Update docs release to v1.10.0

- Built changelog from towncrier fragments

[skip ci]

CHANGELOG.md

@@ -12,6 +12,45 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 <!-- towncrier release notes start -->
 
+## [v1.10.0] - 2026-02-19
+
+### Features
+
+- Deploy Dex OIDC identity provider on ringtail with Grafana as first SSO client.
+- Added Nix container build for nettest, validating the full nix-container-builder pipeline on ringtail. One git tag now triggers both Dockerfile and Nix workflows — each skips if its build file is absent. Rewrote container-tag-and-release as a typer CLI with --dry-run support. Added container policy.json and registries.conf to ringtail for skopeo.
+- Add NixOS configuration for ringtail (gaming/compute workstation with RTX 4080). Includes declarative disk partitioning via disko, NVIDIA drivers, sway/Wayland desktop, Steam, Tailscale, and Ansible-driven provisioning.
+- Add screen lock, idle timeout, and sleep prevention to ringtail: swaylock locks after 15min, display powers off after 60min, machine never suspends.
+- Systemd Forgejo Actions runner on ringtail (`nix-container-builder` label) for building containers with `nix build` and pushing via `skopeo`. K3s cluster retained for future workloads. 1Password Connect + External Secrets Operator available for k8s secret management.
+
+### Bug Fixes
+
+- Cap detect FPS to 2 and sync motion masks/zones from live config
+- Fix `zk-docs` task to use new path for troubleshooting doc after how-to reorg.
+- Inhibit swayidle lock screen when a fullscreen window is active on ringtail, preventing screen lock during gamepad-only gaming sessions.
+- Make 1Password secret tasks in ringtail playbook idempotent by checking kubectl apply output instead of always reporting changed.
+
+### Infrastructure
+
+- Port Frigate NVR to ringtail k3s with RTX 4080 GPU acceleration (TensorRT/ONNX), replacing the ZMQ-based Apple Silicon detector on indri.
+- Replace Homepage Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile built from upstream v1.10.1. Gives full version control and matches the pattern used by other blumeops services.
+- Port ntfy to a locally built container image from forge mirror source.
+- Port Mosquitto (MQTT) and ntfy to ringtail k3s; retire Apple Silicon Detector from indri.
+- Ringtail post-install: NixOS config (sway with Catppuccin Macchiato theme, fish, 1Password, Steam, LibreWolf, Bluetooth audio, chezmoi, dev tools, nix-ld), Dagger flake-lock pipeline, improved provision-ringtail workflow, services-check integration, and reference documentation.
+- Add ringtail DeviceTags to Pulumi and allow homelab-to-homelab Tailscale SSH for cross-host ansible/management.
+- Update Frigate zone masks from live config and expand alert notifications to cover both Driveway and Driveway_entrance zones.
+- Add Apple Silicon ZMQ detector for Frigate — inference moves from in-pod ONNX CPU to CoreML on indri via ZMQ, using YOLOv9-m model
+- Deploy Tailscale operator on ringtail k3s cluster
+- Upgrade ntfy from v2.11.0 to v2.17.0 and add ntfy and frigate reference docs.
+- Update External Secrets Operator Helm chart from 1.3.1 to 2.0.0 (operator v1.3.2)
+- Upgrade Frigate NVR from 0.16.4 to 0.17.0-rc2 (prerequisite for Apple Silicon ZMQ detector)
+
+### Documentation
+
+- Add Dex OIDC documentation: reference card, federated login explanation, services-check integration, and updated plan.
+- Update services-check and documentation to reflect Frigate, Mosquitto, and ntfy migration from indri minikube to ringtail k3s (PRs #216, #217).
+- Review and fix update-documentation how-to: add missing cache purge step, clean up fragment types table.
+
+
 ## [v1.9.4] - 2026-02-17
 
 ### Documentation

argocd/manifests/docs/deployment.yaml

@@ -22,7 +22,7 @@ spec:
               name: http
           env:
             - name: DOCS_RELEASE_URL
-              value: "https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.9.4/docs-v1.9.4.tar.gz"
+              value: "https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.10.0/docs-v1.10.0.tar.gz"
           resources:
             requests:
               memory: "64Mi"

docs/changelog.d/docs-dex-oidc.doc.md

@@ -1 +0,0 @@
-Add Dex OIDC documentation: reference card, federated login explanation, services-check integration, and updated plan.

docs/changelog.d/feature-dex-oidc.feature.md

@@ -1 +0,0 @@
-Deploy Dex OIDC identity provider on ringtail with Grafana as first SSO client.

docs/changelog.d/feature-frigate-ringtail-gpu.infra.md

@@ -1 +0,0 @@
-Port Frigate NVR to ringtail k3s with RTX 4080 GPU acceleration (TensorRT/ONNX), replacing the ZMQ-based Apple Silicon detector on indri.

docs/changelog.d/feature-homepage-kustomize.infra.md

@@ -1 +0,0 @@
-Replace Homepage Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile built from upstream v1.10.1. Gives full version control and matches the pattern used by other blumeops services.

docs/changelog.d/feature-k3s-ringtail-runner.feature.md

@@ -1 +0,0 @@
-Systemd Forgejo Actions runner on ringtail (`nix-container-builder` label) for building containers with `nix build` and pushing via `skopeo`. K3s cluster retained for future workloads. 1Password Connect + External Secrets Operator available for k8s secret management.

docs/changelog.d/feature-nettest-nix-container.feature.md

@@ -1 +0,0 @@
-Added Nix container build for nettest, validating the full nix-container-builder pipeline on ringtail. One git tag now triggers both Dockerfile and Nix workflows — each skips if its build file is absent. Rewrote container-tag-and-release as a typer CLI with --dry-run support. Added container policy.json and registries.conf to ringtail for skopeo.

docs/changelog.d/feature-ntfy-container.infra.md

@@ -1 +0,0 @@
-Port ntfy to a locally built container image from forge mirror source.

docs/changelog.d/feature-port-mqtt-ntfy-ringtail.infra.md

@@ -1 +0,0 @@
-Port Mosquitto (MQTT) and ntfy to ringtail k3s; retire Apple Silicon Detector from indri.

docs/changelog.d/feature-ringtail-nixos.feature.md

@@ -1 +0,0 @@
-Add NixOS configuration for ringtail (gaming/compute workstation with RTX 4080). Includes declarative disk partitioning via disko, NVIDIA drivers, sway/Wayland desktop, Steam, Tailscale, and Ansible-driven provisioning.

docs/changelog.d/feature-ringtail-nixos.infra.md

@@ -1 +0,0 @@
-Ringtail post-install: NixOS config (sway with Catppuccin Macchiato theme, fish, 1Password, Steam, LibreWolf, Bluetooth audio, chezmoi, dev tools, nix-ld), Dagger flake-lock pipeline, improved provision-ringtail workflow, services-check integration, and reference documentation.

docs/changelog.d/feature-ringtail-screen-lock.feature.md

@@ -1 +0,0 @@
-Add screen lock, idle timeout, and sleep prevention to ringtail: swaylock locks after 15min, display powers off after 60min, machine never suspends.

docs/changelog.d/fix-frigate-detect-fps.bugfix.md

@@ -1 +0,0 @@
-Cap detect FPS to 2 and sync motion masks/zones from live config

docs/changelog.d/fix-ringtail-1password-secrets-idempotent.bugfix.md

@@ -1 +0,0 @@
-Make 1Password secret tasks in ringtail playbook idempotent by checking kubectl apply output instead of always reporting changed.

docs/changelog.d/fix-services-check-ringtail-docs.doc.md

@@ -1 +0,0 @@
-Update services-check and documentation to reflect Frigate, Mosquitto, and ntfy migration from indri minikube to ringtail k3s (PRs #216, #217).

docs/changelog.d/fix-tailscale-ssh-ringtail.infra.md

@@ -1 +0,0 @@
-Add ringtail DeviceTags to Pulumi and allow homelab-to-homelab Tailscale SSH for cross-host ansible/management.

docs/changelog.d/fix-zk-docs.bugfix.md

@@ -1 +0,0 @@
-Fix `zk-docs` task to use new path for troubleshooting doc after how-to reorg.

docs/changelog.d/frigate-update-zones-and-notify.infra.md

@@ -1 +0,0 @@
-Update Frigate zone masks from live config and expand alert notifications to cover both Driveway and Driveway_entrance zones.

docs/changelog.d/frigate-zmq-detector.infra.md

@@ -1 +0,0 @@
-Add Apple Silicon ZMQ detector for Frigate — inference moves from in-pod ONNX CPU to CoreML on indri via ZMQ, using YOLOv9-m model

docs/changelog.d/review-ntfy-v2.17.0.infra.md

@@ -1 +0,0 @@
-Upgrade ntfy from v2.11.0 to v2.17.0 and add ntfy and frigate reference docs.

docs/changelog.d/review-update-documentation-doc.doc.md

@@ -1 +0,0 @@
-Review and fix update-documentation how-to: add missing cache purge step, clean up fragment types table.

docs/changelog.d/sway-inhibit-idle-fullscreen.bugfix.md

@@ -1 +0,0 @@
-Inhibit swayidle lock screen when a fullscreen window is active on ringtail, preventing screen lock during gamepad-only gaming sessions.

docs/changelog.d/tailscale-operator-ringtail.infra.md

@@ -1 +0,0 @@
-Deploy Tailscale operator on ringtail k3s cluster

docs/changelog.d/update-external-secrets-helm-2.0.0.infra.md

@@ -1 +0,0 @@
-Update External Secrets Operator Helm chart from 1.3.1 to 2.0.0 (operator v1.3.2)

docs/changelog.d/upgrade-frigate-0.17.infra.md

@@ -1 +0,0 @@
-Upgrade Frigate NVR from 0.16.4 to 0.17.0-rc2 (prerequisite for Apple Silicon ZMQ detector)