Erich Blume
55a846eb25
The plans/ directory predated the mikado method approach. Deleted all completed and abandoned plans, converted the still-relevant migrate-forgejo-from-brew into a lean mikado chain root card under how-to/forgejo/, cleaned up dangling wiki-links across docs, and fixed a stale "pre-commit" reference to "prek". Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3.9 KiB
| title | modified | tags | |
|---|---|---|---|
| How-To | 2026-02-22 |
|
How-To Guides
Task-oriented instructions for common BlumeOps operations. These guides assume you already understand the basic concepts - see tutorials if you're learning.
Deployment
| Guide | Description |
|---|---|
| deploy-k8s-service | Deploy a new service to Kubernetes via ArgoCD |
| add-ansible-role | Add a new Ansible role for indri services |
| create-release-artifact-workflow | Build artifacts and publish to Forgejo packages |
| build-container-image | Build and release a custom container image via Dagger |
Configuration
| Guide | Description |
|---|---|
| update-tailscale-acls | Update Tailscale access control policies |
| gandi-operations | Manage DNS records and cycle the Gandi API token |
| use-pypi-proxy | Configure pip and publish packages to devpi |
| expose-service-publicly | Expose a service to the public internet via Fly.io + Tailscale |
| manage-forgejo-mirrors | Create mirrors, update PATs, and rotate GitHub credentials |
| update-documentation | Publish docs via build-blumeops workflow |
| update-tooling-dependencies | Monthly update cycle for prek hooks, Fly, mise, and workflow deps |
Knowledge Base
| Guide | Description |
|---|---|
| review-documentation | Periodically review and maintain documentation |
| review-services | Periodically review services for version freshness |
| agent-change-process | C0/C1/C2 change classification and Mikado Branch Invariant |
Operations
| Guide | Description |
|---|---|
| connect-to-postgres | Connect to PostgreSQL as a superuser via psql |
| restart-indri | Safely shut down and restart indri |
| manage-flyio-proxy | Deploy, shutoff, and troubleshoot the public proxy |
| restore-1password-backup | Recover 1Password credentials from borgmatic backup |
| troubleshooting | Diagnose and fix common issues |
Forgejo
Mikado chain for migrating Forgejo from Homebrew to source-built binary. Track progress with mise run docs-mikado migrate-forgejo-from-brew.
Ringtail
| Guide | Description |
|---|---|
| manage-lockfile | Update or lock NixOS flake inputs via Dagger |
Zot
Mikado chain for hardening the zot registry. Track progress with mise run docs-mikado harden-zot-registry.
- harden-zot-registry
- register-zot-oidc-client
- wire-ci-registry-auth
- enforce-tag-immutability
- adopt-commit-based-container-tags
- add-container-version-sync-check
- install-dagger-on-nix-runner
- pin-container-versions
- add-dagger-nix-build
- fix-ntfy-nix-version
Authentik
Mikado chain for deploying Authentik. Track progress with mise run docs-mikado deploy-authentik.
- deploy-authentik
- build-authentik-container
- provision-authentik-database
- create-authentik-secrets
- migrate-grafana-to-authentik
Authentik Source Build
Mikado chain for building Authentik from a custom Nix derivation (from source). Track progress with mise run docs-mikado build-authentik-from-source.
- build-authentik-from-source
- mirror-authentik-build-deps
- authentik-api-client-generation
- authentik-python-backend-derivation
- authentik-web-ui-derivation
- authentik-go-server-derivation
Grafana
Mikado chain for upgrading Grafana to 12.x with kustomize and home-built containers. Track progress with mise run docs-mikado upgrade-grafana.
Forgejo Runner
Mikado chain for upgrading the k8s forgejo-runner daemon from v6.3.1 to v12.x. Track progress with mise run docs-mikado upgrade-k8s-runner.