silence clock skew

Merge pull request 'Update image ghcr.io/dragonflydb/dragonfly to v1.24.0' (#742 ) from renovate/ghcr.io-dragonflydb-dragonfly-1.x into main
Reviewed-on: #742
2024-10-17 21:32:33 -05:00 · 2024-10-17 21:15:07 -05:00 · 2024-10-17 21:14:33 -05:00 · 2024-10-17 21:14:20 -05:00 · 2024-10-17 20:59:00 -05:00 · 2024-10-17 20:53:49 -05:00
101 changed files with 445 additions and 194 deletions
--- a/.archive/ai/stable-diffusion/comfyui/helmrelease.yaml
+++ b/.archive/ai/stable-diffusion/comfyui/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/.archive/default/nicehash/ks.yaml
+++ b/.archive/default/nicehash/ks.yaml
@ -20,7 +20,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/.renovate/autoMerge.json5
+++ b/.renovate/autoMerge.json5
@ -7,7 +7,7 @@
      "automerge": true,
      "automergeType": "branch",
      "matchUpdateTypes": ["digest"],
-      "matchPackagePrefixes": ["ghcr.io/onedr0p", "ghcr.io/bjw-s"],
+      "matchPackagePrefixes": ["ghcr.io/onedr0p", "ghcr.io/bjw-s", "ghcr.io/bjw-s-labs"],
      "ignoreTests": true
    },
    {
--- a/kubernetes/apps/ai/ollama/app/helmrelease.yaml
+++ b/kubernetes/apps/ai/ollama/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -35,7 +35,7 @@ spec:
          app:
            image:
              repository: docker.io/ollama/ollama
-              tag: 0.3.12
+              tag: 0.3.13
            env:
              - name: OLLAMA_HOST
                value: 0.0.0.0
--- a/kubernetes/apps/ai/ollama/ks.yaml
+++ b/kubernetes/apps/ai/ollama/ks.yaml
@ -22,7 +22,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/ai/open-webui/app/helmrelease.yaml
+++ b/kubernetes/apps/ai/open-webui/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/ai/open-webui/ks.yaml
+++ b/kubernetes/apps/ai/open-webui/ks.yaml
@ -20,7 +20,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/cert-manager/webhook-dnsimple/app/helmrelease.yaml
+++ b/kubernetes/apps/cert-manager/webhook-dnsimple/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml
+++ b/kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/coder/coder/ks.yaml
+++ b/kubernetes/apps/coder/coder/ks.yaml
@ -20,5 +20,4 @@ spec:
    name: theshire
  wait: true
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml
+++ b/kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml
@ -39,7 +39,7 @@ spec:
      metadata:
        labels:
          app.kubernetes.io/name: crunchy-postgres
-      replicas: &replica 1
+      replicas: &replica 2
      dataVolumeClaimSpec:
        storageClassName: openebs-hostpath
        accessModes:
--- a/kubernetes/apps/database/crunchy-postgres-operator/operator/helmrelease.yaml
+++ b/kubernetes/apps/database/crunchy-postgres-operator/operator/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: pgo
-      version: 5.6.1
+      version: 5.7.0
      sourceRef:
        kind: HelmRepository
        name: crunchydata
--- a/kubernetes/apps/database/dragonfly/cluster/dragonfly.yaml
+++ b/kubernetes/apps/database/dragonfly/cluster/dragonfly.yaml
@ -5,7 +5,7 @@ kind: Dragonfly
 metadata:
  name: dragonfly
 spec:
-  image: ghcr.io/dragonflydb/dragonfly:v1.23.2
+  image: ghcr.io/dragonflydb/dragonfly:v1.24.0
  replicas: 3
  env:
    - name: MAX_MEMORY
--- a/kubernetes/apps/database/dragonfly/ks.yaml
+++ b/kubernetes/apps/database/dragonfly/ks.yaml
@ -19,7 +19,6 @@ spec:
    name: theshire
  wait: true
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
@ -42,5 +41,4 @@ spec:
    name: theshire
  wait: true
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/database/emqx/app/externalsecret.yaml
+++ b/kubernetes/apps/database/emqx/app/externalsecret.yaml
@ -44,17 +44,17 @@ spec:
            {
              "user_id": "tasmota",
              "password": "{{ .x_emqx_tasmota_password }}",
-              "is_superuser": true # Until I can figure out authorization in emqx
+              "is_superuser": true
            },
            {
              "user_id": "zwave",
              "password": "{{ .x_emqx_homeassistant_password }}",
-              "is_superuser": true # Until I can figure out authorization in emqx
+              "is_superuser": true
            },
            {
              "user_id": "zwave",
              "password": "{{ .x_emqx_zwave_password }}",
-              "is_superuser": true # Until I can figure out authorization in emqx
+              "is_superuser": true
            }
          ]

--- a/kubernetes/apps/database/emqx/app/helmrelease.yaml
+++ b/kubernetes/apps/database/emqx/app/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: emqx-operator
-      version: 2.2.24
+      version: 2.2.25
      sourceRef:
        kind: HelmRepository
        name: emqx
--- a/kubernetes/apps/database/emqx/cluster/cluster.yaml
+++ b/kubernetes/apps/database/emqx/cluster/cluster.yaml
@ -5,7 +5,7 @@ kind: EMQX
 metadata:
  name: emqx
 spec:
-  image: public.ecr.aws/emqx/emqx:5.8.0
+  image: public.ecr.aws/emqx/emqx:5.8.1
  config:
    mode: Merge
  coreTemplate:
--- a/kubernetes/apps/database/emqx/ks.yaml
+++ b/kubernetes/apps/database/emqx/ks.yaml
@ -19,7 +19,6 @@ spec:
    name: theshire
  wait: true
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
@ -42,5 +41,4 @@ spec:
    name: theshire
  wait: true
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/default/atuin/ks.yaml
+++ b/kubernetes/apps/default/atuin/ks.yaml
@ -20,7 +20,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/autobrr/ks.yaml
+++ b/kubernetes/apps/default/autobrr/ks.yaml
@ -20,7 +20,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/excalidraw/ks.yaml
+++ b/kubernetes/apps/default/excalidraw/ks.yaml
@ -17,7 +17,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/home-assistant/app/helmrelease.yaml
+++ b/kubernetes/apps/default/home-assistant/app/helmrelease.yaml
@ -36,7 +36,7 @@ spec:
          app:
            image:
              repository: ghcr.io/onedr0p/home-assistant
-              tag: 2024.10.1@sha256:04614835418d2bdacd64685b516e58e7c5446f72485d446e7635282ba1a06c43
+              tag: 2024.10.2@sha256:65cdf4722e85785a67842810e1c747e42aca4650262a3eb9649ccab3246fc5d3
            env:
              TZ: America/Chicago
            envFrom:
--- a/kubernetes/apps/default/home-assistant/ks.yaml
+++ b/kubernetes/apps/default/home-assistant/ks.yaml
@ -19,7 +19,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/it-tools/ks.yaml
+++ b/kubernetes/apps/default/it-tools/ks.yaml
@ -17,7 +17,6 @@ spec:
    name: theshire
  wait: false # no flux ks dependents
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@ -22,6 +22,7 @@ resources:
  - ./recyclarr/ks.yaml
  - ./redlib/ks.yaml
  - ./sabnzbd/ks.yaml
+  - ./scrypted/ks.yaml
  - ./searxng/ks.yaml
  - ./sonarr/ks.yaml
  - ./tautulli/ks.yaml
--- a/kubernetes/apps/default/linkwarden/app/helmrelease.yaml
+++ b/kubernetes/apps/default/linkwarden/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/linkwarden/app/kustomization.yaml
+++ b/kubernetes/apps/default/linkwarden/app/kustomization.yaml
@ -3,7 +3,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../../../../templates/gatus/internal
-  - ../../../../templates/volsync
  - ./externalsecret.yaml
  - ./helmrelease.yaml
+  - ../../../../templates/gatus/internal
+  - ../../../../templates/volsync
--- a/kubernetes/apps/default/linkwarden/ks.yaml
+++ b/kubernetes/apps/default/linkwarden/ks.yaml
@ -22,7 +22,6 @@ spec:
    name: theshire
  wait: false # no flux ks dependents
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/maintainerr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/maintainerr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/maintainerr/app/kustomization.yaml
+++ b/kubernetes/apps/default/maintainerr/app/kustomization.yaml
@ -5,4 +5,4 @@ kind: Kustomization
 resources:
  - ./helmrelease.yaml
  - ../../../../templates/volsync
-  # - ../../../../templates/gatus/internal
+  - ../../../../templates/gatus/internal
--- a/kubernetes/apps/default/omegabrr/ks.yaml
+++ b/kubernetes/apps/default/omegabrr/ks.yaml
@ -19,7 +19,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/overseerr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/overseerr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/overseerr/ks.yaml
+++ b/kubernetes/apps/default/overseerr/ks.yaml
@ -20,7 +20,6 @@ spec:
    - name: volsync
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/piped/app/helmrelease.yaml
+++ b/kubernetes/apps/default/piped/app/helmrelease.yaml
@ -18,6 +18,11 @@ spec:
  values:
    defaultPodOptions:
      automountServiceAccountToken: false
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        fsGroupChangePolicy: "OnRootMismatch"

    controllers:
      backend:
@ -25,13 +30,6 @@ spec:
        annotations:
          secret.reloader.stakater.com/reload: piped-secret

-        pod:
-          securityContext:
-            runAsUser: 1000
-            runAsGroup: 1000
-            fsGroup: 1000
-            fsGroupChangePolicy: "OnRootMismatch"
-
        containers:
          app:
            image:
@ -58,21 +56,13 @@ spec:

      frontend:
        strategy: RollingUpdate
-        pod:
-          securityContext:
-            runAsUser: 101
-            runAsGroup: 101
-            fsGroup: 101
-            fsGroupChangePolicy: "OnRootMismatch"

        containers:
          app:
            image:
              repository: ghcr.io/bjw-s-labs/piped-frontend
-              tag: latest@sha256:c4cb0cfbdf149cdb738fb9e41a5cc748a7ea53053f4c5e036b9f7578d9273328
+              tag: 2024.10.17@sha256:2d11886aef42a280e6ee924126882f7bb3593d87f0b27f8d035067cbc29c8edb
            env:
-              HTTP_PORT: 8080
-              HTTP_WORKERS: 4
              BACKEND_HOSTNAME: piped-api.hsn.dev
            probes:
              liveness:
@ -87,21 +77,19 @@ spec:
                memory: 256Mi
            securityContext:
              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+              readOnlyRootFilesystem: true

      ytproxy:
        strategy: RollingUpdate
-        pod:
-          securityContext:
-            runAsUser: 1000
-            runAsGroup: 1000
-            fsGroup: 1000
-            fsGroupChangePolicy: "OnRootMismatch"

        containers:
          app:
            image:
              repository: 1337kavin/piped-proxy
-              tag: latest@sha256:9872edd2c47c9c33dfa44c334e4cef4e2c6ec91638eb2dcf6ca36b7b3037fd59
+              tag: latest@sha256:5d069df4b959eb544eb62d966d11eb2a1e785abcb7e1716a8143e9f02ddfcba7
            command:
              - /app/piped-proxy
            probes:
--- a/kubernetes/apps/default/plex/ks.yaml
+++ b/kubernetes/apps/default/plex/ks.yaml
@ -19,7 +19,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/onedr0p/prowlarr-develop
-              tag: 1.25.1.4770@sha256:8b59eb7f9e5321b702bdacae3468b63d71720091ba3b0e9dfaca686a7705d2b8
+              tag: 1.25.2.4794@sha256:4ff88b9911a9d8232bc1a0065b9423ea631c591c5fe0959effb3b1c093ef4930
            env:
              # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
              # Ref: https://github.com/dotnet/runtime/issues/9336
--- a/kubernetes/apps/default/prowlarr/ks.yaml
+++ b/kubernetes/apps/default/prowlarr/ks.yaml
@ -20,7 +20,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/radarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/onedr0p/radarr-develop
-              tag: 5.12.0.9255
+              tag: 5.12.2.9335
            env:
              RADARR__APP__INSTANCENAME: Radarr
              RADARR__APP__THEME: dark
--- a/kubernetes/apps/default/radarr/ks.yaml
+++ b/kubernetes/apps/default/radarr/ks.yaml
@ -22,7 +22,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/recyclarr/ks.yaml
+++ b/kubernetes/apps/default/recyclarr/ks.yaml
@ -20,7 +20,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/redlib/app/helmrelease.yaml
+++ b/kubernetes/apps/default/redlib/app/helmrelease.yaml
@ -38,7 +38,7 @@ spec:
          app:
            image:
              repository: quay.io/redlib/redlib
-              tag: latest@sha256:e61e2535518e0b574f92642612f33f6fbee1aa22b2ff36ee740e26a025bb0039
+              tag: latest@sha256:f07a1531d520121e1260bfd9d4b3dbadb26a8ad20a8a7b8639723907160839e4
            env:
              REDLIB_DEFAULT_SHOW_NSFW: on
              REDLIB_DEFAULT_WIDE: on
--- a/kubernetes/apps/default/redlib/ks.yaml
+++ b/kubernetes/apps/default/redlib/ks.yaml
@ -19,7 +19,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
+++ b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/sabnzbd/ks.yaml
+++ b/kubernetes/apps/default/sabnzbd/ks.yaml
@ -21,7 +21,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/scrypted/app/helmrelease.yaml
+++ b/kubernetes/apps/default/scrypted/app/helmrelease.yaml
@ -0,0 +1,120 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app scrypted
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+
+  values:
+    controllers:
+      scrypted:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        pod:
+          nodeSelector:
+            google.feature.node.kubernetes.io/coral: "true"
+            nvidia.com/gpu.present: "true"
+          securityContext:
+            supplementalGroups:
+              - 568
+        containers:
+          app:
+            image:
+              repository: ghcr.io/koush/scrypted
+              tag: v0.121.0-jammy-nvidia
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 5
+            resources:
+              requests:
+                cpu: 136m
+                memory: 1024Mi
+              limits:
+                nvidia.com/gpu: 1
+                memory: 8192Mi
+            securityContext:
+              privileged: true
+    service:
+      app:
+        controller: *app
+        type: LoadBalancer
+        annotations:
+          io.cilium/lb-ipam-ips: 10.1.1.33
+        nameOverride: *app
+        ports:
+          http:
+            port: 11080
+            primary: true
+          rebroadcast1: # driveway
+            port: 39655
+          rebroadcast2: # sideyard
+            port: 46561
+          rebroadcast3: # doorbell
+            port: 44759
+          homekit: # homekit
+            port: 42010
+          homekit-bridge: # bridge
+            port: 33961
+
+
+    ingress:
+      app:
+        className: "internal-nginx"
+        annotations:
+        hosts:
+          - host: &host scrypted.jahanson.tech
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        existingClaim: scrypted
+        advancedMounts:
+          scrypted:
+            app:
+              - path: /server/volume
+      cache:
+        type: emptyDir
+        globalMounts:
+          - path: /.cache
+      cache-npm:
+        type: emptyDir
+        globalMounts:
+          - path: /.npm
+      dev-bus-usb:
+        type: hostPath
+        hostPath: /dev/bus/usb
+        hostPathType: Directory
+      sys-bus-usb:
+        type: hostPath
+        hostPath: /sys/bus/usb
+        hostPathType: Directory
+      recordings:
+        type: nfs
+        server: shadowfax.jahanson.tech
+        path: /nahar/scrypted
+        globalMounts:
+          - path: /recordings
--- a/kubernetes/apps/default/scrypted/app/kustomization.yaml
+++ b/kubernetes/apps/default/scrypted/app/kustomization.yaml
@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+  - ../../../../templates/volsync
--- a/kubernetes/apps/default/scrypted/ks.yaml
+++ b/kubernetes/apps/default/scrypted/ks.yaml
@ -0,0 +1,30 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &appname scrypted
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *appname
+  interval: 30m
+  timeout: 5m
+  path: "./kubernetes/apps/default/scrypted/app"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: false
+  dependsOn:
+    - name: rook-ceph-cluster
+    - name: volsync
+    - name: external-secrets-stores
+  postBuild:
+    substitute:
+      APP: *appname
+      APP_UID: "0"
+      APP_GID: "0"
+      VOLSYNC_CAPACITY: 5Gi
--- a/kubernetes/apps/default/searxng/app/helmrelease.yaml
+++ b/kubernetes/apps/default/searxng/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/searxng/ks.yaml
+++ b/kubernetes/apps/default/searxng/ks.yaml
@ -20,7 +20,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/sonarr/ks.yaml
+++ b/kubernetes/apps/default/sonarr/ks.yaml
@ -22,7 +22,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/tautulli/app/helmrelease.yaml
+++ b/kubernetes/apps/default/tautulli/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/tautulli/tautulli
-              tag: v2.14.5@sha256:6017b491d8e9100a97391b639fff5824ad36a315c69aae3c9ed78407994a626e
+              tag: v2.14.6@sha256:f54d2d3a78780c765cd7a10b882474909f50247b5d2d118badaa9c035421effd
            env:
              TZ: America/Chicago
            command: ["/usr/local/bin/python", "Tautulli.py"]
--- a/kubernetes/apps/default/tautulli/ks.yaml
+++ b/kubernetes/apps/default/tautulli/ks.yaml
@ -20,7 +20,6 @@ spec:
    - name: volsync
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/default/unpackerr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/unpackerr/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/default/unpackerr/ks.yaml
+++ b/kubernetes/apps/default/unpackerr/ks.yaml
@ -19,5 +19,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/default/zwave/app/helmrelease.yaml
+++ b/kubernetes/apps/default/zwave/app/helmrelease.yaml
@ -36,7 +36,7 @@ spec:
          app:
            image:
              repository: ghcr.io/zwave-js/zwave-js-ui
-              tag: 9.21.1@sha256:a28eaf01060dbe2fa30045d6b2ac6a31bc34efbebb7aa7d19787929929aea16a
+              tag: 9.24.0@sha256:ed648be6b058c6aa74abca1868c3ac48cb82b06b22ef0ef4f7ba66dd9d331bfc
            env:
              TZ: America/Chicago
              PORT: &port 80
--- a/kubernetes/apps/default/zwave/ks.yaml
+++ b/kubernetes/apps/default/zwave/ks.yaml
@ -17,7 +17,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: cilium
-      version: 1.16.2
+      version: 1.16.3
      sourceRef:
        kind: HelmRepository
        name: cilium
--- a/kubernetes/apps/kube-system/cilium/config/l2.yaml
+++ b/kubernetes/apps/kube-system/cilium/config/l2.yaml
@ -7,7 +7,8 @@ metadata:
 spec:
  loadBalancerIPs: true
  # interfaces: ["^enp.*|^eth.*|^ens.*|^eno.*"]
-  interfaces: ["^eno+|^enp+"]
+  interfaces: ["^eno+|^enp+|^bond+"]
+  # interfaces: ["^bond+"]
  nodeSelector:
    matchLabels:
      kubernetes.io/os: linux
--- a/kubernetes/apps/kube-system/cilium/ks.yaml
+++ b/kubernetes/apps/kube-system/cilium/ks.yaml
@ -17,7 +17,6 @@ spec:
    name: theshire
  wait: true
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
@ -40,5 +39,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kube-system/coredns/ks.yaml
+++ b/kubernetes/apps/kube-system/coredns/ks.yaml
@ -17,5 +17,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kube-system/fstrim/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/fstrim/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/kube-system/fstrim/ks.yaml
+++ b/kubernetes/apps/kube-system/fstrim/ks.yaml
@ -17,5 +17,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: kubelet-csr-approver
-      version: 1.2.2
+      version: 1.2.3
      sourceRef:
        kind: HelmRepository
        name: postfinance
--- a/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml
@ -17,5 +17,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: node-feature-discovery
-      version: 0.16.4
+      version: 0.16.5
      sourceRef:
        kind: HelmRepository
        name: kubernetes-sigs-nfd
--- a/kubernetes/apps/kube-system/node-feature-discovery/rules/googlecoral.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/rules/googlecoral.yaml
@ -0,0 +1,16 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
+apiVersion: nfd.k8s-sigs.io/v1alpha1
+kind: NodeFeatureRule
+metadata:
+  name: google-coral-device
+spec:
+  rules:
+    - # Google Coral USB Accelerator
+      name: google.coral
+      labels:
+        google.feature.node.kubernetes.io/coral: "true"
+      matchFeatures:
+        - feature: usb.device
+          matchExpressions:
+            vendor: {op: In, value: ["1a6e", "18d1"]}
--- a/kubernetes/apps/kube-system/node-feature-discovery/rules/nvidia.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/rules/nvidia.yaml
@ -1,5 +1,5 @@
-# yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
 ---
+# yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
 apiVersion: nfd.k8s-sigs.io/v1alpha1
 kind: NodeFeatureRule
 metadata:
--- a/kubernetes/apps/kube-system/rocky-nenya.yaml
+++ b/kubernetes/apps/kube-system/rocky-nenya.yaml
@ -4,13 +4,13 @@ metadata:
  name: rocky-nenya
  namespace: kube-system
 spec:
-  #  nodeName: nenya
+  nodeName: shadowfax-01
  containers:
    - name: rocky
      image: rockylinux:9
      securityContext:
        privileged: true
-      command: ["/bin/bash", "-c", "while true; do sleep 10; done"]
+      command: ["/bin/bash", "-c", "dnf install -y iputils dnsutils && while true; do sleep 10; done"]
      resources:
        requests:
          cpu: 100m
--- a/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: spegel
-      version: v0.0.26
+      version: v0.0.27
      sourceRef:
        kind: HelmRepository
        name: spegel-org
--- a/kubernetes/apps/kube-system/spegel/ks.yaml
+++ b/kubernetes/apps/kube-system/spegel/ks.yaml
@ -17,5 +17,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
+++ b/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
@ -66,6 +66,7 @@ spec:
                - ""
              resources:
                - pods
+                - nodes
              verbs:
                - create
                - update
@ -78,3 +79,114 @@ spec:
            matchLabels:
              app.kubernetes.io/instance: kyverno
              app.kubernetes.io/component: kyverno
+    config:
+      # -- Resource types to be skipped by the Kyverno policy engine.
+      # Make sure to surround each entry in quotes so that it doesn't get parsed as a nested YAML list.
+      # These are joined together without spaces, run through `tpl`, and the result is set in the config map.
+      # @default -- See [values.yaml](https://github.com/kyverno/kyverno/blob/ed1906a0dc281c2aeb9b7046b843708825310330/charts/kyverno/values.yaml#L207C3-L316C1)
+      resourceFilters:
+        - '[Event,*,*]'
+        - '[*/*,kube-system,*]'
+        - '[*/*,kube-public,*]'
+        - '[*/*,kube-node-lease,*]'
+        - '[Node,*,*]'
+        - '[Node/*,*,*]'
+        - '[APIService,*,*]'
+        - '[APIService/*,*,*]'
+        - '[TokenReview,*,*]'
+        - '[SubjectAccessReview,*,*]'
+        - '[SelfSubjectAccessReview,*,*]'
+        # remove the following to allow for schematic-to-pod.yaml to work
+        # - '[Binding,*,*]'
+        # - '[Pod/binding,*,*]'
+        - '[ReplicaSet,*,*]'
+        - '[ReplicaSet/*,*,*]'
+        - '[EphemeralReport,*,*]'
+        - '[ClusterEphemeralReport,*,*]'
+        # exclude resources from the chart
+        - '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}]'
+        - '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}:core]'
+        - '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}:additional]'
+        - '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}]'
+        - '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}:core]'
+        - '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}:additional]'
+        - '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}]'
+        - '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}:core]'
+        - '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}:additional]'
+        - '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}]'
+        - '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}:core]'
+        - '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}:additional]'
+        - '[ClusterRoleBinding,*,{{ template "kyverno.admission-controller.roleName" . }}]'
+        - '[ClusterRoleBinding,*,{{ template "kyverno.background-controller.roleName" . }}]'
+        - '[ClusterRoleBinding,*,{{ template "kyverno.cleanup-controller.roleName" . }}]'
+        - '[ClusterRoleBinding,*,{{ template "kyverno.reports-controller.roleName" . }}]'
+        - '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceAccountName" . }}]'
+        - '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceAccountName" . }}]'
+        - '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.serviceAccountName" . }}]'
+        - '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.serviceAccountName" . }}]'
+        - '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.serviceAccountName" . }}]'
+        - '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.serviceAccountName" . }}]'
+        - '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.serviceAccountName" . }}]'
+        - '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.serviceAccountName" . }}]'
+        - '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.roleName" . }}]'
+        - '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.roleName" . }}]'
+        - '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.roleName" . }}]'
+        - '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.roleName" . }}]'
+        - '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.roleName" . }}]'
+        - '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.roleName" . }}]'
+        - '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.roleName" . }}]'
+        - '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.roleName" . }}]'
+        - '[ConfigMap,{{ include "kyverno.namespace" . }},{{ template "kyverno.config.configMapName" . }}]'
+        - '[ConfigMap,{{ include "kyverno.namespace" . }},{{ template "kyverno.config.metricsConfigMapName" . }}]'
+        - '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
+        - '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
+        - '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
+        - '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
+        - '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
+        - '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
+        - '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
+        - '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
+        - '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}-*]'
+        - '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}-*]'
+        - '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-*]'
+        - '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-*]'
+        - '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-*]'
+        - '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-*]'
+        - '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-*]'
+        - '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-*]'
+        - '[Job,{{ include "kyverno.namespace" . }},{{ template "kyverno.fullname" . }}-hook-pre-delete]'
+        - '[Job/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.fullname" . }}-hook-pre-delete]'
+        - '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
+        - '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
+        - '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
+        - '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
+        - '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
+        - '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
+        - '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
+        - '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
+        - '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
+        - '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
+        - '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
+        - '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
+        - '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
+        - '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
+        - '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
+        - '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
+        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}]'
+        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}]'
+        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}-metrics]'
+        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}-metrics]'
+        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-metrics]'
+        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-metrics]'
+        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
+        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
+        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-metrics]'
+        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-metrics]'
+        - '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-metrics]'
+        - '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-metrics]'
+        - '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.admission-controller.name" . }}]'
+        - '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.background-controller.name" . }}]'
+        - '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.cleanup-controller.name" . }}]'
+        - '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.reports-controller.name" . }}]'
+        - '[Secret,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}.{{ template "kyverno.namespace" . }}.svc.*]'
+        - '[Secret,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}.{{ template "kyverno.namespace" . }}.svc.*]'
--- a/kubernetes/apps/kyverno/kyverno/ks.yaml
+++ b/kubernetes/apps/kyverno/kyverno/ks.yaml
@ -13,7 +13,6 @@ spec:
    name: theshire
  wait: true
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
@ -32,5 +31,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/network/cloudflared/app/helmrelease.yaml
+++ b/kubernetes/apps/network/cloudflared/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -36,7 +36,7 @@ spec:
          app:
            image:
              repository: docker.io/cloudflare/cloudflared
-              tag: 2024.9.1@sha256:0b88e00d8f93f9d18197f11506f0f6bf0d9266b5a0361c068930a3fe45b68b72
+              tag: 2024.10.0@sha256:060f16531b1ed6dcb382cd2b35d1a845f8dbcb445003b9ec48eef0078cb08bf4
            env:
              NO_AUTOUPDATE: "true"
              TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json
--- a/kubernetes/apps/network/cloudflared/ks.yaml
+++ b/kubernetes/apps/network/cloudflared/ks.yaml
@ -22,5 +22,4 @@ spec:
    name: theshire
  wait: true
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/network/echo-server/app/helmrelease.yaml
+++ b/kubernetes/apps/network/echo-server/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml
+++ b/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: ingress-nginx
-      version: 4.11.2
+      version: 4.11.3
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
--- a/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml
+++ b/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: ingress-nginx
-      version: 4.11.2
+      version: 4.11.3
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
--- a/kubernetes/apps/observability/alertmanager/ks.yaml
+++ b/kubernetes/apps/observability/alertmanager/ks.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
@ -21,3 +21,24 @@ spec:
  dependsOn:
    - name: external-secrets-stores
    - name: rook-ceph-cluster
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app alertmanager-silencer
+  namespace: flux-system
+spec:
+  targetNamespace: observability
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: "./kubernetes/apps/observability/alertmanager/silencer"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
--- a/kubernetes/apps/observability/alertmanager/silencer/helmrelease.yaml
+++ b/kubernetes/apps/observability/alertmanager/silencer/helmrelease.yaml
@ -0,0 +1,57 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: alertmanager-silencer
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  dependsOn:
+    - name: alertmanager
+      namespace: observability
+  values:
+    controllers:
+      alertmanager-silencer:
+        type: cronjob
+        cronjob:
+          schedule: "@daily"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/onedr0p/kubanetics
+              tag: 2024.10.6
+            env:
+              SCRIPT_NAME: alertmanager-silencer.sh
+              ALERTMANAGER_URL: http://alertmanager.observability.svc.cluster.local:9093
+              MATCHERS_0: alertname=CephPGImbalance job=rook-ceph-exporter
+              MATCHERS_1: alertname=CephMonClockSkew job=rook-ceph-mgr
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 25m
+              limits:
+                memory: 128Mi
+        pod:
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            runAsNonRoot: true
--- a/kubernetes/apps/observability/alertmanager/silencer/kustomization.yaml
+++ b/kubernetes/apps/observability/alertmanager/silencer/kustomization.yaml
@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
--- a/kubernetes/apps/observability/gatus/app/helmrelease.yaml
+++ b/kubernetes/apps/observability/gatus/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/observability/gatus/app/resources/config.yml
+++ b/kubernetes/apps/observability/gatus/app/resources/config.yml
@ -35,16 +35,6 @@ endpoints:
      - "[STATUS] == 200"
    alerts:
      - type: pushover
-  # - name: Umami
-  #   group: external
-  #   url: https://umi.hsn.dev/script.js
-  #   interval: 1m
-  #   client:
-  #     dns-resolver: tcp://1.1.1.1:53
-  #   conditions:
-  #     - "[STATUS] == 200"
-  #   alerts:
-  #     - type: pushover
  - name: Nextcloud External
    group: external
    url: https://nc.hsn.dev
@ -78,16 +68,6 @@ endpoints:
      - "[STATUS] == 200"
    alerts:
      - type: pushover
-  - name: Gollum
-    group: internal
-    url: http://gollum.jahanson.tech
-    interval: 1m
-    client:
-      dns-resolver: tcp://10.1.1.1:53
-    conditions:
-      - "[STATUS] == 200"
-    alerts:
-      - type: pushover
  - name: Nextcloud Internal
    group: internal
    url: https://nc.hsn.dev
@ -101,34 +81,3 @@ endpoints:
      - "[STATUS] == 200"
    alerts:
      - type: pushover
-  ### No clue why icmp is not working.
-  # - name: Shadowfax
-  #   group: internal
-  #   url: icmp://shadowfax.jahanson.tech
-  #   interval: 1m
-  #   client:
-  #     dns-resolver: tcp://10.1.1.1:53
-  #   conditions:
-  #     - "[CONNECTED] == true"
-  #   alerts:
-  #     - type: pushover
-  # - name: Gandalf
-  #   group: internal
-  #   url: icmp://gandalf.jahanson.tech
-  #   interval: 1m
-  #   client:
-  #     dns-resolver: tcp://10.1.1.1:53
-  #   conditions:
-  #     - "[CONNECTED] == true"
-  #   alerts:
-  #     - type: pushover
-  # - name: Home Assistant
-  #   group: internal
-  #   url: icmp://hass.jahanson.tech
-  #   interval: 1m
-  #   client:
-  #     dns-resolver: tcp://10.1.1.1:53
-  #   conditions:
-  #     - "[CONNECTED] == true"
-  #   alerts:
-  #     - type: pushover
--- a/kubernetes/apps/observability/gatus/ks.yaml
+++ b/kubernetes/apps/observability/gatus/ks.yaml
@ -20,7 +20,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml
+++ b/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml
@ -17,5 +17,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/observability/victoria-metrics/ks.yaml
+++ b/kubernetes/apps/observability/victoria-metrics/ks.yaml
@ -17,7 +17,6 @@ spec:
    name: theshire
  wait: true
  interval: 30m
-  retryInterval: 1m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
@ -40,4 +39,3 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
--- a/kubernetes/apps/openebs-system/openebs/ks.yaml
+++ b/kubernetes/apps/openebs-system/openebs/ks.yaml
@ -17,5 +17,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml
+++ b/kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@ -35,7 +35,7 @@ spec:
          app:
            image:
              repository: ghcr.io/cross-seed/cross-seed
-              tag: 6.0.0-39@sha256:d871f4204840cb67fec4d417bd4cc5b3fe42abd98aa0f3304b309e410c02f40b
+              tag: 6.0.0-42@sha256:d8828453010135f7b38e30bdda2965b3399c07d6e78efa22cbdaf7d3c6f6d43d
            env:
              TZ: America/Chicago
            args: ["daemon"]
--- a/kubernetes/apps/qbittorrent/cross-seed/ks.yaml
+++ b/kubernetes/apps/qbittorrent/cross-seed/ks.yaml
@ -19,7 +19,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/qbittorrent/flood/ks.yaml
+++ b/kubernetes/apps/qbittorrent/flood/ks.yaml
@ -22,7 +22,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
  postBuild:
    substitute:
--- a/kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml
+++ b/kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
--- a/kubernetes/apps/qbittorrent/qbittorrent/ks.yaml
+++ b/kubernetes/apps/qbittorrent/qbittorrent/ks.yaml
@ -47,5 +47,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml
+++ b/kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml
@ -39,7 +39,7 @@ spec:
          tagging: &container
            image:
              repository: ghcr.io/buroa/qbtools
-              tag: v0.19.2@sha256:98b84b4b0e1e5f4fcff3cd2e6b5c5fe2168d415bccd38169dc80b161139c955f
+              tag: v0.19.3@sha256:ac16aa76a78d3ece395f3e037defaf48328f73f4f83afc9c772bf814b9ded56e
            env:
              TZ: *timeZone
              POD_NAMESPACE:
--- a/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: rook-ceph
-      version: v1.15.3
+      version: v1.15.4
      sourceRef:
        kind: HelmRepository
        name: rook-ceph
--- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: rook-ceph-cluster
-      version: v1.15.3
+      version: v1.15.4
      sourceRef:
        kind: HelmRepository
        name: rook-ceph
--- a/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml
@ -17,7 +17,6 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
@ -38,5 +37,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 15m
--- a/kubernetes/apps/system-upgrade/system-upgrade-controller/ks.yaml
+++ b/kubernetes/apps/system-upgrade/system-upgrade-controller/ks.yaml
@ -47,4 +47,4 @@ spec:
      # renovate: datasource=docker depName=ghcr.io/siderolabs/installer
      TALOS_VERSION: v1.8.1
      # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
-      KUBERNETES_VERSION: v1.31.1
+      KUBERNETES_VERSION: v1.30.2
--- a/kubernetes/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml
+++ b/kubernetes/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml
@ -21,15 +21,6 @@ spec:
      - key: feature.node.kubernetes.io/system-os_release.VERSION_ID
        operator: NotIn
        values: ["${TALOS_VERSION}"]
-      - key: kubernetes.io/hostname
-        operator: NotIn
-        values: ["gandalf-01", "shadowfax-01"]
-      # - key: factory.talos.dev/schematic-id.part-0
-      #   operator: In
-      #   values: ["${TALOS_SCHEMATIC_ID:0:32}"]
-      # - key: factory.talos.dev/schematic-id.part-1
-      #   operator: In
-      #   values: ["${TALOS_SCHEMATIC_ID:32}"]
  tolerations:
    - key: CriticalAddonsOnly
      operator: Exists
@ -56,5 +47,5 @@ spec:
    args:
      - --nodes=$(NODE_IP)
      - upgrade
-      - --image=factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION)
+      - --image=factory.talos.dev/installer/$(TALOS_SCHEMATIC_ID):$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION)
      - --wait=false
--- a/kubernetes/apps/volsync-system/snapshot-controller/ks.yaml
+++ b/kubernetes/apps/volsync-system/snapshot-controller/ks.yaml
@ -17,5 +17,4 @@ spec:
    name: theshire
  wait: false
  interval: 30m
-  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/bootstrap/helmfile.yaml
+++ b/kubernetes/bootstrap/helmfile.yaml
@ -23,7 +23,7 @@ releases:
  - name: cilium
    namespace: kube-system
    chart: cilium/cilium
-    version: 1.16.2
+    version: 1.16.3
    values:
      - ../apps/kube-system/cilium/app/helm-values.yml
    needs:
@ -40,7 +40,7 @@ releases:
  - name: kubelet-csr-approver
    namespace: kube-system
    chart: postfinance/kubelet-csr-approver
-    version: 1.2.2
+    version: 1.2.3
    values:
      - ../apps/kube-system/kubelet-csr-approver/app/helm-values.yml
    needs:
@ -50,7 +50,7 @@ releases:
  - name: spegel
    namespace: kube-system
    chart: oci://ghcr.io/spegel-org/helm-charts/spegel
-    version: v0.0.26
+    version: v0.0.27
    values:
      - ../apps/kube-system/spegel/app/helm-values.yml
    needs:
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Joseph Hanson	82cf626562	silence clock skew	2024-10-17 21:32:33 -05:00
Joseph Hanson	23f4d92e50	Merge pull request 'Update image ghcr.io/dragonflydb/dragonfly to v1.24.0' (#742 ) from renovate/ghcr.io-dragonflydb-dragonfly-1.x into main Reviewed-on: #742	2024-10-17 21:15:07 -05:00
Joseph Hanson	7861e27b6b	Merge pull request 'Update image 1337kavin/piped-proxy to 5d069df' (#749 ) from renovate/1337kavin-piped-proxy-latest into main Reviewed-on: #749	2024-10-17 21:14:33 -05:00
Joseph Hanson	2a3e7139fc	Merge pull request 'Update image pgo to v5.7.0' (#746 ) from renovate/pgo-5.x into main Reviewed-on: #746	2024-10-17 21:14:20 -05:00
Joseph Hanson	c5b36d8ce2	up to two replicas	2024-10-17 20:59:00 -05:00
Joseph Hanson	b48e4a02c2	Merge pull request 'Update chart emqx-operator to 2.2.25' (#744 ) from renovate/emqx-operator-2.x into main Reviewed-on: #744	2024-10-17 20:53:49 -05:00
Joseph Hanson	0cf1087754	Merge pull request 'Update image ghcr.io/zwave-js/zwave-js-ui to v9.24.0' (#747 ) from renovate/ghcr.io-zwave-js-zwave-js-ui-9.x into main Reviewed-on: #747	2024-10-17 20:53:39 -05:00
Joseph Hanson	4214515c6a	Merge pull request 'Update image ghcr.io/koush/scrypted to v0.121.0' (#748 ) from renovate/ghcr.io-koush-scrypted-0.x into main Reviewed-on: #748	2024-10-17 20:47:29 -05:00
Joseph Hanson	acc8c0b920	add bjw-s-labs to automerge digests	2024-10-17 20:45:29 -05:00
Joseph Hanson	5cde98f529	refactor security context and add proper version to piped frontend	2024-10-17 20:42:10 -05:00
Joseph Hanson	dde7c66b70	Merge pull request 'Update Rook Ceph group to v1.15.4 (patch)' (#750 ) from renovate/patch-rook-ceph into main Reviewed-on: #750	2024-10-17 20:20:11 -05:00
Renovate Bot	acf7bc72f0	Update Rook Ceph group to v1.15.4	2024-10-17 21:03:18 +00:00
Renovate Bot	302bdd77b2	Update image 1337kavin/piped-proxy to 5d069df	2024-10-17 21:03:14 +00:00
Renovate Bot	cf3cd03a04	Update image ghcr.io/onedr0p/home-assistant to 65cdf47	2024-10-17 20:03:01 +00:00
Renovate Bot	368dfad63f	Update image ghcr.io/koush/scrypted to v0.121.0	2024-10-17 19:33:02 +00:00
Renovate Bot	82eb531702	Update image ghcr.io/zwave-js/zwave-js-ui to v9.24.0	2024-10-17 14:03:14 +00:00
Renovate Bot	867f6a97ea	Update image pgo to v5.7.0	2024-10-17 13:33:33 +00:00
Renovate Bot	db791c40c3	Update chart emqx-operator to 2.2.25	2024-10-17 09:02:38 +00:00
Joseph Hanson	f65c3bb2b6	Merge pull request 'Update image ghcr.io/cross-seed/cross-seed to v6.0.0-42' (#738 ) from renovate/ghcr.io-cross-seed-cross-seed-6.x into main Reviewed-on: #738	2024-10-16 17:22:15 -05:00
Joseph Hanson	0582ccd81d	Merge pull request 'Update chart node-feature-discovery to 0.16.5' (#739 ) from renovate/node-feature-discovery-0.x into main Reviewed-on: #739	2024-10-16 17:21:56 -05:00
Joseph Hanson	16b79d9447	Merge pull request 'Update image 1337kavin/piped-proxy to 38e511b' (#743 ) from renovate/1337kavin-piped-proxy-latest into main Reviewed-on: #743	2024-10-16 17:18:49 -05:00
Joseph Hanson	bc7e3294df	Disk keeps swapping on boot. Since it's the only hdd /dev/sda will do.	2024-10-16 17:09:13 -05:00
Renovate Bot	68cdf5531e	Update image 1337kavin/piped-proxy to 38e511b	2024-10-16 19:02:53 +00:00
Renovate Bot	dbb62d28eb	Update image ghcr.io/dragonflydb/dragonfly to v1.24.0	2024-10-16 06:02:54 +00:00
Joseph Hanson	0bf3a2e727	Merge pull request 'Update chart cilium to 1.16.3' (#741 ) from renovate/patch-cilium into main Reviewed-on: #741	2024-10-15 06:49:36 -05:00
Joseph Hanson	362ffcdccc	Merge pull request 'Update chart kubelet-csr-approver to 1.2.3' (#740 ) from renovate/kubelet-csr-approver-1.x into main Reviewed-on: #740	2024-10-15 06:48:51 -05:00
Renovate Bot	83e86b4b23	Update chart kubelet-csr-approver to 1.2.3	2024-10-15 11:38:17 +00:00
Joseph Hanson	75a288c381	Merge pull request 'Update image ghcr.io/zwave-js/zwave-js-ui to v9.23.0' (#737 ) from renovate/ghcr.io-zwave-js-zwave-js-ui-9.x into main Reviewed-on: #737	2024-10-15 06:35:25 -05:00
Joseph Hanson	5e23e0fddd	Merge pull request 'Update image app-template to v3.5.1' (#735 ) from renovate/app-template-3.x into main Reviewed-on: #735	2024-10-15 06:35:12 -05:00
Joseph Hanson	857d5f9f25	Merge pull request 'Update image public.ecr.aws/emqx/emqx to v5.8.1' (#733 ) from renovate/public.ecr.aws-emqx-emqx-5.x into main Reviewed-on: #733	2024-10-15 06:13:46 -05:00
Joseph Hanson	be59ac6eb6	Merge pull request 'Update image spegel to v0.0.27' (#734 ) from renovate/spegel-0.x into main Reviewed-on: #734	2024-10-15 06:11:53 -05:00
Renovate Bot	491639f911	Update chart cilium to 1.16.3	2024-10-15 09:33:02 +00:00
Renovate Bot	5e8a66dbf9	Update chart node-feature-discovery to 0.16.5	2024-10-15 06:32:17 +00:00
Renovate Bot	af1d0827c1	Update image ghcr.io/cross-seed/cross-seed to v6.0.0-42	2024-10-15 01:02:42 +00:00
Joseph Hanson	11470b3ddd	unbreak json	2024-10-14 12:10:57 -05:00
jahanson	f0d3933cd0	revert talosconfig change revert Merge pull request 'add iot vlan to each talos node' (#736) from add-iot-interface-to-all-talos-nodes into main Reviewed-on: #736	2024-10-14 11:36:37 -05:00
Renovate Bot	21394584fe	Update image ghcr.io/zwave-js/zwave-js-ui to v9.23.0	2024-10-14 16:32:37 +00:00
Joseph Hanson	eb0eacf99f	Merge pull request 'add iot vlan to each talos node' (#736 ) from add-iot-interface-to-all-talos-nodes into main Reviewed-on: #736	2024-10-14 11:11:23 -05:00
Joseph Hanson	94bee873e7	add iot vlan to each talos node	2024-10-14 11:10:58 -05:00
Renovate Bot	a567eda576	Update image app-template to v3.5.1	2024-10-14 16:02:26 +00:00
Renovate Bot	d6199e8db2	Update image spegel to v0.0.27	2024-10-14 15:02:56 +00:00
Renovate Bot	4154700932	Update image public.ecr.aws/emqx/emqx to v5.8.1	2024-10-14 15:02:45 +00:00
Joseph Hanson	279096ea11	Merge pull request 'update helmrelease schemas' (#732 ) from update-helmrelease-schemas into main Reviewed-on: #732	2024-10-14 09:29:54 -05:00
Joseph Hanson	9fed1b350f	update helmrelease schemas	2024-10-14 09:26:12 -05:00
Joseph Hanson	e45976ebf1	Merge pull request 'Update HelmRelease to helm.toolkit.fluxcd.io/v2' (#725 ) from renovate/helmrelease-2.x into main Reviewed-on: #725	2024-10-14 09:12:03 -05:00
Joseph Hanson	19c1d0d618	Merge pull request 'Update image ghcr.io/onedr0p/prowlarr-develop to v1.25.2.4794' (#730 ) from renovate/ghcr.io-onedr0p-prowlarr-develop-1.x into main Reviewed-on: #730	2024-10-14 09:05:33 -05:00
Joseph Hanson	5e51ebcb9c	Merge pull request 'Update image ghcr.io/tautulli/tautulli to v2.14.6' (#731 ) from renovate/ghcr.io-tautulli-tautulli-2.x into main Reviewed-on: #731	2024-10-14 09:05:13 -05:00
Renovate Bot	3c8e5baa7b	Update image ghcr.io/tautulli/tautulli to v2.14.6	2024-10-14 14:04:22 +00:00
Renovate Bot	7cfc65d647	Update image ghcr.io/onedr0p/prowlarr-develop to v1.25.2.4794	2024-10-14 14:04:17 +00:00
Joseph Hanson	b0063fe8c4	Merge pull request 'Update image ghcr.io/cross-seed/cross-seed to v6.0.0-41' (#728 ) from renovate/ghcr.io-cross-seed-cross-seed-6.x into main Reviewed-on: #728	2024-10-14 09:01:06 -05:00
Joseph Hanson	9e94135f55	Merge pull request 'Update image ghcr.io/koush/scrypted to v0.119.2' (#729 ) from renovate/ghcr.io-koush-scrypted-0.x into main Reviewed-on: #729	2024-10-14 08:43:36 -05:00
Renovate Bot	6abe2b9c4b	Update image ghcr.io/koush/scrypted to v0.119.2	2024-10-14 13:04:05 +00:00
Renovate Bot	fd8eb9cf19	Update image ghcr.io/cross-seed/cross-seed to v6.0.0-41	2024-10-14 13:03:57 +00:00
Joseph Hanson	fbe5c55308	Merge pull request 'Update image 1337kavin/piped-proxy to c497d70' (#726 ) from renovate/1337kavin-piped-proxy-latest into main Reviewed-on: #726	2024-10-14 07:45:37 -05:00
Joseph Hanson	9a0afa2aa4	Merge pull request 'Update image ghcr.io/buroa/qbtools to v0.19.3' (#727 ) from renovate/ghcr.io-buroa-qbtools-0.x into main Reviewed-on: #727	2024-10-14 07:45:29 -05:00
Joseph Hanson	877380899e	Merge pull request 'Update chart ingress-nginx to 4.11.3' (#710 ) from renovate/ingress-nginx-4.x into main Reviewed-on: #710	2024-10-14 07:45:02 -05:00
Joseph Hanson	93afdb3fe7	Merge pull request 'Update image docker.io/cloudflare/cloudflared to v2024.10.0' (#713 ) from renovate/docker.io-cloudflare-cloudflared-2024.x into main Reviewed-on: #713	2024-10-14 07:43:43 -05:00
Joseph Hanson	d85993b354	Merge pull request 'Update image docker.io/ollama/ollama to v0.3.13' (#717 ) from renovate/docker.io-ollama-ollama-0.x into main Reviewed-on: #717	2024-10-14 07:43:29 -05:00
Renovate Bot	750b19f1e5	Update image ghcr.io/buroa/qbtools to v0.19.3	2024-10-14 12:33:17 +00:00
Renovate Bot	5f034598a9	Update image 1337kavin/piped-proxy to c497d70	2024-10-14 12:33:07 +00:00
Joseph Hanson	6aea997c48	Merge pull request 'Update image ghcr.io/zwave-js/zwave-js-ui to v9.22.0' (#718 ) from renovate/ghcr.io-zwave-js-zwave-js-ui-9.x into main Reviewed-on: #718	2024-10-14 07:30:07 -05:00
Joseph Hanson	c05674b76b	Merge pull request 'Update image quay.io/redlib/redlib to f07a153' (#716 ) from renovate/quay.io-redlib-redlib-latest into main Reviewed-on: #716	2024-10-14 07:29:47 -05:00
Joseph Hanson	28d581634d	Merge pull request 'Update image ghcr.io/onedr0p/radarr-develop to v5.12.2.9335' (#712 ) from renovate/ghcr.io-onedr0p-radarr-develop-5.x into main Reviewed-on: #712	2024-10-14 07:29:37 -05:00
Joseph Hanson	5e8add9c86	Merge pull request 'Update image ghcr.io/bjw-s-labs/piped-frontend to 07ab90a' (#714 ) from renovate/ghcr.io-bjw-s-labs-piped-frontend-latest into main Reviewed-on: #714	2024-10-14 07:27:49 -05:00
Renovate Bot	338004fa0a	Update image ghcr.io/bjw-s-labs/piped-frontend to 07ab90a	2024-10-13 16:35:09 +00:00
Joseph Hanson	a7b8662796	include bond interfaces	2024-10-12 17:11:06 -05:00
Joseph Hanson	76e7901a2f	update ip	2024-10-12 16:07:26 -05:00
Joseph Hanson	4f604ba608	debug	2024-10-12 16:00:37 -05:00
Joseph Hanson	de94de0b2a	add ports	2024-10-12 15:45:17 -05:00
Joseph Hanson	4bc53661ad	remove extra service	2024-10-12 14:27:34 -05:00
Joseph Hanson	f1fdda6bdd	gatus fixup -- remove services/servers not used	2024-10-12 14:24:54 -05:00
Renovate Bot	6aaf58e8be	Update HelmRelease to helm.toolkit.fluxcd.io/v2	2024-10-12 17:03:18 +00:00
Joseph Hanson	ae41bd8a6e	Merge pull request 'Update image ghcr.io/onedr0p/home-assistant to v2024.10.2' (#724 ) from renovate/ghcr.io-onedr0p-home-assistant-2024.x into main Reviewed-on: #724	2024-10-12 11:35:28 -05:00
Renovate Bot	a894c9932b	Update image ghcr.io/onedr0p/radarr-develop to v5.12.2.9335	2024-10-12 16:33:17 +00:00
Renovate Bot	134cc34515	Update image quay.io/redlib/redlib to f07a153	2024-10-12 16:03:04 +00:00
Joseph Hanson	52a4fc077b	add rebroadcast ports and swap to nvidia container.	2024-10-12 07:16:22 -05:00
Joseph Hanson	5051f5b6f4	update mount names	2024-10-12 06:42:46 -05:00
Joseph Hanson	587565c0ed	correct pvc name	2024-10-11 20:06:09 -05:00
Joseph Hanson	ba526c130b	correct namespace	2024-10-11 19:58:29 -05:00
Joseph Hanson	c7037694fa	add scrypted	2024-10-11 19:57:15 -05:00
Joseph Hanson	45d91c392d	update toolpod	2024-10-11 19:54:48 -05:00
Joseph Hanson	acba2f290f	swap deps	2024-10-11 18:47:50 -05:00
Joseph Hanson	aa7119a6e4	add alert manager silencer back	2024-10-11 18:44:08 -05:00
Joseph Hanson	b56314020a	remove retryInterval on all flux	2024-10-11 18:25:37 -05:00
Joseph Hanson	d67ed006ca	update to talos v1.8.1	2024-10-11 18:12:51 -05:00
Joseph Hanson	d0d86351c1	add google coral detection	2024-10-11 18:12:26 -05:00
Renovate Bot	1ee483d322	Update image ghcr.io/onedr0p/home-assistant to v2024.10.2	2024-10-11 17:33:38 +00:00
Joseph Hanson	efb553e50b	remove old code -- different hardware now supported.	2024-10-11 12:17:21 -05:00
Joseph Hanson	487976e388	{}!!!!!!!!!	2024-10-11 10:53:39 -05:00
Joseph Hanson	7c8802e3bf	remove pod binding policy filters for schematic-to-pod policy to work	2024-10-11 10:31:13 -05:00
Renovate Bot	e906b8239d	Update image ghcr.io/zwave-js/zwave-js-ui to v9.22.0	2024-10-11 10:03:26 +00:00
Renovate Bot	e6b1302167	Update image docker.io/ollama/ollama to v0.3.13	2024-10-10 23:05:34 +00:00
Renovate Bot	4ec7a417e7	Update image docker.io/cloudflare/cloudflared to v2024.10.0	2024-10-10 12:03:51 +00:00
Renovate Bot	fdc61be74e	Update chart ingress-nginx to 4.11.3	2024-10-10 11:01:05 +00:00