diff --git a/CHANGELOG.md b/CHANGELOG.md
index b6c60e5..58fad4a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,38 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 <!-- towncrier release notes start -->
 
+## [v1.5.3] - 2026-02-11
+
+### Features
+
+- Add BorgBase offsite backup repository for 3-2-1 backup strategy
+- Fly.io proxy serves a friendly error page when upstreams are unreachable (indri offline, Tailscale tunnel down, etc.). Test at `docs.eblu.me/_error`.
+- Add `op-backup` mise task for encrypted 1Password disaster recovery backups via borgmatic
+- Add SMART disk health monitoring for sifaka NAS with smartctl_exporter, Grafana dashboard, Ansible playbook, and Caddy L4 routing via ops.eblu.me.
+
+### Bug Fixes
+
+- Replace `op item get --fields` with `op read` in all mise tasks (tailnet-up, tailnet-preview, dns-up, dns-preview) to prevent multi-line secret corruption.
+- Fix 502 errors during Fly.io proxy deploys by deferring health check until Tailscale is connected.
+- Fix minikube ansible role not restarting cluster after power loss — status check only examined host VM state, missing stopped kubelet/apiserver.
+- Log real client IPs in Fly.io proxy access logs using Fly-Client-IP header instead of showing the internal proxy address.
+
+### Infrastructure
+
+- Switch CI container builds from deprecated `docker build` to `docker buildx build` (BuildKit).
+- Install `docker-buildx-plugin` in forgejo-runner image to support `docker buildx build`.
+- Eliminate 502 errors during Fly.io proxy deploys by starting nginx after Tailscale, switching to bluegreen deploys, and using service-level health checks for traffic gating.
+
+### Documentation
+
+- Add troubleshooting guide for CNI conflict after unclean shutdown to restart-indri how-to.
+- Add migration plan for Forgejo brew-to-source transition
+- Document `op read` vs `op item get` convention for 1Password secret retrieval
+- Add power infrastructure reference card documenting the battery-backed UPS chain (Anker SOLIX F2000 → CyberPower UPS → homelab).
+- Add plan and reference card for UniFi Express 7 Pulumi IaC management.
+- Add how-to guide for restoring 1Password backup from borgmatic, with cross-links from disaster recovery, borgmatic, 1password, and backup policy docs
+
+
 ## [v1.5.2] - 2026-02-09
 
 ### Features
diff --git a/argocd/manifests/docs/deployment.yaml b/argocd/manifests/docs/deployment.yaml
index f257687..a8b0d64 100644
--- a/argocd/manifests/docs/deployment.yaml
+++ b/argocd/manifests/docs/deployment.yaml
@@ -22,7 +22,7 @@ spec:
               name: http
           env:
             - name: DOCS_RELEASE_URL
-              value: "https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.5.2/docs-v1.5.2.tar.gz"
+              value: "https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.5.3/docs-v1.5.3.tar.gz"
           resources:
             requests:
               memory: "64Mi"
diff --git a/docs/changelog.d/doc-cni-conflict-troubleshooting.doc.md b/docs/changelog.d/doc-cni-conflict-troubleshooting.doc.md
deleted file mode 100644
index cee815a..0000000
--- a/docs/changelog.d/doc-cni-conflict-troubleshooting.doc.md
+++ /dev/null
@@ -1 +0,0 @@
-Add troubleshooting guide for CNI conflict after unclean shutdown to restart-indri how-to.
diff --git a/docs/changelog.d/doc-forgejo-brew-migration-plan.doc.md b/docs/changelog.d/doc-forgejo-brew-migration-plan.doc.md
deleted file mode 100644
index d066ceb..0000000
--- a/docs/changelog.d/doc-forgejo-brew-migration-plan.doc.md
+++ /dev/null
@@ -1 +0,0 @@
-Add migration plan for Forgejo brew-to-source transition
diff --git a/docs/changelog.d/doc-restore-1password-backup.doc.md b/docs/changelog.d/doc-restore-1password-backup.doc.md
deleted file mode 100644
index 2c66288..0000000
--- a/docs/changelog.d/doc-restore-1password-backup.doc.md
+++ /dev/null
@@ -1 +0,0 @@
-Add how-to guide for restoring 1Password backup from borgmatic, with cross-links from disaster recovery, borgmatic, 1password, and backup policy docs
diff --git a/docs/changelog.d/docs-op-read-convention.doc.md b/docs/changelog.d/docs-op-read-convention.doc.md
deleted file mode 100644
index b343479..0000000
--- a/docs/changelog.d/docs-op-read-convention.doc.md
+++ /dev/null
@@ -1 +0,0 @@
-Document `op read` vs `op item get` convention for 1Password secret retrieval
diff --git a/docs/changelog.d/docs-power-infrastructure.doc.md b/docs/changelog.d/docs-power-infrastructure.doc.md
deleted file mode 100644
index 2854597..0000000
--- a/docs/changelog.d/docs-power-infrastructure.doc.md
+++ /dev/null
@@ -1 +0,0 @@
-Add power infrastructure reference card documenting the battery-backed UPS chain (Anker SOLIX F2000 → CyberPower UPS → homelab).
diff --git a/docs/changelog.d/feature-borgbase-offsite-backup.feature.md b/docs/changelog.d/feature-borgbase-offsite-backup.feature.md
deleted file mode 100644
index 1151e3f..0000000
--- a/docs/changelog.d/feature-borgbase-offsite-backup.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Add BorgBase offsite backup repository for 3-2-1 backup strategy
diff --git a/docs/changelog.d/feature-fly-proxy-error-page.feature.md b/docs/changelog.d/feature-fly-proxy-error-page.feature.md
deleted file mode 100644
index 1939d19..0000000
--- a/docs/changelog.d/feature-fly-proxy-error-page.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Fly.io proxy serves a friendly error page when upstreams are unreachable (indri offline, Tailscale tunnel down, etc.). Test at `docs.eblu.me/_error`.
diff --git a/docs/changelog.d/feature-op-backup.feature.md b/docs/changelog.d/feature-op-backup.feature.md
deleted file mode 100644
index cc2606a..0000000
--- a/docs/changelog.d/feature-op-backup.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Add `op-backup` mise task for encrypted 1Password disaster recovery backups via borgmatic
diff --git a/docs/changelog.d/feature-sifaka-ops-observability.feature.md b/docs/changelog.d/feature-sifaka-ops-observability.feature.md
deleted file mode 100644
index 156e253..0000000
--- a/docs/changelog.d/feature-sifaka-ops-observability.feature.md
+++ /dev/null
@@ -1 +0,0 @@
-Add SMART disk health monitoring for sifaka NAS with smartctl_exporter, Grafana dashboard, Ansible playbook, and Caddy L4 routing via ops.eblu.me.
diff --git a/docs/changelog.d/feature-unifi-pulumi.bugfix.md b/docs/changelog.d/feature-unifi-pulumi.bugfix.md
deleted file mode 100644
index 015a6ed..0000000
--- a/docs/changelog.d/feature-unifi-pulumi.bugfix.md
+++ /dev/null
@@ -1 +0,0 @@
-Replace `op item get --fields` with `op read` in all mise tasks (tailnet-up, tailnet-preview, dns-up, dns-preview) to prevent multi-line secret corruption.
diff --git a/docs/changelog.d/feature-unifi-pulumi.doc.md b/docs/changelog.d/feature-unifi-pulumi.doc.md
deleted file mode 100644
index 8e5e5fc..0000000
--- a/docs/changelog.d/feature-unifi-pulumi.doc.md
+++ /dev/null
@@ -1 +0,0 @@
-Add plan and reference card for UniFi Express 7 Pulumi IaC management.
diff --git a/docs/changelog.d/fix-deploy-healthcheck-race.bugfix.md b/docs/changelog.d/fix-deploy-healthcheck-race.bugfix.md
deleted file mode 100644
index 0220ca3..0000000
--- a/docs/changelog.d/fix-deploy-healthcheck-race.bugfix.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix 502 errors during Fly.io proxy deploys by deferring health check until Tailscale is connected.
diff --git a/docs/changelog.d/fix-docker-buildx-runner.infra.md b/docs/changelog.d/fix-docker-buildx-runner.infra.md
deleted file mode 100644
index b811911..0000000
--- a/docs/changelog.d/fix-docker-buildx-runner.infra.md
+++ /dev/null
@@ -1 +0,0 @@
-Install `docker-buildx-plugin` in forgejo-runner image to support `docker buildx build`.
diff --git a/docs/changelog.d/fix-docker-buildx.infra.md b/docs/changelog.d/fix-docker-buildx.infra.md
deleted file mode 100644
index a44eeee..0000000
--- a/docs/changelog.d/fix-docker-buildx.infra.md
+++ /dev/null
@@ -1 +0,0 @@
-Switch CI container builds from deprecated `docker build` to `docker buildx build` (BuildKit).
diff --git a/docs/changelog.d/fix-minikube-status-check.bugfix.md b/docs/changelog.d/fix-minikube-status-check.bugfix.md
deleted file mode 100644
index bff2ea2..0000000
--- a/docs/changelog.d/fix-minikube-status-check.bugfix.md
+++ /dev/null
@@ -1 +0,0 @@
-Fix minikube ansible role not restarting cluster after power loss — status check only examined host VM state, missing stopped kubelet/apiserver.
diff --git a/docs/changelog.d/fix-real-client-ip-logging.bugfix.md b/docs/changelog.d/fix-real-client-ip-logging.bugfix.md
deleted file mode 100644
index 466a789..0000000
--- a/docs/changelog.d/fix-real-client-ip-logging.bugfix.md
+++ /dev/null
@@ -1 +0,0 @@
-Log real client IPs in Fly.io proxy access logs using Fly-Client-IP header instead of showing the internal proxy address.
diff --git a/docs/changelog.d/fix-zero-downtime-deploy.infra.md b/docs/changelog.d/fix-zero-downtime-deploy.infra.md
deleted file mode 100644
index 0bb7b16..0000000
--- a/docs/changelog.d/fix-zero-downtime-deploy.infra.md
+++ /dev/null
@@ -1 +0,0 @@
-Eliminate 502 errors during Fly.io proxy deploys by starting nginx after Tailscale, switching to bluegreen deploys, and using service-level health checks for traffic gating.