chore(deps): update av1155/houndarr to v1.6.0

2026-03-21 17:04:06 +00:00
37 changed files with 147 additions and 179 deletions
--- a/.gitea/workflows/lint-test-docker.yaml
+++ b/.gitea/workflows/lint-test-docker.yaml
@@ -21,14 +21,14 @@ jobs:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
-        uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
+        uses: GuillaumeFalourd/branch-exists@v1.1
        with:
          branch: "${{ github.base_ref }}"
@@ -51,7 +51,7 @@ jobs:
      - name: Set Up Node.js
        if: steps.branch-exists.outputs.exists == 'true'
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@v6
        with:
          node-version: '24'
@@ -120,7 +120,7 @@ jobs:
          echo "----"
      - name: ntfy Failed
-        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
+        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
--- a/.gitea/workflows/lint-test-helm.yaml
+++ b/.gitea/workflows/lint-test-helm.yaml
@@ -28,14 +28,14 @@ jobs:
      changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
-        uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
+        uses: GuillaumeFalourd/branch-exists@v1.1
        with:
          branch: ${{ github.base_ref }}
@@ -58,7 +58,7 @@ jobs:
      - name: Set Up Helm
        if: steps.branch-exists.outputs.exists == 'true'
-        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
+        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          # renovate: datasource=github-releases depName=helm/helm
@@ -67,7 +67,7 @@ jobs:
      - name: Cache Helm Dependencies
        if: steps.branch-exists.outputs.exists == 'true'
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache@v5
        with:
          path: |
            ~/.cache/helm
@@ -209,7 +209,7 @@ jobs:
          exit $EXIT_CODE
      - name: ntfy Failed
-        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
+        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
@@ -232,7 +232,7 @@ jobs:
      github.event_name == 'pull_request'
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
@@ -257,7 +257,7 @@ jobs:
          echo "----"
      - name: Set Up Helm
-        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
+        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          # renovate: datasource=github-releases depName=helm/helm
@@ -265,7 +265,7 @@ jobs:
          cache: true
      - name: Cache Helm Dependencies
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache@v5
        with:
          path: |
            ~/.cache/helm
@@ -352,7 +352,7 @@ jobs:
          exit $EXIT_CODE
      - name: ntfy Failed
-        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
+        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
--- a/.gitea/workflows/render-manifests.yaml
+++ b/.gitea/workflows/render-manifests.yaml
@@ -31,32 +31,32 @@ jobs:
      (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
    steps:
      - name: Checkout Main
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v6
        with:
          path: infrastructure
          fetch-depth: 0
      - name: Checkout Manifests
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v6
        with:
          ref: manifests
          path: infrastructure-manifests
      - name: Set Up Helm
-        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
+        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
          cache: true
      - name: Configure Kubeconfig
-        uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
+        uses: azure/k8s-set-context@v4
        with:
          method: kubeconfig
          kubeconfig: ${{ secrets.KUBECONFIG }}
      - name: Cache Helm Dependencies
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache@v5
        with:
          path: |
            ~/.cache/helm
@@ -568,7 +568,7 @@ jobs:
          echo "----"
      - name: ntfy Created
-        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
+        uses: niniyas/ntfy-action@master
        if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
        with:
          url: "${{ secrets.NTFY_URL }}"
@@ -582,7 +582,7 @@ jobs:
          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
      - name: ntfy Updated
-        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
+        uses: niniyas/ntfy-action@master
        if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
        with:
          url: "${{ secrets.NTFY_URL }}"
@@ -596,7 +596,7 @@ jobs:
          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
      - name: ntfy Merged
-        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
+        uses: niniyas/ntfy-action@master
        if: steps.merge-changes.outputs.pull-request-operation == 'merged'
        with:
          url: "${{ secrets.NTFY_URL }}"
@@ -610,7 +610,7 @@ jobs:
          actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
      - name: ntfy Failed
-        uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
+        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: "${{ secrets.NTFY_URL }}"
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -13,10 +13,10 @@ on:
 jobs:
  renovate:
    runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43.84.2@sha256:92285747b3aac062a4f567762c272a12dce037843a20177a02c95b7c420e20cb
+    container: ghcr.io/renovatebot/renovate:43
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v6
      - name: Renovate
        run: renovate
--- a/clusters/cl01tl/helm/argocd/values.yaml
+++ b/clusters/cl01tl/helm/argocd/values.yaml
@@ -55,7 +55,14 @@ argo-cd:
  server:
    replicas: 2
    extensions:
-      enabled: false
+      enabled: true
      extensionList:
        - name: extension-trivy
          env:
            - name: EXTENSION_URL
              value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
            - name: EXTENSION_CHECKSUM_URL
              value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
    metrics:
      enabled: true
      serviceMonitor:
--- a/clusters/cl01tl/helm/blocky/values.yaml
+++ b/clusters/cl01tl/helm/blocky/values.yaml
@@ -98,7 +98,7 @@ blocky:
              traefik-cl01tl                  IN      A       10.232.1.21
              blocky                          IN      A       10.232.1.22
-              plex-lb                         IN      A       10.232.1.23
+              cilium-cl01tl                   IN      A       10.232.1.23
              ;; Application Names
--- a/clusters/cl01tl/helm/cilium/Chart.lock
+++ b/clusters/cl01tl/helm/cilium/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: cilium
  repository: https://helm.cilium.io/
-  version: 1.19.1
+  version: 1.18.6
-digest: sha256:bf5e8b3233c18bdb9409bb98c9a7ea4114e0e04e8489a49fdb2d29ded0cfa429
+digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
-generated: "2026-03-22T03:40:43.419786988Z"
+generated: "2026-02-05T12:00:20.15778-06:00"
--- a/clusters/cl01tl/helm/cilium/Chart.yaml
+++ b/clusters/cl01tl/helm/cilium/Chart.yaml
@@ -15,7 +15,7 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: cilium
-    version: 1.19.1
+    version: 1.18.6
    repository: https://helm.cilium.io/
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
 # renovate: datasource=github-releases depName=cilium/cilium
--- a/clusters/cl01tl/helm/eraser/values.yaml
+++ b/clusters/cl01tl/helm/eraser/values.yaml
@@ -34,7 +34,27 @@ eraser:
        request:
          cpu: 100m
          memory: 128Mi
-        config: ""
+        config: "" # |
          # cacheDir: /var/lib/trivy
          # dbRepo: ghcr.io/aquasecurity/trivy-db
          # deleteFailedImages: true
          # deleteEOLImages: true
          # vulnerabilities:
          #   ignoreUnfixed: true
          #   types:
          #     - os
          #     - library
          #   securityChecks:
          #     - vuln
          #   severities:
          #     - CRITICAL
          #     - HIGH
          #     - MEDIUM
          #     - LOW
          #   ignoredStatuses:
          # timeout:
          #   total: 23h
          #   perImage: 1h
      remover:
        request:
          cpu: 10m
--- a/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
+++ b/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
@@ -377,6 +377,25 @@ spec:
  resyncPeriod: 1h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:
  name: grafana-dashboard-trivy
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: grafana-dashboard-trivy
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  instanceSelector:
    matchLabels:
      app: grafana-main
  contentCacheDuration: 1h
  folderUID: grafana-folder-service
  resyncPeriod: 1h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
--- a/clusters/cl01tl/helm/headlamp/values.yaml
+++ b/clusters/cl01tl/helm/headlamp/values.yaml
@@ -25,6 +25,9 @@ headlamp:
        - name: cert-manager
          source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager
          version: 0.1.0
        - name: trivy
          source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy
          version: 0.3.1
        - name: external-secrets-operator
          source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator
          version: 0.1.0-beta7
--- a/clusters/cl01tl/helm/houndarr/Chart.lock
+++ b/clusters/cl01tl/helm/houndarr/Chart.lock
@@ -1,9 +0,0 @@
 dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.6.2
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
 digest: sha256:375d6c2eb2f097717c44c5a28cb162da24f4ff154a971e5a68ccd0e0b77e936f
 generated: "2026-03-21T22:31:01.142752-05:00"
--- a/clusters/cl01tl/helm/houndarr/values.yaml
+++ b/clusters/cl01tl/helm/houndarr/values.yaml
@@ -14,10 +14,6 @@ houndarr:
          env:
            - name: TZ
              value: America/Chicago
            - name: PUID
              value: 1000
            - name: PGID
              value: 1000
            - name: HOUNDARR_SECURE_COOKIES
              value: true
            - name: HOUNDARR_TRUSTED_PROXIES
@@ -68,11 +64,6 @@ houndarr:
              readOnly: false
 volsync-target-data:
  pvcTarget: houndarr-data
  moverSecurityContext:
    runAsUser: 1000
    runAsGroup: 1000
    fsGroup: 1000
    fsGroupChangePolicy: OnRootMismatch
  local:
    enabled: true
    schedule: 40 11 * * *
--- a/clusters/cl01tl/helm/music-grabber/values.yaml
+++ b/clusters/cl01tl/helm/music-grabber/values.yaml
@@ -9,7 +9,7 @@ music-grabber:
        main:
          image:
            repository: g33kphr33k/musicgrabber
-            tag: 2.5.0
+            tag: 2.4.6
            pullPolicy: IfNotPresent
          env:
            - name: MUSIC_DIR
--- a/clusters/cl01tl/helm/plex/values.yaml
+++ b/clusters/cl01tl/helm/plex/values.yaml
@@ -26,7 +26,6 @@ plex:
  service:
    main:
      controller: main
      type: LoadBalancer
      ports:
        http:
          port: 32400
--- a/hosts/pd05wd/ollama/compose.yaml
+++ b/hosts/pd05wd/ollama/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-ollama:
-        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:latest
        container_name: tailscale-ollama
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    ollama:
-        image: ollama/ollama:latest@sha256:5a5d014aa774f78ebe1340c0d4afc2e35afc12a2c3b34c84e71f78ea20af4ba3
+        image: ollama/ollama:latest
        container_name: ollama
        environment:
            - OLLAMA_KEEP_ALIVE=24h
--- a/hosts/pd05wd/stable-diffusion/compose.yaml
+++ b/hosts/pd05wd/stable-diffusion/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-stable-diffusion:
-        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:latest
        container_name: tailscale-stable-diffusion
        cap_add:
            - net_admin
@@ -22,7 +22,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    stable-diffusion:
-        image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda@sha256:bc4b2b12ac8d030cc5daf25e2c32517709b7c15f59a32685c4c1a14a9606eb42
+        image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda
        container_name: stable-diffusion
        environment:
            - WEBUI_ARGS="--api --listen"
--- a/hosts/ps08rp/blocky/compose.yaml
+++ b/hosts/ps08rp/blocky/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-blocky:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-blocky
        cap_add:
            - net_admin
@@ -18,7 +18,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    blocky:
-        image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
+        image: ghcr.io/0xerr0r/blocky:v0.29.0
        container_name: blocky
        environment:
            - TZ=America/Chicago
--- a/hosts/ps08rp/blocky/config.yml
+++ b/hosts/ps08rp/blocky/config.yml
@@ -73,7 +73,7 @@ customDNS:
    traefik-cl01tl                  IN      A       10.232.1.21
    blocky                          IN      A       10.232.1.22
-    plex-lb                         IN      A       10.232.1.23
+    cilium-cl01tl                   IN      A       10.232.1.23
    ;; Application Names
--- a/hosts/ps08rp/node-exporter/compose.yaml
+++ b/hosts/ps08rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565
+        image: quay.io/prometheus/node-exporter:v1.10.2
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps08rp/traefik/compose.yaml
+++ b/hosts/ps08rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c
+        image: ghcr.io/traefik/traefik:v3.6.11
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps09rp/blocky/compose.yaml
+++ b/hosts/ps09rp/blocky/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-blocky:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-blocky
        cap_add:
            - net_admin
@@ -18,7 +18,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    blocky:
-        image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
+        image: ghcr.io/0xerr0r/blocky:v0.29.0
        container_name: blocky
        environment:
            - TZ=America/Chicago
--- a/hosts/ps09rp/blocky/config.yml
+++ b/hosts/ps09rp/blocky/config.yml
@@ -94,7 +94,7 @@ customDNS:
    traefik-cl01tl                  IN      A       10.232.1.21
    blocky                          IN      A       10.232.1.22
-    plex-lb                         IN      A       10.232.1.23
+    cilium-cl01tl                   IN      A       10.232.1.23
    ;; Application Names
--- a/hosts/ps09rp/node-exporter/compose.yaml
+++ b/hosts/ps09rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565
+        image: quay.io/prometheus/node-exporter:v1.10.2
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps09rp/traefik/compose.yaml
+++ b/hosts/ps09rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c
+        image: ghcr.io/traefik/traefik:v3.6.11
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/hosts/ps10rp/blocky/compose.yaml
+++ b/hosts/ps10rp/blocky/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-blocky:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-blocky
        cap_add:
            - net_admin
@@ -18,7 +18,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    blocky:
-        image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
+        image: ghcr.io/0xerr0r/blocky:v0.29.0
        container_name: blocky
        environment:
            - TZ=America/Chicago
--- a/hosts/ps10rp/castsponsorskip/compose.yaml
+++ b/hosts/ps10rp/castsponsorskip/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    castsponsorskip:
-        image: ghcr.io/gabe565/castsponsorskip:0.8.3@sha256:f556d274aab94c3140058e9f192396bc75e04d8e075769223c1edfc8c4f4daa4
+        image: ghcr.io/gabe565/castsponsorskip:0.8.3
        container_name: castsponsorskip
        environment:
            - TZ=America/Chicago
--- a/hosts/ps10rp/cloudflare-ddns/compose.yaml
+++ b/hosts/ps10rp/cloudflare-ddns/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    cloudflare-ddns:
-        image: favonia/cloudflare-ddns:1.15.1@sha256:a4e2089b3531eec8c9328c7a9a586f80e8d67dcd94856e0b596b7896e1de3f62
+        image: favonia/cloudflare-ddns:1.15.1
        container_name: cloudflare-ddns
        cap_drop:
            - all
--- a/hosts/ps10rp/garage/compose.yaml
+++ b/hosts/ps10rp/garage/compose.yaml
@@ -1,6 +1,6 @@
 services:
    tailscale-garage:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-garage
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    tailscale-garage-ui:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-garage-ui
        cap_add:
            - net_admin
@@ -39,7 +39,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    garage:
-        image: dxflrs/garage:v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
+        image: dxflrs/garage:v2.2.0
        container_name: garage
        env_file:
            - .env
@@ -54,7 +54,7 @@ services:
            - data:/var/lib/garage/data
    garage-ui:
-        image: khairul169/garage-webui:1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c
+        image: khairul169/garage-webui:1.1.0
        container_name: garage-ui
        env_file:
            - .env
--- a/hosts/ps10rp/gitea/compose.yaml
+++ b/hosts/ps10rp/gitea/compose.yaml
@@ -1,6 +1,6 @@
 services:
    tailscale-gitea:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-gitea
        cap_add:
            - net_admin
@@ -19,7 +19,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    postgresql:
-        image: docker.io/postgres:18.1-alpine3.21@sha256:44d837eb4c2ed263474a95f0cc24745413c50924df60dd73ed6c4c3e36b84259
+        image: docker.io/postgres:18.1-alpine3.21
        container_name: gitea-postgres
        env_file:
            - .env
@@ -33,7 +33,7 @@ services:
            - postgresql18:/var/lib/postgresql
    gitea:
-        image: gitea/gitea:1.25.5@sha256:f846d26a4fc389c5806a580a765e00bfdd1fd181e6f2060da98ea2669d914472
+        image: gitea/gitea:1.25.5
        container_name: gitea
        depends_on:
            - postgresql
--- a/hosts/ps10rp/homepage/compose.yaml
+++ b/hosts/ps10rp/homepage/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-homepage:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-homepage
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    dockerproxy:
-        image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.2@sha256:1f3a6f303320723d199d2316a3e82b2e2685d86c275d5e3deeaf182573b47476
+        image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.2
        container_name: homepage-dockerproxy
        environment:
            - CONTAINERS=1
@@ -32,7 +32,7 @@ services:
            - /var/run/docker.sock:/var/run/docker.sock:ro
    homepage:
-        image: ghcr.io/gethomepage/homepage:v1.11.0@sha256:b129cb0f674bd6d204e215bde2c2fc3f11d6ad0e82f6d20007cf80f74e1acbb1
+        image: ghcr.io/gethomepage/homepage:v1.11.0
        container_name: homepage
        labels:
            traefik.enable: true
--- a/hosts/ps10rp/isponsorblocktv/compose.yaml
+++ b/hosts/ps10rp/isponsorblocktv/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    isponsorblocktv:
-        image: ghcr.io/dmunozv04/isponsorblocktv:v2.6.1@sha256:545856523283753ebcf4b400a46895b9906844be5265a0f4cab98a6b0bdf84be
+        image: ghcr.io/dmunozv04/isponsorblocktv:v2.6.1
        container_name: isponsorblocktv
        environment:
            - TZ=America/Chicago
--- a/hosts/ps10rp/komodo-periphery/compose.yaml
+++ b/hosts/ps10rp/komodo-periphery/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-komodo-periphery:
-        image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:latest
        container_name: tailscale-komodo-periphery
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    komodo-periphery:
-        image: ghcr.io/moghtech/komodo-periphery:latest@sha256:bd79cf960ed054fe8e02384322303e462448679b1149dde48bbef151417255b1
+        image: ghcr.io/moghtech/komodo-periphery:latest
        container_name: komodo-periphery
        env_file:
            - .env
--- a/hosts/ps10rp/node-exporter/compose.yaml
+++ b/hosts/ps10rp/node-exporter/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-node-exporter:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-node-exporter
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    node-exporter:
-        image: quay.io/prometheus/node-exporter:v1.10.2@sha256:337ff1d356b68d39cef853e8c6345de11ce7556bb34cda8bd205bcf2ed30b565
+        image: quay.io/prometheus/node-exporter:v1.10.2
        container_name: node-exporter
        command:
            - '--path.rootfs=/rootfs'
--- a/hosts/ps10rp/tailscale-subnet/compose.yaml
+++ b/hosts/ps10rp/tailscale-subnet/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-subnet
        cap_add:
            - net_admin
--- a/hosts/ps10rp/traefik/compose.yaml
+++ b/hosts/ps10rp/traefik/compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
    tailscale-traefik:
-        image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
+        image: ghcr.io/tailscale/tailscale:v1.94.2
        container_name: tailscale-traefik
        cap_add:
            - net_admin
@@ -20,7 +20,7 @@ services:
            - /dev/net/tun:/dev/net/tun
    traefik:
-        image: ghcr.io/traefik/traefik:v3.6.11@sha256:acfc80650104f0194a15f73dc1648f517561bc1645391a15705332a064cfc33c
+        image: ghcr.io/traefik/traefik:v3.6.11
        container_name: traefik
        command:
            - "--global.checkNewVersion=false"
--- a/renovate.json
+++ b/renovate.json
@@ -5,14 +5,6 @@
    "mergeConfidence:all-badges",
    ":rebaseStalePrs"
  ],
  "timezone": "America/Chicago",
  "labels": [],
  "prHourlyLimit": 0,
  "prConcurrentLimit": 0,
  "pinDigests": true,
  "baseBranchPatterns": [
    "main"
  ],
  "customManagers": [
    {
      "description": "Update appVersion in Chart.yaml",
@@ -31,7 +23,7 @@
        "/(^|/)templates/.*\\.yaml$/"
      ],
      "matchStrings": [
-        "# renovate: datasource=(?<datasource>[^\\s]+)\\s+depName=(?<depName>[^\\s]+)\\s+tag:\\s*[\"']?(?<currentValue>[^@\"'\\s\n]+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\"']?"
+        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+tag: (?<currentValue>.*)"
      ]
    },
    {
@@ -61,30 +53,14 @@
      "versioningTemplate": "semver"
    }
  ],
  "timezone": "US/Central",
  "labels": [],
  "prHourlyLimit": 0,
  "prConcurrentLimit": 0,
  "baseBranchPatterns": [
    "main"
  ],
  "packageRules": [
    {
      "description": "Disable updates to digests",
      "matchUpdateTypes": [
        "digest"
      ],
      "enabled": false
    },
    {
      "description": "Automerge digests for actions",
      "matchManagers": [
        "github-actions"
      ],
      "matchUpdateTypes": [
        "digest"
      ],
      "addLabels": [
        "actions",
        "automerge"
      ],
      "enabled": true,
      "automerge": true,
      "minimumReleaseAge": "1 days"
    },
    {
      "description": "Label charts",
      "matchDatasources": [
@@ -126,7 +102,20 @@
      "automergeType": "branch"
    },
    {
-      "description": "Label images",
+      "description": "Label images, helm",
      "matchManagers": [
        "custom.regex",
        "helm-values"
      ],
      "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
      "groupSlug": "unified-{{{groupName}}}",
      "addLabels": [
        "image"
      ],
      "automerge": false
    },
    {
      "description": "Label images, docker",
      "matchDatasources": [
        "docker"
      ],
@@ -136,14 +125,17 @@
      "automerge": false
    },
    {
-      "description": "Automerge image patches",
+      "description": "Automerge image patches, helm",
      "matchUpdateTypes": [
        "patch",
-        "pinDigest"
+        "digest"
      ],
-      "matchDatasources": [
+      "matchManagers": [
-        "docker"
+        "custom.regex",
        "helm-values"
      ],
      "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
      "groupSlug": "unified-{{{groupName}}}",
      "addLabels": [
        "image",
        "automerge"
@@ -152,68 +144,14 @@
      "minimumReleaseAge": "1 days"
    },
    {
-      "description": "Automerge images, specific packages",
+      "description": "Automerge image patches, docker",
      "matchUpdateTypes": [
        "patch",
        "minor"
      ],
      "matchDatasources": [
        "docker"
      ],
      "matchPackageNames": [
        "ghcr.io/renovatebot/renovate"
      ],
      "addLabels": [
        "image",
        "automerge"
      ],
      "automerge": true,
      "minimumReleaseAge": "1 days"
    },
    {
      "description": "Automerge digest updates, specific packages",
      "matchUpdateTypes": [
        "digest"
      ],
      "matchDatasources": [
        "docker"
      ],
      "matchPackageNames": [
        "searxng/searxng"
      ],
      "addLabels": [
        "image",
        "automerge"
      ],
      "enabled": true,
      "automerge": true,
      "minimumReleaseAge": "1 days"
    },
    {
      "description": "Label appVersion and images, merged",
      "matchManagers": [
        "custom.regex",
        "helm-values"
      ],
      "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
      "groupSlug": "unified-{{{groupName}}}",
      "addLabels": [
        "image"
      ],
      "automerge": false
    },
    {
      "description": "Automerge appVersion and images, merged",
      "matchUpdateTypes": [
        "patch",
        "pinDigest"
      ],
      "matchManagers": [
        "custom.regex",
        "helm-values"
      ],
      "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
      "groupSlug": "unified-{{{groupName}}}",
      "addLabels": [
        "image",
        "automerge"