bitwarden: bump to 1.35.3, helm chart 2.0.44

roundcube: bump to 1.6.13, helm chart 0.4.8
peertube: bump to 8.0.2, helm chart 0.5.2
2026-02-11 19:44:04 +03:00 · 2026-02-10 11:45:10 +03:00 · 2026-02-03 21:38:56 +03:00 · 2026-01-24 18:49:49 +03:00 · 2026-01-24 11:03:55 +03:00 · 2026-01-10 00:38:39 +03:00
8 changed files with 27 additions and 63 deletions
--- a/inventory/ghp/sample/group_vars/all/versions.yaml
+++ b/inventory/ghp/sample/group_vars/all/versions.yaml
@@ -12,7 +12,7 @@ ceph_csi_rbd_version: 3.8.0
 ceph_csi_cephfs_version: 3.8.0
 # Cert-manager
-cert_manager_version: 1.19.2
+cert_manager_version: 1.19.3
 # External-DNS
 external_dns_version: 9.1.0
@@ -39,12 +39,12 @@ minio_version: 5.0.13
 adguard_version: 2.3.35
 # Bitwarden (aka Vaultwarden)
-bitwarden_version: 2.0.42
+bitwarden_version: 2.0.44
 # Gitea
 gitea_ingress_nginx_version: 4.14.1
 gitea_dns_version: 9.1.0
-gitea_version: 12.4.0
+gitea_version: 12.5.0
 # Gitea Act Runner
 gitea_act_runner_version: 0.1.14
@@ -53,25 +53,25 @@ gitea_act_runner_version: 0.1.14
 harbor_version: 1.12.4
 # Mastodon
-mastodon_version: 6.5.4
+mastodon_version: 6.6.6
 # Nextcloud
-nextcloud_version: 5.0.2
+nextcloud_version: 8.7.0
 # Email
 dovecot_version: 0.1.8
 postfix_version: 0.1.7
-roundcube_version: 0.4.7
+roundcube_version: 0.4.8
-rspamd_version: 0.6.0
+rspamd_version: 0.6.1
 # Pypi server
 pypiserver_version: 2.5.0
 # WikiJS
-wikijs_version: 2.4.1
+wikijs_version: 2.4.3
 # PeerTube
-peertube_version: 0.5.0
+peertube_version: 0.5.2
 # Playmaker android APK repository
 playmaker_version: 0.1.3
--- a/roles/external-ingress-nginx/defaults/main.yaml
+++ b/roles/external-ingress-nginx/defaults/main.yaml
@@ -6,6 +6,7 @@ external_ingress_nginx_default_values:
      use-proxy-protocol: true
      use-forward-headers: true
      compute-full-forward-for: true
      annotations-risk-level: Critical
    publishService:
      enabled: true
    scope:
@@ -17,3 +18,4 @@ external_ingress_nginx_default_values:
    ingressClassResource:
      name: "{{ external_ingress_class }}"
      controllerValue: "k8s.io/{{ external_ingress_class }}"
    allowSnippetAnnotations: true
--- a/roles/gitea/defaults/main.yaml
+++ b/roles/gitea/defaults/main.yaml
@@ -122,6 +122,8 @@ gitea_publish_ingress_nginx_values:
 gitea_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
 gitea_ingress_nginx_default_values:
  controller:
    config:
      annotations-risk-level: Critical
    containerPort:
      ssh: 22
      http: 80
@@ -148,6 +150,7 @@ gitea_ingress_nginx_default_values:
    ingressClassResource:
      name: "{{ gitea_ingress_class }}"
      controllerValue: "k8s.io/{{ gitea_ingress_class }}"
    allowSnippetAnnotations: true
  tcp: 
    22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22"
--- a/roles/internal-ingress-nginx/defaults/main.yaml
+++ b/roles/internal-ingress-nginx/defaults/main.yaml
@@ -1,6 +1,8 @@
 internal_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
 internal_ingress_nginx_default_values:
  controller:
    config:
      annotations-risk-level: Critical
    publishService:
      enabled: true
    scope:
@@ -11,3 +13,4 @@ internal_ingress_nginx_default_values:
    ingressClassResource:
      name: "{{ internal_ingress_class }}"
      controllerValue: "k8s.io/{{ internal_ingress_class }}"
    allowSnippetAnnotations: true
--- a/roles/knot/tasks/main.yaml
+++ b/roles/knot/tasks/main.yaml
@@ -18,7 +18,7 @@
        - "vars"
  tags: knot_vars
- name: Include knot install for {{ ansible_distribution }}
+- name: Include knot install for {{ ansible_facts['distribution'] }}
  include_tasks: "{{ ansible_facts['os_family'] }}.yaml"
 - name: Configure knot
--- a/roles/local-ingress-nginx/defaults/main.yaml
+++ b/roles/local-ingress-nginx/defaults/main.yaml
@@ -1,6 +1,8 @@
 local_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
 local_ingress_nginx_default_values:
  controller:
    config:
      annotations-risk-level: Critical
    publishService:
      enabled: true
    scope:
@@ -11,3 +13,4 @@ local_ingress_nginx_default_values:
    ingressClassResource:
      name: "{{ local_ingress_class }}"
      controllerValue: "k8s.io/{{ local_ingress_class }}"
    allowSnippetAnnotations: true
--- a/roles/nextcloud/defaults/main.yaml
+++ b/roles/nextcloud/defaults/main.yaml
@@ -16,8 +16,8 @@ nextcloud_default_values:
      nginx.ingress.kubernetes.io/server-snippet: |-
        server_tokens off;
        proxy_hide_header X-Powered-By;
-  
+        rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
-        rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+        rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
        location = /.well-known/carddav {
@@ -48,9 +48,7 @@ nextcloud_default_values:
    host: "{{ nextcloud_short_name }}.{{ domain }}"
    username: admin
    password: "{{ nextcloud_admin_pass | default(nextcloud_admin_password) }}"
-    update: 0
+    trustedDomains: ["{{ nextcloud_short_name }}.{{ domain }}"]
    datadir: /var/www/html/data
    tableprefix:
    mail:
      enabled: true
      fromAddress: nextcloud
@@ -112,23 +110,14 @@ nextcloud_default_values:
    database: nextcloud
    user: "{{ nextcloud_db_username }}"
    password: "{{ nextcloud_db_password }}"
  ## Cronjob to execute Nextcloud background tasks
  ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron-jobs
  ##
  cronjob:
    enabled: true
-    schedule: "*/5 * * * *"
+  ## Enable persistence using Persistent Volume Claims
-    annotations: {}
+  ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
-    # Set curl's insecure option if you use e.g. self-signed certificates
+  ##
    curlInsecure: false
    failedJobsHistoryLimit: 1
    successfulJobsHistoryLimit: 1
  service:
    type: ClusterIP
    port: 8080
    loadBalancerIP: nil
  persistence:
    # Nextcloud Data (/var/www/html)
    enabled: true
--- a/roles/peertube/defaults/main.yaml
+++ b/roles/peertube/defaults/main.yaml
@@ -5,9 +5,6 @@ peertube_use_external_db: true
 peertube_short_name: "peertube"
 peertube_default_values:
  replicaCount: 1
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
  configAsCode:
    enabled: true
    config:
@@ -21,33 +18,6 @@ peertube_default_values:
        port: 443
      secrets:
        peertube: '{{ peertube_secret }}'
      rates_limit:
        api:
          # 50 attempts in 10 seconds
          window: 10 seconds
          max: 50
        login:
          # 15 attempts in 5 min
          window: 5 minutes
          max: 15
        signup:
          # 2 attempts in 5 min (only succeeded attempts are taken into account)
          window: 5 minutes
          max: 2
        ask_send_email:
          # 3 attempts in 5 min
          window: 5 minutes
          max: 3
      # Proxies to trust to get real client IP
      # If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
      # If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
      trust_proxy:
        - 'loopback'
        - 'linklocal'
        - 'uniquelocal'
        - '10.0.0.0/8'
        - '172.16.0.0/12'
        - '192.168.0.0/16'
      # Your database name will be database.name OR "peertube"+database.suffix
      database:
        hostname: '{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local'
@@ -89,11 +59,6 @@ peertube_default_values:
      # Instance settings
      instance:
        name: 'GHP PeerTube'
        default_client_route: '/videos/recently-added'
      federation:
        videos:
          federate_unlisted: false
          cleanup_remote_interactions: true
  env:
    - name: PT_INITIAL_ROOT_PASSWORD
@@ -125,4 +90,3 @@ peertube_default_values:
    enabled: true
  postgresql:
    enabled: false
Author	SHA1	Message	Date
ace	2006db6ebb	bitwarden: bump to 1.35.3, helm chart 2.0.44	2026-02-11 19:44:04 +03:00
ace	408dfdb3b4	roundcube: bump to 1.6.13, helm chart 0.4.8	2026-02-10 11:45:10 +03:00
ace	bcfbee9bd5	peertube: bump to 8.0.2, helm chart 0.5.2 mastodon: bump to v4.5.6, helm chart 6.6.6 cert-manager: bump to 1.19.3, helm chart 1.19.3	2026-02-03 21:38:56 +03:00
ace	c94cffac8f	knot: minor cosmetic fix	2026-01-24 18:49:49 +03:00
ace	c3261e90c9	gitea: bump to 1.25.4, helm chart 12.5.0	2026-01-24 11:03:55 +03:00
ace	352839afa1	bitwarden: bump to 1.35.2, helm chart 2.0.43	2026-01-10 00:38:39 +03:00
ace	304de44316	rspamd: bump to 3.14.3, helm chart 0.6.1	2026-01-09 11:36:46 +03:00
ace	f03f793f29	wikijs: bump to 2.5.311, helm chart 2.4.3	2026-01-08 23:08:40 +03:00
ace	755abc365e	mastodon: bump to v4.5.4, helm chart 6.6.4 wikijs: bump to 2.5.310, helm chart 2.4.2	2026-01-08 00:21:50 +03:00
ace	5f1de5ce55	peertube: bump to 8.0.1, helm chart 0.5.1	2026-01-06 03:40:52 +03:00
ace	0fe80007e3	mastodon: bump to v4.5.3, helm chart 6.6.3 nextcloud: bump to v32.0.3, helm chart v8.7.0	2026-01-05 17:43:16 +03:00
ace	6321d89bcd	nextcloud: add support for latest nextcloud helm chart 8.7.0 values	2026-01-05 17:42:48 +03:00
ace	bdbdab8383	add annotations-risk-level: Critical and use allowSnippetAnnotations	2026-01-05 17:42:37 +03:00