Polish ringtail NixOS config and add documentation (#208)

## Summary - Fix Super+Return keybinding to launch wezterm in sway - Set fish as default login shell - Remove `initialPassword` (real password already set) - Add 1Password CLI + GUI, chezmoi, and dev tool packages (neovim, eza, fd, fzf, zoxide, starship, atuin, bat, ripgrep) - Add ringtail reference card, update host inventory and reference index - Changelog fragment ## Post-merge deployment - `mise run provision-ringtail` to rebuild NixOS - On ringtail: launch 1Password GUI, enable CLI integration (Settings > Developer > CLI integration) - Chezmoi needs `.chezmoiignore` updates in the dotfiles repo (separate task) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/208
2026-02-18 17:53:47 -08:00 · 2026-02-18 17:53:47 -08:00 · 535f897054
commit 535f897054
parent b76f2314c2
11 changed files with 413 additions and 8 deletions
--- a/mise-tasks/provision-ringtail
+++ b/mise-tasks/provision-ringtail
@ -5,5 +5,27 @@ set -euo pipefail

 export MISE_TASK_OUTPUT=interleave

+# Update flake.lock via Dagger before deploying
+echo "Updating nixos/ringtail/flake.lock..."
+dagger call flake-lock --src=. --flake-path=nixos/ringtail \
+    export --path=nixos/ringtail/flake.lock
+
+if ! git diff --quiet nixos/ringtail/flake.lock; then
+    git add nixos/ringtail/flake.lock
+    echo "flake.lock changed and staged. Commit, push, and re-run."
+    exit 1
+fi
+
+COMMIT=$(git rev-parse HEAD)
+REMOTE_REF=$(git ls-remote origin "$(git rev-parse --abbrev-ref HEAD)" 2>/dev/null | awk '{print $1}')
+
+if [[ "$REMOTE_REF" != "$COMMIT" ]]; then
+    echo "ERROR: Current commit $COMMIT is not pushed to forge."
+    echo "Push your changes first: git push"
+    exit 1
+fi
+
+echo "Deploying commit $COMMIT to ringtail..."
+
 cd ansible
-ansible-playbook playbooks/ringtail.yml "$@"
+ansible-playbook playbooks/ringtail.yml -e "ringtail_commit=$COMMIT" "$@"
--- a/mise-tasks/services-check
+++ b/mise-tasks/services-check
@ -83,6 +83,11 @@ check_http "CV" "https://cv.ops.eblu.me/"
 check_http "Ntfy" "https://ntfy.ops.eblu.me/v1/health"
 check_http "Frigate" "https://nvr.ops.eblu.me/api/version"

+echo ""
+echo "Ringtail (NixOS):"
+check_service "ssh" "ssh -o ConnectTimeout=5 ringtail true"
+check_service "tailscale" "ssh ringtail 'tailscale status --self --json' | jq -e '.Self.Online' > /dev/null"
+
 echo ""
 echo "Public services (via Fly.io):"
 check_http "Docs (public)" "https://docs.eblu.me/"