eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/tools/pulumi.md
Erich Blume 517080aeab Add reference/tools/ category with Dagger, ArgoCD CLI, Ansible, and Pulumi cards (#178) 
## Summary

- Create `docs/reference/tools/` with four reference cards: Dagger (build engine), ArgoCD CLI (deployment workflows), Ansible (config management), and Pulumi (DNS/Tailscale IaC)
- Move `ansible/roles.md` → `tools/ansible.md`, broadened with CLI patterns and dry-run usage
- Update `reference.md` index: add "Tools" section, remove old "Ansible" section
- Update `update-documentation.md` to reflect Dagger build process (workflow steps, manual build recipe, runner environment)
- Update `adopt-dagger-ci.md` plan to note how-to articles were handled via reference card + existing how-to updates
- Fix all broken `[[roles]]` wiki-links across 5 files → `[[ansible]]`

## Verification

- `docs-check-links` ✓ — no broken wiki-links
- `docs-check-index` ✓ — all docs referenced in category index
- `docs-check-filenames` ✓ — no duplicate filenames
- All pre-commit hooks pass

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/178
2026-02-12 19:18:46 -08:00

1.5 KiB
Raw Blame History

title modified tags
Pulumi 2026-02-12
reference
iac
pulumi

Pulumi

Infrastructure-as-Code for DNS and Tailscale ACL management. Two independent projects, both using the Python SDK with uv toolchain.

Projects

Project Stack Source Manages
blumeops-dns eblu-me pulumi/gandi/ DNS records for eblu.me via Gandi LiveDNS
blumeops-tailnet tail8d86e pulumi/tailscale/ ACL policy, device tags, auth keys

DNS (blumeops-dns)

Manages *.ops.eblu.me wildcard and base records pointing to indri's Tailscale IP, plus public CNAME records for services routed via flyio-proxy.

Tailnet (blumeops-tailnet)

Manages the ACL policy (policy.hujson), device tags for indri and sifaka, and auth keys for the Fly.io proxy.

CLI Patterns

All operations use mise tasks that wrap pulumi with the correct stack and working directory:

# DNS
mise run dns-preview     # Preview DNS changes
mise run dns-up          # Apply DNS changes

# Tailscale
mise run tailnet-preview # Preview ACL/tag changes
mise run tailnet-up      # Apply ACL/tag changes

Authentication

  • Gandi: GANDI_PERSONAL_ACCESS_TOKEN environment variable
  • Tailscale: TAILSCALE_API_KEY environment variable
  • Pulumi state: Local backend (no Pulumi Cloud)

Related