eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
83 releases 160 tags
  • v1.11.5 be3cdad1cb

    BlumeOps v1.11.5 Stable

    eblume released this 2026-02-26 07:56:02 -08:00 | 524 commits to main since this release

    BlumeOps release v1.11.5

    What's Changed

    Features

    • Add authenticated GitHub mirror sync with PAT rotation tooling (mirror-update-pats, mirror-create auth support, how-to doc).
    • Add Transmission Grafana dashboard with metrics exporter sidecar for monitoring upload/download speeds, transfer volumes, and per-torrent breakdowns.

    Bug Fixes

    • Fix Frigate dashboard "Detection Events Rate" panel showing no data — corrected metric name to frigate_camera_events_total and label to camera.
    • Filter car and bird detections from Frigate driveway zone to stop repeated alerts on parked cars at night

    Infrastructure

    • Port CloudNative-PG operator from Helm chart to direct upstream release manifest via forge mirror.
    • Add multi-cluster Kubernetes observability: deploy kube-state-metrics and Alloy on ringtail (k3s), add cluster label to all metrics/logs, replace single-cluster dashboards with multi-cluster Kubernetes dashboard and dedicated Ringtail dashboard with GPU monitoring.
    • Add explicit ExternalSecret defaults for SSA sync parity with ArgoCD v3.3
    • Upgrade ArgoCD from v3.2.6 to v3.3.2 with Server-Side Apply enabled

    AI Assistance

    • Bake default bat options into ai-docs mise task so agents no longer need verbose flags at session start.
    • docs-review task now prints the file path instead of the file content, so the LLM reads it directly.

    Documentation

    Download docs-v1.11.5.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.11.5/docs-v1.11.5.tar.gz
    Downloads
  • v1.11.4 e273f399ea

    BlumeOps v1.11.4 Stable

    eblume released this 2026-02-25 07:04:22 -08:00 | 537 commits to main since this release

    BlumeOps release v1.11.4

    What's Changed

    Features

    • Add mirror-create mise task for creating upstream mirrors in the mirrors/ Forgejo org

    Bug Fixes

    • Fix Grafana OAuth role mapping: INI parser was stripping quotes from role_attribute_path = 'Admin', causing all Authentik users to get Viewer role instead of Admin. Now uses group-based mapping from the admins Authentik group.
    • Fix TeslaMate dashboards showing "No Data": Grafana 12.x's grafana-postgresql-datasource plugin requires the database name in jsonData, not just the top-level database field.

    Infrastructure

    • Move image tags to kustomize images: transformer across 22 services and replace hand-written ConfigMaps with configMapGenerator: in 12 services, enabling content-hash-based automatic rollouts on config changes.
    • Migrate upstream mirror repos from eblume/ to mirrors/ Forgejo organization
    • Port Prometheus to local container build (3-stage: Node UI, Go binaries, Alpine runtime) for supply chain control via Zot registry.
    • Fix ArgoCD app definitions and credential template to use mirrors/ org after forge mirror migration; bump immich v2.5.2 → v2.5.6.
    • Document AirPlay cross-VLAN firewall rules for Samsung Frame TV (established/related, AirPlay ports, dynamic reverse) and fix rule ordering in segment-home-network plan.
    • Update image tags for all 6 mirror-migrated containers (homepage, navidrome, ntfy, miniflux, prometheus, teslamate)
    • Switch prometheus, teslamate, and miniflux container builds to forge mirrors; create miniflux mirror

    Documentation

    • Document squash-merge container tag provenance issue and post-merge workflow for updating manifests to main-SHA tags.
    • Add mise-tasks reference card with categorized task inventory; include in ai-docs context
    • Review 3 how-to docs: stamp provision-authentik-database and use-pypi-proxy, fix wrong policy path and misleading --yes in update-tailscale-acls

    Documentation

    Download docs-v1.11.4.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.11.4/docs-v1.11.4.tar.gz
    Downloads
  • v1.11.3 9b4951bf94

    BlumeOps v1.11.3 Stable

    eblume released this 2026-02-23 21:04:33 -08:00 | 558 commits to main since this release

    BlumeOps release v1.11.3

    What's Changed

    Features

    • Upgrade Grafana from 11.4.0 to 12.3.3 with home-built container image and Kustomize manifests, replacing the Helm chart deployment.

    Bug Fixes

    • Fix Dagger pipelines hanging when called from mise tasks in interactive terminals. Added --progress=plain to all dagger call invocations to prevent SIGTTOU from stopping the process when mise's child process group is not the terminal foreground group.
    • Fix Grafana TeslaMate dashboards not appearing in a folder — enabled foldersFromFilesStructure so the sidecar's grafana_folder annotation is respected.
    • Container build workflows now checkout the dispatch ref when building from feature branches, fixing "No Dockerfile — skipping" errors for containers not yet on main.

    Infrastructure

    • Fix Frigate Prometheus scrape target to route via Caddy (nvr.ops.eblu.me) after migration to ringtail, and rebuild Grafana dashboard with updated Frigate 0.17 metrics (GPU usage, temperature, skipped FPS, detection events).
    • Update tooling dependencies: pre-commit hooks (trufflehog, ruff, shellcheck, prettier, actionlint), Fly.io Dockerfile (pin nginx 1.28.2-alpine, alloy v1.13.1), and normalize mise task Python lower bounds.
    • Rename containers/forgejo-runner to containers/runner-job-image to distinguish the CI job execution image from the Forgejo runner daemon, fixing a version-check false positive.

    Documentation

    • Review deploy-authentik card: rewrite as reproducible process guide, remove stale version info and future work section, mark plan as completed.
    • Formalize C0/C1/C2 change classification: C0 allows direct-to-main commits, C1 adds docs-first workflow with branch deployment, C2 introduces the Mikado Branch Invariant for strict commit ordering on multi-phase changes. Add C2 conventions: C2(<chain>): plan/impl/close/finalize commit messages, mikado/<chain-stem> branch naming, and branch: frontmatter on goal cards. New tooling: docs-mikado --resume for cold-start session pickup and mikado-branch-invariant-check pre-commit hook.
    • Replace Grafana Helm upgrade plan with C2 Mikado chain for upgrading to 12.x with kustomize and home-built containers.

    AI Assistance

    • Improved Mikado C2 process: end-of-cycle session prompts, rigorous reset discipline with documented git patterns, and --resume now shows PR number and stash hints.

    Documentation

    Download docs-v1.11.3.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.11.3/docs-v1.11.3.tar.gz
    Downloads
  • v1.11.2 e655f4556e

    BlumeOps v1.11.2 Stable

    eblume released this 2026-02-22 17:52:04 -08:00 | 575 commits to main since this release

    BlumeOps release v1.11.2

    What's Changed

    Features

    • Add branch-cleanup mise task and scheduled Forgejo workflow to delete merged branches locally and on the Forgejo remote. Detects squash-merged PRs via the Forgejo API. The workflow runs approximately every 10 days with a configurable age cutoff (default 30 days).
    • Add Forgejo repository health metrics collector and Grafana dashboard with CI/CD, release, and language tracking across all repos.
    • Switch Frigate object detection from YOLO-NAS-S (320x320) to YOLOv9-c (640x640) with CUDA Graphs support, and add frigate-export-model Dagger pipeline + mise task for reproducible model exports.

    Infrastructure

    • Simplify service-versions.yaml type taxonomy to argocd | ansible | nixos; add nix-container-builder entry; backfill forgejo and forgejo-runner versions
    • Prepare forgejo-runner v12 upgrade: review config compatibility, add workflow schema validation via Dagger, wire pre-commit hook
    • Upgrade k8s forgejo-runner daemon from v6.3.1 to v12.7.0

    Documentation

    • Add Mikado chain for upgrading k8s forgejo-runner from v6.3.1 to v12.x

    Documentation

    Download docs-v1.11.2.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.11.2/docs-v1.11.2.tar.gz
    Downloads
  • v1.11.1 e41c28ed90

    BlumeOps v1.11.1 Stable

    eblume released this 2026-02-22 10:21:19 -08:00 | 583 commits to main since this release

    BlumeOps release v1.11.1

    What's Changed

    Infrastructure

    • Use Zot registry logo instead of Docker logo on homepage dashboard

    Documentation

    Download docs-v1.11.1.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.11.1/docs-v1.11.1.tar.gz
    Downloads
  • v1.11.0 c427f04ec4

    BlumeOps v1.11.0 Stable

    eblume released this 2026-02-22 09:16:00 -08:00 | 586 commits to main since this release

    BlumeOps release v1.11.0

    What's Changed

    Features

    • Add agent change process (C0/C1/C2) documentation and docs-mikado tool for Mikado method dependency chain resolution. Rename zk-docs task to ai-docs.
    • Deploy Authentik identity provider on ringtail k3s cluster, replacing Dex as the SSO provider. Includes Nix-built container, CNPG database, Redis, and Caddy routing at authentik.ops.eblu.me.
    • Integrate Forgejo with Authentik OIDC for single sign-on with group-based admin propagation. Enforce TOTP MFA on Authentik authentication flow.
    • Add Authentik SSO to Jellyfin with admin group mapping
    • Container builds now trigger automatically on merge to main (path-based) and use commit-SHA-based image tags (vX.Y.Z-<sha>) for full traceability. The container-tag-and-release task is replaced by container-build-and-release which dispatches workflows via the Forgejo API. Added pre-commit hook to keep container versions in sync with service-versions.yaml.
    • Register Zot as an OIDC client in Authentik via blueprint, with artifact-workloads group, zot-ci service account, and OIDC credentials template for Ansible deployment.
    • Enable OIDC + API key authentication on zot registry with three-tier access control (anonymous read, CI create, admin full). Wire both CI push paths (Dagger and Nix/skopeo) with registry credentials via Forgejo Actions secrets. Allow anonymous Prometheus metrics scraping via accessControl.metrics.users.

    Bug Fixes

    • Fix frigate-notify notification pipeline: switch to webapi polling, enable dedup, drop events without snapshots, use hi-res snapshots

    Infrastructure

    • Add Mikado prereq for commit-based container tagging scheme to harden-zot-registry chain
    • Convert deploy-authentik plan to C2 Mikado chain entry point.
    • Add flake-update Dagger pipeline for updating ringtail NixOS flake inputs.
    • Upgrade frigate-notify from v0.3.5 to v0.5.4

    Documentation

    • Add deployment plan for Authentik identity provider to replace Dex

    Documentation

    Download docs-v1.11.0.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.11.0/docs-v1.11.0.tar.gz
    Downloads
  • v1.10.0 d21798b1f3

    BlumeOps v1.10.0 Stable

    eblume released this 2026-02-19 20:45:42 -08:00 | 620 commits to main since this release

    BlumeOps release v1.10.0

    What's Changed

    Features

    • Deploy Dex OIDC identity provider on ringtail with Grafana as first SSO client.
    • Added Nix container build for nettest, validating the full nix-container-builder pipeline on ringtail. One git tag now triggers both Dockerfile and Nix workflows — each skips if its build file is absent. Rewrote container-tag-and-release as a typer CLI with --dry-run support. Added container policy.json and registries.conf to ringtail for skopeo.
    • Add NixOS configuration for ringtail (gaming/compute workstation with RTX 4080). Includes declarative disk partitioning via disko, NVIDIA drivers, sway/Wayland desktop, Steam, Tailscale, and Ansible-driven provisioning.
    • Add screen lock, idle timeout, and sleep prevention to ringtail: swaylock locks after 15min, display powers off after 60min, machine never suspends.
    • Systemd Forgejo Actions runner on ringtail (nix-container-builder label) for building containers with nix build and pushing via skopeo. K3s cluster retained for future workloads. 1Password Connect + External Secrets Operator available for k8s secret management.

    Bug Fixes

    • Cap detect FPS to 2 and sync motion masks/zones from live config
    • Fix zk-docs task to use new path for troubleshooting doc after how-to reorg.
    • Inhibit swayidle lock screen when a fullscreen window is active on ringtail, preventing screen lock during gamepad-only gaming sessions.
    • Make 1Password secret tasks in ringtail playbook idempotent by checking kubectl apply output instead of always reporting changed.

    Infrastructure

    • Port Frigate NVR to ringtail k3s with RTX 4080 GPU acceleration (TensorRT/ONNX), replacing the ZMQ-based Apple Silicon detector on indri.
    • Replace Homepage Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile built from upstream v1.10.1. Gives full version control and matches the pattern used by other blumeops services.
    • Port ntfy to a locally built container image from forge mirror source.
    • Port Mosquitto (MQTT) and ntfy to ringtail k3s; retire Apple Silicon Detector from indri.
    • Ringtail post-install: NixOS config (sway with Catppuccin Macchiato theme, fish, 1Password, Steam, LibreWolf, Bluetooth audio, chezmoi, dev tools, nix-ld), Dagger flake-lock pipeline, improved provision-ringtail workflow, services-check integration, and reference documentation.
    • Add ringtail DeviceTags to Pulumi and allow homelab-to-homelab Tailscale SSH for cross-host ansible/management.
    • Update Frigate zone masks from live config and expand alert notifications to cover both Driveway and Driveway_entrance zones.
    • Add Apple Silicon ZMQ detector for Frigate — inference moves from in-pod ONNX CPU to CoreML on indri via ZMQ, using YOLOv9-m model
    • Deploy Tailscale operator on ringtail k3s cluster
    • Upgrade ntfy from v2.11.0 to v2.17.0 and add ntfy and frigate reference docs.
    • Update External Secrets Operator Helm chart from 1.3.1 to 2.0.0 (operator v1.3.2)
    • Upgrade Frigate NVR from 0.16.4 to 0.17.0-rc2 (prerequisite for Apple Silicon ZMQ detector)

    Documentation

    • Add Dex OIDC documentation: reference card, federated login explanation, services-check integration, and updated plan.
    • Update services-check and documentation to reflect Frigate, Mosquitto, and ntfy migration from indri minikube to ringtail k3s (PRs #216, #217).
    • Review and fix update-documentation how-to: add missing cache purge step, clean up fragment types table.

    Documentation

    Download docs-v1.10.0.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.10.0/docs-v1.10.0.tar.gz
    Downloads
  • v1.9.4 27d8f3cf1f

    BlumeOps v1.9.4 Stable

    eblume released this 2026-02-17 07:30:38 -08:00 | 658 commits to main since this release

    BlumeOps release v1.9.4

    What's Changed

    Documentation

    • Reorganize how-to guides into deployment/, configuration/, and operations/ subdirectories; review and update gandi-operations doc; fix missing cv.eblu.me CNAME in gandi reference card.

    Documentation

    Download docs-v1.9.4.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.9.4/docs-v1.9.4.tar.gz
    Downloads
  • v1.9.3 779b7d6709

    BlumeOps v1.9.3 Stable

    eblume released this 2026-02-16 21:25:46 -08:00 | 660 commits to main since this release

    BlumeOps release v1.9.3

    What's Changed

    Features

    • Add service version review system with mise run service-review task, tracking file, and how-to guide.
    • Add UniFi admin link to homepage dashboard bookmarks.

    Infrastructure

    • Eliminate double towncrier run in release workflow — changelog is now built once on the runner, then the pre-processed source tree is passed to a new build_quartz Dagger function for the Quartz site build only.
    • First service version review: pin mosquitto to 2.0.22, bump tailscale-operator to v1.94.2, record 7 reviewed services

    Documentation

    Download docs-v1.9.3.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.9.3/docs-v1.9.3.tar.gz
    Downloads
  • v1.9.2 2c55c2316e

    BlumeOps v1.9.2 Stable

    eblume released this 2026-02-16 15:51:12 -08:00 | 666 commits to main since this release

    BlumeOps release v1.9.2

    What's Changed

    Features

    • Add how-to guide for building container images and port navidrome to a custom-built container image.

    Bug Fixes

    • Fix Frigate repeatedly alerting on parked cars by removing per-object max_frames and setting stationary interval to 0. Make Frigate config writable so UI changes (zones, masks) persist within a pod lifecycle.
    • Switch navidrome to custom container image with dedicated non-root user and fsGroup security context

    Documentation

    • Review expose-service-publicly doc: replace stale inline code with references to actual files, add observability sidecar section, fix broken internal link, update templates to current patterns.

    Documentation

    Download docs-v1.9.2.tar.gz and configure the quartz container with:

    DOCS_RELEASE_URL=https://forge.ops.eblu.me/eblume/blumeops/releases/download/v1.9.2/docs-v1.9.2.tar.gz
    Downloads