Update docs release to v1.11.0

- Built changelog from towncrier fragments [skip ci]
2026-02-22 09:16:00 -08:00 · 2026-02-22 09:16:00 -08:00 · 627caeb61f
commit 627caeb61f
parent c427f04ec4
15 changed files with 29 additions and 14 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -12,6 +12,34 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

 <!-- towncrier release notes start -->

+## [v1.11.0] - 2026-02-22
+
+### Features
+
+- Add agent change process (C0/C1/C2) documentation and `docs-mikado` tool for Mikado method dependency chain resolution. Rename `zk-docs` task to `ai-docs`.
+- Deploy Authentik identity provider on ringtail k3s cluster, replacing Dex as the SSO provider. Includes Nix-built container, CNPG database, Redis, and Caddy routing at `authentik.ops.eblu.me`.
+- Integrate Forgejo with Authentik OIDC for single sign-on with group-based admin propagation. Enforce TOTP MFA on Authentik authentication flow.
+- Add Authentik SSO to Jellyfin with admin group mapping
+- Container builds now trigger automatically on merge to main (path-based) and use commit-SHA-based image tags (`vX.Y.Z-<sha>`) for full traceability. The `container-tag-and-release` task is replaced by `container-build-and-release` which dispatches workflows via the Forgejo API. Added pre-commit hook to keep container versions in sync with `service-versions.yaml`.
+- Register Zot as an OIDC client in Authentik via blueprint, with artifact-workloads group, zot-ci service account, and OIDC credentials template for Ansible deployment.
+- Enable OIDC + API key authentication on zot registry with three-tier access control (anonymous read, CI create, admin full). Wire both CI push paths (Dagger and Nix/skopeo) with registry credentials via Forgejo Actions secrets. Allow anonymous Prometheus metrics scraping via `accessControl.metrics.users`.
+
+### Bug Fixes
+
+- Fix frigate-notify notification pipeline: switch to webapi polling, enable dedup, drop events without snapshots, use hi-res snapshots
+
+### Infrastructure
+
+- Add Mikado prereq for commit-based container tagging scheme to harden-zot-registry chain
+- Convert deploy-authentik plan to C2 Mikado chain entry point.
+- Add `flake-update` Dagger pipeline for updating ringtail NixOS flake inputs.
+- Upgrade frigate-notify from v0.3.5 to v0.5.4
+
+### Documentation
+
+- Add deployment plan for Authentik identity provider to replace Dex
+
+
 ## [v1.10.0] - 2026-02-19

 ### Features
--- a/argocd/manifests/docs/deployment.yaml
+++ b/argocd/manifests/docs/deployment.yaml
@ -22,7 +22,7 @@ spec:
              name: http
          env:
            - name: DOCS_RELEASE_URL
-              value: "https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.10.0/docs-v1.10.0.tar.gz"
+              value: "https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.11.0/docs-v1.11.0.tar.gz"
          resources:
            requests:
              memory: "64Mi"
--- a/docs/changelog.d/add-container-versioning-prereq.infra.md
+++ b/docs/changelog.d/add-container-versioning-prereq.infra.md
@ -1 +0,0 @@
-Add Mikado prereq for commit-based container tagging scheme to harden-zot-registry chain
--- a/docs/changelog.d/feature-agent-change-process.feature.md
+++ b/docs/changelog.d/feature-agent-change-process.feature.md
@ -1 +0,0 @@
-Add agent change process (C0/C1/C2) documentation and `docs-mikado` tool for Mikado method dependency chain resolution. Rename `zk-docs` task to `ai-docs`.
--- a/docs/changelog.d/feature-authentik-mikado-chain.infra.md
+++ b/docs/changelog.d/feature-authentik-mikado-chain.infra.md
@ -1 +0,0 @@
-Convert deploy-authentik plan to C2 Mikado chain entry point.
--- a/docs/changelog.d/feature-deploy-authentik.feature.md
+++ b/docs/changelog.d/feature-deploy-authentik.feature.md
@ -1 +0,0 @@
-Deploy Authentik identity provider on ringtail k3s cluster, replacing Dex as the SSO provider. Includes Nix-built container, CNPG database, Redis, and Caddy routing at `authentik.ops.eblu.me`.
--- a/docs/changelog.d/feature-forgejo-authentik-oidc.feature.md
+++ b/docs/changelog.d/feature-forgejo-authentik-oidc.feature.md
@ -1 +0,0 @@
-Integrate Forgejo with Authentik OIDC for single sign-on with group-based admin propagation. Enforce TOTP MFA on Authentik authentication flow.
--- a/docs/changelog.d/feature-jellyfin-authentik-sso.feature.md
+++ b/docs/changelog.d/feature-jellyfin-authentik-sso.feature.md
@ -1 +0,0 @@
-Add Authentik SSO to Jellyfin with admin group mapping
--- a/docs/changelog.d/feature-ringtail-flake-update.infra.md
+++ b/docs/changelog.d/feature-ringtail-flake-update.infra.md
@ -1 +0,0 @@
-Add `flake-update` Dagger pipeline for updating ringtail NixOS flake inputs.
--- a/docs/changelog.d/fix-frigate-notify-config.bugfix.md
+++ b/docs/changelog.d/fix-frigate-notify-config.bugfix.md
@ -1 +0,0 @@
-Fix frigate-notify notification pipeline: switch to webapi polling, enable dedup, drop events without snapshots, use hi-res snapshots
--- a/docs/changelog.d/harden-zot-registry.feature.md
+++ b/docs/changelog.d/harden-zot-registry.feature.md
@ -1 +0,0 @@
-Container builds now trigger automatically on merge to main (path-based) and use commit-SHA-based image tags (`vX.Y.Z-<sha>`) for full traceability. The `container-tag-and-release` task is replaced by `container-build-and-release` which dispatches workflows via the Forgejo API. Added pre-commit hook to keep container versions in sync with `service-versions.yaml`.
--- a/docs/changelog.d/plan-deploy-authentik.doc.md
+++ b/docs/changelog.d/plan-deploy-authentik.doc.md
@ -1 +0,0 @@
-Add deployment plan for Authentik identity provider to replace Dex
--- a/docs/changelog.d/register-zot-oidc-client.feature.md
+++ b/docs/changelog.d/register-zot-oidc-client.feature.md
@ -1 +0,0 @@
-Register Zot as an OIDC client in Authentik via blueprint, with artifact-workloads group, zot-ci service account, and OIDC credentials template for Ansible deployment.
--- a/docs/changelog.d/review-frigate-notify-v0.5.4.infra.md
+++ b/docs/changelog.d/review-frigate-notify-v0.5.4.infra.md
@ -1 +0,0 @@
-Upgrade frigate-notify from v0.3.5 to v0.5.4
--- a/docs/changelog.d/wire-ci-registry-auth.feature.md
+++ b/docs/changelog.d/wire-ci-registry-auth.feature.md
@ -1 +0,0 @@
-Enable OIDC + API key authentication on zot registry with three-tier access control (anonymous read, CI create, admin full). Wire both CI push paths (Dagger and Nix/skopeo) with registry credentials via Forgejo Actions secrets. Allow anonymous Prometheus metrics scraping via `accessControl.metrics.users`.
				`@ -1 +0,0 @@`
				`Add Mikado prereq for commit-based container tagging scheme to harden-zot-registry chain`
				`@ -1 +0,0 @@`
				Add agent change process (C0/C1/C2) documentation and `docs-mikado` tool for Mikado method dependency chain resolution. Rename `zk-docs` task to `ai-docs`.
				`@ -1 +0,0 @@`
				`Convert deploy-authentik plan to C2 Mikado chain entry point.`
				`@ -1 +0,0 @@`
				Deploy Authentik identity provider on ringtail k3s cluster, replacing Dex as the SSO provider. Includes Nix-built container, CNPG database, Redis, and Caddy routing at `authentik.ops.eblu.me`.
				`@ -1 +0,0 @@`
				`Integrate Forgejo with Authentik OIDC for single sign-on with group-based admin propagation. Enforce TOTP MFA on Authentik authentication flow.`
				`@ -1 +0,0 @@`
				`Add Authentik SSO to Jellyfin with admin group mapping`
				`@ -1 +0,0 @@`
				Add `flake-update` Dagger pipeline for updating ringtail NixOS flake inputs.
				`@ -1 +0,0 @@`
				`Fix frigate-notify notification pipeline: switch to webapi polling, enable dedup, drop events without snapshots, use hi-res snapshots`
				`@ -1 +0,0 @@`
				Container builds now trigger automatically on merge to main (path-based) and use commit-SHA-based image tags (`vX.Y.Z-<sha>`) for full traceability. The `container-tag-and-release` task is replaced by `container-build-and-release` which dispatches workflows via the Forgejo API. Added pre-commit hook to keep container versions in sync with `service-versions.yaml`.
				`@ -1 +0,0 @@`
				`Add deployment plan for Authentik identity provider to replace Dex`