chore(deps): update gitea/gitea docker tag to v1.26.0

Merge pull request 'chore(deps): update libation to v13.3.5' (#6171 ) from renovate/unified-libation into main
chore(deps): update libation to v13.3.5
2026-04-24 02:21:15 +00:00 · 2026-04-24 02:16:49 +00:00 · 2026-04-24 02:16:33 +00:00 · 2026-04-24 02:11:43 +00:00 · 2026-04-23 21:02:03 -05:00
5 changed files with 140 additions and 4 deletions
--- a/clusters/cl01tl/helm/gitea/values.yaml
+++ b/clusters/cl01tl/helm/gitea/values.yaml
@@ -9,7 +9,7 @@ gitea:
      maxUnavailable: 1
  image:
    repository: gitea/gitea
-    tag: 1.25.5
+    tag: 1.26.0
  service:
    http:
      type: ClusterIP
--- a/clusters/cl01tl/helm/libation/Chart.yaml
+++ b/clusters/cl01tl/helm/libation/Chart.yaml
@@ -26,4 +26,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
 # renovate: datasource=github-releases depName=rmcrackan/Libation
-appVersion: 13.3.4
+appVersion: 13.3.5
--- a/clusters/cl01tl/helm/libation/values.yaml
+++ b/clusters/cl01tl/helm/libation/values.yaml
@@ -12,7 +12,7 @@ libation:
        main:
          image:
            repository: rmcrackan/libation
-            tag: 13.3.4@sha256:eb0357e8a880ed0049dffd2a99a9d2eda322ed33b3b9e16f4fb93eb15275f396
+            tag: 13.3.5@sha256:fcfeaa406a3567e3de89d85bf761d17868029c6e8a127922672770cb812b9be8
          env:
            - name: SLEEP_TIME
              value: "-1"
--- a/clusters/cl01tl/helm/matrix-synapse/templates/secret-provider-class.yaml
+++ b/clusters/cl01tl/helm/matrix-synapse/templates/secret-provider-class.yaml
@@ -16,22 +16,102 @@ spec:
        fileName: config.yaml
        secretPath: secret/data/cl01tl/matrix-synapse/config
        secretKey: config.yaml
+
+---
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: matrix-synapse-oidc-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-synapse-oidc-config
+    {{- include "custom.labels" . | nindent 4 }}
+spec:
+  provider: openbao
+  parameters:
+    baoAddress: "http://openbao-internal.openbao:8200"
+    roleName: matrix-synapse
+    objects: |
      - objectName: oidc.yaml
        fileName: oidc.yaml
        secretPath: secret/data/cl01tl/matrix-synapse/config
        secretKey: oidc.yaml
+
+---
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: matrix-synapse-hookshot-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-synapse-hookshot-config
+    {{- include "custom.labels" . | nindent 4 }}
+spec:
+  provider: openbao
+  parameters:
+    baoAddress: "http://openbao-internal.openbao:8200"
+    roleName: matrix-synapse
+    objects: |
      - objectName: hookshot-registration.yaml
        fileName: hookshot-registration.yaml
        secretPath: secret/data/cl01tl/matrix-synapse/hookshot
        secretKey: hookshot-registration.yaml
+
+---
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: matrix-synapse-mautrix-discord-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-synapse-mautrix-discord-config
+    {{- include "custom.labels" . | nindent 4 }}
+spec:
+  provider: openbao
+  parameters:
+    baoAddress: "http://openbao-internal.openbao:8200"
+    roleName: matrix-synapse
+    objects: |
      - objectName: mautrix-discord-registration.yaml
        fileName: mautrix-discord-registration.yaml
        secretPath: secret/data/cl01tl/matrix-synapse/mautrix-discord
        secretKey: mautrix-discord-registration.yaml
+
+---
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: matrix-synapse-mautrix-whatsapp-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-synapse-mautrix-whatsapp-config
+    {{- include "custom.labels" . | nindent 4 }}
+spec:
+  provider: openbao
+  parameters:
+    baoAddress: "http://openbao-internal.openbao:8200"
+    roleName: matrix-synapse
+    objects: |
      - objectName: mautrix-whatsapp-registration.yaml
        fileName: mautrix-whatsapp-registration.yaml
        secretPath: secret/data/cl01tl/matrix-synapse/mautrix-whatsapp
        secretKey: mautrix-whatsapp-registration.yaml
+
+---
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: matrix-synapse-double-puppet-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: matrix-synapse-double-puppet-config
+    {{- include "custom.labels" . | nindent 4 }}
+spec:
+  provider: openbao
+  parameters:
+    baoAddress: "http://openbao-internal.openbao:8200"
+    roleName: matrix-synapse
+    objects: |
      - objectName: double-puppet-registration.yaml
        fileName: double-puppet-registration.yaml
        secretPath: secret/data/cl01tl/matrix-synapse/double-puppet
--- a/clusters/cl01tl/helm/matrix-synapse/values.yaml
+++ b/clusters/cl01tl/helm/matrix-synapse/values.yaml
@@ -43,11 +43,67 @@ matrix-synapse:
          readOnly: true
          volumeAttributes:
            secretProviderClass: matrix-synapse-config
+      - name: oidc-config
+        csi:
+          driver: secrets-store.csi.k8s.io
+          readOnly: true
+          volumeAttributes:
+            secretProviderClass: matrix-synapse-oidc-config
+      - name: hookshot-config
+        csi:
+          driver: secrets-store.csi.k8s.io
+          readOnly: true
+          volumeAttributes:
+            secretProviderClass: matrix-synapse-hookshot-config
+      - name: mautrix-discord-config
+        csi:
+          driver: secrets-store.csi.k8s.io
+          readOnly: true
+          volumeAttributes:
+            secretProviderClass: matrix-synapse-mautrix-discord-config
+      - name: mautrix-whatsapp-config
+        csi:
+          driver: secrets-store.csi.k8s.io
+          readOnly: true
+          volumeAttributes:
+            secretProviderClass: matrix-synapse-mautrix-whatsapp-config
+      - name: double-puppet-config
+        csi:
+          driver: secrets-store.csi.k8s.io
+          readOnly: true
+          volumeAttributes:
+            secretProviderClass: matrix-synapse-double-puppet-config
    extraVolumeMounts:
      - name: config
-        mountPath: /synapse/config/conf.d
+        mountPath: /synapse/config/conf.d/config.yaml
        mountPropagation: None
        readOnly: true
+        subPath: config.yaml
+      - name: oidc-config
+        mountPath: /synapse/config/conf.d/
+        mountPropagation: None
+        readOnly: true
+        subPath: oidc.yaml
+      - name: hookshot-config
+        mountPath: /synapse/config/conf.d/
+        mountPropagation: None
+        readOnly: true
+        subPath: hookshot-registration.yaml
+      - name: mautrix-discord-config
+        mountPath: /synapse/config/conf.d/
+        mountPropagation: None
+        readOnly: true
+        subPath: mautrix-discord-registration.yaml
+      - name: mautrix-whatsapp-config
+        mountPath: /synapse/config/conf.d/
+        mountPropagation: None
+        readOnly: true
+        subPath: mautrix-whatsapp-registration.yaml
+      - name: double-puppet-config
+        mountPath: /synapse/config/conf.d/
+        mountPropagation: None
+        readOnly: true
+        subPath: double-puppet-registration.yaml
    resources:
      requests:
        cpu: 10m
Author	SHA1	Message	Date
Renovate Bot	ab9740f647	chore(deps): update gitea/gitea docker tag to v1.26.0 Some checks are pending lint-test-helm / lint-helm (pull_request) Waiting to run Details lint-test-helm / validate-kubeconform (pull_request) Blocked by required conditions Details	2026-04-24 02:21:15 +00:00
Renovate Bot	8486899750	Merge pull request 'chore(deps): update libation to v13.3.5' (#6171 ) from renovate/unified-libation into main Some checks are pending renovate / renovate (push) Waiting to run Details lint-test-helm / lint-helm (push) Successful in 5m3s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details	2026-04-24 02:16:49 +00:00
Renovate Bot	15526181c8	chore(deps): update libation to v13.3.5 All checks were successful renovate/stability-days Updates have met minimum release age requirement Details lint-test-helm / lint-helm (pull_request) Successful in 26s Details lint-test-helm / validate-kubeconform (pull_request) Has been skipped Details render-manifests / render-manifests (pull_request) Successful in 1m10s Details	2026-04-24 02:16:33 +00:00
Alex Lebens	bf24f60161	Merge pull request 'feat: subpath mount' (#6170 ) from tmp/secrets-10 into main Some checks failed lint-test-helm / lint-helm (push) Successful in 4m0s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Has been cancelled Details Reviewed-on: #6170	2026-04-24 02:11:43 +00:00
Alex Lebens	2eee76307a	feat: subpath mount All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 3m39s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 30s Details render-manifests / render-manifests (pull_request) Successful in 1m1s Details	2026-04-23 21:02:03 -05:00