Erich Blume
b197bd5f58
## Summary Migrates the docs build pipeline to Dagger (Phase 2 of the Dagger CI adoption plan). - **Backfill `date-modified` frontmatter** on all 80 docs — Dagger's `--src=.` excludes `.git`, so Quartz can't use git history for page dates. Frontmatter dates work with or without git. - **New `docs-check-frontmatter` mise task + pre-commit hook** — validates all docs have `title`, `tags`, and `date-modified` - **New Dagger functions** — `build_changelog` (towncrier in Python container) and `build_docs` (chains changelog → Quartz build in Node container, returns tarball) - **Simplified CI workflow** — the ~44-line inline Quartz build (clone, npm ci, build, tar, cleanup) is replaced by `dagger call build-docs`. Changelog step remains local on the runner since towncrier needs to modify the host working tree for the git commit. ### Design decisions - **Towncrier runs twice in CI**: once inside Dagger (for the docs tarball) and once on the runner (for the git commit). This is intentional — Dagger's directory export is additive and can't delete the consumed changelog fragments from the host. - **Artifact hosting stays on Forgejo Releases** (not migrated to Forgejo Packages as the plan doc originally suggested). That migration can happen independently. - **`date-modified` frontmatter** preserved even though `build_changelog` installs git — the git there is only for towncrier's `git add` call, not for history. The local iteration story (`dagger call build-docs --src=. --version=dev` with uncommitted changes) depends on frontmatter dates. ### Local iteration ```bash dagger call build-docs --src=. --version=dev export --path=./docs-dev.tar.gz tar tf docs-dev.tar.gz | head -20 ``` ## Deployment and Testing - [x] `dagger call build-docs --src=. --version=dev` produces valid 1.1MB tarball (149 HTML pages) - [x] Pre-commit hooks pass (including new `docs-check-frontmatter`) - [ ] Full `workflow_dispatch` run after merge 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/157
3.1 KiB
3.1 KiB
| title | date-modified | tags | ||
|---|---|---|---|---|
| Routing | 2026-02-09 |
|
Service Routing
Services are accessible via three DNS domains with different reachability.
DNS Domains
| Domain | Proxy | Reachable From |
|---|---|---|
*.eblu.me |
flyio-proxy (Fly.io → Tailscale tunnel) | Public internet |
*.ops.eblu.me |
Caddy on indri | k8s pods, docker containers, tailnet clients |
*.tail8d86e.ts.net |
Tailscale MagicDNS | Tailnet clients only |
Use *.ops.eblu.me for services that need pod-to-service communication. Use *.eblu.me for services exposed publicly via Fly.io.
Caddy Services (*.ops.eblu.me)
DNS points to indri's Tailscale IP. TLS via Let's Encrypt (ACME DNS-01 with Gandi).
| Service | URL | Description |
|---|---|---|
| Homepage | https://go.ops.eblu.me | Service dashboard |
| forgejo | https://forge.ops.eblu.me | Git hosting (SSH: 2222) |
| zot | https://registry.ops.eblu.me | Container registry |
| grafana | https://grafana.ops.eblu.me | Dashboards |
| argocd | https://argocd.ops.eblu.me | GitOps CD |
| prometheus | https://prometheus.ops.eblu.me | Metrics |
| loki | https://loki.ops.eblu.me | Logs |
| miniflux | https://feed.ops.eblu.me | RSS reader |
| kiwix | https://kiwix.ops.eblu.me | Offline Wikipedia |
| transmission | https://torrent.ops.eblu.me | BitTorrent |
| teslamate | https://tesla.ops.eblu.me | Tesla logger |
| navidrome | https://dj.ops.eblu.me | Music streaming |
| jellyfin | https://jellyfin.ops.eblu.me | Media server |
| postgresql | pg.ops.eblu.me:5432 | Database |
| [[sifaka | Sifaka]] | https://nas.ops.eblu.me |
Public Services (*.eblu.me)
DNS CNAMEs point to blumeops-proxy.fly.dev. TLS via Fly.io-managed Let's Encrypt. Traffic tunnels back to the homelab over Tailscale. Only services tagged tag:flyio-target are reachable by the proxy — see flyio-proxy for details.
| Service | URL | Description |
|---|---|---|
| docs | https://docs.eblu.me | Documentation site |
Tailscale-Only Services
| Service | URL | Description |
|---|---|---|
| Kubernetes | https://k8s.tail8d86e.ts.net | Minikube API |
Port Map (Indri)
| Port | Service | Protocol | Binding | Notes |
|---|---|---|---|---|
| 443 | Caddy | HTTPS | 0.0.0.0 | Reverse proxy |
| 2222 | Caddy L4 | TCP | 0.0.0.0 | SSH proxy to Forgejo |
| 5432 | Caddy L4 | TCP | 0.0.0.0 | PostgreSQL proxy |
| 9100 | Caddy L4 | TCP | 0.0.0.0 | Sifaka node_exporter proxy |
| 9633 | Caddy L4 | TCP | 0.0.0.0 | Sifaka smartctl_exporter proxy |
| 2200 | Forgejo SSH | TCP | localhost | Built-in SSH server |
| 3001 | Forgejo | HTTP | localhost | Web UI |
| 5050 | Zot | HTTP | localhost | Registry API |
| 8096 | Jellyfin | HTTP | localhost | Media server |
| 44491 | K8s API | HTTPS | 0.0.0.0 | Minikube API server |
Related
- gandi - DNS hosting for
eblu.me - tailscale - ACL configuration
- indri - Where services run
- flyio-proxy - Public reverse proxy for
*.eblu.me - expose-service-publicly - How to add a new public service