83 releases 160 tags

RSS feed

• v1.15.7 9bafe85b2b

  Compare

  BlumeOps v1.15.7 Stable

  eblume released this 2026-04-18 08:14:51 -07:00 | 141 commits to main since this release

  BlumeOps release v1.15.7

  What's Changed

  Bug Fixes

  • Fix borgmatic LaunchAgent failing silently due to macOS TCC permission dialogs. LaunchAgents now call borgmatic directly instead of routing through mise x, which triggered "wants to access Documents" dialogs that hung headless sessions. The ansible role now also manages borgmatic installation via mise install.

  Infrastructure

  • Automate verification of Prowler MANUAL findings (kubelet file perms, kubelet config, etcd CA, RBAC cluster-admin) in review-compliance-reports and mute them with node-config-automated-verification compensating control.
  • Migrate transmission and transmission-exporter containers from Dockerfile to native Dagger builds (container.py). Updates base images to Alpine 3.23 and Python 3.14, pins uv to 0.11.6.
  • Switched Fly proxy to upstream keepalive pools, reducing forge.eblu.me latency from 35s+ p50 to sub-second. Added mise run fly-reload for DNS re-resolution without redeploy.
  • Upgrade Prowler from 5.22.0 to 5.23.0; remove init container workaround for broken --registry flag (upstream fix in PR #10470).
  • Added robots.txt to forge.eblu.me blocking crawlers from /mirrors/ to reduce load from Facebook scraping.
  • Container builds are now manual-only via mise run container-build-and-release. Removed auto-trigger on push to main — shared Dagger helpers made path-based detection unreliable.
  • Migrate devpi container from Dockerfile to native Dagger build; bump devpi-server 6.19.1→6.19.3 and devpi-web 5.0.1→5.0.2.
  • Migrated kiwix-serve container from Dockerfile to native Dagger build, bumping Alpine base from 3.22 to 3.23.
  • Mitigated Forgejo archive endpoint DoS: redirect public archive requests to tailnet, expanded robots.txt, enabled archive cleanup cron, cached release downloads at proxy.
  • Refactored Dagger container pipelines: extended go_build() helper with buildmode and extra_env params, migrated miniflux and forgejo-runner to use it, and standardized all Alpine bases from 3.22 to 3.23.

  Miscellaneous

  • Review compensating control sso-gated-admin-tools: tightened scope to ArgoCD only, removed Grafana reference.
  • container-build-and-release now verifies the commit exists on the remote before dispatching a build.

  Documentation

  Download docs-v1.15.7.tar.gz and configure the quartz container with:

  DOCS_RELEASE_URL=https://forge.eblu.me/eblume/blumeops/releases/download/v1.15.7/docs-v1.15.7.tar.gz
  

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads

  ---

  • docs-v1.15.7.tar.gz
    2 downloads · 2026-04-18 08:14:57 -07:00 · 1.8 MiB