⬆️ Update ghcr.io/linuxserver/syncthing Docker digest to 297efc3

.github/renovate.json

@@ -3,9 +3,6 @@
   "extends": [
     "config:recommended"
   ],
-  "ignorePaths": [
-    "kubernetes/cluster/production/flux-system/gotk-components.yaml"
-  ],
   "flux": {
     "fileMatch": [
       "(^|/)kubernetes/.+\\.ya?ml$"

README.md

@@ -1,7 +1,7 @@
-[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions?workflow=yamllint.yml)
+[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
-[![CD](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions?workflow=CD.yml)
+[![CD](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
-[![Ansible](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/ansible-playbooks.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions?workflow=ansible-playbooks.yml)
+[![Ansible](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/ansible-playbooks.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
-[![Tofu](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/tofu.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions?workflow=tofu.yml)
+[![Tofu](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/tofu.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
 [![Renovate](https://git.mafyuh.dev/renovatebot/renovate/badges/workflows/renovate.yml/badge.svg)](https://git.mafyuh.dev/renovatebot/renovate/actions)
 [![Pulls](https://git.mafyuh.dev/mafyuh/iac/badges/pulls.svg)](https://git.mafyuh.dev/mafyuh/iac/pulls)
 ![Header Image](https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/header_.png)
@@ -72,11 +72,11 @@ Some good references for how I learned this stuff (other than RTM)
 
 ## 🖥️ **Hardware**
 
-| Name        | Device         | CPU             | RAM          | Storage                                      | GPU       | Purpose                          |
+| Name        | Device         | CPU             | RAM          | Storage                                      | Purpose                          |
-|-------------|----------------|-----------------|--------------|----------------------------------------------|-----------|----------------------------------|
+|------------|--------------|----------------|-------------|--------------------------------|--------------------------------|
-| Arc-Ripper  | Optiplex 3050  | Intel i5-6500   | 32 GB DDR4   | 1TB NVMe                                     | Arc A310      | Jellyfin Server, Blu-ray Ripper |
+| Arc-Ripper | Optiplex 3050 | Intel i5-6500  | 32 GB DDR4  | 1TB NVMe                      | Jellyfin Server, Blu-ray Ripper |
-| PVE Node 1  | Custom         | Intel i7-9700K  | 64 GB DDR4   | NVMe for boot and VMs, 4x4TB HDD RaidZ10     | Nvidia 1660 6GB      | Main node with most VMs, NAS    |
+| PVE Node 1 | Custom        | Intel i7-9700K | 64 GB DDR4  | NVMe for boot and VMs, 4x4TB HDD RaidZ10 | Main node with most VMs, NAS   |
-| PVE Node 2  | Custom         | Intel i7-8700K  | 64 GB DDR4   | 1x2TB NVMe                                   | Nvidia 1060 GB      | More VMs                         |
+| PVE Node 2 | Custom        | Intel i7-8700K | 64 GB DDR4  | 1x2TB NVMe                    | More VMs                        |
 
 
 ## 📌 **To-Do**

ansible/playbooks/weekly/apt.yml

@@ -9,7 +9,7 @@
 
     - name: Upgrade all packages
       apt:
-        upgrade: yes
+        upgrade: dist
 
     - name: Remove unnecessary packages
       apt:

docker/AI/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   ollama:
-    image: ollama/ollama:0.5.12
+    image: ollama/ollama:0.5.11
     container_name: ollama
     restart: unless-stopped
     networks:
@@ -18,7 +18,7 @@ services:
               capabilities: [gpu]
 
   open-webui:
-    image: ghcr.io/open-webui/open-webui:0.5.16
+    image: ghcr.io/open-webui/open-webui:0.5.12
     container_name: open-webui
     restart: unless-stopped
     networks:

docker/arm/docker-compose.yml

@@ -186,6 +186,25 @@ services:
     depends_on:
       - postgres
 
+  syncthing:
+    image: ghcr.io/linuxserver/syncthing@sha256:297efc3dc44b2cd55b9dc9702112cfe9cc7e2efecac2f1e7a18c1cbb6aaddbfe
+    container_name: syncthing
+    hostname: ARM
+    environment:
+      - PUID=0
+      - PGID=0
+      - TZ=Etc/UTC
+    volumes:
+      - /home/ubuntu/syncthing/config:/config
+      - /docker/appdata/:/docker/appdata/
+      - /home/ubuntu/:/home/ubuntu/
+    ports:
+      - 8384:8384
+      - 22000:22000/tcp
+      - 22000:22000/udp
+      - 21027:21027/udp
+    restart: unless-stopped
+
   wiki-db:
     image: postgres:15-alpine
     environment:

kubernetes/apps/production/arr/bazarr/deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: bazarr
+    namespace: arr
+    labels:
+        app: bazarr
+spec:
+    replicas: 1
+    selector:
+        matchLabels:
+            app: bazarr
+    template:
+        metadata:
+            labels:
+                app: bazarr
+        spec:
+            securityContext:
+                runAsUser: 65534
+                runAsGroup: 65534
+                fsGroup: 65534
+                fsGroupChangePolicy: OnRootMismatch
+            containers:
+                - name: bazarr
+                  image: ghcr.io/onedr0p/bazarr:rolling@sha256:1c88830f3c51fc2f1230ad7040bcbe30f197449ae93f835448cf516d8b7e5e82
+                  resources:
+                    requests:
+                        memory: 512Mi
+                        cpu: 75m
+                    limits:
+                        memory: 535Mi
+                        cpu: 100m
+                  volumeMounts:
+                    - mountPath: /config
+                      name: bazarr-config
+            volumes:
+                - name: bazarr-config
+                  persistentVolumeClaim:
+                    claimName: bazarr-config
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bazarr-config
+  namespace: arr
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn

kubernetes/apps/production/arr/bazarr/helmrelease.yaml

@@ -1,123 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: &app bazarr
-  namespace: arr
-spec:
-  interval: 15m
-  chart:
-    spec:
-      chart: app-template
-      version: 3.7.1
-      interval: 30m
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    remediation:
-      retries: 3
-
-  values:
-    global:
-      fullnameOverride: *app
-      namespace: arr
-
-    controllers:
-      bazarr:
-        enabled: true
-        type: statefulset
-        annotations:
-          reloader.stakater.com/auto: "true"
-
-        replicas: 1
-
-        statefulset:
-          volumeClaimTemplates:
-            - name: bazarr-config
-              accessMode: ReadWriteOnce
-              size: 1Gi
-              storageClass: longhorn
-              globalMounts:
-                - path: /config
-        
-        pod:
-          securityContext:
-            runAsUser: 1000
-            runAsGroup: &group 1000
-            fsGroup: *group
-            fsGroupChangePolicy: "OnRootMismatch"
-          dnsPolicy: None
-          dnsConfig:
-            nameservers:
-              - 10.43.0.10
-              - 1.1.1.1
-              - 8.8.8.8
-
-        containers:
-          app:
-            image:
-              repository: ghcr.io/onedr0p/bazarr
-              tag: 1.5.1
-              pullPolicy: IfNotPresent
-            env:
-              TZ: "${TZ}"
-              BAZARR__INSTANCE_NAME: *app
-              BAZARR__PORT: &port 6767
-              BAZARR__APPLICATION_URL: "https://bazarr.${LOCAL_DOMAIN}"
-              BAZARR__LOG_LEVEL: info
-
-            probes:
-              liveness:
-                enabled: false
-
-            securityContext:
-              allowPrivilegeEscalation: false
-              capabilities:
-                drop:
-                  - ALL
-
-            resources:
-              requests:
-                cpu: 100m
-                memory: 150Mi
-              limits:
-                memory: 256Mi
-
-    service:
-      app:
-        primary: true
-        controller: bazarr
-        ports:
-          http:
-            port: *port
-
-    ingress:
-      internal:
-        enabled: true
-        className: nginx
-        hosts:
-          - host: "bazarr.${LOCAL_DOMAIN}"
-            paths:
-              - path: /
-                pathType: Prefix
-                service:
-                  identifier: app
-                  port: http
-        tls:
-          - hosts:
-              - "bazarr.${LOCAL_DOMAIN}"
-            secretName: local-mafyuh-dev-production-tls
-
-    persistence:
-      data:
-        enabled: true
-        type: nfs
-        server: "${NAS_IP}"
-        path: /mnt/thePool/thePoolShare
-        globalMounts:
-          - path: /data

kubernetes/apps/production/arr/bazarr/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bazarr
+  namespace: arr
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "bazarr.local.mafyuh.dev"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: headless-bazarr
+                port:
+                  number: 6767
+  tls:
+    - hosts:
+        - "bazarr.local.mafyuh.dev"
+      secretName: local-mafyuh-dev-production-tls

kubernetes/apps/production/arr/bazarr/kustomization.yaml

@@ -1,4 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - helmrelease.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml

kubernetes/apps/production/arr/bazarr/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: headless-bazarr
+  namespace: arr
+spec:
+  selector:
+    app: bazarr
+  ports:
+    - port: 6767
+      targetPort: 6767
+      protocol: TCP
+  type: ClusterIP

kubernetes/apps/production/arr/prowlarr/helmrelease.yaml

@@ -62,7 +62,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/prowlarr
-              tag: 1.31.2.4975
+              tag: 1.30.2.4939
               pullPolicy: IfNotPresent
             env:
               TZ: "${TZ}"

kubernetes/apps/production/reflector/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: reflector
-      version: 9.0.313
+      version: 7.1.288
       sourceRef:
         kind: HelmRepository
         name: reflector-repo

kubernetes/apps/production/reloader/helmrelease.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: reloader
-      version: 1.3.0
+      version: 1.2.1
       interval: 30m
       sourceRef:
         kind: HelmRepository

kubernetes/cluster/production/flux-system/gotk-components.yaml

@@ -1,6 +1,6 @@
 ---
 # This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v2.5.0
+# Flux Version: v2.4.0
 # Components: helm-controller,kustomize-controller,notification-controller,source-controller
 apiVersion: v1
 kind: Namespace
@@ -8,7 +8,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     pod-security.kubernetes.io/warn: restricted
     pod-security.kubernetes.io/warn-version: latest
   name: flux-system
@@ -19,7 +19,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: allow-egress
   namespace: flux-system
 spec:
@@ -39,7 +39,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: allow-scraping
   namespace: flux-system
 spec:
@@ -59,7 +59,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: allow-webhooks
   namespace: flux-system
 spec:
@@ -78,7 +78,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: critical-pods-flux-system
   namespace: flux-system
 spec:
@@ -98,7 +98,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: crd-controller-flux-system
 rules:
 - apiGroups:
@@ -192,7 +192,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: flux-edit-flux-system
@@ -218,7 +218,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-view: "true"
@@ -243,7 +243,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: cluster-reconciler-flux-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -263,7 +263,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: crd-controller-flux-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -298,7 +298,7 @@ metadata:
     app.kubernetes.io/component: helm-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: helmreleases.helm.toolkit.fluxcd.io
 spec:
   group: helm.toolkit.fluxcd.io
@@ -665,11 +665,6 @@ spec:
                       DisableSchemaValidation prevents the Helm install action from validating
                       the values against the JSON Schema.
                     type: boolean
-                  disableTakeOwnership:
-                    description: |-
-                      DisableTakeOwnership disables taking ownership of existing resources
-                      during the Helm install action. Defaults to false.
-                    type: boolean
                   disableWait:
                     description: |-
                       DisableWait disables the waiting for resources to be ready after a Helm
@@ -1084,11 +1079,6 @@ spec:
                       DisableSchemaValidation prevents the Helm upgrade action from validating
                       the values against the JSON Schema.
                     type: boolean
-                  disableTakeOwnership:
-                    description: |-
-                      DisableTakeOwnership disables taking ownership of existing resources
-                      during the Helm upgrade action. Defaults to false.
-                    type: boolean
                   disableWait:
                     description: |-
                       DisableWait disables the waiting for resources to be ready after a Helm
@@ -3993,7 +3983,7 @@ metadata:
     app.kubernetes.io/component: helm-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: helm-controller
   namespace: flux-system
 ---
@@ -4004,7 +3994,7 @@ metadata:
     app.kubernetes.io/component: helm-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     control-plane: controller
   name: helm-controller
   namespace: flux-system
@@ -4043,7 +4033,7 @@ spec:
             resourceFieldRef:
               containerName: manager
               resource: limits.memory
-        image: ghcr.io/fluxcd/helm-controller:v1.2.0
+        image: ghcr.io/fluxcd/helm-controller:v1.1.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -4100,7 +4090,7 @@ metadata:
     app.kubernetes.io/component: kustomize-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: kustomizations.kustomize.toolkit.fluxcd.io
 spec:
   group: kustomize.toolkit.fluxcd.io
@@ -4195,17 +4185,6 @@ spec:
                 required:
                 - provider
                 type: object
-              deletionPolicy:
-                description: |-
-                  DeletionPolicy can be used to control garbage collection when this
-                  Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete',
-                  'Orphan'). 'MirrorPrune' mirrors the Prune field (orphan if false,
-                  delete if true). Defaults to 'MirrorPrune'.
-                enum:
-                - MirrorPrune
-                - Delete
-                - Orphan
-                type: string
               dependsOn:
                 description: |-
                   DependsOn may contain a meta.NamespacedObjectReference slice
@@ -4233,42 +4212,6 @@ spec:
                   Force instructs the controller to recreate resources
                   when patching fails due to an immutable field change.
                 type: boolean
-              healthCheckExprs:
-                description: |-
-                  HealthCheckExprs is a list of healthcheck expressions for evaluating the
-                  health of custom resources using Common Expression Language (CEL).
-                  The expressions are evaluated only when Wait or HealthChecks are specified.
-                items:
-                  description: CustomHealthCheck defines the health check for custom
-                    resources.
-                  properties:
-                    apiVersion:
-                      description: APIVersion of the custom resource under evaluation.
-                      type: string
-                    current:
-                      description: |-
-                        Current is the CEL expression that determines if the status
-                        of the custom resource has reached the desired state.
-                      type: string
-                    failed:
-                      description: |-
-                        Failed is the CEL expression that determines if the status
-                        of the custom resource has failed to reach the desired state.
-                      type: string
-                    inProgress:
-                      description: |-
-                        InProgress is the CEL expression that determines if the status
-                        of the custom resource has not yet reached the desired state.
-                      type: string
-                    kind:
-                      description: Kind of the custom resource under evaluation.
-                      type: string
-                  required:
-                  - apiVersion
-                  - current
-                  - kind
-                  type: object
-                type: array
               healthChecks:
                 description: A list of resources to be included in the health assessment.
                 items:
@@ -4653,14 +4596,6 @@ spec:
                 required:
                 - entries
                 type: object
-              lastAppliedOriginRevision:
-                description: |-
-                  The last successfully applied origin revision.
-                  Equals the origin revision of the applied Artifact from the referenced Source.
-                  Usually present on the Metadata of the applied Artifact and depends on the
-                  Source type, e.g. for OCI it's the value associated with the key
-                  "org.opencontainers.image.revision".
-                type: string
               lastAppliedRevision:
                 description: |-
                   The last successfully applied revision.
@@ -5875,7 +5810,7 @@ metadata:
     app.kubernetes.io/component: kustomize-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: kustomize-controller
   namespace: flux-system
 ---
@@ -5886,7 +5821,7 @@ metadata:
     app.kubernetes.io/component: kustomize-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     control-plane: controller
   name: kustomize-controller
   namespace: flux-system
@@ -5925,7 +5860,7 @@ spec:
             resourceFieldRef:
               containerName: manager
               resource: limits.memory
-        image: ghcr.io/fluxcd/kustomize-controller:v1.5.0
+        image: ghcr.io/fluxcd/kustomize-controller:v1.4.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -5982,7 +5917,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: alerts.notification.toolkit.fluxcd.io
 spec:
   group: notification.toolkit.fluxcd.io
@@ -6536,9 +6471,8 @@ spec:
                 - name
                 type: object
               summary:
-                description: |-
+                description: Summary holds a short description of the impact and affected
-                  Summary holds a short description of the impact and affected cluster.
+                  cluster.
-                  Deprecated: Use EventMetadata instead.
                 maxLength: 255
                 type: string
               suspend:
@@ -6564,7 +6498,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: providers.notification.toolkit.fluxcd.io
 spec:
   group: notification.toolkit.fluxcd.io
@@ -7104,7 +7038,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: receivers.notification.toolkit.fluxcd.io
 spec:
   group: notification.toolkit.fluxcd.io
@@ -7163,16 +7097,6 @@ spec:
                   Secret references.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
-              resourceFilter:
-                description: |-
-                  ResourceFilter is a CEL expression expected to return a boolean that is
-                  evaluated for each resource referenced in the Resources field when a
-                  webhook is received. If the expression returns false then the controller
-                  will not request a reconciliation for the resource.
-                  When the expression is specified the controller will parse it and mark
-                  the object as terminally failed if the expression is invalid or does not
-                  return a boolean.
-                type: string
               resources:
                 description: A list of resources to be notified about changes.
                 items:
@@ -7786,7 +7710,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: notification-controller
   namespace: flux-system
 ---
@@ -7797,7 +7721,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     control-plane: controller
   name: notification-controller
   namespace: flux-system
@@ -7818,7 +7742,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     control-plane: controller
   name: webhook-receiver
   namespace: flux-system
@@ -7839,7 +7763,7 @@ metadata:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     control-plane: controller
   name: notification-controller
   namespace: flux-system
@@ -7877,7 +7801,7 @@ spec:
             resourceFieldRef:
               containerName: manager
               resource: limits.memory
-        image: ghcr.io/fluxcd/notification-controller:v1.5.0
+        image: ghcr.io/fluxcd/notification-controller:v1.4.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -7939,7 +7863,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: buckets.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -8928,7 +8852,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: gitrepositories.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -9030,12 +8954,11 @@ spec:
                 type: string
               provider:
                 description: |-
-                  Provider used for authentication, can be 'azure', 'github', 'generic'.
+                  Provider used for authentication, can be 'azure', 'generic'.
                   When not specified, defaults to 'generic'.
                 enum:
                 - generic
                 - azure
-                - github
                 type: string
               proxySecretRef:
                 description: |-
@@ -10191,7 +10114,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: helmcharts.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -11172,7 +11095,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: helmrepositories.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -12021,7 +11944,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: ocirepositories.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
@@ -12451,7 +12374,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
   name: source-controller
   namespace: flux-system
 ---
@@ -12462,7 +12385,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     control-plane: controller
   name: source-controller
   namespace: flux-system
@@ -12483,7 +12406,7 @@ metadata:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: flux-system
     app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.5.0
+    app.kubernetes.io/version: v2.4.0
     control-plane: controller
   name: source-controller
   namespace: flux-system
@@ -12528,7 +12451,7 @@ spec:
             resourceFieldRef:
               containerName: manager
               resource: limits.memory
-        image: ghcr.io/fluxcd/source-controller:v1.5.0
+        image: ghcr.io/fluxcd/source-controller:v1.4.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

terraform/flux/main.tf

@@ -17,5 +17,9 @@ provider "flux" {
 
 resource "flux_bootstrap_git" "flux" {
   path               = "kubernetes/cluster/production"
-  version            = "v2.5.0"
+  version            = "v2.4.0"
+
+  lifecycle {
+    ignore_changes = all
+  }
 }

terraform/flux/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     flux = {
       source  = "fluxcd/flux"
-      version = "1.5.0"
+      version = "1.4.0"
     }
     bitwarden-secrets = {
       source  = "sebastiaan-dev/bitwarden-secrets"

terraform/main.tf

@@ -30,7 +30,7 @@ terraform {
     }
     flux = {
       source  = "fluxcd/flux"
-      version = "1.5.0"
+      version = "1.4.0"
     }
   }
 }

terraform/proxmox/windows.tf

@@ -3,7 +3,7 @@ resource "proxmox_virtual_environment_vm" "Windows11" {
   node_name = "pve2"
   vm_id     = 250
   tags      = ["tofu"]
-  started   = true
+  started   = false
   bios      = "ovmf"
   machine   = "pc-q35-9.0"