- Nix 32.5%
- Jinja 21.5%
- Python 17.9%
- Shell 11.8%
- Go 8.1%
- Other 8.2%
Erich Blume
1184b4de1d
## Summary - Add layer4 TCP proxy configuration to Caddyfile template for SSH services - Configure Forgejo SSH on port 2222 → localhost:2200 - Switch HTTPS from port 8443 (testing) to 443 (production) - Requires Caddy rebuilt with `github.com/mholt/caddy-l4` plugin ## What This Enables Git+SSH access via `forge.ops.eblu.me:2222` is now accessible from: - Tailnet clients (gilbert) - Docker containers on indri - Kubernetes pods in minikube This solves the DNS resolution issues where containers couldn't reach Tailscale MagicDNS names. ## Testing Done - [x] Caddy rebuilt with layer4 plugin - [x] Validated Caddyfile syntax - [x] Cleared `svc:forge` from tailscale serve - [x] Verified HTTPS works: `curl https://forge.ops.eblu.me` - [x] Verified SSH works: `ssh -p 2222 forgejo@forge.ops.eblu.me` - [x] Verified git clone works via new endpoint - [x] Verified minikube pods can reach both HTTPS and SSH endpoints ## Deployment Caddy is already running with the new config on indri. This PR captures the ansible changes. ## Next Steps - Update zk docs with new git remote format - Migrate registry and other services to Caddy - Retire tailscale_services ansible role 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/56 |
||
|---|---|---|
| .claude | ||
| .forgejo | ||
| .github | ||
| ansible | ||
| argocd | ||
| containers/nettest | ||
| mise-tasks | ||
| pulumi | ||
| .ansible-lint | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| .yamllint.yaml | ||
| Brewfile | ||
| CLAUDE.md | ||
| mise.toml | ||
| README.md | ||
blumeops
l0K k..:k.
.:...c. ;c....
....'o x.....
....k x....
... l' 'c....
....,l o'....
.....x k....
.....d. c....
... l x....
.,.d ;c.c'
'c':; x',c.
.:,'o .x.::.
.;:.k ,:.c'
,c.c';:.
.,.:;.
;'.c, l
d',c..:.d.
O.:;. 'c';c
;c.c' .:;.x
o',c. .;:.k
x.::. 'c.l.
dOKl.c, .c,'o
0l'...... ..' .::.ocx.
'o ............ o .... :olx;
x,ox;. ....... .k ....,dKKo;..x
'd,OXXXXk:. ...... ; ;:dXOl;',';l;o;
x,oXXXXXXXXXkc. ... .lc,',':dKNNNx;x;
;o;0KXXXXXXXXXXXX0l. .',ckNNNNNNNNNxco0d
l,d0oOXKOKXXXXKXXXX0. kNNNNNNNNNNNNNXxloo::
.OXxdXKOX0kXXXX0. .KNNNNNNNNNNXONX0o.
,OdxKldXXXXx. ,NNNNNNNNNNNKoc
:.OXXkKo .kNNNNNNNNXx.
':0c .NdNkXkc
Blue Mops — GitOps for Erich Blume's personal computing environment.
What is this?
Infrastructure-as-code for my tailnet (tail8d86e.ts.net). This repo contains
ansible playbooks, configuration, and automation for managing my personal
infrastructure.
This codebase was heavily co-authored by Claude Code, as an experiment in LLM-assisted development. I want to include a personal note here that I don't know entirely how I feel about LLMs in our current era, but it felt important to learn.
Development
Pre-commit Hooks
This repo uses pre-commit for code quality and consistency. Install hooks with:
uvx pre-commit install
Run all hooks manually:
uvx pre-commit run --all-files
Hooks include:
- General: trailing whitespace, end-of-file fixer, large files, merge conflicts
- Secrets: TruffleHog for secret detection
- YAML: yamllint, ansible-lint
- Python: ruff (linting + formatting)
- Shell: shellcheck, shfmt
- TOML: taplo
- JSON: prettier
CI/CD
This repo uses Forgejo Actions for CI/CD. Workflows live in .forgejo/workflows/ (not .github/workflows/). The runner executes jobs in host mode within the Kubernetes cluster.
Documentation
Detailed documentation lives in my personal zettelkasten, which is not included in this repository. You can view the docs with:
mise run zk-docs
The zettelkasten is private at time of writing. If you're interested in the documentation or have questions about this project, please reach out to blume.erich@gmail.com.