update chart

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [postgres-cluster](https://github.com/cloudnative-pg/charts) ([source](https://github.com/cloudnative-pg/charts/tree/HEAD/charts/cluster)) | minor | `6.16.1` -> `6.17.1` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zOS4xIiwidXBkYXRlZEluVmVyIjoiNDIuMzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhcnQiXX0=-->

Reviewed-on: #2500
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

clusters/cl01tl/helm/audiobookshelf/values.yaml

@@ -21,7 +21,7 @@ audiobookshelf:
         apprise-api:
           image:
             repository: caronc/apprise
-            tag: 1.2.6
+            tag: 1.3.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/blocky/Chart.lock

@@ -2,5 +2,8 @@ dependencies:
 - name: app-template
   repository: https://bjw-s-labs.github.io/helm-charts/
   version: 4.5.0
-digest: sha256:b8516161886b87344848ad2b3bdafbd66da61ca8ffc5e9a5ebed462f205c9912
-generated: "2025-12-05T17:02:59.562863413Z"
+- name: redis-replication
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 0.4.0
+digest: sha256:b61392c11cf3ebee539ad04f32650cc967d82aa34159cbee2eae81eed8b6e72e
+generated: "2025-12-15T00:14:11.367112-06:00"

clusters/cl01tl/helm/blocky/Chart.yaml

@@ -17,5 +17,8 @@ dependencies:
     alias: blocky
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
+  - name: redis-replication
+    version: 0.4.0
+    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
 appVersion: v0.28.2

clusters/cl01tl/helm/blocky/templates/redis-replication.yaml

@@ -1,32 +0,0 @@
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisReplication
-metadata:
-  name: redis-replication-blocky
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: redis-replication-blocky
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  clusterSize: 3
-  podSecurityContext:
-    runAsUser: 1000
-    fsGroup: 1000
-  kubernetesConfig:
-    image: quay.io/opstree/redis:v8.4.0
-    imagePullPolicy: IfNotPresent
-    resources:
-      requests:
-        cpu: 50m
-        memory: 128Mi
-  storage:
-    volumeClaimTemplate:
-      spec:
-        storageClassName: ceph-block
-        accessModes: ["ReadWriteOnce"]
-        resources:
-          requests:
-            storage: 1Gi
-  redisExporter:
-    enabled: true
-    image: quay.io/opstree/redis-exporter:v1.80.1

clusters/cl01tl/helm/blocky/templates/service-monitor.yaml

@@ -17,24 +17,3 @@ spec:
       interval: 30s
       scrapeTimeout: 10s
       path: /metrics
-
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: redis-replication-blocky
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: redis-replication-blocky
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    redis-operator: "true"
-    env: production
-spec:
-  selector:
-    matchLabels:
-      redis_setup_type: replication
-  endpoints:
-    - port: redis-exporter
-      interval: 30s
-      scrapeTimeout: 10s

clusters/cl01tl/helm/blocky/values.yaml

@@ -132,7 +132,6 @@ blocky:
               jellystat                       IN      CNAME   traefik-cl01tl
               kiwix                           IN      CNAME   traefik-cl01tl
               komodo                          IN      CNAME   traefik-cl01tl
-              kronic                          IN      CNAME   traefik-cl01tl
               lidarr                          IN      CNAME   traefik-cl01tl
               lidatube                        IN      CNAME   traefik-cl01tl
               listenarr                       IN      CNAME   traefik-cl01tl
@@ -143,7 +142,6 @@ blocky:
               ollama                          IN      CNAME   traefik-cl01tl
               omni-tools                      IN      CNAME   traefik-cl01tl
               overseerr                       IN      CNAME   traefik-cl01tl
-              pgadmin                         IN      CNAME   traefik-cl01tl
               photoview                       IN      CNAME   traefik-cl01tl
               plex                            IN      CNAME   traefik-cl01tl
               postiz                          IN      CNAME   traefik-cl01tl
@@ -302,3 +300,10 @@ blocky:
               readOnly: true
               mountPropagation: None
               subPath: config.yml
+redis-replication:
+  existingSecret:
+    enabled: false
+  redisReplication:
+    clusterSize: 3
+  redisSentinel:
+    enabled: false

clusters/cl01tl/helm/code-server/values.yaml

@@ -9,7 +9,7 @@ code-server:
         main:
           image:
             repository: ghcr.io/linuxserver/code-server
-            tag: 4.106.3@sha256:aab9520fe923b2d93dccc2c806f3dc60649c2f4a2847fcd40c942227d0f1ae8f
+            tag: 4.106.3@sha256:83793e4460090d6c46f4842ff6ab8aa26ad8a567885112bbe754b45c61935055
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/ephemera/values.yaml

@@ -52,7 +52,7 @@ ephemera:
         apprise-api:
           image:
             repository: caronc/apprise
-            tag: 1.2.6
+            tag: 1.3.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/garage/values.yaml

@@ -125,7 +125,7 @@ garage:
     db:
       storageClass: ceph-block
       accessMode: ReadWriteOnce
-      size: 10Gi
+      size: 50Gi
       retain: true
       advancedMounts:
         main:

clusters/cl01tl/helm/gatus/values.yaml

@@ -182,11 +182,6 @@ gatus:
       - name: n8n
         url: https://n8n.alexlebens.net
         <<: *defaults
-      - name: kronic
-        url: https://kronic.alexlebens.net
-        <<: *defaults
-        conditions:
-          - "[STATUS] == 401"
       - name: omni-tools
         url: https://omni-tools.alexlebens.net
         <<: *defaults
@@ -259,9 +254,6 @@ gatus:
       - name: garage
         url: https://garage-webui.alexlebens.net
         <<: *defaults
-      - name: pgadmin
-        url: https://pgadmin.alexlebens.net
-        <<: *defaults
       - name: whodb
         url: https://whodb.alexlebens.net
         <<: *defaults

clusters/cl01tl/helm/generic-device-plugin/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: generic-device-plugin
   repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-  version: 0.20.5
-digest: sha256:329b2d00301ab1467a8654dd92febfd7078db121c00c0960548010c01dee66b6
-generated: "2025-12-08T03:02:06.697075532Z"
+  version: 0.20.6
+digest: sha256:259465f8536594c9edb2d24ffa3bc95fcbe867421d776829143f45644797f325
+generated: "2025-12-13T00:08:10.184445232Z"

clusters/cl01tl/helm/generic-device-plugin/Chart.yaml

@@ -15,6 +15,6 @@ maintainers:
 dependencies:
   - name: generic-device-plugin
     repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-    version: 0.20.5
+    version: 0.20.6
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 1.0.0

clusters/cl01tl/helm/gitea/Chart.lock

@@ -10,12 +10,12 @@ dependencies:
   version: 4.5.0
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.17.2
+  version: 0.18.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 1.23.2
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 6.16.1
-digest: sha256:ecb6e0283b564f37b5d60bb64860b71c3b68acc2835364c0488fd7a9e932b941
-generated: "2025-12-11T17:38:49.087683-06:00"
+digest: sha256:afa4fbe4d179ff78eeccdffafab61ddd2bdfec80be2e8251aa90ad130a29c81a
+generated: "2025-12-12T21:03:12.259080988Z"

clusters/cl01tl/helm/gitea/Chart.yaml

@@ -36,7 +36,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
   - name: meilisearch
-    version: 0.17.2
+    version: 0.18.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: cloudflared
     alias: cloudflared

clusters/cl01tl/helm/gitea/values.yaml

@@ -173,10 +173,8 @@ gitea-actions:
   giteaRootURL: http://gitea-http.gitea:3000
 backup:
   global:
+    nameOverride: gitea-backup
     fullnameOverride: gitea-backup
-    labels:
-      app.kubernetes.io/instance: gitea-backup
-      app.kubernetes.io/name: gitea-backup
   controllers:
     backup:
       type: cronjob

clusters/cl01tl/helm/harbor/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 1.18.1
 - name: postgres-cluster
   repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
-  version: 6.16.1
-digest: sha256:a8f5d259fb93f933050c498d9271a5b8606594c968a360f8be151f47b3feb49d
-generated: "2025-12-11T20:49:18.650522-06:00"
+  version: 6.17.1
+digest: sha256:d0a396853836f69f136a28339d152146434712dafa43e2d4359af712d40d6dbf
+generated: "2025-12-14T21:13:53.814861593Z"

clusters/cl01tl/helm/harbor/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     repository: https://helm.goharbor.io
   - name: postgres-cluster
     alias: postgres-18-cluster
-    version: 6.16.1
+    version: 6.17.1
     repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
 appVersion: v2.14.1

clusters/cl01tl/helm/home-assistant/values.yaml

@@ -21,7 +21,7 @@ home-assistant:
         code-server:
           image:
             repository: ghcr.io/linuxserver/code-server
-            tag: 4.106.3@sha256:aab9520fe923b2d93dccc2c806f3dc60649c2f4a2847fcd40c942227d0f1ae8f
+            tag: 4.106.3@sha256:83793e4460090d6c46f4842ff6ab8aa26ad8a567885112bbe754b45c61935055
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/homepage/templates/service.yaml

@@ -36,7 +36,7 @@ metadata:
   name: garage-ui-ps10rp
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: garage-ps10rp
+    app.kubernetes.io/name: garage-ui-ps10rp
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
   annotations:

clusters/cl01tl/helm/homepage/values.yaml

@@ -337,12 +337,6 @@ homepage:
                   href: https://n8n.alexlebens.net
                   siteMonitor: http://n8n-main.n8n:80
                   statusStyle: dot
-              - Jobs:
-                  icon: https://raw.githubusercontent.com/mshade/kronic/main/static/android-chrome-192x192.png
-                  description: Kronic
-                  href: https://kronic.alexlebens.net
-                  siteMonitor: http://kronic.kronic:80
-                  statusStyle: dot
               - Uptime:
                   icon: sh-gatus.webp
                   description: Gatus
@@ -513,12 +507,6 @@ homepage:
                   href: https://garage-ui-ps10rp.boreal-beaufort.ts.net
                   siteMonitor: https://garage-ui-ps10rp.boreal-beaufort.ts.net
                   statusStyle: dot
-              - Database:
-                  icon: sh-pgadmin-light.webp
-                  description: PGAdmin
-                  href: https://pgadmin.alexlebens.net
-                  siteMonitor: http://pgadmin.pgadmin:80
-                  statusStyle: dot
               - Database:
                   icon: sh-whodb.webp
                   description: WhoDB

clusters/cl01tl/helm/intel-device-plugin/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: intel-device-plugins-operator
   repository: https://intel.github.io/helm-charts/
-  version: 0.34.0
+  version: 0.34.1
 - name: intel-device-plugins-gpu
   repository: https://intel.github.io/helm-charts/
   version: 0.34.1
-digest: sha256:dbfe08e0ce5ba59ee56dec4ad49eda24c99d45934602c88f50f2d11336302a25
-generated: "2025-12-12T08:01:53.830078355Z"
+digest: sha256:73b2b6f28ec36be02c7bf3e0ef5608e790344a4cdb3e5f183b6b079723e8b53a
+generated: "2025-12-12T08:03:32.455070212Z"

clusters/cl01tl/helm/intel-device-plugin/Chart.yaml

@@ -16,7 +16,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: intel-device-plugins-operator
-    version: 0.34.0
+    version: 0.34.1
     repository: https://intel.github.io/helm-charts/
   - name: intel-device-plugins-gpu
     version: 0.34.1

clusters/cl01tl/helm/jellyfin/Chart.yaml

@@ -22,4 +22,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png
-appVersion: 10.10.7
+appVersion: 10.11.4

clusters/cl01tl/helm/jellystat/Chart.lock

@@ -5,5 +5,5 @@ dependencies:
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 6.16.1
-digest: sha256:6c8b6a56bcdad0ea3f8e998c28642deaf449a7a37aea8ba9616d88fcc6d2bc14
-generated: "2025-12-05T17:06:11.6747146Z"
+digest: sha256:ef1a286d6a5719370e96b3dc9a720b105ebee5f5b7245b6d75badd2a3330191b
+generated: "2025-12-12T15:56:54.049481-06:00"

clusters/cl01tl/helm/jellystat/Chart.yaml

@@ -20,7 +20,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
   - name: postgres-cluster
-    alias: postgres-17-cluster
+    alias: postgres-18-cluster
     version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png

clusters/cl01tl/helm/jellystat/templates/external-secret.yaml

@@ -95,10 +95,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: jellystat-postgresql-17-cluster-backup-secret
+  name: jellystat-postgresql-18-cluster-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/name: jellystat-postgresql-18-cluster-backup-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -125,10 +125,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: jellystat-postgresql-17-cluster-backup-secret-garage
+  name: jellystat-postgresql-18-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret-garage
+    app.kubernetes.io/name: jellystat-postgresql-18-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:

clusters/cl01tl/helm/jellystat/values.yaml

@@ -32,27 +32,27 @@ jellystat:
             - name: POSTGRES_USER
               valueFrom:
                 secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
+                  name: jellystat-postgresql-18-cluster-app
                   key: username
             - name: POSTGRES_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
+                  name: jellystat-postgresql-18-cluster-app
                   key: password
             - name: POSTGRES_DB
               valueFrom:
                 secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
+                  name: jellystat-postgresql-18-cluster-app
                   key: dbname
             - name: POSTGRES_IP
               valueFrom:
                 secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
+                  name: jellystat-postgresql-18-cluster-app
                   key: host
             - name: POSTGRES_PORT
               valueFrom:
                 secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
+                  name: jellystat-postgresql-18-cluster-app
                   key: port
           resources:
             requests:
@@ -78,9 +78,12 @@ jellystat:
           main:
             - path: /app/backend/backup-data
               readOnly: false
-postgres-17-cluster:
+postgres-18-cluster:
   mode: recovery
   cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
     storage:
       storageClass: local-path
     walStorage:
@@ -92,30 +95,30 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-18-cluster
       endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-garage
+      endpointCredentials: jellystat-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
-        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-18-cluster
         index: 1
         retentionPolicy: "30d"
         isWALArchiver: false
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster
+        destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-18-cluster
         index: 1
         endpointURL: http://garage-main.garage:3900
-        endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-garage
+        endpointCredentials: jellystat-postgresql-18-cluster-backup-secret-garage
         endpointCredentialsIncludeRegion: true
         retentionPolicy: "3d"
         isWALArchiver: true
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster
+      #   destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-18-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-garage
+      #   endpointCredentials: jellystat-postgresql-18-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -123,6 +126,7 @@ postgres-17-cluster:
     scheduledBackups:
       - name: daily-backup
         suspend: false
+        immediate: true
         schedule: "0 0 0 * * *"
         backupName: external
       - name: live-backup
@@ -132,5 +136,6 @@ postgres-17-cluster:
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
+      #   immediate: true
       #   schedule: "0 6 4 * * SAT"
       #   backupName: garage-remote

clusters/cl01tl/helm/karakeep/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 4.5.0
 - name: meilisearch
   repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.17.2
+  version: 0.18.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 1.23.2
-digest: sha256:c291962defb9fb8614db91ea3eef795b2bdf82e0364595a27cbd335e7f9a3179
-generated: "2025-12-07T02:55:11.250839916Z"
+digest: sha256:132f367449a238ecba12a35d68e7c3a044ca27ed04eee1e374140971e496d964
+generated: "2025-12-12T21:03:25.448446883Z"

clusters/cl01tl/helm/karakeep/Chart.yaml

@@ -22,11 +22,11 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
   - name: meilisearch
-    version: 0.17.2
+    version: 0.18.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
   - name: cloudflared
     alias: cloudflared
     repository: oci://harbor.alexlebens.net/helm-charts
     version: 1.23.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
-appVersion: 0.26.0
+appVersion: 0.29.1

clusters/cl01tl/helm/kiwix/Chart.yaml

@@ -18,4 +18,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kiwix-dark.png
-appVersion: 3.7.0
+appVersion: 3.8.1

clusters/cl01tl/helm/komodo/Chart.yaml

@@ -26,4 +26,4 @@ dependencies:
     version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
-appVersion: v1.17.5
+appVersion: v1.19.5

clusters/cl01tl/helm/kronic/Chart.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: kronic
-  repository: https://mshade.github.io/kronic/
-  version: 0.1.7
-digest: sha256:cd9b035491c58c6fff903e2c4e750ef41e2c360555468df6a15c2457c1873fa1
-generated: "2025-12-01T19:55:52.361339-06:00"

clusters/cl01tl/helm/kronic/Chart.yaml

@@ -1,22 +0,0 @@
-apiVersion: v2
-name: kronic
-version: 1.0.0
-description: Kronic
-keywords:
-  - kronic
-  - cron-job
-  - dashboard
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/f1191e27-264a-42bf-a3aa-3dcc35820a62
-sources:
-  - https://github.com/mshade/kronic
-  - https://github.com/mshade/kronic/pkgs/container/kronic
-  - https://github.com/mshade/kronic/tree/main/chart/kronic
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: kronic
-    repository: https://mshade.github.io/kronic/
-    version: 0.1.7
-icon: https://raw.githubusercontent.com/mshade/kronic/main/static/android-chrome-192x192.png
-appVersion:  v0.1.4

clusters/cl01tl/helm/kronic/templates/external-secret.yaml

@@ -1,21 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: kronic-config-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kronic-config-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: password
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/kronic/auth
-        metadataPolicy: None
-        property: password

clusters/cl01tl/helm/kronic/templates/http-route.yaml

@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: https-route-kronic
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: https-route-kronic
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - kronic.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: kronic
-          port: 80
-          weight: 100

clusters/cl01tl/helm/kronic/values.yaml

@@ -1,17 +0,0 @@
-kronic:
-  replicaCount: 1
-  image:
-    repository: ghcr.io/mshade/kronic
-    tag: v0.1.4
-  auth:
-    enabled: true
-    adminUsername: kronic
-    existingSecretName: kronic-config-secret
-  env:
-    KRONIC_ALLOW_NAMESPACES: "gitea,vault,talos,libation,kubernetes-cloudflare-ddns"
-  ingress:
-    enabled: false
-  resources:
-    requests:
-      cpu: 10m
-      memory: 256Mi

clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml

@@ -12,6 +12,7 @@ keywords:
 home: https://wiki.alexlebens.dev/s/cd9fc3a4-aa88-4285-8886-91a6c5aecf7d
 sources:
   - https://github.com/prometheus/prometheus
+  - https://github.com/prometheus-operator/kube-prometheus
   - https://github.com/alexbakker/alertmanager-ntfy
   - https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
   - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template
@@ -26,4 +27,5 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
-appVersion: v0.82.0
+# renovate: github=prometheus-operator/prometheus-operator
+appVersion: v0.87.1

clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml

@@ -12,20 +12,6 @@ spec:
     kind: ClusterSecretStore
     name: vault
   data:
-    - secretKey: pushover_token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /pushover/key
-        metadataPolicy: None
-        property: alertmanager_key
-    - secretKey: pushover_user_key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /pushover/key
-        metadataPolicy: None
-        property: user_key
     - secretKey: ntfy_password
       remoteRef:
         conversionStrategy: Default

clusters/cl01tl/helm/kube-prometheus-stack/values.yaml

@@ -26,11 +26,6 @@ kube-prometheus-stack:
             group_interval: 5m
             repeat_interval: 24h
       receivers:
-        - name: pushover
-          pushover_configs:
-            - send_resolved: true
-              user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_user_key
-              token_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_token
         - name: ntfy
           webhook_configs:
             - url: http://ntfy-alertmanager.kube-prometheus-stack:80

clusters/cl01tl/helm/kubelet-serving-cert-approver/Chart.yaml

@@ -19,4 +19,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
-appVersion: 0.10.0
+appVersion: 0.10.1

clusters/cl01tl/helm/libation/Chart.yaml

@@ -19,4 +19,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
-appVersion: 12.4.3
+appVersion: 12.8.2

clusters/cl01tl/helm/libation/values.yaml

@@ -6,7 +6,7 @@ libation:
         suspend: false
         concurrencyPolicy: Forbid
         timeZone: US/Central
-        schedule: "30 4 * * *"
+        schedule: "0 0 * * *"
         startingDeadlineSeconds: 90
         successfulJobsHistory: 3
         failedJobsHistory: 3
@@ -16,7 +16,7 @@ libation:
         main:
           image:
             repository: rmcrackan/libation
-            tag: 12.8.1
+            tag: 12.8.2
             pullPolicy: IfNotPresent
           env:
             - name: SLEEP_TIME

clusters/cl01tl/helm/lidarr/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 4.5.0
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
-  version: 6.16.1
-digest: sha256:e13dd5117332240d6a3127ebd18ebc478014b87291b7807e48471980c439fd16
-generated: "2025-12-05T17:07:59.963348904Z"
+  version: 6.17.1
+digest: sha256:6f7a4bd34686318991d298de9453728536e193d6c3e5465518f2bcf25a4fc9d4
+generated: "2025-12-12T18:05:40.499728-06:00"

clusters/cl01tl/helm/lidarr/Chart.yaml

@@ -23,8 +23,8 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
   - name: postgres-cluster
-    alias: postgres-17-cluster
-    version: 6.16.1
+    alias: postgres-18-cluster
+    version: 6.17.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png
-appVersion: 2.13.3
+appVersion: 3.1.0

clusters/cl01tl/helm/lidarr/templates/external-secret.yaml

@@ -58,10 +58,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: lidarr-postgresql-17-cluster-backup-secret
+  name: lidarr-postgresql-18-cluster-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: lidarr-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/name: lidarr-postgresql-18-cluster-backup-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -88,10 +88,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: lidarr-postgresql-17-cluster-backup-secret-garage
+  name: lidarr-postgresql-18-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: lidarr-postgresql-17-cluster-backup-secret-garage
+    app.kubernetes.io/name: lidarr-postgresql-18-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:

clusters/cl01tl/helm/lidarr/values.yaml

@@ -15,7 +15,7 @@ lidarr:
         main:
           image:
             repository: ghcr.io/linuxserver/lidarr
-            tag: 2.14.5@sha256:5e1235d00b5d1c1f60ca0d472e554a6611aef41aa7b5b6d88260214bf4809af0
+            tag: 3.1.0@sha256:c1e17cc29421c9da603f0c727b7785d280dc98dfb1f835d0b176485dc8c5deb5
             pullPolicy: IfNotPresent
           env:
             - name: TZ
@@ -83,10 +83,12 @@ lidarr:
           main:
             - path: /mnt/store
               readOnly: false
-postgres-17-cluster:
-  nameOverride: lidarr2-postgresql-17
+postgres-18-cluster:
   mode: recovery
   cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
     storage:
       storageClass: local-path
     walStorage:
@@ -100,37 +102,39 @@ postgres-17-cluster:
         memory: 1Gi
         cpu: 200m
     initdb:
-      postInitSQL:
-        - CREATE DATABASE "lidarr-main" OWNER "app";
-        - CREATE DATABASE "lidarr-log" OWNER "app";
+      database: app
+      owner: app
+    #   postInitSQL:
+    #     - CREATE DATABASE "lidarr-main" OWNER "app";
+    #     - CREATE DATABASE "lidarr-log" OWNER "app";
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr-postgresql-18-cluster
       endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: lidarr-postgresql-17-cluster-backup-secret
+      endpointCredentials: lidarr-postgresql-18-cluster-backup-secret
   backup:
     objectStore:
       - name: external
-        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr/lidarr-postgresql-18-cluster
         index: 1
-        endpointCredentials: lidarr-postgresql-17-cluster-backup-secret
+        endpointCredentials: lidarr-postgresql-18-cluster-backup-secret
         retentionPolicy: "30d"
         isWALArchiver: false
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster
+        destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr-postgresql-18-cluster
         index: 1
         endpointURL: http://garage-main.garage:3900
-        endpointCredentials: lidarr-postgresql-17-cluster-backup-secret-garage
+        endpointCredentials: lidarr-postgresql-18-cluster-backup-secret-garage
         endpointCredentialsIncludeRegion: true
         retentionPolicy: "3d"
         isWALArchiver: true
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster
+      #   destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr-postgresql-18-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: lidarr-postgresql-17-cluster-backup-secret-garage
+      #   endpointCredentials: lidarr-postgresql-18-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -138,6 +142,7 @@ postgres-17-cluster:
     scheduledBackups:
       - name: daily-backup
         suspend: false
+        immediate: true
         schedule: "0 0 0 * * *"
         backupName: external
       - name: live-backup
@@ -147,5 +152,6 @@ postgres-17-cluster:
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
+      #   immediate: true
       #   schedule: "0 8 4 * * SAT"
       #   backupName: garage-remote

clusters/cl01tl/helm/lidatube/Chart.yaml

@@ -19,4 +19,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidatube.png
-appVersion: 0.2.22
+appVersion: 0.2.42

clusters/cl01tl/helm/local-path-provisioner/Chart.yaml

@@ -18,4 +18,4 @@ dependencies:
     version: 0.0.33
     repository: https://charts.containeroo.ch
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
-appVersion: v0.0.31
+appVersion: v0.0.32

clusters/cl01tl/helm/loki/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: loki
   repository: https://grafana.github.io/helm-charts
-  version: 6.48.0
+  version: 6.49.0
 - name: promtail
   repository: https://grafana.github.io/helm-charts
   version: 6.17.1
-digest: sha256:218f6fdff5df62e43f081f045ab7ccba541a792b42750e3ebb8ac28308072724
-generated: "2025-12-10T18:02:17.566041524Z"
+digest: sha256:56aa7fd5ac7a16617b60e4a3f501aeeec1bdfbb3d67a41b45f33d3a4cbbed07e
+generated: "2025-12-14T20:36:23.645088704Z"

clusters/cl01tl/helm/loki/Chart.yaml

@@ -16,10 +16,10 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: loki
-    version: 6.48.0
+    version: 6.49.0
     repository: https://grafana.github.io/helm-charts
   - name: promtail
     version: 6.17.1
     repository: https://grafana.github.io/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/loki.png
-appVersion: 3.4.2
+appVersion: 3.6.3

clusters/cl01tl/helm/matrix-synapse/Chart.lock

@@ -5,6 +5,12 @@ dependencies:
 - name: app-template
   repository: https://bjw-s-labs.github.io/helm-charts/
   version: 4.5.0
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.5.0
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts/
+  version: 4.5.0
 - name: cloudflared
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 1.23.2
@@ -14,5 +20,5 @@ dependencies:
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 6.16.1
-digest: sha256:b1df95bd8c258c15178f35b229b2d2aee28fc2fff2b5176ed734a7aaeffaa372
-generated: "2025-12-10T17:01:51.601498219Z"
+digest: sha256:70e8b9480a6eac2ffe4b2e049aac1da6b7ff282e8930d555e008fbd769e84a8f
+generated: "2025-12-13T13:28:40.160104-06:00"

clusters/cl01tl/helm/matrix-synapse/Chart.yaml

@@ -35,14 +35,14 @@ dependencies:
     alias: matrix-hookshot
     version: 4.5.0
     repository: https://bjw-s-labs.github.io/helm-charts/
-  # - name: app-template
-  #   alias: mautrix-discord
-  #   repository: https://bjw-s-labs.github.io/helm-charts/
-  #   version: 4.0.1
-  # - name: app-template
-  #   alias: mautrix-whatsapp
-  #   repository: https://bjw-s-labs.github.io/helm-charts/
-  #   version: 4.0.1
+  - name: app-template
+    alias: mautrix-discord
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.5.0
+  - name: app-template
+    alias: mautrix-whatsapp
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.5.0
   - name: cloudflared
     alias: cloudflared-synapse
     version: 1.23.2
@@ -52,8 +52,8 @@ dependencies:
     version: 1.23.2
     repository: oci://harbor.alexlebens.net/helm-charts
   - name: postgres-cluster
-    alias: postgres-17-cluster
+    alias: postgres-18-cluster
     version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
-appVersion: 1.129.0
+appVersion: 1.144.0

clusters/cl01tl/helm/matrix-synapse/templates/database.yaml

@@ -0,0 +1,30 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: matrix-synapse-postgresql-18-cluster-mautrix-discord-database
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-synapse-postgresql-18-cluster-mautrix-discord-database
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  cluster:
+    name: matrix-synapse-postgresql-18-cluster
+  name: mautrix-discord
+  owner: app
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: matrix-synapse-postgresql-18-cluster-mautrix-whatsapp-database
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-synapse-postgresql-18-cluster-mautrix-whatsapp-database
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  cluster:
+    name: matrix-synapse-postgresql-18-cluster
+  name: mautrix-whatsapp
+  owner: app

clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml

@@ -94,63 +94,64 @@ spec:
         metadataPolicy: None
         property: passkey
 
-# ---
-# apiVersion: external-secrets.io/v1
-# kind: ExternalSecret
-# metadata:
-#   name: mautrix-discord-config-secret
-#   namespace: {{ .Release.Namespace }}
-  # labels:
-  #   app.kubernetes.io/name: {{ .Release.Name }}
-  #   app.kubernetes.io/instance: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   data:
-#     - secretKey: config.yaml
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/matrix-synapse/mautrix-discord
-#         metadataPolicy: None
-#         property: config
-#     - secretKey: mautrix-discord-registration.yaml
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/matrix-synapse/mautrix-discord
-#         metadataPolicy: None
-#         property: registration
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: mautrix-discord-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config.yaml
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/matrix-synapse/mautrix-discord
+        metadataPolicy: None
+        property: config
+    - secretKey: mautrix-discord-registration.yaml
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/matrix-synapse/mautrix-discord
+        metadataPolicy: None
+        property: registration
 
-# ---
-# apiVersion: external-secrets.io/v1
-# kind: ExternalSecret
-# metadata:
-#   name: mautrix-whatsapp-config-secret
-#   namespace: {{ .Release.Namespace }}
-  # labels:
-  #   app.kubernetes.io/name: {{ .Release.Name }}
-  #   app.kubernetes.io/instance: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   data:
-#     - secretKey: config.yaml
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/matrix-synapse/mautrix-whatsapp
-#         metadataPolicy: None
-#         property: config
-#     - secretKey: mautrix-whatsapp-registration.yaml
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/matrix-synapse/mautrix-whatsapp
-#         metadataPolicy: None
-#         property: registration
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: mautrix-whatsapp-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-whatsapp-config-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config.yaml
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/matrix-synapse/mautrix-whatsapp
+        metadataPolicy: None
+        property: config
+    - secretKey: mautrix-whatsapp-registration.yaml
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/matrix-synapse/mautrix-whatsapp
+        metadataPolicy: None
+        property: registration
 
 ---
 apiVersion: external-secrets.io/v1
@@ -301,126 +302,126 @@ spec:
         metadataPolicy: None
         property: secret_key
 
-# ---
-# apiVersion: external-secrets.io/v1
-# kind: ExternalSecret
-# metadata:
-#   name: mautrix-discord-data-backup-secret
-#   namespace: {{ .Release.Namespace }}
-  # labels:
-  #   app.kubernetes.io/name: {{ .Release.Name }}
-  #   app.kubernetes.io/instance: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-discord-data"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
-
-# ---
-# apiVersion: external-secrets.io/v1
-# kind: ExternalSecret
-# metadata:
-#   name: mautrix-whatsapp-data-backup-secret
-#   namespace: {{ .Release.Namespace }}
-  # labels:
-  #   app.kubernetes.io/name: {{ .Release.Name }}
-  #   app.kubernetes.io/instance: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-whatsapp-data"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: mautrix-discord-data-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-discord-data"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: S3_BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: AWS_DEFAULT_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: secret_key
 
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: matrix-synapse-postgresql-17-cluster-backup-secret
+  name: mautrix-whatsapp-data-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: matrix-synapse-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      mergePolicy: Merge
+      engineVersion: v2
+      data:
+        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-whatsapp-data"
+  data:
+    - secretKey: BUCKET_ENDPOINT
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: S3_BUCKET_ENDPOINT
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: RESTIC_PASSWORD
+    - secretKey: AWS_DEFAULT_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/volsync/restic/config
+        metadataPolicy: None
+        property: AWS_DEFAULT_REGION
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: access_key
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/volsync-backups
+        metadataPolicy: None
+        property: secret_key
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: matrix-synapse-postgresql-18-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-synapse-postgresql-18-cluster-backup-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -447,10 +448,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: matrix-synapse-postgresql-17-cluster-backup-secret-garage
+  name: matrix-synapse-postgresql-18-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: matrix-synapse-postgresql-17-cluster-backup-secret-garage
+    app.kubernetes.io/name: matrix-synapse-postgresql-18-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:

clusters/cl01tl/helm/matrix-synapse/templates/redis-replication.yaml

@@ -13,7 +13,7 @@ spec:
     runAsUser: 1000
     fsGroup: 1000
   kubernetesConfig:
-    image: quay.io/opstree/redis:v8.0.3
+    image: quay.io/opstree/redis:v8.4.0
     imagePullPolicy: IfNotPresent
     redisSecret:
       name: matrix-synapse-redis-secret
@@ -32,7 +32,7 @@ spec:
             storage: 1Gi
   redisExporter:
     enabled: true
-    image: quay.io/opstree/redis-exporter:v1.48.0
+    image: quay.io/opstree/redis-exporter:v1.80.1
 
 ---
 apiVersion: redis.redis.opstreelabs.in/v1beta2
@@ -50,7 +50,7 @@ spec:
     runAsUser: 1000
     fsGroup: 1000
   kubernetesConfig:
-    image: quay.io/opstree/redis:v8.0.3
+    image: quay.io/opstree/redis:v8.4.0
     imagePullPolicy: IfNotPresent
     resources:
       requests:
@@ -66,4 +66,4 @@ spec:
             storage: 1Gi
   redisExporter:
     enabled: true
-    image: quay.io/opstree/redis-exporter:v1.48.0
+    image: quay.io/opstree/redis-exporter:v1.80.1

clusters/cl01tl/helm/matrix-synapse/templates/redis-sentinel.yaml

@@ -0,0 +1,55 @@
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: redis-sentinel-matrix-synapse
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: redis-sentinel-matrix-synapse
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  clusterSize: 3
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: redis-replication-matrix-synapse
+    redisReplicationPassword:
+      secretKeyRef:
+        name: matrix-synapse-redis-secret
+        key: password
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v8.4.0
+    imagePullPolicy: IfNotPresent
+    redisSecret:
+      name: matrix-synapse-redis-secret
+      key: password
+    resources:
+      requests:
+        cpu: 10m
+        memory: 128Mi
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: redis-sentinel-hookshot
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: redis-sentinel-hookshot
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  clusterSize: 3
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: redis-replication-hookshot
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v8.4.0
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 10m
+        memory: 128Mi

clusters/cl01tl/helm/matrix-synapse/templates/replication-source.yaml

@@ -24,62 +24,62 @@ spec:
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot
 
-# ---
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: mautrix-discord-data-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: mautrix-discord-data-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: mautrix-discord-data
-#   trigger:
-#     schedule: 0 4 * * *
-#   restic:
-#     pruneIntervalDays: 7
-#     repository: mautrix-discord-data-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 3
-#       weekly: 2
-#       monthly: 2
-#       yearly: 4
-#     moverSecurityContext:
-#       runAsUser: 1337
-#       runAsGroup: 1337
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: mautrix-discord-data-backup-source
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-discord-data-backup-source
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  sourcePVC: mautrix-discord
+  trigger:
+    schedule: 0 4 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: mautrix-discord-data-backup-secret
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    moverSecurityContext:
+      runAsUser: 1337
+      runAsGroup: 1337
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot
 
-# ---
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: mautrix-whatsapp-data-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: mautrix-whatsapp-data-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: mautrix-whatsapp-data
-#   trigger:
-#     schedule: 0 4 * * *
-#   restic:
-#     pruneIntervalDays: 7
-#     repository: mautrix-whatsapp-data-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 3
-#       weekly: 2
-#       monthly: 2
-#       yearly: 4
-#     moverSecurityContext:
-#       runAsUser: 1337
-#       runAsGroup: 1337
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: mautrix-whatsapp-data-backup-source
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: mautrix-whatsapp-data-backup-source
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  sourcePVC: mautrix-whatsapp
+  trigger:
+    schedule: 0 4 * * *
+  restic:
+    pruneIntervalDays: 7
+    repository: mautrix-whatsapp-data-backup-secret
+    retain:
+      hourly: 1
+      daily: 3
+      weekly: 2
+      monthly: 2
+      yearly: 4
+    moverSecurityContext:
+      runAsUser: 1337
+      runAsGroup: 1337
+    copyMethod: Snapshot
+    storageClassName: ceph-block
+    volumeSnapshotClassName: ceph-blockpool-snapshot

clusters/cl01tl/helm/matrix-synapse/values.yaml

@@ -10,6 +10,7 @@ matrix-synapse:
   config:
     reportStats: false
     enableRegistration: true
+    registrationSharedSecret: default
     trustedKeyServers: []
   extraConfig:
     enable_metrics: true
@@ -20,6 +21,15 @@ matrix-synapse:
       client_whitelist:
         - https://chat.alexlebens.dev/
       update_profile_information: true
+    experimental_features:
+      msc3202_device_masquerading: true
+      msc3202_transaction_extensions: true
+      msc2409_to_device_messages_enabled: true
+    app_service_config_files:
+      - /synapse/config/conf.d/hookshot-registration.yaml
+      - /synapse/config/conf.d/double-puppet-registration.yaml
+      - /synapse/config/conf.d/mautrix-whatsapp-registration.yaml
+      - /synapse/config/conf.d/mautrix-discord-registration.yaml
   synapse:
     strategy:
       type: Recreate
@@ -30,12 +40,12 @@ matrix-synapse:
       - name: matrix-hookshot-config-secret
         secret:
           secretName: matrix-hookshot-config-secret
-      # - name: mautrix-discord-config-secret
-      #   secret:
-      #     secretName: mautrix-discord-config-secret
-      # - name: mautrix-whatsapp-config-secret
-      #   secret:
-      #     secretName: mautrix-whatsapp-config-secret
+      - name: mautrix-discord-config-secret
+        secret:
+          secretName: mautrix-discord-config-secret
+      - name: mautrix-whatsapp-config-secret
+        secret:
+          secretName: mautrix-whatsapp-config-secret
       - name: double-puppet-registration-secret
         secret:
           secretName: double-puppet-registration-secret
@@ -52,14 +62,14 @@ matrix-synapse:
         mountPath: /synapse/config/conf.d/hookshot-registration.yaml
         subPath: hookshot-registration.yaml
         readOnly: true
-      # - name: mautrix-discord-config-secret
-      #   mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml
-      #   subPath: mautrix-discord-registration.yaml
-      #   readOnly: true
-      # - name: mautrix-whatsapp-config-secret
-      #   mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml
-      #   subPath: mautrix-whatsapp-registration.yaml
-      #   readOnly: true
+      - name: mautrix-discord-config-secret
+        mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml
+        subPath: mautrix-discord-registration.yaml
+        readOnly: true
+      - name: mautrix-whatsapp-config-secret
+        mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml
+        subPath: mautrix-whatsapp-registration.yaml
+        readOnly: true
       - name: double-puppet-registration-secret
         mountPath: /synapse/config/conf.d/double-puppet-registration.yaml
         subPath: double-puppet-registration.yaml
@@ -93,11 +103,11 @@ matrix-synapse:
   postgresql:
     enabled: false
   externalPostgresql:
-    host: matrix-synapse-postgresql-17-cluster-rw
+    host: matrix-synapse-postgresql-18-cluster-rw
     port: 5432
     username: app
     database: app
-    existingSecret: matrix-synapse-postgresql-17-cluster-app
+    existingSecret: matrix-synapse-postgresql-18-cluster-app
     existingSecretPasswordKey: password
   redis:
     enabled: false
@@ -117,8 +127,11 @@ matrix-synapse:
     gid: 666
   ingress:
     enabled: false
+  gateway:
+    enabled: false
 matrix-hookshot:
   global:
+    nameOverride: matrix-hookshot
     fullnameOverride: matrix-hookshot
   controllers:
     main:
@@ -148,11 +161,11 @@ matrix-hookshot:
           port: 9001
           targetPort: 9001
           protocol: HTTP
-        appservice:
+        widgets:
           port: 9002
           targetPort: 9002
           protocol: HTTP
-        homeserver:
+        appservice:
           port: 9993
           targetPort: 9993
           protocol: HTTP
@@ -190,15 +203,46 @@ matrix-hookshot:
               readOnly: true
               mountPropagation: None
               subPath: passkey.pem
+    data:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 500Mi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /data
+              readOnly: false
 mautrix-discord:
   global:
+    nameOverride: mautrix-discord
     fullnameOverride: mautrix-discord
   controllers:
     main:
-      type: deployment
+      type: statefulset
       replicas: 1
-      strategy: Recreate
+      strategy: RollingUpdate
       revisionHistoryLimit: 3
+      initContainers:
+        init-copy-config:
+          image:
+            repository: busybox
+            tag: 1.37.0
+            pullPolicy: IfNotPresent
+          resources:
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          command:
+            - /bin/sh
+            - -ec
+            - |
+              echo ">> Coping files ..."
+              ls /tmp
+              cp -fv /tmp/config.yaml /data/config.yaml
+              cp -fv /tmp/mautrix-discord-registration.yaml /data/registration.yaml
+              echo ">> Files in data:"
+              ls /data
       containers:
         main:
           image:
@@ -218,6 +262,28 @@ mautrix-discord:
           targetPort: 29334
           protocol: HTTP
   persistence:
+    config:
+      enabled: true
+      type: secret
+      name: mautrix-discord-config-secret
+      advancedMounts:
+        main:
+          init-copy-config:
+            - path: /tmp/config.yaml
+              readOnly: true
+              mountPropagation: None
+              subPath: config.yaml
+    registration:
+      enabled: true
+      type: secret
+      name: mautrix-discord-config-secret
+      advancedMounts:
+        main:
+          init-copy-config:
+            - path: /tmp/mautrix-discord-registration.yaml
+              readOnly: true
+              mountPropagation: None
+              subPath: mautrix-discord-registration.yaml
     data:
       storageClass: ceph-block
       accessMode: ReadWriteOnce
@@ -225,29 +291,42 @@ mautrix-discord:
       retain: true
       advancedMounts:
         main:
+          init-copy-config:
+            - path: /data
+              readOnly: false
           main:
             - path: /data
               readOnly: false
-    config:
-      enabled: true
-      type: secret
-      name: mautrix-discord-config-secret
-      advancedMounts:
-        main:
-          main:
-            - path: /data/config.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: config.yaml
 mautrix-whatsapp:
   global:
+    nameOverride: mautrix-whatsapp
     fullnameOverride: mautrix-whatsapp
   controllers:
     main:
-      type: deployment
+      type: statefulset
       replicas: 1
-      strategy: Recreate
+      strategy: RollingUpdate
       revisionHistoryLimit: 3
+      initContainers:
+        init-copy-config:
+          image:
+            repository: busybox
+            tag: 1.37.0
+            pullPolicy: IfNotPresent
+          resources:
+            requests:
+              cpu: 10m
+              memory: 128Mi
+          command:
+            - /bin/sh
+            - -ec
+            - |
+              echo ">> Coping files ..."
+              ls /tmp
+              cp -fv /tmp/config.yaml /data/config.yaml
+              cp -fv /tmp/mautrix-whatsapp-registration.yaml /data/registration.yaml
+              echo ">> Files in data:"
+              ls /data
       containers:
         main:
           image:
@@ -263,10 +342,32 @@ mautrix-whatsapp:
       controller: main
       ports:
         http:
-          port: 29333
-          targetPort: 29333
+          port: 29318
+          targetPort: 29318
           protocol: HTTP
   persistence:
+    config:
+      enabled: true
+      type: secret
+      name: mautrix-whatsapp-config-secret
+      advancedMounts:
+        main:
+          init-copy-config:
+            - path: /tmp/config.yaml
+              readOnly: true
+              mountPropagation: None
+              subPath: config.yaml
+    registration:
+      enabled: true
+      type: secret
+      name: mautrix-whatsapp-config-secret
+      advancedMounts:
+        main:
+          init-copy-config:
+            - path: /tmp/mautrix-whatsapp-registration.yaml
+              readOnly: true
+              mountPropagation: None
+              subPath: mautrix-whatsapp-registration.yaml
     data:
       storageClass: ceph-block
       accessMode: ReadWriteOnce
@@ -274,29 +375,24 @@ mautrix-whatsapp:
       retain: true
       advancedMounts:
         main:
+          init-copy-config:
+            - path: /data
+              readOnly: false
           main:
             - path: /data
               readOnly: false
-    config:
-      enabled: true
-      type: secret
-      name: mautrix-whatsapp-config-secret
-      advancedMounts:
-        main:
-          main:
-            - path: /data/config.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: config.yaml
 cloudflared-synapse:
   name: cloudflared-synapse
   existingSecretName: matrix-synapse-cloudflared-synapse-secret
 cloudflared-hookshot:
   name: cloudflared-hookshot
   existingSecretName: matrix-synapse-cloudflared-hookshot-secret
-postgres-17-cluster:
+postgres-18-cluster:
   mode: recovery
   cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
     storage:
       storageClass: local-path
     walStorage:
@@ -311,30 +407,30 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-18-cluster
       endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret-garage
+      endpointCredentials: matrix-synapse-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
-        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster
-        index: 2
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/matrix-synapse/matrix-synapse-postgresql-18-cluster
+        index: 1
         retentionPolicy: "30d"
         isWALArchiver: false
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster
+        destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-18-cluster
         index: 1
         endpointURL: http://garage-main.garage:3900
-        endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret-garage
+        endpointCredentials: matrix-synapse-postgresql-18-cluster-backup-secret-garage
         endpointCredentialsIncludeRegion: true
         retentionPolicy: "3d"
         isWALArchiver: true
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-17-cluster
+      #   destinationPath: s3://postgres-backups/cl01tl/matrix-synapse/matrix-synapse-postgresql-18-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: matrix-synapse-postgresql-17-cluster-backup-secret-garage
+      #   endpointCredentials: matrix-synapse-postgresql-18-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -342,6 +438,7 @@ postgres-17-cluster:
     scheduledBackups:
       - name: daily-backup
         suspend: false
+        immediate: true
         schedule: "0 0 0 * * *"
         backupName: external
       - name: live-backup
@@ -351,5 +448,6 @@ postgres-17-cluster:
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
+      #   immediate: true
       #   schedule: "0 0 4 * * SAT"
       #   backupName: garage-remote

clusters/cl01tl/helm/metrics-server/Chart.yaml

@@ -17,4 +17,4 @@ dependencies:
     version: 3.13.0
     repository: https://kubernetes-sigs.github.io/metrics-server/
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
-appVersion: 0.7.2
+appVersion: 0.8.0

clusters/cl01tl/helm/n8n/Chart.lock

@@ -5,5 +5,5 @@ dependencies:
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 6.16.1
-digest: sha256:f28f03e897568059ef8ae80658a2c4365bd8a5c8f70d474cbcd83a16b613b0a3
-generated: "2025-12-05T17:08:54.133157468Z"
+digest: sha256:a7241a3df14381a2d78f06c3ddaeed8314aa408d730e3097276137551d1186f1
+generated: "2025-12-13T14:49:42.768368-06:00"

clusters/cl01tl/helm/n8n/Chart.yaml

@@ -20,8 +20,8 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
   - name: postgres-cluster
-    alias: postgres-17-cluster
+    alias: postgres-18-cluster
     version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/n8n.png
-appVersion: 1.93.0
+appVersion: 2.0.1

clusters/cl01tl/helm/n8n/templates/external-secret.yaml

@@ -24,10 +24,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: n8n-postgresql-17-cluster-backup-secret
+  name: n8n-postgresql-18-cluster-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: n8n-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/name: n8n-postgresql-18-cluster-backup-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -54,10 +54,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: n8n-postgresql-17-cluster-backup-secret-garage
+  name: n8n-postgresql-18-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: n8n-postgresql-17-cluster-backup-secret-garage
+    app.kubernetes.io/name: n8n-postgresql-18-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:

clusters/cl01tl/helm/n8n/templates/redis-replication.yaml

@@ -13,7 +13,7 @@ spec:
     runAsUser: 1000
     fsGroup: 1000
   kubernetesConfig:
-    image: quay.io/opstree/redis:v8.0.3
+    image: quay.io/opstree/redis:v8.4.0
     imagePullPolicy: IfNotPresent
     resources:
       requests:
@@ -29,4 +29,4 @@ spec:
             storage: 1Gi
   redisExporter:
     enabled: true
-    image: quay.io/opstree/redis-exporter:v1.48.0
+    image: quay.io/opstree/redis-exporter:v1.80.1

clusters/cl01tl/helm/n8n/templates/redis-sentinel.yaml

@@ -0,0 +1,23 @@
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: redis-sentinel-n8n
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: redis-sentinel-n8n
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  clusterSize: 3
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: redis-replication-n8n
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v8.4.0
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 10m
+        memory: 128Mi

clusters/cl01tl/helm/n8n/values.yaml

@@ -19,27 +19,27 @@ n8n:
             - name: DB_POSTGRESDB_DATABASE
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: dbname
             - name: DB_POSTGRESDB_HOST
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: host
             - name: DB_POSTGRESDB_PORT
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: port
             - name: DB_POSTGRESDB_USER
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: user
             - name: DB_POSTGRESDB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: password
             - name: N8N_METRICS
               value: true
@@ -108,27 +108,27 @@ n8n:
             - name: DB_POSTGRESDB_DATABASE
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: dbname
             - name: DB_POSTGRESDB_HOST
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: host
             - name: DB_POSTGRESDB_PORT
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: port
             - name: DB_POSTGRESDB_USER
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: user
             - name: DB_POSTGRESDB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: password
             - name: N8N_METRICS
               value: true
@@ -202,27 +202,27 @@ n8n:
             - name: DB_POSTGRESDB_DATABASE
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: dbname
             - name: DB_POSTGRESDB_HOST
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: host
             - name: DB_POSTGRESDB_PORT
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: port
             - name: DB_POSTGRESDB_USER
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: user
             - name: DB_POSTGRESDB_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: n8n-postgresql-17-cluster-app
+                  name: n8n-postgresql-18-cluster-app
                   key: password
             - name: N8N_METRICS
               value: true
@@ -313,9 +313,12 @@ n8n:
           main:
             - path: /home/node/.n8n
               readOnly: false
-postgres-17-cluster:
+postgres-18-cluster:
   mode: recovery
   cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
     storage:
       storageClass: local-path
     walStorage:
@@ -327,30 +330,30 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-18-cluster
       endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: n8n-postgresql-17-cluster-backup-secret-garage
+      endpointCredentials: n8n-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
-        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/n8n/n8n-postgresql-17-cluster
-        index: 2
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/n8n/n8n-postgresql-18-cluster
+        index: 1
         retentionPolicy: "30d"
         isWALArchiver: false
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-17-cluster
+        destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-18-cluster
         index: 1
         endpointURL: http://garage-main.garage:3900
-        endpointCredentials: n8n-postgresql-17-cluster-backup-secret-garage
+        endpointCredentials: n8n-postgresql-18-cluster-backup-secret-garage
         endpointCredentialsIncludeRegion: true
         retentionPolicy: "3d"
         isWALArchiver: true
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-17-cluster
+      #   destinationPath: s3://postgres-backups/cl01tl/n8n/n8n-postgresql-18-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: n8n-postgresql-17-cluster-backup-secret-garage
+      #   endpointCredentials: n8n-postgresql-18-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -358,6 +361,7 @@ postgres-17-cluster:
     scheduledBackups:
       - name: daily-backup
         suspend: false
+        immediate: true
         schedule: "0 0 0 * * *"
         backupName: external
       - name: live-backup
@@ -367,5 +371,6 @@ postgres-17-cluster:
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
+      #   immediate: true
       #   schedule: "0 0 4 * * SAT"
       #   backupName: garage-remote

clusters/cl01tl/helm/node-feature-discovery/Chart.yaml

@@ -17,4 +17,4 @@ dependencies:
     version: 0.18.3
     repository: oci://registry.k8s.io/nfd/charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
-appVersion: 0.18.0
+appVersion: 0.18.3

clusters/cl01tl/helm/ntfy/Chart.yaml

@@ -19,4 +19,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
-appVersion: 2.11.0
+appVersion: 2.15.0

clusters/cl01tl/helm/ollama/Chart.lock

@@ -5,5 +5,5 @@ dependencies:
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 6.16.1
-digest: sha256:bc32b8354d476d19aae88c19cccf94ae87cb43dc23cff38c261b1784f3774e75
-generated: "2025-12-05T17:09:19.594547529Z"
+digest: sha256:812007fb0c14b91aa1118e6c26923d69f28ae3e27f890fee2d64dfecdbdee9a4
+generated: "2025-12-13T15:08:35.961154-06:00"

clusters/cl01tl/helm/ollama/Chart.yaml

@@ -22,8 +22,8 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
   - name: postgres-cluster
-    alias: postgres-17-cluster
+    alias: postgres-18-cluster
     version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
-appVersion: 0.7.0
+appVersion: 0.13.3

clusters/cl01tl/helm/ollama/templates/external-secret.yaml

@@ -112,10 +112,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: ollama-web-postgresql-17-cluster-backup-secret
+  name: ollama-web-postgresql-18-cluster-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: ollama-web-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/name: ollama-web-postgresql-18-cluster-backup-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -142,10 +142,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: ollama-web-postgresql-17-cluster-backup-secret-garage
+  name: ollama-web-postgresql-18-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: ollama-web-postgresql-17-cluster-backup-secret-garage
+    app.kubernetes.io/name: ollama-web-postgresql-18-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:

clusters/cl01tl/helm/ollama/values.yaml

@@ -22,7 +22,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.13.2
+            tag: 0.13.3
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.13.2
+            tag: 0.13.3
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.13.2
+            tag: 0.13.3
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -140,7 +140,7 @@ ollama:
             - name: DATABASE_URL
               valueFrom:
                 secretKeyRef:
-                  name: ollama-web-postgresql-17-cluster-app
+                  name: ollama-web-postgresql-18-cluster-app
                   key: uri
             - name: OLLAMA_BASE_URL
               value: http://ollama-server-1.ollama:11434
@@ -236,10 +236,13 @@ ollama:
           main:
             - path: /app/backend/data
               readOnly: false
-postgres-17-cluster:
-  nameOverride: ollama-web-postgresql-17
+postgres-18-cluster:
+  nameOverride: ollama-web-postgresql-18
   mode: recovery
   cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
     storage:
       storageClass: local-path
     walStorage:
@@ -251,31 +254,31 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-18-cluster
       endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret-garage
+      endpointCredentials: ollama-web-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
-        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-17-cluster
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/ollama/ollama-web-postgresql-18-cluster
         index: 1
-        endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret
+        endpointCredentials: ollama-web-postgresql-18-cluster-backup-secret
         retentionPolicy: "30d"
         isWALArchiver: false
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-17-cluster
+        destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-18-cluster
         index: 1
         endpointURL: http://garage-main.garage:3900
-        endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret-garage
+        endpointCredentials: ollama-web-postgresql-18-cluster-backup-secret-garage
         endpointCredentialsIncludeRegion: true
         retentionPolicy: "3d"
         isWALArchiver: true
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-17-cluster
+      #   destinationPath: s3://postgres-backups/cl01tl/ollama/ollama-web-postgresql-18-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: ollama-web-postgresql-17-cluster-backup-secret-garage
+      #   endpointCredentials: ollama-web-postgresql-18-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -283,6 +286,7 @@ postgres-17-cluster:
     scheduledBackups:
       - name: daily-backup
         suspend: false
+        immediate: true
         schedule: "0 0 0 * * *"
         backupName: external
       - name: live-backup
@@ -292,5 +296,6 @@ postgres-17-cluster:
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
+      #   immediate: true
       #   schedule: "0 0 4 * * SAT"
       #   backupName: garage-remote

clusters/cl01tl/helm/omni-tools/Chart.yaml

@@ -17,4 +17,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/omnitools.png
-appVersion: 0.4.0
+appVersion: 0.6.0

clusters/cl01tl/helm/outline/Chart.lock

@@ -8,5 +8,5 @@ dependencies:
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 6.16.1
-digest: sha256:6ef789f9db4ad00ce2178a138c3c39a4e90eaef1e4244f52282bc0cb3094f4f5
-generated: "2025-12-07T02:55:32.91116723Z"
+digest: sha256:b6d7e23b8444927e00c87a48250e74e38d7bef6355f2ae1f50d46b7fce4e6cd6
+generated: "2025-12-14T21:02:10.870641-06:00"

clusters/cl01tl/helm/outline/Chart.yaml

@@ -27,8 +27,8 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
     version: 1.23.2
   - name: postgres-cluster
-    alias: postgres-17-cluster
+    alias: postgres-18-cluster
     version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
-appVersion: 0.84.0
+appVersion: 1.1.0

clusters/cl01tl/helm/outline/templates/external-secret.yaml

@@ -84,10 +84,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: outline-postgresql-17-cluster-backup-secret
+  name: outline-postgresql-18-cluster-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/name: outline-postgresql-18-cluster-backup-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -114,10 +114,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: outline-postgresql-17-cluster-backup-secret-garage
+  name: outline-postgresql-18-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret-garage
+    app.kubernetes.io/name: outline-postgresql-18-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:

clusters/cl01tl/helm/outline/templates/redis-replication.yaml

@@ -13,7 +13,7 @@ spec:
     runAsUser: 1000
     fsGroup: 1000
   kubernetesConfig:
-    image: quay.io/opstree/redis:v8.0.3
+    image: quay.io/opstree/redis:v8.4.0
     imagePullPolicy: IfNotPresent
     resources:
       requests:
@@ -29,4 +29,4 @@ spec:
             storage: 1Gi
   redisExporter:
     enabled: true
-    image: quay.io/opstree/redis-exporter:v1.48.0
+    image: quay.io/opstree/redis-exporter:v1.80.1

clusters/cl01tl/helm/outline/templates/redis-sentinel.yaml

@@ -0,0 +1,23 @@
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: redis-sentinel-outline
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: redis-sentinel-outline
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  clusterSize: 3
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: redis-replication-outline
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v8.4.0
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 10m
+        memory: 128Mi

clusters/cl01tl/helm/outline/values.yaml

@@ -31,27 +31,27 @@ outline:
             - name: POSTGRES_USERNAME
               valueFrom:
                 secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
+                  name: outline-postgresql-18-cluster-app
                   key: username
             - name: POSTGRES_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
+                  name: outline-postgresql-18-cluster-app
                   key: password
             - name: POSTGRES_DATABASE_NAME
               valueFrom:
                 secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
+                  name: outline-postgresql-18-cluster-app
                   key: dbname
             - name: POSTGRES_DATABASE_HOST
               valueFrom:
                 secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
+                  name: outline-postgresql-18-cluster-app
                   key: host
             - name: POSTGRES_DATABASE_PORT
               valueFrom:
                 secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
+                  name: outline-postgresql-18-cluster-app
                   key: port
             - name: DATABASE_URL
               value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)
@@ -145,9 +145,12 @@ outline:
 cloudflared-outline:
   existingSecretName: outline-cloudflared-secret
   name: cloudflared-outline
-postgres-17-cluster:
+postgres-18-cluster:
   mode: recovery
   cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
     storage:
       storageClass: local-path
     walStorage:
@@ -159,30 +162,30 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-18-cluster
       endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: outline-postgresql-17-cluster-backup-secret-garage
+      endpointCredentials: outline-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
-        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-18-cluster
         index: 1
         retentionPolicy: "30d"
         isWALArchiver: false
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster
+        destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-18-cluster
         index: 1
         endpointURL: http://garage-main.garage:3900
-        endpointCredentials: outline-postgresql-17-cluster-backup-secret-garage
+        endpointCredentials: outline-postgresql-18-cluster-backup-secret-garage
         endpointCredentialsIncludeRegion: true
         retentionPolicy: "3d"
         isWALArchiver: true
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster
+      #   destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-18-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: outline-postgresql-17-cluster-backup-secret-garage
+      #   endpointCredentials: outline-postgresql-18-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -190,6 +193,7 @@ postgres-17-cluster:
     scheduledBackups:
       - name: daily-backup
         suspend: false
+        immediate: true
         schedule: "0 0 0 * * *"
         backupName: external
       - name: live-backup
@@ -199,5 +203,6 @@ postgres-17-cluster:
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
+      #   immediate: true
       #   schedule: "0 10 4 * * SAT"
       #   backupName: garage-remote

clusters/cl01tl/helm/pgadmin/Chart.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: app-template
-  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.5.0
-digest: sha256:73c2acdec999649ccc983a6edc36b794c6e53a4a51f554c22d7ba0d19f538371
-generated: "2025-12-05T17:10:07.886809868Z"

clusters/cl01tl/helm/pgadmin/Chart.yaml

@@ -1,22 +0,0 @@
-apiVersion: v2
-name: pgadmin4
-version: 1.0.0
-description: pgAdmin
-keywords:
-  - pgadmin4
-  - postgresql
-  - database
-home: https://wiki.alexlebens.dev/s/afef464a-3d76-413a-80b1-b42596249a12
-sources:
-  - https://github.com/pgadmin-org/pgadmin4/
-  - https://hub.docker.com/r/dpage/pgadmin4/
-  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: pgadmin4
-    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.5.0
-icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/pgadmin.png
-appVersion: 9.3.0

clusters/cl01tl/helm/pgadmin/templates/external-secret.yaml

@@ -1,115 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: pgadmin-password-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: pgadmin-password-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: pgadmin-password
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/pgadmin/auth
-        metadataPolicy: None
-        property: pgadmin-password
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: pgadmin-env-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: pgadmin-env-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/pgadmin/env
-        metadataPolicy: None
-        property: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
-    - secretKey: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/pgadmin/env
-        metadataPolicy: None
-        property: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
-    - secretKey: PGADMIN_CONFIG_OAUTH2_CONFIG
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/pgadmin/env
-        metadataPolicy: None
-        property: PGADMIN_CONFIG_OAUTH2_CONFIG
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: pgadmin-data-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: pgadmin-data-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  target:
-    template:
-      mergePolicy: Merge
-      engineVersion: v2
-      data:
-        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data"
-  data:
-    - secretKey: BUCKET_ENDPOINT
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: S3_BUCKET_ENDPOINT
-    - secretKey: RESTIC_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: RESTIC_PASSWORD
-    - secretKey: AWS_DEFAULT_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: AWS_DEFAULT_REGION
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/volsync-backups
-        metadataPolicy: None
-        property: access_key
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/volsync-backups
-        metadataPolicy: None
-        property: secret_key

clusters/cl01tl/helm/pgadmin/templates/http-route.yaml

@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-pgadmin
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-pgadmin
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - pgadmin.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: pgadmin
-          port: 80
-          weight: 100

clusters/cl01tl/helm/pgadmin/templates/replication-source.yaml

@@ -1,28 +0,0 @@
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
-  name: pgadmin-data-backup-source
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: pgadmin-data-backup-source
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  sourcePVC: pgadmin-data
-  trigger:
-    schedule: 0 4 * * *
-  restic:
-    pruneIntervalDays: 7
-    repository: pgadmin-data-backup-secret
-    retain:
-      hourly: 1
-      daily: 3
-      weekly: 2
-      monthly: 2
-      yearly: 4
-    moverSecurityContext:
-      runAsUser: 5050
-      runAsGroup: 5050
-    copyMethod: Snapshot
-    storageClassName: ceph-block
-    volumeSnapshotClassName: ceph-blockpool-snapshot

clusters/cl01tl/helm/pgadmin/values.yaml

@@ -1,72 +0,0 @@
-pgadmin4:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      initContainers:
-        init-chmod-data:
-          securityContext:
-            runAsUser: 0
-          image:
-            repository: busybox
-            tag: 1.37.0
-            pullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-            - -ec
-            - |
-              /bin/chown -R 5050:5050 /var/lib/pgadmin
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-      containers:
-        main:
-          securityContext:
-            runAsUser: 5050
-            runAsGroup: 5050
-          image:
-            repository: dpage/pgadmin4
-            tag: "9.11"
-            pullPolicy: IfNotPresent
-          env:
-            - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION
-              value: "False"
-            - name: PGADMIN_DEFAULT_EMAIL
-              value: alexanderlebens@gmail.com
-            - name: PGADMIN_DEFAULT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: pgadmin-password-secret
-                  key: pgadmin-password
-          envFrom:
-            - secretRef:
-                name: pgadmin-env-secret
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 80
-          protocol: TCP
-  persistence:
-    data:
-      forceRename: pgadmin4-data
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 5Gi
-      retain: true
-      advancedMounts:
-        main:
-          init-chmod-data:
-            - path: /var/lib/pgadmin
-              readOnly: false
-          main:
-            - path: /var/lib/pgadmin
-              readOnly: false

clusters/cl01tl/helm/photoview/Chart.lock

@@ -5,5 +5,5 @@ dependencies:
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 6.16.1
-digest: sha256:e4e2a3261c0d734cc5a968c4c5f5935013c0db256e70f491599f59761e469112
-generated: "2025-12-05T17:10:19.911762545Z"
+digest: sha256:423913abfef9f5dc7a56422dd1fe70f9aba129948b33bb538235333b8a643d6a
+generated: "2025-12-13T18:23:58.856756-06:00"

clusters/cl01tl/helm/photoview/Chart.yaml

@@ -19,7 +19,7 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
   - name: postgres-cluster
-    alias: postgres-17-cluster
+    alias: postgres-18-cluster
     version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png

clusters/cl01tl/helm/photoview/templates/external-secrets.yaml

@@ -1,10 +1,10 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: photoview-postgresql-17-cluster-backup-secret
+  name: photoview-postgresql-18-cluster-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/name: photoview-postgresql-18-cluster-backup-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -31,10 +31,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: photoview-postgresql-17-cluster-backup-secret-garage
+  name: photoview-postgresql-18-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret-garage
+    app.kubernetes.io/name: photoview-postgresql-18-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:

clusters/cl01tl/helm/photoview/values.yaml

@@ -34,7 +34,7 @@ photoview:
             - name: PHOTOVIEW_POSTGRES_URL
               valueFrom:
                 secretKeyRef:
-                  name: photoview-postgresql-17-cluster-app
+                  name: photoview-postgresql-18-cluster-app
                   key: uri
             - name: PHOTOVIEW_MEDIA_CACHE
               value: /app/cache
@@ -72,9 +72,12 @@ photoview:
           main:
             - path: /photos
               readOnly: true
-postgres-17-cluster:
+postgres-18-cluster:
   mode: recovery
   cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
     storage:
       storageClass: local-path
     walStorage:
@@ -86,30 +89,30 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-18-cluster
       endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: photoview-postgresql-17-cluster-backup-secret-garage
+      endpointCredentials: photoview-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
-        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-18-cluster
         index: 1
         retentionPolicy: "30d"
         isWALArchiver: false
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster
+        destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-18-cluster
         index: 1
         endpointURL: http://garage-main.garage:3900
-        endpointCredentials: photoview-postgresql-17-cluster-backup-secret-garage
+        endpointCredentials: photoview-postgresql-18-cluster-backup-secret-garage
         endpointCredentialsIncludeRegion: true
         retentionPolicy: "3d"
         isWALArchiver: true
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster
+      #   destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-18-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: photoview-postgresql-17-cluster-backup-secret-garage
+      #   endpointCredentials: photoview-postgresql-18-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -117,6 +120,7 @@ postgres-17-cluster:
     scheduledBackups:
       - name: daily-backup
         suspend: false
+        immediate: true
         schedule: "0 0 0 * * *"
         backupName: external
       - name: live-backup
@@ -126,5 +130,6 @@ postgres-17-cluster:
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
+      #   immediate: true
       #   schedule: "0 12 4 * * SAT"
       #   backupName: garage-remote

clusters/cl01tl/helm/plex/Chart.yaml

@@ -23,4 +23,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png
-appVersion: 1.41.6
+appVersion: 1.42.2

clusters/cl01tl/helm/plex/values.yaml

@@ -9,7 +9,7 @@ plex:
         main:
           image:
             repository: ghcr.io/linuxserver/plex
-            tag: 1.42.2@sha256:ab81c7313fb5dc4d1f9562e5bbd5e5877a8a3c5ca6b9f9fff3437b5096a2b123
+            tag: 1.42.2@sha256:7cc7874ad35b105fe1fe4d99ef27be9c5eb2f4115ccf91af5a7283cae0024599
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/helm/postiz/Chart.lock

@@ -8,5 +8,5 @@ dependencies:
 - name: postgres-cluster
   repository: oci://harbor.alexlebens.net/helm-charts
   version: 6.16.1
-digest: sha256:6ed7bd8fa055ec4def561bbd391d49544a6cea8cef596b279845290b666d5316
-generated: "2025-12-07T02:55:42.350284796Z"
+digest: sha256:3fcb924dbb789c22a0612b34a06c5798fd4bdb4959b061558b07085d983a0598
+generated: "2025-12-14T15:52:23.915353-06:00"

clusters/cl01tl/helm/postiz/Chart.yaml

@@ -25,8 +25,8 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
     version: 1.23.2
   - name: postgres-cluster
-    alias: postgres-17-cluster
+    alias: postgres-18-cluster
     version: 6.16.1
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
-appVersion: v1.43.3
+appVersion: v2.10.1

clusters/cl01tl/helm/postiz/templates/external-secret.yaml

@@ -228,10 +228,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: postiz-postgresql-17-cluster-backup-secret
+  name: postiz-postgresql-18-cluster-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: postiz-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/name: postiz-postgresql-18-cluster-backup-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -258,10 +258,10 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: postiz-postgresql-17-cluster-backup-secret-garage
+  name: postiz-postgresql-18-cluster-backup-secret-garage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: postiz-postgresql-17-cluster-backup-secret-garage
+    app.kubernetes.io/name: postiz-postgresql-18-cluster-backup-secret-garage
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:

clusters/cl01tl/helm/postiz/templates/redis-replication.yaml

@@ -13,7 +13,7 @@ spec:
     runAsUser: 1000
     fsGroup: 1000
   kubernetesConfig:
-    image: quay.io/opstree/redis:v8.0.3
+    image: quay.io/opstree/redis:v8.4.0
     imagePullPolicy: IfNotPresent
     redisSecret:
       name: postiz-redis-config
@@ -32,4 +32,4 @@ spec:
             storage: 1Gi
   redisExporter:
     enabled: true
-    image: quay.io/opstree/redis-exporter:v1.48.0
+    image: quay.io/opstree/redis-exporter:v1.80.1

clusters/cl01tl/helm/postiz/values.yaml

@@ -26,7 +26,7 @@ postiz:
             - name: DATABASE_URL
               valueFrom:
                 secretKeyRef:
-                  name: postiz-postgresql-17-cluster-app
+                  name: postiz-postgresql-18-cluster-app
                   key: uri
             - name: REDIS_URL
               valueFrom:
@@ -105,9 +105,12 @@ postiz:
 cloudflared:
   name: cloudflared-postiz
   existingSecretName: postiz-cloudflared-secret
-postgres-17-cluster:
+postgres-18-cluster:
   mode: recovery
   cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
     storage:
       storageClass: local-path
     walStorage:
@@ -119,30 +122,30 @@ postgres-17-cluster:
   recovery:
     method: objectStore
     objectStore:
-      destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster
+      destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-18-cluster
       endpointURL: http://garage-main.garage:3900
       index: 1
-      endpointCredentials: postiz-postgresql-17-cluster-backup-secret-garage
+      endpointCredentials: postiz-postgresql-18-cluster-backup-secret-garage
   backup:
     objectStore:
       - name: external
-        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/postiz/postiz-postgresql-17-cluster
-        index: 2
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/postiz/postiz-postgresql-18-cluster
+        index: 1
         retentionPolicy: "30d"
         isWALArchiver: false
       - name: garage-local
-        destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster
+        destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-18-cluster
         index: 1
         endpointURL: http://garage-main.garage:3900
-        endpointCredentials: postiz-postgresql-17-cluster-backup-secret-garage
+        endpointCredentials: postiz-postgresql-18-cluster-backup-secret-garage
         endpointCredentialsIncludeRegion: true
         retentionPolicy: "3d"
         isWALArchiver: true
       # - name: garage-remote
-      #   destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster
+      #   destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-18-cluster
       #   index: 1
       #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
-      #   endpointCredentials: postiz-postgresql-17-cluster-backup-secret-garage
+      #   endpointCredentials: postiz-postgresql-18-cluster-backup-secret-garage
       #   retentionPolicy: "30d"
       #   data:
       #     compression: bzip2
@@ -150,6 +153,7 @@ postgres-17-cluster:
     scheduledBackups:
       - name: daily-backup
         suspend: false
+        immediate: true
         schedule: "0 0 0 * * *"
         backupName: external
       - name: live-backup
@@ -159,5 +163,6 @@ postgres-17-cluster:
         backupName: garage-local
       # - name: weekly-backup
       #   suspend: false
+      #   immediate: true
       #   schedule: "0 14 4 * * SAT"
       #   backupName: garage-remote

clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml

@@ -18,4 +18,4 @@ dependencies:
     version: 25.0.1
     repository: oci://ghcr.io/prometheus-community/charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
-appVersion: v0.82.0
+appVersion: v0.87.1

clusters/cl01tl/helm/prowlarr/Chart.yaml

@@ -20,4 +20,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png
-appVersion: 1.35.1
+appVersion: 2.3.0

clusters/cl01tl/helm/qbittorrent/Chart.yaml

@@ -27,4 +27,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.5.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/qbittorrent.png
-appVersion: 5.1.2
+appVersion: 5.1.4

clusters/cl01tl/helm/qbittorrent/templates/config-map.yaml

@@ -14,8 +14,10 @@ data:
         echo "curl could not be found, installing";
         apk add curl;
     fi;
+    curl -i -X POST --silent --write-out '%{http_code}' -d "json={\"random_port\": \"true\"}" "http://localhost:8080/api/v2/app/setPreferences";
+    sleep 10
     echo "updating port with $1";
-    curl -i -X POST -d "json={\"listen_port\": \"${1}\"}" "http://localhost:8080/api/v2/app/setPreferences";
+    curl -i -X POST --silent --write-out '%{http_code}' -d "json={\"listen_port\": \"${1}\"}" "http://localhost:8080/api/v2/app/setPreferences";
 
 ---
 apiVersion: v1

clusters/cl01tl/helm/qbittorrent/values.yaml

@@ -157,7 +157,7 @@ qbittorrent:
         apprise-api:
           image:
             repository: caronc/apprise
-            tag: 1.2.6
+            tag: 1.3.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ