diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets.yaml
new file mode 100644
index 000000000..0dc62650f
--- /dev/null
+++ b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-secrets
+  namespace: external-secrets
+  labels:
+    app.kubernetes.io/name: external-secrets
+    app.kubernetes.io/instance: external-secrets
+    app.kubernetes.io/part-of: external-secrets
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - kind: ServiceAccount
+    name: external-secrets
+    namespace: external-secrets
diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterSecretStore-openbao.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterSecretStore-openbao.yaml
new file mode 100644
index 000000000..19148353f
--- /dev/null
+++ b/clusters/cl01tl/manifests/external-secrets/ClusterSecretStore-openbao.yaml
@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: openbao
+  namespace: external-secrets
+  labels:
+    app.kubernetes.io/name: openbao
+    app.kubernetes.io/instance: external-secrets
+    app.kubernetes.io/part-of: external-secrets
+spec:
+  provider:
+    vault:
+      server: http://openbao-internal.openbao:8200
+      path: secret
+      version: v2
+      auth:
+        kubernetes:
+          mountPath: kubernetes
+          role: external-secrets
+          serviceAccountRef:
+            name: external-secrets
+            audiences:
+              - openbao
diff --git a/clusters/cl01tl/manifests/foldergram/PersistentVolumeClaim-foldergram-data.yaml b/clusters/cl01tl/manifests/foldergram/PersistentVolumeClaim-foldergram-data.yaml
index 5738349b0..8bd7afc40 100644
--- a/clusters/cl01tl/manifests/foldergram/PersistentVolumeClaim-foldergram-data.yaml
+++ b/clusters/cl01tl/manifests/foldergram/PersistentVolumeClaim-foldergram-data.yaml
@@ -13,5 +13,5 @@ spec:
     - "ReadWriteOnce"
   resources:
     requests:
-      storage: "150Gi"
+      storage: "250Gi"
   storageClassName: "synology-iscsi-delete"
diff --git a/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-1.yaml b/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-1.yaml
index f58582b5d..c80b9ba50 100644
--- a/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-1.yaml
+++ b/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-1.yaml
@@ -50,7 +50,7 @@ spec:
               value: 24h
             - name: OLLAMA_HOST
               value: 0.0.0.0
-          image: ollama/ollama:0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
+          image: ollama/ollama:0.21.0@sha256:d3d553bdfbcc7f55dd5ddf42c4cbe3a927aa9bb1802710d35e94656ca5aea02b
           name: main
           resources:
             limits:
diff --git a/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-2.yaml b/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-2.yaml
index b9145527f..887f060aa 100644
--- a/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-2.yaml
+++ b/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-2.yaml
@@ -50,7 +50,7 @@ spec:
               value: 24h
             - name: OLLAMA_HOST
               value: 0.0.0.0
-          image: ollama/ollama:0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
+          image: ollama/ollama:0.21.0@sha256:d3d553bdfbcc7f55dd5ddf42c4cbe3a927aa9bb1802710d35e94656ca5aea02b
           name: main
           resources:
             limits:
diff --git a/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-3.yaml b/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-3.yaml
index 270344845..fa77147d4 100644
--- a/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-3.yaml
+++ b/clusters/cl01tl/manifests/ollama/Deployment-ollama-server-3.yaml
@@ -50,7 +50,7 @@ spec:
               value: 24h
             - name: OLLAMA_HOST
               value: 0.0.0.0
-          image: ollama/ollama:0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
+          image: ollama/ollama:0.21.0@sha256:d3d553bdfbcc7f55dd5ddf42c4cbe3a927aa9bb1802710d35e94656ca5aea02b
           name: main
           resources:
             limits:
diff --git a/clusters/cl01tl/manifests/paperless-ngx/Deployment-paperless-ngx.yaml b/clusters/cl01tl/manifests/paperless-ngx/Deployment-paperless-ngx.yaml
index 895d68a77..eafdb6517 100644
--- a/clusters/cl01tl/manifests/paperless-ngx/Deployment-paperless-ngx.yaml
+++ b/clusters/cl01tl/manifests/paperless-ngx/Deployment-paperless-ngx.yaml
@@ -34,7 +34,7 @@ spec:
       hostPID: false
       dnsPolicy: ClusterFirst
       containers:
-        - image: gotenberg/gotenberg:8.30.1@sha256:206a6c708fc6d05257367d9ac902d6c56c50d2e3284d0596ea000814ef97f22c
+        - image: gotenberg/gotenberg:8.31.0@sha256:f0d86e8a1dbc7b33a5a65cb251d02bb271a48ffa989da3feb5ed7d954fe4d4b3
           name: gotenberg
         - env:
             - name: PAPERLESS_REDIS