Doc review: delete install-dagger-on-nix-runner, add service-versions ref card

Outdated leaf card removed; zot.md now links to new service-versions reference card instead. Added reverse link from review-services. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 09:52:38 -07:00 · 2026-04-12 09:52:38 -07:00 · 6e60287e99
commit 6e60287e99
parent 8d80a4a3a5
5 changed files with 22 additions and 33 deletions
--- a/docs/changelog.d/+service-versions-ref-card.doc.md
+++ b/docs/changelog.d/+service-versions-ref-card.doc.md
@ -0,0 +1 @@
+Delete outdated install-dagger-on-nix-runner card; add service-versions reference card; clean up zot.md and review-services.md links.
--- a/docs/how-to/knowledgebase/review-services.md
+++ b/docs/how-to/knowledgebase/review-services.md
@ -140,3 +140,4 @@ BlumeOps uses kustomize manifests for all services. Helm charts should not be in
 - [[deploy-k8s-service]] - Deploy changes to Kubernetes services
 - [[build-container-image]] - Build and release custom container images
 - [[add-ansible-role]] - Add or modify Ansible roles
+- [[service-versions]] - Version tracking file reference
--- a/docs/how-to/zot/install-dagger-on-nix-runner.md
+++ b/docs/how-to/zot/install-dagger-on-nix-runner.md
@ -1,32 +0,0 @@
---
-title: Install Dagger on Nix Runner
-modified: 2026-02-20
-tags:
-  - how-to
-  - ci
-  - zot
---
-
-# Install Dagger on Nix Runner
-
-Use `nix eval` instead of `dagger call nix-version` for version extraction on the ringtail nix-container-builder runner.
-
-## Context
-
-The `build-container-nix.yaml` workflow extracts container versions in this order:
-
-1. `version = "..."` from `default.nix` (e.g. ntfy)
-2. `ARG CONTAINER_APP_VERSION=` from Dockerfile (e.g. nettest)
-3. Nixpkgs package version for packages without explicit versions (e.g. authentik)
-
-Step 3 originally used `dagger call nix-version`, but dagger can't run on the bare nix runner:
-
- **Dagger is not in nixpkgs** — removed due to [trademark concerns](https://github.com/NixOS/nixpkgs/issues/260848). Available via `github:dagger/nix` flake.
- **Dagger needs a container runtime** — the CLI is just an API client; the engine runs as a container via Docker/containerd, which the nix runner doesn't have.
-
-The fix was to use `nix eval --raw "nixpkgs#<package>.version"` directly, which is already available on the nix host and more appropriate.
-
-## Related
-
- [[adopt-commit-based-container-tags]] — Parent card
- [[harden-zot-registry]] — Root goal
--- a/docs/reference/operations/service-versions.md
+++ b/docs/reference/operations/service-versions.md
@ -0,0 +1,19 @@
+---
+title: Service Versions
+modified: 2026-04-12
+last-reviewed: 2026-04-12
+tags:
+  - reference
+  - maintenance
+  - services
+---
+
+# Service Versions
+
+`service-versions.yaml` (repo root) tracks version information for all deployed services and tools in blumeops. Each entry records the service name, deployment type, current version, upstream source, and when it was last reviewed.
+
+This file enables a regular update cadence via `mise run service-review`, which surfaces stale services sorted by review date. See [[review-services]] for the full review process.
+
+## Related
+
+- [[review-services]] — How to review services for version freshness
--- a/docs/reference/services/zot.md
+++ b/docs/reference/services/zot.md
@ -66,4 +66,4 @@ The `zot-ci` API key expires every **90 days**. To rotate:
 - [[cluster|Cluster]] - Registry consumer
 - [[authentik]] - OIDC identity provider
 - [[harden-zot-registry]] - Security hardening guide
- [[install-dagger-on-nix-runner]] - Why Dagger can't run on the Nix builder
+- [[service-versions]] - Version tracking for deployed services
				`@ -0,0 +1 @@`
				`Delete outdated install-dagger-on-nix-runner card; add service-versions reference card; clean up zot.md and review-services.md links.`