Merge pull request 'chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273' (#5716 ) from renovate/unified-lidarr into main

chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273
Merge pull request 'chore(deps): update traefik to v3.6.13' (#5713 ) from renovate/unified-traefik into main
2026-04-08 05:02:47 +00:00 · 2026-04-08 05:02:30 +00:00 · 2026-04-08 02:28:17 +00:00 · 2026-04-08 02:27:41 +00:00 · 2026-04-08 02:25:52 +00:00 · 2026-04-08 02:25:52 +00:00
74 changed files with 219 additions and 594 deletions
--- a/.gitea/workflows/render-manifests.yaml
+++ b/.gitea/workflows/render-manifests.yaml
@@ -50,7 +50,7 @@ jobs:
          cache: true
      - name: Configure Kubeconfig
-        uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
+        uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5
        with:
          method: kubeconfig
          kubeconfig: ${{ secrets.KUBECONFIG }}
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -13,7 +13,7 @@ on:
 jobs:
  renovate:
    runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43.109.0@sha256:262d3c2d7e61da7a7eef61fdbdcf26d80cb0d13f65baaa99ace4163a4d56c0fa
+    container: ghcr.io/renovatebot/renovate:43.109.1@sha256:3dc6493fd5846ee486ca26531db8b8dd2c028bc8e4c5b3464514f5f6b3e065d8
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
--- a/clusters/cl01tl/helm/authentik/Chart.lock
+++ b/clusters/cl01tl/helm/authentik/Chart.lock
@@ -1,7 +1,7 @@
 dependencies:
 - name: authentik
  repository: https://charts.goauthentik.io/
-  version: 2026.2.1
+  version: 2026.2.2
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 2.4.0
@@ -11,5 +11,5 @@ dependencies:
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.5.0
-digest: sha256:7302a85008aee7950aa345aa7d64563c1b0da8f07e348ec9709f9438503a41ff
+digest: sha256:86950b83ac8a4da2a89bb826616857fd5eca017c813d8def0eb905025a6e7687
-generated: "2026-04-04T21:00:59.689114-05:00"
+generated: "2026-04-08T02:23:25.175388081Z"
--- a/clusters/cl01tl/helm/authentik/Chart.yaml
+++ b/clusters/cl01tl/helm/authentik/Chart.yaml
@@ -18,7 +18,7 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: authentik
-    version: 2026.2.1
+    version: 2026.2.2
    repository: https://charts.goauthentik.io/
  - name: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
--- a/clusters/cl01tl/helm/directus/Chart.yaml
+++ b/clusters/cl01tl/helm/directus/Chart.yaml
@@ -29,4 +29,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
 # renovate: datasource=github-releases depName=directus/directus
-appVersion: 11.17.1
+appVersion: 11.17.2
--- a/clusters/cl01tl/helm/directus/values.yaml
+++ b/clusters/cl01tl/helm/directus/values.yaml
@@ -8,7 +8,7 @@ directus:
        main:
          image:
            repository: ghcr.io/directus/directus
-            tag: 11.17.1@sha256:1dd2080a50a9f6df2b6f49df15a7734424bbd1a5902983c4b6e447f22027b80b
+            tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
          env:
            - name: PUBLIC_URL
              value: https://directus.alexlebens.net
--- a/clusters/cl01tl/helm/element-web/Chart.yaml
+++ b/clusters/cl01tl/helm/element-web/Chart.yaml
@@ -22,4 +22,4 @@ dependencies:
    version: 2.4.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
 # renovate: datasource=github-releases depName=element-hq/element-web
-appVersion: v1.12.13
+appVersion: v1.12.14
--- a/clusters/cl01tl/helm/element-web/values.yaml
+++ b/clusters/cl01tl/helm/element-web/values.yaml
@@ -2,7 +2,7 @@ element-web:
  replicaCount: 1
  image:
    repository: ghcr.io/element-hq/element-web
-    tag: v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6
+    tag: v1.12.14@sha256:13052614150733892ff06189f0f9baf098bc16092bffc0e0e18ccf2f257abe34
  defaultServer:
    url: https://matrix.alexlebens.dev
    name: alexlebens.dev
--- a/clusters/cl01tl/helm/gitea/values.yaml
+++ b/clusters/cl01tl/helm/gitea/values.yaml
@@ -206,7 +206,7 @@ gitea-actions:
      registry: docker.io
      repository: docker
      # renovate: datasource=docker depName=docker
-      tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
+      tag: 29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821
      extraVolumeMounts:
        - name: docker-vol
          mountPath: /var/lib/docker
--- a/clusters/cl01tl/helm/harbor/Chart.lock
+++ b/clusters/cl01tl/helm/harbor/Chart.lock
@@ -4,9 +4,9 @@ dependencies:
  version: 1.18.3
 - name: postgres-cluster
  repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
-  version: 7.11.1
+  version: 7.11.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.5.0
-digest: sha256:fb17e2bad9c3a303da2b9d65ee5bd082a58ca6a5cee17d337e2536747982aa2c
+digest: sha256:2ef60d6315a21e0d92970570630cc74720643e7e51e0574107249684ddc2fab5
-generated: "2026-03-31T18:38:15.510833-05:00"
+generated: "2026-04-07T20:36:47.509644-05:00"
--- a/clusters/cl01tl/helm/harbor/Chart.yaml
+++ b/clusters/cl01tl/helm/harbor/Chart.yaml
@@ -20,7 +20,7 @@ dependencies:
    repository: https://helm.goharbor.io
  - name: postgres-cluster
    alias: postgres-18-cluster
-    version: 7.11.1
+    version: 7.11.2
    repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
  - name: valkey
    alias: valkey
--- a/clusters/cl01tl/helm/immich/Chart.yaml
+++ b/clusters/cl01tl/helm/immich/Chart.yaml
@@ -33,4 +33,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
 # renovate: datasource=github-releases depName=immich-app/immich
-appVersion: v2.6.3
+appVersion: v2.7.2
--- a/clusters/cl01tl/helm/immich/values.yaml
+++ b/clusters/cl01tl/helm/immich/values.yaml
@@ -8,7 +8,7 @@ immich:
        main:
          image:
            repository: ghcr.io/immich-app/immich-server
-            tag: v2.6.3@sha256:0cc1f82953d9598eb9e9dd11cbde1f50fe54f9c46c4506b089e8ad7bfc9d1f0c
+            tag: v2.7.2@sha256:6a2952539e2a9c8adcf6fb74850bb1ba7e1db2804050acea21baafdc9154c430
          env:
            - name: TZ
              value: America/Chicago
--- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
@@ -1,7 +1,7 @@
 dependencies:
 - name: kube-prometheus-stack
  repository: oci://ghcr.io/prometheus-community/charts
-  version: 83.0.0
+  version: 83.0.2
 - name: prometheus-operator-crds
  repository: oci://ghcr.io/prometheus-community/charts
  version: 28.0.1
@@ -11,5 +11,5 @@ dependencies:
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.5.0
-digest: sha256:73bade97f20d9611f03cb3bb16173efb491993a69a1fb8e22eed2c19d535ca2b
+digest: sha256:0675ee4a9de34b23c744f521be309f7ad6860af74f8e7faeaa44bf26fda72d08
-generated: "2026-04-06T21:02:50.314276855Z"
+generated: "2026-04-07T22:42:15.723825441Z"
--- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
+++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
@@ -5,6 +5,7 @@ description: Kube Prometheus Stack
 keywords:
  - kube-prometheus-stack
  - prometheus
  - metrics
 home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/
 sources:
  - https://github.com/prometheus/prometheus
@@ -19,7 +20,7 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: kube-prometheus-stack
-    version: 83.0.0
+    version: 83.0.2
    repository: oci://ghcr.io/prometheus-community/charts
  - name: prometheus-operator-crds
    version: 28.0.1
--- a/clusters/cl01tl/helm/libation/values.yaml
+++ b/clusters/cl01tl/helm/libation/values.yaml
@@ -30,7 +30,7 @@ libation:
        main:
          image:
            repository: ubuntu
-            tag: resolute-20260401@sha256:a072b64036a738e55bff8f9a9682cbb893bf20c213772effc1de8dee8df1cea9
+            tag: resolute-20260404@sha256:cc925e589b7543b910fea57a240468940003fbfc0515245a495dd0ad8fe7cef1
          command:
            - "sleep"
            - "infinity"
--- a/clusters/cl01tl/helm/lidarr/values.yaml
+++ b/clusters/cl01tl/helm/lidarr/values.yaml
@@ -14,7 +14,7 @@ lidarr:
        main:
          image:
            repository: ghcr.io/linuxserver/lidarr
-            tag: 3.1.2-nightly@sha256:0fc8d169a0740a77e03ec0e5eaee1ce2db0d882fc0bb8d0a26fd77a8beaad8e9
+            tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda
          env:
            - name: TZ
              value: America/Chicago
--- a/clusters/cl01tl/helm/ollama/Chart.yaml
+++ b/clusters/cl01tl/helm/ollama/Chart.yaml
@@ -31,4 +31,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
 # renovate: datasource=github-releases depName=ollama/ollama
-appVersion: 0.20.2
+appVersion: 0.20.3
--- a/clusters/cl01tl/helm/ollama/values.yaml
+++ b/clusters/cl01tl/helm/ollama/values.yaml
@@ -21,7 +21,7 @@ ollama:
        main:
          image:
            repository: ollama/ollama
-            tag: 0.20.2@sha256:0455f166da85b1d07f694c33ba09278ca649603c0611ba8e46272b16eed7fccd
+            tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
          env:
            - name: OLLAMA_KEEP_ALIVE
              value: 24h
@@ -55,7 +55,7 @@ ollama:
        main:
          image:
            repository: ollama/ollama
-            tag: 0.20.2@sha256:0455f166da85b1d07f694c33ba09278ca649603c0611ba8e46272b16eed7fccd
+            tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
          env:
            - name: OLLAMA_KEEP_ALIVE
              value: 24h
@@ -89,7 +89,7 @@ ollama:
        main:
          image:
            repository: ollama/ollama
-            tag: 0.20.2@sha256:0455f166da85b1d07f694c33ba09278ca649603c0611ba8e46272b16eed7fccd
+            tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
          env:
            - name: OLLAMA_KEEP_ALIVE
              value: 24h
--- a/clusters/cl01tl/helm/roundcube/values.yaml
+++ b/clusters/cl01tl/helm/roundcube/values.yaml
@@ -56,7 +56,7 @@ roundcube:
        nginx:
          image:
            repository: nginx
-            tag: 1.29.7-alpine-slim@sha256:0848ca84c476868cbeb6a5c2c009a98821b8540f96c44b1ba06820db50262e35
+            tag: 1.29.8-alpine-slim@sha256:34311a2592ef8b857ca342b0d458d2978e4d05ae620ba2da5030f3d7c9b4774c
          env:
            - name: NGINX_HOST
              value: mail.alexlebens.net
--- a/clusters/cl01tl/helm/rybbit/values.yaml
+++ b/clusters/cl01tl/helm/rybbit/values.yaml
@@ -112,7 +112,7 @@ rybbit:
        main:
          image:
            repository: clickhouse/clickhouse-server
-            tag: 26.3.3@sha256:5cfbc0598ee3bd850ac1b2ab150e6c9ec7b9207f1a97617e015325fb5df053d0
+            tag: 26.3.4@sha256:e9de4678349386db2bd6282aa71e93ef465912ae9fa419ead2e83eb1cbce7a4a
          env:
            - name: CLICKHOUSE_DB
              value: analytics
--- a/clusters/cl01tl/helm/s3-exporter/Chart.yaml
+++ b/clusters/cl01tl/helm/s3-exporter/Chart.yaml
@@ -5,6 +5,7 @@ description: S3 Exporter
 keywords:
  - s3-exporter
  - storage
  - metrics
 home: https://docs.alexlebens.dev/applications/s3-exporter/
 sources:
  - https://github.com/molu8bits/s3bucket_exporter
--- a/clusters/cl01tl/helm/searxng/values.yaml
+++ b/clusters/cl01tl/helm/searxng/values.yaml
@@ -57,7 +57,7 @@ searxng:
        valkey:
          image:
            repository: valkey/valkey
-            tag: 9.0.0-alpine@sha256:bef37d06d4856710973ee31dd1eac1482e4c8e6e7b847f999ad25433e646587b
+            tag: 9.0.3-alpine@sha256:e1095c6c76ee982cb2d1e07edbb7fb2a53606630a1d810d5a47c9f646b708bf5
  service:
    api:
      controller: api
--- a/clusters/cl01tl/helm/seerr/Chart.lock
+++ b/clusters/cl01tl/helm/seerr/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: seerr-chart
  repository: oci://ghcr.io/seerr-team/seerr
-  version: 3.3.1
+  version: 3.4.0
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
-digest: sha256:125b2384418dda2ccf6ee188d61daf1e78f2faa3bf1ee4a81c2d0f741967ca5f
+digest: sha256:0ae90021bff10a9790f29f40f57607c9212e4e793078d62c9aeab833066b2d4e
-generated: "2026-03-31T13:05:18.964064368Z"
+generated: "2026-04-07T22:03:12.12671791Z"
--- a/clusters/cl01tl/helm/seerr/Chart.yaml
+++ b/clusters/cl01tl/helm/seerr/Chart.yaml
@@ -17,7 +17,7 @@ maintainers:
 dependencies:
  - name: seerr-chart
    repository: oci://ghcr.io/seerr-team/seerr
-    version: 3.3.1
+    version: 3.4.0
  - name: volsync-target
    alias: volsync-target-config
    version: 0.8.0
--- a/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml
+++ b/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml
@@ -5,6 +5,7 @@ description: Speedtest Exporter
 keywords:
  - speedtest-exporter
  - internet-speed
  - metrics
 home: https://docs.alexlebens.dev/applications/speedtest-exporter/
 sources:
  - https://github.com/MiguelNdeCarvalho/speedtest-exporter
--- a/clusters/cl01tl/helm/tailscale-operator/Chart.lock
+++ b/clusters/cl01tl/helm/tailscale-operator/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: tailscale-operator
  repository: https://pkgs.tailscale.com/helmcharts
-  version: 1.94.2
+  version: 1.96.5
-digest: sha256:cf509332b17c0dc32d3a89f0661e500d7dc5c29814dc982c9f5607e424669002
+digest: sha256:d7352b6781e248f6fc6bbb06e994c76eed77f06b3beaac6a5707e77df72ccc7d
-generated: "2026-02-14T00:21:25.854980371Z"
+generated: "2026-04-07T22:47:27.933877961Z"
--- a/clusters/cl01tl/helm/tailscale-operator/Chart.yaml
+++ b/clusters/cl01tl/helm/tailscale-operator/Chart.yaml
@@ -17,8 +17,8 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: tailscale-operator
-    version: 1.94.2
+    version: 1.96.5
    repository: https://pkgs.tailscale.com/helmcharts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
 # renovate: datasource=docker depName=tailscale/tailscale
-appVersion: v1.94.2
+appVersion: v1.96.5
--- a/clusters/cl01tl/helm/tailscale-operator/templates/dns-config.yaml
+++ b/clusters/cl01tl/helm/tailscale-operator/templates/dns-config.yaml
@@ -12,4 +12,4 @@ spec:
    image:
      repo: tailscale/k8s-nameserver
      # renovate: datasource=docker depName=tailscale/k8s-nameserver
-      tag: v1.94.2
+      tag: v1.96.5
--- a/clusters/cl01tl/helm/tailscale-operator/values.yaml
+++ b/clusters/cl01tl/helm/tailscale-operator/values.yaml
@@ -5,7 +5,7 @@ tailscale-operator:
      - "tag:k8s-operator"
    image:
      repository: tailscale/k8s-operator
-      tag: v1.94.2
+      tag: v1.96.5
      digest: sha256:7956bd50dca9dc804b98720df94d112b54af85449ed0bf8cc7fad0346b225067
    hostname: tailscale-operator-cl01tl
  ingressClass:
@@ -13,6 +13,6 @@ tailscale-operator:
  proxyConfig:
    image:
      repository: tailscale/tailscale
-      tag: v1.94.2
+      tag: v1.96.5
      digest: sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
    defaultProxyClass: no-metrics
--- a/clusters/cl01tl/helm/talos/values.yaml
+++ b/clusters/cl01tl/helm/talos/values.yaml
@@ -376,7 +376,7 @@ etcd-defrag:
      cronjob:
        suspend: false
        timeZone: America/Chicago
-        schedule: "0 0 * * 0"
+        schedule: 0 0 * * 0
        backoffLimit: 3
        parallelism: 1
      containers:
@@ -404,7 +404,7 @@ etcd-defrag:
      cronjob:
        suspend: false
        timeZone: America/Chicago
-        schedule: "10 0 * * 0"
+        schedule: 10 0 * * 0
        backoffLimit: 3
        parallelism: 1
      containers:
@@ -432,7 +432,7 @@ etcd-defrag:
      cronjob:
        suspend: false
        timeZone: America/Chicago
-        schedule: "20 0 * * 0"
+        schedule: 20 0 * * 0
        backoffLimit: 3
        parallelism: 1
      containers:
--- a/clusters/cl01tl/helm/tdarr/Chart.yaml
+++ b/clusters/cl01tl/helm/tdarr/Chart.yaml
@@ -5,16 +5,16 @@ description: Tdarr
 keywords:
  - tdarr
  - video
-  - transcode
+home: https://docs.alexlebens.dev/applications/tdarr/
  - healthchecks
 home: https://wiki.alexlebens.dev/s/0a8c0a10-7847-4081-8a4b-5e6ac4cb1d62
 sources:
  - https://github.com/HaveAGitGat/Tdarr
  - https://github.com/homeylab/tdarr-exporter
  - https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr
  - https://github.com/users/haveagitgat/packages/container/package/tdarr_node
  - https://hub.docker.com/r/homeylab/tdarr-exporter
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
@@ -34,5 +34,5 @@ dependencies:
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png
-# renovate: datasource=github-releases depName=HaveAGitGat/Tdarr
+# renovate: datasource=docker depName=ghcr.io/haveagitgat/tdarr
 appVersion: 2.58.02
--- a/clusters/cl01tl/helm/tdarr/values.yaml
+++ b/clusters/cl01tl/helm/tdarr/values.yaml
@@ -4,16 +4,18 @@ tdarr:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
+      pod:
        securityContext:
          fsGroup: 1000
          fsGroupChangePolicy: OnRootMismatch
      containers:
        main:
          image:
            repository: ghcr.io/haveagitgat/tdarr
-            tag: 2.67.01
+            tag: 2.67.01@sha256:048ae8ed4de8e9f0de51ad739b2105bee3e4d1a8575120df468cec5f6ef2b1da
            pullPolicy: IfNotPresent
          env:
            - name: TZ
-              value: US/Central
+              value: America/Chicago
            - name: PUID
              value: "1001"
            - name: PGID
@@ -36,12 +38,11 @@ tdarr:
              value: "8265"
          resources:
            requests:
-              cpu: 200m
+              cpu: 500m
-              memory: 1Gi
+              memory: 2Gi
    node:
      type: statefulset
      replicas: 3
      revisionHistoryLimit: 3
      statefulset:
        volumeClaimTemplates:
          - name: transcode-cache
@@ -67,11 +68,10 @@ tdarr:
        main:
          image:
            repository: ghcr.io/haveagitgat/tdarr_node
-            tag: 2.67.01
+            tag: 2.67.01@sha256:dc23becc667f77d2489b1042bd3af87fdd2fd85c2802e126928ef2ced9a8f560
            pullPolicy: IfNotPresent
          env:
            - name: TZ
-              value: US/Central
+              value: America/Chicago
            - name: PUID
              value: "1001"
            - name: PGID
@@ -96,7 +96,7 @@ tdarr:
            requests:
              gpu.intel.com/i915: 1
              cpu: 10m
-              memory: 512Mi
+              memory: 100Mi
  service:
    api:
      controller: server
@@ -104,14 +104,12 @@ tdarr:
        http:
          port: 8266
          targetPort: 8266
          protocol: HTTP
    web:
      controller: server
      ports:
        http:
          port: 8265
          targetPort: 8265
          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
@@ -124,11 +122,8 @@ tdarr:
        - tdarr.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
+            - name: tdarr-web
              kind: Service
              name: tdarr-web
              port: 8265
              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -139,7 +134,6 @@ tdarr:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 50Gi
      retain: true
      advancedMounts:
        server:
          main:
@@ -150,7 +144,6 @@ tdarr:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 50Gi
      retain: true
      advancedMounts:
        server:
          main:
@@ -177,8 +170,7 @@ tdarr:
 tdarr-exporter:
  image:
    name: homeylab/tdarr-exporter
-    # renovate: datasource=docker depName=homeylab/tdarr-exporter
+    tag: 1.4.3@sha256:88254cb505bfff20e86e04fa23a71789a411e7939e3bcbccbd5ef397ff91d052
    tag: 1.4.3
  metrics:
    serviceMonitor:
      enabled: true
@@ -188,8 +180,8 @@ tdarr-exporter:
      verify_ssl: false
  resources:
    requests:
-      cpu: 10m
+      cpu: 1m
-      memory: 256Mi
+      memory: 10Mi
 volsync-target-config:
  pvcTarget: tdarr-config
  local:
--- a/clusters/cl01tl/helm/traefik/Chart.yaml
+++ b/clusters/cl01tl/helm/traefik/Chart.yaml
@@ -5,12 +5,11 @@ description: Traefik
 keywords:
  - traefik
  - reverse-proxy
-  - tls
+home: https://docs.alexlebens.dev/applications/traefik/
  - kubernetes
 home: https://wiki.alexlebens.dev/s/541ec45c-6cf7-4be6-bb08-63cab175e7cb
 sources:
  - https://github.com/traefik/traefik
-  - https://github.com/traefik/traefik-helm-chart
+  - https://github.com/traefik/traefik-helm-chart/tree/master/traefik
  - https://github.com/traefik/traefik-helm-chart/tree/master/traefik-crds
 maintainers:
  - name: alexlebens
 dependencies:
@@ -22,4 +21,4 @@ dependencies:
    repository: https://traefik.github.io/charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/traefik.png
 # renovate: datasource=github-releases depName=traefik/traefik
-appVersion: v3.6.12
+appVersion: v3.6.13
--- a/clusters/cl01tl/helm/traefik/values.yaml
+++ b/clusters/cl01tl/helm/traefik/values.yaml
@@ -1,4 +1,8 @@
 traefik:
  image:
    registry: docker.io
    repository: traefik
    tag: v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
  deployment:
    kind: DaemonSet
  ingressClass:
@@ -39,6 +43,11 @@ traefik:
      enabled: true
      matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`)))
      entryPoints: ["websecure"]
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  providers:
    kubernetesCRD:
      allowCrossNamespace: true
@@ -58,8 +67,23 @@ traefik:
      serviceMonitor:
        enabled: true
      prometheusRule:
-        enabled: false
+        enabled: true
        rules:
          - alert: TraefikDown
            expr: up{job="traefik"} == 0
            for: 5m
            labels:
              context: traefik
              severity: warning
            annotations:
              summary: "Traefik Down"
              description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
  global:
    checkNewVersion: false
  ports:
    traefik:
      expose:
        default: false
    web:
      port: 8000
      expose:
@@ -77,14 +101,12 @@ traefik:
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
      proxyProtocol:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
    websecure:
      port: 8443
      expose:
@@ -102,22 +124,18 @@ traefik:
          allowEncodedPercent: true
          allowEncodedQuestionMark: true
          allowEncodedHash: true
        tls:
          enabled: true
      forwardedHeaders:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
      proxyProtocol:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
    ssh:
      port: 22
      expose:
@@ -129,14 +147,12 @@ traefik:
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
      proxyProtocol:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
    metrics:
      expose:
        default: false
@@ -145,6 +161,10 @@ traefik:
    type: LoadBalancer
    externalIPs:
      - 10.232.1.21
  resources:
    requests:
      cpu: 10m
      memory: 100Mi
 traefik-crds:
  enabled: true
  traefik: true
--- a/clusters/cl01tl/helm/tubearchivist/Chart.lock
+++ b/clusters/cl01tl/helm/tubearchivist/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
  version: 4.6.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.4.0
+  version: 0.5.0
-digest: sha256:39a57c1505ed39180cffe9153ce69233c2376ba62c9287bc411071cf986f44de
+digest: sha256:bbceeb6ebc7a358798e706280aa2eaba8b47b018ea0fb736b30ece5419979c4e
-generated: "2026-03-09T23:08:53.501770729Z"
+generated: "2026-04-07T19:36:53.116343-05:00"
--- a/clusters/cl01tl/helm/tubearchivist/Chart.yaml
+++ b/clusters/cl01tl/helm/tubearchivist/Chart.yaml
@@ -4,15 +4,17 @@ version: 1.0.0
 description: Tube Archivist
 keywords:
  - tubearchivist
  - download
  - video
-  - youtube
+home: https://docs.alexlebens.dev/applications/tubearchivist/
 home: https://wiki.alexlebens.dev/s/9a5f89bb-3cae-43ab-b651-d39f69a05e93
 sources:
  - https://github.com/tubearchivist/tubearchivist
-  - https://github.com/elastic/elasticsearch
+  - https://github.com/Brainicism/bgutil-ytdlp-pot-provider
  - https://github.com/qdm12/gluetun
  - https://hub.docker.com/r/bbilly1/tubearchivist
  - https://hub.docker.com/r/brainicism/bgutil-ytdlp-pot-provider
  - https://github.com/qdm12/gluetun/pkgs/container/gluetun
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
 maintainers:
  - name: alexlebens
 dependencies:
@@ -22,7 +24,7 @@ dependencies:
    version: 4.6.2
  - name: valkey
    alias: valkey
-    version: 0.4.0
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png
 # renovate: datasource=github-releases depName=tubearchivist/tubearchivist
--- a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
@@ -14,17 +14,11 @@ spec:
  data:
    - secretKey: ELASTIC_PASSWORD
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/tubearchivist/env
        metadataPolicy: None
        property: ELASTIC_PASSWORD
    - secretKey: TA_PASSWORD
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/tubearchivist/env
        metadataPolicy: None
        property: TA_PASSWORD
 ---
@@ -44,24 +38,15 @@ spec:
  data:
    - secretKey: username
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/tubearchivist/elasticsearch
        metadataPolicy: None
        property: username
    - secretKey: password
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/tubearchivist/elasticsearch
        metadataPolicy: None
        property: password
    - secretKey: roles
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/tubearchivist/elasticsearch
        metadataPolicy: None
        property: roles
 ---
@@ -81,29 +66,17 @@ spec:
  data:
    - secretKey: private-key
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /airvpn/conf/cl01tl
        metadataPolicy: None
        property: private-key
    - secretKey: preshared-key
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /airvpn/conf/cl01tl
        metadataPolicy: None
        property: preshared-key
    - secretKey: addresses
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /airvpn/conf/cl01tl
        metadataPolicy: None
        property: addresses
    - secretKey: input-ports
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /airvpn/conf/cl01tl
        metadataPolicy: None
        property: input-ports
--- a/clusters/cl01tl/helm/tubearchivist/values.yaml
+++ b/clusters/cl01tl/helm/tubearchivist/values.yaml
@@ -4,13 +4,15 @@ tubearchivist:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
+      pod:
        securityContext:
          fsGroup: 1000
          fsGroupChangePolicy: OnRootMismatch
      containers:
        main:
          image:
            repository: bbilly1/tubearchivist
-            tag: v0.5.10
+            tag: v0.5.10@sha256:dfe723cf008520e1758ecc3e59e6ea8761dd10d5bb099cd87289e80f5bd66567
            pullPolicy: IfNotPresent
          env:
            - name: TZ
              value: America/Chicago
@@ -40,13 +42,11 @@ tubearchivist:
        bgutil:
          image:
            repository: brainicism/bgutil-ytdlp-pot-provider
-            tag: 1.3.1
+            tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b
            pullPolicy: IfNotPresent
        gluetun:
          image:
            repository: ghcr.io/qdm12/gluetun
            tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
            pullPolicy: IfNotPresent
          lifecycle:
            postStart:
              exec:
@@ -106,8 +106,6 @@ tubearchivist:
              devic.es/tun: "1"
            requests:
              devic.es/tun: "1"
              cpu: 10m
              memory: 128Mi
  service:
    main:
      controller: main
@@ -115,7 +113,6 @@ tubearchivist:
        http:
          port: 80
          targetPort: 24000
          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
@@ -128,11 +125,8 @@ tubearchivist:
        - tubearchivist.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
+            - name: tubearchivist
              kind: Service
              name: tubearchivist
              port: 80
              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -142,7 +136,6 @@ tubearchivist:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 40Gi
      retain: true
      advancedMounts:
        main:
          main:
@@ -157,10 +150,6 @@ tubearchivist:
              readOnly: false
 valkey:
  valkey:
    resources:
      requests:
        cpu: 100m
        memory: 1Gi
    dataStorage:
      requestedSize: 10Gi
    replica:
--- a/clusters/cl01tl/helm/unpackerr/Chart.yaml
+++ b/clusters/cl01tl/helm/unpackerr/Chart.yaml
@@ -6,7 +6,7 @@ keywords:
  - unpackerr
  - archive
  - servarr
-home: https://wiki.alexlebens.dev/s/7d3193ee-4ca3-4477-bdb0-44f2258bc088
+home: https://docs.alexlebens.dev/applications/unpackerr/
 sources:
  - https://github.com/Unpackerr/unpackerr
  - https://hub.docker.com/r/golift/unpackerr
--- a/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml
@@ -14,57 +14,33 @@ spec:
  data:
    - secretKey: UN_SONARR_0_API_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/sonarr4/key
        metadataPolicy: None
        property: key
    - secretKey: UN_SONARR_1_API_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/sonarr4-4k/key
        metadataPolicy: None
        property: key
    - secretKey: UN_SONARR_2_API_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/sonarr4-anime/key
        metadataPolicy: None
        property: key
    - secretKey: UN_RADARR_0_API_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/radarr5/key
        metadataPolicy: None
        property: key
    - secretKey: UN_RADARR_1_API_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/radarr5-4k/key
        metadataPolicy: None
        property: key
    - secretKey: UN_RADARR_2_API_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/radarr5-anime/key
        metadataPolicy: None
        property: key
    - secretKey: UN_RADARR_3_API_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/radarr5-standup/key
        metadataPolicy: None
        property: key
    - secretKey: UN_LIDARR_0_API_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/lidarr2/key
        metadataPolicy: None
        property: key
--- a/clusters/cl01tl/helm/unpackerr/values.yaml
+++ b/clusters/cl01tl/helm/unpackerr/values.yaml
@@ -4,16 +4,18 @@ unpackerr:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
+      pod:
        securityContext:
          fsGroup: 1000
          fsGroupChangePolicy: OnRootMismatch
      containers:
        main:
          image:
            repository: golift/unpackerr
-            tag: 0.15.2
+            tag: 0.15.2@sha256:057e34740d26c34d81ec8e2faf8ec11f8dbfc77489b7a42826f52b37e5ee1b6c
            pullPolicy: IfNotPresent
          env:
            - name: TZ
-              value: US/Central
+              value: America/Chicago
            - name: UN_WEBSERVER_METRICS
              value: true
            - name: UN_SONARR_0_URL
@@ -54,7 +56,7 @@ unpackerr:
          resources:
            requests:
              cpu: 10m
-              memory: 128Mi
+              memory: 10Mi
  persistence:
    storage:
      existingClaim: unpackerr-nfs-storage
--- a/clusters/cl01tl/helm/unpoller/Chart.yaml
+++ b/clusters/cl01tl/helm/unpoller/Chart.yaml
@@ -5,9 +5,8 @@ description: Unpoller
 keywords:
  - unpoller
  - ubiquiti
  - unifi
  - metrics
-home: https://wiki.alexlebens.dev/s/cac4e7b1-3d8e-4a32-993c-c6b3f1d2c344
+home: https://docs.alexlebens.dev/applications/unpoller/
 sources:
  - https://github.com/unpoller/unpoller
  - https://github.com/unpoller/unpoller/pkgs/container/unpoller
@@ -19,6 +18,6 @@ dependencies:
    alias: unpoller
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
-icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/ubiquiti-unifi.png
 # renovate: datasource=github-releases depName=unpoller/unpoller
 appVersion: v2.39.0
--- a/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml
@@ -14,15 +14,9 @@ spec:
  data:
    - secretKey: UP_UNIFI_CONTROLLER_0_USER
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /unifi/auth/cl01tl
        metadataPolicy: None
        property: user
    - secretKey: UP_UNIFI_CONTROLLER_0_PASS
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /unifi/auth/cl01tl
        metadataPolicy: None
        property: password
--- a/clusters/cl01tl/helm/unpoller/values.yaml
+++ b/clusters/cl01tl/helm/unpoller/values.yaml
@@ -4,16 +4,14 @@ unpoller:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/unpoller/unpoller
-            tag: v2.39.0
+            tag: v2.39.0@sha256:1cf63ad43121acc6995da1bd636063de9023b4bfc16599a4297951a6fb6b7fd2
            pullPolicy: IfNotPresent
          env:
            - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS
-              value: 'false'
+              value: 'true'
            - name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES
              value: 'false'
            - name: UP_UNIFI_CONTROLLER_0_SAVE_DPI
@@ -21,7 +19,7 @@ unpoller:
            - name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS
              value: 'false'
            - name: UP_UNIFI_CONTROLLER_0_SAVE_IDS
-              value: 'false'
+              value: 'true'
            - name: UP_UNIFI_CONTROLLER_0_SAVE_SITES
              value: 'true'
            - name: UP_UNIFI_CONTROLLER_0_URL
@@ -44,7 +42,7 @@ unpoller:
          resources:
            requests:
              cpu: 10m
-              memory: 64Mi
+              memory: 20Mi
  service:
    main:
      controller: main
@@ -52,7 +50,6 @@ unpoller:
        metrics:
          port: 9130
          targetPort: 9130
          protocol: TCP
  serviceMonitor:
    main:
      selector:
--- a/clusters/cl01tl/helm/vault/Chart.yaml
+++ b/clusters/cl01tl/helm/vault/Chart.yaml
@@ -5,7 +5,7 @@ description: Vault
 keywords:
  - vault
  - secrets
-home: https://wiki.alexlebens.dev/s/5e40fae1-53a5-4bd0-9953-6fcbe88f1987
+home: https://docs.alexlebens.dev/applications/vault/
 sources:
  - https://github.com/hashicorp/vault
  - https://github.com/Angatar/s3cmd
@@ -29,6 +29,6 @@ dependencies:
    alias: unseal
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png
 # renovate: datasource=github-releases depName=hashicorp/vault
 appVersion: 1.21.4
--- a/clusters/cl01tl/helm/vault/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/vault/templates/external-secret.yaml
@@ -14,17 +14,11 @@ spec:
  data:
    - secretKey: VAULT_APPROLE_ROLE_ID
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/snapshot
        metadataPolicy: None
        property: VAULT_APPROLE_ROLE_ID
    - secretKey: VAULT_APPROLE_SECRET_ID
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/snapshot
        metadataPolicy: None
        property: VAULT_APPROLE_SECRET_ID
 ---
@@ -44,17 +38,11 @@ spec:
  data:
    - secretKey: .s3cfg
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /garage/home-infra/vault-backups
        metadataPolicy: None
        property: s3cfg-local
    - secretKey: BUCKET
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /garage/home-infra/vault-backups
        metadataPolicy: None
        property: BUCKET
 ---
@@ -74,17 +62,11 @@ spec:
  data:
    - secretKey: .s3cfg
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /garage/home-infra/vault-backups
        metadataPolicy: None
        property: s3cfg-remote
    - secretKey: BUCKET
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /garage/home-infra/vault-backups
        metadataPolicy: None
        property: BUCKET
 ---
@@ -104,17 +86,11 @@ spec:
  data:
    - secretKey: .s3cfg
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /digital-ocean/home-infra/vault-backup
        metadataPolicy: None
        property: s3cfg
    - secretKey: BUCKET
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /digital-ocean/home-infra/vault-backup
        metadataPolicy: None
        property: BUCKET
 ---
@@ -134,24 +110,15 @@ spec:
  data:
    - secretKey: NTFY_TOKEN
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /ntfy/user/cl01tl
        metadataPolicy: None
        property: token
    - secretKey: NTFY_ENDPOINT
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /ntfy/user/cl01tl
        metadataPolicy: None
        property: endpoint
    - secretKey: NTFY_TOPIC
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/snapshot
        metadataPolicy: None
        property: NTFY_TOPIC
 ---
@@ -171,66 +138,39 @@ spec:
  data:
    - secretKey: ENVIRONMENT
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
        property: ENVIRONMENT
    - secretKey: CHECK_INTERVAL
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
        property: CHECK_INTERVAL
    - secretKey: MAX_CHECK_INTERVAL
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
        property: MAX_CHECK_INTERVAL
    - secretKey: NODES
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
        property: NODES
    - secretKey: TLS_SKIP_VERIFY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
        property: TLS_SKIP_VERIFY
    - secretKey: TOKENS
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
        property: TOKENS
    - secretKey: EMAIL_ENABLED
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
        property: EMAIL_ENABLED
    - secretKey: NOTIFY_MAX_ELAPSED
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
        property: NOTIFY_MAX_ELAPSED
    - secretKey: NOTIFY_QUEUE_DELAY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-1
        metadataPolicy: None
        property: NOTIFY_QUEUE_DELAY
 ---
@@ -250,66 +190,39 @@ spec:
  data:
    - secretKey: ENVIRONMENT
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
        property: ENVIRONMENT
    - secretKey: CHECK_INTERVAL
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
        property: CHECK_INTERVAL
    - secretKey: MAX_CHECK_INTERVAL
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
        property: MAX_CHECK_INTERVAL
    - secretKey: NODES
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
        property: NODES
    - secretKey: TLS_SKIP_VERIFY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
        property: TLS_SKIP_VERIFY
    - secretKey: TOKENS
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
        property: TOKENS
    - secretKey: EMAIL_ENABLED
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
        property: EMAIL_ENABLED
    - secretKey: NOTIFY_MAX_ELAPSED
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
        property: NOTIFY_MAX_ELAPSED
    - secretKey: NOTIFY_QUEUE_DELAY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-2
        metadataPolicy: None
        property: NOTIFY_QUEUE_DELAY
 ---
@@ -329,66 +242,39 @@ spec:
  data:
    - secretKey: ENVIRONMENT
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
        property: ENVIRONMENT
    - secretKey: CHECK_INTERVAL
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
        property: CHECK_INTERVAL
    - secretKey: MAX_CHECK_INTERVAL
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
        property: MAX_CHECK_INTERVAL
    - secretKey: NODES
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
        property: NODES
    - secretKey: TLS_SKIP_VERIFY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
        property: TLS_SKIP_VERIFY
    - secretKey: TOKENS
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
        property: TOKENS
    - secretKey: EMAIL_ENABLED
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
        property: EMAIL_ENABLED
    - secretKey: NOTIFY_MAX_ELAPSED
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
        property: NOTIFY_MAX_ELAPSED
    - secretKey: NOTIFY_QUEUE_DELAY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/unseal/config-3
        metadataPolicy: None
        property: NOTIFY_QUEUE_DELAY
 ---
@@ -408,43 +294,25 @@ spec:
  data:
    - secretKey: token
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/token
        metadataPolicy: None
        property: token
    - secretKey: unseal_key_1
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/token
        metadataPolicy: None
        property: unseal_key_1
    - secretKey: unseal_key_2
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/token
        metadataPolicy: None
        property: unseal_key_2
    - secretKey: unseal_key_3
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/token
        metadataPolicy: None
        property: unseal_key_3
    - secretKey: unseal_key_4
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/token
        metadataPolicy: None
        property: unseal_key_4
    - secretKey: unseal_key_5
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/vault/token
        metadataPolicy: None
        property: unseal_key_5
--- a/clusters/cl01tl/helm/vault/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/vault/templates/http-route.yaml
@@ -25,4 +25,3 @@ spec:
          kind: Service
          name: vault-active
          port: 8200
          weight: 100
--- a/clusters/cl01tl/helm/vault/values.yaml
+++ b/clusters/cl01tl/helm/vault/values.yaml
@@ -1,9 +1,5 @@
 vault:
  global:
    enabled: true
    tlsDisable: true
    psp:
      enable: false
    serverTelemetry:
      prometheusOperator: true
  injector:
@@ -12,23 +8,16 @@ vault:
    enabled: true
    image:
      repository: hashicorp/vault
-      tag: 1.21.4
+      tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
-    updateStrategyType: "RollingUpdate"
+    updateStrategyType: RollingUpdate
    logLevel: debug
    logFormat: standard
    resources:
      requests:
        cpu: 50m
        memory: 512Mi
    ingress:
      enabled: false
    route:
      enabled: false
    authDelegator:
      enabled: false
    readinessProbe:
      enabled: true
      port: 8200
    livenessProbe:
      enabled: false
    volumes:
@@ -39,43 +28,17 @@ vault:
      - mountPath: /opt/backups/
        name: vault-storage-backup
        readOnly: false
    affinity: |
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchLabels:
                app.kubernetes.io/name: {{ template "vault.name" . }}
                app.kubernetes.io/instance: "{{ .Release.Name }}"
                component: server
            topologyKey: kubernetes.io/hostname
    networkPolicy:
      enabled: false
    service:
      enabled: true
      active:
        enabled: true
      standby:
        enabled: false
      type: ClusterIP
      port: 8200
      targetPort: 8200
    dataStorage:
      enabled: true
      size: 1Gi
-      mountPath: "/vault/data"
+      storageClass: ceph-block
      accessMode: ReadWriteOnce
    auditStorage:
      enabled: false
      size: 5Gi
-      mountPath: "/vault/audit"
+      storageClass: ceph-block
      accessMode: ReadWriteOnce
    dev:
      enabled: false
    standalone:
      enabled: false
    ha:
      enabled: true
      replicas: 3
      raft:
        enabled: true
        config: |
@@ -109,30 +72,12 @@ vault:
            prometheus_retention_time = "30s"
            disable_hostname = true
          }
      disruptionBudget:
        enabled: true
-        maxUnavailable: null
+        maxUnavailable: 1
    serviceAccount:
      create: true
      serviceDiscovery:
        enabled: true
    hostNetwork: false
  ui:
    enabled: true
    publishNotReadyAddresses: true
    activeVaultPodOnly: false
    serviceType: "ClusterIP"
    serviceNodePort: null
    externalPort: 8200
    targetPort: 8200
  csi:
    enabled: false
  serverTelemetry:
    serviceMonitor:
      enabled: true
      interval: 30s
      scrapeTimeout: 10s
    prometheusRules:
      enabled: true
      rules:
@@ -158,20 +103,15 @@ snapshot:
      type: cronjob
      cronjob:
        suspend: false
-        concurrencyPolicy: Forbid
+        timeZone: America/Chicago
        timeZone: US/Central
        schedule: 0 4 * * *
        startingDeadlineSeconds: 90
        successfulJobsHistory: 1
        failedJobsHistory: 3
        backoffLimit: 3
        parallelism: 1
      initContainers:
        snapshot:
          image:
            repository: hashicorp/vault
-            tag: 1.21.4
+            tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
            pullPolicy: IfNotPresent
          command:
            - /bin/ash
          args:
@@ -328,53 +268,47 @@ unseal:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/lrstanley/vault-unseal
-            tag: 0.7.2
+            tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
            pullPolicy: IfNotPresent
          envFrom:
            - secretRef:
                name: vault-unseal-config-1
          resources:
            requests:
-              cpu: 10m
+              cpu: 1m
-              memory: 24Mi
+              memory: 10Mi
    unseal-2:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/lrstanley/vault-unseal
-            tag: 0.7.2
+            tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
            pullPolicy: IfNotPresent
          envFrom:
            - secretRef:
                name: vault-unseal-config-2
          resources:
            requests:
-              cpu: 10m
+              cpu: 1m
-              memory: 24Mi
+              memory: 10Mi
    unseal-3:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/lrstanley/vault-unseal
-            tag: 0.7.2
+            tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
            pullPolicy: IfNotPresent
          envFrom:
            - secretRef:
                name: vault-unseal-config-3
          resources:
            requests:
-              cpu: 10m
+              cpu: 1m
-              memory: 24Mi
+              memory: 10Mi
--- a/clusters/cl01tl/helm/vaultwarden/Chart.lock
+++ b/clusters/cl01tl/helm/vaultwarden/Chart.lock
@@ -7,9 +7,9 @@ dependencies:
  version: 2.4.0
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.10.0
+  version: 7.11.2
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
-digest: sha256:6f78b41937412c1db5e0f612287d29ea81c1d9169b8a0efd98a0dd4be3e532d1
+digest: sha256:1b1949361ed77479733f8634a2ac6d74d4d8ba3144339446f5508643a0b57a31
-generated: "2026-03-15T20:10:47.852109985Z"
+generated: "2026-04-07T20:19:48.079671-05:00"
--- a/clusters/cl01tl/helm/vaultwarden/Chart.yaml
+++ b/clusters/cl01tl/helm/vaultwarden/Chart.yaml
@@ -4,17 +4,15 @@ version: 1.0.0
 description: Vaultwarden
 keywords:
  - vaultwarden
-  - bitwarden
+  - password-manager
-  - password
+home: https://docs.alexlebens.dev/applications/vault/
 home: https://wiki.alexlebens.dev/s/fecd00f9-ebce-43eb-b066-3721b15432e3
 sources:
  - https://github.com/dani-garcia/vaultwarden
-  - https://github.com/cloudflare/cloudflared
+  - https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden
  - https://github.com/cloudnative-pg/cloudnative-pg
  - https://hub.docker.com/r/vaultwarden/server
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
@@ -27,7 +25,7 @@ dependencies:
    version: 2.4.0
  - name: postgres-cluster
    alias: postgres-18-cluster
-    version: 7.10.0
+    version: 7.11.2
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: volsync-target
    alias: volsync-target-data
--- a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml
@@ -14,15 +14,9 @@ spec:
  data:
    - secretKey: client
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /authentik/oidc/vaultwarden
        metadataPolicy: None
        property: client
    - secretKey: secret
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /authentik/oidc/vaultwarden
        metadataPolicy: None
        property: secret
--- a/clusters/cl01tl/helm/vaultwarden/values.yaml
+++ b/clusters/cl01tl/helm/vaultwarden/values.yaml
@@ -4,13 +4,11 @@ vaultwarden:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
-            repository: vaultwarden/server
+            repository: ghcr.io/dani-garcia/vaultwarden
-            tag: 1.35.4
+            tag: 1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664
            pullPolicy: IfNotPresent
          env:
            - name: DOMAIN
              value: https://passwords.alexlebens.dev
@@ -44,7 +42,7 @@ vaultwarden:
          resources:
            requests:
              cpu: 10m
-              memory: 128Mi
+              memory: 30Mi
  service:
    main:
      controller: main
@@ -52,14 +50,12 @@ vaultwarden:
        http:
          port: 80
          targetPort: 80
          protocol: HTTP
  persistence:
    config:
      forceRename: vaultwarden-data
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
      retain: true
      advancedMounts:
        main:
          main:
@@ -78,35 +74,12 @@ postgres-18-cluster:
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
      # - name: garage-remote
      #   index: 1
      #   destinationBucket: postgres-backups
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   retentionPolicy: "90d"
      #   data:
      #     compression: bzip2
      # - name: external
      #   index: 1
      #   endpointURL: https://nyc3.digitaloceanspaces.com
      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 0 0 * * *"
        backupName: garage-local
      # - name: weekly-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 4 * * SAT"
      #   backupName: garage-remote
      # - name: daily-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 0 * * *"
      #   backupName: external
 volsync-target-data:
  pvcTarget: vaultwarden-data
  local:
--- a/clusters/cl01tl/helm/version-checker/Chart.yaml
+++ b/clusters/cl01tl/helm/version-checker/Chart.yaml
@@ -5,6 +5,7 @@ description: Version Checker
 keywords:
  - version-checker
  - update-tracker
  - metrics
 home: https://docs.alexlebens.dev/applications/version-checker/
 sources:
  - https://github.com/jetstack/version-checker
--- a/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml
+++ b/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml
@@ -0,0 +1,16 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: version-checker
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: version-checker
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  selector:
    matchLabels:
      app: version-checker
  endpoints:
    - port: web
      path: /metrics
--- a/clusters/cl01tl/helm/version-checker/values.yaml
+++ b/clusters/cl01tl/helm/version-checker/values.yaml
@@ -10,8 +10,7 @@ version-checker:
  resources:
    requests:
      cpu: 1m
-      memory: 40Mi
+      memory: 400Mi
  prometheus:
    enabled: true
    replicas: 1
    serviceAccountName: version-checker-prometheus
--- a/clusters/cl01tl/helm/volsync/Chart.yaml
+++ b/clusters/cl01tl/helm/volsync/Chart.yaml
@@ -5,12 +5,10 @@ description: Volsync
 keywords:
  - volsync
  - backup
-  - storage
+home: https://docs.alexlebens.dev/applications/volsync/
  - s3
  - kubernetes
 home: https://wiki.alexlebens.dev/s/6858726b-5219-46ee-b9b7-6e1f6c125f6b
 sources:
  - https://github.com/backube/volsync
  - https://quay.io/repository/backube/volsync?tab=tags
  - https://github.com/backube/volsync/tree/main/helm/volsync
 maintainers:
  - name: alexlebens
--- a/clusters/cl01tl/helm/volsync/values.yaml
+++ b/clusters/cl01tl/helm/volsync/values.yaml
@@ -1,15 +1,15 @@
 volsync:
  replicaCount: 2
  image:
    repository: quay.io/backube/volsync
    tag: 0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4
  manageCRDs: true
  metrics:
    disableAuth: true
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
        - ALL
    readOnlyRootFilesystem: true
  resources:
    limits:
      cpu: null
      memory: null
    requests:
-      cpu: 10m
+      cpu: 1m
-      memory: 128Mi
+      memory: 80Mi
--- a/clusters/cl01tl/helm/whodb/Chart.yaml
+++ b/clusters/cl01tl/helm/whodb/Chart.yaml
@@ -4,9 +4,8 @@ version: 1.0.0
 description: WhoDB
 keywords:
  - whodb
-  - postgresql
+  - database-dashboard
-  - database
+home: https://docs.alexlebens.dev/applications/whodb/
 home: https://wiki.alexlebens.dev/s/f329e026-7ade-4a3c-a5f1-1ac1492b9786
 sources:
  - https://github.com/clidey/whodb
  - https://hub.docker.com/r/clidey/whodb
--- a/clusters/cl01tl/helm/whodb/values.yaml
+++ b/clusters/cl01tl/helm/whodb/values.yaml
@@ -3,13 +3,11 @@ whodb:
    main:
      type: deployment
      replicas: 1
      strategy: Recreate
      containers:
        main:
          image:
            repository: clidey/whodb
-            tag: 0.104.0
+            tag: 0.104.0@sha256:ab485c021b862aac50bb88658f3342ca01d3eba33e933353692bc9989b2912c4
            pullPolicy: IfNotPresent
          env:
            - name: WHODB_OLLAMA_HOST
              value: ollama-server-2.ollama
@@ -17,8 +15,8 @@ whodb:
              value: 11434
          resources:
            requests:
-              cpu: 10m
+              cpu: 1m
-              memory: 256Mi
+              memory: 20Mi
  service:
    main:
      controller: main
@@ -26,7 +24,6 @@ whodb:
        http:
          port: 80
          targetPort: 8080
          protocol: TCP
  route:
    main:
      kind: HTTPRoute
@@ -39,11 +36,8 @@ whodb:
        - whodb.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
+            - name: whodb
              kind: Service
              name: whodb
              port: 80
              weight: 100
          matches:
            - path:
                type: PathPrefix
--- a/clusters/cl01tl/helm/yamtrack/Chart.lock
+++ b/clusters/cl01tl/helm/yamtrack/Chart.lock
@@ -4,9 +4,9 @@ dependencies:
  version: 4.6.2
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 7.10.0
+  version: 7.11.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.4.0
+  version: 0.5.0
-digest: sha256:71da007e1cef75e45b1678caa51b0d2317cb8f4dfdf7df675d534194f03650aa
+digest: sha256:473de03f0404ca8c53e85ea2a22797a8ba040102c6dca977face60f81f3130e4
-generated: "2026-03-15T20:11:03.591727143Z"
+generated: "2026-04-07T20:57:56.63402-05:00"
--- a/clusters/cl01tl/helm/yamtrack/Chart.yaml
+++ b/clusters/cl01tl/helm/yamtrack/Chart.yaml
@@ -4,15 +4,14 @@ version: 1.0.0
 description: Yamtrack
 keywords:
  - yamtrack
-  - media
+  - media-tracking
-  - jellyfin
+home: https://docs.alexlebens.dev/applications/yamtrack/
 home: https://wiki.alexlebens.dev/s/74f31779-734e-42d0-852e-efd57ebdc797
 sources:
  - https://github.com/FuzzyGrim/Yamtrack
  - https://github.com/cloudnative-pg/cloudnative-pg
  - https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
 maintainers:
  - name: alexlebens
 dependencies:
@@ -22,11 +21,11 @@ dependencies:
    version: 4.6.2
  - name: postgres-cluster
    alias: postgres-18-cluster
-    version: 7.10.0
+    version: 7.11.2
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: valkey
    alias: valkey
-    version: 0.4.0
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png
 # renovate: datasource=github-releases depName=FuzzyGrim/Yamtrack
--- a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml
@@ -14,10 +14,7 @@ spec:
  data:
    - secretKey: SECRET
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /cl01tl/yamtrack/config
        metadataPolicy: None
        property: SECRET
 ---
@@ -37,8 +34,5 @@ spec:
  data:
    - secretKey: SOCIALACCOUNT_PROVIDERS
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /authentik/oidc/yamtrack
        metadataPolicy: None
        property: SOCIALACCOUNT_PROVIDERS
--- a/clusters/cl01tl/helm/yamtrack/values.yaml
+++ b/clusters/cl01tl/helm/yamtrack/values.yaml
@@ -4,16 +4,14 @@ yamtrack:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: ghcr.io/fuzzygrim/yamtrack
-            tag: 0.25.0
+            tag: 0.25.0@sha256:df76008258452a6cda73d971dc4ffbcbca96c5220154a02c9b70bf0bb0e24931
            pullPolicy: IfNotPresent
          env:
            - name: TZ
-              value: US/Central
+              value: America/Chicago
            - name: URLS
              value: https://yamtrack.alexlebens.net
            - name: REGISTRATION
@@ -60,7 +58,7 @@ yamtrack:
          resources:
            requests:
              cpu: 10m
-              memory: 256Mi
+              memory: 380Mi
  service:
    main:
      controller: main
@@ -68,7 +66,6 @@ yamtrack:
        http:
          port: 80
          targetPort: 8000
          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
@@ -81,11 +78,8 @@ yamtrack:
        - yamtrack.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
+            - name: yamtrack
              kind: Service
              name: yamtrack
              port: 80
              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -103,32 +97,9 @@ postgres-18-cluster:
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
      # - name: garage-remote
      #   index: 1
      #   destinationBucket: postgres-backups
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   retentionPolicy: "90d"
      #   data:
      #     compression: bzip2
      # - name: external
      #   index: 1
      #   endpointURL: https://nyc3.digitaloceanspaces.com
      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 10 16 * * *"
        backupName: garage-local
      # - name: weekly-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 4 * * SAT"
      #   backupName: garage-remote
      # - name: daily-backup
      #   suspend: true
      #   immediate: true
      #   schedule: "0 0 0 * * *"
      #   backupName: external
--- a/clusters/cl01tl/helm/yubal/Chart.yaml
+++ b/clusters/cl01tl/helm/yubal/Chart.yaml
@@ -5,11 +5,11 @@ description: yubal
 keywords:
  - yubal
  - music
-  - youtube
+home: https://docs.alexlebens.dev/applications/yamtrack/
 home: https://wiki.alexlebens.dev/s/
 sources:
  - https://github.com/guillevc/yubal
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
@@ -21,5 +21,6 @@ dependencies:
    alias: volsync-target-config
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/yubal.png
 # renovate: datasource=github-releases depName=guillevc/yubal
 appVersion: v0.7.2
--- a/clusters/cl01tl/helm/yubal/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/yubal/templates/external-secret.yaml
@@ -1,42 +0,0 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: yubal-wireguard-conf
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: yubal-wireguard-conf
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  data:
    - secretKey: private-key
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /airvpn/conf/cl01tl
        metadataPolicy: None
        property: private-key
    - secretKey: preshared-key
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /airvpn/conf/cl01tl
        metadataPolicy: None
        property: preshared-key
    - secretKey: addresses
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /airvpn/conf/cl01tl
        metadataPolicy: None
        property: addresses
    - secretKey: input-ports
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: /airvpn/conf/cl01tl
        metadataPolicy: None
        property: input-ports
--- a/clusters/cl01tl/helm/yubal/templates/namespace.yaml
+++ b/clusters/cl01tl/helm/yubal/templates/namespace.yaml
@@ -1,11 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: yubal
  labels:
    app.kubernetes.io/name: yubal
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
--- a/clusters/cl01tl/helm/yubal/values.yaml
+++ b/clusters/cl01tl/helm/yubal/values.yaml
@@ -4,18 +4,17 @@ yubal:
      type: deployment
      replicas: 1
      strategy: Recreate
      revisionHistoryLimit: 3
      pod:
        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
          fsGroup: 1000
          fsGroupChangePolicy: OnRootMismatch
      containers:
        main:
          image:
            repository: ghcr.io/guillevc/yubal
            tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be
            pullPolicy: IfNotPresent
          env:
            - name: YUBAL_TZ
              value: America/Chicago
@@ -28,7 +27,7 @@ yubal:
          resources:
            requests:
              cpu: 10m
-              memory: 128Mi
+              memory: 200Mi
  service:
    main:
      controller: main
@@ -36,7 +35,6 @@ yubal:
        http:
          port: 80
          targetPort: 8000
          protocol: HTTP
  route:
    main:
      kind: HTTPRoute
@@ -49,11 +47,8 @@ yubal:
        - yubal.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
+            - name: yubal
              kind: Service
              name: yubal
              port: 80
              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -64,7 +59,6 @@ yubal:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 1Gi
      retain: true
      advancedMounts:
        main:
          main:
--- a/hosts/ps08rp/node-exporter/compose.yaml
+++ b/hosts/ps08rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.11.0@sha256:2f0cc335ef9ea15d6c96e1c0d693d8b57c0b794d0244b22313a6c162bd1cb1b8
+        image: quay.io/prometheus/node-exporter:v1.11.1@sha256:0f422f62c15f154af8d8572b23d623aebfb10cec73a5c654d18f911f3f9df241
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps08rp/traefik/compose.yaml
+++ b/hosts/ps08rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
+        image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps09rp/node-exporter/compose.yaml
+++ b/hosts/ps09rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.11.0@sha256:2f0cc335ef9ea15d6c96e1c0d693d8b57c0b794d0244b22313a6c162bd1cb1b8
+        image: quay.io/prometheus/node-exporter:v1.11.1@sha256:0f422f62c15f154af8d8572b23d623aebfb10cec73a5c654d18f911f3f9df241
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps09rp/traefik/compose.yaml
+++ b/hosts/ps09rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
+        image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps10rp/node-exporter/compose.yaml
+++ b/hosts/ps10rp/node-exporter/compose.yaml
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.11.0@sha256:2f0cc335ef9ea15d6c96e1c0d693d8b57c0b794d0244b22313a6c162bd1cb1b8
+        image: quay.io/prometheus/node-exporter:v1.11.1@sha256:0f422f62c15f154af8d8572b23d623aebfb10cec73a5c654d18f911f3f9df241
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps10rp/traefik/compose.yaml
+++ b/hosts/ps10rp/traefik/compose.yaml
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
+        image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
Author	SHA1	Message	Date
Renovate Bot	4ad6904837	Merge pull request 'chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273' (#5716 ) from renovate/unified-lidarr into main All checks were successful lint-test-helm / lint-helm (push) Successful in 23s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m40s Details	2026-04-08 05:02:47 +00:00
Renovate Bot	988e6b21c1	chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b60273 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 26s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 29s Details render-manifests / render-manifests (pull_request) Successful in 2m5s Details	2026-04-08 05:02:30 +00:00
Renovate Bot	7b34b8901e	Merge pull request 'chore(deps): update traefik to v3.6.13' (#5713 ) from renovate/unified-traefik into main All checks were successful lint-test-helm / lint-helm (push) Successful in 28s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details lint-test-docker / lint-docker-compose (push) Successful in 2m1s Details renovate / renovate (push) Successful in 2m17s Details	2026-04-08 02:28:17 +00:00
Renovate Bot	32870a7213	chore(deps): update traefik to v3.6.13 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 24s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 23s Details render-manifests / render-manifests (pull_request) Successful in 53s Details lint-test-docker / lint-docker-compose (pull_request) Successful in 1m54s Details	2026-04-08 02:27:41 +00:00
Alex Lebens	5b894cd50e	Merge pull request 'feat: remove pdb' (#5711 ) from tmp/fix-2 into main Some checks failed lint-test-helm / lint-helm (push) Successful in 25s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #5711	2026-04-08 02:25:52 +00:00
Alex Lebens	3168925715	feat: remove pdb	2026-04-08 02:25:52 +00:00
Renovate Bot	050576d5a6	Merge pull request 'chore(deps): update helm release authentik to v2026.2.2' (#5710 ) from renovate/unified-authentik into main Some checks failed lint-test-helm / lint-helm (push) Successful in 23s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details	2026-04-08 02:23:45 +00:00
Renovate Bot	2de4d79c58	chore(deps): update helm release authentik to v2026.2.2 Some checks failed renovate/stability-days Updates have not met minimum release age requirement Details render-manifests / render-manifests (pull_request) Failing after 5s Details lint-test-helm / lint-helm (pull_request) Successful in 22s Details lint-test-helm / validate-kubeconform (pull_request) Has been skipped Details	2026-04-08 02:23:29 +00:00
Alex Lebens	0c6edbae28	Merge pull request 'tmp/fix-1' (#5708 ) from tmp/fix-1 into main Some checks failed lint-test-helm / lint-helm (push) Successful in 23s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #5708	2026-04-08 02:21:22 +00:00
Alex Lebens	f6b11e17e4	fix: add log env All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 23s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 19s Details render-manifests / render-manifests (pull_request) Successful in 38s Details	2026-04-07 21:19:02 -05:00
Alex Lebens	7d36ea9c90	feat: change pod dis budget	2026-04-07 21:19:02 -05:00
Alex Lebens	0a7bbf21bd	Merge pull request 'chore(deps): update valkey/valkey docker tag to v9.0.3' (#5285 ) from renovate/unified-valkey into main All checks were successful lint-test-helm / lint-helm (push) Successful in 24s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m21s Details Reviewed-on: #5285	2026-04-08 02:14:23 +00:00
Renovate Bot	5456428592	chore(deps): update valkey/valkey docker tag to v9.0.3 All checks were successful renovate/stability-days Updates have met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 31s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 30s Details render-manifests / render-manifests (pull_request) Successful in 54s Details	2026-04-08 02:11:03 +00:00
Alex Lebens	88ab17c2f3	Merge pull request 'feat: refactor apps' (#5705 ) from tmp/refactor-43 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 44s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 5m9s Details Reviewed-on: #5705	2026-04-08 02:06:35 +00:00
Alex Lebens	cd0eefdbec	feat: refactor apps All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 1m23s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 49s Details render-manifests / render-manifests (pull_request) Successful in 1m13s Details	2026-04-07 21:03:04 -05:00
Alex Lebens	66cdec3eee	Merge pull request 'feat: refactor apps' (#5703 ) from tmp/refactor-42 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 36s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 8m53s Details Reviewed-on: #5703	2026-04-08 01:39:02 +00:00
Alex Lebens	2f8a695f04	fix: wrong sha	2026-04-08 01:39:02 +00:00
Alex Lebens	b024675f2e	feat: refactor apps	2026-04-08 01:39:02 +00:00
Alex Lebens	1ce8f18df7	feat: refactor apps	2026-04-08 01:39:02 +00:00
Renovate Bot	6825615229	Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.109.1' (#5702 ) from renovate/unified-renovate into main All checks were successful renovate / renovate (push) Successful in 5m9s Details	2026-04-08 01:04:00 +00:00
Renovate Bot	495cac7e10	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.109.1 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details	2026-04-08 01:03:28 +00:00
Alex Lebens	01dfc0cc67	Merge pull request 'feat: refactor apps' (#5700 ) from tmp/refactor-41 into main All checks were successful lint-test-helm / lint-helm (push) Successful in 44s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 5m17s Details Reviewed-on: #5700	2026-04-08 00:55:05 +00:00
Alex Lebens	e4f8996477	feat: refactor apps All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 2m52s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 6m32s Details render-manifests / render-manifests (pull_request) Successful in 4m3s Details	2026-04-07 19:43:43 -05:00
Alex Lebens	309d087b66	Merge pull request 'chore(deps): update nginx docker tag to v1.29.8' (#5697 ) from renovate/unified-nginx into main All checks were successful lint-test-helm / lint-helm (push) Successful in 19s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m8s Details Reviewed-on: #5697	2026-04-07 23:54:20 +00:00
Renovate Bot	4b7fafbe88	chore(deps): update nginx docker tag to v1.29.8	2026-04-07 23:54:20 +00:00
Alex Lebens	aaef7d9783	Merge pull request 'chore(deps): update tailscale/tailscale docker tag to v1.96.5' (#5690 ) from renovate/unified-tailscale into main All checks were successful lint-test-helm / lint-helm (push) Successful in 33s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m44s Details Reviewed-on: #5690	2026-04-07 23:04:29 +00:00
Renovate Bot	10fa4e597f	chore(deps): update tailscale/tailscale docker tag to v1.96.5 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 27s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 32s Details render-manifests / render-manifests (pull_request) Successful in 49s Details	2026-04-07 23:02:34 +00:00
Alex Lebens	a6c035e52d	Merge pull request 'chore(deps): update tailscale/k8s-operator docker tag to v1.96.5' (#5689 ) from renovate/unified-k8s-operator into main All checks were successful lint-test-helm / lint-helm (push) Successful in 21s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m23s Details Reviewed-on: #5689	2026-04-07 23:00:07 +00:00
Renovate Bot	bc58ca657d	chore(deps): update tailscale/k8s-operator docker tag to v1.96.5 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 23s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 24s Details render-manifests / render-manifests (pull_request) Successful in 48s Details	2026-04-07 22:55:21 +00:00
Alex Lebens	60b6ffe846	Merge pull request 'chore(deps): update tailscale/k8s-nameserver docker tag to v1.96.5' (#5688 ) from renovate/unified-k8s-nameserver into main All checks were successful lint-test-helm / lint-helm (push) Successful in 20s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m42s Details Reviewed-on: #5688	2026-04-07 22:52:18 +00:00
Renovate Bot	ffb4141e96	chore(deps): update tailscale/k8s-nameserver docker tag to v1.96.5	2026-04-07 22:52:18 +00:00
Alex Lebens	5fe26178b5	Merge pull request 'chore(deps): update helm release tailscale-operator to v1.96.5' (#5686 ) from renovate/unified-tailscale-operator into main Some checks failed lint-test-helm / lint-helm (push) Successful in 33s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #5686	2026-04-07 22:50:19 +00:00
Renovate Bot	72aaeb5a4d	chore(deps): update helm release tailscale-operator to v1.96.5 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 23s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 20s Details render-manifests / render-manifests (pull_request) Successful in 47s Details	2026-04-07 22:47:31 +00:00
Alex Lebens	120575b77b	Merge pull request 'chore(deps): update seerr-chart docker tag to v3.4.0' (#5687 ) from renovate/unified-seerr-chart into main All checks were successful lint-test-helm / lint-helm (push) Successful in 26s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 3m47s Details Reviewed-on: #5687	2026-04-07 22:45:01 +00:00
Renovate Bot	20e8def72b	chore(deps): update seerr-chart docker tag to v3.4.0	2026-04-07 22:45:01 +00:00
Renovate Bot	1454d68c82	Merge pull request 'chore(deps): update kube-prometheus-stack docker tag to v83.0.2' (#5696 ) from renovate/unified-kube-prometheus-stack into main Some checks failed lint-test-helm / lint-helm (push) Successful in 26s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details	2026-04-07 22:42:40 +00:00
Renovate Bot	bf703a3ffd	chore(deps): update kube-prometheus-stack docker tag to v83.0.2 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 32s Details lint-test-helm / validate-kubeconform (pull_request) Has been skipped Details render-manifests / render-manifests (pull_request) Successful in 1m57s Details	2026-04-07 22:42:19 +00:00
Alex Lebens	c2035a00cc	Merge pull request 'chore(deps): update azure/k8s-set-context action to v5' (#5685 ) from renovate/major-unified-k8s-set-context into main Some checks failed renovate / renovate (push) Has been cancelled Details Reviewed-on: #5685	2026-04-07 22:39:57 +00:00
Renovate Bot	0bf633c23e	chore(deps): update azure/k8s-set-context action to v5	2026-04-07 22:39:57 +00:00
Renovate Bot	429380a85a	Merge pull request 'chore(deps): update immich to v2.7.2' (#5693 ) from renovate/unified-immich into main Some checks failed renovate / renovate (push) Has been cancelled Details lint-test-helm / lint-helm (push) Successful in 33s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details	2026-04-07 22:39:28 +00:00
Renovate Bot	c616be50ed	chore(deps): update immich to v2.7.2	2026-04-07 22:39:28 +00:00
Renovate Bot	79d09ca7e6	Merge pull request 'chore(deps): update clickhouse/clickhouse-server docker tag to v26.3.4' (#5692 ) from renovate/unified-clickhouse-server into main Some checks failed lint-test-helm / validate-kubeconform (push) Has been cancelled Details lint-test-helm / lint-helm (push) Has been cancelled Details renovate / renovate (push) Has been cancelled Details	2026-04-07 22:39:09 +00:00
Renovate Bot	2f62dfe1e5	chore(deps): update clickhouse/clickhouse-server docker tag to v26.3.4 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 46s Details render-manifests / render-manifests (pull_request) Successful in 1m33s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 1m8s Details	2026-04-07 22:38:47 +00:00
Alex Lebens	f034673b76	Merge pull request 'chore(deps): update docker docker tag to v29.4.0' (#5684 ) from renovate/unified-docker into main Some checks failed lint-test-helm / lint-helm (push) Successful in 18s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #5684	2026-04-07 22:36:21 +00:00
Renovate Bot	73a18de0b6	chore(deps): update docker docker tag to v29.4.0 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 48s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 21s Details render-manifests / render-manifests (pull_request) Successful in 50s Details	2026-04-07 20:04:36 +00:00
Alex Lebens	00e45ae124	Merge pull request 'chore(deps): update element-web to v1.12.14' (#5677 ) from renovate/unified-element-web into main All checks were successful lint-test-helm / lint-helm (push) Successful in 1m23s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 4m5s Details Reviewed-on: #5677	2026-04-07 17:50:55 +00:00
Renovate Bot	d6308d2e05	chore(deps): update element-web to v1.12.14	2026-04-07 17:50:55 +00:00
Alex Lebens	43dd1966aa	Merge pull request 'chore(deps): update quay.io/prometheus/node-exporter docker tag to v1.11.1' (#5670 ) from renovate/unified-node-exporter into main Some checks failed lint-test-docker / lint-docker-compose (push) Successful in 2m8s Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #5670	2026-04-07 17:47:07 +00:00
Renovate Bot	b2a7c705fe	chore(deps): update quay.io/prometheus/node-exporter docker tag to v1.11.1	2026-04-07 17:47:07 +00:00
Alex Lebens	2fb509c710	Merge pull request 'chore(deps): update ubuntu docker tag to resolute-20260404' (#5664 ) from renovate/unified-ubuntu into main All checks were successful lint-test-helm / lint-helm (push) Successful in 28s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 4m0s Details Reviewed-on: #5664	2026-04-07 17:41:26 +00:00
Renovate Bot	0cfc0ec8ae	chore(deps): update ubuntu docker tag to resolute-20260404	2026-04-07 17:41:26 +00:00
Alex Lebens	009df597b3	Merge pull request 'chore(deps): update ollama to v0.20.3' (#5661 ) from renovate/unified-ollama into main Some checks failed lint-test-helm / lint-helm (push) Successful in 23s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #5661	2026-04-07 17:38:09 +00:00
Renovate Bot	9537cff5df	chore(deps): update ollama to v0.20.3	2026-04-07 17:38:09 +00:00
Alex Lebens	6b53f20e1e	Merge pull request 'chore(deps): update immich to v2.7.0' (#5674 ) from renovate/unified-immich into main Some checks failed lint-test-helm / lint-helm (push) Successful in 20s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #5674	2026-04-07 17:34:49 +00:00
Renovate Bot	655a3e1f19	chore(deps): update immich to v2.7.0 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 46s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 18s Details render-manifests / render-manifests (pull_request) Successful in 1m3s Details	2026-04-07 17:26:20 +00:00
Alex Lebens	e7bd5b7b15	Merge pull request 'chore(deps): update ghcr.io/autobrr/qui docker tag to v1.16.0' (#5657 ) from renovate/unified-qui into main All checks were successful lint-test-helm / lint-helm (push) Successful in 26s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 4m39s Details Reviewed-on: #5657	2026-04-07 17:23:05 +00:00
Renovate Bot	6e30728857	chore(deps): update ghcr.io/autobrr/qui docker tag to v1.16.0 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 19s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 19s Details render-manifests / render-manifests (pull_request) Successful in 1m2s Details	2026-04-07 17:15:23 +00:00
Renovate Bot	6f42d5019c	Merge pull request 'chore(deps): update kube-prometheus-stack docker tag to v83.0.1' (#5678 ) from renovate/unified-kube-prometheus-stack into main All checks were successful lint-test-helm / lint-helm (push) Successful in 26s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 5m20s Details	2026-04-07 17:11:19 +00:00
Renovate Bot	c332abfcbe	chore(deps): update kube-prometheus-stack docker tag to v83.0.1	2026-04-07 17:11:19 +00:00
Renovate Bot	0b84be487d	Merge pull request 'chore(deps): update directus to v11.17.2' (#5676 ) from renovate/unified-directus into main Some checks failed lint-test-helm / validate-kubeconform (push) Has been cancelled Details lint-test-helm / lint-helm (push) Has started running Details renovate / renovate (push) Has been cancelled Details	2026-04-07 17:10:27 +00:00
Renovate Bot	0b64cec4ab	chore(deps): update directus to v11.17.2	2026-04-07 17:10:27 +00:00
Renovate Bot	3cd36fd8ee	Merge pull request 'chore(deps): update dependency traefik/traefik to v3.6.13' (#5675 ) from renovate/unified-traefik into main Some checks failed lint-test-helm / lint-helm (push) Failing after 1s Details lint-test-helm / validate-kubeconform (push) Has been cancelled Details renovate / renovate (push) Has been cancelled Details	2026-04-07 17:10:13 +00:00
Renovate Bot	04476f4c27	chore(deps): update dependency traefik/traefik to v3.6.13 Some checks are pending renovate/stability-days Updates have not met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 26s Details lint-test-helm / validate-kubeconform (pull_request) Has been skipped Details render-manifests / render-manifests (pull_request) Successful in 1m20s Details	2026-04-07 17:09:52 +00:00