blumeops

Author	SHA1	Message	Date
Erich Blume	613f05dfde	Add consistent OCI labels to all container Dockerfiles All checks were successful Build Container (Nix) / build (miniflux) (push) Successful in 2s Details Build Container (Nix) / build (navidrome) (push) Successful in 2s Details Build Container / build (devpi) (push) Successful in 41s Details Build Container (Nix) / build (nettest) (push) Successful in 15s Details Build Container / build (grafana-sidecar) (push) Successful in 1m27s Details Build Container / build (grafana) (push) Successful in 3m23s Details Build Container (Nix) / build (ntfy) (push) Successful in 3m19s Details Build Container (Nix) / build (prometheus) (push) Successful in 1s Details Build Container (Nix) / build (quartz) (push) Successful in 1s Details Build Container (Nix) / build (runner-job-image) (push) Successful in 1s Details Build Container (Nix) / build (teslamate) (push) Successful in 2s Details Build Container (Nix) / build (transmission) (push) Successful in 2s Details Build Container (Nix) / build (transmission-exporter) (push) Successful in 1s Details Build Container (Nix) / build (unpoller) (push) Successful in 1s Details Build Container / build (kiwix-serve) (push) Successful in 1m17s Details Build Container / build (kubectl) (push) Successful in 41s Details Build Container / build (homepage) (push) Successful in 8m21s Details Build Container / build (mealie) (push) Successful in 1m1s Details Build Container / build (loki) (push) Successful in 8m21s Details Build Container / build (miniflux) (push) Successful in 2m24s Details Build Container / build (nettest) (push) Successful in 14s Details Build Container / build (ntfy) (push) Successful in 8m33s Details Build Container / build (prometheus) (push) Successful in 37s Details Build Container / build (quartz) (push) Successful in 19s Details Build Container / build (navidrome) (push) Successful in 10m36s Details Build Container / build (runner-job-image) (push) Successful in 3m18s Details Build Container / build (transmission) (push) Successful in 20s Details Build Container / build (transmission-exporter) (push) Successful in 21s Details Build Container / build (unpoller) (push) Successful in 11s Details Build Container / build (teslamate) (push) Successful in 4m42s Details Every container now carries title, description, version, source, and vendor labels per the OCI image spec. Version is derived from the existing CONTAINER_APP_VERSION ARG at build time. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-18 20:42:00 -07:00
Erich Blume	0e2c10176d	Harden zot registry, pt 1 (#231 ) ## Summary - Enable OIDC + API key authentication on zot with anonymous pull preserved - Enforce tag immutability for version tags - Adopt commit-SHA-based container image tagging Details in the [[harden-zot-registry]] Mikado chain (`mise run docs-mikado harden-zot-registry`). ## Test plan - [ ] Anonymous pull still works - [ ] Unauthenticated push fails (401) - [ ] CI container builds pass with new auth and tagging - [ ] `mise run services-check` passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/231	2026-02-20 22:50:01 -08:00
Erich Blume	01e19023ee	Add CV/resume web app at cv.ops.eblu.me (#169 ) ## Summary - nginx container (`containers/cv/`) downloads and serves a content tarball at startup (same pattern as quartz) - ArgoCD app + k8s manifests (deployment, service, Tailscale ingress) - Caddy route for `cv.ops.eblu.me` - Deploy workflow: resolves "latest" or specific version from Forgejo packages, updates deployment, syncs ArgoCD - Content is built and released from the separate [cv repo](https://forge.ops.eblu.me/eblume/cv) ## Deployment steps (after merge) 1. `mise run container-tag-and-release cv v1.0.0` 2. Run "Release CV" workflow in cv repo (SPECIFIC_VERSION `v0.1.0`) 3. Run "Deploy CV" workflow in blumeops (default: latest) 4. `mise run provision-indri -- --tags caddy` 5. Verify at `https://cv.ops.eblu.me/` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/169	2026-02-12 11:09:41 -08:00

3 commits