chore(release): 0.13.0 [skip ci]

# [0.13.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.12.0...0.13.0) (2026-03-31)

### Features

* documentation on vault ssh ([648fb31](648fb319b1))

.gitea/workflows/release-image-gitea.yml

@@ -1,136 +0,0 @@
-name: release-image-gitea
-
-on:
-  push:
-    tags:
-      - 0.*
-
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-js
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Set up pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          version: 10.x
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: 24.13.1
-          cache: pnpm
-
-      - name: Install Dependencies
-        run: pnpm install
-
-      # - name: Lint Code
-      #   run: pnpm lint
-
-      - name: Build Project
-        run: pnpm build
-
-  release:
-    runs-on: ubuntu-js
-    needs: build
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Login to Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ vars.REPOSITORY_HOST }}
-          username: ${{ gitea.actor }}
-          password: ${{ secrets.REPOSITORY_TOKEN }}
-
-      - name: Create Kubeconfig
-        run: |
-          mkdir $HOME/.kube
-          echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver: kubernetes
-          driver-opts: |
-            namespace=gitea
-            qemu.install=true
-          buildkitd-config-inline: |
-            [registry."docker.io"]
-              mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
-
-      - name: Available Platforms
-        run: echo ${{ steps.buildx.outputs.platforms }}
-
-      - name: Extract Metadata
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          tags: |
-            type=ref,event=branch
-            type=ref,event=tag
-            type=sha,format=long
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-          images: |
-            ${{ vars.REPOSITORY_HOST }}/${{ gitea.repository }}
-
-      - name: Get Version Info
-        id: version
-        run: |
-          echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
-          echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-          if git describe --tags --exact-match HEAD 2>/dev/null; then
-            echo "is_release=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_release=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Build and Push Image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: |
-            VERSION=${{ steps.version.outputs.version }}
-            COMMIT_SHA=${{ steps.version.outputs.commit }}
-            IS_RELEASE=${{ steps.version.outputs.is_release }}
-          file: ./Dockerfile
-
-      - name: ntfy Success
-        uses: niniyas/ntfy-action@master
-        if: success()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Release Success - Site Documentation'
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,successfully,completed
-          details: 'Image for Site Documentation has been released!'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Release Failure - Site Documentation'
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: 'Image for Site Documentation has failed to be released.'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yml", "clear": true}]'
-          image: true

.gitea/workflows/release-image-harbor.yml

@@ -1,136 +0,0 @@
-name: release-image-harbor
-
-on:
-  push:
-    tags:
-      - 0.*
-
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-js
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Set up pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          version: 10.x
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: 24.13.1
-          cache: pnpm
-
-      - name: Install Dependencies
-        run: pnpm install
-
-      # - name: Lint Code
-      #   run: pnpm lint
-
-      - name: Build Project
-        run: pnpm build
-
-  release:
-    runs-on: ubuntu-js
-    needs: build
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Login to Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ vars.REGISTRY_HOST }}
-          username: ${{ vars.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_SECRET }}
-
-      - name: Create Kubeconfig
-        run: |
-          mkdir $HOME/.kube
-          echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver: kubernetes
-          driver-opts: |
-            namespace=gitea
-            qemu.install=true
-          buildkitd-config-inline: |
-            [registry."docker.io"]
-              mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
-
-      - name: Available Platforms
-        run: echo ${{ steps.buildx.outputs.platforms }}
-
-      - name: Extract Metadata
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          tags: |
-            type=ref,event=branch
-            type=ref,event=tag
-            type=sha,format=long
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-          images: |
-            ${{ vars.REGISTRY_HOST }}/images/site-documentation
-
-      - name: Get Version Info
-        id: version
-        run: |
-          echo "version=$(git describe --tags --always)" >> $GITHUB_OUTPUT
-          echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-          if git describe --tags --exact-match HEAD 2>/dev/null; then
-            echo "is_release=true" >> $GITHUB_OUTPUT
-          else
-            echo "is_release=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Build and Push Image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: |
-            VERSION=${{ steps.version.outputs.version }}
-            COMMIT_SHA=${{ steps.version.outputs.commit }}
-            IS_RELEASE=${{ steps.version.outputs.is_release }}
-          file: ./Dockerfile
-
-      - name: ntfy Success
-        uses: niniyas/ntfy-action@master
-        if: success()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Release Success - Site Documentation'
-          priority: 3
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,successfully,completed
-          details: 'Image for Site Documentation has been released!'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-
-      - name: ntfy Failed
-        uses: niniyas/ntfy-action@master
-        if: failure()
-        with:
-          url: '${{ secrets.NTFY_URL }}'
-          topic: '${{ secrets.NTFY_TOPIC }}'
-          title: 'Release Failure - Site Documentation'
-          priority: 4
-          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
-          tags: action,failed
-          details: 'Image for Site Documentation has failed to be released.'
-          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
-          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yml", "clear": true}]'
-          image: true

.gitea/workflows/release-image.yaml

@@ -0,0 +1,340 @@
+name: release-image
+
+on:
+  push:
+    branches:
+      - release
+
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: release
+
+      - name: Set up Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: 24.14.1
+
+      - name: Set up Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.11
+
+      - name: Install Dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Cache Astro Build Cache
+        uses: actions/cache@v5
+        with:
+          path: |
+            .astro
+            node_modules/.vite
+          key: ${{ runner.os }}-astro-${{ hashFiles('**/*.astro', 'astro.config.mjs') }}
+          restore-keys: |
+            ${{ runner.os }}-astro-
+
+      # - name: Lint Code
+      #   run: bun run lint
+
+      - name: Build Project
+        run: bun run build
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Test Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'During release tests failed for building Site Documentation'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yaml", "clear": true}]'
+          image: true
+
+  guarddog:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: release
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.12'
+
+      - name: Install GuardDog
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install guarddog
+
+      - name: Run GuardDog
+        run: |
+          guarddog npm scan ./
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Security Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'During release guarddog scan failed for Site Documentation'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yaml", "clear": true}]'
+          image: true
+
+  semantic-release:
+    needs: [ build, guarddog ]
+    runs-on: ubuntu-js
+    outputs:
+      new-release-published: ${{ steps.semantic.outputs.new-release-published }}
+      new-release-version: ${{ steps.semantic.outputs.new-release-version }}
+      new-release-git-tag: ${{ steps.semantic.outputs.new-release-git-tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.BOT_TOKEN }}
+
+      - name: Set up Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: 24.14.1
+
+      - name: Set up Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.11
+
+      - name: Install Dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Run Semantic Release
+        id: semantic
+        env:
+          GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          NODE_PATH: ${{ github.workspace }}/node_modules
+        run: |
+          bun run semantic-release
+
+  release-harbor:
+    runs-on: ubuntu-js
+    needs: semantic-release
+    if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: release
+
+      - name: Login to Harbor Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ vars.REGISTRY_HOST }}
+          username: ${{ vars.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_SECRET }}
+
+      - name: Login to Docker
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ vars.DH_REGISTRY }}
+          username: ${{ secrets.DH_USERNAME }}
+          password: ${{ secrets.DH_TOKEN }}
+
+      - name: Create Kubeconfig
+        run: |
+          mkdir $HOME/.kube
+          echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v4
+        with:
+          driver: kubernetes
+          driver-opts: |
+            namespace=gitea
+            qemu.install=true
+          buildkitd-config-inline: |
+            [registry."docker.io"]
+              mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
+
+      - name: Available Platforms
+        run: echo ${{ steps.buildx.outputs.platforms }}
+
+      - name: Extract Metadata
+        id: meta
+        uses: docker/metadata-action@v6
+        with:
+          images: |
+            ${{ vars.REGISTRY_HOST }}/images/site-documentation
+          tags: |
+            type=ref,event=branch
+            type=sha,format=long
+            type=raw,value=latest,enable=${{ needs.semantic-release.outputs.new-release-published == 'true' }}
+            type=semver,pattern={{version}},value=${{ needs.semantic-release.outputs.new-release-version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic-release.outputs.new-release-version }}
+            type=semver,pattern={{major}},value=${{ needs.semantic-release.outputs.new-release-version }}
+
+      - name: Build and Push Image
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            APP_VERSION=${{ needs.semantic-release.outputs.new-release-version }}
+            COMMIT_SHA=${{ github.sha }}
+            IS_RELEASE=true
+          file: ./Dockerfile
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: ntfy Success
+        uses: niniyas/ntfy-action@master
+        if: success()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Release Success - Site Documentation'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: 'Harbor Image for Site Documentation has been released!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Release Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Harbor Image for Site Documentation has failed to be released.'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yml", "clear": true}]'
+          image: true
+
+  release-gitea:
+    runs-on: ubuntu-js
+    needs: [ semantic-release, release-harbor ]
+    if: |
+      always() && 
+      needs.semantic-release.outputs.new-release-published == 'true'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: release
+
+      - name: Login to Gitea Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ vars.REPOSITORY_HOST }}
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.REPOSITORY_TOKEN }}
+
+      - name: Login to Docker
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ vars.DH_REGISTRY }}
+          username: ${{ secrets.DH_USERNAME }}
+          password: ${{ secrets.DH_TOKEN }}
+
+      - name: Create Kubeconfig
+        run: |
+          mkdir $HOME/.kube
+          echo "${{ secrets.KUBECONFIG_BUILDX }}" > $HOME/.kube/config
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v4
+        with:
+          driver: kubernetes
+          driver-opts: |
+            namespace=gitea
+            qemu.install=true
+          buildkitd-config-inline: |
+            [registry."docker.io"]
+              mirrors = ["harbor.alexlebens.net/proxy-hub.docker/"]
+
+      - name: Available Platforms
+        run: echo ${{ steps.buildx.outputs.platforms }}
+
+      - name: Extract Metadata
+        id: meta
+        uses: docker/metadata-action@v6
+        with:
+          images: |
+            ${{ vars.REPOSITORY_HOST }}/${{ gitea.repository }}
+          tags: |
+            type=ref,event=branch
+            type=sha,format=long
+            type=raw,value=latest,enable=${{ needs.semantic-release.outputs.new-release-published == 'true' }}
+            type=semver,pattern={{version}},value=${{ needs.semantic-release.outputs.new-release-version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic-release.outputs.new-release-version }}
+            type=semver,pattern={{major}},value=${{ needs.semantic-release.outputs.new-release-version }}
+
+      - name: Build and Push Image
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            APP_VERSION=${{ needs.semantic-release.outputs.new-release-version }}
+            COMMIT_SHA=${{ github.sha }}
+            IS_RELEASE=true
+          file: ./Dockerfile
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: ntfy Success
+        uses: niniyas/ntfy-action@master
+        if: success()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Release Success - Site Documentation'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: 'Gitea Image for Site Documentation has been released!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Release Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Gitea Image for Site Documentation has failed to be released.'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=release-image.yaml", "clear": true}]'
+          image: true

.gitea/workflows/renovate.yaml

@@ -2,11 +2,7 @@ name: renovate
 
 on:
   schedule:
-    - cron: '@daily'
-
-  push:
-    branches:
-      - main
+    - cron: '0 */6 * * *'
 
   workflow_dispatch:
 
@@ -25,8 +21,10 @@ jobs:
           RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
           RENOVATE_REPOSITORIES: alexlebens/site-documentation
           RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
+          RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}
           LOG_LEVEL: info
           RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
           RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
           RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
-          RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}
+          RENOVATE_REGISTRY_ALIASES: '{"dhi.io": "dhi.io"}'
+          RENOVATE_HOST_RULES: '[{"matchHost":"dhi.io","hostType":"docker","username":"${{ secrets.RENOVATE_DHI_USER }}","password":"${{ secrets.RENOVATE_DHI_TOKEN }}"}]'

.gitea/workflows/test-build.yaml

@@ -4,6 +4,9 @@ on:
   push:
     branches:
       - main
+    paths-ignore:
+      - '.gitea/workflows/**'
+      - '**.md'
 
   pull_request:
     branches:
@@ -16,25 +19,34 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v6
 
-      - name: Set up pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          version: 10.x
-
-      - name: Set up Node.js
+      - name: Set up Node
         uses: actions/setup-node@v6
         with:
-          node-version: 24.13.1
-          cache: pnpm
+          node-version: 24.14.1
+
+      - name: Set up Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.11
 
       - name: Install Dependencies
-        run: pnpm install
+        run: bun install --frozen-lockfile
+
+      - name: Cache Astro Build Cache
+        uses: actions/cache@v5
+        with:
+          path: |
+            .astro
+            node_modules/.vite
+          key: ${{ runner.os }}-astro-${{ hashFiles('**/*.astro', 'astro.config.mjs') }}
+          restore-keys: |
+            ${{ runner.os }}-astro-
 
       # - name: Lint Code
-      #   run: pnpm lint
+      #   run: bun run lint
 
       - name: Build Project
-        run: pnpm build
+        run: bun run build
 
       - name: ntfy Failed
         uses: niniyas/ntfy-action@master
@@ -50,3 +62,38 @@ jobs:
           icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
           actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=test-build.yaml", "clear": true}]'
           image: true
+
+  guarddog:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.12'
+
+      - name: Install GuardDog
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install guarddog
+
+      - name: Run GuardDog
+        run: |
+          guarddog npm scan ./
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Security Failure - Site Documentation'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Guarddog scan failed for Site Documentation'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-documentation/actions?workflow=test-build.yaml", "clear": true}]'
+          image: true

.npmrc

@@ -1,2 +0,0 @@
-engine-strict=true
-save-exact=true

.pre-commit-config.yaml

@@ -0,0 +1,17 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-merge-conflict
+      - id: check-json
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v4.0.0-alpha.11
+    hooks:
+      - id: prettier
+        types_or: [javascript, typescript, css, scss, html, json, yaml, markdown]
+        additional_dependencies:
+          - prettier
+          - prettier-plugin-astro
+          - prettier-plugin-tailwindcss

.releaserc.json

@@ -0,0 +1,18 @@
+{
+  "branches": ["release"],
+  "tagFormat": "${version}",
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/changelog",
+    "semantic-release-export-data",
+    ["@semantic-release/npm", { "npmPublish": false }],
+    ["@semantic-release/git", {
+      "assets": ["package.json", "CHANGELOG.md"],
+      "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+    }],
+    ["@saithodev/semantic-release-gitea", {
+      "giteaUrl": "https://gitea.alexlebens.dev"
+    }]
+  ]
+}

CHANGELOG.md

@@ -0,0 +1,100 @@
+# [0.13.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.12.0...0.13.0) (2026-03-31)
+
+
+### Features
+
+* documentation on vault ssh ([648fb31](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/648fb319b192ecd7826fe03599f7a0ee55a419ea))
+
+# [0.12.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.11.0...0.12.0) (2026-03-30)
+
+
+### Features
+
+* add more apps ([e13f3e3](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/e13f3e30e2a73a712008f65cc5932cbe1e71adb2))
+* add more apps ([ef4ff67](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/ef4ff67818d2758e21b9f0076519ca9221f74bb0))
+* add more apps ([32eacf8](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/32eacf8df7cd07eaf33a46d9df88e22f22d0cbf6))
+
+# [0.11.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.10.0...0.11.0) (2026-03-27)
+
+
+### Features
+
+* add more apps ([2221cbb](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/2221cbb0993595d7b8641fa4ffbc2fe874cdff39))
+* add more apps ([82736ec](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/82736ec2a95db97abc7337ec1849dbb97a0fca5e))
+
+# [0.10.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.9.0...0.10.0) (2026-03-26)
+
+
+### Features
+
+* add more apps ([33b64b0](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/33b64b0122a8ff734e632d0fdcaf92a474e1d631))
+
+# [0.9.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.8.0...0.9.0) (2026-03-26)
+
+
+### Features
+
+* add more apps ([28910c8](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/28910c8ee57a2436cbe1ca01e95b85d8600f360e))
+* collapse apps by default, too many ([79b2f0d](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/79b2f0d1c89da74693ffddd78460197cd3d91bd5))
+
+# [0.8.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.7.0...0.8.0) (2026-03-25)
+
+
+### Features
+
+* add more apps ([c69fde3](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/c69fde38f93cd8f8fe50503c7e3b0523eeb73775))
+
+# [0.7.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.6.0...0.7.0) (2026-03-25)
+
+
+### Features
+
+* add more apps ([8e49a12](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/8e49a12511f26de4060ff2aaef0f707446e210bd))
+* change schedule ([4077d32](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/4077d3289cd2a87d8499b31eb6a70fd460aa72e4))
+
+# [0.6.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.5.0...0.6.0) (2026-03-23)
+
+
+### Features
+
+* add more apps ([ce3d1a4](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/ce3d1a4a27d3e7850f05cc91fd3e1bae42ef5cea))
+
+# [0.5.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.4.0...0.5.0) (2026-03-23)
+
+
+### Features
+
+* add argo-cd ([36be56e](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/36be56e4502cbc40a7380ef1f7124b002ba7c583))
+
+# [0.4.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.3.0...0.4.0) (2026-03-23)
+
+
+### Bug Fixes
+
+* remove react deps ([5e97a52](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/5e97a524ba045398267f80f55c40288ab40f0d47))
+
+
+### Features
+
+* add and update pre-commit ([95805dc](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/95805dcd071dd08e1e6451d96b2d0d1058abedaf))
+* add applications, actual ([e21d142](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/e21d1426d23c7deee7ccd415e8ad528f3a9c0b08))
+* add argo-workflows ([abde3db](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/abde3db3c76a37ffda8232f8293b8b402eaef81e))
+* merge ([a3e6e65](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/a3e6e65c79a92d34cc4b0fffdbba7719bcb14b5d))
+* remove splash template ([3fecb72](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/3fecb72e89af7eac1d4fa04e7ec5280c6cf546c8))
+
+# [0.3.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.2.0...0.3.0) (2026-03-15)
+
+
+### Features
+
+* add and update pre-commit ([972bbff](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/972bbffb41020489508660c261559b0e6c806ca6))
+
+# [0.2.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.1.7...0.2.0) (2026-03-12)
+
+
+### Features
+
+* add robots ([4ef4353](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/4ef43534a0f26bc5593258c9cd6a31d62283929d))
+* switch to bun ([7413830](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/74138302a4c2ad45a850459c47a17dd09014f3ad))
+* trigger minor version update ([7a9b62d](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/7a9b62dc048ffd947bb6dd41523091bbc9346e84))
+* use alpine-dev for bun builder ([4575bfb](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/4575bfb9138bc9ca5f9d93e845155fc56d3a8491))

Dockerfile

@@ -1,35 +1,35 @@
-ARG REGISTRY=docker.io
-FROM ${REGISTRY}/node:24.13.0-alpine AS base
-
-ENV PNPM_HOME="/pnpm"
-ENV PATH="$PNPM_HOME:$PATH"
-RUN corepack enable
+ARG REGISTRY=dhi.io
+FROM ${REGISTRY}/bun:1.3.11-alpine3.22-dev AS builder
 
 WORKDIR /app
 
-COPY package.json pnpm-lock.yaml ./
+COPY package.json bun.lock ./
 
-FROM base AS prod-deps
-RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile
+FROM builder AS prod-deps
+RUN --mount=type=cache,id=bun,target=/root/.bun/install/cache \
+    bun install --production --frozen-lockfile
 
-FROM prod-deps AS build-deps
-RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
+FROM builder AS build-deps
+RUN --mount=type=cache,id=bun,target=/root/.bun/install/cache \
+    bun install --frozen-lockfile
 
 FROM build-deps AS build
 COPY . .
-RUN pnpm run build
-RUN pnpm prune --prod
+RUN bun run build
 
-FROM base AS runtime
+FROM ${REGISTRY}/bun:1.3.11-alpine3.22 AS runtime
+WORKDIR /app
 COPY --from=prod-deps /app/node_modules /app/node_modules
 COPY --from=build /app/dist /app/dist
 
+ARG APP_VERSION=latest
+ARG APP_VERSION
+
 ENV HOST=0.0.0.0
-ENV SITE_URL=https://docs.alexlebens.dev
 ENV PORT=4321
 
-LABEL version="0.1.1"
+LABEL version=$APP_VERSION
 LABEL description="Astro based documentation website"
 
 EXPOSE $PORT
-CMD ["node", "./dist/server/entry.mjs"]
+CMD ["bun", "run", "./dist/server/entry.mjs"]

README.md

@@ -6,7 +6,7 @@
 pnpm create astro@latest -- --template starlight
 ```
 
-## 🚀 Project Structure
+## Project Structure
 
 Inside of your Astro + Starlight project, you'll see the following folders and files:
 
@@ -29,15 +29,12 @@ Images can be added to `src/assets/` and embedded in Markdown with a relative li
 
 Static assets, like favicons, can be placed in the `public/` directory.
 
-## 🧞 Commands
+## Commands
 
 All commands are run from the root of the project, from a terminal:
 
 | Command                | Action                                           |
 | :--------------------- | :----------------------------------------------- |
-| `pnpm install`         | Installs dependencies                            |
-| `pnpm dev`             | Starts local dev server at `localhost:4321`      |
-| `pnpm build`           | Build your production site to `./dist/`          |
-| `pnpm preview`         | Preview your build locally, before deploying     |
-| `pnpm astro ...`       | Run CLI commands like `astro add`, `astro check` |
-| `pnpm astro -- --help` | Get help using the Astro CLI                     |
+| `bun install`         | Installs dependencies                            |
+| `bun run dev`             | Starts local dev server at `localhost:4321`      |
+| `bun run build`           | Build your production site to `./dist/`          |

astro.config.mjs

@@ -2,10 +2,12 @@
 import { defineConfig } from "astro/config";
 
 import node from "@astrojs/node";
-import tailwindcss from "@tailwindcss/vite";
+import sitemap from '@astrojs/sitemap';
 import starlight from "@astrojs/starlight";
 import starlightThemeRapide from 'starlight-theme-rapide'
 
+import tailwindcss from '@tailwindcss/vite';
+
 const getSiteURL = () => {
   if (process.env.SITE_URL) {
     return `https://${process.env.SITE_URL}`;
@@ -13,12 +15,15 @@ const getSiteURL = () => {
   return "http://localhost:4321";
 };
 
-// https://astro.build/config
 export default defineConfig({
   site: getSiteURL(),
 
+  security: { csp: true },
+
+  prefetch: true,
+
   integrations: [
-    tailwindcss(),
+    sitemap(),
     starlight({
       title: "Alex Lebens Docs",
       customCss: [
@@ -45,21 +50,28 @@ export default defineConfig({
         },
         {
           label: "Applications",
+          collapsed: true,
           autogenerate: { directory: "applications" },
         },
       ],
     }),
   ],
 
+  markdown: {
+    syntaxHighlight: false,
+  },
+
   plugins: {
-    "@tailwindcss/postcss": {},
+    '@tailwindcss/postcss': {},
   },
 
   vite: {
     plugins: [tailwindcss()],
   },
 
+  output: 'static',
+
   adapter: node({
-    mode: "standalone",
+    mode: 'standalone',
   }),
 });

package.json

@@ -1,7 +1,7 @@
 {
   "name": "site-documentation",
   "type": "module",
-  "version": "0.1.1",
+  "version": "0.13.0",
   "scripts": {
     "dev": "astro dev",
     "build": "astro build",
@@ -12,27 +12,37 @@
     "astro": "astro"
   },
   "dependencies": {
-    "@astrojs/mdx": "^4.3.13",
-    "@astrojs/node": "^9.5.2",
-    "@astrojs/starlight": "^0.37.6",
-    "@tailwindcss/postcss": "^4.1.18",
-    "@tailwindcss/vite": "^4.1.18",
-    "astro": "^5.17.1",
-    "motion": "^12.34.0",
-    "sanitize-html": "^2.17.0",
+    "@astrojs/mdx": "^5.0.0",
+    "@astrojs/node": "^10.0.1",
+    "@astrojs/sitemap": "^3.7.1",
+    "@astrojs/starlight": "^0.38.1",
+    "@tailwindcss/postcss": "^4.2.1",
+    "@tailwindcss/vite": "^4.2.1",
+    "astro": "^6.0.4",
+    "sanitize-html": "^2.17.1",
     "sharp": "^0.34.5",
     "starlight-theme-rapide": "^0.5.2",
-    "tailwindcss": "^4.1.18"
+    "tailwindcss": "^4.2.1"
   },
   "devDependencies": {
+    "@saithodev/semantic-release-gitea": "^2.1.0",
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/commit-analyzer": "^13.0.1",
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/npm": "^13.1.5",
+    "@semantic-release/release-notes-generator": "^14.1.0",
+    "@tailwindcss/forms": "^0.5.11",
     "@tailwindcss/typography": "^0.5.19",
-    "@typescript-eslint/parser": "^8.55.0",
-    "eslint": "^10.0.0",
+    "@typescript-eslint/parser": "^8.57.0",
+    "eslint": "^10.0.3",
     "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-astro": "^1.5.0",
+    "eslint-plugin-astro": "^1.6.0",
     "prettier": "^3.8.1",
     "prettier-plugin-astro": "^0.14.1",
     "prettier-plugin-tailwindcss": "^0.7.2",
-    "typescript-eslint": "^8.55.0"
+    "semantic-release": "^25.0.3",
+    "semantic-release-export-data": "^1.2.0",
+    "typescript": "^6.0.0",
+    "typescript-eslint": "^8.57.0"
   }
-}
+}

src/content/docs/applications/actual.mdx

@@ -0,0 +1,15 @@
+---
+title: Actual
+description: Actual Budget is a super fast and privacy-focused app for managing finances.
+hero:
+  tagline: Actual Budget is a super fast and privacy-focused app for managing finances.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/actual-budget.webp
+  actions:
+    - text: Source
+      link: https://github.com/actualbudget/actual
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/actual
+      icon: right-arrow
+---

src/content/docs/applications/argo-cd.mdx

@@ -0,0 +1,15 @@
+---
+title: Argo CD
+description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. 
+hero:
+  tagline: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/argo-cd.webp
+  actions:
+    - text: Source
+      link: https://github.com/argoproj/argo-cd
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/argocd
+      icon: right-arrow
+---

src/content/docs/applications/argo-workflows.mdx

@@ -0,0 +1,15 @@
+---
+title: Argo Workflows
+description: Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. 
+hero:
+  tagline: Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. 
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/argo-cd.webp
+  actions:
+    - text: Source
+      link: https://github.com/argoproj/argo-workflows
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/argo-workflows
+      icon: right-arrow
+---

src/content/docs/applications/audiobookshelf.mdx

@@ -0,0 +1,15 @@
+---
+title: Audiobookshelf
+description: Audiobookshelf is a self-hosted audiobook and podcast server.
+hero:
+  tagline: Audiobookshelf is a self-hosted audiobook and podcast server.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/audiobookshelf.webp
+  actions:
+    - text: Source
+      link: https://github.com/advplyr/audiobookshelf
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/audiobookshelf
+      icon: right-arrow
+---

src/content/docs/applications/authentik.mdx

@@ -0,0 +1,15 @@
+---
+title: Authentik
+description: Authentik is an open-source Identity Provider (IdP) for modern SSO. It supports SAML, OAuth2/OIDC, LDAP, RADIUS, and more, designed for self-hosting from small labs to large production clusters.
+hero:
+  tagline: Authentik is an open-source Identity Provider (IdP) for modern SSO. It supports SAML, OAuth2/OIDC, LDAP, RADIUS, and more, designed for self-hosting from small labs to large production clusters.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp
+  actions:
+    - text: Source
+      link: https://github.com/goauthentik/authentik
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/authentik
+      icon: right-arrow
+---

src/content/docs/applications/backrest.mdx

@@ -0,0 +1,15 @@
+---
+title: Backrest
+description: Backrest is a web-accessible backup solution built on top of restic.
+hero:
+  tagline: Backrest is a web-accessible backup solution built on top of restic.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/backrest.webp
+  actions:
+    - text: Source
+      link: https://github.com/garethgeorge/backrest
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/backrest
+      icon: right-arrow
+---

src/content/docs/applications/bazarr.mdx

@@ -0,0 +1,15 @@
+---
+title: Bazarr
+description: Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements. 
+hero:
+  tagline: Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements. 
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/bazarr.webp
+  actions:
+    - text: Source
+      link: https://github.com/morpheus65535/bazarr
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/bazarr
+      icon: right-arrow
+---

src/content/docs/applications/blocky.mdx

@@ -0,0 +1,15 @@
+---
+title: Blocky
+description: Blocky is a DNS proxy and ad-blocker for the local network written in Go with following features.
+hero:
+  tagline: Blocky is a DNS proxy and ad-blocker for the local network written in Go with following features.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/blocky.webp
+  actions:
+    - text: Source
+      link: https://github.com/0xERR0R/blocky
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/blocky
+      icon: right-arrow
+---

src/content/docs/applications/cert-manager.mdx

@@ -0,0 +1,15 @@
+---
+title: Cert Manager
+description: Cert Manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.
+hero:
+  tagline: Cert Manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.
+  image:
+    file: https://raw.githubusercontent.com/cert-manager/cert-manager/52bddefde7b2d44841c77cf15038d51330cb9748/logo/logo.svg
+  actions:
+    - text: Source
+      link: https://github.com/cert-manager/cert-manager
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/cert-manager
+      icon: right-arrow
+---

src/content/docs/applications/cilium.mdx

@@ -0,0 +1,15 @@
+---
+title: Cilium
+description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
+hero:
+  tagline: Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/cilium.webp
+  actions:
+    - text: Source
+      link: https://github.com/cilium/cilium
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/cilium
+      icon: right-arrow
+---

src/content/docs/applications/cloudnative-pg.mdx

@@ -0,0 +1,15 @@
+---
+title: CloudNativePG
+description: CloudNativePG (CNPG) is an open-source platform designed to seamlessly manage PostgreSQL databases in Kubernetes environments.
+hero:
+  tagline: CloudNativePG (CNPG) is an open-source platform designed to seamlessly manage PostgreSQL databases in Kubernetes environments.
+  image:
+    file: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/0c2d2ff561b7b8ddb6bc06ddb91bd20b73d3f82d/assets/images/hero_image.svg
+  actions:
+    - text: Source
+      link: https://github.com/cloudnative-pg/cloudnative-pg
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/cloudnative-pg
+      icon: right-arrow
+---

src/content/docs/applications/code-server.mdx

@@ -0,0 +1,15 @@
+---
+title: Code Server
+description: Run VS Code on any machine anywhere and access it in the browser.
+hero:
+  tagline: Run VS Code on any machine anywhere and access it in the browser.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/visual-studio-code.webp
+  actions:
+    - text: Source
+      link: https://github.com/coder/code-server
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/code-server
+      icon: right-arrow
+---

src/content/docs/applications/coredns.mdx

@@ -0,0 +1,15 @@
+---
+title: CoreDNS
+description: CoreDNS is a DNS server/forwarder, written in Go, that chains plugins.
+hero:
+  tagline: CoreDNS is a DNS server/forwarder, written in Go, that chains plugins.
+  image:
+    file: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png
+  actions:
+    - text: Source
+      link: https://github.com/coredns/coredns
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/coredns
+      icon: right-arrow
+---

src/content/docs/applications/dawarich.mdx

@@ -0,0 +1,15 @@
+---
+title: Dawarich
+description: Dawarich is a self-hostable web app designed to replace Google Timeline (aka Google Location History).
+hero:
+  tagline: Dawarich is a self-hostable web app designed to replace Google Timeline (aka Google Location History).
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/dawarich.webp
+  actions:
+    - text: Source
+      link: https://github.com/Freika/dawarich
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/dawarich
+      icon: right-arrow
+---

src/content/docs/applications/democratic-csi-synology-iscsi.mdx

@@ -0,0 +1,15 @@
+---
+title: Democratic CSI
+description: Democratic CSI implements the csi (container storage interface) spec providing storage for various container orchestration systems.
+hero:
+  tagline: Democratic CSI implements the csi (container storage interface) spec providing storage for various container orchestration systems.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/kubernetes.webp
+  actions:
+    - text: Source
+      link: https://github.com/democratic-csi/democratic-csi
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/democratic-csi-synology-iscsi
+      icon: right-arrow
+---

src/content/docs/applications/descheduler.mdx

@@ -0,0 +1,15 @@
+---
+title: Descheduler
+description: Descheduler, based on its policy, finds pods that can be moved and evicts them.
+hero:
+  tagline: Descheduler, based on its policy, finds pods that can be moved and evicts them.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/kubernetes.webp
+  actions:
+    - text: Source
+      link: https://github.com/kubernetes-sigs/descheduler
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/descheduler
+      icon: right-arrow
+---

src/content/docs/applications/directus.mdx

@@ -0,0 +1,15 @@
+---
+title: Directus
+description: Directus is a real-time API and App dashboard for managing SQL database content.
+hero:
+  tagline: Directus is a real-time API and App dashboard for managing SQL database content.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/directus.webp
+  actions:
+    - text: Source
+      link: https://github.com/directus/directus
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/directus
+      icon: right-arrow
+---

src/content/docs/applications/elastic-operator.mdx

@@ -0,0 +1,15 @@
+---
+title: Elastic Cloud on Kubernetes
+description: Elastic Cloud on Kubernetes automates the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, Logstash, Elastic AutoOps Agent, and Elastic Package Registry on Kubernetes based on the operator pattern.
+hero:
+  tagline: Elastic Cloud on Kubernetes automates the deployment, provisioning, management, and orchestration of Elasticsearch, Kibana, APM Server, Enterprise Search, Beats, Elastic Agent, Elastic Maps Server, Logstash, Elastic AutoOps Agent, and Elastic Package Registry on Kubernetes based on the operator pattern.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/elastic.webp
+  actions:
+    - text: Source
+      link: https://github.com/elastic/cloud-on-k8s
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/elastic-operator
+      icon: right-arrow
+---

src/content/docs/applications/element-web.mdx

@@ -0,0 +1,15 @@
+---
+title: Element Web
+description: Element (formerly known as Vector and Riot) is a Matrix web & desktop client built using the Matrix JS SDK.
+hero:
+  tagline: Element (formerly known as Vector and Riot) is a Matrix web & desktop client built using the Matrix JS SDK.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/element.webp
+  actions:
+    - text: Source
+      link: https://github.com/element-hq/element-web
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/element-web
+      icon: right-arrow
+---

src/content/docs/applications/eraser.mdx

@@ -0,0 +1,15 @@
+---
+title: Eraser
+description: Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster.
+hero:
+  tagline: Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster.
+  image:
+    file: https://raw.githubusercontent.com/eraser-dev/eraser/20576a24c512feb83c26ed867353d4143717d798/docs/static/img/eraser.svg
+  actions:
+    - text: Source
+      link: https://github.com/eraser-dev/eraser
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/eraser
+      icon: right-arrow
+---

src/content/docs/applications/excalidraw.mdx

@@ -0,0 +1,15 @@
+---
+title: Excalidraw
+description: Excalidraw is an open source virtual hand-drawn style whiteboard.
+hero:
+  tagline: Excalidraw is an open source virtual hand-drawn style whiteboard.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/excalidraw.webp
+  actions:
+    - text: Source
+      link: https://github.com/excalidraw/excalidraw
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/excalidraw
+      icon: right-arrow
+---

src/content/docs/applications/external-dns.mdx

@@ -0,0 +1,15 @@
+---
+title: ExternalDNS
+description: ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
+hero:
+  tagline: ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/kubernetes.webp
+  actions:
+    - text: Source
+      link: https://github.com/kubernetes-sigs/external-dns
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/external-dns
+      icon: right-arrow
+---

src/content/docs/applications/external-secrets.mdx

@@ -0,0 +1,15 @@
+---
+title: External Secrets Operator
+description: External Secrets Operator is a Kubernetes operator that integrates external secret management systems.
+hero:
+  tagline: External Secrets Operator is a Kubernetes operator that integrates external secret management systems.
+  image:
+    file: https://raw.githubusercontent.com/external-secrets/external-secrets/a16e618c8607b599a2360dd08725015e78cafa1a/assets/eso-round-logo.svg
+  actions:
+    - text: Source
+      link: https://github.com/external-secrets/external-secrets
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/external-secrets
+      icon: right-arrow
+---

src/content/docs/applications/foldergram.mdx

@@ -0,0 +1,15 @@
+---
+title: Foldergram
+description: Local-only photo and video gallery for folders, with an Instagram-inspired browsing pattern.
+hero:
+  tagline: Local-only photo and video gallery for folders, with an Instagram-inspired browsing pattern.
+  image:
+    file: https://raw.githubusercontent.com/foldergram/foldergram/263f2c2c48e4362bf46fc349040d6376737d512b/client/public/favicon.svg
+  actions:
+    - text: Source
+      link: https://github.com/foldergram/foldergram
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/foldergram
+      icon: right-arrow
+---

src/content/docs/applications/freshrss.mdx

@@ -0,0 +1,15 @@
+---
+title: FreshRSS
+description: FreshRSS is a self-hosted RSS feed aggregator. It is lightweight, easy to work with, powerful, customizable, and has been translated into many languages.
+hero:
+  tagline: FreshRSS is a self-hosted RSS feed aggregator. It is lightweight, easy to work with, powerful, customizable, and has been translated into many languages.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/freshrss.webp
+  actions:
+    - text: Source
+      link: https://github.com/FreshRSS/FreshRSS
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/freshrss
+      icon: right-arrow
+---

src/content/docs/applications/garage.mdx

@@ -0,0 +1,15 @@
+---
+title: Garage
+description: Garage is an S3-compatible distributed object storage service designed for self-hosting at a small-to-medium scale.
+hero:
+  tagline: Garage is an S3-compatible distributed object storage service designed for self-hosting at a small-to-medium scale.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/garage.webp
+  actions:
+    - text: Source
+      link: https://git.deuxfleurs.fr/Deuxfleurs/garage
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/garage
+      icon: right-arrow
+---

src/content/docs/applications/gatus.mdx

@@ -0,0 +1,15 @@
+---
+title: Gatus
+description: Gatus is a developer-oriented health dashboard that gives you the ability to monitor your services using HTTP, ICMP, TCP, and even DNS queries as well as evaluate the result of said queries by using a list of conditions on values like the status code, the response time, the certificate expiration, the body and many others.
+hero:
+  tagline: Gatus is a developer-oriented health dashboard that gives you the ability to monitor your services using HTTP, ICMP, TCP, and even DNS queries as well as evaluate the result of said queries by using a list of conditions on values like the status code, the response time, the certificate expiration, the body and many others.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/gatus.webp
+  actions:
+    - text: Source
+      link: https://github.com/TwiN/gatus
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/gatus
+      icon: right-arrow
+---

src/content/docs/applications/generic-device-plugin.mdx

@@ -0,0 +1,15 @@
+---
+title: Generic Device Plugin
+description: Generic Device Plugin enables allocating generic Linux devices, such as serial devices, the FUSE device, or video cameras, to Kubernetes Pods. 
+hero:
+  tagline: Generic Device Plugin enables allocating generic Linux devices, such as serial devices, the FUSE device, or video cameras, to Kubernetes Pods. 
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/kubernetes.webp
+  actions:
+    - text: Source
+      link: https://github.com/squat/generic-device-plugin
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/generic-device-plugin
+      icon: right-arrow
+---

src/content/docs/applications/gitea.mdx

@@ -0,0 +1,15 @@
+---
+title: Gitea
+description: Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
+hero:
+  tagline: Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/gitea.webp
+  actions:
+    - text: Source
+      link: https://github.com/go-gitea/gitea
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/gitea
+      icon: right-arrow
+---

src/content/docs/applications/grafana-operator.mdx

@@ -0,0 +1,15 @@
+---
+title: Grafana Operator
+description: Grafana Operator is a Kubernetes operator built to help you manage your Grafana instances and its resources in and outside of Kubernetes.
+hero:
+  tagline: Grafana Operator is a Kubernetes operator built to help you manage your Grafana instances and its resources in and outside of Kubernetes.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/grafana.webp
+  actions:
+    - text: Source
+      link: https://github.com/grafana/grafana-operator
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/grafana-operator
+      icon: right-arrow
+---

src/content/docs/applications/grimmory.mdx

@@ -0,0 +1,15 @@
+---
+title: Grimmory
+description: Grimmory is a self-hosted application for managing your entire book collection in one place.
+hero:
+  tagline: Grimmory is a self-hosted application for managing your entire book collection in one place.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/booklore.webp
+  actions:
+    - text: Source
+      link: https://github.com/grimmory-tools/grimmory
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/grimmory
+      icon: right-arrow
+---

src/content/docs/applications/harbor.mdx

@@ -0,0 +1,15 @@
+---
+title: Harbor
+description: Harbor is an open source trusted cloud native registry project that stores, signs, and scans content.
+hero:
+  tagline: Harbor is an open source trusted cloud native registry project that stores, signs, and scans content.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/harbor.webp
+  actions:
+    - text: Source
+      link: https://github.com/goharbor/harbor
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/harbor
+      icon: right-arrow
+---

src/content/docs/applications/headlamp.mdx

@@ -0,0 +1,15 @@
+---
+title: Headlamp
+description: Headlamp is an easy-to-use and extensible Kubernetes web UI and was created to blend the traditional feature set of other web UIs/dashboards with added functionality.
+hero:
+  tagline: Headlamp is an easy-to-use and extensible Kubernetes web UI and was created to blend the traditional feature set of other web UIs/dashboards with added functionality.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/headlamp.webp
+  actions:
+    - text: Source
+      link: https://github.com/kubernetes-sigs/headlamp
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/headlamp
+      icon: right-arrow
+---

src/content/docs/applications/home-assistant.mdx

@@ -0,0 +1,15 @@
+---
+title: Home Assistant
+description: Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts.
+hero:
+  tagline: Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts.
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/home-assistant.webp
+  actions:
+    - text: Source
+      link: https://github.com/home-assistant/core
+      icon: right-arrow
+    - text: Deployment Chart
+      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/home-assistant
+      icon: right-arrow
+---

src/content/docs/guides/talos-upgrade-1-12-0.md

@@ -1,5 +1,5 @@
 ---
-title: Talos Upgrade
+title: Talos Upgrade 1.12.0
 description: Steps followed for the v1.12.0 upgrade process
 ---
 

src/content/docs/guides/talos-upgrade-generic.md

@@ -0,0 +1,68 @@
+---
+title: Talos Upgrade Generic
+description: Steps followed for the standard upgrade process
+---
+
+This is the standard upgrade process for Talos. Relatively simple, just verify, run commands, and verify.
+
+## Health Check
+
+### Etcd
+
+Check status of etcd, ensure there is a leader and there are no errors.
+
+```bash
+talosctl -n 10.232.1.11,10.232.1.12,10.232.1.13 etcd status
+```
+
+### Ceph
+
+Check if ceph is healthy:
+
+Either browse to the [webpage](https://ceph.alexlebens.net/#/dashboard), or run the following commands on the tools container
+
+```bash
+kubectl -n rook-ceph exec -it $(kubectl -n rook-ceph get pod -l "app=rook-ceph-tools" -o jsonpath='{.items\[\*].metadata.name}') -- bash
+```
+
+Inside the rook-ceph-tools container check the status:
+```bash
+ceph status
+```
+
+### Cloudnative-PG
+
+Check the status of the Cloudnative-PG clusters to ensure they are all healthy. There is potential data loss if a worker node has a failure or the local volume isn't reattached.
+
+[Dashboard](https://grafana.alexlebens.net/d/cloudnative-pg/cloudnativepg)
+
+### Garage
+
+Check the status of the Garage cluster to ensure there is no data loss of the local S3 store. This will result in data loss of short term WALs if this cluster fails
+
+[Dashboard](https://garage-webui.alexlebens.net/)
+
+## Upgrade
+
+Reference the [config repo](https://gitea.alexlebens.dev/alexlebens/talos-config/src/branch/main) for the exact commands, links to the factory page, and update the image versions. Each type has its own image string.
+
+As an example to upgrade a NUC node:
+```bash
+talosctl upgrade --nodes 10.232.1.23 --image factory.talos.dev/metal-installer/495176274ce8f9e87ed052dbc285c67b2a0ed7c5a6212f5c4d086e1a9a1cf614:v1.12.0
+```
+
+# Apply new configuration
+
+Use the generate command in the README of the talos-config repo to make the configuration to be supplied.
+
+As an example to apply that generated config to a NUC node:
+```bash
+talosctl apply-config -f generated/worker-nuc.yaml -n 10.232.1.23
+```
+
+## Verification
+
+Verify all is health on the dashboard:
+```bash
+talosctl -n 10.232.1.23 dashboard
+```

src/content/docs/guides/vault-ssh-ca.md

@@ -0,0 +1,105 @@
+---
+title: Vault SSH Certificate Authority
+description: Steps followed to enable using Vault as a CA for ssh login
+---
+
+# Setup
+
+[Reference Vault Documentation](https://developer.hashicorp.com/vault/docs/secrets/ssh/signed-ssh-certificates#host-key-signing)
+
+I have set the documenation to use my own defaults and configuration. This also assumes a running and active Vault instance.
+
+## Enable the SSH CA
+
+I followed the defaults mostly in the docs, reference the above link for details. Use either root or a role with permissions for the endpoints.
+
+Start with enabling the mount.
+```bash
+vault secrets enable -path=ssh-client-signer ssh
+```
+
+Generate a key. This will be used only for signing and not for client authentication. Keep it in a secure location, rename the path the key will be written to.
+```bash
+ssh-keygen -t rsa -C "alexanderlebens@gmail.com"
+```
+
+Add the above signing key.
+```bash
+vault write ssh-client-signer/config/ca private_key="..." public_key="..."
+```
+
+## Create Client Role and Key
+
+Once the above is complete, create a role to use to sign your own client cert. I used my common username and configurations. This can also be done in the Vault UI.
+```bash
+vault write ssh-client-signer/roles/alexlebens -<<"EOH"
+{
+  "algorithm_signer": "rsa-sha2-256",
+  "allow_user_certificates": true,
+  "allowed_users": "*",
+  "allowed_extensions": "permit-pty,permit-port-forwarding",
+  "default_extensions": {
+    "permit-pty": ""
+  },
+  "key_type": "ca",
+  "default_user": "alexlebens",
+  "ttl": "30m0s"
+}
+EOH
+```
+
+## Create Client Key
+
+Generate the ssh key to use to authenticate to your hosts. This is the one to keep in ~/.ssh.
+```bash
+ssh-keygen -t rsa -C "alexanderlebens@gmail.com"
+```
+
+## Configure SSH to use the Key and Cert
+
+SSH will defailt to using the cert when using the matching name "id_rsa_host-cert.pub" as shown in the renewal certificate section. Use the principal as signed by Vault as the User and set the IdentityFile to the Key as generated above.
+```
+Host ps08rp
+    Hostname 10.232.1.51
+    User alexlebens
+    IdentityFile ~/.ssh/id_rsa_host
+```
+
+# Operations
+
+## Prepare Target Host
+
+Download the public cert from the endpoint.
+```bash
+curl -o /etc/ssh/trusted-user-ca-keys.pem https://vault.alexlebens.net/v1/ssh-client-signer/public_key
+```
+
+Then add that file to the sshd config.
+```
+TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
+```
+
+### Automation
+
+This step is currently manual as I have few hosts that I need ssh for. The most common tool for automation would be Ansible. But this would only be useful for my RaspberyPis and I plan to migrate those to Talos and Kubernetes in the future.
+
+## Renew Client Certificate
+
+Sign the client cert, on your machine, with the Vault CA.
+```bash
+vault write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub
+```
+
+I added the following to my .zshrc to make this easier. So now I just run "vault-renew" before I need to ssh.
+```
+# Vault
+export VAULT_ADDR="https://vault.alexlebens.net"
+alias vault-renew='vault write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub'
+```
+
+### View Cert Details
+
+For troubleshooting purposes or clafification use the follow to inspect the cert.
+```bash
+ssh-keygen -Lf ~/.ssh/id_rsa_host-cert.pub
+```

src/content/docs/index.mdx

@@ -1,7 +1,6 @@
 ---
 title: Documentation for my Homelab
 description: Guides and reference for my homelab infrastructure.
-template: splash
 hero:
   tagline: Guides and reference for my homelab infrastructure.
   image:

src/pages/robots.txt.ts

@@ -0,0 +1,14 @@
+// https://docs.astro.build/en/guides/integrations-guide/sitemap/#usage
+import type { APIRoute } from 'astro';
+
+const getRobotsTxt = (sitemapURL: URL) => `\
+User-agent: *
+Allow: /
+
+Sitemap: ${sitemapURL.href}
+`;
+
+export const GET: APIRoute = ({ site }) => {
+  const sitemapURL = new URL('sitemap-index.xml', site);
+  return new Response(getRobotsTxt(sitemapURL));
+};