chore(release): 0.12.0 [skip ci]

# [0.12.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.11.0...0.12.0) (2026-03-30) ### Features * add more apps ([e13f3e3](e13f3e30e2)) * add more apps ([ef4ff67](ef4ff67818)) * add more apps ([32eacf8](32eacf8df7))
2026-03-30 02:08:01 +00:00
6 changed files with 26 additions and 126 deletions
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -22,7 +22,7 @@ jobs:
          RENOVATE_REPOSITORIES: alexlebens/site-documentation
          RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
          RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}
-          LOG_LEVEL: debug
+          LOG_LEVEL: info
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,12 @@
 # [0.12.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.11.0...0.12.0) (2026-03-30)
 ### Features
 * add more apps ([e13f3e3](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/e13f3e30e2a73a712008f65cc5932cbe1e71adb2))
 * add more apps ([ef4ff67](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/ef4ff67818d2758e21b9f0076519ca9221f74bb0))
 * add more apps ([32eacf8](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/32eacf8df7cd07eaf33a46d9df88e22f22d0cbf6))
 # [0.11.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.10.0...0.11.0) (2026-03-27)
--- a/astro.config.mjs
+++ b/astro.config.mjs
@@ -6,6 +6,8 @@ import sitemap from '@astrojs/sitemap';
 import starlight from "@astrojs/starlight";
 import starlightThemeRapide from 'starlight-theme-rapide'
 import tailwindcss from '@tailwindcss/vite';
 const getSiteURL = () => {
  if (process.env.SITE_URL) {
    return `https://${process.env.SITE_URL}`;
@@ -27,9 +29,6 @@ export default defineConfig({
      customCss: [
        './src/styles/custom.css',
      ],
      expressiveCode: {
        themes: ['vitesse-light', 'vitesse-dark'],
      },      
      social: [
        {
          icon: "external",
@@ -55,9 +54,21 @@ export default defineConfig({
          autogenerate: { directory: "applications" },
        },
      ],
-    })  
+    }),
  ],
  markdown: {
    syntaxHighlight: false,
  },
  plugins: {
    '@tailwindcss/postcss': {},
  },
  vite: {
    plugins: [tailwindcss()],
  },
  output: 'static',
  adapter: node({
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "site-documentation",
  "type": "module",
-  "version": "0.11.0",
+  "version": "0.12.0",
  "scripts": {
    "dev": "astro dev",
    "build": "astro build",
--- a/src/content/docs/applications/homepage.mdx
+++ b/src/content/docs/applications/homepage.mdx
@@ -1,15 +0,0 @@
 ---
 title: Homepage
 description: A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations.
 hero:
  tagline: A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations.
  image:
    file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/homepage.webp
  actions:
    - text: Source
      link: https://github.com/gethomepage/homepage
      icon: right-arrow
    - text: Deployment Chart
      link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/homepage
      icon: right-arrow
 ---
--- a/src/content/docs/guides/vault-ssh-ca.md
+++ b/src/content/docs/guides/vault-ssh-ca.md
@@ -1,105 +0,0 @@
 ---
 title: Vault SSH Certificate Authority
 description: Steps followed to enable using Vault as a CA for ssh login
 ---
 # Setup
 [Reference Vault Documentation](https://developer.hashicorp.com/vault/docs/secrets/ssh/signed-ssh-certificates#host-key-signing)
 I have set the documenation to use my own defaults and configuration. This also assumes a running and active Vault instance.
 ## Enable the SSH CA
 I followed the defaults mostly in the docs, reference the above link for details. Use either root or a role with permissions for the endpoints.
 Start with enabling the mount.
 ```bash
 vault secrets enable -path=ssh-client-signer ssh
 ```
 Generate a key. This will be used only for signing and not for client authentication. Keep it in a secure location, rename the path the key will be written to.
 ```bash
 ssh-keygen -t rsa -C "alexanderlebens@gmail.com"
 ```
 Add the above signing key.
 ```bash
 vault write ssh-client-signer/config/ca private_key="..." public_key="..."
 ```
 ## Create Client Role and Key
 Once the above is complete, create a role to use to sign your own client cert. I used my common username and configurations. This can also be done in the Vault UI.
 ```bash
 vault write ssh-client-signer/roles/alexlebens -<<"EOH"
 {
  "algorithm_signer": "rsa-sha2-256",
  "allow_user_certificates": true,
  "allowed_users": "*",
  "allowed_extensions": "permit-pty,permit-port-forwarding",
  "default_extensions": {
    "permit-pty": ""
  },
  "key_type": "ca",
  "default_user": "alexlebens",
  "ttl": "30m0s"
 }
 EOH
 ```
 ## Create Client Key
 Generate the ssh key to use to authenticate to your hosts. This is the one to keep in ~/.ssh.
 ```bash
 ssh-keygen -t rsa -C "alexanderlebens@gmail.com"
 ```
 ## Configure SSH to use the Key and Cert
 SSH will defailt to using the cert when using the matching name "id_rsa_host-cert.pub" as shown in the renewal certificate section. Use the principal as signed by Vault as the User and set the IdentityFile to the Key as generated above.
 ```
 Host ps08rp
    Hostname 10.232.1.51
    User alexlebens
    IdentityFile ~/.ssh/id_rsa_host
 ```
 # Operations
 ## Prepare Target Host
 Download the public cert from the endpoint.
 ```bash
 curl -o /etc/ssh/trusted-user-ca-keys.pem https://vault.alexlebens.net/v1/ssh-client-signer/public_key
 ```
 Then add that file to the sshd config.
 ```
 TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
 ```
 ### Automation
 This step is currently manual as I have few hosts that I need ssh for. The most common tool for automation would be Ansible. But this would only be useful for my RaspberyPis and I plan to migrate those to Talos and Kubernetes in the future.
 ## Renew Client Certificate
 Sign the client cert, on your machine, with the Vault CA.
 ```bash
 vault write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub
 ```
 I added the following to my .zshrc to make this easier. So now I just run "vault-renew" before I need to ssh.
 ```
 # Vault
 export VAULT_ADDR="https://vault.alexlebens.net"
 alias vault-renew='vault write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub'
 ```
 ### View Cert Details
 For troubleshooting purposes or clafification use the follow to inspect the cert.
 ```bash
 ssh-keygen -Lf ~/.ssh/id_rsa_host-cert.pub
 ```