Update docs to reference new Dagger nix build functions

- dagger.md: add build_nix, nix_version, flake_lock to functions table
- build-container-image.md: document Dagger as local nix build option
- build-authentik-container.md: mention Dagger build path
- Mark add-dagger-nix-build card complete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/how-to/authentik/build-authentik-container.md

@@ -16,7 +16,7 @@ Discovered while attempting [[deploy-authentik]]: the deployment references `reg
 
 ## What to Do
 
-1. Verify `containers/authentik/default.nix` builds on ringtail (the Nix builder runs there)
+1. Verify `containers/authentik/default.nix` builds — locally via Dagger (`dagger call build-nix --src=. --container-name=authentik`) or on ringtail (the CI nix builder runs there)
 2. The `ak` entrypoint needs bash (included via `bashInteractive`) and orchestrates both `server` and `worker` subcommands
 3. Tag and release: `mise run container-tag-and-release authentik v1.0.0`
 4. Verify the `-nix` tagged image appears in the registry

docs/how-to/deployment/build-container-image.md

@@ -1,6 +1,6 @@
 ---
 title: Build Container Image
-modified: 2026-02-19
+modified: 2026-02-20
 last-reviewed: 2026-02-15
 tags:
   - how-to
@@ -38,7 +38,13 @@ A container can have one or both build files. The directory name becomes the ima
 dagger call build --src=. --container-name=<name>
 ```
 
-**Nix** — test with nix-build (requires nix, e.g. on [[ringtail]]):
+**Nix** — test with Dagger (no local nix required):
+
+```bash
+dagger call build-nix --src=. --container-name=<name> export --path=./<name>.tar.gz
+```
+
+Or with nix-build directly (requires nix, e.g. on [[ringtail]]):
 
 ```bash
 nix-build containers/<name>/default.nix -o result

docs/how-to/zot/add-dagger-nix-build.md

@@ -1,7 +1,7 @@
 ---
 title: Add Dagger Nix Build Function
 modified: 2026-02-20
-status: active
+status:
 tags:
   - how-to
   - containers

docs/reference/tools/dagger.md

@@ -1,6 +1,6 @@
 ---
 title: Dagger
-modified: 2026-02-12
+modified: 2026-02-20
 tags:
   - reference
   - ci-cd
@@ -27,7 +27,10 @@ Build engine for BlumeOps CI/CD pipelines. Replaces shell-based build scripts wi
 |----------|-----------|-------------|
 | `build` | `(src, container_name) → Container` | Build a container from `containers/<name>/Dockerfile` |
 | `publish` | `(src, container_name, version, registry?) → str` | Build and push to registry (default: `registry.ops.eblu.me`) |
+| `build_nix` | `(src, container_name) → File` | Build a nix container from `containers/<name>/default.nix`, return docker-archive tarball |
+| `nix_version` | `(package) → str` | Extract the version of a nixpkgs package |
 | `build_docs` | `(src, version) → File` | Build Quartz docs site, return docs tarball |
+| `flake_lock` | `(src, flake_path?) → File` | Resolve flake inputs, return updated `flake.lock` |
 
 ## CLI Examples
 
@@ -44,6 +47,12 @@ dagger call --interactive build --src=. --container-name=devpi
 # Publish a container to zot
 dagger call publish --src=. --container-name=devpi --version=v1.1.0
 
+# Build a nix container (no local nix required)
+dagger call build-nix --src=. --container-name=nettest export --path=./nettest.tar.gz
+
+# Check a nixpkgs package version
+dagger call nix-version --package=authentik
+
 # Build docs tarball locally
 dagger call build-docs --src=. --version=dev export --path=./docs-dev.tar.gz