Update image ghcr.io/siderolabs/kubelet to v1.31.1

2024-10-11 15:03:32 +00:00
101 changed files with 194 additions and 445 deletions
--- a/.archive/ai/stable-diffusion/comfyui/helmrelease.yaml
+++ b/.archive/ai/stable-diffusion/comfyui/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/.archive/default/nicehash/ks.yaml
+++ b/.archive/default/nicehash/ks.yaml
@ -20,6 +20,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/.renovate/autoMerge.json5
+++ b/.renovate/autoMerge.json5
@ -7,7 +7,7 @@
      "automerge": true,
      "automergeType": "branch",
      "matchUpdateTypes": ["digest"],
-      "matchPackagePrefixes": ["ghcr.io/onedr0p", "ghcr.io/bjw-s", "ghcr.io/bjw-s-labs"],
+      "matchPackagePrefixes": ["ghcr.io/onedr0p", "ghcr.io/bjw-s"],
      "ignoreTests": true
    },
    {
--- a/kubernetes/apps/ai/ollama/app/helmrelease.yaml
+++ b/kubernetes/apps/ai/ollama/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -35,7 +35,7 @@ spec:
          app:
            image:
              repository: docker.io/ollama/ollama
-              tag: 0.3.13
+              tag: 0.3.12
            env:
              - name: OLLAMA_HOST
                value: 0.0.0.0
--- a/kubernetes/apps/ai/ollama/ks.yaml
+++ b/kubernetes/apps/ai/ollama/ks.yaml
@ -22,6 +22,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/ai/open-webui/app/helmrelease.yaml
+++ b/kubernetes/apps/ai/open-webui/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/ai/open-webui/ks.yaml
+++ b/kubernetes/apps/ai/open-webui/ks.yaml
@ -20,6 +20,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/cert-manager/webhook-dnsimple/app/helmrelease.yaml
+++ b/kubernetes/apps/cert-manager/webhook-dnsimple/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml
+++ b/kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/coder/coder/ks.yaml
+++ b/kubernetes/apps/coder/coder/ks.yaml
@ -20,4 +20,5 @@ spec:
    name: theshire
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml
+++ b/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml
@ -39,7 +39,7 @@ spec:
      metadata:
        labels:
          app.kubernetes.io/name: crunchy-postgres
-      replicas: &replica 2
+      replicas: &replica 1
      dataVolumeClaimSpec:
        storageClassName: openebs-hostpath
        accessModes:
--- a/kubernetes/apps/database/crunchy-postgres-operator/operator/helmrelease.yaml
+++ b/kubernetes/apps/database/crunchy-postgres-operator/operator/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: pgo
-      version: 5.7.0
+      version: 5.6.1
      sourceRef:
        kind: HelmRepository
        name: crunchydata
--- a/kubernetes/apps/database/dragonfly/cluster/dragonfly.yaml
+++ b/kubernetes/apps/database/dragonfly/cluster/dragonfly.yaml
@ -5,7 +5,7 @@ kind: Dragonfly
 metadata:
  name: dragonfly
 spec:
-  image: ghcr.io/dragonflydb/dragonfly:v1.24.0
+  image: ghcr.io/dragonflydb/dragonfly:v1.23.2
  replicas: 3
  env:
    - name: MAX_MEMORY
--- a/kubernetes/apps/database/dragonfly/ks.yaml
+++ b/kubernetes/apps/database/dragonfly/ks.yaml
@ -19,6 +19,7 @@ spec:
    name: theshire
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
@ -41,4 +42,5 @@ spec:
    name: theshire
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/database/emqx/app/externalsecret.yaml
+++ b/kubernetes/apps/database/emqx/app/externalsecret.yaml
@ -44,17 +44,17 @@ spec:
            {
              "user_id": "tasmota",
              "password": "{{ .x_emqx_tasmota_password }}",
-              "is_superuser": true
+              "is_superuser": true # Until I can figure out authorization in emqx
            },
            {
              "user_id": "zwave",
              "password": "{{ .x_emqx_homeassistant_password }}",
-              "is_superuser": true
+              "is_superuser": true # Until I can figure out authorization in emqx
            },
            {
              "user_id": "zwave",
              "password": "{{ .x_emqx_zwave_password }}",
-              "is_superuser": true
+              "is_superuser": true # Until I can figure out authorization in emqx
            }
          ]
--- a/kubernetes/apps/database/emqx/app/helmrelease.yaml
+++ b/kubernetes/apps/database/emqx/app/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: emqx-operator
-      version: 2.2.25
+      version: 2.2.24
      sourceRef:
        kind: HelmRepository
        name: emqx
--- a/kubernetes/apps/database/emqx/cluster/cluster.yaml
+++ b/kubernetes/apps/database/emqx/cluster/cluster.yaml
@ -5,7 +5,7 @@ kind: EMQX
 metadata:
  name: emqx
 spec:
-  image: public.ecr.aws/emqx/emqx:5.8.1
+  image: public.ecr.aws/emqx/emqx:5.8.0
  config:
    mode: Merge
  coreTemplate:
--- a/kubernetes/apps/database/emqx/ks.yaml
+++ b/kubernetes/apps/database/emqx/ks.yaml
@ -19,6 +19,7 @@ spec:
    name: theshire
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
@ -41,4 +42,5 @@ spec:
    name: theshire
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/default/atuin/ks.yaml
+++ b/kubernetes/apps/default/atuin/ks.yaml
@ -20,6 +20,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/autobrr/ks.yaml
+++ b/kubernetes/apps/default/autobrr/ks.yaml
@ -20,6 +20,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/excalidraw/ks.yaml
+++ b/kubernetes/apps/default/excalidraw/ks.yaml
@ -17,6 +17,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/home-assistant/app/helmrelease.yaml
+++ b/kubernetes/apps/default/home-assistant/app/helmrelease.yaml
@ -36,7 +36,7 @@ spec:
          app:
            image:
              repository: ghcr.io/onedr0p/home-assistant
-              tag: 2024.10.2@sha256:65cdf4722e85785a67842810e1c747e42aca4650262a3eb9649ccab3246fc5d3
+              tag: 2024.10.1@sha256:04614835418d2bdacd64685b516e58e7c5446f72485d446e7635282ba1a06c43
            env:
              TZ: America/Chicago
            envFrom:
--- a/kubernetes/apps/default/home-assistant/ks.yaml
+++ b/kubernetes/apps/default/home-assistant/ks.yaml
@ -19,6 +19,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/it-tools/ks.yaml
+++ b/kubernetes/apps/default/it-tools/ks.yaml
@ -17,6 +17,7 @@ spec:
    name: theshire
  wait: false # no flux ks dependents
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@ -22,7 +22,6 @@ resources:
  - ./recyclarr/ks.yaml
  - ./redlib/ks.yaml
  - ./sabnzbd/ks.yaml
  - ./scrypted/ks.yaml
  - ./searxng/ks.yaml
  - ./sonarr/ks.yaml
  - ./tautulli/ks.yaml
--- a/kubernetes/apps/default/linkwarden/app/helmrelease.yaml
+++ b/kubernetes/apps/default/linkwarden/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/linkwarden/app/kustomization.yaml
+++ b/kubernetes/apps/default/linkwarden/app/kustomization.yaml
@ -3,7 +3,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./externalsecret.yaml
  - ./helmrelease.yaml
  - ../../../../templates/gatus/internal
  - ../../../../templates/volsync
  - ./externalsecret.yaml
  - ./helmrelease.yaml
--- a/kubernetes/apps/default/linkwarden/ks.yaml
+++ b/kubernetes/apps/default/linkwarden/ks.yaml
@ -22,6 +22,7 @@ spec:
    name: theshire
  wait: false # no flux ks dependents
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/maintainerr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/maintainerr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/maintainerr/app/kustomization.yaml
+++ b/kubernetes/apps/default/maintainerr/app/kustomization.yaml
@ -5,4 +5,4 @@ kind: Kustomization
 resources:
  - ./helmrelease.yaml
  - ../../../../templates/volsync
-  - ../../../../templates/gatus/internal
+  # - ../../../../templates/gatus/internal
--- a/kubernetes/apps/default/omegabrr/ks.yaml
+++ b/kubernetes/apps/default/omegabrr/ks.yaml
@ -19,6 +19,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/overseerr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/overseerr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/overseerr/ks.yaml
+++ b/kubernetes/apps/default/overseerr/ks.yaml
@ -20,6 +20,7 @@ spec:
    - name: volsync
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/piped/app/helmrelease.yaml
+++ b/kubernetes/apps/default/piped/app/helmrelease.yaml
@ -18,11 +18,6 @@ spec:
  values:
    defaultPodOptions:
      automountServiceAccountToken: false
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        fsGroupChangePolicy: "OnRootMismatch"
    controllers:
      backend:
@ -30,6 +25,13 @@ spec:
        annotations:
          secret.reloader.stakater.com/reload: piped-secret
        pod:
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            fsGroup: 1000
            fsGroupChangePolicy: "OnRootMismatch"
        containers:
          app:
            image:
@ -56,13 +58,21 @@ spec:
      frontend:
        strategy: RollingUpdate
        pod:
          securityContext:
            runAsUser: 101
            runAsGroup: 101
            fsGroup: 101
            fsGroupChangePolicy: "OnRootMismatch"
        containers:
          app:
            image:
              repository: ghcr.io/bjw-s-labs/piped-frontend
-              tag: 2024.10.17@sha256:2d11886aef42a280e6ee924126882f7bb3593d87f0b27f8d035067cbc29c8edb
+              tag: latest@sha256:c4cb0cfbdf149cdb738fb9e41a5cc748a7ea53053f4c5e036b9f7578d9273328
            env:
              HTTP_PORT: 8080
              HTTP_WORKERS: 4
              BACKEND_HOSTNAME: piped-api.hsn.dev
            probes:
              liveness:
@ -77,19 +87,21 @@ spec:
                memory: 256Mi
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop:
                  - ALL
              readOnlyRootFilesystem: true
      ytproxy:
        strategy: RollingUpdate
        pod:
          securityContext:
            runAsUser: 1000
            runAsGroup: 1000
            fsGroup: 1000
            fsGroupChangePolicy: "OnRootMismatch"
        containers:
          app:
            image:
              repository: 1337kavin/piped-proxy
-              tag: latest@sha256:5d069df4b959eb544eb62d966d11eb2a1e785abcb7e1716a8143e9f02ddfcba7
+              tag: latest@sha256:9872edd2c47c9c33dfa44c334e4cef4e2c6ec91638eb2dcf6ca36b7b3037fd59
            command:
              - /app/piped-proxy
            probes:
--- a/kubernetes/apps/default/plex/ks.yaml
+++ b/kubernetes/apps/default/plex/ks.yaml
@ -19,6 +19,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/onedr0p/prowlarr-develop
-              tag: 1.25.2.4794@sha256:4ff88b9911a9d8232bc1a0065b9423ea631c591c5fe0959effb3b1c093ef4930
+              tag: 1.25.1.4770@sha256:8b59eb7f9e5321b702bdacae3468b63d71720091ba3b0e9dfaca686a7705d2b8
            env:
              # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
              # Ref: https://github.com/dotnet/runtime/issues/9336
--- a/kubernetes/apps/default/prowlarr/ks.yaml
+++ b/kubernetes/apps/default/prowlarr/ks.yaml
@ -20,6 +20,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/radarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/onedr0p/radarr-develop
-              tag: 5.12.2.9335
+              tag: 5.12.0.9255
            env:
              RADARR__APP__INSTANCENAME: Radarr
              RADARR__APP__THEME: dark
--- a/kubernetes/apps/default/radarr/ks.yaml
+++ b/kubernetes/apps/default/radarr/ks.yaml
@ -22,6 +22,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/recyclarr/ks.yaml
+++ b/kubernetes/apps/default/recyclarr/ks.yaml
@ -20,6 +20,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/redlib/app/helmrelease.yaml
+++ b/kubernetes/apps/default/redlib/app/helmrelease.yaml
@ -38,7 +38,7 @@ spec:
          app:
            image:
              repository: quay.io/redlib/redlib
-              tag: latest@sha256:f07a1531d520121e1260bfd9d4b3dbadb26a8ad20a8a7b8639723907160839e4
+              tag: latest@sha256:e61e2535518e0b574f92642612f33f6fbee1aa22b2ff36ee740e26a025bb0039
            env:
              REDLIB_DEFAULT_SHOW_NSFW: on
              REDLIB_DEFAULT_WIDE: on
--- a/kubernetes/apps/default/redlib/ks.yaml
+++ b/kubernetes/apps/default/redlib/ks.yaml
@ -19,6 +19,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
+++ b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/sabnzbd/ks.yaml
+++ b/kubernetes/apps/default/sabnzbd/ks.yaml
@ -21,6 +21,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/scrypted/app/helmrelease.yaml
+++ b/kubernetes/apps/default/scrypted/app/helmrelease.yaml
@ -1,120 +0,0 @@
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: &app scrypted
 spec:
  interval: 30m
  chart:
    spec:
      chart: app-template
      version: 3.5.1
      interval: 30m
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
  values:
    controllers:
      scrypted:
        annotations:
          reloader.stakater.com/auto: "true"
        pod:
          nodeSelector:
            google.feature.node.kubernetes.io/coral: "true"
            nvidia.com/gpu.present: "true"
          securityContext:
            supplementalGroups:
              - 568
        containers:
          app:
            image:
              repository: ghcr.io/koush/scrypted
              tag: v0.121.0-jammy-nvidia
            probes:
              liveness:
                enabled: true
              readiness:
                enabled: true
              startup:
                enabled: true
                spec:
                  failureThreshold: 30
                  periodSeconds: 5
            resources:
              requests:
                cpu: 136m
                memory: 1024Mi
              limits:
                nvidia.com/gpu: 1
                memory: 8192Mi
            securityContext:
              privileged: true
    service:
      app:
        controller: *app
        type: LoadBalancer
        annotations:
          io.cilium/lb-ipam-ips: 10.1.1.33
        nameOverride: *app
        ports:
          http:
            port: 11080
            primary: true
          rebroadcast1: # driveway
            port: 39655
          rebroadcast2: # sideyard
            port: 46561
          rebroadcast3: # doorbell
            port: 44759
          homekit: # homekit
            port: 42010
          homekit-bridge: # bridge
            port: 33961
    ingress:
      app:
        className: "internal-nginx"
        annotations:
        hosts:
          - host: &host scrypted.jahanson.tech
            paths:
              - path: /
                service:
                  identifier: app
                  port: http
        tls:
          - hosts:
              - *host
    persistence:
      config:
        existingClaim: scrypted
        advancedMounts:
          scrypted:
            app:
              - path: /server/volume
      cache:
        type: emptyDir
        globalMounts:
          - path: /.cache
      cache-npm:
        type: emptyDir
        globalMounts:
          - path: /.npm
      dev-bus-usb:
        type: hostPath
        hostPath: /dev/bus/usb
        hostPathType: Directory
      sys-bus-usb:
        type: hostPath
        hostPath: /sys/bus/usb
        hostPathType: Directory
      recordings:
        type: nfs
        server: shadowfax.jahanson.tech
        path: /nahar/scrypted
        globalMounts:
          - path: /recordings
--- a/kubernetes/apps/default/scrypted/app/kustomization.yaml
+++ b/kubernetes/apps/default/scrypted/app/kustomization.yaml
@ -1,7 +0,0 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./helmrelease.yaml
  - ../../../../templates/volsync
--- a/kubernetes/apps/default/scrypted/ks.yaml
+++ b/kubernetes/apps/default/scrypted/ks.yaml
@ -1,30 +0,0 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: &appname scrypted
  namespace: flux-system
 spec:
  targetNamespace: default
  commonMetadata:
    labels:
      app.kubernetes.io/name: *appname
  interval: 30m
  timeout: 5m
  path: "./kubernetes/apps/default/scrypted/app"
  prune: true
  sourceRef:
    kind: GitRepository
    name: theshire
  wait: false
  dependsOn:
    - name: rook-ceph-cluster
    - name: volsync
    - name: external-secrets-stores
  postBuild:
    substitute:
      APP: *appname
      APP_UID: "0"
      APP_GID: "0"
      VOLSYNC_CAPACITY: 5Gi
--- a/kubernetes/apps/default/searxng/app/helmrelease.yaml
+++ b/kubernetes/apps/default/searxng/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/searxng/ks.yaml
+++ b/kubernetes/apps/default/searxng/ks.yaml
@ -20,6 +20,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/sonarr/ks.yaml
+++ b/kubernetes/apps/default/sonarr/ks.yaml
@ -22,6 +22,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/tautulli/app/helmrelease.yaml
+++ b/kubernetes/apps/default/tautulli/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/tautulli/tautulli
-              tag: v2.14.6@sha256:f54d2d3a78780c765cd7a10b882474909f50247b5d2d118badaa9c035421effd
+              tag: v2.14.5@sha256:6017b491d8e9100a97391b639fff5824ad36a315c69aae3c9ed78407994a626e
            env:
              TZ: America/Chicago
            command: ["/usr/local/bin/python", "Tautulli.py"]
--- a/kubernetes/apps/default/tautulli/ks.yaml
+++ b/kubernetes/apps/default/tautulli/ks.yaml
@ -20,6 +20,7 @@ spec:
    - name: volsync
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/unpackerr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/unpackerr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/unpackerr/ks.yaml
+++ b/kubernetes/apps/default/unpackerr/ks.yaml
@ -19,4 +19,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/default/zwave/app/helmrelease.yaml
+++ b/kubernetes/apps/default/zwave/app/helmrelease.yaml
@ -36,7 +36,7 @@ spec:
          app:
            image:
              repository: ghcr.io/zwave-js/zwave-js-ui
-              tag: 9.24.0@sha256:ed648be6b058c6aa74abca1868c3ac48cb82b06b22ef0ef4f7ba66dd9d331bfc
+              tag: 9.21.1@sha256:a28eaf01060dbe2fa30045d6b2ac6a31bc34efbebb7aa7d19787929929aea16a
            env:
              TZ: America/Chicago
              PORT: &port 80
--- a/kubernetes/apps/default/zwave/ks.yaml
+++ b/kubernetes/apps/default/zwave/ks.yaml
@ -17,6 +17,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: cilium
-      version: 1.16.3
+      version: 1.16.2
      sourceRef:
        kind: HelmRepository
        name: cilium
--- a/kubernetes/apps/kube-system/cilium/config/l2.yaml
+++ b/kubernetes/apps/kube-system/cilium/config/l2.yaml
@ -7,8 +7,7 @@ metadata:
 spec:
  loadBalancerIPs: true
  # interfaces: ["^enp.*|^eth.*|^ens.*|^eno.*"]
-  interfaces: ["^eno+|^enp+|^bond+"]
+  interfaces: ["^eno+|^enp+"]
  # interfaces: ["^bond+"]
  nodeSelector:
    matchLabels:
      kubernetes.io/os: linux
--- a/kubernetes/apps/kube-system/cilium/ks.yaml
+++ b/kubernetes/apps/kube-system/cilium/ks.yaml
@ -17,6 +17,7 @@ spec:
    name: theshire
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
@ -39,4 +40,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kube-system/coredns/ks.yaml
+++ b/kubernetes/apps/kube-system/coredns/ks.yaml
@ -17,4 +17,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kube-system/fstrim/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/fstrim/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/kube-system/fstrim/ks.yaml
+++ b/kubernetes/apps/kube-system/fstrim/ks.yaml
@ -17,4 +17,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: kubelet-csr-approver
-      version: 1.2.3
+      version: 1.2.2
      sourceRef:
        kind: HelmRepository
        name: postfinance
--- a/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml
@ -17,4 +17,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: node-feature-discovery
-      version: 0.16.5
+      version: 0.16.4
      sourceRef:
        kind: HelmRepository
        name: kubernetes-sigs-nfd
--- a/kubernetes/apps/kube-system/node-feature-discovery/rules/googlecoral.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/rules/googlecoral.yaml
@ -1,16 +0,0 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
 apiVersion: nfd.k8s-sigs.io/v1alpha1
 kind: NodeFeatureRule
 metadata:
  name: google-coral-device
 spec:
  rules:
    - # Google Coral USB Accelerator
      name: google.coral
      labels:
        google.feature.node.kubernetes.io/coral: "true"
      matchFeatures:
        - feature: usb.device
          matchExpressions:
            vendor: {op: In, value: ["1a6e", "18d1"]}
--- a/kubernetes/apps/kube-system/node-feature-discovery/rules/nvidia.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/rules/nvidia.yaml
@ -1,5 +1,5 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
 ---
 apiVersion: nfd.k8s-sigs.io/v1alpha1
 kind: NodeFeatureRule
 metadata:
--- a/kubernetes/apps/kube-system/rocky-nenya.yaml
+++ b/kubernetes/apps/kube-system/rocky-nenya.yaml
@ -4,13 +4,13 @@ metadata:
  name: rocky-nenya
  namespace: kube-system
 spec:
-  nodeName: shadowfax-01
+  #  nodeName: nenya
  containers:
    - name: rocky
      image: rockylinux:9
      securityContext:
        privileged: true
-      command: ["/bin/bash", "-c", "dnf install -y iputils dnsutils && while true; do sleep 10; done"]
+      command: ["/bin/bash", "-c", "while true; do sleep 10; done"]
      resources:
        requests:
          cpu: 100m
--- a/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: spegel
-      version: v0.0.27
+      version: v0.0.26
      sourceRef:
        kind: HelmRepository
        name: spegel-org
--- a/kubernetes/apps/kube-system/spegel/ks.yaml
+++ b/kubernetes/apps/kube-system/spegel/ks.yaml
@ -17,4 +17,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
+++ b/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
@ -66,7 +66,6 @@ spec:
                - ""
              resources:
                - pods
                - nodes
              verbs:
                - create
                - update
@ -79,114 +78,3 @@ spec:
            matchLabels:
              app.kubernetes.io/instance: kyverno
              app.kubernetes.io/component: kyverno
    config:
      # -- Resource types to be skipped by the Kyverno policy engine.
      # Make sure to surround each entry in quotes so that it doesn't get parsed as a nested YAML list.
      # These are joined together without spaces, run through `tpl`, and the result is set in the config map.
      # @default -- See [values.yaml](https://github.com/kyverno/kyverno/blob/ed1906a0dc281c2aeb9b7046b843708825310330/charts/kyverno/values.yaml#L207C3-L316C1)
      resourceFilters:
        - '[Event,*,*]'
        - '[*/*,kube-system,*]'
        - '[*/*,kube-public,*]'
        - '[*/*,kube-node-lease,*]'
        - '[Node,*,*]'
        - '[Node/*,*,*]'
        - '[APIService,*,*]'
        - '[APIService/*,*,*]'
        - '[TokenReview,*,*]'
        - '[SubjectAccessReview,*,*]'
        - '[SelfSubjectAccessReview,*,*]'
        # remove the following to allow for schematic-to-pod.yaml to work
        # - '[Binding,*,*]'
        # - '[Pod/binding,*,*]'
        - '[ReplicaSet,*,*]'
        - '[ReplicaSet/*,*,*]'
        - '[EphemeralReport,*,*]'
        - '[ClusterEphemeralReport,*,*]'
        # exclude resources from the chart
        - '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}]'
        - '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}:core]'
        - '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}:additional]'
        - '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}]'
        - '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}:core]'
        - '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}:additional]'
        - '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}]'
        - '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}:core]'
        - '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}:additional]'
        - '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}]'
        - '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}:core]'
        - '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}:additional]'
        - '[ClusterRoleBinding,*,{{ template "kyverno.admission-controller.roleName" . }}]'
        - '[ClusterRoleBinding,*,{{ template "kyverno.background-controller.roleName" . }}]'
        - '[ClusterRoleBinding,*,{{ template "kyverno.cleanup-controller.roleName" . }}]'
        - '[ClusterRoleBinding,*,{{ template "kyverno.reports-controller.roleName" . }}]'
        - '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceAccountName" . }}]'
        - '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceAccountName" . }}]'
        - '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.serviceAccountName" . }}]'
        - '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.serviceAccountName" . }}]'
        - '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.serviceAccountName" . }}]'
        - '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.serviceAccountName" . }}]'
        - '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.serviceAccountName" . }}]'
        - '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.serviceAccountName" . }}]'
        - '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.roleName" . }}]'
        - '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.roleName" . }}]'
        - '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.roleName" . }}]'
        - '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.roleName" . }}]'
        - '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.roleName" . }}]'
        - '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.roleName" . }}]'
        - '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.roleName" . }}]'
        - '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.roleName" . }}]'
        - '[ConfigMap,{{ include "kyverno.namespace" . }},{{ template "kyverno.config.configMapName" . }}]'
        - '[ConfigMap,{{ include "kyverno.namespace" . }},{{ template "kyverno.config.metricsConfigMapName" . }}]'
        - '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
        - '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
        - '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
        - '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
        - '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
        - '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
        - '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
        - '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
        - '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}-*]'
        - '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}-*]'
        - '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-*]'
        - '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-*]'
        - '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-*]'
        - '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-*]'
        - '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-*]'
        - '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-*]'
        - '[Job,{{ include "kyverno.namespace" . }},{{ template "kyverno.fullname" . }}-hook-pre-delete]'
        - '[Job/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.fullname" . }}-hook-pre-delete]'
        - '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
        - '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
        - '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
        - '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
        - '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
        - '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
        - '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
        - '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
        - '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
        - '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
        - '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
        - '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
        - '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
        - '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
        - '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
        - '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}]'
        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}]'
        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}-metrics]'
        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}-metrics]'
        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-metrics]'
        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-metrics]'
        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-metrics]'
        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-metrics]'
        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-metrics]'
        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-metrics]'
        - '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.admission-controller.name" . }}]'
        - '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.background-controller.name" . }}]'
        - '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.cleanup-controller.name" . }}]'
        - '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.reports-controller.name" . }}]'
        - '[Secret,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}.{{ template "kyverno.namespace" . }}.svc.*]'
        - '[Secret,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}.{{ template "kyverno.namespace" . }}.svc.*]'
--- a/kubernetes/apps/kyverno/kyverno/ks.yaml
+++ b/kubernetes/apps/kyverno/kyverno/ks.yaml
@ -13,6 +13,7 @@ spec:
    name: theshire
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
@ -31,4 +32,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/network/cloudflared/app/helmrelease.yaml
+++ b/kubernetes/apps/network/cloudflared/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -36,7 +36,7 @@ spec:
          app:
            image:
              repository: docker.io/cloudflare/cloudflared
-              tag: 2024.10.0@sha256:060f16531b1ed6dcb382cd2b35d1a845f8dbcb445003b9ec48eef0078cb08bf4
+              tag: 2024.9.1@sha256:0b88e00d8f93f9d18197f11506f0f6bf0d9266b5a0361c068930a3fe45b68b72
            env:
              NO_AUTOUPDATE: "true"
              TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json
--- a/kubernetes/apps/network/cloudflared/ks.yaml
+++ b/kubernetes/apps/network/cloudflared/ks.yaml
@ -22,4 +22,5 @@ spec:
    name: theshire
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/network/echo-server/app/helmrelease.yaml
+++ b/kubernetes/apps/network/echo-server/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml
+++ b/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: ingress-nginx
-      version: 4.11.3
+      version: 4.11.2
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
--- a/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml
+++ b/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: ingress-nginx
-      version: 4.11.3
+      version: 4.11.2
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
--- a/kubernetes/apps/observability/alertmanager/ks.yaml
+++ b/kubernetes/apps/observability/alertmanager/ks.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
@ -21,24 +21,3 @@ spec:
  dependsOn:
    - name: external-secrets-stores
    - name: rook-ceph-cluster
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: &app alertmanager-silencer
  namespace: flux-system
 spec:
  targetNamespace: observability
  commonMetadata:
    labels:
      app.kubernetes.io/name: *app
  path: "./kubernetes/apps/observability/alertmanager/silencer"
  prune: true
  sourceRef:
    kind: GitRepository
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/observability/alertmanager/silencer/helmrelease.yaml
+++ b/kubernetes/apps/observability/alertmanager/silencer/helmrelease.yaml
@ -1,57 +0,0 @@
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: alertmanager-silencer
 spec:
  interval: 30m
  chart:
    spec:
      chart: app-template
      version: 3.5.1
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
      strategy: rollback
  dependsOn:
    - name: alertmanager
      namespace: observability
  values:
    controllers:
      alertmanager-silencer:
        type: cronjob
        cronjob:
          schedule: "@daily"
        containers:
          app:
            image:
              repository: ghcr.io/onedr0p/kubanetics
              tag: 2024.10.6
            env:
              SCRIPT_NAME: alertmanager-silencer.sh
              ALERTMANAGER_URL: http://alertmanager.observability.svc.cluster.local:9093
              MATCHERS_0: alertname=CephPGImbalance job=rook-ceph-exporter
              MATCHERS_1: alertname=CephMonClockSkew job=rook-ceph-mgr
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities: { drop: ["ALL"] }
            resources:
              requests:
                cpu: 25m
              limits:
                memory: 128Mi
        pod:
          securityContext:
            runAsUser: 568
            runAsGroup: 568
            runAsNonRoot: true
--- a/kubernetes/apps/observability/alertmanager/silencer/kustomization.yaml
+++ b/kubernetes/apps/observability/alertmanager/silencer/kustomization.yaml
@ -1,6 +0,0 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./helmrelease.yaml
--- a/kubernetes/apps/observability/gatus/app/helmrelease.yaml
+++ b/kubernetes/apps/observability/gatus/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/observability/gatus/app/resources/config.yml
+++ b/kubernetes/apps/observability/gatus/app/resources/config.yml
@ -35,6 +35,16 @@ endpoints:
      - "[STATUS] == 200"
    alerts:
      - type: pushover
  # - name: Umami
  #   group: external
  #   url: https://umi.hsn.dev/script.js
  #   interval: 1m
  #   client:
  #     dns-resolver: tcp://1.1.1.1:53
  #   conditions:
  #     - "[STATUS] == 200"
  #   alerts:
  #     - type: pushover
  - name: Nextcloud External
    group: external
    url: https://nc.hsn.dev
@ -68,6 +78,16 @@ endpoints:
      - "[STATUS] == 200"
    alerts:
      - type: pushover
  - name: Gollum
    group: internal
    url: http://gollum.jahanson.tech
    interval: 1m
    client:
      dns-resolver: tcp://10.1.1.1:53
    conditions:
      - "[STATUS] == 200"
    alerts:
      - type: pushover
  - name: Nextcloud Internal
    group: internal
    url: https://nc.hsn.dev
@ -81,3 +101,34 @@ endpoints:
      - "[STATUS] == 200"
    alerts:
      - type: pushover
  ### No clue why icmp is not working.
  # - name: Shadowfax
  #   group: internal
  #   url: icmp://shadowfax.jahanson.tech
  #   interval: 1m
  #   client:
  #     dns-resolver: tcp://10.1.1.1:53
  #   conditions:
  #     - "[CONNECTED] == true"
  #   alerts:
  #     - type: pushover
  # - name: Gandalf
  #   group: internal
  #   url: icmp://gandalf.jahanson.tech
  #   interval: 1m
  #   client:
  #     dns-resolver: tcp://10.1.1.1:53
  #   conditions:
  #     - "[CONNECTED] == true"
  #   alerts:
  #     - type: pushover
  # - name: Home Assistant
  #   group: internal
  #   url: icmp://hass.jahanson.tech
  #   interval: 1m
  #   client:
  #     dns-resolver: tcp://10.1.1.1:53
  #   conditions:
  #     - "[CONNECTED] == true"
  #   alerts:
  #     - type: pushover
--- a/kubernetes/apps/observability/gatus/ks.yaml
+++ b/kubernetes/apps/observability/gatus/ks.yaml
@ -20,6 +20,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml
+++ b/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml
@ -17,4 +17,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/observability/victoria-metrics/ks.yaml
+++ b/kubernetes/apps/observability/victoria-metrics/ks.yaml
@ -17,6 +17,7 @@ spec:
    name: theshire
  wait: true
  interval: 30m
  retryInterval: 1m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
@ -39,3 +40,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
--- a/kubernetes/apps/openebs-system/openebs/ks.yaml
+++ b/kubernetes/apps/openebs-system/openebs/ks.yaml
@ -17,4 +17,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml
+++ b/kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -35,7 +35,7 @@ spec:
          app:
            image:
              repository: ghcr.io/cross-seed/cross-seed
-              tag: 6.0.0-42@sha256:d8828453010135f7b38e30bdda2965b3399c07d6e78efa22cbdaf7d3c6f6d43d
+              tag: 6.0.0-39@sha256:d871f4204840cb67fec4d417bd4cc5b3fe42abd98aa0f3304b309e410c02f40b
            env:
              TZ: America/Chicago
            args: ["daemon"]
--- a/kubernetes/apps/qbittorrent/cross-seed/ks.yaml
+++ b/kubernetes/apps/qbittorrent/cross-seed/ks.yaml
@ -19,6 +19,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/qbittorrent/flood/ks.yaml
+++ b/kubernetes/apps/qbittorrent/flood/ks.yaml
@ -22,6 +22,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml
+++ b/kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/qbittorrent/qbittorrent/ks.yaml
+++ b/kubernetes/apps/qbittorrent/qbittorrent/ks.yaml
@ -47,4 +47,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml
+++ b/kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml
@ -39,7 +39,7 @@ spec:
          tagging: &container
            image:
              repository: ghcr.io/buroa/qbtools
-              tag: v0.19.3@sha256:ac16aa76a78d3ece395f3e037defaf48328f73f4f83afc9c772bf814b9ded56e
+              tag: v0.19.2@sha256:98b84b4b0e1e5f4fcff3cd2e6b5c5fe2168d415bccd38169dc80b161139c955f
            env:
              TZ: *timeZone
              POD_NAMESPACE:
--- a/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: rook-ceph
-      version: v1.15.4
+      version: v1.15.3
      sourceRef:
        kind: HelmRepository
        name: rook-ceph
--- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: rook-ceph-cluster
-      version: v1.15.4
+      version: v1.15.3
      sourceRef:
        kind: HelmRepository
        name: rook-ceph
--- a/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml
@ -17,6 +17,7 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
@ -37,4 +38,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 15m
--- a/kubernetes/apps/system-upgrade/system-upgrade-controller/ks.yaml
+++ b/kubernetes/apps/system-upgrade/system-upgrade-controller/ks.yaml
@ -47,4 +47,4 @@ spec:
      # renovate: datasource=docker depName=ghcr.io/siderolabs/installer
      TALOS_VERSION: v1.8.1
      # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
-      KUBERNETES_VERSION: v1.30.2
+      KUBERNETES_VERSION: v1.31.1
--- a/kubernetes/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml
+++ b/kubernetes/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml
@ -21,6 +21,15 @@ spec:
      - key: feature.node.kubernetes.io/system-os_release.VERSION_ID
        operator: NotIn
        values: ["${TALOS_VERSION}"]
      - key: kubernetes.io/hostname
        operator: NotIn
        values: ["gandalf-01", "shadowfax-01"]
      # - key: factory.talos.dev/schematic-id.part-0
      #   operator: In
      #   values: ["${TALOS_SCHEMATIC_ID:0:32}"]
      # - key: factory.talos.dev/schematic-id.part-1
      #   operator: In
      #   values: ["${TALOS_SCHEMATIC_ID:32}"]
  tolerations:
    - key: CriticalAddonsOnly
      operator: Exists
@ -47,5 +56,5 @@ spec:
    args:
      - --nodes=$(NODE_IP)
      - upgrade
-      - --image=factory.talos.dev/installer/$(TALOS_SCHEMATIC_ID):$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION)
+      - --image=factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION)
      - --wait=false
--- a/kubernetes/apps/volsync-system/snapshot-controller/ks.yaml
+++ b/kubernetes/apps/volsync-system/snapshot-controller/ks.yaml
@ -17,4 +17,5 @@ spec:
    name: theshire
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/bootstrap/helmfile.yaml
+++ b/kubernetes/bootstrap/helmfile.yaml
@ -23,7 +23,7 @@ releases:
  - name: cilium
    namespace: kube-system
    chart: cilium/cilium
-    version: 1.16.3
+    version: 1.16.2
    values:
      - ../apps/kube-system/cilium/app/helm-values.yml
    needs:
@ -40,7 +40,7 @@ releases:
  - name: kubelet-csr-approver
    namespace: kube-system
    chart: postfinance/kubelet-csr-approver
-    version: 1.2.3
+    version: 1.2.2
    values:
      - ../apps/kube-system/kubelet-csr-approver/app/helm-values.yml
    needs:
@ -50,7 +50,7 @@ releases:
  - name: spegel
    namespace: kube-system
    chart: oci://ghcr.io/spegel-org/helm-charts/spegel
-    version: v0.0.27
+    version: v0.0.26
    values:
      - ../apps/kube-system/spegel/app/helm-values.yml
    needs:
--- a/Show more
+++ b/Show more