aboutsummaryrefslogtreecommitdiff
path: root/TODOs.rst
diff options
context:
space:
mode:
Diffstat (limited to 'TODOs.rst')
-rw-r--r--TODOs.rst297
1 files changed, 0 insertions, 297 deletions
diff --git a/TODOs.rst b/TODOs.rst
deleted file mode 100644
index c60c5b3..0000000
--- a/TODOs.rst
+++ /dev/null
@@ -1,297 +0,0 @@
-Tasks
-=====
-
-.. _268afd29-d602-4f9c-9de8-348cc0b671fb:
-
-TODO Add proper "commit" role to TODOs.rst
-------------------------------------------
-- TODO in 2021-01-16
-
-----
-
-So that it links to CGit directly.
-
-.. _df87e340-4c35-469a-9bc1-fc57429a0b8e:
-
-TODO Change base image away from default SSH port
--------------------------------------------------
-- TODO in 2021-01-16
-
-----
-
-.. _723d9fcd-fdec-4f57-b774-2ed20599a714:
-
-TODO Error when running ``/var/lib/certbot/renew-certificates`` on ``guix deploy``
-----------------------------------------------------------------------------------
-- TODO in 2021-01-16
-
-----
-
-.. _da20aa03-3c74-4382-ba24-a9ea48334e00:
-
-TODO Proper NGINX configuration
--------------------------------
-- TODO in 2021-01-16
-
-----
-
-- HTTP2
-- gzip
-- cache everything, detect content changes?
-
-.. _8fa7a0c2-4a27-4c56-9817-a47982995ade:
-
-TODO Cronjob: Duplicate tarballs in Git notes to static directory listing
--------------------------------------------------------------------------
-- TODO in 2021-01-16
-
-----
-
-This way it is easier to browse what tarballs are available.
-
-.. _56ccba06-fa8e-47b2-b014-44b4417ee072:
-
-TODO Is an "activation-service-type" what I want?
--------------------------------------------------
-- TODO in 2021-01-16
-
-----
-
-I have the impression that these are the sources of errors when rebooting the VPS.
-
-.. _47992e04-038a-4528-9856-a25f60ebbb19:
-
-TODO Provenance warning
------------------------
-- TODO in 2021-01-16
-
-----
-
-Fix provenance warning when running ``guix deploy``.
-
-.. _bc537812-5f9d-4760-8c95-9ae933ecbd57:
-
-TODO Try running on the Raspberry Pi
-------------------------------------
-- TODO in 2020-01-12
-
-----
-
-
-.. _ac19877b-55e3-48c8-8c3a-071124d23cd2:
-
-TODO Use custom README converter
---------------------------------
-- TODO in 2021-01-12
-
-----
-
-Convert ``README`` file using markdown instead of plain text.
-
-
-.. _92d8ad8d-df93-49c1-8393-eb7147326c29:
-
-DONE Add index.html on built website
-------------------------------------
-- DONE in 2020-12-02
-
- Generate index.html from README.md. Done in
- :commit:`6d95acf144a4f2e48cb603af3a8032c172ceb53e` .
-
-- TODO in 2020-12-02
-
-----
-
-.. _dee378cd-9e41-402b-9018-e9ebb05ef75d:
-
-TODO Test Guix deploy
----------------------
-- TODO in 2020-12-02
-
-----
-
-
-.. _d76d4d2c-f07e-420b-8f30-28eb258494a6:
-
-TODO External volume
---------------------
-- TODO in 2020-11-30
-
-----
-
-.. code:: hcl
-
- variable "storage_name" {
- type = string
- description = "Name of the block storage volume, which will also be the name of it's mount point."
- }
-
- resource "vultr_block_storage" "vps_storage" {
- size_gb = 10
- region_id = 9
- attached_id = vultr_server.vps_server.id
- label = var.storage_name
- live = "yes"
- }
-
-.. _708bcd4f-4574-4227-8737-fcb10621f1ec:
-
-TODO Backups
-------------
-- TODO in 2020-11-30
-
-----
-
-If possible, put every data subfolder under the same folder, and just
-backup the top-level folder. This also allows me to put it on an
-external volum and grow it more easily.
-
-No real need to backup cgit, Jekyll, documetation and Cuirass, but
-useful to have if available.
-
-The certificates should be backed up, so that restoring doesn't involve
-re-creating everything from scratch.
-
-- [ ] Email
-- [ ] XMPP
-- [ ] Matrix
-- [ ] Certificates
-
-.. _5f0457af-49dc-4122-83ff-a0604e3c6a02:
-
-TODO Monitoring
----------------
-- TODO in 2020-11-30
-
-----
-
-- https://mmonit.com/monit/
-
-- https://collectd.org/
-
-Reports via email.
-
-
-.. _ee160451-cfe8-49b2-a71f-6f1dca02cb9d:
-
-TODO Intrusion prevention and detection
----------------------------------------
-- TODO in 2020-11-30
-
-----
-
-- http://www.fail2ban.org/wiki/index.php/Main_Page
-- http://rkhunter.sourceforge.net/
-
-.. _f8a54acf-a417-4957-ac13-21df9a57ed4c:
-
-TODO Security review
---------------------
-- TODO in 2020-11-30
-
-----
-
-https://cheatsheetseries.owasp.org/Glossary.html
-
-
-.. _7d57aa50-597e-4a86-b9d7-c2d84f53e1c6:
-
-TODO Build new Guix image and document the steps
-------------------------------------------------
-- TODO in 2020-11-29
-
-----
-
-Instead of syncing the ``.bashrc`` file, I should put my aliases in the
-base image.
-
-Setup custom SSH port in the base image itself.
-
-
-.. _43a7a634-84ec-41de-b243-c27fd4a44c25:
-
-TODO Setup cgit
----------------
-- TODO in 2020-11-30
-
-----
-
-- setup ``README`` file rendering
-- force redirect HTTPS
-- permanent redirect www and everything else to non-www
-
-
-.. _dd3f2bc7-8d6d-4bab-9a5e-d3211115e4f4:
-
-TODO Add email mcron job report
--------------------------------
-- TODO in 2020-11-29
-
-Bugs
-====
-
-Improvements
-============
-
-Services
-========
-
-- ``git.$tld``: cgit
-- ``$project.$tld``: static documentation for projects
-- ``ci.$tld``: single static HTML CI page
-- ``mail.$tld``: email
-- ``xmpp.$tld``: Prosody XMPP
-- ``matrix.$tld``: Synapse Matrix
-- ``static.$tld``: NGINX directory listing of static files
-- ``$tld``: Jekyll blog
-
-Decisions
-=========
-
-.. _d38019ac-a2ad-484d-91e5-f4bdb1fa00ca:
-
-DONE On public SSH key leakage
-------------------------------
-- DONE in 2020-09-06
-
-----
-
-As described in "`Public SSH keys can leak your private
-infrastructure <https://rushter.com/blog/public-ssh-keys/>`__", public
-SSH keys can expose undesired infrastructure, specially for targeted
-attacks.
-
-I'm not considering this a threat, since the link between the server and
-e is already public. It may be much more effective to just change the
-SSH port away from the default: it doesn't accomplish the same thing,
-but it prevents simple detections. It is still possible to find this out
-via a script, but is orders of magnitute harder for the attacker.
-
-
-.. _de89fc4e-5c36-4f6b-9227-221b70e9f321:
-
-DONE Matrix over XMPP
----------------------
-- DONE in 2020-11-29
-
-----
-
-I'm picking Matrix. Not because of the protocol or anything else, but
-because it has the two relevant double-puppeting bridges:
-mautrix-telegram and mautrix-whatsapp.
-
-TBH I like XMPP much more, but without working puppeting bridges, I
-would stay isolated with it, which would defeat the purpose of having a
-chat server on the first place.
-
-Maybe an XMPP double-puppeting bridge could allow me to use an XMPP
-client to talk with Telegram and WhatsApp chats.
-
-Resources
-=========
-
-- https://framagit.org/tyreunom/system-configuration/
-- https://framagit.org/Jeko/guix-machine-os-ynm/
-
-Scratch
-=======