Doc review: delete install-dagger-on-nix-runner, add service-versions ref card

Outdated leaf card removed; zot.md now links to new service-versions
reference card instead. Added reverse link from review-services.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/how-to/knowledgebase/review-services.md

@@ -140,3 +140,4 @@ BlumeOps uses kustomize manifests for all services. Helm charts should not be in
 - [[deploy-k8s-service]] - Deploy changes to Kubernetes services
 - [[build-container-image]] - Build and release custom container images
 - [[add-ansible-role]] - Add or modify Ansible roles
+- [[service-versions]] - Version tracking file reference

docs/how-to/zot/install-dagger-on-nix-runner.md

@@ -1,32 +0,0 @@
----
-title: Install Dagger on Nix Runner
-modified: 2026-02-20
-tags:
-  - how-to
-  - ci
-  - zot
----
-
-# Install Dagger on Nix Runner
-
-Use `nix eval` instead of `dagger call nix-version` for version extraction on the ringtail nix-container-builder runner.
-
-## Context
-
-The `build-container-nix.yaml` workflow extracts container versions in this order:
-
-1. `version = "..."` from `default.nix` (e.g. ntfy)
-2. `ARG CONTAINER_APP_VERSION=` from Dockerfile (e.g. nettest)
-3. Nixpkgs package version for packages without explicit versions (e.g. authentik)
-
-Step 3 originally used `dagger call nix-version`, but dagger can't run on the bare nix runner:
-
-- **Dagger is not in nixpkgs** — removed due to [trademark concerns](https://github.com/NixOS/nixpkgs/issues/260848). Available via `github:dagger/nix` flake.
-- **Dagger needs a container runtime** — the CLI is just an API client; the engine runs as a container via Docker/containerd, which the nix runner doesn't have.
-
-The fix was to use `nix eval --raw "nixpkgs#<package>.version"` directly, which is already available on the nix host and more appropriate.
-
-## Related
-
-- [[adopt-commit-based-container-tags]] — Parent card
-- [[harden-zot-registry]] — Root goal