chore(deps): update cilium to v1.19.2

chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.8.0 (#5123 )
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [harbor.alexlebens.net/images/site-documentation](https://gitea.alexlebens.dev/alexlebens/site-documentation) | minor | `0.7.0` → `0.8.0` | --- ### Release Notes <details> <summary>alexlebens/site-documentation (harbor.alexlebens.net/images/site-documentation)</summary> ### [`v0.8.0`](https://gitea.alexlebens.dev/alexlebens/site-documentation/releases/tag/0.8.0) [Compare Source](https://gitea.alexlebens.dev/alexlebens/site-documentation/compare/0.7.0...0.8.0) ### [0.8.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.7.0...0.8.0) (2026-03-25) ##### Features - add more apps ([c69fde3](c69fde38f9)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: #5123 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
2026-03-25 02:59:01 +00:00 · 2026-03-25 02:57:23 +00:00 · 2026-03-25 02:54:14 +00:00 · 2026-03-25 01:39:27 +00:00 · 2026-03-25 00:56:32 +00:00 · 2026-03-24 19:53:16 -05:00
26 changed files with 166 additions and 307 deletions
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -13,7 +13,7 @@ on:
 jobs:
  renovate:
    runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:43.89.2@sha256:a823bf9ff1f04c31d46267b78330e06f802dbf6e1af899e21c6a8e3197d45354
+    container: ghcr.io/renovatebot/renovate:43.89.3@sha256:95ef56f2595ea6ee1acac7c9ef6c8e2112a9be0699a42df9921310923aed7167
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
--- a/clusters/cl01tl/helm/argocd/values.yaml
+++ b/clusters/cl01tl/helm/argocd/values.yaml
@@ -91,7 +91,7 @@ argo-cd:
    enabled: true
    image:
      repository: redis
-      tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
+      tag: 8.6.2-alpine@sha256:81b6f81d6a6c5b9019231a2e8eb10085e3a139a34f833dcc965a8a959b040b72
    persistentVolume:
      enabled: true
    redis:
--- a/clusters/cl01tl/helm/cert-manager/Chart.yaml
+++ b/clusters/cl01tl/helm/cert-manager/Chart.yaml
@@ -5,8 +5,7 @@ description: Cert Manager
 keywords:
  - cert-manager
  - certificates
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/368fe718-eedb-40e0-a5a7-fad03cdc6b09
+home: https://docs.alexlebens.dev/applications/cert-manager/
 sources:
  - https://github.com/cert-manager/cert-manager
  - https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager
@@ -16,6 +15,6 @@ dependencies:
  - name: cert-manager
    version: v1.20.0
    repository: https://charts.jetstack.io
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
+icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
 # renovate: datasource=github-releases depName=cert-manager/cert-manager
 appVersion: v1.20.0
--- a/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
+++ b/clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
@@ -2,6 +2,11 @@ apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-issuer
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: letsencrypt-issuer
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  acme:
    email: alexanderlebens@gmail.com
--- a/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
@@ -14,8 +14,5 @@ spec:
  data:
    - secretKey: api-token
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cloudflare/alexlebens.net/clusterissuer
-        metadataPolicy: None
        property: token
--- a/clusters/cl01tl/helm/cert-manager/values.yaml
+++ b/clusters/cl01tl/helm/cert-manager/values.yaml
@@ -3,10 +3,16 @@ cert-manager:
    enabled: true
    keep: true
  replicaCount: 2
+  podDisruptionBudget:
+    enabled: true
+    minAvailable: 1
  extraArgs:
    - --enable-gateway-api
+  resources:
+    requests:
+      cpu: 10m
+      memory: 64Mi
  prometheus:
-    enabled: true
    servicemonitor:
      enabled: true
      honorLabels: true
--- a/clusters/cl01tl/helm/cilium/Chart.lock
+++ b/clusters/cl01tl/helm/cilium/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: cilium
  repository: https://helm.cilium.io/
-  version: 1.18.6
-digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
-generated: "2026-02-05T12:00:20.15778-06:00"
+  version: 1.19.2
+digest: sha256:11f8eef4733b70c2b9a91ce39fe3c1ea1ad3fa3c46750efb015e03ff6ea3655b
+generated: "2026-03-25T02:58:57.58573105Z"
--- a/clusters/cl01tl/helm/cilium/Chart.yaml
+++ b/clusters/cl01tl/helm/cilium/Chart.yaml
@@ -4,18 +4,17 @@ version: 1.0.0
 description: Cilium
 keywords:
  - cilium
-  - cni
+  - operator
  - network
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/9e6f5b17-e186-4af0-81cd-af647b162d3d
+home: https://docs.alexlebens.dev/applications/cilium/
 sources:
  - https://github.com/cilium/cilium
-  - https://github.com/cilium/charts
+  - https://github.com/cilium/cilium/tree/main/install/kubernetes/cilium
 maintainers:
  - name: alexlebens
 dependencies:
  - name: cilium
-    version: 1.18.6
+    version: 1.19.2
    repository: https://helm.cilium.io/
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
 # renovate: datasource=github-releases depName=cilium/cilium
--- a/clusters/cl01tl/helm/cilium/values.yaml
+++ b/clusters/cl01tl/helm/cilium/values.yaml
@@ -25,36 +25,24 @@ cilium:
        - NET_ADMIN
        - SYS_ADMIN
        - SYS_RESOURCE
-  l2announcements:
-    enabled: false
  bgpControlPlane:
    enabled: false
-    secretsNamespace:
-      name: kube-system
-    statusReport:
-      enabled: true
-    routerIDAllocation:
-      mode: "default"
  bpf:
    hostLegacyRouting: true
  devices: end0 enp6s0
  ciliumEndpointSlice:
    enabled: true
-  ingressController:
-    enabled: false
  gatewayAPI:
    enabled: true
-    enableAlpn: true
    enableAppProtocol: true
-    gatewayClass:
-      create: auto
-  externalIPs:
-    enabled: true
+    enableAlpn: true
+    secretsNamespace:
+      create: false
+      name: kube-system
  socketLB:
    enabled: true
    hostNamespaceOnly: true
  hubble:
-    enabled: true
    metrics:
      serviceMonitor:
        enabled: true
@@ -68,8 +56,6 @@ cilium:
          enabled: true
    ui:
      enabled: true
-      ingress:
-        enabled: false
  ipam:
    mode: "kubernetes"
  ipv4:
@@ -77,12 +63,11 @@ cilium:
  ipv6:
    enabled: false
  kubeProxyReplacement: true
-  l7Proxy: true
  prometheus:
    enabled: true
    serviceMonitor:
-      trustCRDsExist: true
      enabled: true
+      trustCRDsExist: true
  envoy:
    enabled: true
    securityContext:
@@ -94,14 +79,11 @@ cilium:
          - PERFMON
          - BPF
    prometheus:
-      enabled: true
      serviceMonitor:
        enabled: true
  operator:
-    enabled: true
    rollOutPods: true
    prometheus:
-      enabled: true
      serviceMonitor:
        enabled: true
  cgroup:
--- a/clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
+++ b/clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
@@ -6,10 +6,11 @@ keywords:
  - cloudnative-pg
  - operator
  - postgresql
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/9fb10833-0278-4e64-a34c-d348d833839f
+home: https://docs.alexlebens.dev/applications/cloudnative-pg/
 sources:
  - https://github.com/cloudnative-pg/cloudnative-pg
+  - https://github.com/cloudnative-pg/plugin-barman-cloud
+  - https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
  - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
  - https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
 maintainers:
@@ -21,6 +22,6 @@ dependencies:
  - name: plugin-barman-cloud
    version: 0.5.0
    repository: https://cloudnative-pg.io/charts/
-icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
+icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
 # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
 appVersion: 1.28.1
--- a/clusters/cl01tl/helm/cloudnative-pg/values.yaml
+++ b/clusters/cl01tl/helm/cloudnative-pg/values.yaml
@@ -1,16 +1,16 @@
 cloudnative-pg:
  replicaCount: 2
+  resources:
+    requests:
+      cpu: 10m
+      memory: 64Mi
  monitoring:
    podMonitorEnabled: true
 plugin-barman-cloud:
  replicaCount: 1
-  image:
-    registry: ghcr.io
-    repository: cloudnative-pg/plugin-barman-cloud
-    tag: v0.11.0
-  sidecarImage:
-    registry: ghcr.io
-    repository: cloudnative-pg/plugin-barman-cloud-sidecar
-    tag: v0.11.0
  crds:
    create: true
+  resources:
+    requests:
+      cpu: 10m
+      memory: 64Mi
--- a/clusters/cl01tl/helm/code-server/Chart.yaml
+++ b/clusters/cl01tl/helm/code-server/Chart.yaml
@@ -5,14 +5,14 @@ description: Code Server
 keywords:
  - code-server
  - code
-  - ide
-home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
+home: https://docs.alexlebens.dev/applications/code-server/
 sources:
  - https://github.com/coder/code-server
-  - https://github.com/cloudflare/cloudflared
-  - https://hub.docker.com/r/linuxserver/code-server
+  - https://github.com/linuxserver/docker-code-server
+  - https://github.com/linuxserver/docker-code-server/pkgs/container/code-server
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
@@ -28,5 +28,5 @@ dependencies:
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
-# renovate: datasource=github-releases depName=linuxserver/docker-code-server
-appVersion: 4.108.1
+# renovate: datasource=github-releases depName=coder/code-server
+appVersion: 4.112.0
--- a/clusters/cl01tl/helm/code-server/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/code-server/templates/external-secret.yaml
@@ -14,15 +14,9 @@ spec:
  data:
    - secretKey: PASSWORD
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/code-server/auth
-        metadataPolicy: None
        property: PASSWORD
    - secretKey: SUDO_PASSWORD
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/code-server/auth
-        metadataPolicy: None
        property: SUDO_PASSWORD
--- a/clusters/cl01tl/helm/code-server/values.yaml
+++ b/clusters/cl01tl/helm/code-server/values.yaml
@@ -4,16 +4,18 @@ code-server:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
+      pod:
+        securityContext:
+          fsGroup: 1000
+          fsGroupChangePolicy: OnRootMismatch
      containers:
        main:
          image:
            repository: ghcr.io/linuxserver/code-server
            tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
-            pullPolicy: IfNotPresent
          env:
            - name: TZ
-              value: US/Central
+              value: America/Chicago
            - name: PUID
              value: 1000
            - name: PGID
@@ -26,7 +28,7 @@ code-server:
          resources:
            requests:
              cpu: 10m
-              memory: 128Mi
+              memory: 80Mi
  service:
    main:
      controller: main
@@ -47,11 +49,8 @@ code-server:
        - code-server.alexlebens.net
      rules:
        - backendRefs:
-            - group: ''
-              kind: Service
-              name: code-server
+            - name: code-server
              port: 8443
-              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -62,7 +61,6 @@ code-server:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 2Gi
-      retain: true
      advancedMounts:
        main:
          main:
--- a/clusters/cl01tl/helm/coredns/Chart.yaml
+++ b/clusters/cl01tl/helm/coredns/Chart.yaml
@@ -5,9 +5,7 @@ description: CoreDNS
 keywords:
  - coredns
  - dns
-  - network
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/
+home: https://docs.alexlebens.dev/applications/coredns/
 sources:
  - https://github.com/coredns/coredns
  - https://github.com/coredns/helm
@@ -17,6 +15,6 @@ dependencies:
  - name: coredns
    version: 1.45.2
    repository: https://coredns.github.io/helm
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
+icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png
 # renovate: datasource=github-releases depName=coredns/coredns
 appVersion: v1.14.2
--- a/clusters/cl01tl/helm/coredns/values.yaml
+++ b/clusters/cl01tl/helm/coredns/values.yaml
@@ -1,23 +1,18 @@
 coredns:
  image:
    repository: registry.k8s.io/coredns/coredns
-    tag: v1.14.2
+    tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9
  replicaCount: 3
  resources:
+    limits:
+      cpu: null
+      memory: null
    requests:
-      cpu: 50m
-      memory: 128Mi
-  rollingUpdate:
-    maxUnavailable: 1
-    maxSurge: 25%
-  terminationGracePeriodSeconds: 30
-  serviceType: "ClusterIP"
+      cpu: 20m
+      memory: 32Mi
  prometheus:
    service:
      enabled: true
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "9153"
    monitor:
      enabled: true
      namespace: kube-system
@@ -29,18 +24,7 @@ coredns:
  serviceAccount:
    create: true
    name: coredns
-  rbac:
-    create: true
-  isClusterService: true
  priorityClassName: system-cluster-critical
-  securityContext:
-    capabilities:
-      add:
-        - NET_BIND_SERVICE
-      drop:
-        - ALL
-    readOnlyRootFilesystem: true
-    allowPrivilegeEscalation: false
  servers:
    - zones:
        - zone: .
@@ -77,6 +61,8 @@ coredns:
        - name: errors
        - name: cache
          parameters: 30
+        - name: prometheus
+          parameters: :9153
        - name: forward
          parameters: . 10.111.232.172
    - zones:
@@ -88,6 +74,8 @@ coredns:
        - name: errors
        - name: cache
          parameters: 30
+        - name: prometheus
+          parameters: :9153
        - name: forward
          parameters: . 10.97.20.219
  nodeSelector:
@@ -100,6 +88,4 @@ coredns:
      operator: Exists
      effect: NoSchedule
  deployment:
-    skipConfig: false
-    enabled: true
    name: coredns
--- a/clusters/cl01tl/helm/dawarich/Chart.yaml
+++ b/clusters/cl01tl/helm/dawarich/Chart.yaml
@@ -5,10 +5,13 @@ description: Dawarich
 keywords:
  - dawarich
  - location
-home: https://wiki.alexlebens.dev/s/
+home: https://docs.alexlebens.dev/applications/dawarich/
 sources:
  - https://github.com/Freika/dawarich
+  - https://hub.docker.com/r/freikin/dawarich
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
 maintainers:
  - name: alexlebens
 dependencies:
--- a/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
@@ -14,10 +14,7 @@ spec:
  data:
    - secretKey: key
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/dawarich/key
-        metadataPolicy: None
        property: key

 ---
@@ -37,15 +34,9 @@ spec:
  data:
    - secretKey: client
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/dawarich
-        metadataPolicy: None
        property: client
    - secretKey: secret
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/dawarich
-        metadataPolicy: None
        property: secret
--- a/clusters/cl01tl/helm/dawarich/values.yaml
+++ b/clusters/cl01tl/helm/dawarich/values.yaml
@@ -4,15 +4,20 @@ dawarich:
      type: deployment
      replicas: 1
      strategy: Recreate
-      revisionHistoryLimit: 3
      containers:
        main:
          image:
            repository: freikin/dawarich
-            tag: 1.4.0
-            pullPolicy: IfNotPresent
-          command: ["web-entrypoint.sh"]
-          args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
+            tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
+          command:
+            - "web-entrypoint.sh"
+          args:
+            - "bin/rails"
+            - "server"
+            - "-p"
+            - "3000"
+            - "-b"
+            - "::"
          env:
            - name: RAILS_ENV
              value: production
@@ -86,14 +91,14 @@ dawarich:
              value: true
          probes:
            liveness:
-              enabled: false
+              enabled: true
              custom: true
              spec:
                exec:
                  command:
                    - /bin/sh
                    - -c
-                    - wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
+                    - "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'"
                failureThreshold: 5
                initialDelaySeconds: 60
                periodSeconds: 10
@@ -102,14 +107,15 @@ dawarich:
          resources:
            requests:
              cpu: 10m
-              memory: 128Mi
+              memory: 750Mi
        sidekiq:
          image:
            repository: freikin/dawarich
-            tag: 1.4.0
-            pullPolicy: IfNotPresent
-          command: ["sidekiq-entrypoint.sh"]
-          args: ["sidekiq"]
+            tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
+          command:
+            - "sidekiq-entrypoint.sh"
+          args:
+            - "sidekiq"
          env:
            - name: RAILS_ENV
              value: production
@@ -185,23 +191,19 @@ dawarich:
              value: true
          probes:
            liveness:
-              enabled: false
+              enabled: true
              custom: true
              spec:
                exec:
                  command:
-                    - /bin/sh
-                    - -c
-                    - pgrep -f sidekiq
+                    - pgrep
+                    - -f
+                    - sidekiq
                failureThreshold: 5
                initialDelaySeconds: 60
                periodSeconds: 10
                successThreshold: 1
                timeoutSeconds: 10
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
  service:
    main:
      controller: main
@@ -238,11 +240,8 @@ dawarich:
        - dawarich.alexlebens.net
      rules:
        - backendRefs:
-            - group: ""
-              kind: Service
-              name: dawarich
+            - name: dawarich
              port: 80
-              weight: 100
          matches:
            - path:
                type: PathPrefix
@@ -253,7 +252,6 @@ dawarich:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
-      retain: true
      advancedMounts:
        main:
          main:
@@ -267,7 +265,6 @@ dawarich:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
-      retain: true
      advancedMounts:
        main:
          main:
@@ -281,7 +278,6 @@ dawarich:
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 1Gi
-      retain: true
      advancedMounts:
        main:
          main:
@@ -313,32 +309,9 @@ postgres-18-cluster:
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
-      # - name: garage-remote
-      #   index: 1
-      #   destinationBucket: postgres-backups
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "90d"
-      #   data:
-      #     compression: bzip2
-      # - name: external
-      #   index: 1
-      #   endpointURL: https://nyc3.digitaloceanspaces.com
-      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 10 14 * * *"
        backupName: garage-local
-      # - name: weekly-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 4 * * SAT"
-      #   backupName: garage-remote
-      # - name: daily-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
--- a/clusters/cl01tl/helm/homepage/values.yaml
+++ b/clusters/cl01tl/helm/homepage/values.yaml
@@ -40,20 +40,6 @@ homepage:
            html {
                font-size: 18px;
            }
-            ul#myTab {
-                background-color: rgba(240, 230, 215, 0.12) !important;
-                color: white !important;
-            }
-            li.service div.service-card,
-            li.bookmark a.rounded-md {
-                color: white !important;
-                background-color: rgba(240, 230, 215, 0.12) !important;
-                transition: all 150ms ease !important;
-            }
-            li.service div.service-card:hover,
-            li.bookmark a.rounded-md:hover {
-                background-color: rgba(240, 230, 215, 0.18) !important;
-            }
        docker.yaml: ""
        kubernetes.yaml: |
          mode: cluster
--- a/clusters/cl01tl/helm/music-grabber/values.yaml
+++ b/clusters/cl01tl/helm/music-grabber/values.yaml
@@ -9,7 +9,7 @@ music-grabber:
        main:
          image:
            repository: g33kphr33k/musicgrabber
-            tag: 2.5.1
+            tag: 2.5.2
            pullPolicy: IfNotPresent
          env:
            - name: MUSIC_DIR
--- a/clusters/cl01tl/helm/rook-ceph/Chart.lock
+++ b/clusters/cl01tl/helm/rook-ceph/Chart.lock
@@ -1,12 +1,9 @@
 dependencies:
 - name: rook-ceph
  repository: https://charts.rook.io/release
-  version: v1.19.2
+  version: v1.19.3
 - name: rook-ceph-cluster
  repository: https://charts.rook.io/release
-  version: v1.19.2
- name: cloudflared
-  repository: oci://harbor.alexlebens.net/helm-charts
-  version: 2.4.0
-digest: sha256:4bd2987d8b6b91e0c4dc026c5d20419c69bd81c82063d7850bbfe8d7dbea3b82
-generated: "2026-03-09T22:05:44.444530464Z"
+  version: v1.19.3
+digest: sha256:f485e0ac0fe7a70972491078f37b8be4aff2c6dfa7346bdb18d296f1dbd15b1e
+generated: "2026-03-24T22:57:30.323965591Z"
--- a/clusters/cl01tl/helm/rook-ceph/Chart.yaml
+++ b/clusters/cl01tl/helm/rook-ceph/Chart.yaml
@@ -16,11 +16,11 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: rook-ceph
-    version: v1.19.2
+    version: v1.19.3
    repository: https://charts.rook.io/release
  - name: rook-ceph-cluster
-    version: v1.19.2
+    version: v1.19.3
    repository: https://charts.rook.io/release
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
 # renovate: datasource=github-releases depName=rook/rook
-appVersion: v1.19.2
+appVersion: v1.19.3
--- a/clusters/cl01tl/helm/site-documentation/values.yaml
+++ b/clusters/cl01tl/helm/site-documentation/values.yaml
@@ -11,7 +11,7 @@ site-documentation:
        main:
          image:
            repository: harbor.alexlebens.net/images/site-documentation
-            tag: 0.6.0
+            tag: 0.8.0
            pullPolicy: IfNotPresent
          resources:
            requests:
--- a/clusters/cl01tl/helm/talos/values.yaml
+++ b/clusters/cl01tl/helm/talos/values.yaml
@@ -405,7 +405,7 @@ etcd-defrag:
        main:
          image:
            repository: ghcr.io/siderolabs/talosctl
-            tag: v1.12.5
+            tag: v1.12.6
            pullPolicy: IfNotPresent
          args:
            - etcd
@@ -438,7 +438,7 @@ etcd-defrag:
        main:
          image:
            repository: ghcr.io/siderolabs/talosctl
-            tag: v1.12.5
+            tag: v1.12.6
            pullPolicy: IfNotPresent
          args:
            - etcd
@@ -471,7 +471,7 @@ etcd-defrag:
        main:
          image:
            repository: ghcr.io/siderolabs/talosctl
-            tag: v1.12.5
+            tag: v1.12.6
            pullPolicy: IfNotPresent
          args:
            - etcd
--- a/renovate.json
+++ b/renovate.json
@@ -3,7 +3,10 @@
  "extends": [
    "config:recommended",
    "mergeConfidence:all-badges",
-    ":rebaseStalePrs"
+    ":rebaseStalePrs",
+    "group:recommended",
+    "group:monorepos",
+    "group:kubernetesMonorepo"
  ],
  "timezone": "America/Chicago",
  "labels": [],
@@ -71,28 +74,50 @@
      "enabled": false
    },
    {
-      "description": "Label charts",
+      "description": "Label by datasource",
      "matchDatasources": [
+        "helm",
+        "docker",
+        "github-actions"
+      ],
+      "addLabels": [
+        "{{{datasource}}}"
+      ],
+      "automerge": false
+    },
+    {
+      "description": "Automerge helm chart lock files",
+      "matchManagers": [
        "helm"
      ],
+      "lockFileMaintenance": {
+        "enabled": true
+      },
      "addLabels": [
-        "chart"
+        "automerge"
      ],
-      "automerge": false
+      "automerge": true,
+      "automergeType": "branch"
    },
    {
-      "description": "Label images",
+      "description": "Automerge patches",
+      "matchUpdateTypes": [
+        "patch",
+        "pinDigest"
+      ],
      "matchDatasources": [
-        "docker"
+        "helm",
+        "docker",
+        "github-actions"
      ],
      "addLabels": [
-        "image"
+        "automerge"
      ],
-      "automerge": false
+      "automerge": true,
+      "minimumReleaseAge": "1 days"
    },
-
    {
-      "description": "Label appVersion and images, merged",
+      "description": "Label appVersion and images, grouped",
      "matchManagers": [
        "custom.regex",
        "helm-values"
@@ -105,7 +130,7 @@
      "automerge": false
    },
    {
-      "description": "Automerge appVersion and images, merged",
+      "description": "Automerge appVersion and images, grouped",
      "matchUpdateTypes": [
        "patch",
        "pinDigest"
@@ -117,57 +142,42 @@
      "groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
      "groupSlug": "unified-{{{groupName}}}",
      "addLabels": [
-        "image",
        "automerge"
      ],
      "automerge": true,
      "minimumReleaseAge": "1 days"
    },
    {
-      "description": "Automerge digests for actions",
-      "matchManagers": [
-        "github-actions"
-      ],
-      "matchUpdateTypes": [
-        "digest"
-      ],
-      "addLabels": [
-        "actions",
-        "automerge"
-      ],
-      "enabled": true,
-      "automerge": true,
-      "minimumReleaseAge": "1 days"
+      "description": "Group apps by their keyword",
+      "groupName": "{{{replace '^.*(dawarich|komodo|immich|home-assistant|element-web|cilium).*$' '$1' depName}}}",
+      "groupSlug": "unified-{{{groupName}}}",
+      "matchPackageNames": [
+        "/(^|/)(?<appName>dawarich|komodo|immich|home-assistant|element-web|cilium)/"
+      ]
    },
    {
-      "description": "Automerge helm chart lock files",
-      "matchManagers": [
-        "helm"
-      ],
-      "lockFileMaintenance": {
-        "enabled": true
-      },
-      "addLabels": [
-        "chart",
-        "automerge"
-      ],
-      "automerge": true,
-      "automergeType": "branch"
+      "description": "Group Bazarr dependencies",
+      "groupName": "bazarr",
+      "groupSlug": "unified-bazarr",
+      "matchPackageNames": [
+        "bazarr$"
+      ]
    },
    {
-      "description": "Automerge chart patches",
-      "matchUpdateTypes": [
-        "patch"
-      ],
-      "matchDatasources": [
-        "helm"
-      ],
-      "addLabels": [
-        "chart",
-        "automerge"
-      ],
-      "automerge": true,
-      "minimumReleaseAge": "1 days"
+      "description": "Group Code Server dependencies",
+      "groupName": "code-server",
+      "groupSlug": "unified-code-server",
+      "matchPackageNames": [
+        "code-server$"
+      ]
+    },
+    {
+      "description": "Group Rook-Ceph dependencies",
+      "groupName": "rook-ceph",
+      "groupSlug": "unified-rook-ceph",
+      "matchPackageNames": [
+        "/^rook(-ceph|\\/rook|\\/ceph)/"
+      ]
    },
    {
      "description": "Automerge digest updates, specific packages",
@@ -181,28 +191,11 @@
        "searxng/searxng"
      ],
      "addLabels": [
-        "image",
        "automerge"
      ],
      "enabled": true,
      "automerge": true
    },
-    {
-      "description": "Automerge image patches",
-      "matchUpdateTypes": [
-        "patch",
-        "pinDigest"
-      ],
-      "matchDatasources": [
-        "docker"
-      ],
-      "addLabels": [
-        "image",
-        "automerge"
-      ],
-      "automerge": true,
-      "minimumReleaseAge": "1 days"
-    },
    {
      "description": "Automerge images, specific packages",
      "matchUpdateTypes": [
@@ -217,58 +210,9 @@
        "ghcr.io/prometheus-community/charts/kube-prometheus-stack"
      ],
      "addLabels": [
-        "image",
        "automerge"
      ],
      "automerge": true
-    },
-    {
-      "description": "Group Dawarich dependencies",
-      "groupName": "dawarich",
-      "groupSlug": "unified-dawarich",
-      "matchPackageNames": [
-        "/^(ghcr\\.io/|docker\\.io/)?(freika|freikin)/dawarich/"
-      ]
-    },
-    {
-      "description": "Group Komodo dependencies",
-      "groupName": "komodo",
-      "groupSlug": "unified-komodo",
-      "matchPackageNames": [
-        "/^moghtech/komodo/",
-        "/^ghcr\\.io/moghtech/komodo/",
-        "/^docker\\.io/moghtech/komodo/"
-      ]
-    },
-    {
-      "description": "Group Immich dependencies",
-      "groupName": "immich",
-      "groupSlug": "unified-immich",
-      "matchPackageNames": [
-        "/^immich-app/immich/",
-        "/^ghcr\\.io/immich-app/immich/",
-        "/^docker\\.io/immich-app/immich/"
-      ]
-    },
-    {
-      "description": "Group Home Assistant dependencies",
-      "groupName": "home-assistant",
-      "groupSlug": "unified-home-assistant",
-      "matchPackageNames": [
-        "/^home-assistant//",
-        "/^ghcr\\.io/home-assistant//",
-        "/^docker\\.io/home-assistant//"
-      ]
-    },
-    {
-      "description": "Group Element Web updates",
-      "groupName": "element-web",
-      "groupSlug": "unified-element-web",
-      "matchPackageNames": [
-        "/element-web/",
-        "/vectorim/element-web/",
-        "/element-hq/element-web/"
-      ]
    }
  ]
 }
Author	SHA1	Message	Date
Renovate Bot	1b2c9b021a	chore(deps): update cilium to v1.19.2 All checks were successful lint-test-helm / lint-helm (pull_request) Successful in 12s Details lint-test-helm / validate-kubeconform (pull_request) Successful in 21s Details	2026-03-25 02:59:01 +00:00
Renovate Bot	a826c2d629	chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.8.0 (#5123 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 12s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m55s Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [harbor.alexlebens.net/images/site-documentation](https://gitea.alexlebens.dev/alexlebens/site-documentation) \| minor \| `0.7.0` → `0.8.0` \| --- ### Release Notes <details> <summary>alexlebens/site-documentation (harbor.alexlebens.net/images/site-documentation)</summary> ### [`v0.8.0`](https://gitea.alexlebens.dev/alexlebens/site-documentation/releases/tag/0.8.0) [Compare Source](https://gitea.alexlebens.dev/alexlebens/site-documentation/compare/0.7.0...0.8.0) ### [0.8.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.7.0...0.8.0) (2026-03-25) ##### Features - add more apps ([c69fde3](`c69fde38f9`)) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44OS4zIiwidXBkYXRlZEluVmVyIjoiNDMuODkuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIiwiaW1hZ2UiXX0=--> Reviewed-on: #5123 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-25 02:57:23 +00:00
Alex Lebens	d5d571b115	feat: change css (#5121 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 1m38s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m30s Details Reviewed-on: #5121	2026-03-25 02:54:14 +00:00
Alex Lebens	dcf6944e61	feat: refactor more (#5119 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 33s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 1m26s Details Reviewed-on: #5119	2026-03-25 01:39:27 +00:00
Renovate Bot	e43c77295e	chore(config): migrate Renovate config (#5118 ) All checks were successful renovate / renovate (push) Successful in 1m11s Details The Renovate config in this repository needs migrating. Typically this is because one or more configuration options you are using have been renamed. You don't need to merge this PR right away, because Renovate will continue to migrate these fields internally each time it runs. But later some of these fields may be fully deprecated and the migrations removed. So it's a good idea to merge this migration PR soon. 🔕 Ignore: Close this PR and you won't be reminded about config migration again, but one day your current config may no longer be valid. ❓ Got questions? Does something look wrong to you? Please don't hesitate to [request help here](https://github.com/renovatebot/renovate/discussions). --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: #5118 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-25 00:56:32 +00:00
Alex Lebens	26438bd165	ci: change group name All checks were successful renovate / renovate (push) Successful in 2m19s Details	2026-03-24 19:53:16 -05:00
Renovate Bot	0bffaad9af	chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.7.0 (#5113 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 25s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m24s Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [harbor.alexlebens.net/images/site-documentation](https://gitea.alexlebens.dev/alexlebens/site-documentation) \| minor \| `0.6.0` → `0.7.0` \| --- ### Release Notes <details> <summary>alexlebens/site-documentation (harbor.alexlebens.net/images/site-documentation)</summary> ### [`v0.7.0`](https://gitea.alexlebens.dev/alexlebens/site-documentation/releases/tag/0.7.0) [Compare Source](https://gitea.alexlebens.dev/alexlebens/site-documentation/compare/0.6.0...0.7.0) ### [0.7.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.6.0...0.7.0) (2026-03-25) ##### Features - add more apps ([8e49a12](`8e49a12511`)) - change schedule ([4077d32](`4077d3289c`)) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44OS4zIiwidXBkYXRlZEluVmVyIjoiNDMuODkuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIiwiaW1hZ2UiXX0=--> Reviewed-on: #5113 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-25 00:49:21 +00:00
Alex Lebens	f141c81da9	feat: scale down to 1 (#5115 ) Some checks failed renovate / renovate (push) Failing after 1s Details lint-test-helm / lint-helm (push) Successful in 24s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details Reviewed-on: #5115	2026-03-25 00:47:07 +00:00
Alex Lebens	de15ff8f54	ci: rearrange and combine All checks were successful renovate / renovate (push) Successful in 2m27s Details	2026-03-24 19:42:56 -05:00
Alex Lebens	673377e300	feat: refactor (#5110 ) All checks were successful lint-test-helm / lint-helm (push) Successful in 14s Details lint-test-helm / validate-kubeconform (push) Has been skipped Details renovate / renovate (push) Successful in 2m29s Details Reviewed-on: #5110	2026-03-25 00:13:09 +00:00
Renovate Bot	82e4d5b389	chore(config): migrate Renovate config (#5102 ) All checks were successful renovate / renovate (push) Successful in 4m43s Details The Renovate config in this repository needs migrating. Typically this is because one or more configuration options you are using have been renamed. You don't need to merge this PR right away, because Renovate will continue to migrate these fields internally each time it runs. But later some of these fields may be fully deprecated and the migrations removed. So it's a good idea to merge this migration PR soon. 🔕 Ignore: Close this PR and you won't be reminded about config migration again, but one day your current config may no longer be valid. ❓ Got questions? Does something look wrong to you? Please don't hesitate to [request help here](https://github.com/renovatebot/renovate/discussions). --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: #5102 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>	2026-03-24 23:00:06 +00:00
Renovate Bot	637eec39ae	chore(deps): update rook-ceph to v1.19.3 (#5101 ) Some checks failed lint-test-helm / lint-helm (push) Successful in 1m16s Details renovate / renovate (push) Has been cancelled Details lint-test-helm / validate-kubeconform (push) Has been skipped Details	2026-03-24 22:57:44 +00:00
Renovate Bot	eb8eeb6477	chore(deps): update redis docker tag to v8.6.2 (#5100 ) Some checks failed lint-test-helm / lint-helm (push) Has been cancelled Details lint-test-helm / validate-kubeconform (push) Has been cancelled Details renovate / renovate (push) Has been cancelled Details	2026-03-24 22:57:24 +00:00
Renovate Bot	ba0461f9e0	chore(deps): update ghcr.io/siderolabs/talosctl docker tag to v1.12.6 (#5099 ) Some checks failed lint-test-helm / validate-kubeconform (push) Has been cancelled Details lint-test-helm / lint-helm (push) Has been cancelled Details renovate / renovate (push) Has been cancelled Details	2026-03-24 22:57:09 +00:00
Renovate Bot	bddeffd721	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.89.3 (#5098 ) Some checks failed renovate / renovate (push) Has been cancelled Details	2026-03-24 22:56:48 +00:00
Renovate Bot	aa4c940d72	chore(deps): update g33kphr33k/musicgrabber docker tag to v2.5.2 (#5097 ) Some checks failed renovate / renovate (push) Has been cancelled Details lint-test-helm / validate-kubeconform (push) Has been cancelled Details lint-test-helm / lint-helm (push) Has started running Details	2026-03-24 22:56:28 +00:00
Alex Lebens	b6b8703f7e	ci: change rook group All checks were successful renovate / renovate (push) Successful in 2m56s Details	2026-03-24 17:49:47 -05:00
Alex Lebens	4812f72df8	ci: group rook All checks were successful renovate / renovate (push) Successful in 2m52s Details	2026-03-24 17:20:17 -05:00