Erich Blume
54db8643a1
- security-model: Replace "no public access" with Fly.io proxy description - routing: Add *.eblu.me as third DNS domain for public services - architecture: Add Fly.io to network layer and service routing table - CLAUDE.md: Add public routing domain to routing table - gandi: Add public CNAME records section - tailscale-operator: Document ProxyGroup, VIP routing, per-Ingress tags - flyio-proxy: Clarify why Alloy uses direct Tailscale endpoints (ACL) - Remove hardcoded Tailscale IP (100.98.163.89) from docs, use DNS names Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.4 KiB
1.4 KiB
| title | tags | ||
|---|---|---|---|
| Indri |
|
Indri
Primary BlumeOps server. Mac Mini M1 (2020).
Specifications
| Property | Value |
|---|---|
| Model | Mac mini M1, 2020 (Macmini9,1) |
| Storage | 2TB internal SSD |
| macOS | 15.7.3 (Sequoia) |
| Tailscale hostname | indri.tail8d86e.ts.net |
| Tailscale Tag | tag:homelab |
| UPS | Anker SOLIX F2000 GaNPrime |
Services Hosted
Native (via Ansible):
- forgejo - Git forge
- zot - Container registry
- jellyfin - Media server
- borgmatic - Backup system
- alloy - Metrics/logs collector
- caddy - Reverse proxy for
*.ops.eblu.me
Kubernetes (via minikube):
GUI Applications (manual start required):
- Docker Desktop - Container runtime for minikube
- Amphetamine - Prevents sleep
- automounter - Mounts sifaka SMB shares
Maintenance Notes
Sleep prevention: Uses Amphetamine (App Store) to prevent sleep. If Amphetamine crashes after extended uptime, consider switching to pmset or caffeinate via ansible.
Passwordless sudo: Configured for erichblume user (/etc/sudoers.d/erichblume) to allow ansible become: true without prompts. Acceptable given Tailscale is the trust boundary.
Related
- routing - Port mappings
- cluster - Minikube details
- automounter - SMB share mounting
- restart-indri - Shutdown and startup procedure