eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/index.md
Erich Blume 64a78422b1
Some checks failed
Deploy Fly.io Proxy / deploy (push) Failing after 9s
Details
Add Fly.io public reverse proxy for docs.eblu.me (#120) 
## Summary

- Adds a Fly.io reverse proxy (`blumeops-proxy`) that tunnels public traffic to homelab services over Tailscale
- First service exposed: `docs.eblu.me` — the Quartz static docs site
- Includes Pulumi IaC for Tailscale auth key/ACLs and Gandi DNS CNAME
- Adds mise tasks (`fly-deploy`, `fly-setup`, `fly-shutoff`) and Forgejo CI workflow

## Key details

- Fly.io Firecracker VMs support TUN devices natively — no userspace networking needed
- Tailscale auth key is `preauthorized=True` to avoid device approval hangs on container restarts
- nginx caches aggressively for the static site; health check is on the default_server block
- ACLs restrict `tag:flyio-proxy` to `tag:k8s` on port 443 only
- DNS CNAME deployed and verified: `docs.eblu.me` → `blumeops-proxy.fly.dev`

## Test plan

- [x] `curl -sf https://blumeops-proxy.fly.dev/healthz` returns `ok`
- [x] `curl -I -H "Host: docs.eblu.me" https://blumeops-proxy.fly.dev/` returns 200 with `X-Cache-Status`
- [x] `curl -I https://docs.eblu.me/` returns 200 with valid Let's Encrypt cert
- [x] `dig forge.ops.eblu.me` still resolves to 100.98.163.89 (private services unaffected)
- [x] Set `FLY_DEPLOY_TOKEN` Forgejo Actions secret for CI auto-deploy

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/120
2026-02-08 02:36:19 -08:00

1.8 KiB
Raw Blame History

title aliases id tags
BlumeOps
index

Welcome to the BlumeOps (aka "Blue Mops") documentation. Here you will find hopefully everything you'll need to understand and operate my personal digital infrastructure.

New here? Start with exploring-the-docs to find your way around.

What is BlumeOps?

BlumeOps is my personal homelab infrastructure managed entirely through code. Everything lives in a single git repository, from service configs to deployment automation. Even the forgejo instance that hosts this repo is defined within it, making BlumeOps fully self-hosting. It's a digital life raft I built for myself as I went, and you can see it all from within your editor of choice. (I recommend vim.)

These services run on my home hosts, primarily an m1 mac mini named indri and a Synology NAS called sifaka. The infrastructure is networked via tailscale, with the domain eblu.me hosted via gandi, caddy providing a private reverse proxy for tailnet devices, and flyio-proxy serving public-facing services like this documentation site.

The goal of BlumeOps is threefold:

  1. To provide a rich array of useful personal services in order to manage my own digital life.
  2. To exercise my skills as a software engineer specializing in Platforms/DevOps/SRE.
  3. To act as a portfolio piece for talking about building hosted software platforms.

Sections

  • tutorials - Learning-oriented guides for getting started
  • reference - Technical specifications and service details
  • how-to - Task-oriented instructions for common operations
  • explanation - Understanding the "why" behind BlumeOps
  • CHANGELOG - Release history and changes