From ee93b504fa864995b82d52cdd20eecd14e86a0d5 Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Sat, 6 Jun 2026 15:04:59 +0200 Subject: [PATCH] cleanup: drop stale felhom-system copies + fix plex datasource + remove obsolete umami config Three coordinated changes, all surfaced by the question "will Renovate track the manually-bumped packages going forward": 1) Delete `felhom-system/` directory (4 files). These were never the source of truth -- the `felhom` ArgoCD app pulls from `felhom.eu`, path `manifests`. The copies in this repo fell out of sync over time and were misleading. Renovate was about to start opening DEAD PRs against them (the customManager below targeted `felhom-system/umami.yaml`). Removing the directory is the cleanest fix; manual bumps for the real felhom-system manifests go into the felhom.eu repo. 2) Fix plex inline `# renovate:` comment in helm/plex/values.yaml. It referenced `datasource=custom.plex` but no such customDatasource exists in the config -- Renovate would silently skip plex. Switched to the standard docker datasource with regex versioning that parses `1.X.Y.Z-` (4 segments + git short-hash suffix, same pattern approach as servarr and termix). 3) Remove the now-obsolete umami customManager + packageRule. The customManager was for the `postgresql-vX.Y.Z` tag form we've abandoned -- the real felhom.eu deployment is on `3.1.0` (plain semver). The packageRule disabled the kubernetes manager for the umami image to silence its failure on `postgresql-vX.Y.Z`; not needed since the default versioning handles `3.X.Y` fine. (Moot anyway since Renovate doesn't watch felhom.eu -- but cleanup reduces config noise.) After this PR, Renovate's effective tracking: - servarr (sonarr/radarr/prowlarr) -> YES (customManager) - plex -> YES (inline comment, docker) - termix -> YES (customManager) - umami / filebrowser in felhom.eu -> NO (different repo, manual) - all standard semver/named tags in homelab-manifests -> YES (defaults) Co-Authored-By: Claude Opus 4.7 (1M context) --- admin-system/renovate.yaml | 15 -- felhom-system/contact-mailer.yaml | 142 --------------- felhom-system/healthchecks.yaml | 194 -------------------- felhom-system/umami.yaml | 288 ------------------------------ felhom-system/webpage.yaml | 286 ----------------------------- helm/plex/values.yaml | 2 +- 6 files changed, 1 insertion(+), 926 deletions(-) delete mode 100644 felhom-system/contact-mailer.yaml delete mode 100644 felhom-system/healthchecks.yaml delete mode 100644 felhom-system/umami.yaml delete mode 100644 felhom-system/webpage.yaml diff --git a/admin-system/renovate.yaml b/admin-system/renovate.yaml index 687377a..2196caa 100644 --- a/admin-system/renovate.yaml +++ b/admin-system/renovate.yaml @@ -73,16 +73,6 @@ data: "datasourceTemplate": "docker", "packageNameTemplate": "linuxserver/{{depName}}", "versioningTemplate": "regex:^version-(?\\d+)\\.(?\\d+)\\.(?\\d+)\\.(?\\d+)$" - }, - { - "description": "umami: the docker image tag is `postgresql-vX.Y.Z` (the PostgreSQL-flavored variant). Default docker versioning rejects the prefix. Same fix as termix/servarr: regex versioning parses the prefixed value; ghcr.io tag list is filtered to the postgresql-v* track only.", - "customType": "regex", - "managerFilePatterns": ["/felhom-system/umami\\.ya?ml$/"], - "matchStrings": [ - "image:\\s+(?ghcr\\.io/umami-software/umami):(?postgresql-v\\d+\\.\\d+\\.\\d+)" - ], - "datasourceTemplate": "docker", - "versioningTemplate": "regex:^postgresql-v(?\\d+)\\.(?\\d+)\\.(?\\d+)$" } ], "packageRules": [ @@ -160,11 +150,6 @@ data: ], "enabled": false }, - { - "description": "umami: same disable pattern. customManager handles extraction; kubernetes-manager would silently skip `postgresql-vX.Y.Z`.", - "matchManagers": ["kubernetes"], - "matchPackageNames": ["ghcr.io/umami-software/umami"], - "enabled": false } ], "labels": ["renovate"] diff --git a/felhom-system/contact-mailer.yaml b/felhom-system/contact-mailer.yaml deleted file mode 100644 index d956974..0000000 --- a/felhom-system/contact-mailer.yaml +++ /dev/null @@ -1,142 +0,0 @@ -# Contact Mailer - Lightweight email sender for felhom.eu contact form -# Uses Resend.com API for transactional email delivery. -# -# PREREQUISITES: -# 1. Build and push the container image: -# docker build -t contact-mailer:latest . -# # Option A: Push to Gitea registry (if configured): -# # docker tag contact-mailer:latest gitea.felhom.eu/felhom/contact-mailer:latest -# # docker push gitea.felhom.eu/felhom/contact-mailer:latest -# # Option B: Import directly into k3s (single node): -# # docker save contact-mailer:latest | sudo k3s ctr images import - -# -# 2. Create the Secret with your Resend API key: -# kubectl create secret generic contact-mailer-config \ -# --namespace=felhom-system \ -# --from-literal=RESEND_API_KEY='re_xxxxxxxxxxxx' -# -# 3. Apply this manifest: -# kubectl apply -f contact-mailer.yaml -# -# 4. Test: -# # Health check: -# curl https://felhom.eu/api/healthz -# # Send test email (only works if DEBUG=true): -# curl -X POST https://felhom.eu/api/debug/test -# -# 5. Update contact form endpoint in kapcsolat.html: -# CONFIG.formEndpoint = '/api/contact'; -# -# DEBUGGING: -# kubectl logs -n felhom-system deploy/contact-mailer -f -# kubectl exec -it -n felhom-system deploy/contact-mailer -- wget -qO- http://localhost:8080/healthz ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: contact-mailer - namespace: felhom-system - labels: - app: contact-mailer -spec: - replicas: 1 - selector: - matchLabels: - app: contact-mailer - template: - metadata: - labels: - app: contact-mailer - spec: - containers: - - name: contact-mailer - image: contact-mailer:latest - # Use 'Never' for locally imported images, 'Always' for registry - imagePullPolicy: Never - ports: - - containerPort: 8080 - env: - - name: RESEND_API_KEY - valueFrom: - secretKeyRef: - name: contact-mailer-config - key: RESEND_API_KEY - - name: FROM_EMAIL - value: "Felhom.eu " - - name: TO_EMAIL - value: "info@felhom.eu" - - name: ALLOWED_ORIGIN - value: "https://felhom.eu" - - name: TZ - value: "Europe/Budapest" - # Set to "true" to enable /debug/test endpoint - - name: DEBUG - value: "false" - resources: - requests: - memory: "16Mi" - cpu: "5m" - limits: - memory: "64Mi" - cpu: "100m" - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 30 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 10 - securityContext: - runAsNonRoot: true - runAsUser: 1000 - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false ---- -apiVersion: v1 -kind: Service -metadata: - name: contact-mailer - namespace: felhom-system -spec: - selector: - app: contact-mailer - ports: - - port: 80 - targetPort: 8080 ---- -# Ingress: routes felhom.eu/api/* to the contact mailer -# This is a SEPARATE ingress from the website - nginx-ingress merges them -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: contact-mailer - namespace: felhom-system - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - # Allow larger uploads for attachments - nginx.ingress.kubernetes.io/proxy-body-size: "25m" - # Timeout for large file uploads - nginx.ingress.kubernetes.io/proxy-read-timeout: "60" - nginx.ingress.kubernetes.io/proxy-send-timeout: "60" -spec: - ingressClassName: nginx-internal - tls: - - hosts: - - felhom.eu - secretName: felhom-webpage-tls - rules: - - host: felhom.eu - http: - paths: - - path: /api - pathType: Prefix - backend: - service: - name: contact-mailer - port: - number: 80 \ No newline at end of file diff --git a/felhom-system/healthchecks.yaml b/felhom-system/healthchecks.yaml deleted file mode 100644 index 36558c9..0000000 --- a/felhom-system/healthchecks.yaml +++ /dev/null @@ -1,194 +0,0 @@ -# Healthchecks - Self-hosted cron/backup monitoring with dead man's switch -# Dashboard: https://status.felhom.eu -# Ping endpoint: https://status.felhom.eu/ping/ -# -# Customer servers ping this after successful backup. -# If a ping is missed, Healthchecks sends email alerts. -# -# After deploying, create superuser: -# kubectl exec -it -n felhom-system deploy/healthchecks -- python manage.py createsuperuser -# -# SMTP: Configure the Secret below with your email provider credentials. -# Recommended free options: -# - Resend.com (3000 emails/month free, easy setup) -# - Brevo/Sendinblue (300 emails/day free) -# - SMTP2GO (1000 emails/month free) ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: healthchecks-data - namespace: felhom-system -spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn - resources: - requests: - storage: 1Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: healthchecks - namespace: felhom-system - labels: - app: healthchecks -spec: - replicas: 1 - selector: - matchLabels: - app: healthchecks - template: - metadata: - labels: - app: healthchecks - spec: - securityContext: - fsGroup: 999 - containers: - - name: healthchecks - image: healthchecks/healthchecks:v4.2 - ports: - - containerPort: 8000 - env: - # --- Site settings --- - - name: SITE_ROOT - value: "https://status.felhom.eu" - - name: SITE_NAME - value: "Felhom Monitoring" - - name: ALLOWED_HOSTS - value: "status.felhom.eu" - - name: PING_ENDPOINT - value: "https://status.felhom.eu/ping/" - - name: DEBUG - value: "False" - - name: REGISTRATION_OPEN - value: "False" - - name: DB - value: "sqlite" - - name: DB_NAME - value: "/data/hc.sqlite" - - name: TZ - value: "Europe/Budapest" - - # --- Secrets (from Secret) --- - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: healthchecks-config - key: SECRET_KEY - - name: SUPERUSER_EMAIL - valueFrom: - secretKeyRef: - name: healthchecks-config - key: SUPERUSER_EMAIL - - name: SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: healthchecks-config - key: SUPERUSER_PASSWORD - - name: EMAIL_HOST - valueFrom: - secretKeyRef: - name: healthchecks-config - key: EMAIL_HOST - - name: EMAIL_PORT - valueFrom: - secretKeyRef: - name: healthchecks-config - key: EMAIL_PORT - - name: EMAIL_HOST_USER - valueFrom: - secretKeyRef: - name: healthchecks-config - key: EMAIL_HOST_USER - - name: EMAIL_HOST_PASSWORD - valueFrom: - secretKeyRef: - name: healthchecks-config - key: EMAIL_HOST_PASSWORD - - name: EMAIL_USE_TLS - valueFrom: - secretKeyRef: - name: healthchecks-config - key: EMAIL_USE_TLS - - name: EMAIL_USE_VERIFICATION - valueFrom: - secretKeyRef: - name: healthchecks-config - key: EMAIL_USE_VERIFICATION - - name: DEFAULT_FROM_EMAIL - valueFrom: - secretKeyRef: - name: healthchecks-config - key: DEFAULT_FROM_EMAIL - volumeMounts: - - name: data - mountPath: /data - resources: - requests: - memory: "128Mi" - cpu: "50m" - limits: - memory: "512Mi" - cpu: "500m" - livenessProbe: - httpGet: - path: /api/v3/status/ - port: 8000 - httpHeaders: - - name: Host - value: status.felhom.eu - initialDelaySeconds: 30 - periodSeconds: 60 - readinessProbe: - httpGet: - path: /api/v3/status/ - port: 8000 - httpHeaders: - - name: Host - value: status.felhom.eu - initialDelaySeconds: 10 - periodSeconds: 10 - volumes: - - name: data - persistentVolumeClaim: - claimName: healthchecks-data ---- -apiVersion: v1 -kind: Service -metadata: - name: healthchecks - namespace: felhom-system -spec: - selector: - app: healthchecks - ports: - - port: 80 - targetPort: 8000 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: healthchecks - namespace: felhom-system - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod -spec: - ingressClassName: nginx-internal - tls: - - hosts: - - status.felhom.eu - secretName: healthchecks-tls - rules: - - host: status.felhom.eu - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: healthchecks - port: - number: 80 \ No newline at end of file diff --git a/felhom-system/umami.yaml b/felhom-system/umami.yaml deleted file mode 100644 index 31fb72b..0000000 --- a/felhom-system/umami.yaml +++ /dev/null @@ -1,288 +0,0 @@ -# Umami v3 - Privacy-focused web analytics for felhom.eu -# Dashboard: https://stats.felhom.eu -# Tracking: Add -# -# The script is <2KB, async/deferred, cookie-free, and GDPR compliant. -# No cookie consent banner needed! -# -# TIP: Since your HTML files are managed via FileBrowser, you can add the -# script tag to all pages at once. Add it right before in: -# - index.html -# - alkalmazasok.html -# - technologiak.html -# - gyik.html -# - kapcsolat.html -# - biztonsagimentes.html (if exists) -# - Any other pages \ No newline at end of file diff --git a/felhom-system/webpage.yaml b/felhom-system/webpage.yaml deleted file mode 100644 index f3bf906..0000000 --- a/felhom-system/webpage.yaml +++ /dev/null @@ -1,286 +0,0 @@ -# FileBrowser + Webpage deployment for felhom.eu ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: felhom-website-content - namespace: felhom-system -spec: - accessModes: - - ReadWriteMany - storageClassName: longhorn - resources: - requests: - storage: 1Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: filebrowser-db - namespace: felhom-system -spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn - resources: - requests: - storage: 100Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: filebrowser-config - namespace: felhom-system -data: - .filebrowser.json: | - { - "port": 8080, - "baseURL": "", - "address": "0.0.0.0", - "log": "stdout", - "database": "/database/filebrowser.db", - "root": "/srv" - } ---- -# =================== -# NGINX CONFIG FOR CLEAN URLs -# =================== -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-config - namespace: felhom-system -data: - default.conf: | - server { - listen 80; - server_name _; - root /usr/share/nginx/html; - index index.html; - - # Enable clean URLs - serve .html files without extension - location / { - try_files $uri $uri.html $uri/ =404; - } - - # Cache static assets - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ { - expires 7d; - add_header Cache-Control "public, immutable"; - } - - # Security headers - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - - # Error pages - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - } ---- -# =================== -# FILEBROWSER -# =================== -apiVersion: apps/v1 -kind: Deployment -metadata: - name: filebrowser - namespace: felhom-system - labels: - app: filebrowser -spec: - replicas: 1 - selector: - matchLabels: - app: filebrowser - template: - metadata: - labels: - app: filebrowser - spec: - containers: - - name: filebrowser - image: filebrowser/filebrowser:v2.63.13 - ports: - - containerPort: 8080 - volumeMounts: - - name: website-content - mountPath: /srv - - name: database - mountPath: /database - - name: config - mountPath: /.filebrowser.json - subPath: .filebrowser.json - resources: - requests: - memory: "64Mi" - cpu: "50m" - limits: - memory: "256Mi" - cpu: "500m" - livenessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 30 - readinessProbe: - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 10 - volumes: - - name: website-content - persistentVolumeClaim: - claimName: felhom-website-content - - name: database - persistentVolumeClaim: - claimName: filebrowser-db - - name: config - configMap: - name: filebrowser-config ---- -apiVersion: v1 -kind: Service -metadata: - name: filebrowser - namespace: felhom-system -spec: - selector: - app: filebrowser - ports: - - port: 80 - targetPort: 8080 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: filebrowser - namespace: felhom-system - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - nginx.ingress.kubernetes.io/proxy-body-size: "100m" -spec: - ingressClassName: nginx-internal - tls: - - hosts: - - files.felhom.eu - secretName: filebrowser-tls - rules: - - host: files.felhom.eu - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: filebrowser - port: - number: 80 ---- -# =================== -# WEBPAGE (nginx) -# =================== -apiVersion: apps/v1 -kind: Deployment -metadata: - name: felhom-webpage - namespace: felhom-system - labels: - app: felhom-webpage -spec: - replicas: 1 - selector: - matchLabels: - app: felhom-webpage - template: - metadata: - labels: - app: felhom-webpage - spec: - containers: - - name: nginx - image: nginx:alpine - ports: - - containerPort: 80 - volumeMounts: - - name: website-content - mountPath: /usr/share/nginx/html - - name: nginx-config - mountPath: /etc/nginx/conf.d/default.conf - subPath: default.conf - resources: - requests: - memory: "32Mi" - cpu: "10m" - limits: - memory: "128Mi" - cpu: "200m" - livenessProbe: - httpGet: - path: / - port: 80 - initialDelaySeconds: 5 - periodSeconds: 30 - readinessProbe: - httpGet: - path: / - port: 80 - initialDelaySeconds: 3 - periodSeconds: 10 - volumes: - - name: website-content - persistentVolumeClaim: - claimName: felhom-website-content - - name: nginx-config - configMap: - name: nginx-config ---- -apiVersion: v1 -kind: Service -metadata: - name: felhom-webpage - namespace: felhom-system -spec: - selector: - app: felhom-webpage - ports: - - port: 80 - targetPort: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: felhom-webpage - namespace: felhom-system - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod -spec: - ingressClassName: nginx-internal - tls: - - hosts: - - felhom.eu - - www.felhom.eu - secretName: felhom-webpage-tls - rules: - - host: felhom.eu - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: felhom-webpage - port: - number: 80 - - host: www.felhom.eu - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: felhom-webpage - port: - number: 80 \ No newline at end of file diff --git a/helm/plex/values.yaml b/helm/plex/values.yaml index 0d4e3f6..a510903 100755 --- a/helm/plex/values.yaml +++ b/helm/plex/values.yaml @@ -3,7 +3,7 @@ image: # -- The public dockerhub registry registry: index.docker.io repository: plexinc/pms-docker - # renovate: datasource=custom.plex depName=plex versioning=loose + # renovate: datasource=docker depName=plexinc/pms-docker versioning=regex:^(?\d+)\.(?\d+)\.(?\d+)\.(?\d+)-[a-f0-9]+$ tag: "1.43.2.10687-563d026ea" sha: "" pullPolicy: IfNotPresent -- 2.52.0