From 54c3b0a5f3e1b2b36eb65c59dddcce68cd768a65 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Tue, 17 Feb 2026 07:54:34 -0800 Subject: [PATCH] Expanded some CLAUDE.md stuff manualy --- CLAUDE.md | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 6f255b8..90e9652 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -28,16 +28,23 @@ blumeops is Erich Blume's GitOps repository for personal infrastructure, orchest ``` ./docs/ # documentation (Diataxis, Quartz) ./docs/changelog.d/ # towncrier fragments +./.dagger/ # dagger pipelines +./.forgejo/ # forgejo-runner actions and workflows ./mise-tasks/ # scripts via `mise run` ./ansible/playbooks/ # ansible (indri.yml primary) ./ansible/roles/ # indri service roles ./argocd/apps/ # ArgoCD Application definitions ./argocd/manifests/ # k8s manifests per service -./pulumi/ # Pulumi IaC (tailnet ACLs, cloud) +./fly/ # fly.io proxy for public routing +./pulumi/ # Pulumi IaC (tailnet ACLs, dns, cloud) +~/.config/{nvim,fish} # user's shell config, managed by chezmoi ~/code/personal/ # user's projects +~/code/personal/zk # user's Obsidian-sync managed zettelkasten. Potential source for reference data. ~/code/3rd/ # mirrored external projects ~/code/work # FORBIDDEN ``` +Other code paths will be listed via zk-docs, this is just an overview. When you +encounter wiki-links (`[[like-this]]`) it is referring to docs/ cards. ## Service Deployment @@ -47,7 +54,7 @@ Most services run in minikube on indri via ArgoCD (app-of-apps, manual sync). **PR workflow:** 1. Create branch, modify `argocd/manifests//` -2. Push, then `argocd app sync apps` +2. Push. Sync 'apps' app if service definition changed (set --revision to branch). 3. Test on branch: `argocd app set --revision && argocd app sync ` 4. After merge: `argocd app set --revision main && argocd app sync ` @@ -81,6 +88,9 @@ Check tailscale serve: `ssh indri 'tailscale serve status --json'` mise run container-list # show images/tags mise run container-release # tag and build ``` +The goal is to eventually use only locally built containers in all cases, with +full supply chain control via forge.ops.eblu.me repositories, mirroring source +from upstream. ## Third-Party Projects @@ -91,9 +101,16 @@ Ask user to mirror on forge first, then clone to `~/code/3rd//`. ```fish mise run blumeops-tasks # fetch from Todoist, sorted by priority ``` +Most tasks are stored in `./mise-tasks/`. For scripts with any logic or +complexity, use uv run --script 's with explicit dependencies. Complex +workflows with artifacts should become dagger pipelines. Mise tasks are for +development processes and operations - tools for the user or the agent. ## Credentials -Root store is 1Password. Never grab directly - use existing patterns (ansible pre_tasks, external-secrets, scripts with `op` CLI). Warn user before any credential access. +Root store is 1Password. Never grab directly - use existing patterns (ansible +pre_tasks, external-secrets, scripts with `op` CLI). It's ok to use `op item +get` without `--reveal` to explore what secrets are available, however. -Prefer `op read "op://vault/item/field"` over `op item get --fields` to avoid quoting issues with multi-line values. +Prefer `op read "op://vault/item/field"` over `op item get --fields` to avoid +quoting issues with multi-line values.