Erich Blume b8104d75ad Move zk cards to docs/zk/ for documentation restructuring (#84 )

## Summary
- Move all existing zettelkasten cards from `docs/` to `docs/zk/` as a temporary holding area
- Update `zk-docs` mise task to look in the new location
- Add `docs/README.md` explaining the Diataxis-based restructuring plan and target audiences

## Context
This is phase 1 of a multi-phase documentation restructuring effort. The goal is to reorganize docs to follow the Diataxis framework while serving multiple audiences:
1. Erich (owner) - knowledge graph/zk
2. Claude/AI agents - memory and context enrichment
3. New external readers - high-level overview
4. Potential operators/contributors - onboarding
5. Replicators - people wanting to duplicate the approach

## Testing
- [x] Verified `mise run zk-docs` still works with the new path
- [x] Updated obsidian.nvim config (in ~/.config/nvim) to point to new path

## Note
The obsidian.nvim config change is outside this repo but was made as part of this work.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/84

2026-02-03 09:13:50 -08:00

1.7 KiB

Raw Blame History

aliases

Pulumi Tailnet IaC Management Log

Pulumi manages the tail8d86e.ts.net tailnet configuration, including ACLs, tags, and DNS settings.

Architecture

Two-layer approach:

Layer 1 (Pulumi): Tailnet-wide config - ACLs, tags, DNS (this card)
Layer 2 (Ansible): Node-local tailscale serve config - see tailscale_serve role

Service Details

State backend: Pulumi Cloud (https://app.pulumi.com/eblume/blumeops-tailnet)
Stack: tail8d86e
Config directory: pulumi/ in blumeops repo
Policy file: pulumi/policy.hujson (HuJSON with comments)

Authentication

Uses OAuth client stored in 1Password (blumeops vault):

Client configured with scopes: acl, dns, devices, services
Auto-applies tag:blumeops to IaC-managed resources

Useful Commands

# Preview changes
mise run tailnet-preview

# Apply changes
mise run tailnet-up

# View current state
mise run tailnet-preview

# Pass additional args
mise run tailnet-up -- --yes

Making ACL Changes

Edit pulumi/policy.hujson in the blumeops repo
Run mise run tailnet-preview to see what will change
Run mise run tailnet-up to apply
Commit and push

What's Managed

Currently managed by Pulumi:

ACL policy (tailscale:index:Acl)

Can be added later:

DNS nameservers (tailscale:index:DnsNameservers)
DNS search paths (tailscale:index:DnsSearchPaths)
Tailnet settings (tailscale:index:TailnetSettings)

Log

Wed Jan 15 2026

Initial setup with Pulumi + Python
Imported existing ACL from Tailscale
State stored in Pulumi Cloud (free tier)
OAuth authentication via 1Password

1.7 KiB Raw Blame History