Erich Blume
d99c962fe1
Deploy hephd --mode server on indri as a self-updating LaunchAgent managed by Ansible (ansible/roles/heph, tag heph), making indri the canonical heph hub for the hub-and-spoke task/context system. - Server mode on 0.0.0.0:8787, self-update every 10 minutes (cargo install from the public forge URL; ~/.cargo/bin on the agent PATH). - heph-pwa shell served via --web-root straight from a version-pinned checkout, TLS-terminated at heph.ops.eblu.me through Caddy (new caddy_services entry). - New Authentik device-code (RFC 8628) OIDC app 'heph' (public client) plus a default-device-code-flow bound to the default brand's flow_device_code. - Docs: new services/hephaestus.md service card (incl. Path A seeding runbook and the gilbert spoke caveat), indri.md service list, changelog fragment. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1.9 KiB
1.9 KiB
| title | modified | last-reviewed | tags | ||
|---|---|---|---|---|---|
| Indri | 2026-05-27 | 2026-05-27 |
|
Indri
Primary BlumeOps server. Mac Mini M1 (2020).
Specifications
| Property | Value |
|---|---|
| Model | Mac mini M1, 2020 (Macmini9,1) |
| CPU / RAM | 8 cores / 16 GB |
| Storage | 2TB internal SSD |
| macOS | 15.7.3 (Sequoia) |
| Tailscale hostname | indri.tail8d86e.ts.net |
| Tailscale Tag | tag:homelab |
| Power | [[power |
Services Hosted
Native (via Ansible):
- forgejo - Git forge
- zot - Container registry
- jellyfin - Media server
- borgmatic - Backup system
- alloy - Metrics/logs collector
- caddy - Reverse proxy for
*.ops.eblu.me - devpi - PyPI mirror (LaunchAgent)
- hephaestus - heph task/context sync hub (LaunchAgent, self-updating)
- cv - Static CV site, served by Caddy
- docs - Quartz-built docs site, served by Caddy
Kubernetes (via minikube):
- apps. A growing set of apps (Authentik, Frigate, ntfy, Immich, Homepage, Shower, Kingfisher, alloy-ringtail) now run on ringtail's k3s instead. Long-term plan is to decommission indri's minikube entirely.
GUI Applications (manual start required):
- Docker Desktop - Container runtime for minikube
- Amphetamine - Prevents sleep
- automounter - Mounts sifaka SMB shares
Maintenance Notes
Sleep prevention: Uses Amphetamine (App Store) to prevent sleep. If Amphetamine crashes after extended uptime, consider switching to pmset or caffeinate via ansible.
Passwordless sudo: Configured for erichblume user (/etc/sudoers.d/erichblume) to allow ansible become: true without prompts. Acceptable given Tailscale is the trust boundary.
Related
- routing - Port mappings
- cluster - Minikube details
- automounter - SMB share mounting
- restart-indri - Shutdown and startup procedure