eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/how-to/gandi-operations.md
Erich Blume b0bac91ca9 Fix frontmatter field name for Quartz date display (#158) 
## Summary

- Rename `date-modified` -> `modified` in all 80 docs and the `docs-check-frontmatter` task

Quartz's `CreatedModifiedDate` plugin recognizes `modified`, `lastmod`, `updated`, and `last-modified` — but not `date-modified`. The wrong field name caused Quartz to ignore frontmatter dates entirely and fall through to filesystem timestamps (UTC inside Dagger), showing Feb 12 on pages built late on Feb 11 PST.

## Test plan

- [x] `mise run docs-check-frontmatter` passes
- [ ] Kick off docs release after merge — verify rendered dates match frontmatter values

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/158
2026-02-11 16:45:12 -08:00

2.2 KiB
Raw Blame History

title modified tags
Gandi Operations 2026-02-08
how-to
dns
pulumi

Gandi Operations

How to manage DNS records and cycle the Gandi API token.

Prerequisites

  • Pulumi CLI installed (brew install pulumi)
  • Access to 1Password blumeops vault (for PAT)
  • On the tailnet (Pulumi resolves indri's IP via MagicDNS)

Preview and Apply DNS Changes

# Preview changes (always do this first)
mise run dns-preview

# Apply changes
mise run dns-up

Both tasks fetch the Gandi PAT from 1Password automatically.

To run Pulumi directly:

export GANDI_PERSONAL_ACCESS_TOKEN=$(op item get mco6ka3dc3rmw7zkg2dhia5d2m --field pat --reveal --vault vg6xf6vvfmoh5hqjjhlhbeoaie)
cd pulumi/gandi
pulumi preview
pulumi up --yes

Cycle the Gandi PAT

The Gandi Personal Access Token has a maximum lifetime of 90 days. Currently set to 30 days as a security compromise, though shorter may be appropriate given infrequent use.

1. Create a new PAT

Go to the Gandi admin console and create a new token:

  • Name: blumeops-pulumi (or similar)
  • Expiration: 30 days (max 90; shorter is fine if you run this rarely)
  • Required permission: Manage domain name technical configurations
  • Also enable: See and renew domain names

Copy the new PAT to your clipboard.

2. Update 1Password

With the new PAT on your clipboard:

op item edit mco6ka3dc3rmw7zkg2dhia5d2m pat="$(pbpaste)" --vault vg6xf6vvfmoh5hqjjhlhbeoaie

3. Delete the old PAT

Return to the Gandi admin console and delete the previous token.

4. Verify

mise run dns-preview

A successful preview confirms the new PAT is working.

Break-Glass Override

If MagicDNS is unavailable and Pulumi can't resolve indri's IP, set the target IP manually. Find indri's current Tailscale IP via tailscale status or the admin console:

export BLUMEOPS_REVERSE_PROXY_IP=<indri-tailscale-ip>
mise run dns-up

Related

  • gandi - DNS configuration reference
  • caddy - Reverse proxy (also uses a Gandi token for TLS)
  • update-tailscale-acls - Similar Pulumi workflow for Tailscale