Update codercom/code-server Docker tag to v4.97.2

apps-kustomized/airsonic-advanced/ingress.yaml

@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
-  name: airsonic-advanced
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: airsonic.martyn.berlin
-    http:
-      paths:
-      - backend:
-          service:
-            name: airsonic-advanced
-            port:
-              number: 80
-        path: /
-        pathType: Prefix
-  tls:
-  - hosts:
-    - airsonic.martyn.berlin

apps-kustomized/bucket/ingress.yaml

@@ -34,5 +34,7 @@ spec:
   tls:
   - hosts:
     - files.martyn.berlin
+    secretName: files-tls
   - hosts:
     - files-a89a4194-3742-498e-8c6c-37128fdb9291.martyn.berlin
+    secretName: long-name-files-tls

apps-kustomized/cryptpad/ingress.yaml

@@ -28,6 +28,7 @@ spec:
   tls:
   - hosts:
     - cryptpad.martyn.berlin
+    secretName: cryptpad-tls
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -59,3 +60,4 @@ spec:
   tls:
   - hosts:
     - cryptpad-safe.martyn.berlin
+    secretName: cryptpad-safe-tls

apps-kustomized/external-mqtt/ing.yaml

@@ -10,6 +10,7 @@ spec:
   tls:
   - hosts:
     - iot.martyn.berlin
+    secretName: mosquitto-certs
   rules:
   - host: iot.martyn.berlin
     http:

apps-kustomized/forgejo/ingress.yaml

@@ -26,3 +26,4 @@ spec:
   tls:
   - hosts:
     - git.martyn.berlin
+    secretName: forgejo-tls

apps-kustomized/jellyfin/deployment.yaml

@@ -31,7 +31,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        image: docker.io/jellyfin/jellyfin:10.10.6
+        image: docker.io/jellyfin/jellyfin:10.10.5
         imagePullPolicy: Always
         name: jellyfin
         ports:
@@ -49,12 +49,16 @@ spec:
             cpu: 163m
 #            memory: 3861631195
         volumeMounts:
+        - mountPath: /data2/media
+          name: runningseries
         - mountPath: /films
           name: films
         - mountPath: /config
           name: jellyfin-config
         - mountPath: /music
           name: music
+        - mountPath: /oldbigseries
+          name: oldseries
         - mountPath: /config/transcodes
           name: transcodes
         - mountPath: /dev/dri
@@ -66,9 +70,12 @@ spec:
       dnsPolicy: ClusterFirst
       nodeSelector:
         intel.feature.node.kubernetes.io/gpu: "true"
-        kubernetes.io/hostname: talos-llu-kx3
+        oldname: i9worker
       terminationGracePeriodSeconds: 30
       volumes:
+      - persistentVolumeClaim:
+          claimName: smb-series
+        name: runningseries
       - name: jellyfin-config
         persistentVolumeClaim:
           claimName: jellyfin-config
@@ -81,6 +88,9 @@ spec:
       - persistentVolumeClaim:
           claimName: smb-films
         name: films
+      - persistentVolumeClaim:
+          claimName: smb-oldseries
+        name: oldseries
       - hostPath:
           path: /dev/dri
           type: Directory

apps-kustomized/jellyfin/pvc-smb.yaml

@@ -1,5 +1,29 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
+metadata:
+  name: smb-series
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: smb-series
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: smb-oldseries
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: smb-oldseries
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
 metadata:
   name: smb-music
 spec:

apps-kustomized/jellyseerr/ingress.yaml

@@ -23,3 +23,4 @@ spec:
   tls:
   - hosts:
     - requests.martyn.berlin
+    secretName: requests-tls

apps-kustomized/nextcloud/ingress.yaml

@@ -25,3 +25,4 @@ spec:
   tls:
   - hosts:
     - nextcloud.martyn.berlin
+    secretName: nextcloud-tls

apps-kustomized/radarr/deploy.yaml

@@ -18,7 +18,7 @@ spec:
         app: radarr
     spec:
       containers:
-      - image: hotio/radarr:release-5.18.4.9674
+      - image: hotio/radarr:release
         imagePullPolicy: IfNotPresent
         name: radarr
         ports:

apps-kustomized/sabnzbd/deploy.yaml

@@ -16,7 +16,7 @@ spec:
         app: sabnzbd
     spec:
       containers:
-      - image: lscr.io/linuxserver/sabnzbd:4.4.1
+      - image: lscr.io/linuxserver/sabnzbd:latest
         imagePullPolicy: Always
         name: sabnzbd
         terminationMessagePath: /dev/termination-log

apps-kustomized/sonarr/deploy.yaml

@@ -16,7 +16,7 @@ spec:
         app: sonarr
     spec:
       containers:
-      - image: hotio/sonarr:release-4.0.13.2932
+      - image: hotio/sonarr:release-4.0.1.929
         imagePullPolicy: Always
         name: sonarr
         ports:
@@ -32,6 +32,8 @@ spec:
           name: config
         - mountPath: /data
           name: data
+        - mountPath: /series
+          name: series
         - mountPath: /combinedseries
           name: combinedseries
       dnsPolicy: ClusterFirst
@@ -42,6 +44,9 @@ spec:
       - name: config
         persistentVolumeClaim:
           claimName: sonarr-config-data
+      - name: series
+        persistentVolumeClaim:
+          claimName: smb-series
       - name: combinedseries
         persistentVolumeClaim:
           claimName: smb-combinedseries

apps-kustomized/sonarr/pvc-smb.yaml

@@ -1,5 +1,17 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
+metadata:
+  name: smb-series
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: smb-series
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
 metadata:
   name: smb-combinedseries
 spec:

apps-kustomized/writefreely/ingress.yaml

@@ -23,3 +23,4 @@ spec:
   tls:
   - hosts:
     - musings.martyn.berlin
+    secretName: musings-tls

everything-app/app-ingress-nginx.yaml

@@ -11,7 +11,7 @@ spec:
   source:
     chart: ingress-nginx
     repoURL: https://kubernetes.github.io/ingress-nginx
-    targetRevision: 4.12.0
+    targetRevision: 4.8.3
     helm:
       parameters:
       - name: controller.service.type
@@ -24,15 +24,6 @@ spec:
         value: "351198544"
       - name: controller.extraArgs.default-ssl-certificate
         value: "cluster-ingress/cluster-ingress-wildcard"
-      - name: controller.config.http-snippet
-        value: |-
-          more_set_headers -a "X-Robots-Tag: noai";
-          more_set_headers -a "X-Robots-Tag: Google-Extended: none";
-          more_set_headers -a "X-Robots-Tag: GPTBot: none";
-          more_set_headers -a "X-Robots-Tag: ChatGPT-User: none";
-          more_set_headers -a "X-Robots-Tag: anthropic-ai: none";
-          more_set_headers -a "X-Robots-Tag: CCBot: none";
-          more_set_headers -a "X-Robots-Tag: semrushbot: none";
   syncPolicy:
     automated:
       selfHeal: true

everything-app/app-letsencrypt.yaml

@@ -11,7 +11,7 @@ spec:
   source:
     chart: cert-manager
     repoURL: https://charts.jetstack.io
-    targetRevision: v1.17.1
+    targetRevision: v1.13.1
     helm:
       parameters:
       - name: installCRDs

everything-app/bikerwitch.yaml

@@ -36,7 +36,8 @@ spec:
             paths:
             - /
           tls:
-          - hosts:
+          - secretName: bikerwitch-tls
+            hosts:
             - bikerwitch.martyn.berlin
             - www.bikerwitch.org.uk
     path: apps-helm/drupal

everything-app/garage.yaml

@@ -41,6 +41,7 @@ spec:
               tls:
               - hosts:
                 - "s3.files.martyn.berlin"
+                secretName: s3-le-secret
               hosts:
               - host: s3.files.martyn.berlin
                 paths:
@@ -55,6 +56,7 @@ spec:
               tls:
               - hosts:
                 - "files.martyn.berlin"
+                secretName: files-le-secret
               hosts:
               - host: files.martyn.berlin
                 paths:

everything-app/longhorn.yaml

@@ -25,7 +25,7 @@ spec:
         value: "false"
     chart: longhorn
     repoURL: https://charts.longhorn.io
-    targetRevision: 1.6.4
+    targetRevision: 1.6.0
   syncPolicy:
     automated:
       selfHeal: true

everything-app/ntfy.yaml

@@ -46,7 +46,8 @@ spec:
             - path: /
               pathType: Prefix
           tls:
-          - hosts:
+          - secretName: ntfy-tls
+            hosts:
             - ntfy.martyn.berlin
 
         ntfy:

everything-app/samba-slow-big.yaml

@@ -24,16 +24,6 @@ spec:
           users:
           - username: martyn
             password: "564628"
-        affinity:
-          nodeAffinity:
-            preferredDuringSchedulingIgnoredDuringExecution:
-            - weight: 1
-              preference:
-                matchExpressions:
-                - key: kubernetes.io/hostname
-                  operator: In
-                  values:
-                  - talos-llu-kx3
         persistence:
           combineShares: true
           sharesToCombine:

renovate.json

@@ -1,6 +1,3 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "argocd": {
-	  "fileMatch": ["everything-app/.+\\.yaml$"]
-  }
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
 }