TODOs.md: Add #td-366e93f7-659f-7f48-4c8e-4d5eb1362df5

1 files changed, 37 insertions, 0 deletions

diff --git a/TODOs.md b/TODOs.md
index 2b9fd8d..3517703 100644
--- a/TODOs.md
+++ b/TODOs.md
@@ -1,5 +1,42 @@
 # Tasks
 
+## TODO Automate implicit dependencies {#td-366e93f7-659f-7f48-4c8e-4d5eb1362df5}
+- TODO in 2022-03-28
+
+---
+
+FIXME
+From `src/infrastructure/machines.scm`:
+
+```scheme
+;;
+;; Implicit dependencies, to be automated:
+;; - /srv and /opt directories:
+;;     # mkdir -p /srv/http /opt/secrets
+;;     # chown -R andreh:users /opt /srv
+;;     # chmod -R 755 /opt /srv
+;; - create /opt/secrets/borg-passphrase.txt
+;;     $ pass generate VPS/$SERVER/borg/passphrase.txt 999
+;;     $ pass show VPS/$SERVER/borg/passphrase | ssh $SERVER 'cat - > /opt/secrets/borg-passphrase.tx
+t'
+;; - create the SSH key
+;;     $ ssh-keygen
+;; - *manually* add that to the authorized_keys on rsync.net:
+;;     $ scp suyin:.ssh/authorized_keys src/rsync.net/
+;;     $ # add 'restrict,command="..."' to the authorized_keys entry
+;;     $ ssh $SERVER cat .ssh/id_rsa.pub >> authorized_keys
+;;     $ scp src/rsync.net/authorized_keys suyin:.ssh/
+;; - copy borg key after the first backup:
+;;     $ ?
+;; - generate DKIM key
+;;     $ guix shell openssl -- openssl genrsa -out /opt/secrets/dkim.arrobaponto.org.key 1024
+;;     $ guix shell openssl -- openssl rsa     -in /opt/secrets/dkim.arrobaponto.org.key -pubout -out
+ /opt/secrets/dkim.arrobaponto.org.pub
+ ;; - manually load /etc/profile-extra, /etc/bashrc-extra and /etc/ps1.sh
+ ;;   to ~/.bashrc and ~root/.bashrc
+ ;;
+```
+
 ## TODO Remove `info` alias {#td-1f71cdc9-374f-4e2a-bbd0-034bd12e9685}
 - TODO in 2022-03-28