Mafyuh
diff --git a/.forgejo/workflows/CD.yml b/.forgejo/workflows/CD.yml
@@ -36,71 +36,82 @@ jobs:
         shell: bash
         run: |
           IFS=' ' read -r -a folder_array <<< "${{ steps.detect-changes.outputs.folders }}"
+          hosts=""
+          folders=""
+
           for folder in "${folder_array[@]}"; do
             case $folder in
               actual)
-                target_host="ubu.lan"
+                host="ubu.lan"
                 ;;
               arrs)
-                target_host="arrs.lan"
+                host="arrs.lan"
                 ;;
               arm)
-                target_host="arm.lan"
+                host="arm.lan"
                 ;;
               AI)
-                target_host="ai.lan"
+                host="ai.lan"
                 ;;
               authentik)
-                target_host="auth.lan"
+                host="auth.lan"
                 ;;
               ag-main)
-                target_host="dns.lan"
+                host="dns.lan"
                 ;;
               exporters)
-                target_host="all"
+                host="all"
                 ;;
               grafana)
-                target_host="ubu.lan"
+                host="ubu.lan"
                 ;;
               jellyfin)
-                target_host="jf.lan"
+                host="jf.lan"
                 ;;
               kasm)
-                target_host="kasm.lan"
+                host="kasm.lan"
                 ;;
               netboot)
-                target_host="netboot.lan"
+                host="netboot.lan"
                 ;;
               nexterm)
-                target_host="ubu.lan"
+                host="ubu.lan"
                 ;;
               npm)
-                target_host="npm.lan"
+                host="npm.lan"
                 ;;
               plex)
-                target_host="plex.lan"
+                host="plex.lan"
                 ;;
               paperless)
-                target_host="ubu.lan"
+                host="ubu.lan"
                 ;;
               portainer)
-                target_host="port.lan"
+                host="port.lan"
                 ;;
               runner)
-                target_host="runner.lan"
+                host="runner.lan"
                 ;;
-              # Add cases for other folders/hosts
               *)
                 echo "Unknown folder: $folder"
                 exit 1
                 ;;
             esac
-            echo "Deploying to $target_host for folder $folder"
 
-            echo "target_host=$target_host" >> $GITHUB_ENV
-            echo "folder=$folder" >> $GITHUB_ENV
+            if [ -z "$hosts" ]; then
+              hosts="$host"
+              folders="$folder"
+            else
+              hosts="$hosts,$host"
+              folders="$folders,$folder"
+            fi
           done
 
+          echo "Deploying to hosts: $hosts for folders: $folders"
+
+          echo "target_host=$hosts" >> $GITHUB_ENV
+          echo "folder=$folders" >> $GITHUB_ENV
+
       - name: Get Secrets from Bitwarden
         id: bitwarden-secrets
         uses: https://github.com/bitwarden/sm-action@v2

diff --git a/.github/renovate.json b/.github/renovate.json
@@ -1,7 +1,7 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:base"
+    "config:recommended"
   ],
   "flux": {
     "fileMatch": [
@@ -14,26 +14,39 @@
     ]
   },
   "packageRules": [
-  {
-    "matchPackageNames": ["authentik"],
-    "registryUrls": ["https://charts.goauthentik.io"]
-  },
-  {
-    "matchPackageNames": ["ingress-nginx"],
-    "registryUrls": ["https://kubernetes.github.io/ingress-nginx"]
-  },
-  {
-    "matchPackageNames": ["reflector"],
-    "registryUrls": ["https://emberstack.github.io/helm-charts"]
-  }
-],
+    {
+      "matchPackageNames": [
+        "authentik"
+      ],
+      "registryUrls": [
+        "https://charts.goauthentik.io"
+      ]
+    },
+    {
+      "matchPackageNames": [
+        "ingress-nginx"
+      ],
+      "registryUrls": [
+        "https://kubernetes.github.io/ingress-nginx"
+      ]
+    },
+    {
+      "matchPackageNames": [
+        "reflector"
+      ],
+      "registryUrls": [
+        "https://emberstack.github.io/helm-charts"
+      ]
+    }
+  ],
   "kubernetes": {
     "fileMatch": [
       "(^|/)kubernetes/.+\\.ya?ml$"
     ]
   },
-  "regexManagers": [
+  "customManagers": [
     {
+      "customType": "regex",
       "fileMatch": [
         "(^|/)kubernetes/apps/.+/helmrelease\\.ya?ml$"
       ],

diff --git a/ansible/playbooks/deploy-docker.yml b/ansible/playbooks/deploy-docker.yml
@@ -1,7 +1,7 @@
 - name: Deploy application
-  hosts: "{{ target_host }}"
+  hosts: "{{ target_host.split(',') | join(',') }}"
   vars:
-    repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder }}"
+    repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder.split(',') | join(',') }}"
     secrets_mapping_file: "/home/{{ ansible_user }}/iac/docker/secret-mappings.yml"
   tasks:
     - name: Ensure the repository is up-to-date

diff --git a/docker/AI/docker-compose.yml b/docker/AI/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   ollama:
-    image: ollama/ollama:0.5.9
+    image: ollama/ollama:0.5.10
     container_name: ollama
     restart: unless-stopped
     networks:
@@ -18,7 +18,7 @@ services:
               capabilities: [gpu]
 
   open-webui:
-    image: ghcr.io/open-webui/open-webui:v0.5.11
+    image: ghcr.io/open-webui/open-webui:0.5.12
     container_name: open-webui
     restart: unless-stopped
     networks:

diff --git a/docker/arm/docker-compose.yml b/docker/arm/docker-compose.yml
@@ -133,7 +133,7 @@ services:
     networks:
       - gitea_main
   n8n:
-    image: ghcr.io/n8n-io/n8n:1.79.0
+    image: ghcr.io/n8n-io/n8n:1.79.1
     container_name: n8n
     ports:
       - 5678:5678
@@ -187,7 +187,7 @@ services:
       - postgres
 
   syncthing:
-    image: ghcr.io/linuxserver/syncthing@sha256:c04574ea8538099697d9668a1e3667b9dd91a17f6e4fc3fb6fbe8e52d8ce91ec
+    image: ghcr.io/linuxserver/syncthing@sha256:c112da0ec1025ac250ef5272186eb6d6cf1f2777747288c8c526b4a894b8b1b3
     container_name: syncthing
     hostname: ARM
     environment:

diff --git a/docker/arrs/docker-compose.yml b/docker/arrs/docker-compose.yml
@@ -1,7 +1,7 @@
 ---
 services:
   bazarr:
-    image: ghcr.io/linuxserver/bazarr@sha256:88272d031e268a5d10035e2707fc095417dba9794a7a4a59b51f01e6f9b74f65
+    image: ghcr.io/linuxserver/bazarr@sha256:f25f8d61c5d3d5b963e92cfb6d53930648e995fbd22ff62d3cd8b061282f59c7
     container_name: bazarr
     ports:
       - "6767:6767"
@@ -65,7 +65,7 @@ services:
       - apparmor:unconfined
 
   sonarr:
-    image: ghcr.io/linuxserver/sonarr@sha256:20b81f5054d31f0151be3c5e282a85361cc24b7ffaab67a997bb4379caa8485b
+    image: ghcr.io/linuxserver/sonarr@sha256:28d9dcbc846aed74bd47dc90305e016183443ddc3dfa3e8bcac268fc653a6e5e
     container_name: sonarr
     ports:
       - "8989:8989"
@@ -129,7 +129,7 @@ services:
     restart: unless-stopped
 
   syncthing:
-    image: ghcr.io/linuxserver/syncthing@sha256:c04574ea8538099697d9668a1e3667b9dd91a17f6e4fc3fb6fbe8e52d8ce91ec
+    image: ghcr.io/linuxserver/syncthing@sha256:c112da0ec1025ac250ef5272186eb6d6cf1f2777747288c8c526b4a894b8b1b3
     container_name: syncthing
     hostname: ARRS
     environment:

diff --git a/docker/grafana/docker-compose.yml b/docker/grafana/docker-compose.yml
@@ -40,7 +40,7 @@ services:
       - grafana
 
   loki:
-    image: grafana/loki:3.3.2
+    image: grafana/loki:3.4.2
     container_name: loki
     volumes:
       - /docker/appdata/loki:/etc/loki
@@ -52,7 +52,7 @@ services:
       - grafana
 
   promtail:
-    image: grafana/promtail:3.3.2
+    image: grafana/promtail:3.4.2
     container_name: promtail
     volumes:
       - /var/log:/var/log

diff --git a/docker/jellyfin/docker-compose.yml b/docker/jellyfin/docker-compose.yml
@@ -1,7 +1,7 @@
 ---
 services:
   jellyfin:
-    image: ghcr.io/linuxserver/jellyfin@sha256:229f348800b9e2683d2a37f9fa7300a045a8d777f6fb9a5c7c39542c8a5d4373
+    image: ghcr.io/linuxserver/jellyfin@sha256:7cdcd4b6b60765290af7a2740960ce30c1f5548313ae60f7e23f6995ed4d147e
     container_name: jellyfin
     devices:
       - /dev/dri/renderD129:/dev/dri/renderD129
@@ -23,7 +23,7 @@ services:
       - apparmor:unconfined
 
   makemkv:
-    image: jlesage/makemkv@sha256:ca6d9778b679ea2a51a10592a7756f93acca4f7a7142d787e9959921cd6bc547
+    image: jlesage/makemkv@sha256:c0fa01dabfd36bc72cec432e695132b6c78ae9403bb134e82c452935d3681766
     container_name: makemkv
     ports:
       - 5800:5800
@@ -40,7 +40,7 @@ services:
       - apparmor:unconfined
 
   syncthing:
-    image: ghcr.io/linuxserver/syncthing@sha256:c04574ea8538099697d9668a1e3667b9dd91a17f6e4fc3fb6fbe8e52d8ce91ec
+    image: ghcr.io/linuxserver/syncthing@sha256:c112da0ec1025ac250ef5272186eb6d6cf1f2777747288c8c526b4a894b8b1b3
     container_name: syncthing
     hostname: JF
     environment:

diff --git a/docker/kasm/docker-compose.yml b/docker/kasm/docker-compose.yml
@@ -1,7 +1,7 @@
 ---
 services:
   kasm:
-    image: ghcr.io/linuxserver/kasm@sha256:b93c0d0d67148417db80fb053e4fa36b4c9d83972a88b247d40573ff0267aa63
+    image: ghcr.io/linuxserver/kasm@sha256:5ff0ef8bd7f279cb6806aae9caabe5457eaadd89fb0f02e63ce26dcdac747d10
     container_name: kasm
     privileged: true
     environment:
@@ -24,7 +24,7 @@ services:
 
   minio:
     command: server /data --console-address ":9001"
-    image: minio/minio@sha256:a62e44a7db506b8ed114a44e67b4996c4f1ecca981d9c6e40aa2581334999313
+    image: minio/minio@sha256:640c22768ed5dbc92eacc14502a1b06a1c708fa60431345c78dfc22917062e93
     environment:
       - MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD
       - MINIO_ROOT_USER=mafyuh

diff --git a/docker/netboot/docker-compose.yml b/docker/netboot/docker-compose.yml
@@ -1,7 +1,7 @@
 ---
 services:
   netbootxyz:
-    image: ghcr.io/linuxserver/netbootxyz@sha256:38a0a001182533d929d094bea6de932cded1f9fa52872789121cedc8110d7eab
+    image: ghcr.io/linuxserver/netbootxyz@sha256:dfc1542b3ce301f9cacf68859eb216fd5ffb58b92b0f33efdd181bc3c33906d8
     container_name: netboot
     environment:
       - PUID=1000

diff --git a/docker/plex/docker-compose.yml b/docker/plex/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   plex:
-    image: ghcr.io/linuxserver/plex@sha256:a0a83cc0f305e92d3885fb2b414c7299606427358bb2f0b38d20e0c3e3eeb094
+    image: ghcr.io/linuxserver/plex@sha256:76d2cf7acc05bba64356dc47fa8d061135519f380c86d0a9a46a48c6bb37102e
     container_name: plex
     network_mode: host
     environment:

diff --git a/kubernetes/apps/production/arr/qbitty/deployment.yaml b/kubernetes/apps/production/arr/qbitty/deployment.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: qbitty
-          image: ghcr.io/hotio/qbittorrent@sha256:170e632840122025ebbb4b4a1f88522ed46f79ce0c935784700b9ad31dd6184e
+          image: ghcr.io/hotio/qbittorrent@sha256:43312cb59ec3054d99848481f0913336275b7afa18ef814d2091e0b87509fc23
           imagePullPolicy: IfNotPresent
           env:
             - name: VPN_ENABLED

diff --git a/kubernetes/apps/production/arr/radarr/deployment.yaml b/kubernetes/apps/production/arr/radarr/deployment.yaml