sync-with-upsteam #1

Merged

thunerbl merged 1499 commits from sync-with-upsteam into main 2026-03-29 15:32:22 +00:00

Conversation 0 Commits 1499 Files changed 1145 +96004

thunerbl commented 2026-03-29 15:31:53 +00:00

Owner

Copy link

No description provided.

thunerbl added 1499 commits 2026-03-29 15:31:53 +00:00

Initial commit 539d691f34

Add the container file b7efca7817

Initial commit 370dbdfc62

First commit c001299b6f

Adds UC1 and UC2 3a1bec498e

wip 91152d1dac

feat: WIP cli for runtime 9287c62a41

new strategy: deploy runtime components with flux & remove cli 54e7d4078b

fix: rename folder 8278581514

fix: rename helm repository 046f411983

fix: indention 9ecc1fbb50

fix: add kustomize for monitoring components b09af30f24

fix: loki path 141682b796

fix: add namespace in kustomize 52f7321558

fix: add namespace in kustomize a2d214a983

fix: helmrepo names 0359820948

fix: helmrepo names fdbd531f8e

fix: autoscaling for loki gateway fb74df8939

fix: ingress pathType 7cd38558e3

fix: thanos s3 config 79e41d8652

fix: loki image for three target deployment 4a2a6c239e

fix: thanos s3 config secret name edd37657a8

feat: add grafana hr cd4cc904a2

feat: add keycloak 17ff7fee09

fix: kustomization & cleanup d7151cdc1c

fix: add kustomization for keycloak f20ef89ae7

fix: add namespace for keycloak 97c5b0ab4d

fix: postgres api kind 6afb228628

fix: add namespace in hr 3793867941

fix: minio & zalando helmrepository 260dc5b0a2

fix: minio & zalando helmrepository 772a5416cb

fix: keycloak ff78c25b8e

fix: keycloak secret 58dce122b2

fix: keycloak pg host cb03335ad0

fix: set replicas for keycloak 3e280426b0

fix: ingress for keycloak 839faeb8fb

fix: renaming fdd5fcb9d5

feat: add libresh git repository 502a281a30

feat: new organization for manifests based on components scope da9de8412b

fix: ingress dependency and move issuer 53edb0854d

feat: add missing libresh components & add crds for monitoring and libresh seperately cd8e61afd7

fix: storage class for openEBS a6740174a0

fix: prometheus crds bb4fc33384

fix: cleanup & fix helm releases bd1d653228

fix: crds kustomization 852ae5bb96

fix: cleanup storageclass 0f25e94f27

fix: keydb kustomization ad7ab29bd9

refactor: reorganize 83be599602

fix: remove namespace in HR and set libresh-system ns for helmrepos 240537a5b5

fix: remove libresh git repo, it is deployed by cli d7bdd5f61d

fix: remove duplicate a70894b5b0

feat: add valueFrom in ingress hr c9ae5a21bc

fix: remove customizable spec in ingress hr 0cec6df4fa

fix: remove values in hr and use a configmap with valueFrom 52e7b6e068

fix: remove values.yaml d4ef86a471

fix: remove suffix for generated resources 35d30e91ac

fix: values dfb9746c87

fix: grafana dashboard 70079dbb34

fix: secret name for keycloak admin creds 59c57ffaad

feat: update images for libresh operators f8192ecbc4

fix: buckets 71c425bb5f

Revert "fix: buckets" ... a9f22f595b

This reverts commit 71c425bb5f.

fix: buckets 6d520e9e71

fix: grafana admin creds secret & cleanup d10ef67478

fix: rename folder for prometheus crds cfd973db16

feat: use values file and enable custom values for observability components 705a8a9db0

fix: admin creds for promtail d89fbc38a8

fix: custom values name for promtail d74037e6db

feat: add cli b9532d240b

fix: cleanup 30e2ed02f0

fix: add csi stage & pin git repo version f42e21a889

fix: remove storage class c451811e4f

feat: update minio hr 741f4e9003

feat: update to v0.1.1 04400dbd3b

fix: tls for grafana ingress 8083b5f1f2

feat: update libresh object-storage-operator 946a75dd29

fix: change name of cm ingress nginx 9c26efa919

Merge branch 'change-cm-ingress-nginx' into 'main' ... 6a4caa70a2

fix: change name of cm ingress nginx

See merge request libre.sh/libre.sh!2

feat: uses default service type from upstream ... f993434b2f

In the upstream helm chart, the default service type is LoadBalancer

fix: enable tls for grafana ingress 880ca5a692

feat: add compute-full-forwarded-for ... 1ef2c9bfb2

This is used in proxy protocol environement, like on scaleway.

fix: bucket name in loki conf 39043f54a8

fix: bucket name in loki conf 72558b18fa

feat: Loki configuration c29970f05c

Merge branch 'loki' into 'main' ... 545ce6072a

feat: Loki configuration

See merge request libre.sh/libre.sh!3

fix: namespace for thanos sidecar service c38300ca9e

fix: remove ingress for alertmanager 157f36645b

feat: add alertmanager to grafana datasources b8db5d4738

fix: alertmanager url for thanos 3633cbd4da

Merge branch 'alerts' into 'main' ... 38e58572d5

alertmanager

See merge request libre.sh/libre.sh!4

feat: add docs 7d91eded2c

build: add Tiltfile & script to dev f2fa682526

fix: remove buggy loki source 264f316942

feat: config json log nginx 3ec0192557

feat: bump helm grafana version to 6.57.1 369eade3ff

feat: update to latest ... 0a9bb71ed1

I'm the renovate bot \o/

Merge branch 'renovate-bot-pierre' into 'main' ... ea618746e3

feat: update to latest

See merge request libre.sh/libre.sh!5

feat: bump keydb-operator to v0.2.0-rc.2 363d9640f3

feat: add renovate bot 764d8b2585

fix(deps): update module github.com/fluxcd/kustomize-controller/api to v0.35.1 ... 1db25e1475

| datasource | package                                    | from    | to      |
| ---------- | ------------------------------------------ | ------- | ------- |
| go         | github.com/fluxcd/kustomize-controller/api | v0.35.0 | v0.35.1 |

fix(deps): update module github.com/minio/minio-go/v7 to v7.0.59 ... 54cada7357

| datasource | package                      | from    | to      |
| ---------- | ---------------------------- | ------- | ------- |
| go         | github.com/minio/minio-go/v7 | v7.0.47 | v7.0.59 |

feat(container): update image ghcr.io/tarampampam/error-pages to v2.24.0 ... 4588b3c61d

| datasource | package                         | from   | to     |
| ---------- | ------------------------------- | ------ | ------ |
| docker     | ghcr.io/tarampampam/error-pages | 2.16.0 | 2.24.0 |

Merge branch 'renovate/github.com-minio-minio-go-v7-7.x' into 'main' ... cde056c06d

fix(deps): update module github.com/minio/minio-go/v7 to v7.0.59

See merge request libre.sh/libre.sh!8

Merge branch 'renovate/ghcr.io-tarampampam-error-pages-2.x' into 'main' ... 1fd3940ba9

feat(container): update image ghcr.io/tarampampam/error-pages to v2.24.0

See merge request libre.sh/libre.sh!9

Merge branch 'renovate/github.com-fluxcd-kustomize-controller-api-0.x' into 'main' ... b35c699a68

fix(deps): update module github.com/fluxcd/kustomize-controller/api to v0.35.1

See merge request libre.sh/libre.sh!7

fix: renovate WIP 6e5cd4a82d

feat: remove gomod from renovate b3ec4d3c87

fix: test for renovate without go.mod 48ab7f252a

fix: move helm repos to subfolder for renovate 148a6f7777

fix: cleanup 7c7509f9cb

wip bcb2595b32

wip af4b594e18

fix: move repositories & set namespace for renovatebot to work e309de4aff

fix: cleanup fd66ff3954

fix: enable patroni failsafe mode e6536ad136

feat(postgres): enable antiaffinity a4e1f58560

feat(postgres): allow custom values 2a2141231f

feat: bump zalando postgres to v1.10 eac3041b9f

feat(postgres): add inherited labels 71c73a620e

feat(postgres): enable pod antiaffinity 623114abb6

feat: bump object-storage-operator to v0.2.1 9cf204445b

feat(github-release): update prometheus-operator/prometheus-operator to v0.66.0 ... f249227f26

| datasource      | package                                 | from    | to      |
| --------------- | --------------------------------------- | ------- | ------- |
| github-releases | prometheus-operator/prometheus-operator | v0.63.0 | v0.66.0 |

feat(helm)!: Update chart kube-prometheus-stack to 47.6.1 ... 249ad02487

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 45.6.0 | 47.6.1 |

feat(helm): update chart promtail to 6.11.5 ... a53bbae33a

| datasource | package  | from  | to     |
| ---------- | -------- | ----- | ------ |
| helm       | promtail | 6.9.3 | 6.11.5 |

feat(helm): update chart ingress-nginx to 4.7.1 ... 55aa926ca2

| datasource | package       | from  | to    |
| ---------- | ------------- | ----- | ----- |
| helm       | ingress-nginx | 4.5.2 | 4.7.1 |

feat(helm): update chart cert-manager to v1.12.2 50f7936d18

feat(container): update thanos group ... d239ec0e1a

| datasource | package               | from    | to      |
| ---------- | --------------------- | ------- | ------- |
| docker     | quay.io/thanos/thanos | v0.30.2 | v0.31.0 |
| helm       | thanos                | 12.1.2  | 12.8.3  |

feat(helm): update chart grafana to 6.58.2 ... 682d1f9f01

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | grafana | 6.57.1 | 6.58.2 |

fix(helm): update chart operator to 5.0.6 ... a2615c5547

| datasource | package  | from  | to    |
| ---------- | -------- | ----- | ----- |
| helm       | operator | 5.0.3 | 5.0.6 |

feat(helm): update chart openebs to 3.7.0 ... 558afb9ee4

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | openebs | 3.4.1 | 3.7.0 |

feat(helm)!: Update chart loki to 5.8.9 ... bc2c1079c2

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | loki    | 4.8.0 | 5.8.9 |

feat: add kyverno manifests 7ed30435f1

feat: add velero manifests fb5b1b7d57

fix: new repo path in renovate fbdfd0a8bf

fix(helm): update chart grafana to 6.58.4 ... 11fb7c93fb

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | grafana | 6.58.2 | 6.58.4 |

fix(helm): update chart promtail to 6.11.7 ... 4bdd9d3a3e

| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| helm       | promtail | 6.11.5 | 6.11.7 |

fix(helm): update chart thanos to 12.8.6 ... ceaea2946e

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | thanos  | 12.8.3 | 12.8.6 |

feat(helm)!: Update chart kube-prometheus-stack to 48.1.2 ... 5b885fc617

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 47.6.1 | 48.1.2 |

fix(loki): use default image c596422067

fix(loki): increase timeout & remove remediation 317ce1e36c

Merge branch 'renovate/thanos' into 'main' ... cfe2746851

fix(helm): update chart thanos to 12.8.6

See merge request indiehost/libre.sh/libre.sh!42

Merge branch 'renovate/promtail-6.x' into 'main' ... a8ba1a0cda

fix(helm): update chart promtail to 6.11.7

See merge request indiehost/libre.sh/libre.sh!41

Merge branch 'renovate/grafana-6.x' into 'main' ... ed1e772e23

fix(helm): update chart grafana to 6.58.4

See merge request indiehost/libre.sh/libre.sh!40

Merge branch 'renovate/kube-prometheus-stack-48.x' into 'main' ... 9050a5971b

feat(helm)!: Update chart kube-prometheus-stack to 48.1.2

See merge request indiehost/libre.sh/libre.sh!38

fix: follow pattern, seperate values file & optional custom values in cm 2818a821cf

Merge branch 'feat/backups' into 'main' ... 3079f86b07

Feat/backups

See merge request indiehost/libre.sh/libre.sh!39

feat(loki/grafana): add loki datasource to grafana 56ef568ec7

fix(minio/grafana): set right datasource in grafana dashboard for minio 2118315db0

fix(velero): remove values from ks 55e86ad3ab

fix(minio): move dashboard to right folder 8fcbdb7c11

fix(loki/grafana): add label for datasource a285c3fedb

fix(kyverno): increase ram 0cf3d01bfb

fix(container): update image velero/velero-plugin-for-aws to v1.7.1 ... d01a8055c3

| datasource | package                      | from   | to     |
| ---------- | ---------------------------- | ------ | ------ |
| docker     | velero/velero-plugin-for-aws | v1.7.0 | v1.7.1 |

fix(helm): update chart grafana to 6.58.5 ... 2c0eb61a9a

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | grafana | 6.58.4 | 6.58.5 |

fix(helm): update chart promtail to 6.11.9 ... e35114d8f3

| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| helm       | promtail | 6.11.7 | 6.11.9 |

feat(helm): update chart kube-prometheus-stack to 48.2.0 ... 53036f53c5

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 48.1.2 | 48.2.0 |

feat(helm): update chart loki to 5.9.0 ... d361f59151

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | loki    | 5.8.9 | 5.9.0 |

Merge branch 'renovate/loki-5.x' into 'main' ... 614a51e2e1

feat(helm): update chart loki to 5.9.0

See merge request indiehost/libre.sh/libre.sh!47

Merge branch 'renovate/kube-prometheus-stack-48.x' into 'main' ... 097df57c45

feat(helm): update chart kube-prometheus-stack to 48.2.0

See merge request indiehost/libre.sh/libre.sh!46

Merge branch 'renovate/promtail-6.x' into 'main' ... 544014a6ad

fix(helm): update chart promtail to 6.11.9

See merge request indiehost/libre.sh/libre.sh!45

Merge branch 'renovate/grafana-6.x' into 'main' ... e3e806bd7b

fix(helm): update chart grafana to 6.58.5

See merge request indiehost/libre.sh/libre.sh!44

Merge branch 'renovate/velero-velero-plugin-for-aws-1.x' into 'main' ... d8f855de21

fix(container): update image velero/velero-plugin-for-aws to v1.7.1

See merge request indiehost/libre.sh/libre.sh!43

fix: disable postgres readiness probe ... 3a8e9005d3

avoid cutting the traffic when the kublet is stressed

feat: bump keydb to v0.2.0 3d463e79ca

fix: storage mini is 1Gi ... 1717f3dacb

in some cloud provider.

feat: add stakater ingress monitor 87697325bc

dev: update dev env b446f55d82

dev: fix minio values 7b7ee23615

dev: change minio memory request a3a5ce961e

dev: simplify setup dd07c2a670

dev: add juicefs csi 83363b611e

feat: add priority classes 223cbb538e

feat: add cluster proportional autoscaler 8b7a6eb514

feat: add kubernetes event exporter d5e5aa6ed3

dev: fix coredns config a8e7982179

ci: change depName 5235a7512e

ci: try to enforce groups 224157d007

ci: add keydb group e2b64e4943

ci: change operators group 523f45e7b1

ci: try to simplify renovate ebe00c13e5

fix: update helm release ingressmonitorcontroller to v2.1.38 ... 5b19aae8be

| datasource | package                  | from   | to     |
| ---------- | ------------------------ | ------ | ------ |
| helm       | ingressmonitorcontroller | 2.1.34 | 2.1.38 |

feat: update helm release openebs to v3.9.0 ... fc6ed05014

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | openebs | 3.7.0 | 3.9.0 |

feat!: Update Helm release velero to v5 ... f25934d0dc

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | velero  | 4.1.3 | 5.0.2 |

feat: update helm release cert-manager to v1.13.1 ... 298ef34697

| datasource | package      | from    | to      |
| ---------- | ------------ | ------- | ------- |
| helm       | cert-manager | v1.12.2 | v1.13.1 |

feat: update helm release kube-prometheus-stack to v48.6.0 ... 35b8d2b373

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 48.2.0 | 48.6.0 |

fix: update helm release kyverno to v3.0.5 ... b37bc84b0d

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | kyverno | 3.0.2 | 3.0.5 |

feat: update helm release ingress-nginx to v4.8.0 ... d8624dd0b4

| datasource | package       | from  | to    |
| ---------- | ------------- | ----- | ----- |
| helm       | ingress-nginx | 4.7.1 | 4.8.0 |

fix: update helm release kubernetes-event-exporter to v2.7.2 ... 97212d9730

| datasource | package                   | from  | to    |
| ---------- | ------------------------- | ----- | ----- |
| helm       | kubernetes-event-exporter | 2.7.0 | 2.7.2 |

feat: update helm release promtail to v6.15.2 ... 7ad8128ac6

| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| helm       | promtail | 6.11.9 | 6.15.2 |

feat: update ghcr.io/tarampampam/error-pages docker tag to v2.25.0 ... 3ab5521268

| datasource | package                         | from   | to     |
| ---------- | ------------------------------- | ------ | ------ |
| docker     | ghcr.io/tarampampam/error-pages | 2.24.0 | 2.25.0 |

feat: update helm release loki to v5.23.1 ... 7169c45969

| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| helm       | loki    | 5.9.0 | 5.23.1 |

feat: update velero/velero-plugin-for-aws docker tag to v1.8.0 ... 7bb5006a0a

| datasource | package                      | from   | to     |
| ---------- | ---------------------------- | ------ | ------ |
| docker     | velero/velero-plugin-for-aws | v1.7.1 | v1.8.0 |

fix: update helm release operator to v5.0.9 ... 731c866557

| datasource | package  | from  | to    |
| ---------- | -------- | ----- | ----- |
| helm       | operator | 5.0.6 | 5.0.9 |

feat!: Update Helm release kube-prometheus-stack to v51 ... eabea00275

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 48.6.0 | 51.2.0 |

feat: update helm release grafana to v6.60.1 ... d7d923bcf7

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | grafana | 6.58.5 | 6.60.1 |

feat: update prometheus-operator/prometheus-operator to v0.68.0 ... 856212df72

| datasource      | package                                 | from    | to      |
| --------------- | --------------------------------------- | ------- | ------- |
| github-releases | prometheus-operator/prometheus-operator | v0.66.0 | v0.68.0 |

feat: update thanos group ... 273238ac2d

| datasource | package               | from    | to      |
| ---------- | --------------------- | ------- | ------- |
| docker     | quay.io/thanos/thanos | v0.31.0 | v0.32.4 |
| helm       | thanos                | 12.8.6  | 12.13.6 |

feat: update keydb-operator to v0.3.0 ... 5aac75ff1b

| datasource | package                                        | from   | to     |
| ---------- | ---------------------------------------------- | ------ | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/keydb-operator | v0.2.0 | v0.3.0 |
| docker     | registry.libre.sh/keydb-operator               | v0.2.0 | v0.3.0 |

fix: update forge.liiib.re/libre.sh/api to v0.2.3 ... 725c81a47d

| datasource | package                             | from        | to     |
| ---------- | ----------------------------------- | ----------- | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/api | v0.2.0-rc.3 | v0.2.3 |

fix: update helm release postgres-operator to v1.10.1 ... 590f5adca3

| datasource | package           | from   | to     |
| ---------- | ----------------- | ------ | ------ |
| helm       | postgres-operator | 1.10.0 | 1.10.1 |

feat: update object-storage-operator to v0.3.0 ... 374f49501a

| datasource | package                                                 | from   | to     |
| ---------- | ------------------------------------------------------- | ------ | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/object-storage-operator | v0.2.1 | v0.3.0 |
| docker     | registry.libre.sh/object-storage-operator               | v0.2.1 | v0.3.0 |

feat: update postgres-operator to v0.4.0 c266c55549

feat: add postgres exporter fb5cd3234e

fix: increase memory for kyverno 88be830147

fix: disable hr remediation 40ab0d2004

fix: grafana datasources 04380e4a9e

fix: operator requests/limits e44000665e

fix: nginx requests/limits cd16e39125

fix(scaling): don't set replicas defc35030f

fix(scaling): deploy namespace 8600cea2f0

fix(minio/grafana): update dashboard ab1f48ce5f

fix(tilt/nginx): add allow-snippet-annotations in nginx conf c041fa8298

fix: decrease priority of overprovisionning c929273aba

fix: update keydb-operator to v0.3.2 ... 7d9f93cfd8

| datasource | package                                        | from   | to     |
| ---------- | ---------------------------------------------- | ------ | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/keydb-operator | v0.3.1 | v0.3.2 |
| docker     | registry.libre.sh/keydb-operator               | v0.3.1 | v0.3.2 |

feat!: Update Helm release kube-prometheus-stack to v52 ... df3d84cfb2

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 51.2.0 | 52.1.0 |

feat!: Update Helm release grafana to v7 ... 57ab9af97f

| datasource | package | from   | to    |
| ---------- | ------- | ------ | ----- |
| helm       | grafana | 6.60.1 | 7.0.1 |

feat: update helm release loki to v5.36.0 ... b6ce5e3217

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | loki    | 5.23.1 | 5.36.0 |

fix: update helm release promtail to v6.15.3 ... cb02c9e09e

| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| helm       | promtail | 6.15.2 | 6.15.3 |

fix: update thanos group ... 369c661215

| datasource | package               | from    | to       |
| ---------- | --------------------- | ------- | -------- |
| docker     | quay.io/thanos/thanos | v0.32.4 | v0.32.5  |
| helm       | thanos                | 12.13.6 | 12.13.13 |

fix: update helm release kubernetes-event-exporter to v2.7.6 ... 1a3d9644a8

| datasource | package                   | from  | to    |
| ---------- | ------------------------- | ----- | ----- |
| helm       | kubernetes-event-exporter | 2.7.2 | 2.7.6 |

fix: update helm release ingress-nginx to v4.8.3 ... e87126210d

| datasource | package       | from  | to    |
| ---------- | ------------- | ----- | ----- |
| helm       | ingress-nginx | 4.8.0 | 4.8.3 |

fix: update helm release ingressmonitorcontroller to v2.1.41 ... 9205950668

| datasource | package                  | from   | to     |
| ---------- | ------------------------ | ------ | ------ |
| helm       | ingressmonitorcontroller | 2.1.38 | 2.1.41 |

feat: update helm release velero to v5.1.2 ... 206c59e8eb

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | velero  | 5.0.2 | 5.1.2 |

fix: update helm release operator to v5.0.10 ... d353cf618c

| datasource | package  | from  | to     |
| ---------- | -------- | ----- | ------ |
| helm       | operator | 5.0.9 | 5.0.10 |

fix: update velero/velero-plugin-for-aws docker tag to v1.8.1 ... c8b906ed5e

| datasource | package                      | from   | to     |
| ---------- | ---------------------------- | ------ | ------ |
| docker     | velero/velero-plugin-for-aws | v1.8.0 | v1.8.1 |

feat(resources): improve requests and limits 5891846a04

feat(nginx-metrics): reduce number of metrics 815e5cb5a4

feat(prom): decrease to 2 replicas 8decab49eb

feat(prom): increase scrap interval ... 8be9cf086e

except for node exporter

fix: removes limits as we see oom 06d9754f5d

fix(prom): move thanos secret 5797fc13a2

feat: update quay.io/prometheuscommunity/postgres-exporter docker tag to v0.15.0 ... 4779665498

| datasource | package                                       | from    | to      |
| ---------- | --------------------------------------------- | ------- | ------- |
| docker     | quay.io/prometheuscommunity/postgres-exporter | v0.13.2 | v0.15.0 |

fix: update postgres-operator to v0.4.2 ... 8ee9a31754

| datasource | package                                           | from   | to     |
| ---------- | ------------------------------------------------- | ------ | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/postgres-operator | v0.4.1 | v0.4.2 |
| docker     | registry.libre.sh/postgres-operator               | v0.4.1 | v0.4.2 |

fix: update helm release cert-manager to v1.13.2 ... 4de6e71785

| datasource | package      | from    | to      |
| ---------- | ------------ | ------- | ------- |
| helm       | cert-manager | v1.13.1 | v1.13.2 |

fix: update helm release grafana to v7.0.2 ... 85da3b3a5f

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | grafana | 7.0.1 | 7.0.2 |

feat: update helm release kubernetes-event-exporter to v2.8.0 ... 1b0dbe6e3c

| datasource | package                   | from  | to    |
| ---------- | ------------------------- | ----- | ----- |
| helm       | kubernetes-event-exporter | 2.7.6 | 2.8.0 |

fix(thanos): skip ooo blocks 9393a89e1b

feat: update keydb-operator to v0.4.0 ... 6e94b546f1

| datasource | package                                        | from   | to     |
| ---------- | ---------------------------------------------- | ------ | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/keydb-operator | v0.3.2 | v0.4.0 |
| docker     | registry.libre.sh/keydb-operator               | v0.3.2 | v0.4.0 |

fix(loki): remove mem limits 98661fa2ce

fix(promtail): remove mem limit c979242866

fix: update keydb-operator to v0.4.1 ... d539f43d73

| datasource | package                                        | from   | to     |
| ---------- | ---------------------------------------------- | ------ | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/keydb-operator | v0.4.0 | v0.4.1 |
| docker     | registry.libre.sh/keydb-operator               | v0.4.0 | v0.4.1 |

fix(loki-read): increase mem limit 0c48e3bb75

fix: update helm release velero to v5.1.3 ... efbce36d6a

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | velero  | 5.1.2 | 5.1.3 |

fix: update helm release loki to v5.36.1 ... d3b5bd65d0

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | loki    | 5.36.0 | 5.36.1 |

fix: update helm release kyverno to v3.0.6 ... bbc5a97795

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | kyverno | 3.0.5 | 3.0.6 |

fix: update helm release ingressmonitorcontroller to v2.1.42 ... ff98033c32

| datasource | package                  | from   | to     |
| ---------- | ------------------------ | ------ | ------ |
| helm       | ingressmonitorcontroller | 2.1.41 | 2.1.42 |

fix(kyverno): add mem limit c796c3243d

fix(velro): increase mem limit 39f504367c

fix(loki-read): remove mem limit 848ba2eb98

dev: simply deploy operator to reduce load fb680f6642

dev: add mailhog & vpa 123d8c2681

dev: fix ignore pattern f948c65304

dev: add juicefs & mailbox manifests fade27314f

fix(alerts): remove control plane monitoring ... 6f513962c1

closes #25

feat: adds pc in a flux folder b1ae3761ad

fix(kyverno): increase mem limit 8933416dcb

fix: update postgres-operator to v0.4.3 ... a234f6321d

| datasource | package                                           | from   | to     |
| ---------- | ------------------------------------------------- | ------ | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/postgres-operator | v0.4.2 | v0.4.3 |
| docker     | registry.libre.sh/postgres-operator               | v0.4.2 | v0.4.3 |

fix: update helm release velero to v5.1.4 ... d0acbd2fc5

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | velero  | 5.1.3 | 5.1.4 |

fix: update helm release loki to v5.36.3 ... ba3576b475

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | loki    | 5.36.1 | 5.36.3 |

fix: update helm release kubernetes-event-exporter to v2.8.2 ... c0a3f607e9

| datasource | package                   | from  | to    |
| ---------- | ------------------------- | ----- | ----- |
| helm       | kubernetes-event-exporter | 2.8.0 | 2.8.2 |

fix: update helm release grafana to v7.0.3 ... 08d876105d

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | grafana | 7.0.2 | 7.0.3 |

fix: update helm release ingressmonitorcontroller to v2.1.44 ... 0c739030ec

| datasource | package                  | from   | to     |
| ---------- | ------------------------ | ------ | ------ |
| helm       | ingressmonitorcontroller | 2.1.42 | 2.1.44 |

fix: update postgres-operator to v0.4.4 ... 21e6d384d8

| datasource | package                                           | from   | to     |
| ---------- | ------------------------------------------------- | ------ | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/postgres-operator | v0.4.3 | v0.4.4 |
| docker     | registry.libre.sh/postgres-operator               | v0.4.3 | v0.4.4 |

build: add build script c227da8fab

fix: update postgres-operator to v0.4.5 ... 3251a8e807

| datasource | package                                           | from   | to     |
| ---------- | ------------------------------------------------- | ------ | ------ |
| git-tags   | https://forge.liiib.re/libre.sh/postgres-operator | v0.4.4 | v0.4.5 |
| docker     | registry.libre.sh/postgres-operator               | v0.4.4 | v0.4.5 |

feat(loki): increases retention to 30d ... 50c81fa8f8

closes https://forge.liiib.re/indiehost/libre.sh/clusters-osp/-/issues/59

fix(minio,alerts): Delete service-monitor.yaml 5a9c08413c

fix(minio,alerts): remove minio smon e0dd410bd7

feat(nginx): add upstream address in logs ce4d8b5eda

feat: add ks for minio af13fe4596

feat(minio): update operator to v5.0.11 956526964f

feat(minio): use libre.sh registry 309f1f70de

feat: update helm release thanos to v12.17.0 ... 72b0e30a58

| datasource | package | from     | to      |
| ---------- | ------- | -------- | ------- |
| helm       | thanos  | 12.13.13 | 12.17.0 |

feat: update prometheus-operator/prometheus-operator to v0.70.0 ... a47282f924

| datasource      | package                                 | from    | to      |
| --------------- | --------------------------------------- | ------- | ------- |
| github-releases | prometheus-operator/prometheus-operator | v0.68.0 | v0.70.0 |

fix: update helm release grafana to v7.0.14 ... 8209d8f1a2

| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| helm       | grafana | 7.0.3 | 7.0.14 |

fix: update helm release cert-manager to v1.13.3 ... c791f0eb64

| datasource | package      | from    | to      |
| ---------- | ------------ | ------- | ------- |
| helm       | cert-manager | v1.13.2 | v1.13.3 |

fix: update helm release ingress-nginx to v4.8.4 ... 999321514e

| datasource | package       | from  | to    |
| ---------- | ------------- | ----- | ----- |
| helm       | ingress-nginx | 4.8.3 | 4.8.4 |

fix: update helm release ingressmonitorcontroller to v2.1.46 ... 6f7469c9fe

| datasource | package                  | from   | to     |
| ---------- | ------------------------ | ------ | ------ |
| helm       | ingressmonitorcontroller | 2.1.44 | 2.1.46 |

fix: update velero/velero-plugin-for-aws docker tag to v1.8.2 ... 259f17aa9f

| datasource | package                      | from   | to     |
| ---------- | ---------------------------- | ------ | ------ |
| docker     | velero/velero-plugin-for-aws | v1.8.1 | v1.8.2 |

feat: update ghcr.io/tarampampam/error-pages docker tag to v2.26.0 ... 5edcc04b95

| datasource | package                         | from   | to     |
| ---------- | ------------------------------- | ------ | ------ |
| docker     | ghcr.io/tarampampam/error-pages | 2.25.0 | 2.26.0 |

fix: update helm release velero to v5.1.7 ... e38f96b651

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | velero  | 5.1.4 | 5.1.7 |

feat: update helm release kubernetes-event-exporter to v2.10.0 ... 2eaaff819e

| datasource | package                   | from  | to     |
| ---------- | ------------------------- | ----- | ------ |
| helm       | kubernetes-event-exporter | 2.8.2 | 2.10.0 |

feat: update helm release loki to v5.41.0 ... 52df29eb04

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | loki    | 5.36.3 | 5.41.0 |

feat!: Update Helm release kube-prometheus-stack to v55 ... 9394924e38

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 52.1.0 | 55.3.1 |

feat: update helm release kyverno to v3.1.1 ... fd4c01ceeb

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | kyverno | 3.0.6 | 3.1.1 |

feat(doc): adds comment about tenant 1e35f01eb8

feat: add various ks c573d751f0

feat: add flux ks for zalando, libresh pg & keydb 37f886be74

misc(renovate): use develop as base branch 9fdbc2555c

misc: fusion lsh projects 653edf3c48

fix: clean minio dashboards e21f154f1c

feat: update helm release kube-prometheus-stack to v55.11.0 ... 33376b58b1

| datasource | package               | from   | to      |
| ---------- | --------------------- | ------ | ------- |
| helm       | kube-prometheus-stack | 55.3.1 | 55.11.0 |

chore: move conditions accessors to lsh-gen c0e1049cbb

feat: add forgejo app 3878edd39f

feat: add decidim app 293e2be821

fix: use registry.libre.sh 45a3d1e081

chore: disable auth proxy 28f8da5517

chore: normalize secret keys 6bfe4854c7

fix: remove .spec.name from bucket 85fc18ce65

feat: allow bucket name overwrite d61bdd3dd4

feat: add nextcloud app 9c3708d68d

feat(nextcloud): add a mailbox provider annotation f440c9fa6e

feat(mailbox): add manual provider + check connection 26697a3926

chore: cleanup tilt files 56cdf8a220

chore: move initKey to a lshr lib 37a5717443

feat: add keycloak controller ... b154771ca4

fix: use svc as host for kc provider & some refactoring

fix: import initKey from lshr d6f87afb40

feat: add discourse app d62b133df2

feat: remove realm update & add display name 74ea9b1445

dev: add cluster issuer 61d5d74e77

fix(ssh): watch for secret a9b8467231

fix(keycloak): pass down the port e1a8c4777d

feat(nextcloud): add sso 42189e264d

feat: add LibreOfficeOnline app f800c0dad9

fix: prefix for discourse cb490e860e

feat: add sso provider name in hedgedoc e5b7796de3

fix: name should be string b39a3805dd

feat: move mailbox to ref d94f1e365e

fix: change disableEmail to forceLocalLogin aae90a6ae2

feat: add Tenant crd 4d86210d1e

feat: add maintenance controller a2fb123992

feat: add migration & wadertarget api e12d897c6b

feat: add reconciliation for wadertarget a15146939c

feat: add create app, import pg & create certs in migration reconciliation dbd101db03

fix(maintenance): ingress ref should be a list 24903721a5

feat(wader): proxy traffic and set maintenance b5c70eee6f

fix(wader): no reconcile if maintenance done & remove maintenance when done e83853cc05

chore: update wader server af3ebbe7a9

fix(wader): add recreate database and clean up c82d66a4f4

fix: support realm host only with in-cluster keycloak 182719864d

fix(nextcloud): disable s3 auto create 4a1829ed2b

feat: update thanos group ... fb157ee19c

| datasource | package               | from    | to      |
| ---------- | --------------------- | ------- | ------- |
| docker     | quay.io/thanos/thanos | v0.32.5 | v0.34.1 |
| helm       | thanos                | 12.17.0 | 12.23.2 |

feat: add migration proto e92bbd65e4

feat: add tenant concept in portability proto c719f36766

feat: move keycloak client to pkg 26901e0204

chore: cleanup proto 277a932f92

chore: merge import logic 6e2bb6cc33

feat(keycloak): decouple realm name from cr name 04261fee2f

feat: add infra & tenant migration 1e606188bb

feat(migration): allow to resume traffic ... 4d79d86a84

usful in case of error

feat(migration): use pg_restore instead of psql 1104f40962

feat(migration): add dry-run aaa9f79624

feat: update golang docker tag to v1.22 ... 59b7c13b42

| datasource | package | from | to   |
| ---------- | ------- | ---- | ---- |
| docker     | golang  | 1.21 | 1.22 |

fix: update helm release operator to v5.0.12 ... dfa6dd3f47

| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| helm       | operator | 5.0.11 | 5.0.12 |

feat: update helm release cert-manager to v1.14.2 ... b7379ef24b

| datasource | package      | from    | to      |
| ---------- | ------------ | ------- | ------- |
| helm       | cert-manager | v1.13.3 | v1.14.2 |

feat: update velero/velero-plugin-for-aws docker tag to v1.9.0 ... 173541eec7

| datasource | package                      | from   | to     |
| ---------- | ---------------------------- | ------ | ------ |
| docker     | velero/velero-plugin-for-aws | v1.8.2 | v1.9.0 |

fix: update helm release promtail to v6.15.5 ... a1c2548814

| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| helm       | promtail | 6.15.3 | 6.15.5 |

feat!: Update Helm release kube-prometheus-stack to v56 ... 9af5d44b71

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 55.3.1 | 56.8.2 |

feat: update alpine docker tag to v3.19 ... 7b741b7dce

| datasource | package | from | to   |
| ---------- | ------- | ---- | ---- |
| docker     | alpine  | 3.17 | 3.19 |

fix: update helm release kyverno to v3.1.4 ... 31794347f1

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | kyverno | 3.1.1 | 3.1.4 |

fix: update helm release ingressmonitorcontroller to v2.1.50 ... 3a567f78f2

| datasource | package                  | from   | to     |
| ---------- | ------------------------ | ------ | ------ |
| helm       | ingressmonitorcontroller | 2.1.46 | 2.1.50 |

feat: update helm release ingress-nginx to v4.9.1 ... bed72b72a1

| datasource | package       | from  | to    |
| ---------- | ------------- | ----- | ----- |
| helm       | ingress-nginx | 4.8.4 | 4.9.1 |

feat: update helm release openebs to v3.10.0 ... bfc571f1ef

| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| helm       | openebs | 3.9.0 | 3.10.0 |

feat: update helm release kubernetes-event-exporter to v2.14.0 ... 59fa3816d6

| datasource | package                   | from   | to     |
| ---------- | ------------------------- | ------ | ------ |
| helm       | kubernetes-event-exporter | 2.10.0 | 2.14.0 |

feat: update helm release velero to v5.3.0 ... 91a83eab8d

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | velero  | 5.1.7 | 5.3.0 |

feat: update helm release loki to v5.43.2 ... eee3f8df52

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | loki    | 5.41.0 | 5.43.2 |

feat: update helm release grafana to v7.3.0 ... c25cefc050

| datasource | package | from   | to    |
| ---------- | ------- | ------ | ----- |
| helm       | grafana | 7.0.14 | 7.3.0 |

Merge branch 'develop' into 'renovate/kube-prometheus-stack-55.x' ... aa9c906286

# Conflicts:
#   cluster/components/observability/prometheus-stack/hr.yaml

feat!: Update Helm release thanos to v13 ... 26a6e9d307

| datasource | package | from    | to     |
| ---------- | ------- | ------- | ------ |
| helm       | thanos  | 12.17.0 | 13.1.0 |

Merge branch 'develop' into 'renovate/thanos' ... 3b86053042

# Conflicts:
#   cluster/components/observability/thanos/hr.yaml

fix: use default for velero dbd2e6dc6b

feat(mailbox): support starttls check 40098a393d

fix: various 17468a529f

feat: add some logging 585d6a5a92

fix: dump response in bytes & copy gen in dockerfile a31f34e6ac

fix(proto/portability): rename manifests to app 657276a315

fix(migration): logging, namespace for app, remove controllerref in cert secret 371f7362fb

fix: add postgres-pod-config when tenant is created 757169f5f1

feat(migration): manage resume and stalled conditions 7e26a398d5

feat(apps): reconcile ingress first ... 21c732747a

enabled to set a maintenance while dependencies are not reconciled yet

feat: make ingressRefs required & print suspend column 7ed64b2264

feat(migration): restore pg in a single transaction b59f92a0e6

feat(migration): improve logging in pg restore 0d7b9fa2b0

fix(teapot): add service ports 39c850215a

fix(maintenance): reconcile maintenance 8ccfad8f1b

fix(migration): complete reconcile loop & do not reconcile when migration succeeded 454fcafb22

fix: typo in json tag 7102159f58

feat: rename default tenant mbox to notifications 9fd043243b

feat(migration): deploy extra manifests ef359f63ac

fix(migration): delete application condition af0ef260b8

doc: add minimal install instructions 1c0d869a4c

fix(discourse): use container internals scripts 8435334337

chore: remove old ks 4ff3aec66a

chore: move flux-ks files to original folder 818654bfde

chore: move flux-ks files closer to source 8796a1ae65

feat: adds rough doc for minio tenant 4b5f2ae54f

feat: add allowSnippetAnnotations in ingress ... 70d1ed0409

We use it on all clusters for minio.

feat: add gitrepo bda2dac579

doc: add upgrade a149dc1543

feat: refactor with step logic, rename maintenance 3f4b6ab72c

feat: add annotation suspend, do not reconcile ingress if set & remove own/watch in maintenance controller 9a75dfa9df

fix(maintenance): use patch d03e112fd9

feat: add workloak ready logic 5524bd3d0d

feat(migration): improve step logic 177b23854b

fix: cleanup c243b3217f

fix: add workloadNotReady condition 81dbcb11b0

fix(migration): arg cannot be nil 4a8060d8e2

fix(migration): use the right cert 5061ec91f1

fix: check ingress is suspended in createOrPatch 11a3d5ed67

fix(migration): failed when import postgres fails 8b2ffa9f92

feat: add grist df6b7c1a1c

fix(migration): pass targetRef from infraMigration to tenantMigration 4cd0a99134

fix: remove hardcoded value 876135131c

fix(grist): fix proxy_pass or attachements fail d5014b2eeb

feat(migration): add print columns 392d75b18c

fix: cleanup 53b3299f0e

chore: remove kyverno for loki bb504c333a

doc: add observability ee3933b51a

chore: move velero away from kyverno b0a4228bb7

fix(hedgedoc): cdn policy for bucket 750b1be885

feat(postgres): add collation support e0f08d3fda

feat(oid): add issuer in secret 5c284dfef5

feat(mailbox): add tls key in secret 503c531829

feat: add matrix (media-repo+synapse+element) f1b37cfca2

fix: typo in previous commit dfadde798c

feat(matrix): add sliding-sync b990f316e1

dev: add local ca 7c33dd0b53

dev: add reloader 2fe0b58995

dev: watch minio values 5caf2d8011

fix(synapse): add component label 842dfecca2

fix(synapse): set public_baseurl 396364e4db

feat(synapse): trust liiib.re server 808cba6e48

chore: add grist api versop, 087601ec63

dev: install kyverno in its own ns & ignore rootCA.pem d9ab1e6fd4

fix(cert-manager): use fast nameservers f677965f91

feat: allows for manual oidc client 3b6effa765

feat(mailbox): support provider withour tls bfb1148981

fix(keycloak): don't include standard ports in url 41cc218780

dev: reload on pkg changes 9c71c775ef

dev: expose mailhog with tls d681948f00

feat(mmr): add short name 1b8283f294

feat(synapse): add mas support & move config to cue 87b0d1fbd2

feat: minio - update patch release 8019366377

fix: import cue modules 7a6f6d357e

fix(mailbox): requeue unwatched secret 76e4c72a45

fix(synapse): correct config errors 5609c02bba

feat: add CUE_DEBUG env var 6641ce3c9f

feat: add priority class on the operator 03c0fa749c

feat(mmr): add datastoreId overwrite 5decbaf1d3

fix(mmr): add service selector 9f96ba971f

fix(nextcloud): add resources on cron c88bfadc29

fix(nextcloud): remove always pull on cron e54c18a2aa

fix(matrix): deal with suspend annotation in ingress 6a4651cf97

feat(matrix): disable registration when external auth by default 33cf34024a

build: use image digest during deploy 792270e7f9

build: use podman by default 9830ab5d8a

Revert "fix(matrix): deal with suspend annotation in ingress" ... 5c25dbefb8

This reverts commit 6a4651cf97.

fix(matrix): deal with suspend annotation in ingress e2d9fa003b

feat(matrix): add oidc matrix_localpart ovewrite 2eeac95d7b

feat(matrix): element proxy well-known 77a469756d

fix(maintenance): escape URL and return err for patch 479bbafd7d

fix(realm): set user-admin role to admin group 3a5020cb9a

fix(nextcloud): set saml endpoints 75461e691f

fix: typo 3f75e3d8b4

feat(realm): update realm during reconcile loop 3ea48d2908

feat(realm): configure smtp settings bf053d6598

feat(realm): configure user profile & username validation 64329744a3

fix(tenant): tenant sets realm mailbox ref c4b6e2ba15

fix: issue with 405 on elements c164c3e5b0

fix(realm): adresskey in smtp settings a8644563a7

fix: add gocloak to right path in dockerfile ee764338d6

fix(mmr): do not use forwarded host & set server name as host header in synapse 9214855f40

fix(synapse/mmr): add its own ingress for mmr path with vhost, fixes sso 5ad4a482ee

build(gocloak): use go mod 491017f876

feat(postgres): update zalando operator to v1.11.0 8e7a99f604

fix: update helm release cert-manager to v1.14.5 ... ca69d0b938

| datasource | package      | from    | to      |
| ---------- | ------------ | ------- | ------- |
| helm       | cert-manager | v1.14.2 | v1.14.5 |

feat: add livekit server f8a3230d3b

feat: add element call b3c9495235

fix(livekitserver): add print columns 0dabd62f29

fix(synapse): make trusted_key_servers editable 97eb0309ec

fix(livekitserver): add print columns 4ce8f9e14c

chore: add elementcall to project 02990a2d12

fix(synapse): watch element & elementcalls 4e9a0ad296

feat(bucket): add tag support dae540f575

fix(keycloak): set the same host in the secret 5980e24a8b

fix(cue): accept empty json previous state 1bd55925d3

fix(element): use synapse host as base_url 6624415c32

feat(doc): add instruction to update cluster 7578484dec

fix: revert error 5f4228fe50

refactor(redis): simplify architecture 50d970f2b3

fix(redis): handle aggregate error 48b3b94ed2

feat(redis): use cluster addressable host 4683cc69fc

fix(redis): correct probe host & pass 697133ce91

fix(redis): remove aof but save rdb more aggressively 9f915baa7f

dev: reduce coredns ttl 4d524da89a

dev: patch tilt deps 345db61f4a

fix(redis): don't squeeze config name 24a9b63ec9

feat(juicefs)!: abstract all under pv/pvc 7b15bfb073

feat: add planka ac8e61d35e

feat: add listmonk b10c03f6b9

fix(discourse): increase memory limit 1003f3a979

feat: add endpoint monitor ba91badb64

fix(listmonk): change uptime path 18d718f18b

Initial commit f7575c73d5

chore: clean readme e707d5cba1

feat: add planka 763838fb53

feat: add mobilizon bc4a63a337

feat: add synapse d09c6a7eeb

feat: add minio a7c29f6169

feat: add matrix-wellknown 5db1126127

feat: add matrix-authentication-service 6bc23725ae

chore: add license effa980fca

feat(planka): allow all to creat projects 7e089cd936

fix: add missing files b6658d0e8d

ci: add global & generic makefiles 6f8465d478

ci: skip push by default d3e6377449

feat: add nextcloud ed519bd6a3

feat: add rocketchat 6f45c09845

feat: add onlyoffice 7eb2e0228c

feat: add discourse d5f933227b

feat: add collabora-online 3d05093d50

feat: add jibri 29c39f9724

feat: add element 15397a89db

feat(nextcloud): v27.1.11 40d65aa7b0

ci: add .gitlab-ci.yml 334080d597

fix(onlyoffice): move args 31f17a77a3

ci: push on main & build on dev fcefb88193

ci: fix yaml 5b0fc53faa

ci: push tag & channel df49fbf311

doc: adds dev instruction a15d7f025b

feat: add synapse patch ... d5163e8c47

it allows to force room recreation to create it federable.

fix(nextcloud): bump version 424a3a88a4

fix(nextcloud): properly push tag da6499030b

fix(nextcloud): set the VERSION env var c84a8e7a3d

Merge branch 'patch-synapse-force-fede' into 'main' ... e621375914

feat: add synapse patch

See merge request indiehost/libre.sh/images!1

fix(lool): set LANGUAGE env a9ccb3a02a

fix(postgres): handle nl annotations in clonejob 0b3a2b400b

chore: remove unused code 32fc40e3bf

feat(jibri): bump to v0.4.0 68e17cffcb

feat(nextcloud): add bucket ilm d678beaae9

ci: init 73d0a9a713

fix(nextcloud): change ilm format ca0c9d2921

fix(decidim): force disable sidekiq alive a05ecd73fe

feat(jibri): bump to v0.4.1 60270fa3d3

feat(nextcloud): update apps f9092f2399

feat(element): update to v1.11.69 f4ad3ed30d

feat(synapse): update to v1.110.0 fc110736b4

fix(element): refresh patch beade94152

feat: update to flux 2.2.3 3c60209b97

chore: remove kyverno for velero 14db56ba9a

fix: remove non existent dep bf336dd5d3

fix: rbac 68c57a5425

feat: update velero/velero-plugin-for-aws docker tag to v1.10.0 ... d738cde1fd

| datasource | package                      | from   | to      |
| ---------- | ---------------------------- | ------ | ------- |
| docker     | velero/velero-plugin-for-aws | v1.9.0 | v1.10.0 |

feat: update helm release velero to v5.4.1 ... 186ea1f338

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | velero  | 5.3.0 | 5.4.1 |

feat!: Update Helm release velero to v6.7.0 7a02c05295

feat: update helm release cert-manager to v1.15.1 ... 05af942049

| datasource | package      | from    | to      |
| ---------- | ------------ | ------- | ------- |
| helm       | cert-manager | v1.14.5 | v1.15.1 |

feat(lool): update to v24.4.5 3fd1c87eb3

feat(nextcloud): abstract hooks throught entrypoint 23ccdce7e8

feat: add optional secret 272e39ffee

feat(lool): add probes 69b2dcf7f9

fix(samlclient): watch idp secret instead of service 265563b2ee

fix(nextcloud): disable client_max_body_size 8bd0bd079f

fix(nextcloud): precise mime types a916a27880

fix(nextcloud): add patch to avoid sessions race conditions on clustered setup 9d78939d90

feat: add grist image efccc64e1c

feat(discourse): update to v3.2.4 02f8e69c4f

feat(nextlcoud): add notify_push && update apps 0d6f6de483

feat(planka): upgrade to v1.21 9eac542a44

feat(oo): update to v8.1.0 ff67b42d3a

feat(nextcloud): upgrade to v28 0be7654e8e

chore(nextcloud): precise the registry of bases images 7e4c2ee588

fix(nextcloud): auto enable user_saml at install c9b5f27f54

chore: precise the registry of bases images 8af3a490f9

ci: add required args to global context 54586f8325

feat(nextcloud): update customnav 42695788b7

feat(synapse): upgrade to v1.113.0 1c2aeac458

feat(element): upgrade to v1.11.75 8facbe1d71

feat(rocketchat): upgrade to v6.11.1 87178bb8e5

fix(element): update patch da1bd6ccc2

feat(maas): upgrade to v0.10 600d653511

fix(rocketchat): update patch e18bed00ba

feat(nextcloud): upgrade to v28.0.9 d9e15149cc

fix(synapse): remove lsh utility ... 3c6ea931b6

It's now integrated in the operator.

feat(nextcloud): update apps 631add1eaa

fix(nextcloud): remove saml group prefix 6e85a18f44

fix(nextcloud): onlyoffice propagate fs error on download e8ae04599c

feat(grist): update to v1.1.18 9910ae59a6

feat(onlyoffice): update to v8.1.3.2 4cedfda36f

feat(onlyoffice): update to v8.1.3.3 43f1d2b463

feat(nextcloud): update nextcloud v28.0.10 d2ffc31e0e

feat(nextcloud): Add preview generation with imaginary 5f038af43c

fix(nextcloud): fix app json d5cfb21804

feat(nextcloud): update apps & add previewgenerator app 55c774bc1d

feat(nextcloud): add app ownership transfer 9ea0d0e488

feat(nextcloud): update app form 0d03751966

feat(nextcloud): update files_mindmap (use dev branch) bc708e6e1e

fix(nextcloud): set right url for files_mindmap 958f6cd852

feat(synapse): upgrade to v1.116 3636851fd6

fix(nextcloud): update nginx.conf ... a9775bd93d

iso with updstream + fixes download of a folder

feat(element): upgrade to v1.11.80 3aeaa14630

fix(element): use element-hq fork of matrix-react-sdk 42670222db

feat(rocketchat): upgrate to v6.12.1 42d939b01c

fix(nextcloud): remove fastcgi ... d3b7c94a96

fixed by multipart upload feature

fix(nextcloud): update nginx.conf, iso with upstream bfe112edf6

feat(nextcloud): remove mindmap app 2398cbb010

ci(rocketchat): build meteor rootless da1ecd9592

feat(rocketchat): upgrade to v6.13 0b0b8738ed

feat(nextcloud): add patch to separate pdf previews class in imaginary 42ebc37eda

feat: fpm perf improvement 63e24311fc

feat(nextcloud): update to v28.0.11 && update apps 64d4958504

fix(nextcloud): filter s3 versions 70f18b94bd

fix(nextcloud): fix moveFromStorage on s3 primary a382679465

fix(nextcloud): make s3 patch compatible with v28 83c7f3464b

feat(planka): bump to v1.23.5 be568b411d

feat(jibri): bump to v0.5.0 beda504a72

feat(mobilizon): bump to v5.0.1 e59e54d3be

feat(element): bump to v1.11.83 52fdfae782

feat(synapse): bump to v1.118.0 e92160c6f2

feat(wikijs): add it d4b30de334

feat(listmonk): init 73f0641bcf

feat(onlyoffice): update to 8.2.1.1 656e975806

feat(mobilizon): add MOBILIZON_INSTANCE_DURATION_OF_LONG_EVENT option 4e7dd6c5e8

Revert "feat(onlyoffice): update to 8.2.1.1" ... abe85d768a

This reverts commit 656e975806.

feat(mas): bumpt to v0.12 0955595e43

feat(nextcloud): add config for imaginary previews 93e10890c7

fix: update appointments 9f15f86fb6

fix: update Nc v28.0011.1 2f3a60f640

feat: update grist to v1.3.0 1fb2474e03

fix(nextcloud): previews config a6614fe32a

feat(synapse): upgrade to v1.120.2 8c2456558e

fix(nextcloud): invalidate group cache 6589703752

ci: build everywhere bc334ea85b

feat(nextcloud): update v28.14 0fc531bd10

feat(nextcloud): support oidc & saml auth 50274de05b

update appointments to fix an issue 984d172498

feat(nextcloud): update v29.0.10 d864a77cf9

Revert "feat(nextcloud): update v29.0.10" ... 7853ec7e3f

This reverts commit d864a77cf9

feat(manager): make it HA ... 8040441983

fixes #112

feat!: Update ghcr.io/tarampampam/error-pages Docker tag to v3 ... f98f9c4d6d

| datasource | package                         | from   | to    |
| ---------- | ------------------------------- | ------ | ----- |
| docker     | ghcr.io/tarampampam/error-pages | 2.26.0 | 3.2.0 |

feat: update registry.k8s.io/pause docker tag to v3.10 ... 2d3671fd40

| datasource | package               | from | to   |
| ---------- | --------------------- | ---- | ---- |
| docker     | registry.k8s.io/pause | 3.9  | 3.10 |

feat!: Update Helm release kubernetes-event-exporter to v3 ... 78db05d353

| datasource | package                   | from   | to    |
| ---------- | ------------------------- | ------ | ----- |
| helm       | kubernetes-event-exporter | 2.14.0 | 3.2.7 |

fix: update helm release ingressmonitorcontroller to v2.1.62 ... abdc817b69

| datasource | package                  | from   | to     |
| ---------- | ------------------------ | ------ | ------ |
| helm       | ingressmonitorcontroller | 2.1.50 | 2.1.62 |

feat: update helm release loki to v5.48.0 ... 0ac748df47

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | loki    | 5.43.2 | 5.48.0 |

feat: update helm release promtail to v6.16.3 ... 6e9cf2d382

| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| helm       | promtail | 6.15.5 | 6.16.3 |

fix: update helm release grafana to v7.3.12 ... 2e02bb21b7

| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| helm       | grafana | 7.3.0 | 7.3.12 |

feat: update helm release kube-prometheus-stack to v56.21.4 ... 4d967580ae

| datasource | package               | from   | to      |
| ---------- | --------------------- | ------ | ------- |
| helm       | kube-prometheus-stack | 56.8.2 | 56.21.4 |

feat!: Update Helm release loki to v6 cae4fbee4f

feat!: Update Helm release kube-prometheus-stack to v61 f6d932fb5b

feat: update thanos group ... 08de85d952

| datasource | package               | from    | to      |
| ---------- | --------------------- | ------- | ------- |
| docker     | quay.io/thanos/thanos | v0.34.1 | v0.35.1 |
| helm       | thanos                | 13.1.0  | 13.4.1  |

feat!: Update Helm release grafana to v8 dc808ec46d

feat!: Update Helm release thanos to v15 d8ba4a162e

fix: resolve question 92328f49bc

fix: increase timeout b0002d3c70

feat: remove kyverno 44af8711e5

doc: add test page 31e17064f0

fix: revert loki e23b5a6834

fix: update helm release ingressmonitorcontroller to v2.1.63 ... 5a56c5d2bc

| datasource | package                  | from   | to     |
| ---------- | ------------------------ | ------ | ------ |
| helm       | ingressmonitorcontroller | 2.1.62 | 2.1.63 |

fix: update helm release kube-prometheus-stack to v61.3.1 ... 27ea321733

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 61.3.0 | 61.3.1 |

feat: move to tsdb ... 186e34df73

as documented here: https://grafana.com/docs/loki/v2.9.x/setup/migrate/migrate-to-tsdb/

using `/var/loki/` as a writable folder.

ci: add ephemeral commit tag 0dc335d80d

feat: update grist caf9b44579

fix(redis): revert to endpoints controller - duplicate keys f4c32f56d4

feat(redis): enable to set replicas in sts d9cd8e2a1f

chore(redis): small cleanup on endpoints controller revert 1fd1291c01

fix(redis): publish not ready addresses a26f12d381

fix(decidim): improve sidekiq connection to redis fb96a5be18

fix(decidim): try to schedule sidekiq on noisy nodes 69387b692a

fix(decidim): remove hpa and force 1 replica of sidekiq b4cb6103b3

fix(decidim): remove sidekiq cpu limit 8662e8c8c6

fix(decidim): opposed affinity don't work properly 6480f0f1bc

feat: type for bucket lifecycle rules 6589a50b76

fix(nextcloud/bucket): lifecycle 2c77ecb9b1

feat(pg/bucket): do not override existing lifecycle rules 2e7680109b

fix(nextcloud): archive all non current versions 1e28a79351

fix: remove cpu limits thanos bb57b0de40

fix: mem limits thanos storegateway baa2959c4d

fix: req/lim thanos compactor 38dcf8c4d6

dev: bump k8s version 3df3517bb3

chore: bump controller-gen aac7ab3a75

fix(bucket): cleanup bad lifecycle rules a2941693b3

fix(decidim): init pointer of NodeAffinity faaf318365

fix(nextcloud): watch saml client b4da67ca6a

chore: update samples 57b5fd08b3

dev: prefill keycloak conf 0de4b00a5f

dev: don't require slirp4netns 07f0c9ab45

feat: reload on config change 92249668b6

fix(nextcloud): bypass config.php for db 97aaf47f91

fix(realm): define default provider port 240b23d30a

feat(matrix): support authenticated media 04825d540a

fix(matrix): route more endpoint to media repo fa12171bd0

feat(mmr): add redis cache b35f45befa

feat(mmr): cache access tokens for 30m 8332d9331b

fix(mmr): watch redis a3a093f607

feat(mmr): expire generated objects after 3 months af0855713a

fix(migration): change steps order bcf41373b6

fix(migration): log errors before returning f8d6f65795

fix(migration): upgrade postgresql client 93a62fcaa7

fix(migration): apply postgres collation 4e27643c79

feat(synapse): implement WorkloadsNotReady status 27ba7b2b64

ci: disable registry expiration ... ca8a6b346b

It changes the image hash that we need to retain.

feat: add nginx log dashboard. 607b9dd4c5

feat!: Update Helm release kube-prometheus-stack to v62 ... 83d2399826

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 61.3.1 | 62.3.1 |

feat: update helm release grafana to v8.5.0 ... 2fd2dd3d0a

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | grafana | 8.3.2 | 8.5.0 |

fix: update helm release ingressmonitorcontroller to v2.1.64 ... 1261f06b4c

| datasource | package                  | from   | to     |
| ---------- | ------------------------ | ------ | ------ |
| helm       | ingressmonitorcontroller | 2.1.63 | 2.1.64 |

fix: update velero/velero-plugin-for-aws docker tag to v1.10.1 ... 7262ef17f3

| datasource | package                      | from    | to      |
| ---------- | ---------------------------- | ------- | ------- |
| docker     | velero/velero-plugin-for-aws | v1.10.0 | v1.10.1 |

feat: update ghcr.io/tarampampam/error-pages docker tag to v3.3.0 ... 1b2384b613

| datasource | package                         | from  | to    |
| ---------- | ------------------------------- | ----- | ----- |
| docker     | ghcr.io/tarampampam/error-pages | 3.2.0 | 3.3.0 |

fix: update helm release cert-manager to v1.15.3 ... dbefa58d73

| datasource | package      | from    | to      |
| ---------- | ------------ | ------- | ------- |
| helm       | cert-manager | v1.15.1 | v1.15.3 |

fix: update helm release promtail to v6.16.5 ... b60d209ad1

| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| helm       | promtail | 6.16.3 | 6.16.5 |

fix: update helm release kubernetes-event-exporter to v3.2.11 ... 651111b38a

| datasource | package                   | from  | to     |
| ---------- | ------------------------- | ----- | ------ |
| helm       | kubernetes-event-exporter | 3.2.7 | 3.2.11 |

feat: update thanos group ... 7252bf27fc

| datasource | package               | from    | to      |
| ---------- | --------------------- | ------- | ------- |
| docker     | quay.io/thanos/thanos | v0.35.1 | v0.36.1 |
| helm       | thanos                | 15.7.12 | 15.7.23 |

feat: update MAS to 0.10.0 9e0e3df0c7

feat: update sliding sync to 0.99.19 d0407c13ab

fix: mas claim import 402fc0af1c

fix: code style 600fb7fa57

feat(migration): log postgres transfer rate a316b91807

refactor(cue): make GenerateConfig to be generic and more flexible 40f83c7aa4

fix(livekit): re-add redis config in config gen 227b65e233

feat(forgejo): support mailbox & expose config 42383c33cb

fix(synapse): cleanup delegation when removed from spec 4f7d5d17ff

fix(forgejo): listen on port 2222 for ssh dde0ac6b5b

fix(forgejo): use valide label selector for ssh svc e582800a0e

fix(forgejo): wrong mail config 0983fba00d

fix(forgejo): use starttls instead of tls for mailer 31eed1e558

ci: add test forgejo action d8bb1ac0e1

feat(loki): update to v6 482114267e

feat(thanos): remove ruler 14da1e1cbd

feat: remove console ... 57b70c0803

It is now deprecated.

feat: update minio operator a1f7d6f11e

feat(runtime): make annotations if nil in most cases ... 7fef1fd4ab

Should prevent most nil pointer exceptions.

feat(runtime): add OperationInProgress status 38ea0856d8

feat(postgres)!: manage database, encoding & locale dba6badccd

fix(postgres): use postgres user in controller 986c9e228b

fix(synapse): define postgres encoding & locale 1820e74bd7

feat(postgres): support migrating borked collate 540fa668e0

feat(synapse): support migrating borked pg collate f742fe4e01

fix(synapse): watch deployments 5e3ff082ad

fix(postgres): apply permissions with user connection a5ed81be56

fix(postgres): skip migration when db doesn't exist 2d6a66b1e9

fix: chunks memory 709d822d09

fix(synapse): migrate users external ids auth provider ... c388dedd91

From oidc-keycloak to oidc-sso.

feat: add bucket dashboard 573e775aab

fix: add DS_LOKI var f9adc6178c

feat: add static website e4eddaa968

feat(thanos): add queryfrontend, caching, dashboards, alerts and some optimization 313e368763

fix: update helm release promtail to v6.16.6 ... 5888594f32

| datasource | package  | from   | to     |
| ---------- | -------- | ------ | ------ |
| helm       | promtail | 6.16.5 | 6.16.6 |

fix: update helm release kubernetes-event-exporter to v3.2.12 ... 2297fa7d6c

| datasource | package                   | from   | to     |
| ---------- | ------------------------- | ------ | ------ |
| helm       | kubernetes-event-exporter | 3.2.11 | 3.2.12 |

fix: update helm release thanos to v15.7.25 ... 36b53f72c6

| datasource | package | from    | to      |
| ---------- | ------- | ------- | ------- |
| helm       | thanos  | 15.7.23 | 15.7.25 |

feat: update helm release kube-prometheus-stack to v62.7.0 ... 13b1e60b3b

| datasource | package               | from   | to     |
| ---------- | --------------------- | ------ | ------ |
| helm       | kube-prometheus-stack | 62.3.1 | 62.7.0 |

fix: update helm release grafana to v8.5.1 ... db40f01ae1

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | grafana | 8.5.0 | 8.5.1 |

feat: update helm release kyverno to v3.2.6 ... 6f90e869a4

| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| helm       | kyverno | 3.1.4 | 3.2.6 |

feat: update helm release loki to v6.12.0 ... b90617c218

| datasource | package | from  | to     |
| ---------- | ------- | ----- | ------ |
| helm       | loki    | 6.7.3 | 6.12.0 |

chore: clean unused struct 2b803eeed7

feat(decidim): print host column dbdc5e2c04

fix(ingress): return http code in default backend 4830662bc7

fix(synapse): define deployment strategy ... 79bdcc0e4d

Avoid surges with more than 1 container and conflict running upgrade.

fix: use spec version instead of status version in labels ... 8c0d661195

It should avoid unnecessary rollouts of deployments.

fix: increase mem for nc 2a49477401

feat(pg): keep a backup a day for 3 days 4375f4044f

fix: enforce backupt schedule 755b864d8b

Revert "fix: enforce backupt schedule" ... ce29f74627

This reverts commit f8ed9dd60c4f067b62fd1b6412079c3b97e8e9be.

feat: update helm release thanos to v15.8.0 ... e7f96f90fe

| datasource | package | from    | to     |
| ---------- | ------- | ------- | ------ |
| helm       | thanos  | 15.7.25 | 15.8.0 |

Apply 1 suggestion(s) to 1 file(s) 874c02e7b9

feat(wikijs): add minimal setup 4ebae71f12

fix(listmonk): run upgrade as a second command ... 00008d2fb0

The all-in-one is not working.

fix: dashboard link b7045f000c

fix: Postgres Zalando operator: fixes the exporter sidecar definition 8cb632c362

feat: adds a "Postgres Overview" dashboard in grafana (which uses data provided postgres-exporter) f20465d64d

fix: remove requests/limits on postgres exporter sidecar 85f09e012e

fix: Postgres Overview dashboard is now pulled from our repo instead of from the Internet abdeda8445

feat: Adds alertmanager rules for postgresql (based on https://github.com/prometheus-community/postgres_exporter/tree/master/postgres_mixin/alerts) 643e375b94

feat: bump grafana helm chart to 8.5.12 8880d66efa

docs: Added some details to the requirements section of the README 5651bc6d9c

docs: README: Added a section explaining how to use local cache for OCIs and nix, fixed some typos 1ed1b17c5c

docs: README: updated (missing instructions), updated shell.nix to add completions a20c3eb572

docs: update the readme 5163c81438

chore: added kube-score and k9s+helm autocompletions to shell.nix 2974988463

chore: we need at least 3 worker nodes to launch services like loki e16b55cb6d

chore: added kubectx to packages installed by nix-shell 551f4bff01

chore: Increased timeout for tilt upserts of k8s objects (needed when working on low bandwidth setups) 559457ae7a

docs: Updated readme: fix instructions to start a fresh working development environment 7149f2073f

docs: Adds comments, updates readme and postgres controller documentation 133f0b8272

chore: Allows overriding shell.nix to have personal tools/configuration in a shell provided by nix-shell 5dc9f47708

chore: Tilt: provision cluster-settings 17b22cfdb3

chore: Tilt: increased timeout while waiting for Certificate/selfsigned-ca 2511fc42ac

docs: README: a bit of rework 684622fd80

chore: Added scripts/lsh-get-secrets.sh; to simplify getting grafana and minio credentials d157b2a859

chore: adds tools URLs in scripts/lsh-get-secrets.sh d9a4b3bf54

refactor(nix-shell): rollback to use expression a29e27d4d8

fix(dev): pin nginx controller version 95f291b1db

feat: increase loki cache 6e8c45b026

feat: update loki c1369c9321

build: update deps a1ff151612

feat(livekit): support custom config 99fc372015

feat(synapse): update mas 1861dabdac

feat: add environment logic 30d4240fc8

feat(nextcloud): add imaginary service for previews 252fb220d5

feat: overprovision 5% of the cluster ... f1d4c1a4e1

instead of 20%

feat: adds a backup-exporter to postgresql pods d04d297b20

feat: adds "PostgreSQL WAL-G Backup" dashboard to grafana 968a820a93

docs: adds links to zalando operator landing page and source code repository 8aeec0a67d

chore: renames postgres dashboard 1bde697b58

feat: updates the wal-g dashboard and adds alerting rules based on data provided by wal-g-exporter 8a54943111

docs: adds repo url of wal-g-exporter c8cf378fd1

docs: adds some commands about postgresql backups 0238c378de

fix: postgres wal-g dashboard: remove unused variable (instance) 3c08705363

fix: postgres wal-g dashboard queries 9ca0bf8222

fix: latest queries on postgres wal-g dashboard d7e1b7597b

fix: postgres wal-g dashboard a query was not using cluster_name variable 51ee76ab95

chore: postgres wal-g dashboard cosmetic changes 8beb85ad93

chore: adds descriptions to postgres wal-g dashboard panels 7f3f168c0c

feat(grafana): adds namespace as filter to walg dashboards and to alert rules descriptions/summaries 5c2af714c8

feat(grafana): adds namespace as filter to Postgres Overview dashboard and related alert rules descriptions/summaries 6f1f7f4c48

docs: added a link to a documentation about wal-g integrity checks 6b27ff1f5a

doc(postgres/backup): add runbook fd749f2c95

feat(nextcloud): add experimental oidc auth c1ac07e2c5

feat(nextcloud): add php-fpm exporter 16960cc31f

fix(synapse): reuse main tls cert on mmr ingress bd10489e85

fix(nextcloud): remove liveness on metrics exporter 29612acf50

fix(nextcloud): remove exporter cpu limit 989ee16eba

chore: use latest tag 94177f62a7

fix(loki): increase backend memory 8a5beef5b8

doc(pg): last backup - create runbook 79293773be

chore: merge cluster cli repo 8676eca5de

misc: add nix flake 5b1820f39f

feat(redis): add pause mode 797122a2f1

feat(ada): upgrade k8s to v1.28.15+k0s.0 e5e6b32f6e

fix(lshctl): bundle deps for easy nix shell 5b83b2fbb2

fix(lshctl): install shell completion bd3ea0d9c9

fix(lshctl): remove deps check 5c2b1d039d

fix(lshctl): remove deprecated --disable-telemetry flag of k0sctl 2704c7b218

dev: use shell.nix with flake 0668687c3e

style: add treefmt 7379c5e261

style: run treefmt 2f7ac5e67f

style: use REUSE compliant licensing 387bed38e2

style: nix fmt 99ba9d73c0

fix: move non-code to CC0-1.0 fc387416bf

chore: remove unused files 51e3573767

dev: add contributing guide 0b91344f6d

fix: add header in generated files b6f0ec03e3

feat: add some generic reconcilers d2452df888

feat(vaultwarden): initial packaging a590a16f2b

feat(synapse-admin): inital packaging 7de422711c

feat: use main db0a0ad2dd

doc(install): add option to only install pg crd ea212cd65d

style: make yaml lint compatible with controller-gen 3b8805b011

feat: add synapse-admin built with nix 77bc8fccb8

ci: fix typo in flake 47ac16278e

feat: add alps 476f7caee9

fix: stay on 14.2.6 for bookmark app 4215fd2688

feat(mobilizon): upgrate to v5.1.1 57c0c20c61

docs: adds missing namespace arg on comamnds creating grafana/loki secrets 0500995c84

fix: make postgres backup exporter to support graceful shutdown (update to wal-g-exporter:0.3.1) 502e32d2ee

fix: example file for local nix overrides was broken 6f8a81f595

chore: delete libresh-api ... 4ab074e2b7

It is no longer in use

chore(prom-crds): secret is not used f792abd4be

refactor(helm-repo): adhere to convention ... b935d706d5

and delete post build as it is not used

style(helm-repo): and alpha order bcb0ddd19b

fix(gitrepo): use branch 93e4e84063

feat(acme): add le cluster issuer in flux 0366d53f31

feat(minio): update image in example 9e94c72ac8

feat(minio): change default names in example ba59d37f02

doc: improve readme 4de1c713a2

chore: fix lint b58f761b3d

fix(keycloak): remove overlapping session cookie 3f5549b634

feat(keycloak): add > v23 compatibility d5ffd1fb4b

fix(loki): remove internet exposition 067bf759e5

fix(nextcloud): update liiibre app ... 645cd2e379

Fix the icons issue.

feat: update nextcloud apps (forms, user_oidc, groupfolders,...) 1f4789c8fa

fix(nextcloud): allow download of onlyoffice images d4ce79ebdd

feat(keycloak): move here & fetch external resources with nix 2e4b4cb2cf

feat(keycloak): upgrade to v26 641d423fd2

feat(nextcloud): update v29.11 a8e90791ea

fix: remove blocking patch s3-versions-leak.diff 3493911f3f

feat(keycloak): update themes 7dd2018158

fix(nix): use pkgs fetcher 14a2a30120

feat(keycloak): add altcha extension 6bf1a475e8

feat(keycloak): upgrade to v26.1.1 05e40f8b19

fix(nextcloud): polls 7.2.10 only support php 8.0 a79eaedaea

feat: update minio operator 6fef0b17a0

feat(minio operator): use upstream image 6bb17ec4e5

fix(oidc): watch idp secret instead of service 2ce1186ae2

fix(redis): watch service c1706f45d9

fix(ada): enable br_netfilter 8aa00ac258

fix(ada): force fdn dns 012431f420

fix(ada): force apt sources c42fda223f

fix(ada): ensure ip_forward 3377e59333

fix(ada): slow iptables sync 0965da881b

fix(ada): change kube-proxy mode to ipvs 2aba0f99a2

chore(ada): remove addons managed by flux 6c0d53b936

fix(ada): remove volume management 2abc6dc063

fix(ada): use public api ip 3152f99857

feat(ada): upgrade to v1.32.1 755e95659c

fix(lshctl): use latest k0sctl b59a58a2b9

fix(lshctl): add missing gen folder b2259b892b

fix(lshctl): move to opentofu 49b6f2bf84

fix(decidim): Execute sidekiq in Bundler context e0e2214ea6

feat(keycloak): bump to v26.1.2 2868f18884

fix(keycloak): change uptime path 7e2e554a72

fix(keycloak): remove bad db changelog bb5de058af

fix(keycloak): handle theme migration 485e4c9495

fix(keycloak): update themes b304e9a390

fix(ada): remove worker private net d8f72239fe

fix(ada): allow in-cluster traffic instead of cidr 79010407a4

feat(onlyoffice): upgrade to v8.3.0 1b033db782

feat(observability): add env var for bucket provider 0bebc90a23

feat(discourse): update discourse and plugins 0b131bab99

feat(nextcloud): update to 29.0.12 & update apps 11d9d65314

feat(nextcloud): update customnav and multioffice supported versions 12c006bd6d

fix: update keycloak-themes 2101e655a9

fix: update keycloak-themes 4a34864319

feat(lool): upgrade to v24.4.13 e71bbef245

feat(rocketchat): upgrade to v7.3.3 cd325efe00

fix(rocketchat): revert some lines remove ccc95b5478

feat(planka): bump to v1.25.0 43167392d4

feat(events): add missing flux-ks 56092efa3c

feat(jibri): bump to v0.6.0 c92bfab985

fix(renovate): change base branch 7c077c67b1

feat(grist): update to v1.4.2 01255b8a2f

feat(grist): Add allowed webhook domains d57a5950e9

feat(synapse): bump to v1.126.0 1377491373

feat(element): bump to v1.11.95 d62f38bfaa

fix(synapse): use recreate strat for deploy ... ce68b7e489

We saw a bug in an update from 118 to 120:

```
A temporary workaround to fix this error is to shut down Synapse (including
any and all workers) and run the following SQL:

    DELETE FROM stream_positions WHERE stream_name = 'to_device';
```

We hope this will fix it.

fix(element): use non privileged port c409555406

feat(synapse): auto delete forgotten room 2bf67dedb2

fix(element): support nix image 23885a481a

fix(element): build via nix fe4ee0bb89

feat(livekit): add internal turn service 1ab67acf09

fix(dev): set default cluster issuer a78d594d5b

fix(synapse): should be a string 43d1e45982

chore(synapse): remove temporary solution 60b220a1ec

fix(dev): deploy only replica for operator b73a58826d

fix(elementCall): add config in synapse & well-known d4494af703

fix(livekit): deployment specs for turn ff5f31a59b

feat(livekit): set default for turn host and create certificate ac1e600be6

fix(livekit): change udp port ... 6fa14b141e

loadbalancer does not work with udp so it won't work on port 443

fix(element): reference to namespaced object for element call a710f6c2c2

fix(element): enable feature video room when element call enabled d9f8863ea9

style: format 2f663f5f4e

feat(synapse): support appservices c31b4c9388

fix(elementcall): add ingress for livekit jwt service 4b092a974b

fix(elementcall): remove guest call in element 91a4be6b26

feat(matrix): add hookshot d39a4cda48

fix: remove image digest ef258e3eb9

fix(hookshot): repair config template 81785f6b6f

fix(hookshot): add missing exclusive 5f307c6bb5

fix(hookshot): use the right url ba692a38e0

fix(deps): upgrade cuelang 0d421759d5

fix(synapse): add a condition on app service config defb6f94c9

feat(zalando-pg): update helm to 1.12.2 ... eaf13f9af0

Upgrade the helm chart, and the zalando postgres operator to 1.12.2

https://github.com/zalando/postgres-operator/releases/tag/v1.12.2

feat: update thanos group ... eb358ce3a8

| datasource | package               | from    | to      |
| ---------- | --------------------- | ------- | ------- |
| docker     | quay.io/thanos/thanos | v0.36.1 | v0.37.2 |
| helm       | thanos                | 15.8.1  | 15.13.2 |

feat: update quay.io/prometheuscommunity/postgres-exporter docker tag to v0.17.1 ... fe018146aa

| datasource | package                                       | from    | to      |
| ---------- | --------------------------------------------- | ------- | ------- |
| docker     | quay.io/prometheuscommunity/postgres-exporter | v0.15.0 | v0.17.1 |

fix: update helm release cert-manager to v1.15.5 ... 6137a82672

| datasource | package      | from    | to      |
| ---------- | ------------ | ------- | ------- |
| helm       | cert-manager | v1.15.3 | v1.15.5 |

feat: update helm release grafana to v8.10.4 ... 9518bde607

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | grafana | 8.5.12 | 8.10.4 |

feat!: Update Helm release kube-prometheus-stack to v65 663754b2f1

feat: update helm release ingressmonitorcontroller to v2.2.2 ... 60a3b74104

| datasource | package                  | from   | to    |
| ---------- | ------------------------ | ------ | ----- |
| helm       | ingressmonitorcontroller | 2.1.64 | 2.2.2 |

feat: update helm release kubernetes-event-exporter to v3.4.4 ... 55f459c056

| datasource | package                   | from   | to    |
| ---------- | ------------------------- | ------ | ----- |
| helm       | kubernetes-event-exporter | 3.2.12 | 3.4.4 |

feat: update helm release loki to v6.28.0 ... 8bbbdf7424

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | loki    | 6.21.0 | 6.28.0 |

feat: update registry.k8s.io/cpa/cluster-proportional-autoscaler docker tag to v1.9.0 ... 09d19f6f10

| datasource | package                                             | from   | to     |
| ---------- | --------------------------------------------------- | ------ | ------ |
| docker     | registry.k8s.io/cpa/cluster-proportional-autoscaler | v1.8.9 | v1.9.0 |

fix(keycloak): update theme bcd0fb457e

fix(keycloak): update themes 206a1fbfe2

fix(discourse): add MAX_REQS config in operator 6cbf487d0d

feat(postgres): update spilo image ... 82954ad11e

This is in the context of:
https://forge.liiib.re/indiehost/libre.sh/libre.sh/-/issues/120
We need this to deliver step 2 of our update

fix(grafana): remove label on svc ... cef689dd3b

Issue is fixed, we don't need this workaround anymore

fix(ingress): CVE-2025-1974 e8db74d250

feat(keycloak): update themes 797ffce2b7

fix(helm-repo): use oci for bitnami 689825401c

fix(hr-ks): increase timeout ... cf811db473

For some helm release, they take time to rollout.
For instance nginx, takes some dozen minutes to settle.

feat(thanos): add script to get values ... 7eaecc52e7

This script fetches the lastet original values.
It is usefule to explore them locally, with an IDE

fix(thanos): moves concurrency option e1dbd739f1

feat(oidcclient): add end session and certs URL 7e4f0787fc

chore: refactor 3944dce7ae

feat(docs): add Docs application 6e4f2d22fa

chore: prepare merge a902244f63

Merge remote-tracking branch 'amlg/main' 71378b21b6

chore: make check pass 6b5207a837

fix(ingress): remove use-forwarded-headers ... 7a83da4f82

with this option enabled client can change host which could lead to security issues

ci: switch to forgejo c4f4153460

feat(synapse): upgrade to 1.127.1 bdaef3c00e

fix(docs): deploy collaboration api ingress 64c865e57c

fix(docs): y-provider port 0dcb083c37

refactor(controller): add getSuffixedImage in pkg 3f5d6a0d47

feat(staticwebsite): add additionalHosts field b9f44dad5c

fix(docs): remove auth annotations for y-provider 16213f82e3

feat(visio): add visio application 7f32e766f2

fix(docs): change y-provider port in service 91623142ce

refactor: add generic admin secret 3e66192108

fix(visio): add crds & reconciler to main 4949ea2509

fix(django): fix secrets suffix & cleanup d8e034bbb6

fix(visio): fix url 35e6e73a04

feat(website): support multiple directory mode 5fd6463277

feat(script): add compile-live-recording.sh 2a999f56d5

feat(pg): update zalando operator 3b70376978

fix(visio): secret names for django apps & remove bucket vars 48115832df

fix(django): move DJANGO_SETTINGS to apps 05d422de43

fix(visio): reconcile secret ee95d55362

feat(forgejo): add anubis support ... 6c240568d4

Should help with IA crawlers.

dev: add a justfile 58ffc22363

fix(website): ensure directory strategy mode is valid bb51420879

fix(element): enable html topic + notification menu by default & point help to the forum ... 378a5dea76

#419

ci: indroduce configurable builds 66db3c8725

ci: exclude tools folder 38162304bb

fix(cpu): remove cpu limits dc1b72fee7

feat(pg): update zalando operator to 1.14 8784f9b1cf

feat(cpu-request): improve cpu requests ... e173e17898

based on observation

fix(resources): typo 5c00c956fd

fix(resources): typo 212f3a4817

fix(nextcloud): support no liiibre sso ... cbc3d1dfee

#412

fix(nextcloud): make oidc group provisionning an option ... 4f3745c514

#413

feat(docs): add theme, adminUser and WS url in Docs 67bf2b14f9

ci: wrap buildGoModule a3313c7c96

feat: add a simple altcha-cli e8112a624b

ci: build amlg 91544ce457

feat(crowdsec-bouncer-plugin): use altcha as captcha 5c53f8b4e1

fix(oidc): end session URL c1cfe69271

fix(visio): port for frontend service eb4fe53078

feat(grist): add envFrom in Grist spec e9e3d05f55

feat(nextcloud): update v30.0.8 (with oidc) 93514de526

fix(nextcloud): remove patch not needed b44a6920cf

fix(nextcloud): add .ncdata file (again) f1966663d2

fix(nextcloud): add .ncdata in dockerfile da906453e1

feat(listmonk-sms): init a small api translator to sms gateway d559120435

fix(nextcloud):v30.0008.3:fix app passwords download path 99dba07861

fix(nextcloud):v30.0008.3:fix app passwords download path (again) 6add2c7369

feat(nextcloud): add a debug mode 663dd424b8

fix(nextcloud):v30.0008.4:fix app passwords version (compatibility php8.2) bc53199726

fix(nextcloud):v30.0008.4:fix app passwords version (compatibility php8.2) 308f404e55

feat(pg-operator): improve cpu req/lim 250ead0dc9

fix(realm): only set session lifetime at realm creation ... b57fa75e34

this will enable users to change this value in keycloak interface without it being overrided by the controller

fix(nextcloud): relax cross origin headers fd5bc2d5dd

fix(juicefs): expose secret to expand controller be45d6ffae

fix(nix): add cacerts to images addbf02f04

fix: grafana dashboard, minio, changed how scrape_jobs value is populated: on a dev env we have 'minio' as scrape_job, which didn't worked with those dashboards 522e896dd6

doc: added some fixes to the README e914c47f61

feat(minio): add some alerts (accidental deletion of data in bucket, low space available) e2d221466c

Fix(bucket): typo e38f18c595

feat(bucket): add name in status b9196f4763

refactor(bucket): move some logic f9ba434235

feat(bucket): add manual provider 50cd07c630

feat(docs): add images for Docs application bdf39d76e5

feat(discourse): upgrade to v3.4.2 5e23980447

feat(grist): allow to create workspaces 7360784620

feat(listmonk): bump to v5.0.0 26e084b073

ci: skip crowdsec-bouncer-plugin cb32ce625d

ci: skip docs 49cd2f9ae9

Merge pull request 'feat/nextcloud/v30' (#31) from feat/nextcloud/v30 into main ... dcf5024ca0

Reviewed-on: https://forge.libre.sh/indiehosters/images/pulls/31

fix(nextcloud) : remove public link email notification setting b7705dbd3f

feat(mobilizon): build ctx with nix & add variants 535d3c2079

fix(forgejo): update anubis d4464c72fb

fix(forgejo): reduce anubis difficulty 89cc5dc006

fix(mobilizon): improve ob patches 19f6c46951

ci: add a cache system based on nixbase32 039b8a774c

ci: logs executed commands 9bcafd97f7

ci: fix cached image registry 982967b377

feat(nextcloud): add a build with xdebug e30b2d3065

fix(nextcloud): re-upgrade tables 72b07188c4

fix(nextcloud): update the invalidate group cache patch cf861f5d20

chore(mobilizon): remove unused files & versions bd7fef1aeb

fix: don't set owner ref on bucket dns b5f6746b2e

ci: skip mobilizon make 38c64eba63

fix(staticwebsite): intercept 404 errors fc91f71220

feat(staticwebsite): redirect with a trailing slash 065bdddaaa

chore(bucket): remove unused bucketdns code ... 2ecf174754

We use a wildcard ingress instead.

ci(discourse): nixify adfa58343a

feat(onlyoffice): upgrade to v8.3.3.1 dea151b2b2

feat(keycloak): update themes 2a0d99a9d4

feat(prom): add original values script bd61d37589

feat(ada-auth): connect to keycloak ffeba39784

feat(uptime): move to autokuma 7d575ac41c

build: bump to go v1.24 2fd20c5948

feat(uptime): enable notifs f315e31141

feat(observability): update stack dd053955e5

declare every apps in ci.yml 1ede068a04

add PATH to the cmd environment a470b38476

use the go ci tools to build the images ac0ddd5214

use the proper command to call the go ci tools ae13a4b844

fix typo in ci.yml f5b17af9ca

remove collabora Makefile 9d9965a8ae

update run command for main branch 5db2352144

feat(meet): add lasuite meet app cada7fa9fd

ci: fix add push argument on main branch 0c5d25e172

fix(meet): fix fonts in lasuitecoop theme 8aac8683fd

fix(meet): copy icons and logo in the right path 0e8d4e22d0

fix(meet): fix font for lasuitecoop theme 2cc55bebe9

feat(design-system): add design system, integrate in docs and meet ... b2d0b5e8e2

design system stores assets that can be reused between different apps

fix(docs): resize icon 06ad77461e

fix(docs): add the right favicon and font colors 1a5a0e4ba2

fix(docs): copy fonts in the right path and add favicon in ico format 0acda98304

chore: treefmt follows same nixpkgs & run nix fmt 16037d367a

fix(go): add a messageFormat to conditions.Mark ... 3ad12cf74f

Resolves non-constant format string errors with go 1.24

fix(synapse): add it to uptime 84cb48d1da

feat(promtail): add script to get original values 9dc2f2f186

feat(promtail): add priority class 9fd8afcf08

fix(promtail): change the way cm is managed by flux 89748e8759

feat(nginx): change nginx logs ... 65432c2847

remove:
- upstream_addr
- args (in request_uri already)
- http_referer
- server_protocol
- gzip_ratio

adds: namespace

feat(promtail): improves promtail ... a8683686fd

First I had to reimport the defaul.
Then, I add the app label to the beginning of the pipeline.
I drop the labels:
- filename
I changed these labels into metadata:
- node_name
- pod
I rewrite namespace label from the nginx log into the general namspace label

feat(tilt): bundle manifests objects into a single resource 0b764a4563

feat(dev): deploy keycloak ... 30815c6d2d

deploys keycloak in dev environment with tilt and set libresh-config with credentials

feat: support different operator mode 15edfe7259

wip: tenant deploy operator in namespace 464db76811

wip: tenant rbac 4c7ad845dd

feat: add LabelSelector and changed priority class name bb75343d9d

feat: add ServiceAccount and ClusterRoleBinding 8d09a0145d

feat: temporary modifs so that the Tenant Operator may run in --tenant mode a6d4866c94

style: changed condition syntax in if 170385ace3

fix: put reconcileClusterRoleBinding in static instead of public 96252a03ef

feat: splitting conttrollers in subfunctions a0c68e7b18

feat: manager in tenant mode only watch its own namespace a90dc63571

fix: wikijs in setupTenantControllers cd21671322

fix: move vaultwarden and synapse controller to subfunction 5696a1d2b0

feat: move Hookshot, Docs, Visio controller to tenant subfunction d674404c3b

feat: move portability controler to cluster subfunction a1d331fafd

feat: launch lsh-operator with the correct flags eacdb88910

feat: use tilt operator image for tenant operator c55f768bbc

chore: replace file header 08fbdb9ad3

fix: move IngressReconciler to tenant mode ef04e0d07d

Merge pull request 'feat/tilt-improve' (#442) from feat/tilt-improve into main ... 58f045fe30

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/442

fix: set latest tags in sample images b46bef9982

feat(dev): add just in nix-shell 5fe44007a3

Merge remote-tracking branch 'origin/main' into feat/split-operator ba55c109ed

feat(thanos): move compact to cron cc6519b1f0

feat(node-exporter): remove metrics. ... 274ec0cad2

fixes #88

fix(prom): change the way cm is managed by flux 4da8505518

fix(thanos): change the way cm is managed by flux 4faefeecba

feat(thanos): add persistence b5b0fd3a12

feat(thanos): update d16517b89e

feat(hr): add original values script 6dca3af5a8

feat(thanos): increase mem resources e64babfacf

feat(docs): update to v3.3.0 c577e86a40

feat(nginx): add request_length ... e9c544214e

This is to have a an idea of upload

feat(observability): add smartctl exporter 11166f9fb9

chore: add license headers 37be9ad485

Revert "fix: remove blocking patch s3-versions-leak.diff" ... 9ed1783b05

This reverts commit 3493911f3f.

fix: update fonts & use callPackage 5862831c0d

ci: add lib b111fffa60

ci: support empty matrix e34ef03ab7

fix(element): use lib 4e0ba8cd39

dev: add mkContainerImage 64f074070e

dev: overlay libre.sh packages 8c43c84d62

refactor(collabora): use mkContainerImage 96e3ad48fd

refactor(crowdsec): use mkNixImage 1d0ccd5172

fix(crowdsec): only build v1.0.5 bf60fbdcd2

refactor(discourse): use mkContainerImage b8413724cc

style: flake.nix 0196a5edd1

refactor(alps): use mkNixImage c184db566f

refactor(synapse-admin): use mkNixImage 384d481159

chore: remove obsolete hybrid make + nix scripts 88d5efa415

feat(element): support multi-versions build & add prefetch-element script 42189008d8

fix(element): assert if version exists 6d3a1fb200

feat(collabora): bump to v25.04.3-1 1e9ccc4a2e

feat: add liiibre-preflight cfd31b42b1

fix(liiibre-preflight): pin version b08014ee55

fix(nextcloud): support loading config from json file d9c2c0be41

chore: Move all files to into images ... 151e0e0340

In preparation to move this repo in libre.sh monrepo

Merge remote-tracking branch 'images/feat/mv-monorepo' into feat/monorepo ... 25f76fa53b

move images repo into libre.sh monorepo

chore: re-organize images in monorepo logic ... e36f4bda68

merge flake in one flake
merge ci actions
merge cli into lshctl
move nix libs in nix

Signed-off-by: unteem <timothee@indie.host>

fix: build image in the right context ... e83eb07402

it seems that there is an heurstic that first checks if Dockerfile
is in the root context and use it first if its there

Signed-off-by: unteem <timothee@indiehosters.net>

chore: remove ingress monitoring ... 2b569c002d

It's been automated outside the cluster.

fix(media-repo): move the reconciler to cluster operator fcfb8a988f

fix(element): extract the element call logic in a cluster controller 019068a2fb

fix(ci): remove self-reference and split nix packages and images ... 06363fadb4

Prevent infinite recursion

style: run formatter 0355be2c87

fix(tenant): decrease operator resource requests b6bde2c44c

Merge branch 'feat/split-operator' ... 8d1811bc7b

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/362

Merge pull request 'Move images repo into libre.sh monorepo' (#448) from feat/monorepo into main ... 81c6b9f444

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/448

chore: remove unused stuff ... b5e18c8ff1

gitlab ci
remove all previous work on cli with bubble to provision cluster

fix(ci): set right computeHash for lshctl 2b2324168f

feat(image-nextcloud): move apps ... e662f7710c

from libreho.st to this forge

fix(image-nextcloud): add redis php ini config ... 4e8402fcce

from upstream
f0a7a8c934/30/fpm/entrypoint.sh (L115-L148)

fix(livekit): properly skip turn config when disabled b7616e0535

feat(tenant): copy cluster-settings e7d5b06689

fix(livekit): use namespace local cluster-settings fd60ff3928

feat(livekit): support matrix auth 711d07148b

fix(synapse): loosen well-known client definition fb8cf622c4

fix(nextcloud): rename liiibre app 91779502f4

fix(nextcloud): use the second part of the splitted app name bdf86a0ddb

feat(nextcloud): update to v30.0.11 78e8c7c2d2

feat(doc): update to v3.4.0 e6d661c491

feat(manifests): add reloader 2283f7b5f2

fix(images/docs): fix liiibre patch and set the right hash for v3.4.0 32e5b423d3

feat(nextcloud): support cue generated json config editable at runtime in the CR ... c42a451300

The config isn't loaded yet.

refactor(nix): reorgnize nix packages, images and libs 26b7a30436

chore: add result to .gitignore b12e310f54

Merge branch 'refactor/nix' 5ce8bcfaf6

fix(tilt): add commit rev c78983e5e4

fix(cue): don't generate value if it's concrete ... 1ec8582565

In some case we might derive the value from other another field.

fix(cue): support nested hidden fields 32dc782224

fix(cue): check the correct value during generation 1dfcc51959

feat(cue): log all errors 0723120150

Revert "fix(images/docs): fix liiibre patch and set the right hash for v3.4.0" ... 185743f882

This reverts commit 32e5b423d3.

fix(ci): use fonts as nix package 517e21da95

fix(ci): fix images path and remove unused 82452e9624

fix(postgres): change pooler svc suffix 97fa04569b

feat(nextcloud): uptade to v30.0.13 81d3416a60

fix(nextcloud): fixup cue config f3dc0ed4e2

chore: styling 978868b6ad

refactor(listmonk): nixify + add ih theme 8665bb6da7

feat(grist): upgrate to v1.6.1 & nixify cf1bb6ad27

build(imaginary): nixify 9cf0b26c51

build(jibri): nixify 1b31c2ca66

build(keycloak): nixify 44253b5a69

build(maas): nixify 1d7e11a3bb

build(matrix-wellknown): nixify 6501ca4c8b

build(minio): nixify f76394b977

build(nextcloud): nixify 29a8418d4e

build(onlyoffice): nixify 4484c1fb02

build(planka): nixify aec5408a40

build(rocketchat): nixify 732b0d4fec

build(synapse): nixify 5078e0772f

build(wikijs): nixify d7874d2928

chore: remove all images Makefile 3b3a2b0e11

style(minio): fmt 2f7857e242

feat(grist): cancel update to 1.6.1 2264dfa831

feat(rocketchat): add v7.8.2 641dac9c33

fix(grist): update entrypoint patch 46fb6d1123

fix(nextcloud): fix infinite recursion acf97344d0

feat(rocketchat): upgrade to v7.8.2 49134fb4ad

feat(rocketchat): upgrade to v7.8.3 8290674529

feat(collabora) : update last version a2bebc35d7

Merge branch 'feat/collabora-online/v25.04.4-2' ddfc6171f5

feat(ci): build only one application + specify arguments ... cccd649d37

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/464
Reviewed-by: Hugo Renard <hugo.renard@proton.me>
Co-authored-by: Aurore Roma <aroma@courrier.dev>
Co-committed-by: Aurore Roma <aroma@courrier.dev>

feat(discourse): update to v3.4.7 574f230798

fix(discourse): replace env of refresh-assets 0be18f7fcb

build(discourse): loosen plugins versions df00ba483c

feat(docs): update to v3.5.0 f9f0e1de9d

Merge branch 'feat/discourse/v3.4.7' 77bccb6ff0

Merge branch 'feat/docs/v3.5.0' 11107e953e

feat(keycloak): update to v26.3.2 5e7faee2ab

Merge branch 'feat/keycloak/v26.3' 5f5e6acbca

feat(meet): update to v0.1.33 26af9183a1

Merge branch 'feat/meet/v0.1.33' 6844848760

fix: make label if nil 04fce5740e

chore: remove dead code 9f1b11089b

dev: update ingress 909c723238

feat(pastille): init backend 7d3458c2d2

fix(ci/nextcloud): add debug as target & fix infinite recursion ... ca30b36cac

reverts commit acf97344d0
which introduces another error, debug not built anymore as target

feat(runtime)!: introduce scoped nginx config snippet 769a425f9c

fix(keycloak): add missing import 8520585aa5

feat(pastille-proxy): add a sidecar proxy to inject pastille 78c06282da

feat(tenant): inject pastille in every ingresses by default f3571322a0

fix(tenant): invert wrong condition e0db98e1c2

fix(pastille): sort ingress list ... 32c0079af1

to avoid endless reconcile loop

feat(synapse) : update to v1.135.2 5a82d1c12f

feat(synapse) : update to v1.136.0 6299fdda58

feat(synapse) : remove force_fede.patch 221cb1cac1

feat(synapse) : remove force_fede.patch from default.nix 90fbf14ba3

feat(synapse) : remove force_fede.patch from Containerfile bfb1441080

feat(synapse) : remove force_fede.patch from Containerfile again 8422e4b0ec

Merge branch 'feat/synapse/v1.135.2' ed1a5d7c17

feat(element): upgrade to v1.11.109 ... 5419e6242f

feat(element): v1.11.109 : add hash from prefetch

Merge branch 'feat/element/v1.11.109' 3e60b68acc

fix(discourse) : remove old pluggin discourse-encryption 9efcffa9d2

Merge branch 'fix/discourse/v3.4.7' d1fe422bee

feat(keycloak) : add new themes into build image 10feb63a1d

feat(keyclaok) : update keycloak-themes b059f44e34

chore: remove result 0e4004c5d7

dev: reduce ingress processes ... bd93da36ca

avoid some crashes

feat(pastille): add mail option eae85dcd49

refactor(pastille): migrade injection in a generic sidecard proxy a4b4983f7e

fix(ingress): don't add extra newlines in snippet f3ba2689bf

fix(tenant): cache only the tenant attached to the namespace 134319f350

feat(tenant): allow in-namespace pods to view the tenant 0beccc925f

refactor: generate pastille config in tenant self controller & improve csp injection b70ae0c3ee

ci: remove pastille image d6501281ad

chore(tenant): cleanup self controller 41ffedb00b

chore: add missing spdx c247825aae

fix(synapse): change ingress path type ... d3324b1f9a

nginx-ingress don't like the dot

feat(pastille): bump cf42c04d9d

feat: print host in app list 758d919afa

dev: easily deploy from src to tenant 5cac4cd6ea

feat(keycloak): update keycloak-themes e29b1fa777

feat(keycloak): update keycloak to v26.3.3 4a0efff18f

feat(grist): update to v1.7.2 b6c3fc9e1a

feat(grist): update to v1.7.2 900735396f

Merge branch 'feat/grist/v1.7.2' 1829c5b9a9

fix(proxy): override the right header 4bc8230e6f

fix(nextcloud): remove headers managed upstream & add Cross-Origin-Resource-Policy fed915bff1

fix(pastille): re-inject nonce 693b43d3b7

fix(pastille): point to ih forum 0144e16865

feat(pastille): add account link c96582df08

feat(realm): smart redirect 0cfc58eebe

fix(proxy): bad resource name ea7af5c5fe

fix(keycloak): update themes bfd6af4e73

feat(nextcloud): toggle cueconfig via annotation 6f929fdd4a

feat(pastille): update 48548dc4d5

feat: enable alertmanager ingress ... 9136cf57f2

Signed-off-by: Pierre Ozoux Krebber <pierre@ozoux.net>

doc(alertmanager): adds instructuctions for basic auth fdc10d1d4f

chore: fix formating c522de42fb

feat(pastille): upgrade 0a78711c22

feat(nextcloud): update image to v30.0.14 and apps ab3d3d9fed

Merge branch 'feat/nextcloud/v30.0.14' 46165fe338

fix(nextcloud): bump version 3c33aaae84

dev: make dockerfile compatible with src2tenant 0634b0aee1

feat(onlyoffice) : add prefetch logic & update to v9.0.4 (#488) ... 2f3ff6c824

server submodule is now prefetched with the right rev, hash and buildNumber

Co-authored-by: acazenave <arnaud@indiehosters.net>
Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/488
Reviewed-by: Hugo Renard <hugo.renard@proton.me>

feat(controller/realm): force admin and user events logging for 7 days (#497) ... 00b77225c3

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/497
Reviewed-by: acazenave <arnaud@indiehosters.net>

fix(synapse): add CORS on well-known delegation in proxy mode d3e105bd4b

ci: show all logs 51abbe121d

fix(nextcloud): update version hash 5a17dae736

fix(nextcloud): user proper patch version 69cc7c90e3

fix(nextcloud): make config dir writable 4d1586369d

feat(nixlibs): add args for file in mkContainerImage (#506) ... 5d7e8d709e

in some cases we need to be able to point to container file (la suite apps)

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/506
Reviewed-by: Hugo Renard <hugo.renard@proton.me>

dev: refactor lsh-gen using ast dac7826190

dev(lsh-gen): generate app operators ... 0364a83cd3

Preparing the infra for the next deploy system.

fix(pastille): run nix-update ... 0f5c077e97

using a fork github.com/hrenard/nix-update

feat(controller/postgres): enable management of multiple majors versions (#505) ... c8759e22f9

For now upgrade need to be manual

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/505
Reviewed-by: Hugo Renard <hugo.renard@proton.me>

fix(controller/postgres): set current version when postgres is initialized d1d0f21222

fix(controller/postgres): set pg default version a0df6d27a0

fix(controller/postgres): set version in status c6b842585e

feat(pastille): enable auto config for docs + grist + vaultwarden + wikijs dd225a1a02

fix(docs): force django site in db ... 2c24438535

workaround for https://github.com/suitenumerique/docs/issues/1386

fix(docs): remove extra quotes in sql query 05e0a56e51

fix(src2tenant): disable cgo 245593fdd9

fix(docs): always pull images 7fa443350e

fix(visio): always pull images e403484d83

refactor(images/docs): use callPackage & mkContainerImage bdd72d4b62

feat(docs): add arg to enable homepage e35cf4d79e

feat(docs): update to v3.6.0 ... f3265e200d

remove homepage patch (merged upstream)
update env variables for OIDC

refactor(nix): use packagesFromDirectoryRecursive to declare pkgs & images + small fixes e40f59f189

feat(docs): build v3.7.0 6268551c00

Merge branch 'feat/docs/v3.7.0' 3f91ca1b96

feat(meet): build v0.1.38 49187917d6

Merge branch 'feat/visio/v0.1.38' d87f2345bf

feat(nix): bind passthru in mkImage c4c7201811

refactor(crowdsec-bouncer-plugin): pin version & add update script 5400c7c3b6

refactor(discourse): pin version 518002d4c6

refactor(docs): pin version 4d1e1a34b9

refactor(element): pin version + add update script 2b9e48931b

refactor(meet): pin version & add update script 2c16b07835

dev(grist): add update script 5a5401abb5

refactor(planka): pin version in nix 7aa1ee425d

refactor(wikijs): pin version in nix 4bc7cd0d50

refactor(synapse-admin): pin version in nix & add update script 27341b8858

refactor(synapse): pin version in nix 6bd36b22f1

refactor(rocketchat): pin version in nix 2d71cd5bfc

refactor(mobilizon): pin version in nix & add update script 0a932352c7

refactor(keycloak): pin version in nix 1bcdfd176d

refactor(minio): pin version in nix d9a0bb7b4f

refactor(mas): pin version in nix d42cebb542

feat(meet): update to v0.1.38 48d8fb9bd8

Revert "feat(meet): update to v0.1.38" ... 30f84be414

This reverts commit 48d8fb9bd8.

fix(docs): enable versioning bfe38ccb06

fix(listmonk): create tmp folder 13c0dc6617

feat(nextcloud): update to v31 0de0857f5e

chore(nextcloud): remove unused file dd0153b013

feat(nextcloud): move patch detection in update script & use semver to sort app versions 937069e7f5

Merge branch 'feat/nextcloud/v31' f9c11a4abd

feat(listmonk): bump to v5.1.0 & add update script c30015a1d3

feat(nextcloud): update liiibre commit version 89d3256b45

fix(listmonk): serve altcha js bcd7c04378

fix(loki): remove ruler c64c0e2fcf

feat(loki): upgrade helm to 6.38 ... cf31a17ae5

and loki to 3.5.3

feat(image-wal-g): build wal-g-exporter image ... e2acfced52

This image had several CVE.
The idea is to import it, and build it ourself to fix it.

feat(helm-release): add link to release-page 1391d52e6e

feat(grafana): update to 9.4.5 f440f06bb3

feat(prometheus): update to 77.9.1 d168a1e06f

feat(thanos): update to 17.3.1 16378f7a68

feat(thanos): update upstream image ... 7f473f0311

use the uptream docker image built by thanos.
As documented here:
https://github.com/thanos-io/thanos/issues/8381#issuecomment-3165102688

feat(nginx): update to 4.11.8 ebd9077b74

feat(wal-g-exporter): use internal image ... 692048e4d2

and update

feat(nix): update flake ad18871ebf

feat(images): add promtail 5bd6735d4e

feat(images): add keydb 780f7f5c2d

feat(images-pg): add operator ec2cd11955

feat(images-pg): add logical-backup image 53c80f31d4

doc(images): add some debug help 998c89d38c

refactor: use gomod2nix to avoid duplicate eval of go vendors + wrap deps of lsh-operator (#521) ... 4146a3b47b

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/521
Reviewed-by: unteem <timothee@indiehosters.net>
Co-authored-by: Hugo Renard <hugo.renard@protonmail.com>
Co-committed-by: Hugo Renard <hugo.renard@protonmail.com>

doc: configuration tweaks for local run d7f293aa23

feat(jibri): bump to v0.8.0 7710e288de

feat(keycloak): update themes 52956c586f

fix(keycloak): update themes ... 11a2cf082a

lasuitecoop-interne was broken

feat(image-minio): build latest ... 498b27c6d2

https://github.com/minio/minio/issues/21647#issuecomment-3429409031

feat(nginx): add original values 8baddf29ed

doc(images): add dive 451f159413

fix(docs): missing collab ingress ... 4e8cafc286

It was flappy, and probably missing

feat(debug): add debug for flappy ingresses 3b3887ddc1

fix(controller-runtime): stabilize nginx configuration snippet ... 439daf3958

Avoid injecting newline on empty snippet.

feat: update all go deps ece32433fd

fix(synapse): simplify ambiguous config in cue dbd74c91bb

feat(operator): move to debug log level 7631851f8e

fix(debug-log): remove logs ... e60fb72218

todo later:
investigate debug env variable for the operator

fix(go): use latest version only to buildGoApplication 55d71a0e31

style: nix fmt 9ee1125aa8

fix(multioffice): build new NC version d0474f8e40

fix(redis-controller): Name the manager ... c15c4e1c35

fix #537

doc(libresh-dev): fix alpha order 2ee04e256e

fix(nextcloud): set the right patch version 9377a19f2f

feat(grist): bump version 1.7.5 + fix max size forms attachments d3b0c7190c

feat(collabora): upgrade to v25.04.7-1 f24d802d29

Merge branch 'feat/collabora/v25.04.7-1' d458f32d60

feat(pastille): update pastille ... 91c72ee064

pastille is not opened when loaded in an iframe.
fixes issues with onlyoffice in nextcloud

feat(docs): update to v3.7.0 c87ab66b56

fix(operator-saml): make baseUrl optional 86f6a4a75a

fix(operator): add Name in managers 59e0ec6358

feat(make): add diff-install command 96ce4d8516

feat(postgres): update default image to 17:4.0-p3 dc24e2bae4

feat(nextcloud): minor upgrade to 31.0.10 87f460144b

fix(nextcloud): remove merged patch s3-versions-leak.diff d239409fd5

fix: keydb image tag 7c6ab47cb9

fix(keydb): use latest tag 21d533d9e4

fix(lool): add Privileges to pod (#545) ... 042a90a735

fixes bind mount error

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/545
Reviewed-by: unteem <timothee@indiehosters.net>
Co-authored-by: Pierre Ozoux Krebber <pierre@ozoux.net>
Co-committed-by: Pierre Ozoux Krebber <pierre@ozoux.net>

feat(pg): allow to choose manual bucket provider 5824c7fe5e

feat(nginx-ingress): update to 4.12.8 a3c8757bc0

fix(cert-manager): url changed ... 74a7855d19

b04fe78eed (diff-cd8d67e9c6)

feat(visio/controller): set frontend manifest link and option to set theme a178fcf284

feat(visio): update to v0.1.42 ... 930fac07c2

update to v0.1.42
simplify patch to conform with upstream and customization possibilities
add favicons
adapt css for themes, now its imported at runtime
fix sliders images

feat(fonts): update bf7f18c4f1

feat(nextcloud): update to v31.0.12 44196eea13

feat(nextcloud): update liiibre app version 4da84a3d5b

feat(nextcloud): force NC desktop version dfabed66bd

fix(nextcloud): downgrade draw.io version to fix CORS error f6b233a10a

feat(flux): update api version ... 8434fb8ab4

beta are deprecated.

feat(flux): update api version ... 99e41c721b

beta are deprecated.

feat(collabora): uptade to 25.04.8-1 f1ab76290c

fix(nextcloud): add header CORP cross-origin to allow draw.io server (#556) ... 8f879f594b

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/556
Reviewed-by: unteem <timothee@indiehosters.net>
Co-authored-by: acazenave <arnaud@indiehosters.net>
Co-committed-by: acazenave <arnaud@indiehosters.net>

fix(nextcloud): add header as single arg ... 0089afb303

when function is called twice, output is overriden by last call

feat(keycloak): update to v26.4.7 095fee2740

fix(nextcloud): allow customnav to run on nc v31 e201df002b

feat(element): bump to v1.12.3 60aaeb0cdf

Merge branch 'feat/element/v1.12.7' 30ddafa1ba

feat(synapse): update to v1.144.0 6081542ce2

fix(images/onlyoffice): update to v9.2.1 ... d579a4f0e0

update version and remove old version
fix patch

fix(onlyoffice): add coep headers 48dbab5253

fix(onlyoffice): set non-zero timestamp e6be6d1212

fix(onlyoffice): max doc size to 300MB [#551] a333e10174

fix(element): remove a + in the web UI 05a238fc9d

doc(images): add build and push command 178d5f98e7

fix(wal-g-exporter): make entrypoint more robust ... 16055c0efb

Upstream PR is here:
https://github.com/thedatabaseme/wal-g-exporter/pull/16

feat(image): add spilo ... eed6bc546d

I had to do this to update the failing (cyberwatch) packages.
I tried the following:
- rebuild from trigger branch: https://github.com/zalando/spilo/issues/1164
- rebuild from the same tag doesn't work
- upgrade all the ubuntu doens't work either

feat(pg): update images ... d4394321a5

Use our own spilo image.
Usa sha256 instead of tags.

feat(pg): run rootless f4de0915ca

feat(velero): update cfb17da72f

feat(cert-manager): update edccd79a29

feat(nginx): update 23c45a5fd7

feat(grafana): update 2cbd1d6c41

feat(loki): update 549b59fe39

feat(prom): update 71cafdbcce

feat(thanos): update 309c7f46d4

feat(spilo): use latest 4119a96c34

feat(event-exporter): update image 4ab59738be

chore: format ... b0d3921e3b

pprof endpoint is not exposed anymore

fix(sidecar-proxy): create a dedicated ServeMux ... c4094d32b6

This avoids to expose pprof endpoints
Only expose wanted endpoints

feat(compile-recording): add cyberforgood-academy dacbaa421c

feat(compile-recording): make the script self contained 1125cc4a20

fix(pastille): typos e46bdc3cb0

feat(pastille): remove pad and rename some apps ... 2772147081

Docs/Notes is used in favor of pad

doc(flux): add update instructions be83395641

fix(nextcloud): fix headers, revert to more_set_headers ... 5c98d70d17

add_header breaks ingress template generation

feat(keycloak): bump version 26.5.1 + add theme FNCCR a18f2f1c4c

Merge branch 'feat/keycloak/v26.5.1' ae803ce85b

feat(docs): update to v4.4.0 & review theming ... 92e75f827a

Bumps version
Theming is now using cunningham at build time
Lasuitecoop theme still needs some custom tweaking

fix(velero): deprecated bitnami image f92d3ec7a6

Revert "fix(velero): deprecated bitnami image" ... 66729d6736

This reverts commit f92d3ec7a6.

feat(grist): update to v1.7.8 7287454733

chore: fix formatting 682836595d

feat(tenant): add info in tenant CR column ... dc7c0ed0a2

adds operator image, theme and domain

feat(nextcloud): update v31.0.13 db7d57e492

fix: merge conflict c0271ed6e3

Merge branch 'feat/nextcloud/v31.0.13' 78f83f3fb1

feat(nextcloud): change tag to v31.0013.1-nix 98ba5cabe2

Revert "feat(tenant): add info in tenant CR column" ... 29b9c7eb51

This reverts commit dc7c0ed0a2.

fix(nextcloud): rollback to v31.0012.3 4abbf0920e

doc(pg): update by removing su d4f3cf5c9a

feat(kc): add restrict-client-auth ce934ab02b

fix(nginx): CVE-2025-15467 27001ef528

feat(keycloak): update to 26.5.2 034f3a8714

fix(keycloak): fix FNCCR theme 762adda158

feat(grafana): update 87b714b634

feat(keydb): update image f658bd967d

feat(pg-operator): update image 059e51fcbb

feat(wal-g-exporter): update image 00a06c581b

feat(pastille): disable it on safari 86b832f5c8

Merge branch 'feat/pastille/disable-safari' 9cb0d33867

fix(controller/livekit): use nodePort for turn ... 4344a1b725

use default turn port 5349
use nodePort service
a loadbalancer need to be configured for turn service
to map port 443 to node port

Limitation: we can only configure one turn svc on the cluster

feat(keycloak): bump to version 26.5.4 303e8ab46a

Merge pull request 'fix(controller/livekit): use nodePort for turn' (#586) from fix/livekit/configure-turn into main ... 6772140c23

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/586
Reviewed-by: acazenave <arnaud@indiehosters.net>

feat(nextcloud): update to v31.0.13 c64e3ae320

fix(nextcloud): override default apps.config.php ... da0616237a

since last update nextcloud was expecting custom_apps folder
apps.config.php was not overrident by z.config.php

feat(nextcloud): update v32 97808a9918

feat(nextcloud): update nextcloud-liiibre app 6395ac00c1

feat(controller): add helper to get container in container list 2149d5dbce

feat(controllers): set default resources if container has not been edited ... 7665dcd6eb

Sets default resources if container does not exist
This allows users to override resources by editing the container directly

feat(controller/drive): add drive app 972a0d5243

feat(image/drive): add drive application 23de474c31

feat(design-system/fonts): add more Barlow fonts and update ... 647017ffe4

fixes issues with alignements
adds italic and bolditalic

feat(controller/django): add fullname mapping e5e4626426

doc(README): update dev cluster installation instructions ... be698bf177

In commit b935d70 cluster/libresh-repositories.yaml has been moved to
cluster/repositories/flux-ks.yml but the README still references the old
path.

fix(nextcloud): increase container app ram default limit and request 7ec88773db

fix(controller): set defaults fc742ed54f

Merge pull request 'Update development cluster installation instructions' (#604) from local-cluster into main ... d8325f49ff

Reviewed-on: https://forge.libre.sh/indiehosters/libre.sh/pulls/604
Reviewed-by: unteem <timothee@indiehosters.net>

fix(drive/celery): set sane defaults ... f17aac57d1

limit number of workers, by default equals to number of CPUs
limit memory per worker and number of tasks
avoids memory leak

fix(tilt): extract minio client configuration from the Tiltfile 4e54252c3a

fix(tilt): bump to ingress-nginx 1.14 ... 2099171738

Also, pin ingress-nginx controller to control-plane node, because
ingress-nginx 1.14 removed the ingress-ready nodeSelector from its
Kind manifest, which can schedule the controller on worker nodes
that don't expose ports 80/443.

fix: update local tenant config ... 292c2bc8e4

enable pastille and add domain and notificationsMail

feat(tilt): track Keycloak pods and logs in Tilt dashboard ... be53bc2b0b

Replace local_resource kubectl apply with k8s_yaml for the Keycloak CR,
add pod selector to surface Keycloak pod logs, and group related
resources under the 'keycloak' label.

refactor(tilt): use k8s_yaml for cluster-settings secret ... cbee5f0ad8

Replace local_resource kubectl apply with k8s_yaml(blob()) for proper
Tilt object tracking and automatic cleanup.

refactor(tilt): replace curl polling with native resource dependencies ... c1dec4f28f

Use Tilt's pod readiness tracking and resource_deps instead of curl
loops to wait for Minio and Keycloak. Remove mc alias setup convenience.

refactor(tilt): use mkcert CA instead of cluster-generated CA ... 0687d8c097

Inject the host's mkcert root CA into cert-manager instead of
generating a new CA inside the cluster. The CA now persists across
cluster recreations, removing the need to reinstall it each time.

refactor: use dev.localhost domain instead of dev.local ... 88978bf57d

*.localhost resolves to loopback natively on Linux
removing the need for /etc/hosts entries. CoreDNS rewrite rule
updated to match the new domain.

feat(tilt): use static secrets for Minio 5c47c42fca

feat(tilt): use static secrets for keycloak dfc2e2ea6b

feat(pastille): update for nextcloud link_editor support 6ae21d3cf2

fix(nextcloud): hotfix for Collabora + OO share links opening ... ab626797f6

https://github.com/ONLYOFFICE/onlyoffice-nextcloud/pull/1122

Co-authored-by: Loan Robert <loan@yaal.coop>

refactor: centralize hardcoded container images into internal/images ... 41add8e846

This allow to override images and use a local registry for local development.

fix(pg): limit upload impact on storage 11f17c002e

fix(pg): startup could take a long time ... e026df674f

upstream issue:
https://github.com/zalando/spilo/issues/1164

feat(docs): build v4.8.2 051423f2ee

feat(controller/drive): reconcile cronjob ce47f05e61

feat(controller): generates a deterministic random cron schedule ... c52005d4e7

ensures that different resources gets distributed
throughout the day while the same resource always
gets the same schedule across reconciliations
implement in drive controller

Merge branch 'main' into local-cluster 89a1e78727

Merge upstream from Libre fork 157d99c2f5

thunerbl merged commit a7128e9886 into main 2026-03-29 15:32:22 +00:00

thunerbl referenced this pull request from a commit 2026-03-29 15:32:24 +00:00

Merge pull request 'sync-with-upsteam' (#1) from sync-with-upsteam into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

thunerbl/libre.sh!1

No description provided.