Update renovate/renovate Docker tag to v43.108.2

Reviewed-on: #192

.woodpecker/flux-reconcile-source.yaml

@@ -20,7 +20,7 @@ steps:
       - export VAULT_TOKEN=$(cat /woodpecker/.vault_id)
       - bao write -format json -f /kubernetes/creds/flux-reconcile > /woodpecker/kube_credentials
   - name: Construct Kubeconfig
-    image: alpine/k8s:1.32.13
+    image: alpine/k8s:1.35.3
     environment:
       KUBECONFIG: /woodpecker/kubeconfig
     commands:

README.md

@@ -2,6 +2,8 @@
 
 This repo contains configuration and documentation for my homelab setup, which is based on Talos OS for Kubernetes cluster and MikroTik router.
 
+[<img src="https://woodpecker.lumpiasty.xyz/api/badges/2/status.svg" alt="Pipeline status">](https://woodpecker.lumpiasty.xyz/repos/2)
+
 ## Architecture
 
 Physical setup consists of MikroTik router which connects to the internet and serves as a gateway for the cluster and other devices in the home network as shown in the diagram below.

apps/kustomization.yaml

@@ -6,12 +6,10 @@ resources:
   - authentik
   - gitea
   - renovate
-  - librechat
   - frigate
   - llama
   - immich
   - nas
-  - searxng
   - ispeak3
   - openwebui
   - woodpecker

apps/librechat/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - release.yaml

apps/librechat/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: librechat

apps/librechat/release.yaml

@@ -1,120 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: dynomite567-charts
-  namespace: librechat
-spec:
-  interval: 24h
-  url: https://dynomite567.github.io/helm-charts/
----
-# apiVersion: helm.toolkit.fluxcd.io/v2
-# kind: HelmRelease
-# metadata:
-#   name: librechat
-#   namespace: librechat
-# spec:
-#   interval: 30m
-#   chart:
-#     spec:
-#       chart: librechat
-#       version: 1.9.1
-#       sourceRef:
-#         kind: HelmRepository
-#         name: dynomite567-charts
-#   values:
-#     global:
-#       librechat:
-#         existingSecretName: librechat
-#     librechat:
-#       configEnv:
-#         PLUGIN_MODELS: null
-#         ALLOW_REGISTRATION: "false"
-#         TRUST_PROXY: "1"
-#         DOMAIN_CLIENT: https://librechat.lumpiasty.xyz
-#         SEARCH: "true"
-#       existingSecretName: librechat
-#       configYamlContent: |
-#         version: 1.0.3
-
-#         endpoints:
-#           custom:
-#             - name: "Llama.cpp"
-#               apiKey: "llama"
-#               baseURL: "http://llama.llama.svc.cluster.local:11434/v1"
-#               models:
-#                 default: [
-#                   "DeepSeek-R1-0528-Qwen3-8B-GGUF",
-#                   "Qwen3-8B-GGUF",
-#                   "Qwen3-8B-GGUF-no-thinking",
-#                   "gemma3n-e4b",
-#                   "gemma3-12b",
-#                   "gemma3-12b-q2",
-#                   "gemma3-12b-novision",
-#                   "gemma3-4b",
-#                   "gemma3-4b-novision",
-#                   "Qwen3-4B-Thinking-2507",
-#                   "Qwen3-4B-Thinking-2507-long-ctx",
-#                   "Qwen2.5-VL-7B-Instruct-GGUF",
-#                   "Qwen2.5-VL-32B-Instruct-GGUF-IQ1_S",
-#                   "Qwen2.5-VL-32B-Instruct-GGUF-Q2_K_L",
-#                   "Qwen3-VL-2B-Instruct-GGUF",
-#                   "Qwen3-VL-2B-Instruct-GGUF-unslothish",
-#                   "Qwen3-VL-2B-Thinking-GGUF",
-#                   "Qwen3-VL-4B-Instruct-GGUF",
-#                   "Qwen3-VL-4B-Instruct-GGUF-unslothish",
-#                   "Qwen3-VL-4B-Thinking-GGUF",
-#                   "Qwen3-VL-8B-Instruct-GGUF",
-#                   "Qwen3-VL-8B-Instruct-GGUF-unslothish",
-#                   "Qwen3-VL-8B-Thinking-GGUF",
-#                   "Huihui-Qwen3-VL-8B-Instruct-abliterated-GGUF",
-#                   "Huihui-Qwen3-VL-8B-Thinking-abliterated-GGUF"
-#                 ]
-#               titleConvo: true
-#               titleModel: "gemma3-4b-novision"
-#               summarize: false
-#               summaryModel: "gemma3-4b-novision"
-#               forcePrompt: false
-#               modelDisplayLabel: "Llama.cpp"
-
-#               # ✨ IMPORTANT: let llama-swap/llama-server own all these
-#               dropParams:
-#                 - "temperature"
-#                 - "top_p"
-#                 - "top_k"
-#                 - "presence_penalty"
-#                 - "frequency_penalty"
-#                 - "stop"
-#                 - "max_tokens"
-#       imageVolume:
-#         enabled: true
-#         size: 10G
-#         accessModes: ReadWriteOnce
-#         storageClassName: mayastor-single-hdd
-#     ingress:
-#       enabled: true
-#       className: nginx-ingress
-#       annotations:
-#         cert-manager.io/cluster-issuer: letsencrypt
-#         nginx.ingress.kubernetes.io/proxy-body-size: "0"
-#         nginx.ingress.kubernetes.io/proxy-buffering: "false"
-#         nginx.ingress.kubernetes.io/proxy-read-timeout: 30m
-#       hosts:
-#         - host: librechat.lumpiasty.xyz
-#           paths:
-#             - path: /
-#               pathType: ImplementationSpecific
-#       tls:
-#         - hosts:
-#             - librechat.lumpiasty.xyz
-#           secretName: librechat-ingress
-
-#     mongodb:
-#       persistence:
-#         storageClass: mayastor-single-hdd
-
-#     meilisearch:
-#       persistence:
-#         storageClass: mayastor-single-hdd
-#       auth:
-#         existingMasterKeySecret: librechat

apps/llama/deployment.yaml

@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
         - name: llama-swap
-          image: ghcr.io/mostlygeek/llama-swap:v199-vulkan-b8643
+          image: ghcr.io/mostlygeek/llama-swap:v199-vulkan-b8667
           imagePullPolicy: IfNotPresent
           command:
             - /app/llama-swap

apps/openwebui/release.yaml

@@ -18,7 +18,7 @@ spec:
   chart:
     spec:
       chart: open-webui
-      version: 12.13.0
+      version: 13.0.1
       sourceRef:
         kind: HelmRepository
         name: open-webui
@@ -45,6 +45,9 @@ spec:
         enabled: true
         existingClaim: openwebui-pipelines-lvmhdd
 
+    terminals:
+      enabled: true
+
     # SSO with Authentik
     extraEnvVars:
       - name: WEBUI_URL

apps/renovate/cronjob.yaml

@@ -15,7 +15,7 @@ spec:
             - name: renovate
               # Update this to the latest available and then enable Renovate on
               # the manifest
-              image: renovate/renovate:43.95.0-full
+              image: renovate/renovate:43.108.2-full
               envFrom:
                 - secretRef:
                     name: renovate-gitea-token

apps/searxng/configs/settings.yml

@@ -1 +0,0 @@
-use_default_settings: true

apps/searxng/deployment.yaml

@@ -1,42 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: searxng
-  namespace: searxng
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: searxng
-  template:
-    metadata:
-      labels:
-        app: searxng
-    spec:
-      containers:
-        - name: searxng
-          image: searxng/searxng:2025.8.12-6b1516d
-          ports:
-            - containerPort: 8080
-          env:
-            - name: SEARXNG_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: searxng-secret
-                  key: SEARXNG_SECRET
-                  optional: false
-          volumeMounts:
-            - name: config-volume
-              mountPath: /etc/searxng/settings.yml
-              subPath: settings.yml
-              readOnly: true
-            - name: searxng-persistent-data
-              mountPath: /var/cache/searxng
-      volumes:
-        - name: config-volume
-          configMap:
-            name: searxng-config
-        - name: searxng-persistent-data
-          persistentVolumeClaim:
-            claimName: searxng-persistent-data-lvmhdd

apps/searxng/ingress.yaml

@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  namespace: searxng
-  name: searxng
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  ingressClassName: nginx-ingress
-  rules:
-    - host: searxng.lumpiasty.xyz
-      http:
-        paths:
-          - backend:
-              service:
-                name: searxng
-                port:
-                  number: 8080
-            path: /
-            pathType: Prefix
-  tls:
-    - hosts:
-        - searxng.lumpiasty.xyz
-      secretName: searxng-ingress

apps/searxng/kustomization.yaml

@@ -1,13 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - pvc.yaml
-  - deployment.yaml
-  - service.yaml
-  - ingress.yaml
-configMapGenerator:
-  - name: searxng-config
-    namespace: searxng
-    files:
-      - settings.yml=configs/settings.yml

apps/searxng/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: searxng

apps/searxng/pvc.yaml

@@ -1,46 +0,0 @@
----
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: searxng-persistent-data-lvmhdd
-  namespace: openebs
-spec:
-  capacity: 1Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: searxng-persistent-data-lvmhdd
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: searxng-persistent-data-lvmhdd
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: searxng-persistent-data-lvmhdd
-  namespace: searxng
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: hdd-lvmpv
-  volumeName: searxng-persistent-data-lvmhdd

apps/searxng/service.yaml

@@ -1,14 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: searxng
-  namespace: searxng
-spec:
-  selector:
-    app: searxng
-  ports:
-    - protocol: TCP
-      port: 8080
-      targetPort: 8080
-  type: ClusterIP

cluster/apps.yaml

@@ -4,7 +4,7 @@ metadata:
   name: apps
   namespace: flux-system
 spec:
-  interval: 10m0s
+  interval: 24h
   sourceRef:
     kind: GitRepository
     name: flux-system

cluster/flux-system/gotk-sync.yaml

@@ -6,7 +6,7 @@ metadata:
   name: flux-system
   namespace: flux-system
 spec:
-  interval: 1m0s
+  interval: 24h
   ref:
     branch: fresh-start
   secretRef:
@@ -19,7 +19,7 @@ metadata:
   name: flux-system
   namespace: flux-system
 spec:
-  interval: 10m0s
+  interval: 24h
   path: ./cluster
   prune: true
   sourceRef:

cluster/infra.yaml

@@ -4,7 +4,7 @@ metadata:
   name: infra
   namespace: flux-system
 spec:
-  interval: 10m0s
+  interval: 24h
   sourceRef:
     kind: GitRepository
     name: flux-system

infra/configs/lvmpv-ssd-sc.yaml

@@ -3,6 +3,8 @@ apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: ssd-lvmpv
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
 parameters:
   storage: "lvm"
   volgroup: "openebs-ssd"

infra/controllers/cloudnative-pg.yaml

@@ -23,7 +23,7 @@ spec:
   chart:
     spec:
       chart: cloudnative-pg
-      version: 0.27.1
+      version: 0.28.0
       sourceRef:
         kind: HelmRepository
         name: cnpg