diff options
| author | EuAndreh <eu@euandre.org> | 2022-03-28 14:16:23 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2022-03-28 14:16:30 -0300 |
| commit | 0041eeb795a8941689ed5c57bcfb9568d7daa77f (patch) | |
| tree | 7c9ab3e93efd7e4bece448b11c792177e8c3995b | |
| parent | src/infrastructure/machines.scm: Use "suyin" remote alias in new ssh.conf file (diff) | |
| download | toph-0041eeb795a8941689ed5c57bcfb9568d7daa77f.tar.gz toph-0041eeb795a8941689ed5c57bcfb9568d7daa77f.tar.xz | |
TODOs.md: Add #td-366e93f7-659f-7f48-4c8e-4d5eb1362df5
| -rw-r--r-- | TODOs.md | 37 | ||||
| -rw-r--r-- | src/infrastructure/machines.scm | 25 |
2 files changed, 37 insertions, 25 deletions
@@ -1,5 +1,42 @@ # Tasks +## TODO Automate implicit dependencies {#td-366e93f7-659f-7f48-4c8e-4d5eb1362df5} +- TODO in 2022-03-28 + +--- + +FIXME +From `src/infrastructure/machines.scm`: + +```scheme +;; +;; Implicit dependencies, to be automated: +;; - /srv and /opt directories: +;; # mkdir -p /srv/http /opt/secrets +;; # chown -R andreh:users /opt /srv +;; # chmod -R 755 /opt /srv +;; - create /opt/secrets/borg-passphrase.txt +;; $ pass generate VPS/$SERVER/borg/passphrase.txt 999 +;; $ pass show VPS/$SERVER/borg/passphrase | ssh $SERVER 'cat - > /opt/secrets/borg-passphrase.tx +t' +;; - create the SSH key +;; $ ssh-keygen +;; - *manually* add that to the authorized_keys on rsync.net: +;; $ scp suyin:.ssh/authorized_keys src/rsync.net/ +;; $ # add 'restrict,command="..."' to the authorized_keys entry +;; $ ssh $SERVER cat .ssh/id_rsa.pub >> authorized_keys +;; $ scp src/rsync.net/authorized_keys suyin:.ssh/ +;; - copy borg key after the first backup: +;; $ ? +;; - generate DKIM key +;; $ guix shell openssl -- openssl genrsa -out /opt/secrets/dkim.arrobaponto.org.key 1024 +;; $ guix shell openssl -- openssl rsa -in /opt/secrets/dkim.arrobaponto.org.key -pubout -out + /opt/secrets/dkim.arrobaponto.org.pub + ;; - manually load /etc/profile-extra, /etc/bashrc-extra and /etc/ps1.sh + ;; to ~/.bashrc and ~root/.bashrc + ;; +``` + ## TODO Remove `info` alias {#td-1f71cdc9-374f-4e2a-bbd0-034bd12e9685} - TODO in 2022-03-28 diff --git a/src/infrastructure/machines.scm b/src/infrastructure/machines.scm index a45bec4..f51e74a 100644 --- a/src/infrastructure/machines.scm +++ b/src/infrastructure/machines.scm @@ -11,31 +11,6 @@ (gnu services ssh) (gnu services web)) -;; -;; Implicit dependencies, to be automated: -;; - /srv and /opt directories: -;; # mkdir -p /srv/http /opt/secrets -;; # chown -R andreh:users /opt /srv -;; # chmod -R 755 /opt /srv -;; - create /opt/secrets/borg-passphrase.txt -;; $ pass generate VPS/$SERVER/borg/passphrase.txt 999 -;; $ pass show VPS/$SERVER/borg/passphrase | ssh $SERVER 'cat - > /opt/secrets/borg-passphrase.txt' -;; - create the SSH key -;; $ ssh-keygen -;; - *manually* add that to the authorized_keys on rsync.net: -;; $ scp suyin:.ssh/authorized_keys src/rsync.net/ -;; $ # add 'restrict,command="..."' to the authorized_keys entry -;; $ ssh $SERVER cat .ssh/id_rsa.pub >> authorized_keys -;; $ scp src/rsync.net/authorized_keys suyin:.ssh/ -;; - copy borg key after the first backup: -;; $ ? -;; - generate DKIM key -;; $ guix shell openssl -- openssl genrsa -out /opt/secrets/dkim.arrobaponto.org.key 1024 -;; $ guix shell openssl -- openssl rsa -in /opt/secrets/dkim.arrobaponto.org.key -pubout -out /opt/secrets/dkim.arrobaponto.org.pub -;; - manually load /etc/profile-extra, /etc/bashrc-extra and /etc/ps1.sh -;; to ~/.bashrc and ~root/.bashrc -;; - (define ssh.conf #"""- ClientAliveInterval 30 |