Erich Blume
d21798b1f3
## Summary - Create Dex reference card (`docs/reference/services/dex.md`) with quick reference, architecture, identity source, storage, OIDC clients, secrets, and endpoints - Write federated login explanation article (`docs/explanation/federated-login.md`) covering the Dex + Forgejo two-layer auth model, login flow, and break-glass access - Add Dex to `services-check` (HTTP health endpoint + k3s pod check) - Update Grafana docs with new Authentication section documenting SSO via Dex - Update Forgejo docs with OAuth2 Provider section documenting its role as upstream identity source - Add Dex to ringtail workloads table and reference service index - Move `adopt-oidc-provider` plan to `completed/` with final design reflecting actual implementation ## Test plan - [ ] `mise run services-check` passes (includes new Dex checks) - [ ] `docs-check-links` passes (all wiki-links resolve) - [ ] `docs-check-index` passes (new docs are indexed) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/223
2.9 KiB
2.9 KiB
| title | modified | tags | |
|---|---|---|---|
| Reference | 2026-02-19 |
|
Reference
Technical specifications, inventories, and configuration details for BlumeOps infrastructure.
Services
Individual service reference cards with URLs and configuration details.
| Service | Description | Location |
|---|---|---|
| [[alloy | Alloy]] | Observability collector (metrics & logs) |
| argocd | GitOps continuous delivery | k8s |
| borgmatic | Backup system | indri |
| caddy | Reverse proxy & TLS termination | indri |
| 1password | Secrets management | cloud + k8s |
| forgejo | Git forge & CI/CD | indri |
| frigate | Network video recorder | k8s (ringtail) |
| grafana | Dashboards & visualization | k8s |
| immich | Photo management | k8s |
| jellyfin | Media server | indri |
| kiwix | Offline Wikipedia & ZIM archives | k8s |
| loki | Log aggregation | k8s |
| miniflux | RSS feed reader | k8s |
| navidrome | Music streaming | k8s |
| ntfy | Push notifications | k8s (ringtail) |
| postgresql | Database cluster | k8s |
| prometheus | Metrics collection | k8s |
| teslamate | Tesla data logger | k8s |
| transmission | BitTorrent daemon | k8s |
| zot | Container registry | indri |
| devpi | PyPI caching proxy | k8s |
| cv | Resume / CV site | k8s |
| dex | OIDC identity provider | k8s (ringtail) |
| docs | Documentation site (Quartz) | k8s |
| flyio-proxy | Public reverse proxy (Fly.io + Tailscale) | Fly.io |
| automounter | SMB share automounter | indri |
Infrastructure
Host inventory and network configuration.
- hosts - Device inventory
- indri - Primary server
- ringtail - Service host & gaming PC
- gilbert - Development workstation
- tailscale - ACLs, groups, tags
- gandi - DNS hosting for
eblu.me - unifi - Home WiFi router (UniFi Express 7)
- routing - DNS domains, port mappings
- power - Battery-backed power chain
Tools
Build, deployment, and IaC tool reference.
- dagger - CI/CD build engine (Python SDK)
- argocd-cli - ArgoCD CLI workflows
- ansible - Configuration management for indri
- pulumi - Infrastructure-as-Code (DNS, Tailscale ACLs)
Kubernetes
Cluster configuration and application registry.
- cluster - Minikube specs, storage, networking
- apps - ArgoCD application registry
- tailscale-operator - Tailscale ingress for k8s services
- external-secrets - Secrets management
Storage
Network storage and backup configuration.
- sifaka - Synology NAS configuration
- postgresql-storage - Database cluster
- backups - Backup policy and schedule
Operations
Operational concerns and their components.
- observability - Metrics, logs, dashboards
- backup - Data protection
- disaster-recovery - Recovery procedures (TBD)