chore(release): 0.35.0 [skip ci]

# [0.35.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.34.0...0.35.0) (2026-05-22)

### Bug Fixes

* **deps:** update dependency astro to v6.3.5 ([83028c6](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/83028c60ad916354be48c8045c5e85e02b78a640))
* **deps:** update dependency astro to v6.3.6 ([653a240](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/653a240d33d902d7dad4863a771a6342a4372742))
* **deps:** update dependency astro to v6.3.7 ([650f59f](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/650f59f43041ea4fb76ac64262d81a611b051c4a))

### Features

* add vault restore doc ([a7ab7b3](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/a7ab7b398a877a987fae1f816d1121394ba6266d))

.gitea/workflows/release-image.yaml

@@ -9,7 +9,7 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-js
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v6.0.2
@@ -19,7 +19,7 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v6.4.0
         with:
-          node-version: 24.15.0
+          node-version: 24.16.0
 
       - name: Set up Bun
         uses: oven-sh/setup-bun@v2.2.0
@@ -61,7 +61,7 @@ jobs:
           image: true
 
   guarddog:
-    runs-on: ubuntu-js
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v6.0.2
@@ -99,7 +99,7 @@ jobs:
 
   semantic-release:
     needs: [ build, guarddog ]
-    runs-on: ubuntu-js
+    runs-on: ubuntu-latest
     outputs:
       new-release-published: ${{ steps.semantic.outputs.new-release-published }}
       new-release-version: ${{ steps.semantic.outputs.new-release-version }}
@@ -114,7 +114,7 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v6.4.0
         with:
-          node-version: 24.15.0
+          node-version: 24.16.0
 
       - name: Set up Bun
         uses: oven-sh/setup-bun@v2.2.0
@@ -134,7 +134,7 @@ jobs:
           bun run semantic-release
 
   release-harbor:
-    runs-on: ubuntu-js
+    runs-on: ubuntu-latest
     needs: semantic-release
     if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
     steps:
@@ -144,14 +144,14 @@ jobs:
           ref: release
 
       - name: Login to Harbor Registry
-        uses: docker/login-action@v4.1.0
+        uses: docker/login-action@v4.2.0
         with:
           registry: ${{ vars.REGISTRY_HOST }}
           username: ${{ vars.REGISTRY_USER }}
           password: ${{ secrets.REGISTRY_SECRET }}
 
       - name: Login to Docker
-        uses: docker/login-action@v4.1.0
+        uses: docker/login-action@v4.2.0
         with:
           registry: ${{ vars.DH_REGISTRY }}
           username: ${{ secrets.DH_USERNAME }}
@@ -164,7 +164,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v4.0.0
+        uses: docker/setup-buildx-action@v4.1.0
         with:
           driver: kubernetes
           driver-opts: |
@@ -179,7 +179,7 @@ jobs:
 
       - name: Extract Metadata
         id: meta
-        uses: docker/metadata-action@v6.0.0
+        uses: docker/metadata-action@v6.1.0
         with:
           images: |
             ${{ vars.REGISTRY_HOST }}/images/site-documentation
@@ -192,7 +192,7 @@ jobs:
             type=semver,pattern={{major}},value=${{ needs.semantic-release.outputs.new-release-version }}
 
       - name: Build and Push Image
-        uses: docker/build-push-action@v7.1.0
+        uses: docker/build-push-action@v7.2.0
         with:
           context: .
           push: true
@@ -236,7 +236,7 @@ jobs:
           image: true
 
   release-gitea:
-    runs-on: ubuntu-js
+    runs-on: ubuntu-latest
     needs: [ semantic-release, release-harbor ]
     if: |
       always() && 
@@ -248,14 +248,14 @@ jobs:
           ref: release
 
       - name: Login to Gitea Registry
-        uses: docker/login-action@v4.1.0
+        uses: docker/login-action@v4.2.0
         with:
           registry: ${{ vars.REPOSITORY_HOST }}
           username: ${{ gitea.actor }}
           password: ${{ secrets.REPOSITORY_TOKEN }}
 
       - name: Login to Docker
-        uses: docker/login-action@v4.1.0
+        uses: docker/login-action@v4.2.0
         with:
           registry: ${{ vars.DH_REGISTRY }}
           username: ${{ secrets.DH_USERNAME }}
@@ -268,7 +268,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v4.0.0
+        uses: docker/setup-buildx-action@v4.1.0
         with:
           driver: kubernetes
           driver-opts: |
@@ -283,7 +283,7 @@ jobs:
 
       - name: Extract Metadata
         id: meta
-        uses: docker/metadata-action@v6.0.0
+        uses: docker/metadata-action@v6.1.0
         with:
           images: |
             ${{ vars.REPOSITORY_HOST }}/${{ gitea.repository }}
@@ -296,7 +296,7 @@ jobs:
             type=semver,pattern={{major}},value=${{ needs.semantic-release.outputs.new-release-version }}
 
       - name: Build and Push Image
-        uses: docker/build-push-action@v7.1.0
+        uses: docker/build-push-action@v7.2.0
         with:
           context: .
           push: true

.gitea/workflows/test-build.yaml

@@ -14,7 +14,7 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-js
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v6.0.2
@@ -22,7 +22,7 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v6.4.0
         with:
-          node-version: 24.15.0
+          node-version: 24.16.0
 
       - name: Set up Bun
         uses: oven-sh/setup-bun@v2.2.0
@@ -64,7 +64,7 @@ jobs:
           image: true
 
   guarddog:
-    runs-on: ubuntu-js
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v6.0.2

CHANGELOG.md

@@ -1,3 +1,30 @@
+# [0.35.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.34.0...0.35.0) (2026-05-22)
+
+
+### Bug Fixes
+
+* **deps:** update dependency astro to v6.3.5 ([83028c6](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/83028c60ad916354be48c8045c5e85e02b78a640))
+* **deps:** update dependency astro to v6.3.6 ([653a240](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/653a240d33d902d7dad4863a771a6342a4372742))
+* **deps:** update dependency astro to v6.3.7 ([650f59f](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/650f59f43041ea4fb76ac64262d81a611b051c4a))
+
+
+### Features
+
+* add vault restore doc ([a7ab7b3](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/a7ab7b398a877a987fae1f816d1121394ba6266d))
+
+# [0.34.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.33.1...0.34.0) (2026-05-17)
+
+
+### Bug Fixes
+
+* **deps:** update astro monorepo ([3162755](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/3162755c527ee8923e47d657921966c379b0de51))
+
+
+### Features
+
+* add guide for Komodo ([1d5f5e1](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/1d5f5e16e817f716f3efcd09167fe1952091a457))
+* highlight links ([3914e3a](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/3914e3aab3de30cdae73e0e1502444d35bc04657))
+
 ## [0.33.1](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.33.0...0.33.1) (2026-05-13)
 
 

bun.lock

@@ -11,7 +11,7 @@
         "@astrojs/starlight": "0.39.2",
         "@tailwindcss/postcss": "4.3.0",
         "@tailwindcss/vite": "4.3.0",
-        "astro": "6.3.5",
+        "astro": "6.3.7",
         "sanitize-html": "2.17.4",
         "sharp": "0.34.5",
         "starlight-theme-rapide": "0.5.2",
@@ -521,7 +521,7 @@
 
     "astring": ["astring@1.9.0", "", { "bin": { "astring": "bin/astring" } }, "sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg=="],
 
-    "astro": ["astro@6.3.5", "", { "dependencies": { "@astrojs/compiler": "^4.0.0", "@astrojs/internal-helpers": "0.9.1", "@astrojs/markdown-remark": "7.1.2", "@astrojs/telemetry": "3.3.2", "@capsizecss/unpack": "^4.0.0", "@clack/prompts": "^1.1.0", "@oslojs/encoding": "^1.1.0", "@rollup/pluginutils": "^5.3.0", "aria-query": "^5.3.2", "axobject-query": "^4.1.0", "ci-info": "^4.4.0", "clsx": "^2.1.1", "common-ancestor-path": "^2.0.0", "cookie": "^1.1.1", "devalue": "^5.6.3", "diff": "^8.0.3", "dset": "^3.1.4", "es-module-lexer": "^2.0.0", "esbuild": "^0.27.3", "flattie": "^1.1.1", "fontace": "~0.4.1", "get-tsconfig": "5.0.0-beta.4", "github-slugger": "^2.0.0", "html-escaper": "3.0.3", "http-cache-semantics": "^4.2.0", "js-yaml": "^4.1.1", "jsonc-parser": "^3.3.1", "magic-string": "^0.30.21", "magicast": "^0.5.2", "mrmime": "^2.0.1", "neotraverse": "^0.6.18", "obug": "^2.1.1", "p-limit": "^7.3.0", "p-queue": "^9.1.0", "package-manager-detector": "^1.6.0", "piccolore": "^0.1.3", "picomatch": "^4.0.4", "rehype": "^13.0.2", "semver": "^7.7.4", "shiki": "^4.0.2", "smol-toml": "^1.6.0", "svgo": "^4.0.1", "tinyclip": "^0.1.12", "tinyexec": "^1.0.4", "tinyglobby": "^0.2.15", "ultrahtml": "^1.6.0", "unifont": "~0.7.4", "unist-util-visit": "^5.1.0", "unstorage": "^1.17.5", "vfile": "^6.0.3", "vite": "^7.3.2", "vitefu": "^1.1.2", "xxhash-wasm": "^1.1.0", "yargs-parser": "^22.0.0", "zod": "^4.3.6" }, "optionalDependencies": { "sharp": "^0.34.0" }, "bin": { "astro": "./bin/astro.mjs" } }, "sha512-gU+4KedkbTuVgz7YoVAN+9Ftnq0GaYwejxK2NbqDzB0M9dWd0f3kXZBuaM9hzbchRFoRAJfJjFtdX9LK6Ir7ZA=="],
+    "astro": ["astro@6.3.7", "", { "dependencies": { "@astrojs/compiler": "^4.0.0", "@astrojs/internal-helpers": "0.9.1", "@astrojs/markdown-remark": "7.1.2", "@astrojs/telemetry": "3.3.2", "@capsizecss/unpack": "^4.0.0", "@clack/prompts": "^1.1.0", "@oslojs/encoding": "^1.1.0", "@rollup/pluginutils": "^5.3.0", "aria-query": "^5.3.2", "axobject-query": "^4.1.0", "ci-info": "^4.4.0", "clsx": "^2.1.1", "common-ancestor-path": "^2.0.0", "cookie": "^1.1.1", "devalue": "^5.6.3", "diff": "^8.0.3", "dset": "^3.1.4", "es-module-lexer": "^2.0.0", "esbuild": "^0.27.3", "flattie": "^1.1.1", "fontace": "~0.4.1", "get-tsconfig": "5.0.0-beta.4", "github-slugger": "^2.0.0", "html-escaper": "3.0.3", "http-cache-semantics": "^4.2.0", "js-yaml": "^4.1.1", "jsonc-parser": "^3.3.1", "magic-string": "^0.30.21", "magicast": "^0.5.2", "mrmime": "^2.0.1", "neotraverse": "^0.6.18", "obug": "^2.1.1", "p-limit": "^7.3.0", "p-queue": "^9.1.0", "package-manager-detector": "^1.6.0", "piccolore": "^0.1.3", "picomatch": "^4.0.4", "rehype": "^13.0.2", "semver": "^7.7.4", "shiki": "^4.0.2", "smol-toml": "^1.6.0", "svgo": "^4.0.1", "tinyclip": "^0.1.12", "tinyexec": "^1.0.4", "tinyglobby": "^0.2.15", "ultrahtml": "^1.6.0", "unifont": "~0.7.4", "unist-util-visit": "^5.1.0", "unstorage": "^1.17.5", "vfile": "^6.0.3", "vite": "^7.3.2", "vitefu": "^1.1.2", "xxhash-wasm": "^1.1.0", "yargs-parser": "^22.0.0", "zod": "^4.3.6" }, "optionalDependencies": { "sharp": "^0.34.0" }, "bin": { "astro": "./bin/astro.mjs" } }, "sha512-zIeDRrI0qNgN1lcCjNqt6/IVCVej7VwSa326cO8uP9BOk1cg4QuffhLnOn2gCgWQr32/wxpSRFfXiLKHglu1Tw=="],
 
     "astro-eslint-parser": ["astro-eslint-parser@1.4.0", "", { "dependencies": { "@astrojs/compiler": "^2.0.0 || ^3.0.0", "@typescript-eslint/scope-manager": "^7.0.0 || ^8.0.0", "@typescript-eslint/types": "^7.0.0 || ^8.0.0", "astrojs-compiler-sync": "^1.0.0", "debug": "^4.3.4", "entities": "^7.0.0", "eslint-scope": "^8.0.1", "eslint-visitor-keys": "^4.0.0", "espree": "^10.0.0", "fast-glob": "^3.3.3", "is-glob": "^4.0.3", "semver": "^7.3.8" } }, "sha512-+QDcgc7e+au6EZ0YjMmRRjNoQo5bDMlaR45aWDoFsuxQTCM9qmCHRoiKJPELgckJ8Wmr7vcfpa9eCDHBFh6G4w=="],
 

package.json

@@ -1,7 +1,7 @@
 {
   "name": "site-documentation",
   "type": "module",
-  "version": "0.33.1",
+  "version": "0.35.0",
   "scripts": {
     "dev": "astro dev",
     "build": "astro build",
@@ -18,7 +18,7 @@
     "@astrojs/starlight": "0.39.2",
     "@tailwindcss/postcss": "4.3.0",
     "@tailwindcss/vite": "4.3.0",
-    "astro": "6.3.5",
+    "astro": "6.3.7",
     "sanitize-html": "2.17.4",
     "sharp": "0.34.5",
     "starlight-theme-rapide": "0.5.2",

src/content/docs/guides/OpenBao/bao-ssh-ca.mdx

@@ -2,7 +2,7 @@
 title: OpenBao SSH Certificate Authority
 description: Steps followed to enable using OpenBao as a CA for ssh login
 hero:
-  tagline: Steps followed for the v1.12.0 upgrade process
+  tagline: Steps followed to enable using OpenBao as a CA for ssh login
   image:
     file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/openbao.webp
 ---

src/content/docs/guides/OpenBao/secret-store-csi.mdx

@@ -2,7 +2,7 @@
 title: Using Secret Store CSI with OpenBao
 description: Mounting secrets inside pods using Secret Store CSI driver and OpenBao
 hero:
-  tagline: Steps followed to mount the secrets
+  tagline: Mounting secrets inside pods using Secret Store CSI driver and OpenBao
   image:
     file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/openbao.webp
 ---

src/content/docs/guides/Vault/restore-vault.mdx

@@ -0,0 +1,119 @@
+---
+title: Restore Vault Snapshot
+description: Steps followed to restore a raft snapshot of Vault
+hero:
+  tagline: Steps followed to restore a raft snapshot of Vault
+  image:
+    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/vault.webp
+---
+
+import { Aside } from '@astrojs/starlight/components';
+import { Steps } from '@astrojs/starlight/components';
+
+<Aside type="tip">Reference Vault official documentation [here](https://developer.hashicorp.com/vault/docs/sysadmin/snapshots/restore).</Aside>
+
+This guide assumes the snapshot file has already been retrieved from the backup and the purpose is specifically to recover the secrets in the snapshot. These steps can be modified for a full recovery when initializing a new permanent instance.
+
+Along with the snapshot file the unseal keys and root token must also be retrieved to access the data.
+
+## Steps
+
+<Steps>
+1. Create a temp folder to use. Then add a 'snapshot' and 'data' folder inside.
+
+2. Place the '\<name>.snap' file of the snapshot into a 'snapshot' folder.
+
+2. Create a docker compose for running Vault locally using the following example. Place this in the root of the temp folder.
+    ````yaml
+    services:
+        vault:
+        image: hashicorp/vault:latest
+        container_name: vault
+        restart: unless-stopped
+        environment:
+            VAULT_ADDR: "http://127.0.0.1:8200"
+            VAULT_API_ADDR: "http://127.0.0.1:8200"
+            VAULT_CLUSTER_ADDR: "http://127.0.0.1:8201"
+            VAULT_LOCAL_CONFIG: |
+            {
+                "listener": [{
+                    "tcp": {
+                        "address": "0.0.0.0:8200",
+                        "cluster_address": "0.0.0.0:8201",
+                        "tls_disable": 1,
+                    }
+                }],
+                "storage": {
+                    "raft": {
+                        "path": "/vault/data"
+                    }
+                },
+                "disable_mlock": true,
+                "default_lease_ttl": "168h",
+                "max_lease_ttl": "720h",
+                "ui": true
+            }
+        ports:
+            - "8200:8200"
+        volumes:
+            - ./data:/vault/data
+            - ./snapshot:/vault/snapshot
+        cap_add:
+            - IPC_LOCK
+        command: "vault server -config vault/config/local.json"
+    ````
+
+4. The temp folder should now look like the following.
+    ````
+    /temp
+        /snapshot
+            <name>.snap
+        /data
+    ````
+
+5. Open a terminal and change directory to the temp folder.
+
+6. Start the docker container.
+    ````bash
+    docker compose up -d
+    ````
+
+7. Open a shell inside the container.
+    ````bash
+    docker exec -it vault /bin/sh
+    ````
+
+8. First the current Vault instance must be initialized, unsealed, and authenticated to restore the snapshot. Init the instance now.
+    ````bash
+    vault operator init
+    ````
+    The output above will give the unseal keys and the root token. Keep these nearby, but are not necessary to save.
+
+10. Unseal with 3 of the keys by running the following and entering a different key at the prompt each time.
+    ````bash
+    vault operator unseal
+    ````
+
+11. With Vault unsealed now login with the root token.
+    ````bash
+    vault login
+    ````
+
+12. Now with an operational Vault it can accept the restore command.
+    ````bash
+    vault operator raft snapshot restore -force /vault/snapshot/<name>.snap
+    ````
+
+13. The restore will override the previously sealed Vault with the new data. Unseal the restored snapshot with 3 of the snapshot's unseal keys.
+    ````bash
+    vault operator unseal
+    ````
+
+14. With restored Vault unsealed now login with the root token.
+    ````bash
+    vault login
+    ````
+
+15. The UI should be available at 'http://127.0.0.1:8200' and can be logged in with the root token.
+</Steps>
+