Skip to content

Latest commit

 

History

History
65 lines (61 loc) · 2.41 KB

TODO.org

File metadata and controls

65 lines (61 loc) · 2.41 KB
Raw

TODO List

[?] List

  • [X] rtcme
  • [X] personalcdn
    • [X] rename to something less cringe
    • [X] this will require secrets, means we need to revise nix-path.nix
  • [X] comicfury
  • [X] owo_bot
  • [X] ffg_bot
  • [X] Prometheus
  • [X] znc
  • [X] setup minecraft on bokkusu
  • [X] secure ssh (root login, etc)
  • [X] synapse (depends on ckie.dev)
  • [X] use systemd-analyze security on all of the above
    • [X] rtcme
    • [X] files
    • [X] comicfury
    • [X] owo_bot
    • [X] ffg_bot
  • [X] mail: replace mbsync with the emacsclient --eval '(mu4e-update-mail-and-index 1)'-on-a-timer solution
  • [X] individual mail addresses: 
    2021-06-19 16:57:13 ckie    also that is another reason for setting this up! I get to have randomized addresses for stuff like github
2021-06-19 16:57:36 ckie    so I'm going to completely overengineer it and make all the addresses for services salted hashes
  • [X] secure postgres better
  • [X] set users.mutableUsers to false
  • [X] setup wg
  • [X] investigate fish more https://fishshell.com/docs/current/fish_for_bash_users.html
  • [-] backup
    • [X] /var/lib/rtc-files
    • [X] postgres (use services.postgresqlBackup)
    • [X] znc logs
    • [X] synapse media
    • [X] mail
      • /var/vmail
      • ~/var/dkim~
    • [X] minecraft
    • [ ] get drive(s): https://ksp.co.il/web/item/19543
  • [-] setup prom
    • [X] deploy on bokkusu
    • [ ] collect data from other hosts
    • [ ] add coredns exporter
  • [?] support ipv6 in NixOS/nixpkgs#137123 see https://discord.com/channels/@me/783249135335112715/892871143810302005
  • [ ] set home-manager xdg.mimeApps

Backburner

  • [ ] move each service/module into its own folder like nixpkgs’ pkgs so we can eliminate ext

Hostname Ideas

Deprecated, use Xe’s names.json.

  • [X] bokkusu
  • [X] nifles

Tailscale/Nix+WireGuard comparison

Usecase

  • I want to have a private Nix binary cache. (Store contents are slightly sensitive due to e.g. the matrix-synapse service not providing a secure way to set the registration token)
    • Cas already wrote a module, but untested: modules/services/nix-serve.nix
  • Remove the yucky state from the .ssh/config file. ProxyJump blah bla bla.
  • Central CoreDNS daemon? Probably a bad idea because of latency.
  • KDE Connect working across networks!!