blumeops/docs/how-to/plans/plans.md

title	modified	tags
Plans	2026-02-20	how-to plans

Plans

Migration and transition plans for upcoming infrastructure changes. Each plan is a how-to document that captures the full context, steps, and verification criteria for a future execution session.

Plans differ from regular how-to guides in that they describe work that has been designed but not yet executed. Once a plan is completed, it moves to completed.

Plan	Status	Description
migrate-forgejo-from-brew	Planned	Transition Forgejo from Homebrew to source-built binary with LaunchAgent
add-unifi-pulumi-stack	Abandoned	Add Pulumi IaC for UniFi Express 7 (provider bugs — see doc)
upstream-fork-strategy	Planned	Stacked-branch forking strategy for tracking upstream projects
adopt-oidc-provider	Completed	Deploy OIDC identity provider for SSO across services
harden-zot-registry	Planned	Add authentication and tag immutability to zot registry
forgejo-actions-dashboard	Planned	Grafana dashboard and custom Prometheus exporter for Forgejo Actions CI metrics
upgrade-grafana-helm-chart	Planned	Upgrade Grafana Helm chart from 8.8.2 to 11.x (3 phases)
deploy-authentik	Active (C2)	Deploy Authentik identity provider to replace Dex for full SSO and user management
build-authentik-container	Active (C2)	Build Nix container image for Authentik (prerequisite of deploy-authentik)
provision-authentik-database	Active (C2)	Create PostgreSQL database for Authentik (prerequisite of deploy-authentik)
create-authentik-secrets	Active (C2)	Create 1Password secrets for Authentik (prerequisite of deploy-authentik)
operationalize-reolink-camera	Planned	Cloud-free NVR with Frigate, object detection, and ring buffer recording to sifaka