chore(deps): update immich to v2.7.0

2026-04-07 17:15:27 +00:00
265 changed files with 1558 additions and 2713 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/.gitea/workflows/lint-test-helm.yaml
+++ b/.gitea/workflows/lint-test-helm.yaml
@@ -16,8 +16,8 @@ on:
 env:
  CLUSTER: cl01tl
  BASE_BRANCH: "origin/${{ github.base_ref }}"
  # renovate: datasource=github-releases depName=yannh/kubeconform
  KUBECONFORM_VERSION: "v0.6.7"
  ARGOCD_VERSION: "v3.3.6"
 jobs:
  lint-helm:
@@ -102,7 +102,7 @@ jobs:
            echo ""
            echo "${CHANGED_CHARTS}"
-            CHANGED_CHARTS_CSV=$(echo "${CHANGED_CHARTS}" | paste -sd ',' -)
+            CHANGED_CHARTS_CSV=$(echo "$CHANGED_CHARTS" | paste -sd ',' -)
            echo ""
            echo "----"
@@ -236,17 +236,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: Cache Kubeconform
        id: cache-kubeconform
        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
        with:
          path: /usr/local/bin/kubeconform
          key: ${{ runner.os }}-kubeconform-${{ env.KUBECONFORM_VERSION }}
          restore-keys: |
            ${{ runner.os }}-kubeconform-
      - name: Install Kubeconform
        if: steps.cache-kubeconform.outputs.cache-hit != 'true'
        run: |
          echo ">> Downloading Kubeconform ${{ env.KUBECONFORM_VERSION }} ..."
          wget -q https://github.com/yannh/kubeconform/releases/download/${{ env.KUBECONFORM_VERSION }}/kubeconform-linux-amd64.tar.gz
@@ -259,8 +249,6 @@ jobs:
          echo ">> Installing Kubeconform ..."
          sudo mv kubeconform /usr/local/bin/
      - name: Verify installation
        run: |
          echo ""
          echo ">> Verifying installation ..."
          kubeconform -v
@@ -336,7 +324,7 @@ jobs:
            helm dependency build "${CHART_PATH}" --skip-refresh
-            if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor" | \
+            if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute" | \
              kubeconform \
                ${SCHEMA_LOCATIONS} \
                -ignore-missing-schemas \
@@ -377,233 +365,3 @@ jobs:
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
          image: true
  # argo-diff:
  #   needs: lint-helm
  #   runs-on: ubuntu-js
  #   if: |
  #     needs.lint-helm.result == 'success' &&
  #     needs.lint-helm.outputs.changes-detected == 'true' &&
  #     github.event_name == 'pull_request'
  #   steps:
  #     - name: Checkout
  #       uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
  #       with:
  #         fetch-depth: 0
  #     - name: Cache ArgoCD CLI
  #       id: cache-argocd
  #       uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
  #       with:
  #         path: /usr/local/bin/argocd
  #         key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
  #         restore-keys: |
  #           ${{ runner.os }}-argocd-
  #     - name: Install ArgoCD CLI
  #       if: steps.cache-argocd.outputs.cache-hit != 'true'
  #       run: |
  #         echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
  #         curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
  #         echo ""
  #         echo ">> Installing ArgoCD CLI ..."
  #         sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
  #         echo ""
  #         echo "----"
  #     - name: Verify installation
  #       run: |
  #         echo ""
  #         echo ">> Verifying installation ..."
  #         argocd version --client
  #         echo ""
  #         echo "----"
  #     - name: Set Up Helm
  #       uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
  #       with:
  #         token: ${{ secrets.GITEA_TOKEN }}
  #         # renovate: datasource=github-releases depName=helm/helm
  #         version: v4.1.3
  #         cache: true
  #     - name: Cache Helm Dependencies
  #       uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
  #       with:
  #         path: |
  #           ~/.cache/helm
  #           ~/.config/helm
  #         key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
  #         restore-keys: |
  #           helm-cache-${{ runner.os }}-
  #     - name: Add Repositories
  #       env:
  #         CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
  #       run: |
  #         echo ">> Adding repositories for chart dependencies ..."
  #         echo ""
  #         for DIR in ${CHANGED_CHARTS}; do
  #           helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
  #             | tail -n +2 \
  #             | awk 'NF > 0 { print $1, $3 }' \
  #             | while read -r REPO_NAME REPO_URL; do
  #               if [[ "${REPO_URL}" == oci://* ]]; then
  #                 echo ">> Ignoring OCI repo: ${REPO_URL}"
  #               elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
  #                 helm repo add "${REPO_NAME}" "${REPO_URL}"
  #               fi
  #             done || true
  #         done
  #         if helm repo list > /dev/null 2>&1; then
  #           echo ""
  #           echo ">> Update repository cache ..."
  #           helm repo update
  #         fi
  #         echo ""
  #         echo "----"
  #     - name: Render Templates
  #       id: render
  #       env:
  #         CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
  #       run: |
  #         for APP_NAME in ${CHANGED_CHARTS}; do
  #           echo ">> Render templates for ${APP_NAME} ..."
  #           CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
  #           OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
  #           helm dependency build "${CHART_PATH}" --skip-refresh
  #           NAMESPACE="${APP_NAME}"
  #           case "${APP_NAME}" in
  #             "stack")
  #               NAMESPACE="argocd"
  #               echo ">> Special Rendering into 'argocd' namespace ..."
  #               ;;
  #             "cilium" | "coredns" | "metrics-server")
  #               NAMESPACE="kube-system"
  #               echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
  #               ;;
  #             *)
  #               echo ">> Standard Rendering ..."
  #           esac
  #           TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
  #           # Format and split rendered template
  #           echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
  #           # Strip comments again to ensure formatting correctness
  #           for file in "$OUTPUT_FOLDER"/*; do
  #             yq -i '... comments=""' $file
  #           done
  #           echo ""
  #           echo ">> Templates in output folder: ${OUTPUT_FOLDER}"
  #           ls ${OUTPUT_FOLDER}
  #         done
  #         echo "----"
  #     - name: Run App Diff
  #       id: diff
  #       env:
  #         ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
  #         ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
  #         CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
  #       run: |
  #         FAILED_CHARTS=""
  #         DIFF_FOUND="false"
  #         for APP_NAME in ${CHANGED_CHARTS}; do
  #           echo ">> Running argocd app diff for ${APP_NAME} ..."
  #           argocd app diff "${APP_NAME}" \
  #             --server "${ARGOCD_SERVER}" \
  #             --revision ${{ gitea.sha }} \
  #             --diff-exit-code 0 \
  #             --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
  #             --local-repo-root "." \
  #             --grpc-web > "diff_output_${APP_NAME}.txt"
  #           if [ -s "diff_output_${APP_NAME}.txt" ]; then
  #             echo ">> Argo diff:"
  #             echo ""
  #             cat diff_output_${APP_NAME}.txt
  #             echo ""
  #             DIFF_FOUND="true"
  #           else
  #             echo ">> No Argo diff found for ${APP_NAME}"
  #             rm "diff_output_${APP_NAME}.txt"
  #           fi
  #         done
  #         echo "----"
  #         echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
  #         echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
  #         exit $OVERALL_EXIT_CODE
  #     - name: Post Diff
  #       if: |
  #         always() &&
  #         steps.diff.outputs.diff-detected == 'true' &&
  #         gitea.event.pull_request.number != null
  #       env:
  #         GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
  #       run: |
  #         COMMENT_BODY="### ArgoCD Diff Results
  #         "
  #         for f in diff_output_*.txt; do
  #           APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
  #           DIFF_CONTENT=$(cat "$f")
  #           COMMENT_BODY="${COMMENT_BODY}
  #         #### App: ${APP_NAME}
  #         "
  #           if [ -z "$DIFF_CONTENT" ]; then
  #             COMMENT_BODY="${COMMENT_BODY} No changes detected."
  #           else
  #             COMMENT_BODY="${COMMENT_BODY}
  #         \`\`\`diff
  #         ${DIFF_CONTENT}
  #         \`\`\`"
  #           fi
  #         done
  #         curl -X 'POST' \
  #           "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
  #           -H "Authorization: token ${GITEA_TOKEN}" \
  #           -H "Content-Type: application/json" \
  #           -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
  #     - name: ntfy Failed
  #       uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
  #       if: failure()
  #       with:
  #         url: '${{ secrets.NTFY_URL }}'
  #         topic: '${{ secrets.NTFY_TOPIC }}'
  #         title: 'ArgoCD Diff Failure'
  #         priority: 3
  #         headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
  #         tags: action,failed
  #         details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
  #         icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
  #         actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
  #         image: true
--- a/.gitea/workflows/render-manifests.yaml
+++ b/.gitea/workflows/render-manifests.yaml
@@ -50,7 +50,7 @@ jobs:
          cache: true
      - name: Configure Kubeconfig
-        uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5
+        uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
        with:
          method: kubeconfig
          kubeconfig: ${{ secrets.KUBECONFIG }}
@@ -283,7 +283,7 @@ jobs:
              echo ">> Formating rendered template ..."
              local TEMPLATE
-              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
+              TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
              # Format and split rendered template
              echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
          for DIR in ${RENDER_DIR}; do
            echo "${DIR}"
-          done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
+          done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
          echo ""
          echo "----"
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -13,7 +13,7 @@ on:
 jobs:
  renovate:
    runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43.132.1@sha256:2ccc5b1f0340593c40e1598547aa98feee4e521a0906a423fe0be0431a733dfa
+    container: ghcr.io/renovatebot/renovate:43.109.0@sha256:262d3c2d7e61da7a7eef61fdbdcf26d80cb0d13f65baaa99ace4163a4d56c0fa
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
--- a/clusters/cl01tl/helm/actual/Chart.lock
+++ b/clusters/cl01tl/helm/actual/Chart.lock
@@ -2,5 +2,8 @@ dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.6.2
-digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d
+- name: volsync-target
-generated: "2026-04-18T20:15:22.778699-05:00"
+  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
 digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
 generated: "2026-03-06T01:04:41.514235218Z"
--- a/clusters/cl01tl/helm/actual/Chart.yaml
+++ b/clusters/cl01tl/helm/actual/Chart.yaml
@@ -18,10 +18,10 @@ dependencies:
    alias: actual
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
-  # - name: volsync-target
+  - name: volsync-target
-  #   alias: volsync-target-data
+    alias: volsync-target-data
-  #   version: 0.8.0
+    version: 0.8.0
-  #   repository: oci://harbor.alexlebens.net/helm-charts
+    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
 # renovate: datasource=github-releases depName=actualbudget/actual
 appVersion: 26.4.0
--- a/clusters/cl01tl/helm/argocd/Chart.lock
+++ b/clusters/cl01tl/helm/argocd/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: argo-cd
  repository: https://argoproj.github.io/argo-helm
-  version: 9.5.2
+  version: 9.4.17
-digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
+digest: sha256:17752dbf03861cf70ee31c9a17373a5175656a2edd00ba5fcd3988a195147da8
-generated: "2026-04-19T19:53:40.43789-05:00"
+generated: "2026-03-28T01:51:34.832601868Z"
--- a/clusters/cl01tl/helm/argocd/Chart.yaml
+++ b/clusters/cl01tl/helm/argocd/Chart.yaml
@@ -13,8 +13,8 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: argo-cd
-    version: 9.5.2
+    version: 9.4.17
    repository: https://argoproj.github.io/argo-helm
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
 # renovate: datasource=github-releases depName=argoproj/argo-cd
-appVersion: v3.3.7
+appVersion: v3.3.6
--- a/clusters/cl01tl/helm/argocd/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/argocd/templates/_helpers.tpl
@@ -1,14 +0,0 @@
 {{/*
 Common labels
 */}}
 {{- define "argocd.labels" -}}
 {{ include "argocd.selectorLabels" $ }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "argocd.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
--- a/clusters/cl01tl/helm/argocd/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/argocd/templates/external-secret.yaml
@@ -1,40 +1,70 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: argocd-oidc-authentik
+  name: argocd-oidc-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: argocd-oidc-authentik
+    app.kubernetes.io/name: argocd-oidc-secret
-    {{- include "argocd.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: openbao
+    name: vault
  data:
    - secretKey: secret
      remoteRef:
-        key: /cl01tl/authentik/oidc/argocd
+        key: /authentik/oidc/argocd
        property: secret
    - secretKey: client
      remoteRef:
-        key: /cl01tk/authentik/oidc/argocd
+        key: /authentik/oidc/argocd
        property: client
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: argocd-notifications-ntfy
+  name: argocd-notifications-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: argocd-notifications-ntfy
+    app.kubernetes.io/name: argocd-notifications-secret
-    {{- include "argocd.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: openbao
+    name: vault
  data:
    - secretKey: ntfy-token
      remoteRef:
-        key: /cl01tl/ntfy/users/cl01tl
+        key: /ntfy/user/cl01tl
        property: token
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: argocd-gitea-repo-infrastructure-secret
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  data:
    - secretKey: type
      remoteRef:
        key: /cl01tl/argocd/credentials/repo/infrastructure
        property: type
    - secretKey: url
      remoteRef:
        key: /cl01tl/argocd/credentials/repo/infrastructure
        property: url
    - secretKey: sshPrivateKey
      remoteRef:
        key: /cl01tl/argocd/credentials/repo/infrastructure
        property: sshPrivateKey
--- a/clusters/cl01tl/helm/argocd/values.yaml
+++ b/clusters/cl01tl/helm/argocd/values.yaml
@@ -13,8 +13,8 @@ argo-cd:
        connectors:
        - config:
            issuer: https://authentik.alexlebens.net/application/o/argocd/
-            clientID: $argocd-oidc-authentik:client
+            clientID: $argocd-oidc-secret:client
-            clientSecret: $argocd-oidc-authentik:secret
+            clientSecret: $argocd-oidc-secret:secret
            insecureEnableGroups: true
            scopes:
              - openid
@@ -48,31 +48,31 @@ argo-cd:
        enabled: true
      rules:
        enabled: true
-        spec:
+      spec:
-          - alert: ArgoAppMissing
+        - alert: ArgoAppMissing
-            expr: |
+          expr: |
-              absent(argocd_app_info) == 1
+            absent(argocd_app_info) == 1
-            for: 15m
+          for: 15m
-            labels:
+          labels:
-              severity: critical
+            severity: critical
-            annotations:
+          annotations:
-              summary: "[Argo CD] No reported applications"
+            summary: "[Argo CD] No reported applications"
-              description: >
+            description: >
-                Argo CD has not reported any applications data for the past 15 minutes which
+              Argo CD has not reported any applications data for the past 15 minutes which
-                means that it must be down or not functioning properly.  This needs to be
+              means that it must be down or not functioning properly.  This needs to be
-                resolved for this cloud to continue to maintain state.
+              resolved for this cloud to continue to maintain state.
-          - alert: ArgoAppNotSynced
+        - alert: ArgoAppNotSynced
-            expr: |
+          expr: |
-              argocd_app_info{sync_status!="Synced"} == 1
+            argocd_app_info{sync_status!="Synced"} == 1
-            for: 12h
+          for: 12h
-            labels:
+          labels:
-              severity: warning
+            severity: warning
-            annotations:
+          annotations:
-              summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
+            summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
-              description: >
+            description: >
-                The application [{{`{{$labels.name}}`}} has not been synchronized for over
+              The application [{{`{{$labels.name}}`}} has not been synchronized for over
-                12 hours which means that the state of this cloud has drifted away from the
+              12 hours which means that the state of this cloud has drifted away from the
-                state inside Git.
+              state inside Git.
  dex:
    enabled: true
    resources:
@@ -205,7 +205,7 @@ argo-cd:
    argocdUrl: https://argocd.alexlebens.net
    secret:
      create: false
-      name: argocd-notifications-ntfy
+      name: argocd-notifications-secret
    metrics:
      enabled: true
      serviceMonitor:
--- a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml
@@ -32,4 +32,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
 # renovate: datasource=github-releases depName=advplyr/audiobookshelf
-appVersion: 2.33.2
+appVersion: 2.33.1
--- a/clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl
@@ -1,27 +0,0 @@
 {{/*
 Common labels
 */}}
 {{- define "audiobookshelf.labels" -}}
 {{ include "audiobookshelf.selectorLabels" $ }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "audiobookshelf.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 {{/*
 NFS names
 */}}
 {{- define "audiobookshelf.booksNfsName" -}}
 audiobookshelf-books-nfs-storage
 {{- end -}}
 {{- define "audiobookshelf.audiobooksNfsName" -}}
 audiobookshelf-audiobooks-nfs-storage
 {{- end -}}
 {{- define "audiobookshelf.podcastsNfsName" -}}
 audiobookshelf-podcasts-nfs-storage
 {{- end -}}
--- a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
@@ -1,23 +1,18 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: audiobookshelf-config-apprise
+  name: audiobookshelf-apprise-config
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: audiobookshelf-config-apprise
+    app.kubernetes.io/name: audiobookshelf-apprise-config
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: openbao
+    name: vault
  target:
    template:
      mergePolicy: Merge
      engineVersion: v2
      data:
        ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
  data:
-    - secretKey: internal-endpoint-credential
+    - secretKey: ntfy-url
      remoteRef:
-        key: /cl01tl/ntfy/users/cl01tl
+        key: /cl01tl/audiobookshelf/apprise
-        property: internal-endpoint-credential
+        property: ntfy-url
--- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
@@ -1,13 +1,14 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "audiobookshelf.booksNfsName" . }}
+  name: audiobookshelf-books-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
+    app.kubernetes.io/name: audiobookshelf-books-nfs-storage
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "audiobookshelf.booksNfsName" . }}
+  volumeName: audiobookshelf-books-nfs-storage
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "audiobookshelf.audiobooksNfsName" . }}
+  name: audiobookshelf-audiobooks-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
+    app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "audiobookshelf.audiobooksNfsName" . }}
+  volumeName: audiobookshelf-audiobooks-nfs-storage
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -37,13 +39,14 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "audiobookshelf.podcastsNfsName" . }}
+  name: audiobookshelf-podcasts-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
+    app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "audiobookshelf.podcastsNfsName" . }}
+  volumeName: audiobookshelf-podcasts-nfs-storage
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
@@ -1,11 +1,12 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "audiobookshelf.booksNfsName" . }}
+  name: audiobookshelf-books-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
+    app.kubernetes.io/name: audiobookshelf-books-nfs-storage
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "audiobookshelf.audiobooksNfsName" . }}
+  name: audiobookshelf-audiobooks-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
+    app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs-client
@@ -49,11 +51,12 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "audiobookshelf.podcastsNfsName" . }}
+  name: audiobookshelf-podcasts-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
+    app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs-client
--- a/clusters/cl01tl/helm/audiobookshelf/values.yaml
+++ b/clusters/cl01tl/helm/audiobookshelf/values.yaml
@@ -12,7 +12,7 @@ audiobookshelf:
        main:
          image:
            repository: ghcr.io/advplyr/audiobookshelf
-            tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
+            tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
          env:
            - name: TZ
              value: America/Chicago
@@ -40,7 +40,7 @@ audiobookshelf:
            - name: APPRISE_STATELESS_URLS
              valueFrom:
                secretKeyRef:
-                  name: audiobookshelf-config-apprise
+                  name: audiobookshelf-apprise-config
                  key: ntfy-url
  service:
    main:
--- a/clusters/cl01tl/helm/authentik/Chart.lock
+++ b/clusters/cl01tl/helm/authentik/Chart.lock
@@ -1,15 +1,15 @@
 dependencies:
 - name: authentik
  repository: https://charts.goauthentik.io/
-  version: 2026.2.2
+  version: 2026.2.1
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 2.5.0
+  version: 2.4.0
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 7.11.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.1
+  version: 0.5.0
-digest: sha256:22fe4d9ec592aa74cbff5596e8d900f607bd68ea14c7df70a94b4ef76727614d
+digest: sha256:7302a85008aee7950aa345aa7d64563c1b0da8f07e348ec9709f9438503a41ff
-generated: "2026-04-13T20:32:12.748342469Z"
+generated: "2026-04-04T21:00:59.689114-05:00"
--- a/clusters/cl01tl/helm/authentik/Chart.yaml
+++ b/clusters/cl01tl/helm/authentik/Chart.yaml
@@ -18,18 +18,18 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: authentik
-    version: 2026.2.2
+    version: 2026.2.1
    repository: https://charts.goauthentik.io/
  - name: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 2.5.0
+    version: 2.4.0
  - name: postgres-cluster
    alias: postgres-18-cluster
    version: 7.11.2
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: valkey
    alias: valkey
-    version: 0.6.1
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
 # renovate: datasource=github-releases depName=goauthentik/authentik
--- a/clusters/cl01tl/helm/authentik/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/authentik/templates/_helpers.tpl
@@ -1,14 +0,0 @@
 {{/*
 Common labels
 */}}
 {{- define "authentik.labels" -}}
 {{ include "authentik.selectorLabels" $ }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "authentik.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
--- a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml
@@ -1,15 +1,16 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: authentik-key
+  name: authentik-key-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: authentik-key
+    app.kubernetes.io/name: authentik-key-secret
-    {{- include "authentik.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: openbao
+    name: vault
  data:
    - secretKey: key
      remoteRef:
--- a/clusters/cl01tl/helm/authentik/templates/ingress.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/ingress.yaml
@@ -1,12 +1,13 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ .Release.Name }}-tailscale
+  name: authentik-tailscale
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}-tailscale
+    app.kubernetes.io/name: authentik-tailscale
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
    tailscale.com/proxy-class: no-metrics
    {{- include "authentik.labels" . | nindent 4 }}
  annotations:
    tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
 spec:
--- a/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
+++ b/clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
@@ -5,7 +5,8 @@ metadata:
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: allow-outpost-cross-namespace-access
-    {{- include "authentik.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  from:
    - group: gateway.networking.k8s.io
--- a/clusters/cl01tl/helm/authentik/values.yaml
+++ b/clusters/cl01tl/helm/authentik/values.yaml
@@ -4,7 +4,7 @@ authentik:
      - name: AUTHENTIK_SECRET_KEY
        valueFrom:
          secretKeyRef:
-            name: authentik-key
+            name: authentik-key-secret
            key: key
      - name: AUTHENTIK_POSTGRESQL__HOST
        valueFrom:
--- a/clusters/cl01tl/helm/backrest/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/backrest/templates/_helpers.tpl
@@ -1,24 +0,0 @@
 {{/*
 Common labels
 */}}
 {{- define "backrest.labels" -}}
 {{ include "backrest.selectorLabels" $ }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "backrest.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 {{/*
 NFS names
 */}}
 {{- define "backrest.storageNfsName" -}}
 backrest-nfs-storage
 {{- end -}}
 {{- define "backrest.shareNfsName" -}}
 backrest-nfs-share
 {{- end -}}
--- a/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
@@ -1,13 +1,14 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "backrest.storageNfsName" . }}
+  name: backrest-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
+    app.kubernetes.io/name: backrest-nfs-storage
-    {{- include "backrest.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "backrest.storageNfsName" . }}
+  volumeName: backrest-nfs-storage
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "backrest.shareNfsName" . }}
+  name: backrest-nfs-share
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
+    app.kubernetes.io/name: backrest-nfs-share
-    {{- include "backrest.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "backrest.shareNfsName" . }}
+  volumeName: backrest-nfs-share
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
@@ -1,11 +1,12 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "backrest.storageNfsName" . }}
+  name: backrest-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
+    app.kubernetes.io/name: backrest-nfs-storage
-    {{- include "backrest.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "backrest.shareNfsName" . }}
+  name: backrest-nfs-share
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
+    app.kubernetes.io/name: backrest-nfs-share
-    {{- include "backrest.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs-client
--- a/clusters/cl01tl/helm/bazarr/Chart.yaml
+++ b/clusters/cl01tl/helm/bazarr/Chart.yaml
@@ -10,9 +10,7 @@ home: https://docs.alexlebens.dev/applications/bazarr/
 sources:
  - https://github.com/morpheus65535/bazarr
  - https://github.com/linuxserver/docker-bazarr
  - https://github.com/onedr0p/exportarr
  - https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
  - https://github.com/onedr0p/exportarr/pkgs/container/exportarr
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
--- a/clusters/cl01tl/helm/bazarr/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/bazarr/templates/_helpers.tpl
@@ -1,21 +0,0 @@
 {{/*
 Common labels
 */}}
 {{- define "bazarr.labels" -}}
 {{ include "bazarr.selectorLabels" $ }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "bazarr.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 {{/*
 NFS names
 */}}
 {{- define "bazarr.storageNfsName" -}}
 bazarr-nfs-storage
 {{- end -}}
--- a/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
@@ -1,17 +0,0 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: bazarr-key
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: bazarr-key
    {{- include "bazarr.labels" . | nindent 4 }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: openbao
  data:
    - secretKey: key
      remoteRef:
        key: /cl01tl/bazarr/key
        property: key
--- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
@@ -1,13 +1,14 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "bazarr.storageNfsName" . }}
+  name: bazarr-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
+    app.kubernetes.io/name: bazarr-nfs-storage
-    {{- include "bazarr.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{ .Template.Name }}
+  volumeName: bazarr-nfs-storage
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
@@ -1,11 +1,12 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "bazarr.storageNfsName" . }}
+  name: bazarr-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
+    app.kubernetes.io/name: bazarr-nfs-storage
-    {{- include "bazarr.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs-client
--- a/clusters/cl01tl/helm/bazarr/values.yaml
+++ b/clusters/cl01tl/helm/bazarr/values.yaml
@@ -23,28 +23,11 @@ bazarr:
            - name: PGID
              value: 1000
          resources:
            limits:
              cpu: 100m
            requests:
-              cpu: 10m
+              cpu: 1m
              memory: 250Mi
        metrics:
          image:
            repository: ghcr.io/onedr0p/exportarr
            tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
          args: ["bazarr"]
          env:
            - name: URL
              value: http://localhost:6767
            - name: PORT
              value: 9792
            - name: APIKEY
              valueFrom:
                secretKeyRef:
                  name: bazarr-key
                  key: key
            - name: ENABLE_ADDITIONAL_METRICS
              value: false
            - name: ENABLE_UNKNOWN_QUEUE_ITEMS
              value: false
  service:
    main:
      controller: main
@@ -52,21 +35,6 @@ bazarr:
        http:
          port: 80
          targetPort: 6767
        metrics:
          port: 9792
          targetPort: 9792
  serviceMonitor:
    main:
      selector:
        matchLabels:
          app.kubernetes.io/name: bazarr
          app.kubernetes.io/instance: bazarr
      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
      endpoints:
        - port: metrics
          interval: 3m
          scrapeTimeout: 1m
          path: /metrics
  route:
    main:
      kind: HTTPRoute
--- a/clusters/cl01tl/helm/blocky/Chart.lock
+++ b/clusters/cl01tl/helm/blocky/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
  version: 4.6.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.1
+  version: 0.5.0
-digest: sha256:6ed3a7587906fbda581d0091ff2c29a1816b8b0b8ae40add9885e6a68b2b82ae
+digest: sha256:49b0e666059bad492ebaa4a20119ce5bbd1959a1ee6b22b271a9ca9529122697
-generated: "2026-04-13T20:32:34.844998902Z"
+generated: "2026-03-31T18:37:20.549898-05:00"
--- a/clusters/cl01tl/helm/blocky/Chart.yaml
+++ b/clusters/cl01tl/helm/blocky/Chart.yaml
@@ -20,7 +20,7 @@ dependencies:
    version: 4.6.2
  - name: valkey
    alias: valkey
-    version: 0.6.1
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
 # renovate: datasource=github-releases depName=0xerr0r/blocky
--- a/clusters/cl01tl/helm/blocky/values.yaml
+++ b/clusters/cl01tl/helm/blocky/values.yaml
@@ -106,10 +106,10 @@ blocky:
              audiobookshelf                  IN      CNAME   traefik-cl01tl
              authentik                       IN      CNAME   traefik-cl01tl
              backrest                        IN      CNAME   traefik-cl01tl
              bao                             IN      CNAME   traefik-cl01tl
              bazarr                          IN      CNAME   traefik-cl01tl
              ceph                            IN      CNAME   traefik-cl01tl
              dawarich                        IN      CNAME   traefik-cl01tl
              dependency-track                IN      CNAME   traefik-cl01tl
              directus                        IN      CNAME   traefik-cl01tl
              excalidraw                      IN      CNAME   traefik-cl01tl
              feishin                         IN      CNAME   traefik-cl01tl
@@ -161,7 +161,6 @@ blocky:
              sonarr                          IN      CNAME   traefik-cl01tl
              sonarr-4k                       IN      CNAME   traefik-cl01tl
              sonarr-anime                    IN      CNAME   traefik-cl01tl
              sparkyfitness                   IN      CNAME   traefik-cl01tl
              stalwart                        IN      CNAME   traefik-cl01tl
              tdarr                           IN      CNAME   traefik-cl01tl
              tubearchivist                   IN      CNAME   traefik-cl01tl
--- a/clusters/cl01tl/helm/cert-manager/Chart.lock
+++ b/clusters/cl01tl/helm/cert-manager/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: cert-manager
  repository: https://charts.jetstack.io
-  version: v1.20.2
+  version: v1.20.1
-digest: sha256:f218239b4538c64d57e098a56c69dcbc4e076ffcc3d320c5a5fef1e6309e38cf
+digest: sha256:1bf36eba44cf096b40355a697b8cffb302f07f9135374222aabdf686f017b7a9
-generated: "2026-04-13T23:02:59.380767677Z"
+generated: "2026-03-28T01:35:24.542754563Z"
--- a/clusters/cl01tl/helm/cert-manager/Chart.yaml
+++ b/clusters/cl01tl/helm/cert-manager/Chart.yaml
@@ -13,8 +13,8 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: cert-manager
-    version: v1.20.2
+    version: v1.20.1
    repository: https://charts.jetstack.io
 icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
 # renovate: datasource=github-releases depName=cert-manager/cert-manager
-appVersion: v1.20.2
+appVersion: v1.20.1
--- a/clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl
@@ -1,24 +0,0 @@
 {{/*
 Common labels
 */}}
 {{- define "cert-manager.labels" -}}
 {{ include "cert-manager.selectorLabels" $ }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "cert-manager.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 {{/*
 NFS names
 */}}
 {{- define "cert-manager.cloudflareSecretName" -}}
 cert-manager-cloudflare-api-token
 {{- end -}}
 {{- define "cert-manager.cloudflareSecretKey" -}}
 api-token
 {{- end -}}
--- a/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
+++ b/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
@@ -5,7 +5,8 @@ metadata:
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: letsencrypt-issuer
-    {{- include "cert-manager.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  acme:
    email: alexanderlebens@gmail.com
@@ -21,5 +22,5 @@ spec:
          cloudflare:
            email: alexanderlebens@gmail.com
            apiTokenSecretRef:
-              name: {{- include "cert-manager.cloudflareSecretName" . }}
+              name: cloudflare-api-token
-              key: {{- include "cert-manager.cloudflareSecretKey" . }}
+              key: api-token
--- a/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
@@ -1,17 +1,18 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: {{- include "cert-manager.cloudflareSecretName" . }}
+  name: cloudflare-api-token
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{- include "cert-manager.cloudflareSecretName" . }}
+    app.kubernetes.io/name: cloudflare-api-token
-    {{- include "cert-manager.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: openbao
+    name: vault
  data:
-    - secretKey: {{- include "cert-manager.cloudflareSecretKey" . }}
+    - secretKey: api-token
      remoteRef:
-        key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
+        key: /cloudflare/alexlebens.net/clusterissuer
        property: token
--- a/clusters/cl01tl/helm/cilium/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/cilium/templates/_helpers.tpl
@@ -1,14 +0,0 @@
 {{/*
 Common labels
 */}}
 {{- define "cilium.labels" -}}
 {{ include "cilium.selectorLabels" $ }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "cilium.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
@@ -0,0 +1,19 @@
 # apiVersion: cilium.io/v2
 # kind: CiliumBGPAdvertisement
 # metadata:
 #   name: cilium-bgp-advertisements
 #   namespace: {{ .Release.Namespace }}
 #   labels:
 #     app.kubernetes.io/name: cilium-bgp-advertisements
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 # spec:
 #   advertisements:
 #     - advertisementType: "Service"
 #       service:
 #         addresses:
 #           - ExternalIP
 #           - LoadBalancerIP
 #       selector:
 #         matchExpressions:
 #          - {key: somekey, operator: NotIn, values: ['never-used-value']}
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
@@ -0,0 +1,22 @@
 # apiVersion: cilium.io/v2
 # kind: CiliumBGPClusterConfig
 # metadata:
 #   name: cilium-bgp
 #   namespace: {{ .Release.Namespace }}
 #   labels:
 #     app.kubernetes.io/name: cilium-bgp
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 # spec:
 #   nodeSelector:
 #     matchLabels:
 #       node-role.kubernetes.io/bgp: "65020"
 #   bgpInstances:
 #     - name: "65020"
 #       localASN: 65020
 #       peers:
 #         - name: "udm-65000"
 #           peerASN: 65000
 #           peerAddress: 192.168.1.1
 #           peerConfigRef:
 #             name: "cilium-peer"
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
@@ -0,0 +1,23 @@
 # apiVersion: cilium.io/v2
 # kind: CiliumBGPPeerConfig
 # metadata:
 #   name: cilium-peer
 #   namespace: {{ .Release.Namespace }}
 #   labels:
 #     app.kubernetes.io/name: cilium-peer
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 # spec:
 #   timers:
 #     holdTimeSeconds: 9
 #     keepAliveTimeSeconds: 3
 #   ebgpMultihop: 4
 #   gracefulRestart:
 #     enabled: true
 #     restartTimeSeconds: 15
 #   families:
 #     - afi: ipv4
 #       safi: unicast
 #       advertisements:
 #         matchLabels:
 #           app.kubernetes.io/name: cilium-bgp-advertisements
--- a/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
@@ -5,7 +5,8 @@ metadata:
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: default-ip-pool
-    {{- include "cilium.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  blocks:
    - start: "10.232.1.21"
@@ -19,7 +20,8 @@ metadata:
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: bgp-ip-pool
-    {{- include "cilium.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  blocks:
    - start: "10.232.2.100"
--- a/clusters/cl01tl/helm/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/gateway.yaml
@@ -0,0 +1,45 @@
 # apiVersion: gateway.networking.k8s.io/v1
 # kind: Gateway
 # metadata:
 #   name: cilium-tls-gateway
 #   namespace: {{ .Release.Namespace }}
 #   labels:
 #     app.kubernetes.io/name: cilium-tls-gateway
 #     app.kubernetes.io/instance: {{ .Release.Name }}
 #     app.kubernetes.io/part-of: {{ .Release.Name }}
 #   annotations:
 #     cert-manager.io/cluster-issuer: letsencrypt-issuer
 # spec:
 #   addresses:
 #     - type: IPAddress
 #       value: 10.232.1.23
 #   gatewayClassName: cilium
 #   listeners:
 #     - allowedRoutes:
 #         namespaces:
 #           from: All
 #       hostname: '*.alexlebens.net'
 #       name: https
 #       port: 443
 #       protocol: HTTPS
 #       tls:
 #         certificateRefs:
 #           - group: ''
 #             kind: Secret
 #             name: https-gateway-cert
 #             namespace: kube-system
 #         mode: Terminate
 #     - allowedRoutes:
 #         namespaces:
 #           from: All
 #       hostname: 'alexlebens.net'
 #       name: https-domain
 #       port: 443
 #       protocol: HTTPS
 #       tls:
 #         certificateRefs:
 #           - group: ''
 #             kind: Secret
 #             name: https-gateway-cert
 #             namespace: kube-system
 #         mode: Terminate
--- a/clusters/cl01tl/helm/cilium/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/http-route.yaml
@@ -5,7 +5,8 @@ metadata:
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: hubble
-    {{- include "cilium.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  parentRefs:
    - group: gateway.networking.k8s.io
--- a/clusters/cl01tl/helm/cloudnative-pg/Chart.lock
+++ b/clusters/cl01tl/helm/cloudnative-pg/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
  version: 0.28.0
 - name: plugin-barman-cloud
  repository: https://cloudnative-pg.io/charts/
-  version: 0.6.0
+  version: 0.5.0
-digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3
+digest: sha256:3e9b26d00fdb61af60f003bcb327e05d02799eb6088e30aaabd01c49c6021aac
-generated: "2026-04-14T09:03:10.332065288Z"
+generated: "2026-04-01T20:05:40.198140255Z"
--- a/clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
+++ b/clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
@@ -20,7 +20,7 @@ dependencies:
    version: 0.28.0
    repository: https://cloudnative-pg.io/charts/
  - name: plugin-barman-cloud
-    version: 0.6.0
+    version: 0.5.0
    repository: https://cloudnative-pg.io/charts/
 icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
 # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
--- a/clusters/cl01tl/helm/dawarich/Chart.lock
+++ b/clusters/cl01tl/helm/dawarich/Chart.lock
@@ -7,15 +7,6 @@ dependencies:
  version: 7.11.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.1
+  version: 0.5.0
- name: volsync-target
+digest: sha256:b070640b7006e3ad528193ca784cfbca602994c87afbef4ef4b40a05229cab10
-  repository: oci://harbor.alexlebens.net/helm-charts
+generated: "2026-04-04T21:01:27.376484-05:00"
  version: 0.8.0
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
 digest: sha256:6ece439d5549b7d7ccd75053846bb9b2e8f9798a2e2163eac6f62bf5cf222587
 generated: "2026-04-13T20:32:54.380897459Z"
--- a/clusters/cl01tl/helm/dawarich/Chart.yaml
+++ b/clusters/cl01tl/helm/dawarich/Chart.yaml
@@ -12,7 +12,6 @@ sources:
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
@@ -26,19 +25,7 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: valkey
    alias: valkey
-    version: 0.6.1
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: volsync-target
    alias: volsync-target-storage
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: volsync-target
    alias: volsync-target-public
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: volsync-target
    alias: volsync-target-watched
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
 # renovate: datasource=github-releases depName=Freika/dawarich
--- a/clusters/cl01tl/helm/dawarich/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/dawarich/templates/_helpers.tpl
@@ -1,14 +0,0 @@
 {{/*
 Common labels
 */}}
 {{- define "dawarich.labels" -}}
 {{ include "dawarich.selectorLabels" $ }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "dawarich.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
--- a/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
@@ -1,15 +1,16 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: dawarich-key
+  name: dawarich-key-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: dawarich-key
+    app.kubernetes.io/name: dawarich-key-secret
-    {{- include "dawarich.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: openbao
+    name: vault
  data:
    - secretKey: key
      remoteRef:
@@ -20,21 +21,22 @@ spec:
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: dawarich-oidc-authentik
+  name: dawarich-oidc-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: dawarich-oidc-authentik
+    app.kubernetes.io/name: dawarich-oidc-secret
-    {{- include "dawarich.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
-    name: openbao
+    name: vault
  data:
    - secretKey: client
      remoteRef:
-        key: /cl01tl/authentik/oidc/dawarich
+        key: /authentik/oidc/dawarich
        property: client
    - secretKey: secret
      remoteRef:
-        key: /cl01tl/authentik/oidc/dawarich
+        key: /authentik/oidc/dawarich
        property: secret
--- a/clusters/cl01tl/helm/dawarich/values.yaml
+++ b/clusters/cl01tl/helm/dawarich/values.yaml
@@ -61,12 +61,12 @@ dawarich:
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
-                  name: dawarich-oidc-authentik
+                  name: dawarich-oidc-secret
                  key: client
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
-                  name: dawarich-oidc-authentik
+                  name: dawarich-oidc-secret
                  key: secret
            - name: OIDC_PROVIDER_NAME
              value: Authentik
@@ -81,7 +81,7 @@ dawarich:
            - name: SECRET_KEY_BASE
              valueFrom:
                secretKeyRef:
-                  name: dawarich-key
+                  name: dawarich-key-secret
                  key: key
            - name: RAILS_LOG_TO_STDOUT
              value: true
@@ -313,36 +313,3 @@ postgres-18-cluster:
        immediate: true
        schedule: "0 10 14 * * *"
        backupName: garage-local
 volsync-target-storage:
  pvcTarget: dawarich-storage
  local:
    enabled: true
    schedule: 6 8 * * *
  remote:
    enabled: true
    schedule: 6 9 * * *
  external:
    enabled: true
    schedule: 6 10 * * *
 volsync-target-public:
  pvcTarget: dawarich-public
  local:
    enabled: true
    schedule: 8 8 * * *
  remote:
    enabled: true
    schedule: 8 9 * * *
  external:
    enabled: true
    schedule: 8 10 * * *
 volsync-target-watched:
  pvcTarget: dawarich-watched
  local:
    enabled: true
    schedule: 8 8 * * *
  remote:
    enabled: true
    schedule: 8 9 * * *
  external:
    enabled: true
    schedule: 8 10 * * *
--- a/clusters/cl01tl/helm/dependency-track/Chart.lock
+++ b/clusters/cl01tl/helm/dependency-track/Chart.lock
@@ -0,0 +1,9 @@
 dependencies:
 - name: dependency-track
  repository: https://dependencytrack.github.io/helm-charts
  version: 0.44.0
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 7.11.2
 digest: sha256:6ea7e8066cce675a02ce76393ee2b0e23300d2f5c72ae64946ae667fc12fde1f
 generated: "2026-04-05T17:32:11.221935-05:00"
--- a/clusters/cl01tl/helm/dependency-track/Chart.yaml
+++ b/clusters/cl01tl/helm/dependency-track/Chart.yaml
@@ -0,0 +1,27 @@
 apiVersion: v2
 name: dependency-track
 version: 1.0.0
 description: Dependency Track
 keywords:
  - dependency-track
  - vulnerability-scanner
 home: https://docs.alexlebens.dev/applications/dependency-track/
 sources:
  - https://github.com/DependencyTrack/dependency-track
  - https://hub.docker.com/r/dependencytrack/apiserver
  - https://hub.docker.com/r/dependencytrack/frontend
  - https://github.com/DependencyTrack/helm-charts/tree/main/charts/dependency-track
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
 maintainers:
  - name: alexlebens
 dependencies:
  - name: dependency-track
    version: 0.44.0
    repository: https://dependencytrack.github.io/helm-charts
  - name: postgres-cluster
    alias: postgres-18-cluster
    version: 7.11.2
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://avatars.githubusercontent.com/u/40258585
 # renovate: datasource=github-releases depName=DependencyTrack/dependency-track
 appVersion: 4.14.1
--- a/clusters/cl01tl/helm/dependency-track/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/dependency-track/templates/external-secret.yaml
@@ -1,10 +1,10 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: sparkyfitness-key-secret
+  name: dependency-track-key-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: sparkyfitness-key-secret
+    app.kubernetes.io/name: dependency-track-key-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -12,23 +12,19 @@ spec:
    kind: ClusterSecretStore
    name: vault
  data:
-    - secretKey: api_encryption_key
+    - secretKey: secret.key
      remoteRef:
-        key: /cl01tl/sparkyfitness/key
+        key: /cl01tl/dependency-track/key
-        property: api_encryption_key
+        property: key
    - secretKey: better_auth_secret
      remoteRef:
        key: /cl01tl/sparkyfitness/key
        property: better_auth_secret
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: sparkyfitness-oidc-secret
+  name: dependency-track-oidc-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: sparkyfitness-oidc-secret
+    app.kubernetes.io/name: dependency-track-oidc-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -36,11 +32,11 @@ spec:
    kind: ClusterSecretStore
    name: vault
  data:
-    - secretKey: client_id
+    - secretKey: client
      remoteRef:
-        key: /authentik/oidc/sparkyfitness
+        key: /authentik/oidc/dependency-track
        property: client
-    - secretKey: client_secret
+    - secretKey: secret
      remoteRef:
-        key: /authentik/oidc/sparkyfitness
+        key: /authentik/oidc/dependency-track
        property: secret
--- a/clusters/cl01tl/helm/dependency-track/values.yaml
+++ b/clusters/cl01tl/helm/dependency-track/values.yaml
@@ -0,0 +1,114 @@
 dependency-track:
  common:
    secretKey:
      createSecret: false
      existingSecretName: dependency-track-key-secret
  apiServer:
    image:
      repository: dependencytrack/apiserver
      tag: 4.14.1@sha256:2d8813e1ba4ada4aa23087d908c1b5a3ffce39261ead5555c397a1d67c7cbe9d
    resources:
      requests:
        cpu: 100m
        memory: 100Mi
      limits:
        memory: null
    persistentVolume:
      enabled: true
      className: ceph-block
      size: 5Gi
    extraEnv:
      - name: ALPINE_DATABASE_MODE
        value: external
      - name: ALPINE_DATABASE_DRIVER
        value: org.postgresql.Driver
      - name: ALPINE_DATABASE_URL
        valueFrom:
          secretKeyRef:
            name: dependency-track-postgresql-18-cluster-app
            key: jdbc-uri
      - name: ALPINE_DATABASE_USERNAME
        valueFrom:
          secretKeyRef:
            name: dependency-track-postgresql-18-cluster-app
            key: user
      - name: ALPINE_DATABASE_PASSWORD
        valueFrom:
          secretKeyRef:
            name: dependency-track-postgresql-18-cluster-app
            key: password
      - name: ALPINE_OIDC_ENABLED
        value: "true"
      - name: ALPINE_OIDC_CLIENT_ID
        valueFrom:
          secretKeyRef:
            name: dependency-track-oidc-secret
            key: client
      - name: ALPINE_OIDC_ISSUER
        value: https://authentik.alexlebens.net/application/o/dependency-track/
      - name: ALPINE_OIDC_USERNAME_CLAIM
        value: preferred_username
      - name: ALPINE_OIDC_TEAMS_CLAIM
        value: groups
      - name: ALPINE_OIDC_USER_PROVISIONING
        value: "true"
      - name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
        value: "true"
      - name: ALPINE_CORS_ENABLED
        value: "false"
      - name: ALPINE_CORS_ALLOW_ORIGIN
        value: dependency-track.alexlebens.net dependency-track.dependency-track
    serviceMonitor:
      enabled: true
      namespace: dependency-track
  frontend:
    image:
      repository: dependencytrack/frontend
      tag: 4.14.1@sha256:8217737050b26ea69a6ddd6fe2cb419531a0bae0b903a87a04077a2415fc9f35
    resources:
      requests:
        cpu: 10m
        memory: 60Mi
      limits:
        memory: null
    extraEnv:
      - name: OIDC_ISSUER
        value: https://authentik.alexlebens.net/application/o/dependency-track/
      - name: OIDC_FLOW
        value: explicit
      - name: OIDC_CLIENT_ID
        valueFrom:
          secretKeyRef:
            name: dependency-track-oidc-secret
            key: client
      - name: OIDC_LOGIN_BUTTON_TEXT
        value: Authentik
    apiBaseUrl: dependency-track-api-server.dependency-track
  httpRoute:
    enabled: true
    hostnames:
      - dependency-track.alexlebens.net
    parentRefs:
      - group: gateway.networking.k8s.io
        kind: Gateway
        name: traefik-gateway
        namespace: traefik
 postgres-18-cluster:
  mode: standalone
  recovery:
    method: objectStore
    objectStore:
      index: 1
  backup:
    objectStore:
      - name: garage-local
        index: 1
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 10 14 * * *"
        backupName: garage-local
--- a/clusters/cl01tl/helm/directus/Chart.lock
+++ b/clusters/cl01tl/helm/directus/Chart.lock
@@ -7,6 +7,6 @@ dependencies:
  version: 7.11.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.1
+  version: 0.5.0
-digest: sha256:78f5065d1125792c88e4d24f5ac1ee3d6310b4997f552020c44d0615335ea329
+digest: sha256:5fa84b2d82a160c35e002690e4d299275b8136463da9da789be9ca7c6ff998c4
-generated: "2026-04-13T20:33:13.909018545Z"
+generated: "2026-04-04T21:01:37.322862-05:00"
--- a/clusters/cl01tl/helm/directus/Chart.yaml
+++ b/clusters/cl01tl/helm/directus/Chart.yaml
@@ -25,8 +25,8 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: valkey
    alias: valkey
-    version: 0.6.1
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
 # renovate: datasource=github-releases depName=directus/directus
-appVersion: 11.17.3
+appVersion: 11.17.2
--- a/clusters/cl01tl/helm/directus/values.yaml
+++ b/clusters/cl01tl/helm/directus/values.yaml
@@ -8,7 +8,7 @@ directus:
        main:
          image:
            repository: ghcr.io/directus/directus
-            tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5
+            tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
          env:
            - name: PUBLIC_URL
              value: https://directus.alexlebens.net
--- a/clusters/cl01tl/helm/element-web/Chart.lock
+++ b/clusters/cl01tl/helm/element-web/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: element-web
  repository: https://ananace.gitlab.io/charts
-  version: 1.4.34
+  version: 1.4.33
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 2.5.0
+  version: 2.4.0
-digest: sha256:8640b8a250bdcd9e7561e3d28538ccf4644a7159a035ee0a5fdbcf71dc5b2bbe
+digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0
-generated: "2026-04-10T01:17:19.932208699Z"
+generated: "2026-03-24T16:11:50.424321433Z"
--- a/clusters/cl01tl/helm/element-web/Chart.yaml
+++ b/clusters/cl01tl/helm/element-web/Chart.yaml
@@ -15,11 +15,11 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: element-web
-    version: 1.4.34
+    version: 1.4.33
    repository: https://ananace.gitlab.io/charts
  - name: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 2.5.0
+    version: 2.4.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
 # renovate: datasource=github-releases depName=element-hq/element-web
-appVersion: v1.12.15
+appVersion: v1.12.13
--- a/clusters/cl01tl/helm/element-web/values.yaml
+++ b/clusters/cl01tl/helm/element-web/values.yaml
@@ -2,7 +2,7 @@ element-web:
  replicaCount: 1
  image:
    repository: ghcr.io/element-hq/element-web
-    tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed
+    tag: v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6
  defaultServer:
    url: https://matrix.alexlebens.dev
    name: alexlebens.dev
--- a/clusters/cl01tl/helm/eraser/Chart.lock
+++ b/clusters/cl01tl/helm/eraser/Chart.lock
@@ -2,8 +2,5 @@ dependencies:
 - name: eraser
  repository: https://eraser-dev.github.io/eraser/charts
  version: 1.4.1
- name: app-template
+digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
-  repository: https://bjw-s-labs.github.io/helm-charts/
+generated: "2025-12-03T22:53:20.200917773Z"
  version: 4.6.2
 digest: sha256:8414813d3d9d195b16ef7ebf814f7095a16413f4b0e579fcb37738000624f68c
 generated: "2026-04-08T21:39:05.689756-05:00"
--- a/clusters/cl01tl/helm/eraser/Chart.yaml
+++ b/clusters/cl01tl/helm/eraser/Chart.yaml
@@ -9,19 +9,13 @@ home: https://docs.alexlebens.dev/applications/eraser/
 sources:
  - https://github.com/eraser-dev/eraser
  - https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
  - https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector
  - https://github.com/eraser-dev/eraser/tree/main/charts/eraser
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
 maintainers:
  - name: alexlebens
 dependencies:
  - name: eraser
    version: 1.4.1
    repository: https://eraser-dev.github.io/eraser/charts
  - name: app-template
    alias: eraser-metrics
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
 icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
 # renovate: datasource=github-releases depName=eraser-dev/eraser
 appVersion: v1.4.1
--- a/clusters/cl01tl/helm/eraser/values.yaml
+++ b/clusters/cl01tl/helm/eraser/values.yaml
@@ -35,85 +35,3 @@ eraser:
      requests:
        cpu: 1m
        memory: 20Mi
 eraser-metrics:
  global:
    nameOverride: eraser-metrics
    fullnameOverride: eraser-metrics
  controllers:
    main:
      type: deployment
      replicas: 1
      strategy: Recreate
      containers:
        main:
          image:
            repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
            tag: 0.150.1@sha256:618f7867e49fdb173d9b46d535b01f82254b0b14beac6ab1f6f2eb8cf62c5d42
          command:
            - /otelcol
            - --config=/conf/otel-collector-config.yaml
          resources:
            requests:
              cpu: 10m
              memory: 20Mi
  configMaps:
    config:
      enabled: true
      forceRename: eraser-config
      data:
        otel-collector-config.yaml: |
          receivers:
            otlp:
              protocols:
                http:
          exporters:
            prometheus:
              endpoint: "0.0.0.0:8889"
              send_timestamps: true
              metric_expiration: 180m
          service:
            telemetry:
              logs:
                encoding: json
            pipelines:
              metrics:
                receivers:
                  - otlp
                exporters:
                  - prometheus
  service:
    main:
      controller: main
      ports:
        http:
          port: 4318
          targetPort: 4318
        metrics:
          port: 8889
          targetPort: 8889
  serviceMonitor:
    main:
      selector:
        matchLabels:
          app.kubernetes.io/name: eraser-metrics
          app.kubernetes.io/instance: eraser-metrics
      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
      endpoints:
        - port: metrics
          interval: 30s
          scrapeTimeout: 15s
          path: /metrics
  persistence:
    config:
      enabled: true
      type: configMap
      name: eraser-config
      advancedMounts:
        main:
          main:
            - path: /conf/otel-collector-config.yaml
              readOnly: true
              mountPropagation: None
              subPath: otel-collector-config.yaml
--- a/clusters/cl01tl/helm/external-secrets/Chart.lock
+++ b/clusters/cl01tl/helm/external-secrets/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: external-secrets
  repository: https://charts.external-secrets.io
-  version: 2.3.0
+  version: 2.2.0
-digest: sha256:fedb79c937be24d4bb72f665122b468b445de95f3f02de419903e3136186e42f
+digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae
-generated: "2026-04-10T15:10:52.488487421Z"
+generated: "2026-03-26T19:19:15.734454-05:00"
--- a/clusters/cl01tl/helm/external-secrets/Chart.yaml
+++ b/clusters/cl01tl/helm/external-secrets/Chart.yaml
@@ -14,8 +14,8 @@ sources:
 dependencies:
  - name: external-secrets
    alias: external-secrets
-    version: 2.3.0
+    version: 2.2.0
    repository: https://charts.external-secrets.io
 icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
 # renovate: datasource=github-releases depName=external-secrets/external-secrets
-appVersion: v2.3.0
+appVersion: v2.2.0
--- a/clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml
+++ b/clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml
@@ -1,17 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: external-secrets
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: external-secrets
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
 subjects:
  - kind: ServiceAccount
    name: external-secrets
    namespace: {{ .Release.Namespace }}
--- a/clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml
+++ b/clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml
@@ -17,29 +17,3 @@ spec:
          namespace: vault
          name: vault-token
          key: token
 ---
 apiVersion: external-secrets.io/v1
 kind: ClusterSecretStore
 metadata:
  name: openbao
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: openbao
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  provider:
    vault:
      server: http://openbao-internal.openbao:8200
      path: secret
      version: v2
      auth:
        kubernetes:
          mountPath: kubernetes
          role: external-secrets
          serviceAccountRef:
            name: external-secrets
            namespace: {{ .Release.Name }}
            audiences:
              - openbao
--- a/clusters/cl01tl/helm/external-secrets/values.yaml
+++ b/clusters/cl01tl/helm/external-secrets/values.yaml
@@ -2,7 +2,7 @@ external-secrets:
  replicaCount: 3
  image:
    repository: ghcr.io/external-secrets/external-secrets
-    tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
+    tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
  installCRDs: true
  crds:
    createClusterExternalSecret: true
@@ -29,7 +29,7 @@ external-secrets:
  webhook:
    image:
      repository: ghcr.io/external-secrets/external-secrets
-      tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
+      tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
    resources:
      requests:
        cpu: 1m
@@ -37,7 +37,7 @@ external-secrets:
  certController:
    image:
      repository: ghcr.io/external-secrets/external-secrets
-      tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
+      tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
    resources:
      requests:
        cpu: 1m
--- a/clusters/cl01tl/helm/foldergram/Chart.lock
+++ b/clusters/cl01tl/helm/foldergram/Chart.lock
@@ -2,11 +2,8 @@ dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.6.2
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 2.5.0
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
-digest: sha256:06e321d19ffe0df94b3cd6bcc306804729710f74ca2f9962652628377836c33e
+digest: sha256:59100c6fbfb829f9d703b9ee1cf869c4fd77b6ff53c63b0c644a757223027e58
-generated: "2026-04-11T15:26:16.743784-05:00"
+generated: "2026-03-22T12:42:43.150705-05:00"
--- a/clusters/cl01tl/helm/foldergram/Chart.yaml
+++ b/clusters/cl01tl/helm/foldergram/Chart.yaml
@@ -10,7 +10,6 @@ sources:
  - https://github.com/foldergram/foldergram
  - https://github.com/foldergram/foldergram/pkgs/container/foldergram
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
@@ -19,11 +18,8 @@ dependencies:
    alias: foldergram
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
  - name: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
    version: 2.5.0
  - name: volsync-target
-    alias: volsync-target-db
+    alias: volsync-target-data
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
--- a/clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
@@ -1,14 +1,14 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: foldergram-pictures-collections-nfs-storage
+  name: foldergram-pictures-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
+    app.kubernetes.io/name: foldergram-pictures-nfs-storage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: foldergram-pictures-collections-nfs-storage
+  volumeName: foldergram-pictures-nfs-storage
  storageClassName: nfs-client
  accessModes:
    - ReadWriteMany
--- a/clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: foldergram-pictures-collections-nfs-storage
+  name: foldergram-pictures-nfs-storage
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
+    app.kubernetes.io/name: foldergram-pictures-nfs-storage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
@@ -15,7 +15,7 @@ spec:
  accessModes:
    - ReadWriteMany
  nfs:
-    path: /volume2/Storage/Pictures/Collections
+    path: /volume2/Storage/Pictures
    server: synologybond.alexlebens.net
  mountOptions:
    - vers=4
--- a/clusters/cl01tl/helm/foldergram/values.yaml
+++ b/clusters/cl01tl/helm/foldergram/values.yaml
@@ -23,13 +23,11 @@ foldergram:
            - name: GALLERY_ROOT
              value: /gallery
            - name: CSRF_TRUSTED_ORIGINS
-              value: https://foldergram.alexlebens.net, https://art.alexlebens.dev
+              value: https://foldergram.alexlebens.net
            # - name: PUBLIC_DEMO_MODE
            #   value: 1
          resources:
            requests:
-              cpu: 10m
+              cpu: 1m
-              memory: 1Gi
+              memory: 230Mi
  service:
    main:
      controller: main
@@ -56,35 +54,25 @@ foldergram:
                type: PathPrefix
                value: /
  persistence:
-    db:
+    cache:
-      forceRename: foldergram-db
+      forceRename: foldergram-data
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 10Gi
      advancedMounts:
        main:
          main:
            - path: /app/data/db
              readOnly: false
    data:
      forceRename: foldergram-data
      storageClass: synology-iscsi-delete
      accessMode: ReadWriteOnce
      size: 250Gi
      advancedMounts:
        main:
          main:
            - path: /app/data
              readOnly: false
    pictures:
-      existingClaim: foldergram-pictures-collections-nfs-storage
+      existingClaim: foldergram-pictures-nfs-storage
      advancedMounts:
        main:
          main:
-            - path: /gallery
+            - path: /gallery/pictures
              readOnly: true
-volsync-target-db:
+volsync-target-data:
-  pvcTarget: foldergram-db
+  pvcTarget: foldergram-data
  local:
    enabled: true
    schedule: 46 11 * * *
--- a/clusters/cl01tl/helm/freshrss/Chart.lock
+++ b/clusters/cl01tl/helm/freshrss/Chart.lock
@@ -4,12 +4,12 @@ dependencies:
  version: 4.6.2
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 2.5.0
+  version: 2.4.0
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 7.11.2
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
-digest: sha256:2a13aac2d207555bf33ee01db493d210e860e660433cd6f5b9b67fadf91f8f74
+digest: sha256:f709ef2ce041d934faf75dfa31cc86e536aa62ab31ab82584c9751652561744c
-generated: "2026-04-10T01:17:32.585138713Z"
+generated: "2026-04-04T21:02:01.689182-05:00"
--- a/clusters/cl01tl/helm/freshrss/Chart.yaml
+++ b/clusters/cl01tl/helm/freshrss/Chart.yaml
@@ -22,7 +22,7 @@ dependencies:
    version: 4.6.2
  - name: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 2.5.0
+    version: 2.4.0
  - name: postgres-cluster
    alias: postgres-18-cluster
    version: 7.11.2
--- a/clusters/cl01tl/helm/garage/Chart.yaml
+++ b/clusters/cl01tl/helm/garage/Chart.yaml
@@ -21,4 +21,4 @@ dependencies:
    version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
 # renovate: datasource=docker depName=dxflrs/garage
-appVersion: v2.3.0
+appVersion: v2.2.0
--- a/clusters/cl01tl/helm/garage/values.yaml
+++ b/clusters/cl01tl/helm/garage/values.yaml
@@ -21,7 +21,7 @@ garage:
        main:
          image:
            repository: dxflrs/garage
-            tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
+            tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
          envFrom:
            - secretRef:
                name: garage-token-secret
@@ -50,7 +50,7 @@ garage:
        main:
          image:
            repository: dxflrs/garage
-            tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
+            tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
          envFrom:
            - secretRef:
                name: garage-token-secret
@@ -79,7 +79,7 @@ garage:
        main:
          image:
            repository: dxflrs/garage
-            tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
+            tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
          envFrom:
            - secretRef:
                name: garage-token-secret
--- a/clusters/cl01tl/helm/gatus/values.yaml
+++ b/clusters/cl01tl/helm/gatus/values.yaml
@@ -155,8 +155,8 @@ gatus:
      - name: searxng
        url: https://searxng.alexlebens.net
        <<: *defaults
-      - name: sparkyfitness
+      - name: roundcube
-        url: https://sparkyfitness.alexlebens.net
+        url: https://mail.alexlebens.net
        <<: *defaults
      - name: paperless-ngx
        url: https://paperless-ngx.alexlebens.net
@@ -185,6 +185,9 @@ gatus:
      - name: komodo
        url: https://komodo.alexlebens.net
        <<: *defaults
      - name: dependency-track
        url: https://dependency-track.alexlebens.net
        <<: *defaults
      - name: omni-tools
        url: https://omni-tools.alexlebens.net
        <<: *defaults
@@ -212,9 +215,6 @@ gatus:
      - name: authentik
        url: https://authentik.alexlebens.net
        <<: *defaults
      - name: roundcube
        url: https://mail.alexlebens.net
        <<: *defaults
      - name: stalwart
        url: https://stalwart.alexlebens.net
        <<: *defaults
@@ -266,9 +266,6 @@ gatus:
      - name: vault
        url: https://vault.alexlebens.net
        <<: *defaults
      - name: openbao
        url: https://bao.alexlebens.net
        <<: *defaults
      - name: backrest
        url: https://backrest.alexlebens.net
        <<: *defaults
@@ -348,14 +345,6 @@ gatus:
        url: https://www.alexlebens.dev
        <<: *defaults
        group: external
      - name: docs
        url: https://docs.alexlebens.dev
        <<: *defaults
        group: external
      - name: saralebens
        url: https://www.saralebens.com
        <<: *defaults
        group: external
      - name: rybbit
        url: https://rybbit.alexlebens.dev
        <<: *defaults
--- a/clusters/cl01tl/helm/generic-device-plugin/Chart.lock
+++ b/clusters/cl01tl/helm/generic-device-plugin/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: generic-device-plugin
  repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-  version: 0.20.31
+  version: 0.20.28
-digest: sha256:2e073f735a5ff699844eb67715ab20d403261b3e9c035ebdc4292cee9666b4f4
+digest: sha256:16e4470b394110a11721fe38a57ad1cfa7c994bca440bfbbc5b3b7a46a79f165
-generated: "2026-04-15T01:16:30.361061773Z"
+generated: "2026-04-05T02:12:22.980217268Z"
--- a/clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
+++ b/clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
@@ -14,6 +14,6 @@ maintainers:
 dependencies:
  - name: generic-device-plugin
    repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
-    version: 0.20.31
+    version: 0.20.28
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 1.0.0
--- a/clusters/cl01tl/helm/gitea/Chart.lock
+++ b/clusters/cl01tl/helm/gitea/Chart.lock
@@ -1,27 +1,27 @@
 dependencies:
 - name: gitea
  repository: https://dl.gitea.com/charts/
-  version: 12.5.3
+  version: 12.5.0
 - name: actions
  repository: https://dl.gitea.com/charts/
-  version: 0.1.0
+  version: 0.0.5
 - name: meilisearch
  repository: https://meilisearch.github.io/meilisearch-kubernetes
-  version: 0.32.0
+  version: 0.30.0
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 2.5.0
+  version: 2.4.0
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 7.11.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.1
+  version: 0.5.0
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.1
+  version: 0.5.0
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
-digest: sha256:2144d55ea34ba25bd81c1e479ee5cd27097fafb5676b96e63aa0e32ad2868925
+digest: sha256:ae512dab12cc692921a8cf80f8459fa652ae20f393a34c14f25a851410724096
-generated: "2026-04-16T20:09:26.031592859Z"
+generated: "2026-04-07T16:50:50.725821375Z"
--- a/clusters/cl01tl/helm/gitea/Chart.yaml
+++ b/clusters/cl01tl/helm/gitea/Chart.yaml
@@ -26,29 +26,29 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: gitea
-    version: 12.5.3
+    version: 12.5.0
    repository: https://dl.gitea.com/charts/
  - name: actions
    alias: gitea-actions
    repository: https://dl.gitea.com/charts/
-    version: 0.1.0
+    version: 0.0.5
  - name: meilisearch
-    version: 0.32.0
+    version: 0.30.0
    repository: https://meilisearch.github.io/meilisearch-kubernetes
  - name: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
-    version: 2.5.0
+    version: 2.4.0
  - name: postgres-cluster
    alias: postgres-18-cluster
    version: 7.11.2
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: valkey
    alias: valkey-gitea
-    version: 0.6.1
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: valkey
    alias: valkey-renovate
-    version: 0.6.1
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: volsync-target
    alias: volsync-target-storage
@@ -56,4 +56,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
 # renovate: datasource=github-releases depName=go-gitea/gitea
-appVersion: 1.26.0
+appVersion: 1.25.5
--- a/clusters/cl01tl/helm/gitea/templates/config-map.yaml
+++ b/clusters/cl01tl/helm/gitea/templates/config-map.yaml
@@ -1,12 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: gitea-custom-templates
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: gitea-custom-templates
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 data:
  header.tmpl: |
    <script defer src="https://rybbit.alexlebens.dev/api/script.js" data-site-id="b515c34a6dcc"></script>
--- a/clusters/cl01tl/helm/gitea/values.yaml
+++ b/clusters/cl01tl/helm/gitea/values.yaml
@@ -32,9 +32,6 @@ gitea:
    - name: gitea-themes-storage
      persistentVolumeClaim:
        claimName: gitea-themes-storage
    - name: gitea-custom-templates
      configMap:
        name: gitea-custom-templates
  extraInitVolumeMounts:
    - name: gitea-themes-storage
      readOnly: false
@@ -43,10 +40,6 @@ gitea:
    - name: gitea-themes-storage
      readOnly: true
      mountPath: /data/gitea/public/assets/css
    - name: gitea-custom-templates
      mountPath: /data/gitea/templates/custom/header.tmpl
      subPath: header.tmpl
      readOnly: true
  initPreScript: |
    wget https://github.com/catppuccin/gitea/releases/latest/download/catppuccin-gitea.tar.gz;
    tar -xvzf catppuccin-gitea.tar.gz -C /data/gitea/public/assets/css;
@@ -194,7 +187,7 @@ gitea-actions:
      registry: docker.io
      repository: gitea/act_runner
      # renovate: datasource=docker depName=gitea/act_runner
-      tag: 0.4.1@sha256:696a59b51ad3d149521e3beb0229d5fb88f87295e1616f940199793274415b56
+      tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
      extraVolumeMounts:
        - name: workspace-vol
          mountPath: /workspace
@@ -213,7 +206,7 @@ gitea-actions:
      registry: docker.io
      repository: docker
      # renovate: datasource=docker depName=docker
-      tag: 29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821
+      tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
      extraVolumeMounts:
        - name: docker-vol
          mountPath: /var/lib/docker
@@ -246,11 +239,6 @@ meilisearch:
      memory: 150Mi
  serviceMonitor:
    enabled: true
 cloudflared:
  resources:
    requests:
      cpu: 100m
      memory: 30Mi
 postgres-18-cluster:
  mode: recovery
  cluster:
--- a/clusters/cl01tl/helm/grafana-operator/Chart.lock
+++ b/clusters/cl01tl/helm/grafana-operator/Chart.lock
@@ -7,9 +7,9 @@ dependencies:
  version: 7.11.2
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.1
+  version: 0.5.0
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.1
+  version: 0.5.0
-digest: sha256:6c086da896f573fdb1b81abab43b90181f2af7bf57a62333c4426f3f30496ffa
+digest: sha256:6c096d1ce729469f12e66b2d0d0c677990d06643ff49401ee8fa69f5ed738e9c
-generated: "2026-04-13T20:33:58.123069628Z"
+generated: "2026-04-04T21:02:18.686653-05:00"
--- a/clusters/cl01tl/helm/grafana-operator/Chart.yaml
+++ b/clusters/cl01tl/helm/grafana-operator/Chart.yaml
@@ -24,11 +24,11 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: valkey
    alias: valkey-unified-alerting
-    version: 0.6.1
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
  - name: valkey
    alias: valkey-remote-cache
-    version: 0.6.1
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
 # renovate: datasource=github-releases depName=grafana/grafana-operator
--- a/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
+++ b/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
@@ -244,44 +244,6 @@ spec:
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:
  name: grafana-dashboard-external-dns
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: grafana-dashboard-external-dns
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  instanceSelector:
    matchLabels:
      app: grafana-main
  contentCacheDuration: 6h
  folderUID: grafana-folder-service
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/external-dns.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:
  name: grafana-dashboard-external-secrets
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: grafana-dashboard-external-secrets
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  instanceSelector:
    matchLabels:
      app: grafana-main
  contentCacheDuration: 6h
  folderUID: grafana-folder-service
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/external-secrets.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
@@ -567,25 +529,6 @@ spec:
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:
  name: grafana-dashboard-openbao
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: grafana-dashboard-openbao
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  instanceSelector:
    matchLabels:
      app: grafana-main
  contentCacheDuration: 6h
  folderUID: grafana-folder-platform
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/openbao.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
@@ -624,25 +567,6 @@ spec:
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/vault.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:
  name: grafana-dashboard-unpackerr
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: grafana-dashboard-unpackerr
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  instanceSelector:
    matchLabels:
      app: grafana-main
  contentCacheDuration: 6h
  folderUID: grafana-folder-platform
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/unpackerr.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
@@ -719,25 +643,6 @@ spec:
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/jellyfin.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:
  name: grafana-dashboard-navidrome
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: grafana-dashboard-navidrome
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  instanceSelector:
    matchLabels:
      app: grafana-main
  contentCacheDuration: 6h
  folderUID: grafana-folder-application
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/navidrome.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
@@ -757,25 +662,6 @@ spec:
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:
  name: grafana-dashboard-servarr
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: grafana-dashboard-servarr
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  instanceSelector:
    matchLabels:
      app: grafana-main
  contentCacheDuration: 6h
  folderUID: grafana-folder-application
  resyncPeriod: 6h
  url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/servarr.json
 ---
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
--- a/clusters/cl01tl/helm/harbor/Chart.lock
+++ b/clusters/cl01tl/helm/harbor/Chart.lock
@@ -4,9 +4,9 @@ dependencies:
  version: 1.18.3
 - name: postgres-cluster
  repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
-  version: 7.11.2
+  version: 7.11.1
 - name: valkey
  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 0.6.1
+  version: 0.5.0
-digest: sha256:fc508a58ea7dffe1b92049a89c3fe2f0034d05ecdad38807bb6e02c68a1cb957
+digest: sha256:fb17e2bad9c3a303da2b9d65ee5bd082a58ca6a5cee17d337e2536747982aa2c
-generated: "2026-04-13T20:34:25.515547207Z"
+generated: "2026-03-31T18:38:15.510833-05:00"
--- a/clusters/cl01tl/helm/harbor/Chart.yaml
+++ b/clusters/cl01tl/helm/harbor/Chart.yaml
@@ -20,11 +20,11 @@ dependencies:
    repository: https://helm.goharbor.io
  - name: postgres-cluster
    alias: postgres-18-cluster
-    version: 7.11.2
+    version: 7.11.1
    repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
  - name: valkey
    alias: valkey
-    version: 0.6.1
+    version: 0.5.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
 # renovate: datasource=github-releases depName=goharbor/harbor
--- a/clusters/cl01tl/helm/headlamp/values.yaml
+++ b/clusters/cl01tl/helm/headlamp/values.yaml
@@ -12,6 +12,8 @@ headlamp:
        enabled: true
        name: headlamp-oidc-secret
    watchPlugins: true
    # Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
    sessionTTL: null
  httpRoute:
    enabled: true
    parentRefs:
--- a/clusters/cl01tl/helm/home-assistant/Chart.yaml
+++ b/clusters/cl01tl/helm/home-assistant/Chart.yaml
@@ -24,4 +24,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
 # renovate: datasource=github-releases depName=home-assistant/core
-appVersion: 2026.4.3
+appVersion: 2026.4.1
--- a/clusters/cl01tl/helm/home-assistant/values.yaml
+++ b/clusters/cl01tl/helm/home-assistant/values.yaml
@@ -12,7 +12,7 @@ home-assistant:
        main:
          image:
            repository: ghcr.io/home-assistant/home-assistant
-            tag: 2026.4.3@sha256:ae0800c81fea16bc1241ce03bddb9c6260566e90f58b09d3e5a629e4f68bdc0b
+            tag: 2026.4.1@sha256:8848691147f01a6eee7753de2ade21b04d6168fcd2e2a7089f6f84e3b7b86960
          env:
            - name: TZ
              value: America/Chicago
@@ -23,7 +23,7 @@ home-assistant:
        code-server:
          image:
            repository: ghcr.io/linuxserver/code-server
-            tag: 4.116.0-ls333@sha256:4620adace18935dd6ca79d77e3bc1c379e21875392192f970cf5d6b0fb4aefcd
+            tag: 4.114.1-ls330@sha256:4dabed7dc766d3034778aa648ff6b89f0b04755a069fc1071ac0f22484b7c587
          env:
            - name: TZ
              value: America/Chicago
--- a/clusters/cl01tl/helm/homepage/values.yaml
+++ b/clusters/cl01tl/helm/homepage/values.yaml
@@ -285,11 +285,11 @@ homepage:
                  href: https://searxng.alexlebens.net/
                  siteMonitor: http://searxng-browser.searxng:80
                  statusStyle: dot
-              - Fitness Tracker:
+              - Email:
-                  icon: sh-sparkyfitness.webp
+                  icon: sh-roundcube.webp
-                  description: Sparky Fitness
+                  description: Roundcube
-                  href: https://sparkyfitness.alexlebens.net
+                  href: https://mail.alexlebens.net
-                  siteMonitor: http://sparkyfitness-frontend.sparkyfitness:80
+                  siteMonitor: http://roundcube.roundcube:80
                  statusStyle: dot
              - Documents:
                  icon: sh-paperless-ngx.webp
@@ -387,6 +387,12 @@ homepage:
                      secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }}
                      showStacks: true
                      fields: ["running", "down", "unhealthy", "unknown"]
              - Vulnerability Scanning:
                  icon: https://raw.githubusercontent.com/DependencyTrack/branding/f77a4ad3b469ff656856ea225f26b1610b89a584/dt-logo-symbol.svg
                  description: Dependency Track
                  href: https://dependency-track.alexlebens.net
                  siteMonitor: http://dependency-track-frontend.dependency-track:8080
                  statusStyle: dot
              - Uptime:
                  icon: sh-gatus.webp
                  description: Gatus
@@ -487,13 +493,7 @@ homepage:
                  href: https://authentik.alexlebens.net
                  siteMonitor: http://authentik-server.authentik:80
                  statusStyle: dot
-              - Email Client:
+              - Email:
                  icon: sh-roundcube.webp
                  description: Roundcube
                  href: https://mail.alexlebens.net
                  siteMonitor: http://roundcube.roundcube:80
                  statusStyle: dot
              - Email Server:
                  icon: sh-stalwart.webp
                  description: Stalwart
                  href: https://stalwart.alexlebens.net
@@ -637,18 +637,6 @@ homepage:
                      app.kubernetes.io/instance in (
                          vault
                      )
              - Secrets:
                  icon: sh-openbao.webp
                  description: OpenBao
                  href: https://bao.alexlebens.net
                  siteMonitor: http://openbao.openbao:8200
                  statusStyle: dot
                  namespace: openbao
                  app: openbao
                  podSelector: >-
                      app.kubernetes.io/instance in (
                          openbao
                      )
              - Backups:
                  icon: sh-backrest-light.webp
                  description: Backrest
--- a/clusters/cl01tl/helm/houndarr/Chart.yaml
+++ b/clusters/cl01tl/helm/houndarr/Chart.yaml
@@ -25,4 +25,4 @@ dependencies:
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
 # renovate: datasource=github-releases depName=av1155/houndarr
-appVersion: v1.9.0
+appVersion: v1.7.0
--- a/clusters/cl01tl/helm/houndarr/values.yaml
+++ b/clusters/cl01tl/helm/houndarr/values.yaml
@@ -8,7 +8,7 @@ houndarr:
        main:
          image:
            repository: ghcr.io/av1155/houndarr
-            tag: v1.9.0@sha256:2a9c9e0de43412f683f00cce6f5d0f3e059b27e50350434ae4029ade720e85a0
+            tag: v1.7.0@sha256:8ae2a8b86497cbc54d11591c12220f3be3319039c2bdd0c8b041b2b7c2fd7943
          env:
            - name: TZ
              value: America/Chicago
--- a/Show More
+++ b/Show More