eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/infrastructure/tailscale.md
Erich Blume 01adc4cf0f Switch to title-based wiki-links (#91) 
## Summary
- Remove aliases from all zk cards to prevent them from capturing wiki-links
- Convert all wiki-links from `[[filename|Title]]` to `[[Title]]` format
- Replace `doc-filenames` task with `doc-titles` for duplicate title detection
- Update pre-commit hook to use `doc-titles`

Wiki-links now resolve to reference docs by their frontmatter title, which is more readable and maintainable than filename-based links.

## Deployment and Testing
- [x] Pre-commit hooks pass (including new `doc-titles` check)
- [x] Manually verified zk cards have aliases removed
- [ ] Deploy docs v1.0.7 and verify wiki-links resolve correctly
- [ ] Test links to reference docs (e.g., [[Grafana Alloy]], [[ArgoCD]])

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/91
2026-02-03 15:55:31 -08:00

1.8 KiB
Raw Blame History

title tags
Tailscale
infrastructure
network

Tailscale

Tailnet tail8d86e.ts.net provides secure networking for all BlumeOps infrastructure.

ACL Management

ACLs managed via Pulumi in pulumi/policy.hujson.

Groups

Group Members Purpose
group:allisonflix admin, member Jellyfin media access

Device Tags

Tag Devices Purpose
tag:homelab indri Server infrastructure
tag:nas sifaka Network-attached storage
tag:blumeops indri, sifaka Pulumi IaC managed resources
tag:registry indri Container registry access
tag:k8s-api indri Kubernetes API server access

Important: Don't tag user-owned devices (like gilbert). Tagging converts them to "tagged devices" which lose user identity and break user-based SSH rules.

Access Matrix

Source Kiwix Forge PyPI Miniflux PostgreSQL NAS Grafana Loki
autogroup:admin Y Y Y Y Y Y Y Y
autogroup:member Y Y Y Y Y - - -
tag:homelab - - - - - Y - -
  • Admins - full access to all services
  • Members - member services only, no Grafana/Loki/NAS

SSH Access

Source Destinations Auth
autogroup:member autogroup:self check
autogroup:admin tag:homelab check (12h)
autogroup:admin tag:nas check (12h)

OAuth Credentials

Pulumi uses OAuth client from 1Password (blumeops vault):

  • Scopes: acl, dns, devices, services
  • Auto-applies tag:blumeops to IaC-managed resources

Related