updates

charts/apps/home-assistant/templates/whisper.yaml

@@ -18,7 +18,7 @@ spec:
 
       containers:
         - name: "{{ .Release.Name }}-whisper"
-          image: "{{ .Values.whisper.image.repository }}:{{ .Values.whisper.image.tag }}"
+          image: "{{ .Values.whisper.image.repository }}:{{ .Values.piper.image.tag }}"
           imagePullPolicy: "{{ .Values.whisper.image.pullPolicy }}"
           args:
             - --model

charts/apps/zot/templates/config-map.yaml

@@ -36,9 +36,6 @@ data:
         },
         "auth": {
           "failDelay": 5,
-          "htpasswd": {
-            "path": "/etc/zot/htpasswd"
-          },
           "openid": {
             "providers": {
               "oidc": {
@@ -56,22 +53,12 @@ data:
             "actions": ["read", "create", "update", "delete"]
           },
           "repositories": {
-            "public/**": {
-              "anonymousPolicy": ["read"],
-              "defaultPolicy": ["read"],
-              "policies": [
-                {
-                  "users": ["*"],
-                  "actions": ["create", "update", "delete"]
-                }
-              ]
-            },
             "**": {
               "defaultPolicy": ["read"],
               "policies": [
                 {
                   "users": ["*"],
-                  "actions": ["create", "update", "delete"]
+                  "actions": ["push", "delete"]
                 }
               ]
             }

charts/apps/zot/templates/deployment.yaml

@@ -6,8 +6,6 @@ metadata:
     app: "{{ .Release.Name }}"
 spec:
   replicas: 1
-  strategy:
-    type: Recreate
   selector:
     matchLabels:
       app: "{{ .Release.Name }}"
@@ -16,6 +14,8 @@ spec:
       labels:
         app: "{{ .Release.Name }}"
     spec:
+      strategy:
+        type: Recreate
       initContainers:
         - name: render-config
           image: alpine:3.20
@@ -36,14 +36,9 @@ spec:
                 secretKeyRef:
                   name: "{{ .Release.Name }}-client"
                   key: clientSecret
-            - name: PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-cluster"
-                  key: password
           args:
             - |
-              apk add --no-cache gettext apache2-utils >/dev/null
+              apk add --no-cache gettext >/dev/null
               envsubst < /config-tpl/config.tpl.json > /config-out/config.json
               echo "Rendered /etc/zot/config.json"
               echo "---------------------------------------"
@@ -54,7 +49,6 @@ spec:
               echo "---------------------------------------"
               cat /config-out/secrets.json
               echo "---------------------------------------"
-              htpasswd -nbB cluster "$PASSWORD" > /config-out/htpasswd
           volumeMounts:
             - name: config-tpl
               mountPath: /config-tpl

charts/apps/zot/templates/secret.yaml

@@ -1,9 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: GenerateSecret
-metadata:
-  name: "{{ .Release.Name }}-cluster"
-spec:
-  fields:
-    - name: password
-      encoding: hex
-      length: 64

renovate.json5

@@ -1,50 +0,0 @@
-// .github/renovate.json5 (or renovate.json)
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "autodiscover": false,
-  "packageRules": [
-    {
-      "matchDatasources": ["docker"],
-      "extractVersion": "^(?<version>.*)$",
-      "versioning": "semver",
-      "groupName": "All Docker Images",
-      "pinDigests": true,
-    },
-  ],
-  "helm": {
-    "fileMatch": ["charts/**/values.yaml"],
-    // You generally don't need to list public registries here.
-    // Only add specific entries for *private* registries that require explicit authentication.
-    // Renovate is smart enough to infer common public ones.
-    "registryUrls": {
-      // "my.private.registry.com": "https://my.private.registry.com/v2/" // Example for a private registry
-      }
-  },
-  "regexManagers": [
-    {
-      "fileMatch": ["(^|/)charts/.*values\\.yaml$"],
-      "matchStrings": [
-        // Primary image:
-        // This regex tries to capture the full image name, including the registry if specified.
-        // It's designed to be flexible.
-        "repository:\\s*(?<depName>.*?)\\n\\s*tag:\\s*(?<currentValue>.*?)\\n",
-
-        // Nested images (e.g., piper.image, whisper.image):
-        // This regex accounts for a preceding key and potential 'image:' sub-key.
-        "^(?!\\s*#)[^\\s]*?:(?:\\n\\s*image:)?\\n\\s*repository:\\s*(?<depName>.*?)\\n\\s*tag:\\s*(?<currentValue>.*?)\\n"
-      ],
-      "datasourceTemplate": "docker",
-      // Important: Add a "depNameTemplate" to ensure capture group 1 (depName) is used
-      // which should contain the full path including registry
-      "depNameTemplate": "{{depName}}"
-    }
-  ],
-  // ... rest of your configuration
-  "ignorePaths": ["**/node_modules/**", "**/vendor/**"],
-  "timezone": "Europe/Oslo",
-  "schedule": ["at any time"],
-  "commitMessageTopic": "{{depName}} Docker image",
-  "prConcurrentLimit": 5,
-  "dependencyDashboard": true,
-  "dependencyDashboardAutoclose": true
-}