Merge pull request 'Update image ghcr.io/siderolabs/kubelet to v1.31.2' (#838 ) from renovate/ghcr.io-siderolabs-kubelet-1.x into main

Reviewed-on: #838
Merge pull request 'Update image ghcr.io/onedr0p/home-assistant to v2024.11.1' (#841 ) from renovate/ghcr.io-onedr0p-home-assistant-2024.x into main
2024-11-08 19:40:40 -06:00 · 2024-11-08 19:08:54 -06:00 · 2024-11-08 19:07:48 -06:00 · 2024-11-08 19:07:33 -06:00 · 2024-11-09 01:06:18 +00:00 · 2024-11-09 01:06:15 +00:00
25 changed files with 107 additions and 183 deletions
--- a/kubernetes/apps/default/piped/app/externalsecret.yaml
+++ b/kubernetes/apps/default/piped/app/externalsecret.yaml
--- a/kubernetes/apps/default/piped/app/helmrelease.yaml
+++ b/kubernetes/apps/default/piped/app/helmrelease.yaml
--- a/kubernetes/apps/default/piped/app/kustomization.yaml
+++ b/kubernetes/apps/default/piped/app/kustomization.yaml
--- a/kubernetes/apps/default/piped/ks.yaml
+++ b/kubernetes/apps/default/piped/ks.yaml
--- a/.gitignore
+++ b/.gitignore
@ -24,3 +24,6 @@ omniconfig.yaml
 *.pem
 *.secrets
 config.xml
+
+# syncthing
+**/*sync-conflict*
--- a/kubernetes/apps/ai/ollama/app/helmrelease.yaml
+++ b/kubernetes/apps/ai/ollama/app/helmrelease.yaml
@ -35,7 +35,7 @@ spec:
          app:
            image:
              repository: docker.io/ollama/ollama
-              tag: 0.4.0
+              tag: 0.4.1
            env:
              - name: OLLAMA_HOST
                value: 0.0.0.0
--- a/kubernetes/apps/anime/kustomization.yaml
+++ b/kubernetes/apps/anime/kustomization.yaml
@ -9,5 +9,5 @@ resources:
  - ./jellyfin/ks.yaml    # sqlite
  - ./jellyseerr/ks.yaml  # sqlite
  - ./radarr/ks.yaml      # postgres
-  - ./shoko/ks.yaml       # sqlite
+  # - ./shoko/ks.yaml       # sqlite
  - ./sonarr/ks.yaml      # postgres
--- a/kubernetes/apps/anime/shoko/app/externalsecret.yaml
+++ b/kubernetes/apps/anime/shoko/app/externalsecret.yaml
@ -1,31 +0,0 @@
---
-# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: shokoserver
-spec:
-  refreshInterval: 5m
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    name: shokoserver-secret
-    creationPolicy: Owner
-  data:
-    - secretKey: WIREGUARD_ENDPOINT_IP
-      remoteRef:
-        key: ProtonVPN
-        property: shokoserver_vpn_endpoint_ip
-    - secretKey: WIREGUARD_PUBLIC_KEY
-      remoteRef:
-        key: ProtonVPN
-        property: shokoserver_wireguard_public_key
-    - secretKey: WIREGUARD_PRIVATE_KEY
-      remoteRef:
-        key: ProtonVPN
-        property: shokoserver_wireguard_private_key
-    - secretKey: WIREGUARD_ADDRESSES
-      remoteRef:
-        key: ProtonVPN
-        property: wireguard_addresses
--- a/kubernetes/apps/anime/shoko/app/helmrelease.yaml
+++ b/kubernetes/apps/anime/shoko/app/helmrelease.yaml
@ -1,125 +0,0 @@
---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: &app shokoserver
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: app-template
-      version: 3.5.1
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      strategy: rollback
-      retries: 3
-  dependsOn:
-    - name: rook-ceph-cluster
-      namespace: rook-ceph
-    - name: volsync
-      namespace: volsync-system
-  values:
-    controllers:
-      shokoserver:
-        annotations:
-          reloader.stakater.com/auto: "true"
-        initContainers:
-          gluetun:
-            image:
-              repository: ghcr.io/qdm12/gluetun
-              tag: v3.39.1
-            env:
-              DOT: "off"
-              VPN_SERVICE_PROVIDER: protonvpn
-              VPN_TYPE: wireguard
-              VPN_INTERFACE: wg0
-              FIREWALL_INPUT_PORTS: "80"
-            envFrom:
-              - secretRef:
-                  name: shokoserver-secret
-            resources:
-              limits:
-                kernel.org/tun: 1
-            restartPolicy: Always
-            securityContext:
-              capabilities:
-                add: ["NET_ADMIN"]
-              allowPrivilegeEscalation: false
-        containers:
-          app:
-            image:
-              repository: ghcr.io/jahanson/shokoserver
-              tag: v5.0.0@sha256:193aedf3e3f2d7031a76274d5bae0004c3d920c24831d688d991f85d4bb24ce2
-            env:
-              TZ: America/Chicago
-              PORT: &port 80
-            # probes:
-            #   liveness: &probes
-            #     enabled: true
-            #     custom: true
-            #     spec:
-            #       httpGet:
-            #         path: /status
-            #         port: *port
-            #       initialDelaySeconds: 0
-            #       periodSeconds: 10
-            #       timeoutSeconds: 1
-            #       failureThreshold: 3
-            #   readiness: *probes
-            #   startup:
-            #     enabled: false
-            securityContext:
-              allowPrivilegeEscalation: false
-              readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
-    defaultPodOptions:
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 568
-        runAsGroup: 568
-        fsGroup: 568
-        fsGroupChangePolicy: OnRootMismatch
-        seccompProfile: { type: RuntimeDefault }
-    service:
-      app:
-        controller: shokoserver
-        ports:
-          http:
-            port: *port
-            targetPort: 8111
-    ingress:
-      app:
-        className: internal-nginx
-        hosts:
-          - host: "${APP}.jahanson.tech"
-            paths:
-              - path: /
-                service:
-                  identifier: app
-                  port: http
-    persistence:
-      config:
-        existingClaim: "${APP}"
-        globalMounts:
-          - path: /.shoko
-      media:
-        type: nfs
-        server: 10.1.1.61
-        path: /moria/media/
-        globalMounts:
-          - path: /data/moria-media
-      # logs:
-      #   type: emptyDir
-      #   globalMounts:
-      #     - path: /app/config/logs
-      tmp:
-        type: emptyDir
--- a/kubernetes/apps/default/autobrr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/autobrr/app/helmrelease.yaml
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/autobrr/autobrr
-              tag: v1.48.0@sha256:0ae19e3beedf491396e450b024c23e9e24df4d692286c0442a81fa699493def0
+              tag: v1.49.0@sha256:dc2195ccabf8438a8f8eb0581c5e6d2a40c061754e57552bc4f67f1b20a71970
            env:
              AUTOBRR__CHECK_FOR_UPDATES: "false"
              AUTOBRR__HOST: 0.0.0.0
--- a/kubernetes/apps/default/home-assistant/app/helmrelease.yaml
+++ b/kubernetes/apps/default/home-assistant/app/helmrelease.yaml
@ -36,7 +36,7 @@ spec:
          app:
            image:
              repository: ghcr.io/onedr0p/home-assistant
-              tag: 2024.11.0@sha256:23a1ba70e7d5518527e6324d28ccb07f1cbf7c334dbb6326a0b413ef8fe5fafd
+              tag: 2024.11.1@sha256:a3dd7577c28771702b21f817ad86600056467c2c7f45d261a1e7241910ddc2e2
            env:
              TZ: America/Chicago
            envFrom:
@ -54,7 +54,7 @@ spec:
          code-server:
            image:
              repository: ghcr.io/coder/code-server
-              tag: 4.93.1@sha256:c69e398d1b64589b3b77a7becfd03f4ec524982def20e6bffbb51b1b839e72ba
+              tag: 4.95.1@sha256:d9bc7797d997e1b199e333676732e075bac4bae276dc0fe1baece2e313edfa09
            args: [
              "--auth", "none",
              "--user-data-dir", "/config/.vscode",
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@ -16,7 +16,6 @@ resources:
  - ./morphos/ks.yaml
  - ./omegabrr/ks.yaml
  - ./overseerr/ks.yaml
-  - ./piped/ks.yaml
  - ./plex/ks.yaml
  - ./prowlarr/ks.yaml
  - ./radarr/ks.yaml
--- a/kubernetes/apps/default/maintainerr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/maintainerr/app/helmrelease.yaml
@ -32,7 +32,7 @@ spec:
          app:
            image:
              repository: ghcr.io/jorenn92/maintainerr
-              tag: 2.2.0@sha256:fbb2c0341b8af502e4488f3664e34992f24947708c7dac10dcbee592f99a946c
+              tag: 2.2.1@sha256:13121a8292ef6db7560a931bf19b601cf3cc12df0a9dea9086b757798eea5b6d
            env:
              TZ: America/Chicago
            resources:
--- a/kubernetes/apps/default/omegabrr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/omegabrr/app/helmrelease.yaml
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/autobrr/omegabrr
-              tag: v1.14.0@sha256:6f65c7967609746662815933ecc8168c8c25a3b82d909f49833fcce2b47ee052
+              tag: v1.15.0@sha256:4f6099a76ff9d248e9f032e29c04a92b483f21456e46f3b01eb20399f4732ad0
            env:
              TZ: America/Chicago
            securityContext:
--- a/kubernetes/apps/default/plex/trakt-sync/helmrelease.yaml
+++ b/kubernetes/apps/default/plex/trakt-sync/helmrelease.yaml
@ -33,7 +33,7 @@ spec:
          app:
            image:
              repository: ghcr.io/taxel/plextraktsync
-              tag: 0.32.0
+              tag: 0.32.1
            args:
              - sync
            env:
--- a/kubernetes/apps/default/scrypted/app/helmrelease.yaml
+++ b/kubernetes/apps/default/scrypted/app/helmrelease.yaml
@ -32,7 +32,7 @@ spec:
          app:
            image:
              repository: ghcr.io/koush/scrypted
-              tag: v0.123.0-jammy-nvidia
+              tag: v0.123.1-jammy-nvidia
            probes:
              liveness:
                enabled: true
--- a/kubernetes/apps/kube-system/generic-device-plugin/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/generic-device-plugin/app/helmrelease.yaml
@ -0,0 +1,67 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: generic-device-plugin
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  driftDetection:
+    mode: enabled
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    defaultPodOptions:
+      priorityClassName: system-node-critical
+    controllers:
+      generic-device-plugin:
+        type: daemonset
+        strategy: RollingUpdate
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          generic-device-plugin:
+            image:
+              repository: ghcr.io/squat/generic-device-plugin
+              tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821
+            args:
+              - --config=/config/config.yml
+            ports:
+              - containerPort: 8080
+                name: http
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+    persistence:
+      config:
+        type: configMap
+        name: generic-device-plugin-configmap
+        globalMounts:
+          - path: /config/config.yml
+            subPath: config.yml
+            readOnly: true
+      dev:
+        type: hostPath
+        hostPath: /dev
+        globalMounts:
+          - path: /dev
+      device-plugin:
+        type: hostPath
+        hostPath: /var/lib/kubelet/device-plugins
+        globalMounts:
+          - path: /var/lib/kubelet/device-plugins
--- a/kubernetes/apps/kube-system/generic-device-plugin/app/kustomization.yaml
+++ b/kubernetes/apps/kube-system/generic-device-plugin/app/kustomization.yaml
@ -3,7 +3,10 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./externalsecret.yaml
  - ./helmrelease.yaml
-  - ../../../../templates/gatus/internal
-  - ../../../../templates/volsync
+configMapGenerator:
+  - name: generic-device-plugin-configmap
+    files:
+      - ./resources/config.yml
+generatorOptions:
+  disableNameSuffixHash: true
--- a/kubernetes/apps/kube-system/generic-device-plugin/app/resources/config.yml
+++ b/kubernetes/apps/kube-system/generic-device-plugin/app/resources/config.yml
@ -0,0 +1,9 @@
+---
+log-level: info
+domain: kernel.org
+devices:
+  - name: tun
+    groups:
+      - count: 1000
+        paths:
+          - path: /dev/net/tun
--- a/kubernetes/apps/kube-system/generic-device-plugin/ks.yaml
+++ b/kubernetes/apps/kube-system/generic-device-plugin/ks.yaml
@ -3,22 +3,18 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: &app shoko
+  name: &app generic-device-plugin
  namespace: flux-system
 spec:
-  targetNamespace: anime
+  targetNamespace: kube-system
  commonMetadata:
    labels:
      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/anime/shoko/app
+  path: "./kubernetes/apps/kube-system/generic-device-plugin/app"
  prune: true
  sourceRef:
    kind: GitRepository
    name: theshire
-  wait: false
+  wait: true
  interval: 30m
  timeout: 5m
-  postBuild:
-    substitute:
-      APP: *app
-      VOLSYNC_CAPACITY: 5Gi
--- a/kubernetes/apps/kube-system/kustomization.yaml
+++ b/kubernetes/apps/kube-system/kustomization.yaml
@ -12,6 +12,7 @@ resources:
  - ./descheduler/ks.yaml
  - ./dnsimple-webhook-rbac.yaml
  - ./fstrim/ks.yaml
+  - ./generic-device-plugin/ks.yaml
  - ./kubelet-csr-approver/ks.yaml
  - ./metrics-server/ks.yaml
  - ./node-feature-discovery/ks.yaml
--- a/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml
+++ b/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: prometheus-operator-crds
-      version: 15.0.0
+      version: 16.0.0
      sourceRef:
        kind: HelmRepository
        name: prometheus-community
--- a/kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml
+++ b/kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml
@ -43,7 +43,7 @@ spec:
          app:
            image:
              repository: jesec/flood
-              tag: master@sha256:8d04ec24abcc879f14e744e809520f7a7ec3c66395e1f6efa4179c9399803fbe
+              tag: master@sha256:8a18a3509a6c1557b769873a1ef85dcd5fa4cbce1a939be2c6c87f97eb79de45
            envFrom:
              - secretRef:
                  name: flood-secret
--- a/kubernetes/bootstrap/helmfile.yaml
+++ b/kubernetes/bootstrap/helmfile.yaml
@ -19,7 +19,7 @@ releases:
  - name: prometheus-operator-crds
    namespace: observability
    chart: oci://ghcr.io/prometheus-community/charts/prometheus-operator-crds
-    version: 15.0.0
+    version: 16.0.0
  - name: cilium
    namespace: kube-system
    chart: cilium/cilium
--- a/kubernetes/bootstrap/talos/talconfig.yaml
+++ b/kubernetes/bootstrap/talos/talconfig.yaml
@ -1,9 +1,11 @@
 ---
-# yaml-language-server: $schema=https://ks.hsn.dev/talconfig.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json
 clusterName: theshire

-talosVersion: v1.8.2
-kubernetesVersion: 1.31.1
+# renovate: datasource=github-releases depName=siderolabs/talos
+talosVersion: v1.8.1
+# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
+kubernetesVersion: 1.31.2
 endpoint: "https://10.1.1.57:6444"

 additionalApiServerCertSans:
Author	SHA1	Message	Date
Joseph Hanson	761690ba5e	Merge pull request 'Update image ghcr.io/siderolabs/kubelet to v1.31.2' (#838 ) from renovate/ghcr.io-siderolabs-kubelet-1.x into main Reviewed-on: #838	2024-11-08 19:40:40 -06:00
Joseph Hanson	cb2e0d24c8	Merge pull request 'Update image ghcr.io/onedr0p/home-assistant to v2024.11.1' (#841 ) from renovate/ghcr.io-onedr0p-home-assistant-2024.x into main Reviewed-on: #841	2024-11-08 19:08:54 -06:00
Joseph Hanson	bc687b28fd	Merge pull request 'Update image docker.io/ollama/ollama to v0.4.1' (#840 ) from renovate/docker.io-ollama-ollama-0.x into main Reviewed-on: #840	2024-11-08 19:07:48 -06:00
Joseph Hanson	6c6ea27957	Merge pull request 'Update image ghcr.io/autobrr/autobrr to v1.49.0' (#834 ) from renovate/ghcr.io-autobrr-autobrr-1.x into main Reviewed-on: #834	2024-11-08 19:07:33 -06:00
Renovate Bot	1166d4d687	Update image ghcr.io/onedr0p/home-assistant to v2024.11.1	2024-11-09 01:06:18 +00:00
Renovate Bot	ec4f619367	Update image docker.io/ollama/ollama to v0.4.1	2024-11-09 01:06:15 +00:00
Joseph Hanson	d870c79589	Merge pull request 'Update image jesec/flood to 8a18a35' (#824 ) from renovate/jesec-flood-master into main Reviewed-on: #824	2024-11-08 18:56:08 -06:00
Joseph Hanson	96179f13a2	Merge pull request 'Update image ghcr.io/autobrr/omegabrr to v1.15.0' (#825 ) from renovate/ghcr.io-autobrr-omegabrr-1.x into main Reviewed-on: #825	2024-11-08 18:55:33 -06:00
Joseph Hanson	2c348267c5	Merge pull request 'Update image ghcr.io/coder/code-server to v4.95.1' (#835 ) from renovate/ghcr.io-coder-code-server-4.x into main Reviewed-on: #835	2024-11-08 18:55:07 -06:00
Joseph Hanson	8222c32fe0	Merge pull request 'Update image prometheus-operator-crds to v16' (#836 ) from renovate/prometheus-operator-crds-16.x into main Reviewed-on: #836	2024-11-08 18:54:44 -06:00
Joseph Hanson	01f3eaa9fa	Merge pull request 'Update image ghcr.io/koush/scrypted to v0.123.1' (#837 ) from renovate/ghcr.io-koush-scrypted-0.x into main Reviewed-on: #837	2024-11-08 18:54:28 -06:00
Joseph Hanson	c51bd020bd	Merge pull request 'Update image ghcr.io/taxel/plextraktsync to v0.32.1' (#839 ) from renovate/ghcr.io-taxel-plextraktsync-0.x into main Reviewed-on: #839	2024-11-08 18:53:48 -06:00
Renovate Bot	1f87e3c3db	Update image ghcr.io/taxel/plextraktsync to v0.32.1	2024-11-08 19:06:35 +00:00
Renovate Bot	20a2e63b30	Update image prometheus-operator-crds to v16	2024-11-08 18:21:08 +00:00
Renovate Bot	8ed33b3671	Update image ghcr.io/siderolabs/kubelet to v1.31.2	2024-11-08 18:20:42 +00:00
Joseph Hanson	2de07ac885	renovate test	2024-11-08 12:13:27 -06:00
Renovate Bot	f1c79adc59	Update image ghcr.io/koush/scrypted to v0.123.1	2024-11-08 18:06:32 +00:00
Joseph Hanson	97829c6809	ignore sync-conflicts	2024-11-07 22:20:12 -06:00
Joseph Hanson	14287e4cad	Merge pull request 'Update image ghcr.io/jorenn92/maintainerr to v2.2.1' (#833 ) from renovate/ghcr.io-jorenn92-maintainerr-2.x into main Reviewed-on: #833	2024-11-07 16:08:38 -06:00
Joseph Hanson	7a72a530a7	undeploy piped	2024-11-07 16:07:58 -06:00
Joseph Hanson	c282512a8b	add generic-device-plugin	2024-11-07 15:49:06 -06:00
Renovate Bot	851884bd94	Update image ghcr.io/coder/code-server to v4.95.1	2024-11-07 20:06:55 +00:00
Renovate Bot	2a06b673fb	Update image ghcr.io/autobrr/autobrr to v1.49.0	2024-11-07 20:06:47 +00:00
Renovate Bot	dbb411bc42	Update image ghcr.io/jorenn92/maintainerr to v2.2.1	2024-11-07 19:07:54 +00:00
Renovate Bot	366747cfd1	Update image ghcr.io/autobrr/omegabrr to v1.15.0	2024-11-06 12:05:44 +00:00
Renovate Bot	5ae9e7a310	Update image jesec/flood to 8a18a35	2024-11-06 05:35:26 +00:00