Erich Blume
0dce806107
## Summary - Rewrites the UniFi Pulumi plan doc to use filipowm/unifi Terraform provider via `pulumi package add terraform-provider` (replaces pulumiverse_unifi approach) - Adds network segmentation goals (main/guest/IoT WiFi zones) and API key auth - Creates UniFi reference card (`docs/reference/infrastructure/unifi.md`) with topology diagram - Updates all documentation indexes (plans.md, how-to.md, hosts.md, reference.md) ## What's Deferred Actual stack scaffolding (`pulumi/unifi/`), mise tasks, and `pulumi import` are blocked on switch purchase and cabling. The plan doc captures everything needed for a future execution session. ## Verification - `docs-check-links` passes (all wiki-links resolve) - `docs-check-index` passes (unifi.md referenced in reference.md) - Pre-commit hooks pass Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/145
2.5 KiB
2.5 KiB
| title | tags | |
|---|---|---|
| Reference |
|
Reference
Technical specifications, inventories, and configuration details for BlumeOps infrastructure.
Services
Individual service reference cards with URLs and configuration details.
| Service | Description | Location |
|---|---|---|
| [[alloy | Alloy]] | Observability collector (metrics & logs) |
| argocd | GitOps continuous delivery | k8s |
| borgmatic | Backup system | indri |
| caddy | Reverse proxy & TLS termination | indri |
| 1password | Secrets management | cloud + k8s |
| forgejo | Git forge & CI/CD | indri |
| grafana | Dashboards & visualization | k8s |
| immich | Photo management | k8s |
| jellyfin | Media server | indri |
| kiwix | Offline Wikipedia & ZIM archives | k8s |
| loki | Log aggregation | k8s |
| miniflux | RSS feed reader | k8s |
| navidrome | Music streaming | k8s |
| postgresql | Database cluster | k8s |
| prometheus | Metrics collection | k8s |
| teslamate | Tesla data logger | k8s |
| transmission | BitTorrent daemon | k8s |
| zot | Container registry | indri |
| devpi | PyPI caching proxy | k8s |
| docs | Documentation site (Quartz) | k8s |
| flyio-proxy | Public reverse proxy (Fly.io + Tailscale) | Fly.io |
| automounter | SMB share automounter | indri |
Infrastructure
Host inventory and network configuration.
- hosts - Device inventory
- indri - Primary server
- gilbert - Development workstation
- tailscale - ACLs, groups, tags
- gandi - DNS hosting for
eblu.me - unifi - Home WiFi router (UniFi Express 7)
- routing - DNS domains, port mappings
- power - Battery-backed power chain
Kubernetes
Cluster configuration and application registry.
- cluster - Minikube specs, storage, networking
- apps - ArgoCD application registry
- tailscale-operator - Tailscale ingress for k8s services
- external-secrets - Secrets management
Ansible
Configuration management for indri-hosted services.
- roles - Available ansible roles
Storage
Network storage and backup configuration.
- sifaka - Synology NAS configuration
- postgresql-storage - Database cluster
- backups - Backup policy and schedule
Operations
Operational concerns and their components.
- observability - Metrics, logs, dashboards
- backup - Data protection
- disaster-recovery - Recovery procedures (TBD)