geekifier
diff --git a/‎.mise.toml‎
Lines changed: 12 additions & 12 deletions b/‎.mise.toml‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎bootstrap/helmfile.yaml‎
Lines changed: 4 additions & 4 deletions b/‎bootstrap/helmfile.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎kubernetes/apps/auth/authelia/app/config/authelia-config.yaml‎
Lines changed: 17 additions & 0 deletions b/‎kubernetes/apps/auth/authelia/app/config/authelia-config.yaml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎kubernetes/apps/auth/authelia/app/helmrelease.yaml‎
Lines changed: 1 addition & 1 deletion b/‎kubernetes/apps/auth/authelia/app/helmrelease.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎kubernetes/apps/auth/authelia/ks.yaml‎
Lines changed: 5 additions & 0 deletions b/‎kubernetes/apps/auth/authelia/ks.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml‎
Lines changed: 1 addition & 1 deletion b/‎kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎kubernetes/apps/db/cloudnative-pg/operator/helmrelease.yaml‎
Lines changed: 1 addition & 1 deletion b/‎kubernetes/apps/db/cloudnative-pg/operator/helmrelease.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎kubernetes/apps/db/dragonfly/cluster/dragonfly-shared.yaml‎
Lines changed: 1 addition & 1 deletion b/‎kubernetes/apps/db/dragonfly/cluster/dragonfly-shared.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎kubernetes/apps/db/dragonfly/operator/helmrelease.yaml‎
Lines changed: 1 addition & 1 deletion b/‎kubernetes/apps/db/dragonfly/operator/helmrelease.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎kubernetes/apps/db/ext-postgres-operator/app/helmrelease.yaml‎
Lines changed: 2 additions & 2 deletions b/‎kubernetes/apps/db/ext-postgres-operator/app/helmrelease.yaml‎
Lines changed: 2 additions & 2 deletions
@@ -11,27 +11,27 @@ TALOS_DIR = "{{config_root}}/talos"
 
 [tools]
 python = "3.13"
-"pipx:makejinja" = "2.8.0"
-"pipx:flux-local" = "7.5.6"
-talhelper = "3.0.30"
+"pipx:makejinja" = "2.8.1"
+"pipx:flux-local" = "7.8.0"
+talhelper = "3.0.33"
 uv = "latest"
 k9s = "latest"
 helm-diff = "latest"
-"aqua:cilium/cilium-cli" = "0.18.5"
-"aqua:cli/cli" = "2.75.0"
-"aqua:cloudflare/cloudflared" = "2025.7.0"
-"aqua:cue-lang/cue" = "0.13.2"
+"aqua:cilium/cilium-cli" = "0.18.6"
+"aqua:cli/cli" = "2.78.0"
+"aqua:cloudflare/cloudflared" = "2025.8.1"
+"aqua:cue-lang/cue" = "0.14.1"
 "aqua:FiloSottile/age" = "1.2.1"
 "aqua:fluxcd/flux2" = "2.6.4"
 "aqua:getsops/sops" = "3.10.2"
-"aqua:go-task/task" = "3.44.0"
-"aqua:helm/helm" = "3.18.4"
-"aqua:helmfile/helmfile" = "1.1.3"
+"aqua:go-task/task" = "3.44.1"
+"aqua:helm/helm" = "3.18.6"
+"aqua:helmfile/helmfile" = "1.1.5"
 "aqua:jqlang/jq" = "1.7.1"
 "aqua:kubernetes-sigs/kustomize" = "5.6.0"
 "aqua:kubernetes/kubectl" = "1.32.2"
-"aqua:mikefarah/yq" = "4.46.1"
-"aqua:siderolabs/talos" = "1.10.5"
+"aqua:mikefarah/yq" = "4.47.1"
 "aqua:yannh/kubeconform" = "0.7.0"
 "go:github.com/VictoriaMetrics-Community/mcp-victoriametrics/cmd/mcp-victoriametrics" = { version = "latest" }
 "go:github.com/backube/volsync/kubectl-volsync" = { version = "latest" }
+talosctl = "1.10.7"
@@ -31,14 +31,14 @@ releases:
     namespace: kube-system
     atomic: true
     chart: cilium/cilium
-    version: 1.17.6
+    version: 1.18.1
     values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/kube-system/cilium/app/helm/values.yaml']
 
   - name: coredns
     namespace: kube-system
     atomic: true
     chart: coredns/coredns
-    version: 1.43.0
+    version: 1.43.2
     values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/kube-system/coredns/app/helm/values.yaml']
     needs: ['kube-system/cilium']
 
@@ -62,14 +62,14 @@ releases:
     namespace: flux-system
     atomic: true
     chart: controlplaneio/flux-operator
-    version: 0.24.1
+    version: 0.28.0
     values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/flux-system/flux-operator/app/helm/values.yaml']
     needs: ['cert-manager/cert-manager']
 
   - name: flux-instance
     namespace: flux-system
     atomic: true
     chart: controlplaneio/flux-instance
-    version: 0.24.1
+    version: 0.28.0
     values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/flux-system/flux-instance/app/helm/values.yaml']
     needs: ['flux-system/flux-operator']
@@ -14,6 +14,8 @@ log:
   level: info
 
 authentication_backend:
+  password_reset:
+    disable: false
   ldap:
     implementation: activedirectory
     address: ldaps://${SECRET_AD_ENDPOINT}:636
@@ -26,6 +28,14 @@ authentication_backend:
 access_control:
   default_policy: deny
   rules:
+    - domain: "*.${SECRET_DOMAIN_INT}"
+      policy: bypass
+      networks:
+        - "${SECRET_MONITOR_IP}/32"
+      resources:
+        - "^/health.*$"
+        - "^/$"
+        - "^/login.*$"
     - domain: "music.${SECRET_DOMAIN_INT}"
       resources:
         - "^.*/rest.*$"
@@ -76,3 +86,10 @@ notifier:
   disable_startup_check: true
   filesystem:
     filename: /tmp/notify.txt
+
+webauthn:
+  disable: false
+  enable_passkey_login: true
+  experimental_enable_passkey_uv_two_factors: true
+  display_name: Authelia
+  attestation_conveyance_preference: indirect
@@ -37,7 +37,7 @@ spec:
           app:
             image:
               repository: ghcr.io/authelia/authelia
-              tag: 4.39.5@sha256:023e02e5203dfa0ebaee7a48b5bae34f393d1f9cada4a9df7fbf87eb1759c671
+              tag: 4.39.6@sha256:08776367d54d4482c54ac8ca75b18f7db3287b751106e19736780c5f6811374d
             env:
               AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true"
               X_AUTHELIA_CONFIG_FILTERS: template
 
@@ -12,6 +12,8 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
+  components:
+    - ../../../../components/gatus/internal
   interval: 30m
   path: ./kubernetes/apps/auth/authelia/app
   prune: true
@@ -24,6 +26,9 @@ spec:
   timeout: 5m
   wait: false
   postBuild:
+    substitute:
+      APP: *app
+      GATUS_HOST: auth-k8s
     substituteFrom:
       - name: cluster-secrets
         kind: Secret
 
@@ -10,7 +10,7 @@ spec:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: v1.17.2
+    tag: v1.18.2
   url: oci://quay.io/jetstack/charts/cert-manager
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json
 
@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: cloudnative-pg
-      version: 0.24.0
+      version: 0.26.0
       sourceRef:
         kind: HelmRepository
         name: cloudnative-pg-repo
 
@@ -8,7 +8,7 @@ metadata:
 spec:
   labels:
     dragonflydb.io/cluster: dragonfly-shared
-  image: ghcr.io/dragonflydb/dragonfly:v1.31.0
+  image: ghcr.io/dragonflydb/dragonfly:v1.33.1
   # replicas=2 creates 1 primary and 1 replica Dragonly instance
   replicas: 2
   env:
 
@@ -11,7 +11,7 @@ spec:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: v1.1.11
+    tag: v1.2.1
   url: oci://ghcr.io/dragonflydb/dragonfly-operator/helm/dragonfly-operator
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/refs/heads/main/helmrelease-helm-v2.json
 
@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: *app
-      version: 2.0.1
+      version: 2.1.0
       sourceRef:
         kind: HelmRepository
         name: ext-postgres-operator-repo
@@ -41,7 +41,7 @@ spec:
   values:
     image:
       repository: ghcr.io/movetokube/postgres-operator
-      tag: "2.0.0"
+      tag: "2.2.0"
     replicaCount: 1
     fullnameOverride: *app
     # empty string means all namespaces