Erich Blume
66b5b32f1d
## Summary - **C0 (Quick Fix):** Now explicitly allows direct-to-main commits with no PR required — for low-risk, fix-forward-safe changes - **C1 (Human Review):** New docs-first workflow with branch deployment (ArgoCD `--revision`, Ansible from checkout). Includes upgrade criteria for escalation to C2 - **C2 (Mikado Chain):** Introduces the **Mikado Branch Invariant** — strict commit ordering where card-introducing commits come first, followed by code progress, followed by card closures. Branch resets required when new prerequisites are discovered Updates CLAUDE.md rules (3, 4, 8, 9) to reflect that C0 bypasses branching/PR requirements. Also updates ai-assistance-guide, how-to index, and docs-mikado task description. ## Files changed - `CLAUDE.md` — rules and classification table - `docs/how-to/agent-change-process.md` — full process rewrite - `docs/tutorials/ai-assistance-guide.md` — branching and pitfalls sections - `docs/how-to/how-to.md` — index description - `mise-tasks/docs-mikado` — task description - `docs/changelog.d/formalize-change-classification.doc.md` — changelog fragment Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/259
4 KiB
4 KiB
| title | modified | tags | |
|---|---|---|---|
| How-To | 2026-02-22 |
|
How-To Guides
Task-oriented instructions for common BlumeOps operations. These guides assume you already understand the basic concepts - see tutorials if you're learning.
Deployment
| Guide | Description |
|---|---|
| deploy-k8s-service | Deploy a new service to Kubernetes via ArgoCD |
| add-ansible-role | Add a new Ansible role for indri services |
| create-release-artifact-workflow | Build artifacts and publish to Forgejo packages |
| build-container-image | Build and release a custom container image via Dagger |
Configuration
| Guide | Description |
|---|---|
| update-tailscale-acls | Update Tailscale access control policies |
| gandi-operations | Manage DNS records and cycle the Gandi API token |
| use-pypi-proxy | Configure pip and publish packages to devpi |
| expose-service-publicly | Expose a service to the public internet via Fly.io + Tailscale |
| update-documentation | Publish docs via build-blumeops workflow |
| update-tooling-dependencies | Monthly update cycle for pre-commit, Fly, mise, and workflow deps |
Knowledge Base
| Guide | Description |
|---|---|
| review-documentation | Periodically review and maintain documentation |
| review-services | Periodically review services for version freshness |
| agent-change-process | C0/C1/C2 change classification and Mikado Branch Invariant |
Operations
| Guide | Description |
|---|---|
| connect-to-postgres | Connect to PostgreSQL as a superuser via psql |
| restart-indri | Safely shut down and restart indri |
| manage-flyio-proxy | Deploy, shutoff, and troubleshoot the public proxy |
| restore-1password-backup | Recover 1Password credentials from borgmatic backup |
| troubleshooting | Diagnose and fix common issues |
Plans
Migration and transition plans for upcoming infrastructure changes.
| Plan | Description |
|---|---|
| plans | Index of all plans |
| completed | Completed plans archive |
| migrate-forgejo-from-brew | Transition Forgejo from Homebrew to source-built binary |
| add-unifi-pulumi-stack | Add Pulumi IaC for UniFi Express 7 (abandoned) |
| segment-home-network | Manual three-network segmentation for UniFi Express 7 |
| adopt-dagger-ci | Adopt Dagger as CI/CD build engine |
| upstream-fork-strategy | Stacked-branch forking strategy for upstream projects |
| adopt-oidc-provider | Deploy OIDC identity provider for SSO across services |
| upgrade-grafana | Upgrade Grafana to 12.x with kustomize and home-built container |
| operationalize-reolink-camera | Cloud-free NVR with Frigate and ring buffer recording |
Ringtail
| Guide | Description |
|---|---|
| manage-lockfile | Update or lock NixOS flake inputs via Dagger |
Zot
Mikado chain for hardening the zot registry. Track progress with mise run docs-mikado harden-zot-registry.
- harden-zot-registry
- register-zot-oidc-client
- wire-ci-registry-auth
- enforce-tag-immutability
- adopt-commit-based-container-tags
- add-container-version-sync-check
- install-dagger-on-nix-runner
- pin-container-versions
- add-dagger-nix-build
- fix-ntfy-nix-version
Authentik
Mikado chain for deploying Authentik. Track progress with mise run docs-mikado deploy-authentik.
- deploy-authentik
- build-authentik-container
- provision-authentik-database
- create-authentik-secrets
- migrate-grafana-to-authentik
Grafana
Mikado chain for upgrading Grafana to 12.x with kustomize and home-built containers. Track progress with mise run docs-mikado upgrade-grafana.
Forgejo Runner
Mikado chain for upgrading the k8s forgejo-runner daemon from v6.3.1 to v12.x. Track progress with mise run docs-mikado upgrade-k8s-runner.