Merge branch 'main' into 555-enhance-update-the-proxmox-terraform-files

.editorconfig

@@ -0,0 +1,65 @@
+# https://editorconfig.org/
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[/docker-compose/nginx/**/*.conf]
+indent_size = 2
+
+[/docker-compose/wazuh/**/*.conf]
+indent_size = 2
+
+[*.css]
+indent_size = 2
+
+[{*.go,go.mod}]
+indent_style = tab
+indent_size = unset
+
+[*.hcl]
+indent_size = unset
+
+[*{.min,.min.*,-min}.js]
+charset = unset
+indent_size = unset
+indent_style = unset
+insert_final_newline = unset
+max_line_length = off
+
+[*.json]
+indent_size = 2
+
+[*.md]
+indent_size = unset
+trim_trailing_whitespace = false
+
+[*.nix]
+indent_size = 2
+
+[*.py]
+indent_size = 4
+
+[*.tf]
+indent_size = unset
+
+[/packer/**/http/user-data]
+indent_size = 2
+
+[{*.{yaml,yml},.yamllint}]
+indent_size = 2
+
+[*.xml]
+indent_size = 2
+
+[Makefile]
+indent_style = tab
+indent_size = unset
+
+[Vagrantfile]
+indent_size = 2

docker-compose/authentik/compose.yaml

@@ -1,35 +1,5 @@
 ---
 services:
-  postgres:
-    image: docker.io/library/postgres:16.6
-    container_name: authentik-db
-    environment:
-      - POSTGRES_USER=${POSTGRES_USER:-authentik}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?error}
-      - POSTGRES_DB=${POSTGRES_DB:-authentik}
-      - TZ=${TZ:-UTC}
-    healthcheck:
-      test: ['CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-authentik}"']
-      start_period: 30s
-      interval: 10s
-      timeout: 10s
-      retries: 5
-    volumes:
-      - postgres_data:/var/lib/postgresql/data
-    restart: unless-stopped
-  redis:
-    image: docker.io/library/redis:7.4.2
-    container_name: authentik-redis
-    command: --save 60 1 --loglevel warning
-    healthcheck:
-      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 3s
-    volumes:
-      - redis_data:/data
-    restart: unless-stopped
   server:
     image: ghcr.io/goauthentik/server:2024.12.2
     container_name: authentik-server
@@ -44,19 +14,33 @@ services:
       #             echo $(openssl rand -base64 32)
       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
       # (Optional)  Enable Error Reporting
-      # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
       # (Optional)  Enable Email Sending
-      # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
-      # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
-      # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
-      # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
-      # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
-      # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
-      # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
-      # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
+      #             Highly recommended to notify you about alerts and configuration issues.
+      - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
+      - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
+      - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
+      - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
+      - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
+      - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
+      - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
+      - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
     ports:
+      # (Optional)  Remove these, if you're using a reverse proxy like Traefik.
       - 9000:9000
       - 9443:9443
+    labels:
+      # (Optional)  Enable Traefik integration for the Authentik Web UI. For more information
+      #             about integrating other services with Traefik and Authentik, see the
+      #             documentation at https://goauthentik.io/docs/outposts/integrations/traefik
+      #             and the middleware example files in `docker-compose/traefik/config`.
+      - traefik.enable=true
+      - traefik.http.services.authentik.loadbalancer.server.port=9000
+      - traefik.http.services.authentik.loadbalancer.server.scheme=http
+      - traefik.http.routers.authentik.entrypoints=websecure
+      - traefik.http.routers.authentik.rule=Host(`your-authentik-fqdn`)
+      - traefik.http.routers.authentik.tls=true
+      - traefik.http.routers.authentik.tls.certresolver=cloudflare
     volumes:
       - ./media:/media
       - ./custom-templates:/templates
@@ -64,6 +48,7 @@ services:
       - postgres
       - redis
     restart: unless-stopped
+
   worker:
     image: ghcr.io/goauthentik/server:2024.12.2
     container_name: authentik-worker
@@ -78,23 +63,22 @@ services:
       #             echo $(openssl rand -base64 32)
       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:?error}
       # (Optional)  Enable Error Reporting
-      # - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}
       # (Optional)  Enable Email Sending
-      # - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
-      # - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
-      # - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
-      # - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
-      # - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
-      # - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
-      # - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
-      # - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
-    # (Optional)  When using the docker socket integration
-    #             See more for the docker socket integration here:
+      #             Highly recommended to notify you about alerts and configuration issues.
+      - AUTHENTIK_EMAIL__HOST=${EMAIL_HOST:?error}
+      - AUTHENTIK_EMAIL__PORT=${EMAIL_PORT:-25}
+      - AUTHENTIK_EMAIL__USERNAME=${EMAIL_USERNAME:?error}
+      - AUTHENTIK_EMAIL__PASSWORD=${EMAIL_PASSWORD:?error}
+      - AUTHENTIK_EMAIL__USE_TLS=${EMAIL_USE_TLS:-false}
+      - AUTHENTIK_EMAIL__USE_SSL=${EMAIL_USE_SSL:-false}
+      - AUTHENTIK_EMAIL__TIMEOUT=${EMAIL_TIMEOUT:-10}
+      - AUTHENTIK_EMAIL__FROM=${EMAIL_FROM:?error}
+    # (Optional)  See more for the docker socket integration here:
     #             https://goauthentik.io/docs/outposts/integrations/docker
-    # user: root
+    user: root
     volumes:
-      # (Optional)  When using the docker socket integration
-      # - /run/docker.sock:/run/docker.sock
+      - /run/docker.sock:/run/docker.sock
       - ./media:/media
       - ./certs:/certs
       - ./custom-templates:/templates
@@ -103,6 +87,42 @@ services:
       - redis
     restart: unless-stopped
 
+  redis:
+    image: docker.io/library/redis:7.4.2
+    container_name: authentik-redis
+    command: --save 60 1 --loglevel warning
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - redis_data:/data
+    restart: unless-stopped
+
+  postgres:
+    # (Optional) Add a PostgreSQL Database for Authentik
+    #   Alternatively, you can host your PostgreSQL database externally, and
+    #   change the connection settings in the `authentik-server` and
+    #   `authentik-worker`.
+    image: docker.io/library/postgres:17.2
+    container_name: authentik-db
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER:-authentik}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?error}
+      - POSTGRES_DB=${POSTGRES_DB:-authentik}
+      - TZ=${TZ:-UTC}
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-authentik}"']
+      start_period: 30s
+      interval: 10s
+      timeout: 10s
+      retries: 5
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    restart: unless-stopped
+
 volumes:
   postgres_data:
     driver: local

docker-compose/bind9/compose.yaml

@@ -1,7 +1,7 @@
 ---
 services:
   bind9:
-    image: docker.io/ubuntu/bind9:9.18-23.10_edge
+    image: docker.io/ubuntu/bind9:9.20-24.10_edge
     container_name: bind9
     ports:
       - "53:53"

docker-compose/clamav/compose.yaml

@@ -1,7 +1,7 @@
 ---
 services:
   clamav:
-    image: docker.io/clamav/clamav:1.4.1
+    image: docker.io/clamav/clamav:1.4.2
     container_name: clamav
     volumes:
       - ./config/clamd.conf:/etc/clamav/clamd.conf:ro

docker-compose/gitea/.env.example

@@ -3,6 +3,6 @@
 # Add internal database credentials here...
 # POSTGRES_HOST     = "your-database-host"
 # POSTGRES_PORT     = "your-database-port"
-POSTGRES_DB       = "your-database-name"  
+POSTGRES_DB       = "your-database-name"
 POSTGRES_USER     = "your-database-user"
 POSTGRES_PASSWORD = "your-database-password"

docker-compose/gitlab/compose.yaml

@@ -1,7 +1,7 @@
 ---
 services:
   gitlab:
-    image: gitlab/gitlab-ce:17.8.0-ce.0
+    image: gitlab/gitlab-ce:17.8.1-ce.0
     container_name: gitlab
     shm_size: '256m'
     environment: {}

docker-compose/homeassistant/compose.yaml

@@ -2,7 +2,7 @@
 services:
   homeassistant:
     container_name: homeassistant
-    image: ghcr.io/home-assistant/home-assistant:2025.1.2
+    image: ghcr.io/home-assistant/home-assistant:2025.1.4
     volumes:
       - ./config:/config
       - /etc/localtime:/etc/localtime:ro

docker-compose/portainer-agent/compose.yaml

@@ -1,15 +0,0 @@
----
-services:
-  app:
-    container_name: portainer-agent
-    deploy:
-      mode: global
-    image: docker.io/portainer/agent:latest
-    ports:
-      - 9001:9001
-    volumes:
-      - /run/docker.sock:/var/run/docker.sock
-      - /var/lib/docker/volumes:/var/lib/docker/volumes
-    networks:
-      - portainer-agent_default
-    restart: unless-stopped

docker-compose/portainer/compose.yaml

@@ -1,16 +1,31 @@
 ---
-volumes:
-  portainer-data:
-    driver: local
 services:
   app:
     container_name: portainer
-    image: docker.io/portainer/portainer-ce:latest
+    image: docker.io/portainer/portainer-ce:2.26.1-alpine
     ports:
+      # --> (Optional) Remove when using traefik...
       - 9000:9000
       - 9443:9443
+      # <--
       - 8000:8000
     volumes:
       - /run/docker.sock:/var/run/docker.sock
       - portainer-data:/data
+    # --> (Optional) When using traefik...
+    # labels:
+    #   - traefik.enable=true
+    #   - traefik.http.services.portainer.loadbalancer.server.port=9000
+    #   - traefik.http.routers.portainer.service=portainer
+    #   - traefik.http.routers.portainer.entrypoints=websecure
+    #   - traefik.http.routers.portainer.rule=Host(`your-portainer-fqdn`)
+    #   - traefik.http.routers.portainer.tls=true
+    #   - traefik.http.routers.portainer.tls.certresolver=cloudflare
+    # networks:
+    #   - frontend
+    # <--
     restart: unless-stopped
+
+volumes:
+  portainer-data:
+    driver: local

docker-compose/teleport/compose.yaml

@@ -5,7 +5,7 @@
 #     external: true
 services:
   teleport:
-    image: public.ecr.aws/gravitational/teleport-distroless:17.1.6
+    image: public.ecr.aws/gravitational/teleport-distroless:17.2.2
     container_name: teleport
     ports:
       # -- (Optional) Remove this section, when using Traefik

kubernetes/authentik/certificate.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: your-authentik-certificate
+  namespace: authentik
+spec:
+  secretName: your-authentik-tls-secret
+  issuerRef:
+    name: cloudflare-clusterissuer
+    kind: ClusterIssuer
+  dnsNames:
+    - your-authentik-fqdn

kubernetes/authentik/example.middleware.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: service-middleware
+  namespace: service-namespace
+spec:
+  forwardAuth:
+    address: "http://your-authentik-outpost-name.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik"
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version

kubernetes/authentik/helm/values.yaml

@@ -0,0 +1,46 @@
+---
+global:
+  image:
+    repository: "ghcr.io/goauthentik/server"
+    tag: "2024.12.2"
+    pullPolicy: IfNotPresent
+authentik:
+  # (Required)  To generate a secret key run the following command:
+  #             echo $(openssl rand -base64 32)
+  secret_key: ""
+  postgresql:
+    host: ""
+    name: ""
+    user: ""
+    password: ""
+    port: 5432
+  email:
+    # (Optional)  Enable Email Sending
+    #             Highly recommended to notify you about alerts and configuration issues.
+    host: ""
+    port: 587
+    username: ""
+    password: ""
+    use_tls: true
+    from: ""
+  error_reporting:
+    enabled: true
+  log_level: error
+server:
+  ingress:
+    # (Optional)  If you want to securely expose Authentik in Traefik you can enable the
+    #             Ingress settings, alternatively, you can use the template in the
+    #             `authentik/ingressroute.yaml` file to create an IngressRoute.
+    ingressClassName: traefik
+    enabled: true
+    hosts:
+      - your-authentik-fqdn
+    tls:
+      - hosts:
+          - your-authentik-fqdn
+        # (Optional)  If you want to use a custom TLS secret you can specify it here.
+        secretName: your-authentik-tls-secret
+postgresql:
+  enabled: false
+redis:
+  enabled: true

kubernetes/authentik/ingressroute.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: authentik
+  namespace: authentik
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`your-authentik-fqdn`)
+      kind: Rule
+      services:
+        - name: authentik-server
+          port: 80
+  tls:
+    # (Optional)  If you want to use a custom TLS secret you can specify it here.
+    secretName: your-authentik-tls-secret

kubernetes/authentik/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: authentik

kubernetes/longhorn/helm/values.yaml

@@ -3,22 +3,22 @@ image:
   longhorn:
     engine:
       repository: "longhornio/longhorn-engine"
-      tag: "v1.7.2"
+      tag: "v1.8.0"
     manager:
       repository: "longhornio/longhorn-manager"
-      tag: "v1.7.2"
+      tag: "v1.8.0"
     ui:
       repository: "longhornio/longhorn-ui"
       tag: "v1.7.2"
     instanceManager:
       repository: "longhornio/longhorn-instance-manager"
-      tag: "v1.7.2"
+      tag: "v1.8.0"
     shareManager:
       repository: "longhornio/longhorn-share-manager"
       tag: "v1.7.2"
     backingImageManager:
       repository: "longhornio/backing-image-manager"
-      tag: "v1.7.2"
+      tag: "v1.8.0"
     supportBundleKit:
       repository: "longhornio/support-bundle-kit"
       tag: "v0.0.49"

kubernetes/portainer/helm/values.yaml

@@ -1,7 +1,7 @@
 ---
 image:
   repository: portainer/portainer-ce
-  tag: 2.26.0
+  tag: 2.26.1
   pullPolicy: IfNotPresent
 
 service:

packer/proxmox/ubuntu-server-focal-docker/ubuntu-server-focal-docker.pkr.hcl

@@ -18,14 +18,14 @@ variable "proxmox_api_token_secret" {
 
 # Resource Definiation for the VM Template
 source "proxmox" "ubuntu-server-focal-docker" {
- 
+
     # Proxmox Connection Settings
     proxmox_url = "${var.proxmox_api_url}"
     username = "${var.proxmox_api_token_id}"
     token = "${var.proxmox_api_token_secret}"
     # (Optional) Skip TLS Verification
     # insecure_skip_tls_verify = true
-    
+
     # VM General Settings
     node = "your-proxmox-node"
     vm_id = "100"
@@ -58,16 +58,16 @@ source "proxmox" "ubuntu-server-focal-docker" {
 
     # VM CPU Settings
     cores = "1"
-    
+
     # VM Memory Settings
-    memory = "2048" 
+    memory = "2048"
 
     # VM Network Settings
     network_adapters {
         model = "virtio"
         bridge = "vmbr0"
         firewall = "false"
-    } 
+    }
 
     # VM Cloud-Init Settings
     cloud_init = true
@@ -85,7 +85,7 @@ source "proxmox" "ubuntu-server-focal-docker" {
     boot_wait = "5s"
 
     # PACKER Autoinstall Settings
-    http_directory = "http" 
+    http_directory = "http"
     # (Optional) Bind IP Address and Port
     # http_bind_address = "0.0.0.0"
     # http_port_min = 8802

packer/proxmox/ubuntu-server-focal/ubuntu-server-focal.pkr.hcl

@@ -18,14 +18,14 @@ variable "proxmox_api_token_secret" {
 
 # Resource Definiation for the VM Template
 source "proxmox" "ubuntu-server-focal" {
- 
+
     # Proxmox Connection Settings
     proxmox_url = "${var.proxmox_api_url}"
     username = "${var.proxmox_api_token_id}"
     token = "${var.proxmox_api_token_secret}"
     # (Optional) Skip TLS Verification
     # insecure_skip_tls_verify = true
-    
+
     # VM General Settings
     node = "your-proxmox-node"
     vm_id = "100"
@@ -58,16 +58,16 @@ source "proxmox" "ubuntu-server-focal" {
 
     # VM CPU Settings
     cores = "1"
-    
+
     # VM Memory Settings
-    memory = "2048" 
+    memory = "2048"
 
     # VM Network Settings
     network_adapters {
         model = "virtio"
         bridge = "vmbr0"
         firewall = "false"
-    } 
+    }
 
     # VM Cloud-Init Settings
     cloud_init = true
@@ -85,7 +85,7 @@ source "proxmox" "ubuntu-server-focal" {
     boot_wait = "5s"
 
     # PACKER Autoinstall Settings
-    http_directory = "http" 
+    http_directory = "http"
     # (Optional) Bind IP Address and Port
     # http_bind_address = "0.0.0.0"
     # http_port_min = 8802

packer/proxmox/ubuntu-server-jammy-docker/ubuntu-server-jammy-docker.pkr.hcl

@@ -18,14 +18,14 @@ variable "proxmox_api_token_secret" {
 
 # Resource Definiation for the VM Template
 source "proxmox" "ubuntu-server-jammy" {
- 
+
     # Proxmox Connection Settings
     proxmox_url = "${var.proxmox_api_url}"
     username = "${var.proxmox_api_token_id}"
     token = "${var.proxmox_api_token_secret}"
     # (Optional) Skip TLS Verification
     # insecure_skip_tls_verify = true
-    
+
     # VM General Settings
     node = "your-proxmox-node"
     vm_id = "100"
@@ -58,16 +58,16 @@ source "proxmox" "ubuntu-server-jammy" {
 
     # VM CPU Settings
     cores = "1"
-    
+
     # VM Memory Settings
-    memory = "2048" 
+    memory = "2048"
 
     # VM Network Settings
     network_adapters {
         model = "virtio"
         bridge = "vmbr0"
         firewall = "false"
-    } 
+    }
 
     # VM Cloud-Init Settings
     cloud_init = true
@@ -86,7 +86,7 @@ source "proxmox" "ubuntu-server-jammy" {
     boot_wait = "5s"
 
     # PACKER Autoinstall Settings
-    http_directory = "http" 
+    http_directory = "http"
     # (Optional) Bind IP Address and Port
     # http_bind_address = "0.0.0.0"
     # http_port_min = 8802

packer/proxmox/ubuntu-server-jammy/ubuntu-server-jammy.pkr.hcl

@@ -18,14 +18,14 @@ variable "proxmox_api_token_secret" {
 
 # Resource Definiation for the VM Template
 source "proxmox-iso" "ubuntu-server-jammy" {
- 
+
     # Proxmox Connection Settings
     proxmox_url = "${var.proxmox_api_url}"
     username = "${var.proxmox_api_token_id}"
     token = "${var.proxmox_api_token_secret}"
     # (Optional) Skip TLS Verification
     # insecure_skip_tls_verify = true
-    
+
     # VM General Settings
     node = "your-proxmox-node"
     vm_id = "100"
@@ -58,16 +58,16 @@ source "proxmox-iso" "ubuntu-server-jammy" {
 
     # VM CPU Settings
     cores = "1"
-    
+
     # VM Memory Settings
-    memory = "2048" 
+    memory = "2048"
 
     # VM Network Settings
     network_adapters {
         model = "virtio"
         bridge = "vmbr0"
         firewall = "false"
-    } 
+    }
 
     # VM Cloud-Init Settings
     cloud_init = true
@@ -86,7 +86,7 @@ source "proxmox-iso" "ubuntu-server-jammy" {
     boot_wait = "5s"
 
     # PACKER Autoinstall Settings
-    http_directory = "http" 
+    http_directory = "http"
     # (Optional) Bind IP Address and Port
     # http_bind_address = "0.0.0.0"
     # http_port_min = 8802

packer/proxmox/ubuntu-server-noble/ubuntu-server-noble.pkr.hcl

@@ -18,14 +18,14 @@ variable "proxmox_api_token_secret" {
 
 # Resource Definiation for the VM Template
 source "proxmox-iso" "ubuntu-server-noble" {
- 
+
     # Proxmox Connection Settings
     proxmox_url = "${var.proxmox_api_url}"
     username = "${var.proxmox_api_token_id}"
     token = "${var.proxmox_api_token_secret}"
     # (Optional) Skip TLS Verification
     # insecure_skip_tls_verify = true
-    
+
     # VM General Settings
     node = "your-proxmox-node"
     vm_id = "100"
@@ -58,16 +58,16 @@ source "proxmox-iso" "ubuntu-server-noble" {
 
     # VM CPU Settings
     cores = "1"
-    
+
     # VM Memory Settings
-    memory = "2048" 
+    memory = "2048"
 
     # VM Network Settings
     network_adapters {
         model = "virtio"
         bridge = "vmbr0"
         firewall = "false"
-    } 
+    }
 
     # VM Cloud-Init Settings
     cloud_init = true
@@ -88,7 +88,7 @@ source "proxmox-iso" "ubuntu-server-noble" {
     communicator            = "ssh"
 
     # PACKER Autoinstall Settings
-    http_directory          = "http" 
+    http_directory          = "http"
     # (Optional) Bind IP Address and Port
     # http_bind_address       = "0.0.0.0"
     # http_port_min           = 8802

renovate.json

@@ -78,6 +78,17 @@
         "/^([^/]+\\/)*(mariadb|postgres)(:.+)?$/"
       ]
     },
+    {
+      "description": "Do not match Canonical's Ubuntu version suffix as a compatibility hint",
+      "matchManagers": [
+        "docker-compose",
+        "dockerfile"
+      ],
+      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)(\\.(?<patch>\\d+))?(?:-\\d+(?:\\.\\d+)+_edge)?$",
+      "matchPackageNames": [
+        "/^([^/]+\\/)*ubuntu/bind9(:.+)?$/"
+      ]
+    },
     {
       "description": "Over time Heimdall changed its versioning schema several times, ensure we only consider the current style",
       "matchManagers": [

terraform/civo/query.tf

@@ -2,7 +2,7 @@
 # ---
 # Query commonly used cloud resources from CIVO API
 
-# CIVO Instance Sizes 
+# CIVO Instance Sizes
 data "civo_size" "instance_xsmall" {
     filter {
         key = "name"

terraform/helm/certmanager.tf

@@ -6,7 +6,7 @@ resource "kubernetes_namespace" "certmanager" {
 }
 
 resource "helm_release" "certmanager" {
-    
+
     depends_on = [kubernetes_namespace.certmanager]
 
     name = "certmanager"
@@ -24,8 +24,8 @@ resource "helm_release" "certmanager" {
 
 # (Optional) Create a Time-Sleep for Certificates and Issuer Manifests to deploy later
 # resource "time_sleep" "wait_for_certmanager" {
-# 
+#
 #     depends_on = [helm_release.certmanager]
-# 
+#
 #     create_duration = "10s"
 # }

terraform/helm/traefik.tf

@@ -1,5 +1,5 @@
 resource "kubernetes_namespace" "traefik" {
-    
+
     metadata {
         name = "traefik"
     }
@@ -7,7 +7,7 @@ resource "kubernetes_namespace" "traefik" {
 }
 
 resource "helm_release" "traefik" {
-    
+
     depends_on = [kubernetes_namespace.traefik]
 
     name = "traefik"
@@ -25,7 +25,7 @@ resource "helm_release" "traefik" {
         name  = "ingressClass.isDefaultClass"
         value = "true"
     }
-    
+
     # Default Redirect
     set {
         name  = "ports.web.redirectTo"
@@ -42,5 +42,5 @@ resource "helm_release" "traefik" {
     set {
         name  = "tlsOptions.default.minVersion"
         value = "VersionTLS12"
-    }   
+    }
 }

terraform/kubernetes/provider.tf

@@ -9,7 +9,7 @@ terraform {
     required_providers {
         kubernetes = {
             source = "hashicorp/kubernetes"
-            version = "2.35.1"     
+            version = "2.35.1"
         }
     }
 }

terraform/kubernetes/secret.tf

@@ -1,7 +1,7 @@
 resource "kubernetes_secret" "cloudflare_api_key_secret" {
-  
+
     depends_on = [kubernetes_namespace.your-namespace-object]
-    
+
     metadata {
         name = "cloudflare-api-key-secret"
         namespace = "your-namespace"

terraform/templates/kubernetes-automation-example/certmanager.tf

@@ -7,7 +7,6 @@ resource "kubernetes_namespace" "certmanager" {
     metadata {
         name = "certmanager"
     }
-  
 }
 
 resource "helm_release" "certmanager" {
@@ -26,7 +25,7 @@ resource "helm_release" "certmanager" {
     set {
         name  = "installCRDs"
         value = "true"
-    }    
+    }
 }
 
 resource "time_sleep" "wait_for_certmanager" {

terraform/templates/kubernetes-automation-example/nginx1.tf

@@ -100,7 +100,7 @@ spec:
     name: cloudflare-prod
     kind: ClusterIssuer
   dnsNames:
-  - 'your-domain'   
+  - 'your-domain'
     YAML
 }
 

terraform/templates/kubernetes-automation-example/provider.tf

@@ -13,7 +13,7 @@ terraform {
         }
         kubernetes = {
             source = "hashicorp/kubernetes"
-            version = "2.35.1"     
+            version = "2.35.1"
         }
         kubectl = {
             source = "gavinbunney/kubectl"
@@ -40,7 +40,7 @@ variable "cloudflare_api_key" {
 
 provider "civo" {
     token = var.civo_token
-    
+
     # TODO: (optional) change region to your desired datacenter location
     # ---
     # region = "FRA1"

terraform/templates/kubernetes-automation-example/traefik.tf

@@ -1,7 +1,7 @@
 # Traefik Deployment
 
 resource "kubernetes_namespace" "traefik" {
-    
+
     depends_on = [
         time_sleep.wait_for_kubernetes
     ]
@@ -31,7 +31,7 @@ resource "helm_release" "traefik" {
         name  = "ingressClass.isDefaultClass"
         value = "true"
     }
-    
+
     # Default Redirect
     set {
         name  = "ports.web.redirectTo"