renovate: bump throttle 8/8 -> 16/16

26 items sat in dashboard "Rate-Limited" after the first default-allow run (Sat 02:00); at 8 PRs/run + 1 run/week the backlog would take ~3 weeks to drain. Doubling to 16/16 cuts that to ~2 runs while still leaving headroom (the dashboard "Pending Approval" majors and ghcr.io "Pending Status Checks" don't count against this limit anyway). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Merge pull request 'Update actualbudget/actual-server Docker tag to v26.6.0' (#24 ) from renovate/actualbudget-actual-server-26.x into main
2026-06-06 08:53:03 +02:00 · 2026-06-06 06:52:24 +00:00 · 2026-06-06 06:52:01 +00:00 · 2026-06-06 06:51:39 +00:00 · 2026-06-06 00:04:48 +00:00 · 2026-06-06 00:04:43 +00:00
16 changed files with 161 additions and 24 deletions
@@ -30,7 +30,7 @@ spec:
    spec:
      containers:
        - name: actualbudget
-          image: actualbudget/actual-server:26.2.0
+          image: actualbudget/actual-server:26.6.0
          imagePullPolicy: IfNotPresent
          env:
            - name: TZ
@@ -6,7 +6,7 @@
 #        -slim suffix was retired after v37.440.x, so we pin the plain tag)
 #
 # PILOT SCOPE (intentionally narrow):
-#   Runs weekly (Sun 04:00 Europe/Budapest) as a CronJob and opens
+#   Runs weekly (Sat 02:00 Europe/Budapest) as a CronJob and opens
 #   dependency-update PRs against admin/homelab-manifests on Gitea.
 #   Only the `kubernetes` and `helm-values` managers are enabled, and a
 #   default-deny packageRule limits updates to exactly four pilot images:
@@ -44,8 +44,8 @@ data:
      "requireConfig": "optional",
      "dependencyDashboard": true,
      "dependencyDashboardTitle": "Renovate Dependency Dashboard",
-      "prHourlyLimit": 8,
-      "prConcurrentLimit": 8,
+      "prHourlyLimit": 16,
+      "prConcurrentLimit": 16,
      "enabledManagers": ["kubernetes", "helm-values"],
      "kubernetes": {
        "managerFilePatterns": ["/.+\\.ya?ml$/"]
@@ -116,7 +116,9 @@ metadata:
    app.kubernetes.io/name: renovate
    app.kubernetes.io/version: "43.197.0"
 spec:
-  schedule: "0 4 * * 0"
+  # Sat 02:00 Europe/Budapest — leaves the full weekend for troubleshooting
+  # if a Renovate-merged update breaks something.
+  schedule: "0 2 * * 6"
  timeZone: "Europe/Budapest"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 3
@@ -96,7 +96,7 @@ spec:
        fsGroup: 1000
      initContainers:
        - name: init-config
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
@@ -54,7 +54,7 @@ spec:
    spec:
      containers:
        - name: audiobookshelf
-          image: advplyr/audiobookshelf:2.35.0
+          image: advplyr/audiobookshelf:2.35.1
          imagePullPolicy: IfNotPresent
          env:
            - name: TZ
@@ -168,7 +168,7 @@ spec:
      initContainers:
        # Wait for PostgreSQL
        - name: wait-for-db
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
@@ -181,7 +181,7 @@ spec:
              echo "PostgreSQL is ready!"
        # Wait for Redis
        - name: wait-for-redis
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
@@ -175,7 +175,7 @@ spec:
    spec:
      containers:
        - name: bookstack
-          image: linuxserver/bookstack:25.12.3
+          image: linuxserver/bookstack:25.12.20251224
          imagePullPolicy: IfNotPresent
          env:
            # LinuxServer.io specific
@@ -32,7 +32,7 @@ spec:
    spec:
      initContainers:
        - name: init-directories
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
@@ -2787,7 +2787,7 @@ spec:
              mountPath: /app/assets
      containers:
        - name: glance
-          image: glanceapp/glance:v0.8.4
+          image: glanceapp/glance:v0.8.5
          imagePullPolicy: IfNotPresent
          env:
            - name: TZ
@@ -1413,7 +1413,7 @@ spec:
              mountPath: /app/assets
      containers:
        - name: glance
-          image: glanceapp/glance:v0.8.4
+          image: glanceapp/glance:v0.8.5
          imagePullPolicy: IfNotPresent
          env:
            - name: TZ
@@ -416,7 +416,7 @@ spec:
              value: http://immich-machine-learning:3003
            - name: REDIS_HOSTNAME
              value: immich-valkey
-          image: docker.io/valkey/valkey:9.0-alpine@sha256:b4ee67d73e00393e712accc72cfd7003b87d0fcd63f0eba798b23251bfc9c394
+          image: docker.io/valkey/valkey:9.0-alpine@sha256:d1cc70645bbcef743615463a2fa4616e841407545e18f560aed0c49671a90147
          imagePullPolicy: IfNotPresent
          livenessProbe:
            exec:
@@ -282,7 +282,7 @@ spec:
    spec:
      initContainers:
        - name: wait-for-db
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
@@ -294,7 +294,7 @@ spec:
              done
              echo "PostgreSQL is ready!"
        - name: wait-for-redis
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
@@ -584,7 +584,7 @@ spec:
      initContainers:
        # 1. Wait for PostgreSQL to accept connections
        - name: wait-for-db
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
@@ -597,7 +597,7 @@ spec:
              echo "PostgreSQL is ready!"
        # 2. Wait for Redis to accept connections
        - name: wait-for-redis
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
@@ -612,7 +612,7 @@ spec:
        #    Prevents the worker from picking up stale queued jobs
        #    before schema migrations have been applied.
        - name: wait-for-api
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
@@ -395,7 +395,7 @@ spec:
    spec:
      containers:
        - name: nextcloud
-          image: docker.io/library/nextcloud:32.0.2-apache
+          image: docker.io/library/nextcloud:32.0.10-apache
          imagePullPolicy: IfNotPresent
          env:
            - name: SMTP_HOST
@@ -0,0 +1,135 @@
+# BentoPDF - Privacy-focused PDF toolkit (all processing client-side, files never leave the server)
+# https://www.bentopdf.com  -  image: ghcr.io/alam00000/bentopdf
+# Domain: pdf.dooplex.hu
+# Version: 2.8.5
+# Database: None | Storage: None (stateless)
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bentopdf
+  namespace: office-system
+  labels:
+    app.kubernetes.io/name: bentopdf
+    app.kubernetes.io/instance: bentopdf
+    app.kubernetes.io/version: "2.8.5"
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: bentopdf
+      app.kubernetes.io/instance: bentopdf
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: bentopdf
+        app.kubernetes.io/instance: bentopdf
+        app.kubernetes.io/version: "2.8.5"
+      annotations:
+        match-regex.version-checker.io/bentopdf: '^v\d+\.\d+\.\d+$'
+    spec:
+      containers:
+        - name: bentopdf
+          image: ghcr.io/alam00000/bentopdf:v2.8.5
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: TZ
+              value: "Europe/Budapest"
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 15
+            periodSeconds: 30
+            timeoutSeconds: 5
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 3
+            failureThreshold: 3
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+            limits:
+              cpu: 500m
+              memory: 384Mi
+      restartPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bentopdf
+  namespace: office-system
+  labels:
+    app.kubernetes.io/name: bentopdf
+    app.kubernetes.io/instance: bentopdf
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: bentopdf
+    app.kubernetes.io/instance: bentopdf
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bentopdf
+  namespace: office-system
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    external-dns.alpha.kubernetes.io/hostname: pdf.dooplex.hu,pdf.home
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      set $geo_allowed 0;
+      if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
+      if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
+      if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
+      if ($geo_allowed = 0) {
+        return 403 "Access restricted to Hungary";
+      }
+  labels:
+    app.kubernetes.io/name: bentopdf
+    app.kubernetes.io/instance: bentopdf
+spec:
+  ingressClassName: nginx-internal
+  tls:
+    - hosts:
+        - pdf.dooplex.hu
+      secretName: bentopdf-tls
+  rules:
+    - host: pdf.dooplex.hu
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: bentopdf
+                port:
+                  number: 8080
+    - host: pdf.home
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: bentopdf
+                port:
+                  number: 8080
@@ -122,7 +122,7 @@ spec:
    spec:
      containers:
        - name: pocketbase
-          image: flomp/wanderer-db:v0.19.1
+          image: flomp/wanderer-db:v0.19.2
          env:
            - name: ORIGIN
              value: "https://wanderer.dooplex.hu"
@@ -192,7 +192,7 @@ spec:
    spec:
      containers:
        - name: wanderer-web
-          image: flomp/wanderer-web:v0.19.1
+          image: flomp/wanderer-web:v0.19.2
          env:
            - name: NODE_TLS_REJECT_UNAUTHORIZED
              value: "0"
@@ -315,7 +315,7 @@ spec:
      initContainers:
        # Create public directory if it doesn't exist
        - name: init-public-dir
-          image: busybox:1.36
+          image: busybox:1.38
          command: ["sh", "-c", "mkdir -p /srv/public && chmod 755 /srv/public"]
          volumeMounts:
            - name: data
@@ -153,7 +153,7 @@ spec:
        fsGroup: 1000
      initContainers:
        - name: wait-for-db
-          image: busybox:1.36
+          image: busybox:1.38
          command:
            - sh
            - -c
Author	SHA1	Message	Date
admin	a52f8ccf8d	renovate: bump throttle 8/8 -> 16/16 26 items sat in dashboard "Rate-Limited" after the first default-allow run (Sat 02:00); at 8 PRs/run + 1 run/week the backlog would take ~3 weeks to drain. Doubling to 16/16 cuts that to ~2 runs while still leaving headroom (the dashboard "Pending Approval" majors and ghcr.io "Pending Status Checks" don't count against this limit anyway). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-06 08:53:03 +02:00
admin	fbe9eeec21	Merge pull request 'Update actualbudget/actual-server Docker tag to v26.6.0' (#24 ) from renovate/actualbudget-actual-server-26.x into main	2026-06-06 06:52:24 +00:00
admin	fc1df98503	Merge pull request 'Update docker.io/library/nextcloud Docker tag to v32.0.10' (#20 ) from renovate/docker.io-library-nextcloud-32.x into main	2026-06-06 06:52:01 +00:00
admin	e4b36e7822	Merge pull request 'Update docker.io/valkey/valkey:9.0-alpine Docker digest to d1cc706' (#18 ) from renovate/docker.io-valkey-valkey-9.0-alpine into main	2026-06-06 06:51:39 +00:00
admin	6b2f69feaa	Merge pull request 'Update busybox Docker tag to v1.38' (#25 ) from renovate/busybox-1.x into main	2026-06-06 00:04:48 +00:00
Renovate Bot	03b8af9b78	Update busybox Docker tag to v1.38 renovate/stability-days Updates have met minimum release age requirement Details	2026-06-06 00:04:43 +00:00
admin	b98a0928cd	Merge pull request 'Update wanderer to v0.19.2' (#23 ) from renovate/wanderer into main	2026-06-06 00:04:39 +00:00
Renovate Bot	c9bc5cadc4	Update actualbudget/actual-server Docker tag to v26.6.0 renovate/stability-days Updates have met minimum release age requirement Details	2026-06-06 00:04:38 +00:00
admin	51581714ed	Merge pull request 'Update linuxserver/bookstack Docker tag to v25.12.20251224' (#22 ) from renovate/linuxserver-bookstack-25.x into main	2026-06-06 00:04:33 +00:00
Renovate Bot	a8610dc27e	Update wanderer to v0.19.2 renovate/stability-days Updates have met minimum release age requirement Details	2026-06-06 00:04:33 +00:00
admin	ad449b9e72	Merge pull request 'Update glanceapp/glance Docker tag to v0.8.5' (#21 ) from renovate/glanceapp-glance-0.x into main	2026-06-06 00:04:22 +00:00
Renovate Bot	ddb2797b10	Update linuxserver/bookstack Docker tag to v25.12.20251224 renovate/stability-days Updates have met minimum release age requirement Details	2026-06-06 00:04:21 +00:00
Renovate Bot	8b14b0e99e	Update glanceapp/glance Docker tag to v0.8.5 renovate/stability-days Updates have met minimum release age requirement Details	2026-06-06 00:04:18 +00:00
Renovate Bot	2b260bc2eb	Update docker.io/library/nextcloud Docker tag to v32.0.10 renovate/stability-days Updates have met minimum release age requirement Details	2026-06-06 00:04:14 +00:00
admin	d4f09f2cd9	Merge pull request 'Update advplyr/audiobookshelf Docker tag to v2.35.1' (#19 ) from renovate/advplyr-audiobookshelf-2.x into main	2026-06-06 00:04:14 +00:00
Renovate Bot	8a807d3e5c	Update advplyr/audiobookshelf Docker tag to v2.35.1 renovate/stability-days Updates have met minimum release age requirement Details	2026-06-06 00:04:08 +00:00
Renovate Bot	8b4b0df92c	Update docker.io/valkey/valkey:9.0-alpine Docker digest to d1cc706 renovate/stability-days Updates have not met minimum release age requirement Details	2026-06-06 00:04:06 +00:00
admin	da1e8045d0	feat(office): add BentoPDF (pdf.dooplex.hu) Privacy-focused, client-side PDF toolkit deployed into the office-system namespace alongside OnlyOffice. Stateless (no DB/PVC); nginx-internal ingress with HU geo-restriction and letsencrypt-prod TLS. Auto-synced by the existing `office` ArgoCD Application. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-05 12:36:33 +02:00
admin	fd73c41152	Merge pull request 'renovate: move cron to Sat 02:00 Europe/Budapest' (#17 ) from feat/renovate-cron-saturday into main	2026-06-05 07:31:24 +00:00
admin	b96703f2df	renovate: move cron to Sat 02:00 Europe/Budapest Was Sun 04:00; now Sat 02:00 so Renovate's wave lands at the start of the weekend instead of the end. If an auto-merged update breaks something, Viktor has the full weekend to troubleshoot. `0 2 * * 6` = Saturday 02:00 in Europe/Budapest (the CronJob already sets timeZone, so this is wall-clock local). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-05 09:30:58 +02:00
admin	e147d829e7	Merge pull request 'renovate: default-allow + codify ArgoCD auto-sync' (#16 ) from feat/renovate-default-allow into main	2026-06-05 05:58:04 +00:00