SYS-671 update helm charts and images

.gitlab-ci.yml

@@ -12,7 +12,6 @@ stages:
   - git-pull
   - haproxy-keepalived
   - mariadb-galera
-  - mt-daapd
   - mysqldump
   - mythtv-backend
   - nagios
@@ -29,7 +28,6 @@ stages:
   - udp-nginx-proxy
   - vsftpd
   - weewx
-  - wxcam-upload
 workflow:
   rules:
   - { if: $CI_COMMIT_TAG =~ /^chart-.*/, when: never }
@@ -147,15 +145,6 @@ mariadb-galera:
   only:
     changes: [ images/mariadb-galera/**, lib/**, .image-gitlab-ci.yml ]
 
-mt-daapd:
-  stage: mt-daapd
-  trigger:
-    include:
-    - artifact: .child-mt-daapd.yml
-      job: prepare
-  only:
-    changes: [ images/mt-daapd/**, lib/**, .image-gitlab-ci.yml ]
-
 mysqldump:
   stage: mysqldump
   trigger:
@@ -299,12 +288,3 @@ weewx:
       job: prepare
   only:
     changes: [ images/weewx/**, lib/**, .image-gitlab-ci.yml ]
-
-wxcam-upload:
-  stage: wxcam-upload
-  trigger:
-    include:
-    - artifact: .child-wxcam-upload.yml
-      job: prepare
-  only:
-    changes: [ images/wxcam-upload/**, lib/**, .image-gitlab-ci.yml ]

.image-gitlab-ci.yml

@@ -4,7 +4,7 @@ variables:
   IMAGE: {{ IMAGE }}
   PLATFORMS: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7
   REGISTRY: $REGISTRY_URI/$CI_PROJECT_PATH
-  TRIVY_VERSION: 0.67.2
+  TRIVY_VERSION: 0.68.2
 
 stages:
   - Static Code Analysis
@@ -13,7 +13,7 @@ stages:
   - Security Scan
   - Promote Image
 
-image: docker:29.1.2
+image: docker:29.1.5
 
 .registry_template: &registry_login
   before_script:
@@ -50,11 +50,12 @@ security_scan_trivy:
     TRIVY_FORMAT: json
     TRIVY_IGNORE: >-
       CVE-2023-31484,CVE-2023-45853,
-      CVE-2023-52425,CVE-2024-8176
-      # These are for blacklist image, there's a won't-fix note for zlib1g
+      CVE-2023-52425,CVE-2024-8176,
+      CVE-2026-0861,CVE-2025-8194,CVE-2025-13699,
+      CVE-2025-13836,CVE-2025-40914
+      # Above two rows are for spamassassin under debian trixie
+      # Below were for blacklist image, there's a won't-fix note for zlib1g
       # CVE-2023-31484,CVE-2023-45853
-      # These are for spamassassin under debian bookworm
-      # CVE-2023-52425,CVE-2024-8176
     TRIVY_OUTPUT: gl-container-scanning-report.json
     TRIVY_SEVERITY: HIGH,CRITICAL
     TRIVY_PKG_TYPES: os,library

README.md

@@ -41,7 +41,6 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s
 * Minio object storage with prometheus metrics
 * Pod security policies
 * Automatic certificate issuing/renewal with Letsencrypt
-* PostgreSQL-operator from CrunchyData
 * Grafana with prometheus-based alerting
 
 ### Resource definitions
@@ -53,6 +52,7 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s
 | artifactory | ** | binary repo |
 | gitea | ** | git repo |
 | admin-git | [![](https://img.shields.io/docker/v/instantlinux/git-pull?sort=date)](https://hub.docker.com/r/instantlinux/git-pull "Version badge") | sync git repo across swarm |
+| gitea | ** | self-hosted git repo with many github features |
 | jira | ** | ticket tracking |
 | mariadb-galera | [![](https://img.shields.io/docker/v/instantlinux/mariadb-galera?sort=date)](https://hub.docker.com/r/instantlinux/mariadb-galera "Version badge") | automatic cluster setup|
 | nexus | ** | binary repo with docker registry |
@@ -66,7 +66,7 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s
 | authelia | ** | single-signon multi-factor auth |
 | cloud | ** | nextcloud, private sync like Apple iCloud |
 | data-sync | [![](https://img.shields.io/docker/v/instantlinux/data-sync?sort=date)](https://hub.docker.com/r/instantlinux/data-sync "Version badge") | poor-man's SAN for persistent storage |
-| duplicati | [![](https://img.shields.io/docker/v/instantlinux/duplicati?sort=date)](https://hub.docker.com/r/instantlinux/duplicati "Version badge") | backups |
+| ddclient | [![](https://img.shields.io/docker/v/instantlinux/ddclient?sort=date)](https://hub.docker.com/r/instantlinux/ddclient "Version badge") | Dynamic DNS client |
 | ez-ipupdate | [![](https://img.shields.io/docker/v/instantlinux/ez-ipupdate?sort=date)](https://hub.docker.com/r/instantlinux/ez-ipupdate "Version badge") | Dynamic DNS client |
 | haproxy-keepalived | [![](https://img.shields.io/docker/v/instantlinux/haproxy-keepalived?sort=date)](https://hub.docker.com/r/instantlinux/haproxy-keepalived "Version badge") | load balancer |
 | grafana | ** | monitoring dashboard with prometheus-based alerting |
@@ -78,12 +78,14 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s
 | node-local-dns | ** | caching resolver for reliable pod DNS |
 | nut-upsd | [![](https://img.shields.io/docker/v/instantlinux/nut-upsd?sort=date)](https://hub.docker.com/r/instantlinux/nut-upsd "Version badge") | Network UPS Tools |
 | openldap | [![](https://img.shields.io/docker/v/instantlinux/openldap?sort=date)](https://hub.docker.com/r/instantlinux/openldap "Version badge") | OpenLDAP authentication server |
+| proftpd | [![](https://img.shields.io/docker/v/instantlinux/proftpd?sort=date)](https://hub.docker.com/r/instantlinux/proftpd "Version badge") | FTP server |
 | restic | ** | backups |
 | rsyslogd | [![](https://img.shields.io/docker/v/instantlinux/rsyslogd?sort=date)](https://hub.docker.com/r/instantlinux/rsyslogd "Version badge") | logger in a 13MB image |
 | samba | [![](https://img.shields.io/docker/v/instantlinux/samba?sort=date)](https://hub.docker.com/r/instantlinux/samba "Version badge") | file server |
 | samba-dc | [![](https://img.shields.io/docker/v/instantlinux/samba-dc?sort=date)](https://hub.docker.com/r/instantlinux/samba-dc "Version badge") | Active-Directory compatible domain controller |
 | [secondshot](https://github.com/instantlinux/secondshot) | [![](https://img.shields.io/docker/v/instantlinux/secondshot?sort=date)](https://hub.docker.com/r/instantlinux/secondshot "Version badge") | rsnapshot-based backups |
 | splunk | ** | the free version |
+| vaultwarden | ** | BitWarden-compatible self-hosted backend |
 
 **Email**
 
@@ -94,6 +96,7 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s
 | postfix | [![](https://img.shields.io/docker/v/instantlinux/postfix?sort=date)](https://hub.docker.com/r/instantlinux/postfix "Version badge") | compact general-purpose image in 11MB |
 | postfix-python | [![](https://img.shields.io/docker/v/instantlinux/postfix-python?sort=date)](https://hub.docker.com/r/instantlinux/postfix-python "Version badge") | postfix with spam-control scripts |
 | rainloop | ** | webmail imapd-client server |
+| snappymail | ** | webmail, forked from rainloop imapd-client server |
 | spamassassin | [![](https://img.shields.io/docker/v/instantlinux/spamassassin?sort=date)](https://hub.docker.com/r/instantlinux/spamassassin "Version badge") | spam control daemon |
 
 **Entertainment**
@@ -103,8 +106,8 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s
 | davite | [![](https://img.shields.io/docker/v/instantlinux/davite?sort=date)](https://hub.docker.com/r/instantlinux/davite "Version badge") | party-invites manager like eVite |
 | mt-daapd | [![](https://img.shields.io/docker/v/instantlinux/mt-daapd?sort=date)](https://hub.docker.com/r/instantlinux/mt-daapd "Version badge") | iTunes server |
 | mythtv-backend | [![](https://img.shields.io/docker/v/instantlinux/mythtv-backend?sort=date)](https://hub.docker.com/r/instantlinux/mythtv-backend "Version badge") | MythTV backend |
+| owntone | ** | iTunes server (formerly forked-daapd) |
 | weewx | [![](https://img.shields.io/docker/v/instantlinux/weewx?sort=date)](https://hub.docker.com/r/instantlinux/weewx "Version badge") | Weather station software (Davis VantagePro2 etc.) |
-| wxcam-upload | [![](https://img.shields.io/docker/v/instantlinux/wxcam-upload?sort=date)](https://hub.docker.com/r/instantlinux/wxcam-upload "Version badge") | Upload webcam images to Weather Underground |
 
 ### Credits
 
@@ -120,5 +123,7 @@ Thank you to the following contributors!
 * [Daniel Muller](https://github.com/DanielMuller)
 * [Brian Hechinger](https://github.com/bhechinger)
 * [David Powers](https://github.com/dapowers87)
+* [Alberto Galera](https://github.com/agalera)
+* [Andrew Eacott](https://github.com/andreweacott)
 
 Contents created 2017-25 under [Apache 2.0 License](https://www.apache.org/licenses/LICENSE-2.0) by Rich Braun.

images/blacklist/Dockerfile

@@ -1,8 +1,8 @@
-FROM debian:bookworm-slim
-MAINTAINER Rich Braun <docker@instantlinux.net>
+FROM debian:trixie-slim
 ARG BUILD_DATE
 ARG VCS_REF
-LABEL org.label-schema.build-date=$BUILD_DATE \
+LABEL org.opencontainers.image.authors="Rich Braun docker@instantlinux.net" \
+    org.label-schema.build-date=$BUILD_DATE \
     org.label-schema.license=Apache-2.0 \
     org.label-schema.name=blacklist \
     org.label-schema.vcs-ref=$VCS_REF \
@@ -16,8 +16,7 @@ ENV DEBIAN_FRONTEND=noninteractive \
     DB_USER=blacklister \
     DB_NAME=blacklist \
     DB_HOST=dbhost
-
-ARG RBLDNSD_VERSION=1.0~20210120-2
+ARG RBLDNSD_VERSION=1.0~20210120-3
 
 COPY src/ /root/
 RUN apt-get -yq update && apt-get -y upgrade && \