zwavejs2mqtt: Update to 11.8.2

zigbee2mqtt: Update to 2.7.1
home-assistant: Update to 2025.12.3
2025-12-13 12:32:09 +00:00 · 2025-12-13 12:32:09 +00:00 · 2025-12-13 12:32:08 +00:00 · 2025-12-04 21:28:32 -06:00 · 2025-12-02 08:42:23 -06:00 · 2025-12-01 21:14:36 +00:00
7 changed files with 167 additions and 4 deletions
--- a/fluent-bit/fluent-bit.yaml
+++ b/fluent-bit/fluent-bit.yaml
@@ -0,0 +1,87 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluent-bit
+  labels: &labels
+    app.kubernetes.io/name: fluent-bit
+    app.kubernetes.io/component: fluent-bit
+spec:
+  selector:
+    matchLabels: *labels
+  template:
+    metadata:
+      labels: *labels
+    spec:
+      containers:
+      - name: fluent-bit
+        image: cr.fluentbit.io/fluent/fluent-bit
+        imagePullPolicy: IfNotPresent
+        args:
+        - -c
+        - /etc/fluent-bit/fluent-bit.yml
+        env:
+        - name: HOSTNAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        securityContext:
+          readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+            - ALL
+            add:
+            - CAP_DAC_READ_SEARCH
+        volumeMounts:
+        - mountPath: /etc/fluent-bit
+          name: fluent-bit-config
+          readOnly: true
+        - mountPath: /etc/machine-id
+          name: machine-id
+          readOnly: true
+        - mountPath: /etc/pki/ca-trust/source/anchors
+          name: dch-ca
+          readOnly: true
+        - mountPath: /run/log
+          name: run-log
+          readOnly: true
+        - mountPath: /var/lib/fluent-bit
+          name: fluent-bit-data
+        - mountPath: /var/log
+          name: var-log
+          readOnly: true
+      dnsPolicy: ClusterFirstWithHostNet
+      securityContext:
+        seLinuxOptions:
+          type: spc_t
+      serviceAccountName: fluent-bit
+      tolerations:
+      - effect: NoExecute
+        operator: Exists
+      - effect: NoSchedule
+        operator: Exists
+      volumes:
+      - name: dch-ca
+        configMap:
+          name: dch-root-ca
+          items:
+          - key: dch-root-ca.crt
+            path: dch-root-ca-r2.crt
+      - name: fluent-bit-config
+        configMap:
+          name: fluent-bit
+      - name: fluent-bit-data
+        hostPath:
+          path: /var/lib/fluent-bit
+          type: DirectoryOrCreate
+      - name: machine-id
+        hostPath:
+          path: /etc/machine-id
+          type: File
+      - name: run-log
+        hostPath:
+          path: /run/log
+          type: Directory
+      - name: var-log
+        hostPath:
+          path: /var/log
+          type: Directory
--- a/fluent-bit/kustomization.yaml
+++ b/fluent-bit/kustomization.yaml
@@ -0,0 +1,25 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: fluent-bit
+
+labels:
+- pairs:
+    app.kubernetes.io/instance: fluent-bit
+  includeTemplates: false
+  includeSelectors: true
+- pairs:
+    app.kubernetes.io/part-of: fluent-bit
+  includeTemplates: true
+  includeSelectors: false
+
+resources:
+- namespace.yaml
+- rbac.yaml
+- fluent-bit.yaml
+#- network-policy.yaml
+- ../dch-root-ca
+
+images:
+- name: cr.fluentbit.io/fluent/fluent-bit
+  newTag: 3.2.8
--- a/fluent-bit/namespace.yaml
+++ b/fluent-bit/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: fluent-bit
+  labels:
+    app.kubernetes.io/name: fluent-bit
--- a/fluent-bit/rbac.yaml
+++ b/fluent-bit/rbac.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fluent-bit
+  labels:
+    app.kubernetes.io/name: fluent-bit
+    app.kubernetes.io/component: fluent-bit
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fluent-bit
+  labels:
+    app.kubernetes.io/name: fluent-bit
+    app.kubernetes.io/component: fluent-bit
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - namespaces
+  - pods
+  - nodes
+  - nodes/proxy
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fluent-bit
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fluent-bit
+subjects:
+  - kind: ServiceAccount
+    name: fluent-bit
+    namespace: fluent-bit
--- a/home-assistant/kustomization.yaml
+++ b/home-assistant/kustomization.yaml
@@ -152,14 +152,14 @@ patches:

 images:
 - name: ghcr.io/home-assistant/home-assistant
-  newTag: 2025.11.3
+  newTag: 2025.12.3
 - name: docker.io/rhasspy/wyoming-whisper
  newTag: 3.0.2
 - name: docker.io/rhasspy/wyoming-piper
  newTag: 2.1.2
 - name: ghcr.io/koenkk/zigbee2mqtt
-  newTag: 2.6.3
+  newTag: 2.7.1
 - name: ghcr.io/zwave-js/zwave-js-ui
-  newTag: 11.8.1
+  newTag: 11.8.2
 - name: docker.io/library/eclipse-mosquitto
  newTag: 2.0.22
--- a/paperless-ngx/kustomization.yaml
+++ b/paperless-ngx/kustomization.yaml
@@ -45,7 +45,7 @@ patches:

 images:
 - name: ghcr.io/paperless-ngx/paperless-ngx
-  newTag: 2.19.6
+  newTag: 2.20.0
 - name: docker.io/gotenberg/gotenberg
  newTag: 8.25.0
 - name: docker.io/apache/tika
--- a/ssh-host-keys/ssh_known_hosts
+++ b/ssh-host-keys/ssh_known_hosts
@@ -10,6 +10,9 @@ git.pyrocufflink.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbml
 git.pyrocufflink.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEF/IXycjT/sSIpFLRDEVZUu95QA3i7d5LZvB/RncHN
 git.pyrocufflink.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF1tB0KeyMStHKbnuminTQ2xwjjxyES/DBSlZZH0c7F25Lu6TfvxEEs/7YUtZKAnwFGLfuqW5gaS3eWV1eA3w7WtEGYoBAD6VFZUjN0vfmhNYWC85DMcY+gqkOkBQy1/SvyYSPHrtkgTJRPMG/MdWGaYEN+w/znr1HETPnj4qm7bFC8yxXKU2PXzKlUeY+ynY3hhlzAVwG4Ay7hgH+nO071eoAQtYq9zBdYTifXxoTzatLgU8ib3EYuC3/LDNXkFhYhxDhfp9iwPCNZRi49AccMlL323/Vp8x/Jy/iY5A60Fk8cIYtneEihRkIpzpyTudEK0MXyJ+FJ0vmjiEX5ZY9
 mtrcs0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFklfgYwVlea/FbFNguKEY2hMXw9iOneNveLVws8dd9
+pikvm-nvr2.mgmt.pyrocufflink.black ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIs34lxHkZMeKsbVaDLE9iFiUxsqmvwIRNv7z7BX1bDLtTH7yihHxnKkjc+q0JueNyvw+0KzsbQbns+6A6RqOuA=
+pikvm-nvr2.mgmt.pyrocufflink.black ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6X4q2X9OL2SPHn7pF1yUTz0W2L3pyUNAqY+JBLckes
+pikvm-nvr2.mgmt.pyrocufflink.black ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC10WLu1UCK0DbxqdeSSj5T2bKEeBuGAKLTdGbD2QDQ3hhfz3Tz+NK9wgQftl/Kr346eJ4toZTE4lis/XNLFjjmp2v40Ge4Ban1k2JXdXwFdPUesSDvQVUJxdGPIqEuXmnLpHkDxy+Blw9Y/Z31ujAqmPw2+X/tx19ZiJZS7SPvDB5lOsjapTap/srWDZA+xHALXVfnZAOubJxfi9Zfa0J9i3/HxVpLE0z7dC4hhIIe3imllxc6XiSNuIiUNTZBNwrD30P/+9c5aHELsAGJGMQ/TAZDExmnzPQO+dEIhus8jbVqRkzcl3ayhMIXmaz1ctZZgH8DqZ/gzbuHdkEBy3zOusEsP1fKUkjMlJYLhUgX59/xAVhNk6gVNptRDBRlp8mbYO4GjXOMhLipBBpewwH8fEcGsXCLY5Z51A72hNABbSy/vnXav9UxqIjX7y955lVilnWmjX+UaQMGMpQFoAfcZryqrRUWLcGLZsAxEFhsSxa3Dc6IqT6I8vbDmrLetZk=
 serial0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABidV03uxUtikscJfA3qZ+mgXW9KP2QWJBLhlDOleHQ
 vps-04485add.vps.ovh.us ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmQD73UDTO8Yv4sZgSKbwzMpHt3XayubSkWe2ACQrnS
 vps-04485add.vps.ovh.us,15.204.240.219 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIm1WdNspEcqQpQLTPB1ZD45bOA1zI/EFDkkdLjj9USK30TrcN0zN3oDN/+G7L+0det785q3jWS2bwQGmY3eXPI=
Author	SHA1	Message	Date
bot	07050dffd8	zwavejs2mqtt: Update to 11.8.2	2025-12-13 12:32:09 +00:00
bot	0c5a2348ef	zigbee2mqtt: Update to 2.7.1	2025-12-13 12:32:09 +00:00
bot	1da86d34ec	home-assistant: Update to 2025.12.3	2025-12-13 12:32:08 +00:00
Dustin C. Hatch	707481c6fa	fluent-bit: deploy DaemonSet This DaemonSet runs Fluent Bit on all nodes in the cluster. The ConfigMap that contains the pipeline configuration is actually managed by Ansible, so that it can remain in sync with the configuration used by Fluent Bit on non-Kubernetes nodes.	2025-12-04 21:28:32 -06:00
Dustin C. Hatch	3824f5f187	ssh-host-keys: Add pikvm-nvr2.m.p.b	2025-12-02 08:42:23 -06:00
Dustin	740561b7b6	Merge pull request 'paperless-ngx: Update to 2.20.0' (#95 ) from updatebot/paperless-ngx into master Reviewed-on: #95	2025-12-01 21:14:36 +00:00
bot	269f30b33b	paperless-ngx: Update to 2.20.0	2025-11-29 12:32:13 +00:00