diff options
Diffstat (limited to 'TODOs.rst')
-rw-r--r-- | TODOs.rst | 297 |
1 files changed, 0 insertions, 297 deletions
diff --git a/TODOs.rst b/TODOs.rst deleted file mode 100644 index c60c5b3..0000000 --- a/TODOs.rst +++ /dev/null @@ -1,297 +0,0 @@ -Tasks -===== - -.. _268afd29-d602-4f9c-9de8-348cc0b671fb: - -TODO Add proper "commit" role to TODOs.rst ------------------------------------------- -- TODO in 2021-01-16 - ----- - -So that it links to CGit directly. - -.. _df87e340-4c35-469a-9bc1-fc57429a0b8e: - -TODO Change base image away from default SSH port -------------------------------------------------- -- TODO in 2021-01-16 - ----- - -.. _723d9fcd-fdec-4f57-b774-2ed20599a714: - -TODO Error when running ``/var/lib/certbot/renew-certificates`` on ``guix deploy`` ----------------------------------------------------------------------------------- -- TODO in 2021-01-16 - ----- - -.. _da20aa03-3c74-4382-ba24-a9ea48334e00: - -TODO Proper NGINX configuration -------------------------------- -- TODO in 2021-01-16 - ----- - -- HTTP2 -- gzip -- cache everything, detect content changes? - -.. _8fa7a0c2-4a27-4c56-9817-a47982995ade: - -TODO Cronjob: Duplicate tarballs in Git notes to static directory listing -------------------------------------------------------------------------- -- TODO in 2021-01-16 - ----- - -This way it is easier to browse what tarballs are available. - -.. _56ccba06-fa8e-47b2-b014-44b4417ee072: - -TODO Is an "activation-service-type" what I want? -------------------------------------------------- -- TODO in 2021-01-16 - ----- - -I have the impression that these are the sources of errors when rebooting the VPS. - -.. _47992e04-038a-4528-9856-a25f60ebbb19: - -TODO Provenance warning ------------------------ -- TODO in 2021-01-16 - ----- - -Fix provenance warning when running ``guix deploy``. - -.. _bc537812-5f9d-4760-8c95-9ae933ecbd57: - -TODO Try running on the Raspberry Pi ------------------------------------- -- TODO in 2020-01-12 - ----- - - -.. _ac19877b-55e3-48c8-8c3a-071124d23cd2: - -TODO Use custom README converter --------------------------------- -- TODO in 2021-01-12 - ----- - -Convert ``README`` file using markdown instead of plain text. - - -.. _92d8ad8d-df93-49c1-8393-eb7147326c29: - -DONE Add index.html on built website ------------------------------------- -- DONE in 2020-12-02 - - Generate index.html from README.md. Done in - :commit:`6d95acf144a4f2e48cb603af3a8032c172ceb53e` . - -- TODO in 2020-12-02 - ----- - -.. _dee378cd-9e41-402b-9018-e9ebb05ef75d: - -TODO Test Guix deploy ---------------------- -- TODO in 2020-12-02 - ----- - - -.. _d76d4d2c-f07e-420b-8f30-28eb258494a6: - -TODO External volume --------------------- -- TODO in 2020-11-30 - ----- - -.. code:: hcl - - variable "storage_name" { - type = string - description = "Name of the block storage volume, which will also be the name of it's mount point." - } - - resource "vultr_block_storage" "vps_storage" { - size_gb = 10 - region_id = 9 - attached_id = vultr_server.vps_server.id - label = var.storage_name - live = "yes" - } - -.. _708bcd4f-4574-4227-8737-fcb10621f1ec: - -TODO Backups ------------- -- TODO in 2020-11-30 - ----- - -If possible, put every data subfolder under the same folder, and just -backup the top-level folder. This also allows me to put it on an -external volum and grow it more easily. - -No real need to backup cgit, Jekyll, documetation and Cuirass, but -useful to have if available. - -The certificates should be backed up, so that restoring doesn't involve -re-creating everything from scratch. - -- [ ] Email -- [ ] XMPP -- [ ] Matrix -- [ ] Certificates - -.. _5f0457af-49dc-4122-83ff-a0604e3c6a02: - -TODO Monitoring ---------------- -- TODO in 2020-11-30 - ----- - -- https://mmonit.com/monit/ - -- https://collectd.org/ - -Reports via email. - - -.. _ee160451-cfe8-49b2-a71f-6f1dca02cb9d: - -TODO Intrusion prevention and detection ---------------------------------------- -- TODO in 2020-11-30 - ----- - -- http://www.fail2ban.org/wiki/index.php/Main_Page -- http://rkhunter.sourceforge.net/ - -.. _f8a54acf-a417-4957-ac13-21df9a57ed4c: - -TODO Security review --------------------- -- TODO in 2020-11-30 - ----- - -https://cheatsheetseries.owasp.org/Glossary.html - - -.. _7d57aa50-597e-4a86-b9d7-c2d84f53e1c6: - -TODO Build new Guix image and document the steps ------------------------------------------------- -- TODO in 2020-11-29 - ----- - -Instead of syncing the ``.bashrc`` file, I should put my aliases in the -base image. - -Setup custom SSH port in the base image itself. - - -.. _43a7a634-84ec-41de-b243-c27fd4a44c25: - -TODO Setup cgit ---------------- -- TODO in 2020-11-30 - ----- - -- setup ``README`` file rendering -- force redirect HTTPS -- permanent redirect www and everything else to non-www - - -.. _dd3f2bc7-8d6d-4bab-9a5e-d3211115e4f4: - -TODO Add email mcron job report -------------------------------- -- TODO in 2020-11-29 - -Bugs -==== - -Improvements -============ - -Services -======== - -- ``git.$tld``: cgit -- ``$project.$tld``: static documentation for projects -- ``ci.$tld``: single static HTML CI page -- ``mail.$tld``: email -- ``xmpp.$tld``: Prosody XMPP -- ``matrix.$tld``: Synapse Matrix -- ``static.$tld``: NGINX directory listing of static files -- ``$tld``: Jekyll blog - -Decisions -========= - -.. _d38019ac-a2ad-484d-91e5-f4bdb1fa00ca: - -DONE On public SSH key leakage ------------------------------- -- DONE in 2020-09-06 - ----- - -As described in "`Public SSH keys can leak your private -infrastructure <https://rushter.com/blog/public-ssh-keys/>`__", public -SSH keys can expose undesired infrastructure, specially for targeted -attacks. - -I'm not considering this a threat, since the link between the server and -e is already public. It may be much more effective to just change the -SSH port away from the default: it doesn't accomplish the same thing, -but it prevents simple detections. It is still possible to find this out -via a script, but is orders of magnitute harder for the attacker. - - -.. _de89fc4e-5c36-4f6b-9227-221b70e9f321: - -DONE Matrix over XMPP ---------------------- -- DONE in 2020-11-29 - ----- - -I'm picking Matrix. Not because of the protocol or anything else, but -because it has the two relevant double-puppeting bridges: -mautrix-telegram and mautrix-whatsapp. - -TBH I like XMPP much more, but without working puppeting bridges, I -would stay isolated with it, which would defeat the purpose of having a -chat server on the first place. - -Maybe an XMPP double-puppeting bridge could allow me to use an XMPP -client to talk with Telegram and WhatsApp chats. - -Resources -========= - -- https://framagit.org/tyreunom/system-configuration/ -- https://framagit.org/Jeko/guix-machine-os-ynm/ - -Scratch -======= |