zwavejs2mqtt: Update to 11.8.1

zigbee2mqtt: Update to 2.6.3
piper: Update to 2.1.2
2025-11-29 12:32:07 +00:00 · 2025-11-29 12:32:07 +00:00 · 2025-11-29 12:32:07 +00:00 · 2025-11-29 12:32:07 +00:00 · 2025-11-29 12:32:06 +00:00 · 2025-11-24 07:32:26 -06:00
12 changed files with 187 additions and 13 deletions
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -108,7 +108,7 @@ identity_providers:
      - phone
      authorization_policy: one_factor
      pre_configured_consent_duration: 8h
-      token_endpoint_auth_method: client_secret_post
+      token_endpoint_auth_method: client_secret_basic
    - client_id: kubernetes
      client_name: Kubernetes
      public: true
@@ -116,6 +116,7 @@ identity_providers:
      redirect_uris:
      - http://localhost:8000
      - http://localhost:18000
+      - https://headlamp.pyrocufflink.blue/oidc-callback
      authorization_policy: one_factor
      pre_configured_consent_duration: 8h
    - client_id: 1b6adbfc-d9e0-4cab-b780-e410639dc420
--- a/authelia/kustomization.yaml
+++ b/authelia/kustomization.yaml
@@ -58,4 +58,4 @@ patches:
              name: dch-root-ca
 images:
 - name: ghcr.io/authelia/authelia
-  newTag: 4.39.13
+  newTag: 4.39.14
--- a/firefly-iii/kustomization.yaml
+++ b/firefly-iii/kustomization.yaml
@@ -64,4 +64,4 @@ patches:
              defaultMode: 0640
 images:
 - name: docker.io/fireflyiii/core
-  newTag: version-6.4.3
+  newTag: version-6.4.8
--- a/home-assistant/kustomization.yaml
+++ b/home-assistant/kustomization.yaml
@@ -152,14 +152,14 @@ patches:

 images:
 - name: ghcr.io/home-assistant/home-assistant
-  newTag: 2025.10.3
+  newTag: 2025.11.3
 - name: docker.io/rhasspy/wyoming-whisper
-  newTag: 2.5.0
+  newTag: 3.0.2
 - name: docker.io/rhasspy/wyoming-piper
-  newTag: 1.6.3
+  newTag: 2.1.2
 - name: ghcr.io/koenkk/zigbee2mqtt
-  newTag: 2.6.2
+  newTag: 2.6.3
 - name: ghcr.io/zwave-js/zwave-js-ui
-  newTag: 11.5.2
+  newTag: 11.8.1
 - name: docker.io/library/eclipse-mosquitto
  newTag: 2.0.22
--- a/jenkins/kustomization.yaml
+++ b/jenkins/kustomization.yaml
@@ -11,6 +11,18 @@ resources:
 - iscsi.yaml
 - ssh-host-keys
 - workspace-volume.yaml
+- updatecheck.yaml
+
+configMapGenerator:
+- name: updatecheck
+  namespace: jenkins
+  files:
+  - config.toml=updatecheck.toml
+  options:
+    disableNameSuffixHash: true
+    labels:
+      app.kubernetes.io/name: updatecheck
+      app.kubernetes.io/component: updatecheck

 patches:
 - patch: |
@@ -22,3 +34,29 @@ patches:
    spec:
      volumeName: jenkins
      storageClassName: ''
+
+- patch: |-
+    apiVersion: batch/v1
+    kind: CronJob
+    metadata:
+      name: updatecheck
+      namespace: jenkins
+    spec:
+      jobTemplate:
+        spec:
+          template:
+            spec:
+              nodeSelector:
+                network.du5t1n.me/storage: 'true'
+- patch: |
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      name: updatecheck
+      namespace: jenkins
+    spec:
+      storageClassName: synology-iscsi
+
+images:
+- name: docker.io/jenkins/jenkins
+  newTag: 2.528.2-lts
--- a/jenkins/secrets.yaml
+++ b/jenkins/secrets.yaml
@@ -73,3 +73,41 @@ spec:
      name: rpm-gpg-key-passphrase
      namespace: jenkins
    type: Opaque
+
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: kmod-signing-cert
+  namespace: jenkins
+spec:
+  encryptedData:
+    data: AgCWHnNGTMP9xpyjvYHCNZhmhBY5NhA6hGm+VDaEKUTTUsoHFYwNoL8Z6PwKqDMyo3NfZ/QR74+zpuGxidGLKfSWKXAR6vkHeTD5wGmZLetwzmFRPL/AjUJU4bBYBKfbfUHJDBUhgcGu5CKROW1ChNjf+EvaevrI9yTNe3Pgu1/Cqv+jiBkSCH1PMFiwNZIuYC1eFTs+NGUEyCU0bbkBW4wvrCm/RXiw5OAun8rxVfMa79HmyIXzM6gvnZxArcL4oHhmAOo3wzqOqgBgJ1VLVPcppVHzr3bawSRZ7kkcuV+CLBaT2/76/Gmsu6o8bAWIpgKIs8d0+ZE3y3cUjqYpVS9qHcgLlF5HG8nus68HpSRUd2rSDBWeLcKq1WfNcbFWIk0/lniI1zs6UjbSbbwblHy1g/eHYU7FOzi7L1S8tgwwUn0i2o4+yXrw+o4PuLukDGxZid5fTI5/bfsrdcYvf7WGC3WNMs5F35UGTtUmPrVs+n8V0Hcjb4w/SWhdsaMG/FQunO3nIDuC7YUaPYlv2Em4Eetwwuon46weHAPcPkdIJge0+f7BMZGsxz5MRdrxGgsmdPB/JDNs2DvuGyFKiyPjsRNDuS5JDapEiqsvyvzOpmoO3bkpHw7iPHC6ocqA3cBiwYypk4tHPG74UgrchpADI30QFTYj9PAyoEng0Gcy+7tFUva2Jum46NjMFLxyDTm6GRf+PBt3oQKauHcWitEo2fl1qk22tP0DXtG4ylcI1ZM8SpBGZRVeOsg+x+sjbAAcXGyY3XXlhiqjGRiiPiphhYq8qpbsiklIxJ+D/IJyz3wIIuAqukIxI54RnPRpKrxL4FfZacpffnQdXu8tkyHE5ZVxbHGtHE0f/ZN7DuNVgm4xCNyww5bQExArkhtJNYDUf9MlzyvXFAVQQsXcamWOUquJ+Z5fnR61pHFCSJmy4hZ+8aaosu0fgqyebOa/JQDbKs3GeZ/dg3P10Sa/AVj0Ry9IiGkPznv2W+m2Qaepoa5sVsH4/WWE4gns5Js3KewdFdLO8E9IkWJoAOixtRL8dWNW9qLt/SwprwhNeTE4cX/PCnYqAFqZyBWHjsNHOockLGJOfOoADdh9Jm9Ap5BGlWqkfpacO6cWohw2DMMP+ut1zjD5GoEPTX5Y2yota7FR9q6eFlzKysizRA+3Tzvb1AYu1FORdMebgBflpw9efhbShRHBpaRz2GJ6Wh307gF3SCcu9sgyk29zUBNKLR06e5mIHYXVFPVgOboI96gDrYuBSPuPJhs09GLdt0qwMBPbgL0SzPcOvHTmXqr6FpsJj68TffcbjAuKdYEOYRQ1DbOeWfK1c8+NACKBPjSfNCB4EdkRIQhZ2SrY4wtbnUDkdPdHv3zl52aIbj/gmMit+wx7Ej0LrzftWnmF+4v06zL6ZtZx4gLU4FNN7QLKOUzEgE64Y20yRiTKDRPLV0O0UsunJU9QPQvfJkR2PAlLBt1cJdl3vJp2pNYGqyF6UPfryoNkBCvwaoa2cnU7jFKK4/985fS6N6eB9q5cYdusVWIz6O5ENgn9ipF4w9tFk3oJrebkcvssWAsHMEu3G8XvdgLFG14enP/JeKSRrAHoYq3QPOlZq8QyYzEVr0FeHVEGSszc+HwuRzwkOffJdE9iGySsGHOBigonSiWfAB+Dy4/3Tt7lD53uN98QZVXlJRiffvvPIn5F2VMMq9/wB5q5Gy+m2TZiQ/4xRaZAGnm8W2ultZ6AIrMnb6rFgShbElYBJuK25w2EXzY/nR5OIdsFEkJ5bxeHJ/O4942U3WxnyZ8Zcy7KVrtEG6MNBmT/TneA49MwkYlyLpm7xPxMnhRZhx0/izwjtbWZRp+2L7r2i36Ag5sLuT0K8bUc8UCzBiYVSlo2lQ8Z2JmpK7IJQkuDSr0hHJ259r+FL4PVc+cM4kINctWvh6JduhF0wx0ltBuOdlfKq1m6K3vmO3R2N8NybzkmK4IOAqcjUAiQBtICzhVfYmJXCKvFa21uF37Izbx2ty+KJyR/vr8/qyqcuO8QHheFm0wajuhKdPX+tlhkF6sn1k0CV2vub7Tcl5JHws3GM38resQsIlm+/rr5Bd/hpzUPQFC5KQsyXYl96lI2+p4h0lomOpZFMPHGIAlSOUeOpv3uU+7uqONdNr9KasiICv8WUOi/r4iLMmFb/SxGgQIYIU3hm4C0g6Mwn1Zmi09kJ98bhlTxbIedjw/pyc/TirLDaKsH9/yNRyt5rRYPWKVObhYrZWERHn98uc7/T8hDQqbn1EqIeocdAyFcNsv8UUopyC7LSCQnQ1fZnUVV5+YI3rnZ0gh5K/lwvD1MmnbxEUNFGFudwy3O3i8tSp7G+KL+pZxHLk8pyZNX8949vAyaE5lgrI9DLnJllocjlh5EzdXKaH7yrEQHK4ldU/BR6jLPlpLhM3GJ1tCfHPlqtz7D88xW8/cV44hobw7NBn9jO7B+myY4rygt6nj5wPWMbcQDtPldS41IFcEpd0XZa6kO/tOdBZ3sXmNilJhQhj57ZFqm9bL8oGWqMXjevfdL3HKUpOiza98GPk55kUzMSbhfdCJsYC1o3QN66aLpf1PaES0NENwYX1IycN3aJYqJOUicyg4oPAXXK+DYBnknfj8NCak2zSELimOVTeIlQmCczx4mBgn/5eGxXytXIdjHYfNj/1raCqkaEhC0X1Q21asNrIP3DYFM3KFIvOCZt7TCMeG8q5L4estYCncr1HAgu9CMFrq4vEDW1llPvAyr5dwFR52VnMPffwYEBpRG6xN7QSn8HYBkx4XIBLlKQH0GZtRjT4bpBmeKPH0fai5e36uCy+OLraqB05lUCJwHw+ej3ymWIe8osi+uRMZHCTBo6DNbbOTIcRfScRKJMcNlXu3v5+wZq5UT52TTaqUkHV/eEX2kFYuqbkfdtwizbN/JMomTClbAKpjpYk2zR1Jjj/f/2H8nlLYZprkiLGQcI/4dk/r0MASN3d3jiSPR+Y1FVxnedSh0qhxqDKq6rQG5jSd9muZJaZL23E7qeQ+24QhmAtWQtnp3z+iX79T6IIaDBeM7sTRr0jaJ6k2Id8EZ0QVI80aSoYaYLQO15gXY0DldqbuGy/J+Ugh3GPMVUtJdUm+JnRmxDKTdeK9RPdNtEE3Bcl9ERu46+kIhaK1K2HVQqlHoIKplVxj/Avncv9MeOsIZIpP0jDDlTAd49d8HJ1uQWi0A5HzM2jVgqvvVtWHtjwtUDhd4YdSDUPlkx8xqunkcPakj/QZtEc4JfioriyZWG2v29pRxrxSaiGe9AquCJMtncChRVXWm1A80DvEKoFByFbyS5P6T41oTE6zysxAt1JGBRpimQHE3rRzYyqLXsCQUP9TN+3Y/84zZXZKeOgK4KoHXxTRLZL/CDXDE4lvbbtTzPcQ8UpgGb3tBgp0ui40qBWREo/TU4zelqSNVNROO5VbPakx+aaZ2tuajmxkp8CmyrBzM8wuY2m6AokRp1TN+rsSHk+UuAqSNM9lgVleWuKoEoBF0wT3YlqN/hxc2zWmyb/oCHh5hexiO8fbZUwkbyprIpZ3s5IdxbrtDYEPFzIdmuAQVN/GQ1tu86Cc4g4rHZqJ3w614/NzgRj+0RPAFrp1NC1zZzuc36TfsazzyDPZ1r8rwyJ2HWjO/cemTPrPQYdFY5SrAklBs6Otc89IdbKn5eSVKIyTQbqSP7lYAKEHLQdUoCAVRv7ghVaXCyprNfpr9bpUJ/mGoikNi3m0o83E8R7yp5/nbgG6rgEyza0LQHVF1mEOqwi2LKB6u5F0KjsGhqr4OLegf8GxYX8bPNfdD3XCpG/nqNYA5eJgA68qViJdU15FnR4kzLrWlJfVB8TwMIb1pAq8itgzveVKXUJS/ZS6kkFdH18LMHbw16tHBmTDewtzdbv+vBfXuZQz3Ay8nMAe/jWeAaujlVfTFKJ0L03kXvr59DIxnEODdvAtPhPXRyqfLbN9ffj3Jtn5ermKUnBMNNqeSJV8GFyIZXkemwX9CkXsrJvV1EreheRWaW6UD7104rJY/EQ1jg6BaCaZ1R34DIO8VHG33GkqvgzK8QJgrvSGuUDxHtOyzm/hwh6odPqqSRFdEMgU2GUNNLmO6xoHh2Q6GnE2PaYjKEw+Spm0iAoSgA349ElDOToGgPyOusMKroHKTbxGVqC8A4iVaNiNnEHm066bJCs1TlMxXQ5ob+gzN+1KJyxzwp47HHVeFQqTIwcsE+4WVUY7116oUHzyzHUxwsuGfS22I/JSrnelcx7vHPNRC5slAoe6aQ929q9f+kknr8EyifD9Fxbw1f+GpCvrujW+AoyQhBcD5F+KdvECRZ9WA7JNebmb5Mq0Qst4a5c4UKyk6OqNhj1UY0FWl7N1yO5jvX37rSbtcX2loTIBYksIJ/dYK2FJjO0Vs6/xBeJALMR+Sh3pVuVf+Ez5WlCvVrUT51g2LO2NVocBoAF1S9aQw7x6ex3tAYatgRC5JUWAOjpC6F7I=
+  template:
+    metadata:
+      name: kmod-signing-cert
+      namespace: jenkins
+      annotations:
+        jenkins.io/credentials-description: Kernel modules signing certificate
+      labels:
+        jenkins.io/credentials-type: secretFile
+    data:
+      filename: signing_key.pem
+
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: webhook-trigger
+  namespace: jenkins
+spec:
+  encryptedData:
+    text: AgA6vfZFOXBx/5bBP1K3GyOq3XQVIVMQ7j48jgJdwm5c4dEKl1HJgoNFiE2NWiX+ALx4ebmGj5FovCajkJ2YIzqNbI+wZeEoH1gIO0WmQcVlEg0zparSTkll/D+eguoPB6YtSr2T+g30FZFnzWQWMetxydWHX/pqx7e/6L3M+50IYfjQ8Vcx/QGe9KAiMHapEdxAEmoxdrrtsKlGo5Bh4JNoFWYf9ZcvTrYmrUtR+PYfZcxTulP0Cn6q3yNG4DC19WK0OXI1lmuZ36aUYJJrvu+rT+SB6JntMMmCLiBkcbhjxA2fTuNcYoAAXqwZjrFjXRBxuww75Wm/v+BqxGkkaJrZdhIv/maqZggLb1sHE9HyulSQ536R8f0FEt0FXX0hn1VuckWLZvDEOpcude8EEJ7DE+/Qya6fdx7ZLtKCefViTj/R8xDPoicbmgToJaZ1qnH3QFkzPXtHhzFFM4rks+i1Nz14A5kg2APiw1QQsOTp/wp2S2LXnU3gR/LQa1uEpM82KrKQfJ4TATp1oip2wemwm+burgv1DGoRBYNYM6huaS6g5u76/Vo0PTrQAEe8uIus9RnZhZ4Wp5NtLUlGM0B5oL2O4ySeBGjpM5w1UGswqjFBcP6MNQPuJEBsKhbqSUR/E1pgH9pm065XJo8SWpWqiYdNsY+s2fhb9SMiQxFStAF0Mm8lvN3hnXdfGjoyufJMcKtodLzC5sPwJHNJLkod2qIA+OY+c/gHplCPhcvPOg==
+  template:
+    metadata:
+      name: webhook-trigger
+      namespace: jenkins
+      annotations:
+        jenkins.io/credentials-description: Generic Webhook Trigger token
+      labels:
+        jenkins.io/credentials-type: secretText
--- a/jenkins/updatecheck.toml
+++ b/jenkins/updatecheck.toml
@@ -0,0 +1,13 @@
+[storage]
+dir = "/var/lib/updatecheck"
+
+[[watch]]
+packages = "kernel"
+
+[watch.on_update]
+url = "https://jenkins.pyrocufflink.blue/generic-webhook-trigger/invoke"
+coalesce = true
+
+[[watch.on_update.headers]]
+name = 'Token'
+value_file = '/run/secrets/updatecheck/token'
--- a/jenkins/updatecheck.yaml
+++ b/jenkins/updatecheck.yaml
@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: updatecheck
+  namespace: jenkins
+  labels:
+    app.kubernetes.io/name: updatecheck
+    app.kubernetes.io/component: updatecheck
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 300Mi
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: updatecheck
+  namespace: jenkins
+  labels: &labels
+    app.kubernetes.io/name: updatecheck
+    app.kubernetes.io/component: updatecheck
+spec:
+  schedule: >-
+    22 */4 * * *
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    metadata:
+      labels: *labels
+    spec:
+      template:
+        metadata:
+          labels: *labels
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: updatecheck
+            image: git.pyrocufflink.net/infra/updatecheck
+            args:
+            - /etc/updatecheck/config.toml
+            env:
+            - name: RUST_LOG
+              value: updatecheck=debug,info
+            securityContext:
+              readOnlyRootFilesystem: true
+            volumeMounts:
+            - mountPath: /etc/updatecheck
+              name: config
+            - mountPath: /run/secrets/updatecheck
+              name: secrets
+              readOnly: true
+            - mountPath: /var/lib/updatecheck
+              name: data
+          securityContext:
+            runAsUser: 21470
+            runAsGroup: 21470
+            fsGroup: 21470
+            runAsNonRoot: true
+          volumes:
+          - name: config
+            configMap:
+              name: updatecheck
+          - name: data
+            persistentVolumeClaim:
+              claimName: updatecheck
+          - name: secrets
+            secret:
+              secretName: webhook-trigger
+              items:
+              - key: text
+                path: token
+                mode: 0440
--- a/jenkins/workspace-volume.yaml
+++ b/jenkins/workspace-volume.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: buildroot-airplaypi
+  name: buildroot
  namespace: jenkins-jobs
  labels:
-    app.kubernetes.io/name: buildroot-airplaypi
+    app.kubernetes.io/name: buildroot
    app.kubernetes.io/component: jenkins
 spec:
  accessModes:
--- a/ntfy/kustomization.yaml
+++ b/ntfy/kustomization.yaml
@@ -20,4 +20,4 @@ configMapGenerator:

 images:
 - name: docker.io/binwiederhier/ntfy
-  newTag: v2.14.0
+  newTag: v2.15.0
--- a/paperless-ngx/kustomization.yaml
+++ b/paperless-ngx/kustomization.yaml
@@ -45,8 +45,8 @@ patches:

 images:
 - name: ghcr.io/paperless-ngx/paperless-ngx
-  newTag: 2.18.4
+  newTag: 2.19.6
 - name: docker.io/gotenberg/gotenberg
-  newTag: 8.24.0
+  newTag: 8.25.0
 - name: docker.io/apache/tika
  newTag: 3.2.3.0
--- a/updatebot/config.yml
+++ b/updatebot/config.yml
@@ -107,3 +107,13 @@ projects:
      kind: github
      organization: dani-garcia
      repo: vaultwarden
+
+- name: music-assistant
+  kind: kustomize
+  images:
+  - name: music-assistant
+    image: ghcr.io/music-assistant/server
+    source:
+      kind: github
+      organization: music-assistant
+      repo: server
Author	SHA1	Message	Date
bot	67b32ecb77	zwavejs2mqtt: Update to 11.8.1	2025-11-29 12:32:07 +00:00
bot	5b6ea8c043	zigbee2mqtt: Update to 2.6.3	2025-11-29 12:32:07 +00:00
bot	47850aa0cf	piper: Update to 2.1.2	2025-11-29 12:32:07 +00:00
bot	7b784db119	whisper: Update to 3.0.2	2025-11-29 12:32:07 +00:00
bot	72e7d0fbd8	home-assistant: Update to 2025.11.3	2025-11-29 12:32:06 +00:00
Dustin C. Hatch	8032458ecc	jenkins: updatecheck: Pin to VM nodes Until I get the storage VLAN connected to the Raspberry Pi cluster, any Pod that needs a PV backed by the Synology has to run on a VM node.	2025-11-24 07:32:26 -06:00
Dustin C. Hatch	b7a7e4f6b4	jenkins: Add CronJob for updatecheck `updatecheck` is a little utility I wrote that queries Fedora Bodhi for updates and sends an HTTP request when one is found. I am specifically going to use it to trigger rebuilding the _gasket-driver_ RPM whenever there is a new _kernel_ published.	2025-11-23 10:29:20 -06:00
Dustin C. Hatch	a544860a62	jenkins: Add Generic Webhook trigger token secret To restrict access to the Generic Webhook trigger operation, we can use a pre-shared secret token, which must be included in requests.	2025-11-22 10:13:56 -06:00
Dustin C. Hatch	74cc3c690e	Merge remote-tracking branch 'refs/remotes/origin/master'	2025-11-22 10:09:08 -06:00
Dustin	2af9f45cce	Merge pull request 'paperless-ngx: Update to 2.19.2' (#89 ) from updatebot/paperless-ngx into master Reviewed-on: #89	2025-11-22 15:52:25 +00:00
Dustin	847a3c64cd	Merge pull request 'firefly-iii: Update to 6.4.5' (#91 ) from updatebot/firefly-iii into master Reviewed-on: #91	2025-11-22 15:50:22 +00:00
Dustin	3b84e869bf	Merge pull request 'ntfy: Update to 2.15.0' (#93 ) from updatebot/ntfy into master Reviewed-on: #93	2025-11-22 15:49:13 +00:00
Dustin	f1087fa73d	Merge pull request 'authelia: Update to 4.39.14' (#92 ) from updatebot/authelia into master Reviewed-on: #92	2025-11-22 15:48:05 +00:00
Dustin C. Hatch	3478ceeeb9	updatebot: Add Music Assistant	2025-11-22 09:47:05 -06:00
Dustin C. Hatch	27de8ca430	jenkins: Use a single PV for all Buildroot jobs Instead of allocating a volume for each individual Buildroot-based project, I think it will be easier to reuse the same one for all of them. It's not like we can really run more than one job at a time, anyway.	2025-11-22 09:12:28 -06:00
Dustin C. Hatch	957d170a69	jenkins: Add kmod-signing-cert secret This secret contains the certificate and private key for signing kernel modules (i.e. `gasket-driver` for the Google Coral EdgeTPU).	2025-11-22 09:11:06 -06:00
bot	a781f1ece4	authelia: Update to 4.39.14	2025-11-22 12:32:14 +00:00
bot	bc96c07815	ntfy: Update to 2.15.0	2025-11-22 12:32:12 +00:00
bot	1cd7e39982	gotenberg: Update to 8.25.0	2025-11-22 12:32:10 +00:00
bot	62d136153b	paperless-ngx: Update to 2.19.6	2025-11-22 12:32:10 +00:00
bot	0841fe9288	firefly-iii: Update to 6.4.8	2025-11-22 12:32:08 +00:00
Dustin C. Hatch	f47759749e	authelia: Add redirect URL for Headlamp Now that Headlamp supports PKCE, we can use the same OIDC client for it as for the Kubneretes API server/`kubectl`. The only difference is the callback redirect URL	2025-11-21 08:40:39 -06:00
Dustin C. Hatch	8f1c8980c2	authelia: Fix Jenkins OIDC token auth method The latest version of the _OpenId Connect Authentication Plugin_ for Jenkins has several changes. Apparently, one of them is that it defaults to using the `client_secret_basic` token authorization method, instead of `client_secret_post` as it did previously.	2025-11-18 19:14:15 -06:00
Dustin C. Hatch	f1b473249d	jenkins: Update to 2.528.2-lts	2025-11-18 17:16:31 -06:00