checks were successful lint-test-helm / lint-helm (push) Successful in 1m18s Details render-manifests-push / render-manifests-push (push) Successful in 2m38s Details renovate / renovate (push) Successful in 3m9s Details	2026-02-25 16:44:58 -06:00
Alex Lebens	4c02107d95	fix: fix placement All checks were successful lint-test-helm / lint-helm (push) Successful in 31s Details render-manifests-push / render-manifests-push (push) Successful in 1m26s Details renovate / renovate (push) Successful in 4m13s Details	2026-02-25 16:27:01 -06:00
Alex Lebens	4faecf7888	feat: add proxy auth Some checks failed lint-test-helm / lint-helm (push) Successful in 30s Details render-manifests-push / render-manifests-push (push) Failing after 1m3s Details renovate / renovate (push) Has been cancelled Details	2026-02-25 16:24:43 -06:00
Renovate Bot	b0e7da062a	chore(deps): update dependency elastic/cloud-on-k8s to v3.3.1 (#4237 ) All checks were successful render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Successful in 1m1s Details renovate / renovate (push) Successful in 2m32s Details	2026-02-25 21:47:42 +00:00
Renovate Bot	91540f1955	chore(deps): update booklore-app/booklore to v2.0.2 (#4236 ) Some checks failed render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Has been cancelled Details renovate / renovate (push) Has been cancelled Details	2026-02-25 21:47:16 +00:00
Renovate Bot	cd35da4bed	chore(deps): update helm release eck-operator to v3.3.1 (#4234 ) All checks were successful render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Successful in 44s Details renovate / renovate (push) Successful in 3m7s Details	2026-02-25 18:49:22 +00:00
Renovate Bot	752c9fc47d	chore(deps): update dependency tailscale/tailscale to v1.94.2 (#4233 ) Some checks failed render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Failing after 6s Details renovate / renovate (push) Has been cancelled Details	2026-02-25 18:48:42 +00:00
Renovate Bot	826558ae44	chore(deps): update helm release authentik to v2026 (#4227 ) All checks were successful render-manifests-push / render-manifests-push (push) Has been skipped Details lint-test-helm / lint-helm (push) Successful in 24s Details renovate / renovate (push) Successful in 1m52s Details Reviewed-on: #4227 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-02-25 04:46:25 +00:00