Update renovate/renovate Docker tag to v41.82.10

Reviewed-on: #67

apps/frigate/release.yaml

@@ -139,7 +139,7 @@ spec:
         skipuninstall: true
       config:
         enabled: true
-        size: 1Gi
+        size: 5Gi
         storageClass: mayastor-single-hdd
         skipuninstall: true
     envFromSecrets:

apps/gitea/release.yaml

@@ -17,7 +17,7 @@ spec:
   chart:
     spec:
       chart: gitea
-      version: 12.1.2
+      version: 12.2.0
       sourceRef:
         kind: HelmRepository
         name: gitea-charts

apps/immich/redis.yaml

@@ -19,7 +19,7 @@ spec:
   chart:
     spec:
       chart: redis
-      version: 21.2.13
+      version: 22.0.5
       sourceRef:
         kind: HelmRepository
         name: bitnami

apps/immich/release.yaml

@@ -18,7 +18,7 @@ spec:
   chart:
     spec:
       chart: immich
-      version: 0.7.2
+      version: 0.7.5
       sourceRef:
         kind: HelmRepository
         name: secustor

apps/kustomization.yaml

@@ -4,8 +4,8 @@ resources:
   - gitea
   - registry
   - renovate
-  - ollama
   - librechat
   - frigate
   - llama
   - immich
+  - searxng

apps/librechat/release.yaml

@@ -39,26 +39,6 @@ spec:
 
         endpoints:
           custom:
-            - name: "Ollama"
-              apiKey: "ollama"
-              baseURL: "http://ollama.ollama.svc.cluster.local:11434/v1/chat/completions" 
-              models:
-                default: [
-                  "llama2",
-                  "mistral",
-                  "codellama",
-                  "dolphin-mixtral",
-                  "mistral-openorca"
-                  ]
-                # fetching list of models is supported but the `name` field must start
-                # with `ollama` (case-insensitive), as it does in this example.
-                fetch: true
-              titleConvo: true
-              titleModel: "current_model"
-              summarize: false
-              summaryModel: "current_model"
-              forcePrompt: false
-              modelDisplayLabel: "Ollama"
             - name: "Llama.cpp"
               apiKey: "llama"
               baseURL: "http://llama.llama.svc.cluster.local:11434/v1"

apps/llama/configs/config.yaml

@@ -144,4 +144,34 @@ models:
       --top-k 20
       --repeat-penalty 1.0
       --no-warmup
+      --flash-attn
+      --cache-type-k q8_0 --cache-type-v q8_0
+      --port ${PORT}
+  "Qwen3-4B-Instruct-2507":
+    ttl: 600
+    cmd: |
+      /app/llama-server
+      -hf unsloth/Qwen3-4B-Instruct-2507-GGUF:Q4_K_M
+      -ngl 99 -c 16384 --predict 8192
+      --temp 0.7
+      --min-p 0.00
+      --top-p 0.8
+      --top-k 20
+      --repeat-penalty 1.0
+      --no-warmup
+      --port ${PORT}
+  "Qwen3-4B-Instruct-2507-long-ctx":
+    ttl: 600
+    cmd: |
+      /app/llama-server
+      -hf unsloth/Qwen3-4B-Instruct-2507-GGUF:Q4_K_M
+      -ngl 99 -c 262144 --predict 81920
+      --temp 0.7
+      --min-p 0.00
+      --top-p 0.8
+      --top-k 20
+      --repeat-penalty 1.0
+      --no-warmup
+      --flash-attn
+      --cache-type-k q8_0 --cache-type-v q8_0
       --port ${PORT}

apps/ollama/auth-proxy.yaml

@@ -1,68 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: ollama-proxy
-  namespace: ollama
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: ollama-proxy
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: ollama-proxy
-    spec:
-      containers:
-        - name: caddy
-          image: caddy:2.10.0-alpine
-          imagePullPolicy: IfNotPresent
-          volumeMounts:
-            - mountPath: /etc/caddy
-              name: proxy-config
-          env:
-            - name: API_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: ollama-api-key
-                  key: API_KEY
-      volumes:
-        - name: proxy-config
-          configMap:
-            name: ollama-proxy-config
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  namespace: ollama
-  name: ollama-proxy-config
-data:
-  Caddyfile: |
-    http://ollama.lumpiasty.xyz {
-
-      @requireAuth {
-        not header Authorization "Bearer {env.API_KEY}"
-      }
-
-      respond @requireAuth "Unauthorized" 401
-
-      reverse_proxy ollama:11434 {
-        flush_interval -1
-      }
-    }
----
-apiVersion: v1
-kind: Service
-metadata:
-  namespace: ollama
-  name: ollama-proxy
-spec:
-  type: ClusterIP
-  selector:
-    app.kubernetes.io/name: ollama-proxy
-  ports:
-    - name: http
-      port: 80
-      targetPort: 80
-      protocol: TCP

apps/ollama/ingress.yaml

@@ -1,28 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  namespace: ollama
-  name: ollama
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    acme.cert-manager.io/http01-edit-in-place: "true"
-    nginx.ingress.kubernetes.io/proxy-buffering: "false"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: 30m
-spec:
-  ingressClassName: nginx-ingress
-  rules:
-    - host: ollama.lumpiasty.xyz
-      http:
-        paths:
-          - backend:
-              service:
-                name: ollama-proxy
-                port:
-                  number: 80
-            path: /
-            pathType: Prefix
-  tls:
-    - hosts:
-        - ollama.lumpiasty.xyz
-      secretName: ollama-ingress

apps/ollama/kustomization.yaml

@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - release.yaml
-  - secret.yaml
-  - auth-proxy.yaml
-  - ingress.yaml

apps/ollama/release.yaml

@@ -1,60 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: ollama-helm
-  namespace: ollama
-spec:
-  interval: 24h
-  url: https://otwld.github.io/ollama-helm/
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: ollama
-  namespace: ollama
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: ollama
-      version: 1.25.0
-      sourceRef:
-        kind: HelmRepository
-        name: ollama-helm
-        namespace: ollama
-      interval: 12h
-  values:
-    ollama:
-      gpu:
-        enabled: false
-    persistentVolume:
-      enabled: true
-      storageClass: mayastor-single-hdd
-      size: 200Gi
-    # GPU support
-    # Rewrite of options in
-    # https://hub.docker.com/r/grinco/ollama-amd-apu
-    image:
-      repository: grinco/ollama-amd-apu
-      tag: vulkan
-    securityContext:
-      # Not ideal
-      privileged: true
-      capabilities:
-        add:
-          - PERFMON
-    volumeMounts:
-      - name: kfd
-        mountPath: /dev/kfd
-      - name: dri
-        mountPath: /dev/dri
-    volumes:
-      - name: kfd
-        hostPath:
-          path: /dev/kfd
-          type: CharDevice
-      - name: dri
-        hostPath:
-          path: /dev/dri
-          type: Directory

apps/ollama/secret.yaml

@@ -1,38 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ollama-proxy
-  namespace: ollama
----
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultAuth
-metadata:
-  name: ollama
-  namespace: ollama
-spec:
-  method: kubernetes
-  mount: kubernetes
-  kubernetes:
-    role: ollama-proxy
-    serviceAccount: ollama-proxy
----
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultStaticSecret
-metadata:
-  name: ollama-api-key
-  namespace: ollama
-spec:
-  type: kv-v2
-
-  mount: secret
-  path: ollama
-
-  destination:
-    create: true
-    name: ollama-api-key
-    type: Opaque
-    transformation:
-      excludeRaw: true
-
-  vaultAuthRef: ollama

apps/renovate/cronjob.yaml

@@ -15,7 +15,7 @@ spec:
             - name: renovate
               # Update this to the latest available and then enable Renovate on
               # the manifest
-              image: renovate/renovate:41.76.0-full
+              image: renovate/renovate:41.82.10-full
               envFrom:
                 - secretRef:
                     name: renovate-gitea-token

apps/searxng/configs/settings.yml

@@ -0,0 +1 @@
+use_default_settings: true

apps/searxng/deployment.yaml

@@ -0,0 +1,42 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: searxng
+  namespace: searxng
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: searxng
+  template:
+    metadata:
+      labels:
+        app: searxng
+    spec:
+      containers:
+        - name: searxng
+          image: searxng/searxng:2025.8.12-6b1516d
+          ports:
+            - containerPort: 8080
+          env:
+            - name: SEARXNG_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: searxng-secret
+                  key: SEARXNG_SECRET
+                  optional: false
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/searxng/settings.yml
+              subPath: settings.yml
+              readOnly: true
+            - name: searxng-persistent-data
+              mountPath: /var/cache/searxng
+      volumes:
+        - name: config-volume
+          configMap:
+            name: searxng-config
+        - name: searxng-persistent-data
+          persistentVolumeClaim:
+            claimName: searxng-persistent-data

apps/searxng/ingress.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: searxng
+  name: searxng
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  ingressClassName: nginx-ingress
+  rules:
+    - host: searxng.lumpiasty.xyz
+      http:
+        paths:
+          - backend:
+              service:
+                name: searxng
+                port:
+                  number: 8080
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - searxng.lumpiasty.xyz
+      secretName: searxng-ingress

apps/searxng/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - pvc.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+configMapGenerator:
+  - name: searxng-config
+    namespace: searxng
+    files:
+      - settings.yml=configs/settings.yml

apps/searxng/namespace.yaml

@@ -2,4 +2,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: ollama
+  name: searxng

apps/searxng/pvc.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: searxng
+  name: searxng-persistent-data
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: mayastor-single-ssd

apps/searxng/service.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: searxng
+  namespace: searxng
+spec:
+  selector:
+    app: searxng
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+  type: ClusterIP

infra/controllers/cilium.yaml

@@ -23,7 +23,7 @@ spec:
   chart:
     spec:
       chart: cilium
-      version: 1.18.0
+      version: 1.18.1
       sourceRef:
         kind: HelmRepository
         name: cilium

infra/controllers/cloudnative-pg.yaml

@@ -23,7 +23,7 @@ spec:
   chart:
     spec:
       chart: cloudnative-pg
-      version: 0.25.0
+      version: 0.26.0
       sourceRef:
         kind: HelmRepository
         name: cnpg

infra/controllers/nginx-ingress.yaml

@@ -23,7 +23,7 @@ spec:
   chart:
     spec:
       chart: ingress-nginx
-      version: 4.13.0
+      version: 4.13.1
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx

infra/controllers/openbao.yaml

@@ -23,7 +23,7 @@ spec:
   chart:
     spec:
       chart: openbao
-      version: 0.16.2
+      version: 0.16.3
       sourceRef:
         kind: HelmRepository
         name: openbao