diff options
| author | EuAndreh <eu@euandre.org> | 2021-01-15 23:53:48 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2021-01-15 23:53:48 -0300 |
| commit | 9aa89214ff6a52c5618b179453b0f7829607da99 (patch) | |
| tree | a94e1845a0d63c40dba9d9709c88552c8bddc537 | |
| parent | vps.scm: Uncomment services (diff) | |
| download | server-9aa89214ff6a52c5618b179453b0f7829607da99.tar.gz server-9aa89214ff6a52c5618b179453b0f7829607da99.tar.xz | |
TODOs.rst: Format beyond automatic conversion
| -rw-r--r-- | TODOs.rst | 158 |
1 files changed, 56 insertions, 102 deletions
@@ -7,53 +7,49 @@ TODO Try running on the Raspberry Pi ------------------------------------ - TODO in 2020-01-12 - a b c - -- DONE in 2020-01-02 - - xu pliuw - -nest -~~~~ - -#. woeifj +---- - #. woeifj .. _ac19877b-55e3-48c8-8c3a-071124d23cd2: TODO Use custom README converter -------------------------------- - - TODO in 2021-01-12 ---- Convert ``README`` file using markdown instead of plain text. + .. _92d8ad8d-df93-49c1-8393-eb7147326c29: DONE Add index.html on built website ------------------------------------ +- DONE in 2020-12-02 -- State "DONE" from [2020-12-02 mer. 15:47] - Generate index.html from README.md. Done in - :commit:6d95acf144a4f2e48cb603af3a8032c172ceb53e . -- State "TODO" from [2020-12-02 mer. 15:41] + Generate index.html from README.md. Done in + :commit:`6d95acf144a4f2e48cb603af3a8032c172ceb53e` . + +- TODO in 2020-12-02 + +---- .. _dee378cd-9e41-402b-9018-e9ebb05ef75d: TODO Test Guix deploy --------------------- +- TODO in 2020-12-02 + +---- -- State "TODO" from [2020-12-02 mer. 17:21] .. _d76d4d2c-f07e-420b-8f30-28eb258494a6: TODO External volume -------------------- +- TODO in 2020-11-30 -- State "TODO" from [2020-11-30 lun. 01:19] +---- .. code:: hcl @@ -74,8 +70,9 @@ TODO External volume TODO Backups ------------ +- TODO in 2020-11-30 -- State "TODO" from [2020-11-30 lun. 01:19] +---- If possible, put every data subfolder under the same folder, and just backup the top-level folder. This also allows me to put it on an @@ -87,37 +84,18 @@ useful to have if available. The certificates should be backed up, so that restoring doesn't involve re-creating everything from scratch. -.. _email: - -TODO Email -~~~~~~~~~~ - -- State "TODO" from [2020-11-30 lun. 01:20] - -.. _matrix: - -TODO Matrix -~~~~~~~~~~~ - -- State "TODO" from [2020-11-30 lun. 01:19] - -.. _certificates: - -TODO Certificates -~~~~~~~~~~~~~~~~~ - -- State "TODO" from [2020-11-30 lun. 01:19] - -:: - - /etc/letsencrypt +- [ ] Email +- [ ] XMPP +- [ ] Matrix +- [ ] Certificates .. _5f0457af-49dc-4122-83ff-a0604e3c6a02: TODO Monitoring --------------- +- TODO in 2020-11-30 -- State "TODO" from [2020-11-30 lun. 01:20] +---- - https://mmonit.com/monit/ @@ -125,57 +103,61 @@ TODO Monitoring Reports via email. + .. _ee160451-cfe8-49b2-a71f-6f1dca02cb9d: TODO Intrusion prevention and detection --------------------------------------- +- TODO in 2020-11-30 -- State "TODO" from [2020-11-30 lun. 01:20] +---- - http://www.fail2ban.org/wiki/index.php/Main_Page - - http://rkhunter.sourceforge.net/ .. _f8a54acf-a417-4957-ac13-21df9a57ed4c: TODO Security review -------------------- +- TODO in 2020-11-30 -- State "TODO" from [2020-11-30 lun. 01:20] +---- https://cheatsheetseries.owasp.org/Glossary.html + .. _7d57aa50-597e-4a86-b9d7-c2d84f53e1c6: TODO Build new Guix image and document the steps ------------------------------------------------ +- TODO in 2020-11-29 -- State "TODO" from [2020-11-29 dim. 02:10] +---- Instead of syncing the ``.bashrc`` file, I should put my aliases in the base image. Setup custom SSH port in the base image itself. + .. _43a7a634-84ec-41de-b243-c27fd4a44c25: TODO Setup cgit --------------- +- TODO in 2020-11-30 -- State "TODO" from [2020-11-30 lun. 01:20] - -- setup ``README`` file rendering +---- -- force redirect HTTPS +- setup ``README`` file rendering +- force redirect HTTPS +- permanent redirect www and everything else to non-www -- permanent redirect www and everything else to non-www .. _dd3f2bc7-8d6d-4bab-9a5e-d3211115e4f4: TODO Add email mcron job report ------------------------------- - -- State "TODO" from [2020-11-29 dim. 20:21] +- TODO in 2020-11-29 Bugs ==== @@ -186,42 +168,16 @@ Improvements Services ======== -.. _git.tld-cgit: +- ``git.$tld``: cgit +- ``$project.$tld``: static documentation for projects +- ``ci.$tld``: single static HTML CI page +- ``mail.$tld``: email +- ``chat.$tld``: Matrix/XMPP -TODO ``git.$tld``: cgit ------------------------ + https://news.ycombinator.com/item?id=25669864 -.. _project.tld-static-documentation-for-projects: - -TODO ``$project.$tld``: static documentation for projects ---------------------------------------------------------- - -.. _ci.tld-single-static-html-ci-page: - -TODO ``ci.$tld``: single static HTML CI page --------------------------------------------- - -.. _mail.tld-email: - -TODO ``mail.$tld``: email -------------------------- - -.. _chat.tld-matrixxmpp: - -TODO ``chat.$tld``: Matrix/XMPP -------------------------------- - -https://news.ycombinator.com/item?id=25669864 - -.. _meet.tld-jitsinextcloud-talk: - -TODO ``meet.$tld``: Jitsi/Nextcloud Talk ----------------------------------------- - -.. _tld-jekyll-blog: - -TODO ``$tld``: Jekyll blog --------------------------- +- ``meet.$tld``: Jitsi/Nextcloud Talk +- ``$tld``: Jekyll blog Decisions ========= @@ -230,10 +186,9 @@ Decisions DONE On public SSH key leakage ------------------------------ +- DONE in 2020-09-06 -CLOSED: [2020-11-29 dim. 00:27] - -- State "DONE" from [2020-09-06 dim. 00:00] +---- As described in "`Public SSH keys can leak your private infrastructure <https://rushter.com/blog/public-ssh-keys/>`__", public @@ -246,14 +201,14 @@ SSH port away from the default: it doesn't accomplish the same thing, but it prevents simple detections. It is still possible to find this out via a script, but is orders of magnitute harder for the attacker. + .. _de89fc4e-5c36-4f6b-9227-221b70e9f321: DONE Matrix over XMPP --------------------- +- DONE in 2020-11-29 -CLOSED: [2020-11-29 dim. 00:29] - -- State "DONE" from [2020-11-29 dim. 00:29] +---- I'm picking Matrix. Not because of the protocol or anything else, but because it has the two relevant double-puppeting bridges: @@ -269,14 +224,11 @@ client to talk with Telegram and WhatsApp chats. Resources ========= -https://framagit.org/tyreunom/system-configuration/ ---------------------------------------------------- - -https://framagit.org/Jeko/guix-machine-os-ynm/ ----------------------------------------------- +- https://framagit.org/tyreunom/system-configuration/ +- https://framagit.org/Jeko/guix-machine-os-ynm/ -Scrath -====== +Scratch +======= Server requiremets: @@ -303,3 +255,5 @@ use guix deploy over ssh sysrem reconfigure FIXME: provenance warning +is activation service the thing i want? + |