build(deps): bump ghcr.io/0xerr0r/blocky in /kubernetes/system/blocky

Bumps [ghcr.io/0xerr0r/blocky](https://github.com/0xERR0R/blocky) from v0.24 to 0.29.0.
- [Release notes](https://github.com/0xERR0R/blocky/releases)
- [Commits](https://github.com/0xERR0R/blocky/compare/v0.24...v0.29.0)

---
updated-dependencies:
- dependency-name: ghcr.io/0xerr0r/blocky
  dependency-version: 0.29.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/dependabot.yml

@@ -51,6 +51,8 @@ updates:
       - "/kubernetes/personal/notesnook"
       - "/kubernetes/personal/photoprism"
       - "/kubernetes/production/umami"
+      - "/kubernetes/system/blocky"
+      - "/kubernetes/system/coredns"
       - "/kubernetes/system/csi-driver-nfs"
       - "/kubernetes/system/external-dns"
       - "/kubernetes/system/traefik"

docker/home/esphome/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   esphome:
-    image: ghcr.io/esphome/esphome:2026.3.3
+    image: ghcr.io/esphome/esphome:2026.4.3
     ports:
       - "6052"
     networks:

docker/home/n8n/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   n8n:
-    image: docker.n8n.io/n8nio/n8n:2.16.0
+    image: docker.n8n.io/n8nio/n8n:2.18.4
     environment:
       - TZ=Europe/Paris
       - N8N_SECURE_COOKIE=false

docker/infrastructure/mail/stalwart/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   stalwart:
-    image: stalwartlabs/stalwart:v0.15.5
+    image: stalwartlabs/stalwart:v0.16.2
     container_name: stalwart
     networks:
       - default

docker/personal/gramps/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   grampsweb:
     container_name: grampsweb
-    image: ghcr.io/gramps-project/grampsweb:26.4.1
+    image: ghcr.io/gramps-project/grampsweb:26.4.3
     restart: always
     networks:
       - default
@@ -31,7 +31,7 @@ services:
 
   grampsweb_celery:
     container_name: grampsweb_celery
-    image: ghcr.io/gramps-project/grampsweb:26.4.1
+    image: ghcr.io/gramps-project/grampsweb:26.4.3
     restart: always
     environment:
       - GRAMPSWEB_TREE="Gramps Web"  # will create a new tree if not exists

docker/personal/media/films-series/jackett/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   jackett:
     container_name: jackett
-    image: ghcr.io/hotio/jackett:release-v0.24.1577
+    image: ghcr.io/hotio/jackett:release-v0.24.1789
     ports:
       - "9117"
     networks:

docker/personal/media/films-series/jellyfin/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   jellyfin:
-    image: jellyfin/jellyfin:2026041305
+    image: jellyfin/jellyfin:2026042706
     container_name: jellyfin
     networks:
       - default

docker/personal/paperless/docker-compose.yml

@@ -16,7 +16,7 @@ services:
       POSTGRES_DB: paperless
 
   paperless-webserver:
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.13
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.15
     restart: unless-stopped
     networks:
       - default

docker/personal/radicale/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   radicale:
-    image: tomsquest/docker-radicale:3.6.1.0
+    image: tomsquest/docker-radicale:3.7.1.0
     container_name: radicale
     ports:
       - 5232

docker/personal/tandoor/docker-compose.yml

@@ -9,7 +9,7 @@ services:
 
   web_recipes:
     restart: always
-    image: vabene1111/recipes:2.6.6
+    image: vabene1111/recipes:2.6.9
     networks:
       - default
       - proxy

docker/production/buildpath/.env

@@ -1,17 +1,18 @@
-ME_CONFIG_MONGODB_ADMINUSERNAME=ENC[AES256_GCM,data:FdAhZA==,iv:YXd83wy5lKSybwYdmhXA2DwbVnffX/6R7gn3doDnI1E=,tag:BLYvP9IFNky37COZOgyJvw==,type:str]
-ME_CONFIG_MONGODB_ADMINPASSWORD=ENC[AES256_GCM,data:uvZn2q5dpbc=,iv:4ExRNf2gYK1W/VMKrcXNO5kPKjJmxml1uj44j643mvw=,tag:Xf2wKugbuOU3GlPYlLttIg==,type:str]
-ME_CONFIG_MONGODB_URL=ENC[AES256_GCM,data:porEOpLQZF2J5pvRaktvnoh76MhfjBZ3PN8dNwhNAfKs8ipO,iv:7kl+7+C1MaOGM0Gu0jzJEp1Wvl/xz0i5oW5U8EACMKs=,tag:3+xIM62x+2HMA1AggM4mww==,type:str]
-ME_CONFIG_BASICAUTH=ENC[AES256_GCM,data:lxxYUfK5cA==,iv:hbw6UUCxTZ9h+XJd0Wesz5T3L5MkBc+JA0SNUogtsOE=,tag:gCyyA6hOIcIvs+HyeqKs/A==,type:str]
-MONGO_USER=ENC[AES256_GCM,data:osGR9w==,iv:648Yv0sPTvq95q0jcRWSD14HZr6tN2I4ffw/STe38xY=,tag:rVK7sBlAuhsisPPyfnIPMg==,type:str]
-MONGO_PASS=ENC[AES256_GCM,data:2SloANMJ1mQ=,iv:PK2LyBfivEH1EjtRk76BPlnLXfAykC/F40skCeoK7NQ=,tag:JEZXKe4gNj36yLX5wlW5tQ==,type:str]
-MONGO_HOST=ENC[AES256_GCM,data:fwvt86U=,iv:YJam2joeQkaVCFUPpc7sPw6ucHpTauiJzC754VsgLPY=,tag:nUQVmxsYbmhlWwz01kHpsw==,type:str]
-MONGO_INITDB_ROOT_USERNAME=ENC[AES256_GCM,data:dSNu/Q==,iv:jJYxTZw06/npxgw5zaS5SSC4LyGzr/TLdu5JdDUtqFQ=,tag:d+q5DLS6AHakPnk9089XpQ==,type:str]
-MONGO_INITDB_ROOT_PASSWORD=ENC[AES256_GCM,data:uD3YRK4xCx8=,iv:jJVjuUBfDuiWa23UGa/n2z0uAkbr4N6Zo9Ee45R1tTs=,tag:RBn0jse9u795RHNc09cBqA==,type:str]
-RIOT_API_KEY=ENC[AES256_GCM,data:E+w0JQlYW7Bjn2wwnkb0hlYmq3ZteS2LB4NWo2l/o+30+uOTAYzpeDgy,iv:xPZmat+pexxgYxqlkBLlD6sorxRpPlBcwMbo8QDFwjg=,tag:5Loj4AGmr13HGKyVbDozqg==,type:str]
-sops_lastmodified=2025-12-31T13:08:07Z
-sops_mac=ENC[AES256_GCM,data:h+aeLcXC3s8gcIlwrU7fHwGIkp1caqMqJcQLdQmFnrtlP9gmx1iOZlZo8yRC8m+imIezhLfjI0yfHdPjyfxw9KTeNoCjNRKyDGfDhbHr0vfPQsrifjeaZj477634WA8MVcL8HrfVwZIHjh+I3fcgVI0kFbcI8/3lkEws/T4oD70=,iv:lc8ltcjngeHueLgXee539iIpIMjvcJpUAec1TGmJuY0=,tag:FkwHdQ0C4QxObEQFL6aefg==,type:str]
-sops_pgp__list_0__map_created_at=2025-12-31T13:08:07Z
-sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA7uy4qQr71wiAQ/+LVciLRpDVh/AlYawgSfwVs8ltal1+3MCHYhdwjFAggJ8\ng6twtj4szAVR7UbT0Qh2hP+my7KLLN1K+Rv/jnsXPhOFo0o8AB0Un+hCFB1i+KLd\ni6cWbv+jCqxRALf98TYe0xDMIfoPKXaIYjV2qlYmGWe3/Sd2+7KbwAKZCehZD1jV\nh21YVeVn7dlv3zPAp5mpH+6yPMp3ZSTAYa8MkUnnS3cUWlWSMHsGwlA9CUvJtKaz\ndkW6n90zEGJrfb6ATH2dPJawWNOp0q/Gcx2uci4Ro09U1jOK7ugSDWxjGOuV9TAL\nYsRYz7LH5yOLpz9HlrZH882SJWZS9xoEV8jOZN1I3NmtJY1KsgAW3BFEsbCA58Q5\nTZFKhH7XK9FW4NbRzHYxHCCZSfGtBCQyUpusGALXnQmkKHJ4MlnrxH9yBX7Go8ph\nCqQ7gvBmNjUZrgp+VWb8+ziDCfYbZDADV4cva4STcjnmFxRiFO1xvYEJpEo2H1gK\nQcMsOruazL3UGkZxWh2Od7bi1K+2Io/TNSKMTboTqgJAOcMO4Ssxn59yYhfDdS2i\n8/mlv4ADPOL4be1400/Tp33QpPnRojyJAM9b8IdJ6ahevVGjGuKPuvrzDs8lYwht\n6eKrbV3mHBv5ZUvSmeTOIwxE8moePDEkUrr3HCfxaaJcMrcjgSkGhCCN4KHbj8TS\nXgFGOX7/BZNOR1SyfBY1gc30Vdy3d7513Gpfcuwsd7Rc+0Ue+p4ysA3dBp+KWhVO\nPkfwdiVFOOvEPoUoanyUqMlvj3ENabNNmHc8jZ23FRxtlfbcyecTT+uckRXgvpU=\n=5/Ac\n-----END PGP MESSAGE-----
+ME_CONFIG_MONGODB_ADMINUSERNAME=ENC[AES256_GCM,data:AHXIMA==,iv:trofFagJGNq5OyWDaN57vPpKwwG3SouiV5xLl5sJIBA=,tag:c1NUlmBouEb0Milri85QNw==,type:str]
+ME_CONFIG_MONGODB_ADMINPASSWORD=ENC[AES256_GCM,data:8X6+SphUNus=,iv:zwofVw03pToXHR6weckniT/fymFYeHZw6lVmrGUsnLc=,tag:lEWtnnqpwamNsCnkStsRfQ==,type:str]
+ME_CONFIG_MONGODB_URL=ENC[AES256_GCM,data:3xLFWhRYU/EfhRw+rOs9pOb+nzsbV9IvQydB4VGZGw/WLkQd,iv:T9T6ewB+05qzFDL7z2WESs6fIc9lTFdjVxy/71YzhXo=,tag:S3YsOokO4jzhJVWep/QTsQ==,type:str]
+ME_CONFIG_BASICAUTH=ENC[AES256_GCM,data:FnUichsnpQ==,iv:Ayw1Vqg5rj6P79vtERX2hRCttnol/4aNUG5Y0OhFVTo=,tag:JkTxro0kyYJLr9gdkY8A1Q==,type:str]
+MONGO_USER=ENC[AES256_GCM,data:2KFDcg==,iv:wdDxrQd07+hC5GEq1DS0DLVASiL9L4ds1V3TG1NA9EQ=,tag:gieiOLmOfLtUQjfjwZg6qQ==,type:str]
+MONGO_PASS=ENC[AES256_GCM,data:W80YLzp8G50=,iv:eFts3fhrB9PGEfC69d8btt4ko3gcOGrFZUy95hx2rCE=,tag:+1JFEiclNnjei8+2I42j6w==,type:str]
+MONGO_HOST=ENC[AES256_GCM,data:0RknYUM=,iv:8QyL4KHrSr9pv1kX+FD09N2ltVSZkEKqtFCS30ik1v0=,tag:bTXBMHqp5JU9VTD3soXEyQ==,type:str]
+MONGO_INITDB_ROOT_USERNAME=ENC[AES256_GCM,data:G6wekw==,iv:AH5qqxXOeEBVI2mXXPPrC1X8X/Vq5MHZBWdfNRNeK1c=,tag:nMkWql/aVHi2FGnJ5NGFBQ==,type:str]
+MONGO_INITDB_ROOT_PASSWORD=ENC[AES256_GCM,data:jzVSUjGSjOY=,iv:S/Ar0oYN2vSE7pK+/tfp9RyCThtDbk0gOUYDyzNYjVE=,tag:whWyBFHuXBcmF+WixjafOw==,type:str]
+RIOT_API_KEY=ENC[AES256_GCM,data:EzqWk1Y73htAXaUJhzByV6Aru/hxUNjHGK90ac1NGaz92Cwk9YEdmrb9,iv:KorIppEflVX2aDC8K3ndRzK1q6scNjdQfl38p/8fLGM=,tag:Ei2zLoiGOlOX8ocrO2wNMw==,type:str]
+CDRAGON_CACHE_DIR=ENC[AES256_GCM,data:uMogP1/K/pc=,iv:/0A8fs9HEuksSiKV1SZDoslHHGlJe+vFw0BQ5zQ9BBA=,tag:grwWPwMQarpmSAUIgKDZ5Q==,type:str]
+sops_lastmodified=2026-04-30T18:20:37Z
+sops_mac=ENC[AES256_GCM,data:7teYIGLLHBH8TJ/gr3lcbtfo4CVl0Gj2RWPSLgx4AyTvM+pZaSvUDaVUhWuprSCVqZcDWI2tNHUOHE4aYlJzyt9JfQrooKLPkKUq3WX3bucg3Rv5GpiP1tNHiPDE7UZCBp5bkHhYvwn+dPjhObEUdMUuwMBDA9JSpPlr3YQCg/E=,iv:6knBO6QNe33E2bJw5WZMzcDzeTW9mwgjQtftv0FZq8s=,tag:xuIKZl7szrUyX8/D9xxAmA==,type:str]
+sops_pgp__list_0__map_created_at=2026-04-30T18:20:33Z
+sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMA7uy4qQr71wiARAAufkTVdCq2ARwMFuec9+0N1BzTo7WgGQhzKIJehe+uQ5I\nuPS5bafo5vrvxlCuxVmhup45CS3gm3X46hgHh/d3htaYzDnbyh/awbVGIhU9sa9T\n74i4jZAabzWjWAU8lAvxS6dJ6hf5U3MHOc1zYoCUfCJjgw+QRzR5PxZKFhpVklQU\nQJycdfRAl5oAqF7N6B7oCNTs7w1hbx2CJXBVGM8YoJySkThpXEY3dECxZ5nTSPmp\nXo3hmidO09uYsjWzcqynJHnh9RkMd1VAe6ULzhVIOv5KLXQLQV/paNAPdsxA5UmY\nE1imIFrqS25BVU9xbsGaPj6AHX6+Ux8bpO8TOVbpULe56Aq2c5GOjIZXb3p20K7N\nEk5rJ/K+8FxvytK3jDkhJI49wiDs9UDim02DSZmsWirIy/c02Ojy2d/Cxors1Lw/\nBCc4S6/ESH9u/LGlWs8WDqcDQqhHgeCvGOLAvOXs9eOCXNW2ROtNdfW808APbu1A\nzgYJwPtdfBhUv4KhZcEVMldWgX1OiYhcWMWYgJUXcfOwaRbzntZ/MczPNJ/a+57T\nPvH9GuTiwCXn0fOgcETTp9RPvXflL+4LPgh9drCOo4zwMvlqZs2+0Os2m8GDdDcL\nD45VMTsnNUXWuO7YUdtYX47bON2W6Z7NwzvkSr5odogzq1xw38SgRN7g3Jbl6+fS\nXAH/Rw8jWjpYztZ5HgDXisTxLEXqn5UNYKZBjzsLV5tE9GQp8ppck21igBiDCqoT\nsziZwFyRy/nKq076lZlRgSFr0pm4168u7Vn5x1TLQBHl+i0eKficgUQpwCFx\n=XUsx\n-----END PGP MESSAGE-----
 sops_pgp__list_0__map_fp=DC6910268E657FF70BA7EC289974494E76938DDC
 sops_unencrypted_suffix=_unencrypted
 sops_version=3.10.2

docker/production/buildpath/docker-compose.yml

@@ -9,21 +9,11 @@ services:
       - bpmongo_config:/data/configdb:Z
     env_file: .env
 
-  patch_detector:
-    image: git.vhaudiquet.fr/vhaudiquet/lolstats-patch_detector:19a9226dac338f705a44a386965421b7ef1b3178
-    build: ./patch_detector
-    restart: "no"
-    deploy:
-      restart_policy:
-        condition: any
-        delay: '0'
-        window: 10s
-    env_file: .env
-
-
   match_collector:
-    image: git.vhaudiquet.fr/vhaudiquet/lolstats-match_collector:19a9226dac338f705a44a386965421b7ef1b3178
+    image: git.vhaudiquet.fr/vhaudiquet/lolstats-match_collector:ee32060a7f05bd963bed4337369e146ba6313d64
     build: ./match_collector
+    volumes:
+      - bpcdragon_cache:/cdragon
     restart: "no"
     deploy:
       restart_policy:
@@ -33,9 +23,11 @@ services:
     env_file: .env
 
   frontend:
-    image: git.vhaudiquet.fr/vhaudiquet/lolstats-frontend:19a9226dac338f705a44a386965421b7ef1b3178
+    image: git.vhaudiquet.fr/vhaudiquet/lolstats-frontend:ee32060a7f05bd963bed4337369e146ba6313d64
     build: ./frontend
     restart: always
+    volumes:
+      - bpcdragon_cache:/cdragon
     networks:
       - default
       - proxy
@@ -50,6 +42,7 @@ services:
 volumes:
   bpmongo_data:
   bpmongo_config:
+  bpcdragon_cache:
 
 networks:
   proxy:

infra/r740/proxmox/kube.tf

@@ -83,6 +83,12 @@ resource "proxmox_virtual_environment_vm" "kube" {
     vlan_id = 2
   }
 
+  network_device {
+    bridge = "vmbr0"
+    model = "virtio"
+    vlan_id = 2
+  }
+
   operating_system {
     type = "l26"
   }

kubernetes/home/zigbee2mqtt/values.yaml

@@ -6,6 +6,8 @@ ingress:
           paths:
             - path: /
               pathType: Prefix
+service:
+    type: ClusterIP
 statefulset:
     securityContext:
         privileged: false
@@ -33,35 +35,36 @@ zigbee2mqtt:
     external_converters: []
     mqtt:
         server: mqtt://mqtt.lan:1883
-        user: ENC[AES256_GCM,data:y38nWA==,iv:j0eEQfRb8EFjFgQtAUDnC+SFG5GntgcY9DoI+pQATFE=,tag:i+QSvlWadDq4pLJGLo9mGg==,type:str]
-        password: ENC[AES256_GCM,data:kOJPLKGkuPMlcA==,iv:ecOCgqScF7StVOgb1+khzZDgpAM/WRbSn0iJDMcSnoc=,tag:T39fKp/eDMeMb5XEm+/j3w==,type:str]
+        user: ENC[AES256_GCM,data:8chGUA==,iv:SOAuBYShpWbza3idtyqFoVIFstZFM34OPDN4uhAer0Y=,tag:WPoH80VcUGLy5Uq/z8EtaQ==,type:str]
+        password: ENC[AES256_GCM,data:XVcTzQ3pDvPKbw==,iv:TK5qHq2yMTWgzcOPvj0GO7tOOD4PHvKMWfd3p4T8LuM=,tag:GJpKQWpVhwrewX4+9NITfQ==,type:str]
+        base_topic: z2m
     serial:
         port: tcp://10.1.1.159:6638
         baudrate: 115200
         rtscts: false
         adapter: ember
 sops:
-    lastmodified: "2026-04-04T23:00:45Z"
-    mac: ENC[AES256_GCM,data:a095DCVFoM6HPGbZSZjysbVhhUBcQtNh1sZYPLHKqhjI65TEAZbPqXUJeB1raqqBTmXr/0hZysx7/O7tqN/h+Gv0/pJTP3yAbXEArp9Soc9tmRBwJeaYMmm9+9s9QSvsCsiFnmVmp0ihYRbag35aXVcl2INDV7ilqVZnXOsThi0=,iv:y3ASd047iwdbJ0F9bLkSpV8uDRvzUFZIa7FV6AbLDH4=,tag:1wBNjiPukFK4xon0FHYkhw==,type:str]
+    lastmodified: "2026-05-02T10:26:20Z"
+    mac: ENC[AES256_GCM,data:32zZ0bYrgn+zTz8DEOU1N8MgDrihzWyMsV9q2m5RhFHRvXFuq3Z2GTORlUTeuK5qZIUrZt22VskigGAQiKC2CdzsJTcO3cGPshu5E6gWGBRNob02bXXsMu3TfCKxic/Ek7jE2p9R++a5AKczFZY8SxL7Sv1BZDxozkginDdYR4Q=,iv:VcDKwoPgYxZc8KXYv9oEH2GBqDRAJJxphj6MFLLI8ok=,tag:vPWqcEHoBVvfCoKoN5UiLA==,type:str]
     pgp:
-        - created_at: "2026-04-04T23:00:45Z"
+        - created_at: "2026-05-02T10:26:20Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMA7uy4qQr71wiARAAn1+iFDYCRrqXbgrAJXdw4KfvqEsX8i6ReCeq4+68YhFQ
-            e6rv3yMBoDLNbMRr6AZaTN9XOLqd7jK0H6zobCdkUK89Fxp5fqxvAaaPloebRKu9
-            YnjG28UCbuqcW7P77GaoO+6t53Y3Ya4s/f1OLZ0zAkJDCV3NiADgBB112fG+HtnT
-            WqkH6dENu5X9YP+PbMJ9qHWOqc88gBE4CpwH5R3F2UWRhfKnErdD8MpjNhDsJBuZ
-            +c7K5mTRaYHqe96pEhOg+rPWa+YDpZb/ztpHeEPcWNdepHnSk4N9pw1bDKKORlQU
-            Tuz80ZVz4SOUet+rYUzH0a4f9ktwxCy3m3D1YHW3rbaLUmu4tIPjsbSLU/ZNnkWv
-            RFMZCUXDKqF0NxYyWgF232kXkrYURUHWd9PZLHjyWgp1k+OW0P9TViwYgC4Bq5NO
-            +uQPpWqfYQWqIZwJA3PGmpQ18ngytAkQKaUw8mXH2dUQYXLwa8RT1EYaTEoN8KQd
-            2gtmyxnhmohZgClvXzGq1ByVj4hkFUC6TqI6t8ZI6AQWpHsEKIsP39z9Ci6ipfpb
-            0ySguqykofTTVVqxzkZ2nviyuw7fNQQHtTAw5JyghotsHgBBMeP4TJm+CkrggYAV
-            e9NnrRJpV0R+gPrAyhAOhIzqaPBB/ZbAJrv0yHn1QQsgCzWqCy3ruAFNtP5BK1DS
-            XAG3zRbI+AfVs6pe50306g5tze71efLlH/7Bd17Rqx45rFsiiQyXJHRwQiLtYuQP
-            RJMrImgAdIgKkm8rA5LTDlnFAm2AhJ/LGLUV9Q9eS+JYSJqKMPX+I4iLq9u6
-            =KhGS
+            hQIMA7uy4qQr71wiAQ//fl1m3T6TnQvQ+yG0plOZaRXIGRI/YHiyP9KsK6I6l4c9
+            Y7lUjVcgADbjZYAMv08LFOEyN0/dtTFx2kV1vC5sF4CjxXKfddazKrQFjZQygc56
+            Yn3wiYX2ZMTsc3AnOoUF/evXyDHYMu0l8FwZEupi0cjmgKjVZZsLYScMjLi6h9oO
+            agDUxqZX8d3ikj3LPF1dk/XGP75fHBg7Jfim1RMMrOcpAbRi0H3XU82cr2s9fTS8
+            UtylTk1x3F253YTC0JdvU0UskvzCvVl0Sf8TlkVb2tTJgwf/XnXMTmMeCvbhIj5u
+            bgqIs0y6F0xm8NjhPGV2CtsQuQtLMLb5SxVFj7P4ad/Ekf9TizAJlcPt2u1/25zu
+            x9v/kFnI5XMDIr3eWBJlFUwtImQJ+bO3GTauqwpULIHSa+y3Ux2XMNarKfN1jH3Y
+            RG86rLQSioSA+HdZuZdEvo2ACc5DotC835cnMGMeIuO1Ad/RjvUaptN/p5hvTFMf
+            5t6SoE8gLXH7FZF7IomY0Xs/feztPOvPK76zpKV1Tqqgb7i0GaTFcKKBUxMPklZw
+            XwqOQl36HWz1BSvtYtYYX6/HyuknH4T6tk//J6MrNttnTQ/ZqjrBvl4FEVxTgf1h
+            pFc8fTzNak+VB4MSdALg6Eo5xR57eGHhKgdUMgDAv1JMEP9ikk4/p8/1WHKhpTvS
+            XAG3QSahHWoc9L5A73xFmD66TRUhm8CVKRCAQebB7rXjsxaqgEOl70taQpucrckD
+            624SYxJwG9Uuk4odCQJ6g7T2KCKxsS/NKy6jOqgprkerR6pCfuXg8LDxBkHP
+            =cZ3t
             -----END PGP MESSAGE-----
           fp: DC6910268E657FF70BA7EC289974494E76938DDC
     encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$

kubernetes/personal/photoprism/values.yaml

@@ -1,6 +1,6 @@
 image:
     repository: photoprism/photoprism
-    tag: "251130"
+    tag: "260305"
     pullPolicy: IfNotPresent
 ingress:
     main:
@@ -36,27 +36,27 @@ mariadb:
         repository: bitnamilegacy/mariadb
         tag: 12.0.2-debian-12-r0
 sops:
-    lastmodified: "2025-12-04T23:21:48Z"
-    mac: ENC[AES256_GCM,data:UbrmZVQ9Jcy7/+N9agnQI201d5kp8lIeJ3bBymKpU7ORyYouA+AyllVts3sqWFQhFnbK2Be1IkOY+F9iEvKrjJn6frtd7b1Qz1q8j1COdpQ+h/Ok11yCsaqkVfDr32to7zlf7fHW3YdcEEmYFt/CbbzMM4C4fbxHcgFOlyzrcDk=,iv:iYggVr703vYaZ/bPXZywYOeP6ePTxyGyoLI1jfsbSFE=,tag:Ic8e2mnZD69JAlwiQmeV6A==,type:str]
+    lastmodified: "2026-05-01T22:39:49Z"
+    mac: ENC[AES256_GCM,data:YGVQb50DrFv/ehU+dxsoP/e8ARKVPfr/6c2x1pQbZ7cNiNu7k1Zgt+bEHkkKm+FT44bltL374Jf2HqT/0gvmgMGp/8ukjZ5hRLwbqS1fOKR8SVQ8fp2EId0P7HcRl7Qqr6lF15hKXQ+SPl6KDPvDWKh0pq192W8dP76D7h5aKDw=,iv:c1xytratCfO8V4nkdvxeKT2kWOYHBkwoTc5Ic+yjpWQ=,tag:kdxAidCO1VLPxiwq3eCRxQ==,type:str]
     pgp:
-        - created_at: "2025-12-04T23:21:48Z"
+        - created_at: "2026-05-01T22:39:48Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMA7uy4qQr71wiAQ//XxIcDxmC0y3KzKw6OxM/9Z5HPcdJvfyXaQ7nOIqob4OH
-            1ST3R2R5liDI2XOE0Eb2cLs0LACAih0PycWfju8fLkDeB9ztenxKnCW1DFbUYmpw
-            DXrW/opbGXMLBdPcsoq6GPeWjlNypXepIXGWwgT/+gdxZPKsqxHglauCnVHub/Ki
-            inoFimxvkVaAefFTOazJvFfSfWI04KPSl0PgnwzWna/7rycFDYkidVKjBkmHAGad
-            BFwhXFWi4taKPdNH3/7WBYlOyB+fs7xNPENQP8Fj7/oqF8Vb9pYTpPIGvgXNC/pB
-            0DbtvprxAxKYGODHn5WJIjnUBkYVkq+B8q7ZsjxeFdUfNXU+89f24PSGDe0VKMFf
-            7mJ3cio0uhizslbwtUQvFOC5I7HEjWIFGoulQqDjXXE2ocGlsS8vvW1NYtJGpJx0
-            aYRIRdM5+CM2tSLbZVik3IGqEmnLKNhMtObxFt0UXeoUwzBFNMQLO8zw+Fxy9VEq
-            gzrmNYnnFfx5oiwg7OWmsq7NoXTkhB+VktCb3Bcl3JjJgqalquqmmodThFhU52Ac
-            yRhGhjrBcsXx12BCy6r3Hq6nn9PFjZsBRJvXw2WSsevBghOTWSuXRmaT05aMoiD7
-            y5ia09N4xKvms8/e4qhwpNV/X2Ee4rS3diQFNunxk5aZTPO5kpy704KthDFODnvS
-            XgGcE+XcinmUFJ1RasziSK6RoYMpSK+JaNgpJMyuaz1iQu9Wc9ptnXgEees5qH2g
-            2rA2AzfdcBhZIHWAak2LZuuC9i5O0YGP89idZOjuEaUyGdOHzgB+jQnJ97c4pPE=
-            =wfLM
+            hQIMA7uy4qQr71wiAQ/9F+u/hWM4smi4yqnU7vzRfWwjCuvdtWAR6N4MqiBLFfqr
+            tpzY8UCfaTlfEtwDZWUSN/gzZG56YcMTR6OOrCQ8rkiKYGwuj92Z8LgpcDRBAHeG
+            gYaNG9vRmmzyZpD6K6pSoG8lk7mzB1Tp80me9E7LJTDhAn70cDATLp1wADkD0KF1
+            pq44qPcRaem42kEx6Um1sAy5NiBBxvYqdKPRXLs0q1EyZByxKjlhZi0qasCfe4lJ
+            fsdduUgRi3Td7KvfhQ1e6jjNNMpyZIHbME3Hn18h5PxVd1B3FzzBzSHlaDKBQsYT
+            2cx6VMGVqM4dy+CHkpE+QlAA0EOhS0b/7FwppCgEhlEvbH7uCjq/13vZdKoUIwqt
+            AaHPaf/HX7PipQjoQf7vjfaMjPwCFwqoeK2cVNmgK0j0b2CyjLDDs5xh0SuFt/Ia
+            DviSBGNeIv9Vhm7jhlJH0odFzBmBOkiUyUFV1h/6u2qpjz+H+qAX+5xx/++cGkW6
+            4G69+7NP6JUksSbcvAl6Nk1sRsvTrcRdpmBO42/aUq7nlgOAxk9e0y7INYHe3Ycv
+            N7ZTm7VOuIVopQfl8F2/tOIdJIm6hJfmJ/hdhxbDZKSRiejenU7vgdQgTM+PQ0l7
+            0QVRP1mahh1EqsyqFrrVpv+o7XQsyldb8KCefWMEMGHrot944YTxzfwY3riaPXfS
+            XgESSHvPYIgLIj+6bvvopB5v2q+NwfBciOrZekmWYTkN6cFOizp36JKIOA4Dq6z5
+            0hwGgiPvYsu9WgbWYUY21qO9jvDmjT5Yym5ktbNogckXw3/TusVqPeAkdNIjZNU=
+            =PSUH
             -----END PGP MESSAGE-----
           fp: DC6910268E657FF70BA7EC289974494E76938DDC
     encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$

kubernetes/system/blocky/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: blocky
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+secretGenerator:
+  - name: blocky-values
+    files:
+      - values.yaml=values.yaml
+configurations:
+  - kustomizeconfig.yaml

kubernetes/system/blocky/kustomizeconfig.yaml

@@ -0,0 +1,6 @@
+nameReference:
+  - kind: HelmRepository
+    version: v1
+    fieldSpecs:
+      - path: spec/chart/spec/sourceRef/name
+        kind: HelmRelease

kubernetes/system/blocky/namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: blocky
+  labels:
+    app.kubernetes.io/name: blocky
+    app.kubernetes.io/component: dns

kubernetes/system/blocky/release.yaml

@@ -0,0 +1,19 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: blocky
+  namespace: blocky
+spec:
+  interval: 1m
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: blocky
+        namespace: blocky
+      chart: blocky
+      version: "11.2.1"
+      interval: 1m
+  valuesFrom:
+    - kind: Secret
+      name: blocky-values

kubernetes/system/blocky/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: blocky
+  namespace: blocky
+spec:
+  interval: 1h
+  url: https://k8s-home-lab.github.io/helm-charts/

kubernetes/system/blocky/values.yaml

@@ -0,0 +1,58 @@
+# Default values for blocky (k8s-home-lab chart)
+image:
+    repository: ghcr.io/0xerr0r/blocky
+    tag: 0.29.0
+    pullPolicy: IfNotPresent
+controller:
+    replicas: 1
+    dnsPolicy: ClusterFirst
+env:
+    TZ: Europe/Paris
+service:
+    main:
+        enabled: false
+    dns-tcp:
+        enabled: false
+    dns-udp:
+        enabled: true
+        type: LoadBalancer
+        loadBalancerIP: 10.1.2.148
+        ports:
+            dns:
+                port: 53
+                protocol: UDP
+resources:
+    limits:
+        cpu: 200m
+        memory: 256Mi
+    requests:
+        cpu: 50m
+        memory: 64Mi
+# Full list of options https://github.com/0xERR0R/blocky/blob/v0.18/docs/config.yml
+config: "upstream:\n  default:\n    - 1.1.1.1\n    - 1.0.0.1\n  lan:\n    - coredns.coredns.svc.cluster.local\n\nconditional:\n  mapping:\n    lan: coredns.coredns.svc.cluster.local\n\nblocking:\n  whiteLists:\n    ads:\n      - dealabs.digidip.net\n      - s.click.aliexpress.com\n      - fonts.googleapis.com\n      - fonts.gstatic.com\n      - wl.spotify.com\n      - www.googleadservices.com\n  \n  blackLists:\n    ads:\n      - https://big.oisd.nl/\n      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts\n      - https://adaway.org/hosts.txt\n  \n  clientGroupsBlock:\n    default:\n      - ads\n  \n  blockType: zeroIp\n  blockTTL: 1m\n  refreshPeriod: 4h\n  downloadTimeout: 60s\n\ncaching:\n  minTime: 5m\n  maxTime: 30m\n  prefetching: true\n  prefetchExpires: 2h\n  prefetchThreshold: 5\n\nprometheus:\n  enable: true\n  path: /metrics\n\nport: 53\nhttpPort: 4000\nbootstrapDns: tcp+udp:1.1.1.1\nlogLevel: info\nlogFormat: text\nlogTimestamp: true\n"
+sops:
+    lastmodified: "2026-05-02T13:29:01Z"
+    mac: ENC[AES256_GCM,data:cfgRW7HlYE1MqgT1hiy6ZfGeiGiVbclDKJIELNrEl7DEJcaSKEwZLujBUiNQGZ0eVkY8oGkiPfEF/J0xcBtQBp/JGtKbvdxoJGTYUAZhwpyJ7LIucAXVwyMUM7ahD76jDAwiKLYxwV40Egr5X06FlyAjVZ07S3l3hmrKQzQXgao=,iv:SnkDaDUR+aCVqp61lkjO1IxPxrRc3sdYnHYCaP0Vv8c=,tag:TZdvBSzbKbbRO7FANRmXuw==,type:str]
+    pgp:
+        - created_at: "2026-05-02T13:29:00Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7uy4qQr71wiAQ//TdM8u50xb2DbQ96kgXxgh3iJnKSMnAJxZwch6RRgTDKI
+            R88+IoHRx1jLWN6yVoWumzFyyR04YB/AieZJbECCmW+qoO/fDdfolXohMxYtzus3
+            oTLNXdVHbL4O/SnLu1po8RhUWnIBJ4MCTSsA7JnqX/omdCL2VGhQjCTZye1+zc3q
+            jaFds7tz6ElZYlDtRYx07E+NkeC7UFtJDF5xzg1yoc8y6B1eBl/x5yvY3TJhXjXF
+            wEUV6x6P35ieOforlE8s8oTt89lEe12FRnA8DtvecSaA6rrd1pC7mSq2acVRxooT
+            1CdrUjQMGAFVvAYYFHEcKPaHsnPPOjuIld+eR9HqqluaIVZNPOrdN1NQkZi2q76E
+            rnvxeeBTKhiVdxkOXA9yEkFUGrAr92FJp4CuWYym/ptqxto+/qNoziT8+wCmj+xL
+            GN2tJHwHyPgGoUUYRP70pDsok7bxx4iyZCChrBzfSezkQKKN2bDHAHOjO6/+x9dU
+            V7AJOy/Cg8TDO3kBY1MWghazdbfMPCwMtZa0SCMOZU7w1FpQrG5fi3pEKrpbirSM
+            4v8QApvarzuj+OAHKAJrckMq8ocGPbaUNCC767CniQfGQR0x4/4Ff7UAZ1K0H4eO
+            hm1dzy4RUKXcQMYO7zp/ZXrTL6+uNx8CiXd4sC76yA1GeVCkWKBhUdsQoDXwzAHS
+            XgGR+qzw99Sbsx8IGx+zCgB1Kf/udAyIolzsNDw4sCmGKkzq0FpzjceLtsa2JAqE
+            n1DWl62HGL8JoozMa/4Rd9wWPfjBFcoB19QbqRuMGqg2pEw2sJL3BPSVDWADNFk=
+            =8/Jy
+            -----END PGP MESSAGE-----
+          fp: DC6910268E657FF70BA7EC289974494E76938DDC
+    encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
+    version: 3.10.2

kubernetes/system/cilium/pool.yaml

@@ -5,3 +5,4 @@ metadata:
 spec:
   blocks:
   - cidr: "10.1.2.171/32"
+  - cidr: "10.1.2.148/32"

kubernetes/system/coredns/etcd.yaml

@@ -0,0 +1,79 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: etcd
+  namespace: coredns
+  labels:
+    app.kubernetes.io/name: etcd
+    app.kubernetes.io/component: dns-backend
+spec:
+  serviceName: etcd
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: etcd
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: etcd
+    spec:
+      containers:
+        - name: etcd
+          image: quay.io/coreos/etcd:v3.5.17
+          ports:
+            - containerPort: 2379
+              name: client
+            - containerPort: 2380
+              name: peer
+          env:
+            - name: ETCD_DATA_DIR
+              value: /etcd-data
+            - name: ETCD_LISTEN_CLIENT_URLS
+              value: http://0.0.0.0:2379
+            - name: ETCD_ADVERTISE_CLIENT_URLS
+              value: http://etcd.coredns.svc.cluster.local:2379
+            - name: ETCD_LISTEN_PEER_URLS
+              value: http://0.0.0.0:2380
+            - name: ETCD_INITIAL_ADVERTISE_PEER_URLS
+              value: http://etcd-0.etcd.coredns.svc.cluster.local:2380
+            - name: ETCD_INITIAL_CLUSTER
+              value: etcd-0=http://etcd-0.etcd.coredns.svc.cluster.local:2380
+            - name: ETCD_NAME
+              value: etcd-0
+          resources:
+            limits:
+              cpu: 100m
+              memory: 128Mi
+            requests:
+              cpu: 50m
+              memory: 64Mi
+          volumeMounts:
+            - name: etcd-data
+              mountPath: /etcd-data
+  volumeClaimTemplates:
+    - metadata:
+        name: etcd-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: etcd
+  namespace: coredns
+  labels:
+    app.kubernetes.io/name: etcd
+spec:
+  type: ClusterIP
+  ports:
+    - port: 2379
+      targetPort: 2379
+      name: client
+    - port: 2380
+      targetPort: 2380
+      name: peer
+  selector:
+    app.kubernetes.io/name: etcd

kubernetes/system/coredns/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: coredns
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+  - zone-configmap.yaml
+  - etcd.yaml
+secretGenerator:
+  - name: coredns-values
+    files:
+      - values.yaml=values.yaml
+configurations:
+  - kustomizeconfig.yaml

kubernetes/system/coredns/kustomizeconfig.yaml

@@ -0,0 +1,6 @@
+nameReference:
+  - kind: HelmRepository
+    version: v1
+    fieldSpecs:
+      - path: spec/chart/spec/sourceRef/name
+        kind: HelmRelease

kubernetes/system/coredns/namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: coredns
+  labels:
+    app.kubernetes.io/name: coredns
+    app.kubernetes.io/component: dns

kubernetes/system/coredns/release.yaml

@@ -0,0 +1,19 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: coredns
+  namespace: coredns
+spec:
+  interval: 1m
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: coredns
+        namespace: coredns
+      chart: coredns
+      version: "1.x.x"
+      interval: 1m
+  valuesFrom:
+    - kind: Secret
+      name: coredns-values

kubernetes/system/coredns/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: coredns
+  namespace: coredns
+spec:
+  interval: 1h
+  url: https://coredns.github.io/helm

kubernetes/system/coredns/values.yaml

@@ -0,0 +1,72 @@
+replicaCount: 1
+image:
+    repository: coredns/coredns
+    tag: 1.12.0
+    pullPolicy: IfNotPresent
+resources:
+    limits:
+        cpu: 100m
+        memory: 128Mi
+    requests:
+        cpu: 50m
+        memory: 64Mi
+serviceType: ClusterIP
+service:
+    annotations:
+        io.cilium/lb-ipam-ips: ""
+servers:
+    - zones:
+        - zone: .
+      port: 53
+      plugins:
+        - name: errors
+        - name: health
+          configBlock: lameduck 5s
+        - name: ready
+        - name: etcd
+          parameters: lan
+          configBlock: |-
+            path /skydns
+            endpoint http://etcd.coredns.svc.cluster.local:2379
+        - name: file
+          parameters: /etc/coredns/zones/lan.zone lan
+          configBlock: reload 10s
+        - name: cache
+          parameters: 30
+        - name: loadbalance
+        - name: log
+          configBlock: class error
+extraVolumeMounts:
+    - name: zone-config
+      mountPath: /etc/coredns/zones
+      readOnly: true
+extraVolumes:
+    - name: zone-config
+      configMap:
+        name: coredns-lan-zone
+sops:
+    lastmodified: "2026-05-02T09:18:53Z"
+    mac: ENC[AES256_GCM,data:gu19hSBFBBp516DyevduvKSHh1PAqGfBQQs1H2UdpyHHM5fueUYhJtbJxwvN8BIi9zT2GFIkcefP4VKcI+uD3+pdqpuzr9+T2im9jPj57aS0qFYRbzt7wLwkrYAE/U2fAW1uExfmIEoOKJP9StDvk5fUKnBxyAD5BmO1sc+nifo=,iv:w5Xl1KyfrynR+sHGMlwc0tYNRdI0O5+f5nFuq/R6UFQ=,tag:Gb7CvFP1CWTGkKaC2sHIQQ==,type:str]
+    pgp:
+        - created_at: "2026-05-02T09:18:51Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7uy4qQr71wiARAAw7GQOytNOmyr2inudzYnI1/c5ttiTSGXJC+yXiH1vF8B
+            Rwu6RM/7y2/7NY7h4DeUo7kW8AtgMGsAG0hZ1vIY9NWacSLKfvNyHzHMVxaUgnqe
+            4v62jC2HDLfB+NLe2L6oxKmi6ZtYq1hpEMzPTAVVz5fNCWMsepNAKPGc/yOB3Vm2
+            UzdXS/yIuiG/cWKnGXRnCx3cTZ0ypU6tw5Mxu2dyIn11su/B/T65NfsvZdWJ05gt
+            BGqSddI0pNPD3UmEivKD4zKB34MQFvtohsNLtPDrIzIRG/0Unx1Hzfm6MM1Atj3W
+            gCDkkYI8C5tgXbp7p2WI8WSvX/V6eF6Ueh6C8bMpGvGxIOaTMwfkskS8Anw6TCfj
+            uYVkJ7XYMVtvCILGmSIoSDNChFB0koOoUp2gbTtsWNvOrUQnOHsad55N+BN/5BiP
+            quXHHtluq4cGrZsVprdplz42qalJK9KxlZ6L7ydrJnMTU+E02sHOTJt6iwsI9XM+
+            3ZscNIS4QvGJAb4tzzERaIo7jmRlX/YxKtcePNhV1TQUG3/5yrcMo2XXM8hn9Rk4
+            DEA79wtgnryA4TeqwKMLhIvCXFu5B/nYOtAHj/I4nhKazIVtwSXndboM6WD4xPfM
+            bf4lc4KuvvBu3rx2d2u+DOh3k+ebU9MBONQ3B1WLjOFOe8LUnbGCsN/2KfhRRw7S
+            XgFTna/svDiYYIF7sqpRHKY3qdJ39/GRrhI06QcYQHVGpbpPv9G/4K2K7p2G1fBH
+            zUZqfwLtTvwmpCE8ko+m8WWx5OMouTWiY4GXDGybQCkUa07EfgIkYK8IwqEDwlo=
+            =Ns+9
+            -----END PGP MESSAGE-----
+          fp: DC6910268E657FF70BA7EC289974494E76938DDC
+    encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
+    version: 3.10.2

kubernetes/system/coredns/zone-configmap.yaml

@@ -0,0 +1,67 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-lan-zone
+  namespace: coredns
+  labels:
+    app.kubernetes.io/name: coredns
+    app.kubernetes.io/component: dns-zone
+data:
+  lan.zone: |
+    $ORIGIN lan.
+    @       IN  SOA ns.lan. admin.lan. (
+                    2024010101 ; serial
+                    3600       ; refresh
+                    1800       ; retry
+                    604800     ; expire
+                    86400 )    ; minimum
+            IN  NS  ns.lan.
+    
+    ; Nameserver record
+    ns            IN  A   10.1.2.172
+    
+    ; Static hosts
+    openwrt         IN  A   10.1.1.1
+
+    ; R740 and virtual machines
+    r740            IN  A   10.1.1.223
+    bw-r740         IN  A   10.1.2.233
+    kube-r740       IN  A   10.1.2.171
+    docker-r740     IN  A   10.1.2.212
+    truenas         IN  A   10.1.2.139
+
+    ; PVE
+    pve             IN  A   10.1.2.10
+    docker-homeprod IN  A   10.1.2.12
+
+    ; Ligory
+    pve-ligory      IN  A   10.2.2.10
+    docker-ligory   IN  A   10.2.2.232
+
+    ; IoT
+    c210            IN  A   10.1.1.106
+    elegoo-neptune-4pro IN  A  10.1.1.155
+
+    ; docker-r740 services
+    esphome         IN  A   10.1.2.212
+    excalidraw      IN  A   10.1.2.212
+    gramps          IN  A   10.1.2.212
+    jackett         IN  A   10.1.2.212
+    jellyseerr      IN  A   10.1.2.212
+    mqtt            IN  A   10.1.2.212
+    n8n             IN  A   10.1.2.212
+    obsidian-livesync IN  A   10.1.2.212
+    paperless       IN  A   10.1.2.212
+    proxy           IN  A   10.1.2.212
+    radarr          IN  A   10.1.2.212
+    radicale        IN  A   10.1.2.212
+    sonarr          IN  A   10.1.2.212
+    stirling-pdf    IN  A   10.1.2.212
+    syncthing-valentin IN  A   10.1.2.212
+    tandoor         IN  A   10.1.2.212
+    traefik         IN  A   10.1.2.212
+    transmission    IN  A   10.1.2.212
+    tubearchivist   IN  A   10.1.2.212
+    webmail         IN  A   10.1.2.212
+    wizarr          IN  A   10.1.2.212
+    zigbee2mqtt     IN  A   10.1.2.212