From 6e60287e99756f25f22ae8758b938c481f2331af Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sun, 12 Apr 2026 09:52:38 -0700 Subject: [PATCH] Doc review: delete install-dagger-on-nix-runner, add service-versions ref card Outdated leaf card removed; zot.md now links to new service-versions reference card instead. Added reverse link from review-services. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../+service-versions-ref-card.doc.md | 1 + docs/how-to/knowledgebase/review-services.md | 1 + .../zot/install-dagger-on-nix-runner.md | 32 ------------------- docs/reference/operations/service-versions.md | 19 +++++++++++ docs/reference/services/zot.md | 2 +- 5 files changed, 22 insertions(+), 33 deletions(-) create mode 100644 docs/changelog.d/+service-versions-ref-card.doc.md delete mode 100644 docs/how-to/zot/install-dagger-on-nix-runner.md create mode 100644 docs/reference/operations/service-versions.md diff --git a/docs/changelog.d/+service-versions-ref-card.doc.md b/docs/changelog.d/+service-versions-ref-card.doc.md new file mode 100644 index 0000000..95cb07c --- /dev/null +++ b/docs/changelog.d/+service-versions-ref-card.doc.md @@ -0,0 +1 @@ +Delete outdated install-dagger-on-nix-runner card; add service-versions reference card; clean up zot.md and review-services.md links. diff --git a/docs/how-to/knowledgebase/review-services.md b/docs/how-to/knowledgebase/review-services.md index f995d1a..9969e4c 100644 --- a/docs/how-to/knowledgebase/review-services.md +++ b/docs/how-to/knowledgebase/review-services.md @@ -140,3 +140,4 @@ BlumeOps uses kustomize manifests for all services. Helm charts should not be in - [[deploy-k8s-service]] - Deploy changes to Kubernetes services - [[build-container-image]] - Build and release custom container images - [[add-ansible-role]] - Add or modify Ansible roles +- [[service-versions]] - Version tracking file reference diff --git a/docs/how-to/zot/install-dagger-on-nix-runner.md b/docs/how-to/zot/install-dagger-on-nix-runner.md deleted file mode 100644 index 7d5fda7..0000000 --- a/docs/how-to/zot/install-dagger-on-nix-runner.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: Install Dagger on Nix Runner -modified: 2026-02-20 -tags: - - how-to - - ci - - zot ---- - -# Install Dagger on Nix Runner - -Use `nix eval` instead of `dagger call nix-version` for version extraction on the ringtail nix-container-builder runner. - -## Context - -The `build-container-nix.yaml` workflow extracts container versions in this order: - -1. `version = "..."` from `default.nix` (e.g. ntfy) -2. `ARG CONTAINER_APP_VERSION=` from Dockerfile (e.g. nettest) -3. Nixpkgs package version for packages without explicit versions (e.g. authentik) - -Step 3 originally used `dagger call nix-version`, but dagger can't run on the bare nix runner: - -- **Dagger is not in nixpkgs** — removed due to [trademark concerns](https://github.com/NixOS/nixpkgs/issues/260848). Available via `github:dagger/nix` flake. -- **Dagger needs a container runtime** — the CLI is just an API client; the engine runs as a container via Docker/containerd, which the nix runner doesn't have. - -The fix was to use `nix eval --raw "nixpkgs#.version"` directly, which is already available on the nix host and more appropriate. - -## Related - -- [[adopt-commit-based-container-tags]] — Parent card -- [[harden-zot-registry]] — Root goal diff --git a/docs/reference/operations/service-versions.md b/docs/reference/operations/service-versions.md new file mode 100644 index 0000000..23d23e1 --- /dev/null +++ b/docs/reference/operations/service-versions.md @@ -0,0 +1,19 @@ +--- +title: Service Versions +modified: 2026-04-12 +last-reviewed: 2026-04-12 +tags: + - reference + - maintenance + - services +--- + +# Service Versions + +`service-versions.yaml` (repo root) tracks version information for all deployed services and tools in blumeops. Each entry records the service name, deployment type, current version, upstream source, and when it was last reviewed. + +This file enables a regular update cadence via `mise run service-review`, which surfaces stale services sorted by review date. See [[review-services]] for the full review process. + +## Related + +- [[review-services]] — How to review services for version freshness diff --git a/docs/reference/services/zot.md b/docs/reference/services/zot.md index c309557..d00a200 100644 --- a/docs/reference/services/zot.md +++ b/docs/reference/services/zot.md @@ -66,4 +66,4 @@ The `zot-ci` API key expires every **90 days**. To rotate: - [[cluster|Cluster]] - Registry consumer - [[authentik]] - OIDC identity provider - [[harden-zot-registry]] - Security hardening guide -- [[install-dagger-on-nix-runner]] - Why Dagger can't run on the Nix builder +- [[service-versions]] - Version tracking for deployed services