blumeops

eblume/blumeops

Fork 0

Commit graph

Author	SHA1	Message	Date
Erich Blume	0d3269e8d6	Add 1Password Connect + External Secrets to ringtail k3s Deploy the full ESO stack on ringtail, matching the indri pattern: - 4 ArgoCD apps (1password-connect, external-secrets-crds, external-secrets, external-secrets-config) targeting ringtail k3s cluster - ExternalSecret for forgejo-runner-amd64 token (replaces Ansible-managed secret) - Ansible playbook bootstraps 1Password Connect credentials instead of directly managing runner tokens Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 19:40:21 -08:00
Erich Blume	961151ed30	Add k3s cluster on ringtail with amd64 Forgejo runner Enable k3s single-node server on ringtail (NixOS) for native amd64 container builds. Includes ArgoCD Application and manifests for a Forgejo Actions runner with the `k8s-amd64` label, Ansible bootstrap tasks for k3s token and runner secret, and containerd registry mirrors pulling through Zot on indri. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 19:09:47 -08:00
Erich Blume	535f897054	Polish ringtail NixOS config and add documentation (#208 ) ## Summary - Fix Super+Return keybinding to launch wezterm in sway - Set fish as default login shell - Remove `initialPassword` (real password already set) - Add 1Password CLI + GUI, chezmoi, and dev tool packages (neovim, eza, fd, fzf, zoxide, starship, atuin, bat, ripgrep) - Add ringtail reference card, update host inventory and reference index - Changelog fragment ## Post-merge deployment - `mise run provision-ringtail` to rebuild NixOS - On ringtail: launch 1Password GUI, enable CLI integration (Settings > Developer > CLI integration) - Chezmoi needs `.chezmoiignore` updates in the dotfiles repo (separate task) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/208	2026-02-18 17:53:47 -08:00

Author

SHA1

Message

Date

Erich Blume

0d3269e8d6

Add 1Password Connect + External Secrets to ringtail k3s

Deploy the full ESO stack on ringtail, matching the indri pattern:
- 4 ArgoCD apps (1password-connect, external-secrets-crds, external-secrets,
  external-secrets-config) targeting ringtail k3s cluster
- ExternalSecret for forgejo-runner-amd64 token (replaces Ansible-managed secret)
- Ansible playbook bootstraps 1Password Connect credentials instead of
  directly managing runner tokens

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-18 19:40:21 -08:00

Erich Blume

961151ed30

Add k3s cluster on ringtail with amd64 Forgejo runner

Enable k3s single-node server on ringtail (NixOS) for native amd64
container builds. Includes ArgoCD Application and manifests for a
Forgejo Actions runner with the `k8s-amd64` label, Ansible bootstrap
tasks for k3s token and runner secret, and containerd registry mirrors
pulling through Zot on indri.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-18 19:09:47 -08:00

Erich Blume

535f897054

Polish ringtail NixOS config and add documentation (#208 )

## Summary
- Fix Super+Return keybinding to launch wezterm in sway
- Set fish as default login shell
- Remove `initialPassword` (real password already set)
- Add 1Password CLI + GUI, chezmoi, and dev tool packages (neovim, eza, fd, fzf, zoxide, starship, atuin, bat, ripgrep)
- Add ringtail reference card, update host inventory and reference index
- Changelog fragment

## Post-merge deployment
- `mise run provision-ringtail` to rebuild NixOS
- On ringtail: launch 1Password GUI, enable CLI integration (Settings > Developer > CLI integration)
- Chezmoi needs `.chezmoiignore` updates in the dotfiles repo (separate task)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/208

2026-02-18 17:53:47 -08:00

3 commits