diff options
-rw-r--r-- | TODOs.md | 37 | ||||
-rw-r--r-- | src/infrastructure/machines.scm | 25 |
2 files changed, 37 insertions, 25 deletions
@@ -1,5 +1,42 @@ # Tasks +## TODO Automate implicit dependencies {#td-366e93f7-659f-7f48-4c8e-4d5eb1362df5} +- TODO in 2022-03-28 + +--- + +FIXME +From `src/infrastructure/machines.scm`: + +```scheme +;; +;; Implicit dependencies, to be automated: +;; - /srv and /opt directories: +;; # mkdir -p /srv/http /opt/secrets +;; # chown -R andreh:users /opt /srv +;; # chmod -R 755 /opt /srv +;; - create /opt/secrets/borg-passphrase.txt +;; $ pass generate VPS/$SERVER/borg/passphrase.txt 999 +;; $ pass show VPS/$SERVER/borg/passphrase | ssh $SERVER 'cat - > /opt/secrets/borg-passphrase.tx +t' +;; - create the SSH key +;; $ ssh-keygen +;; - *manually* add that to the authorized_keys on rsync.net: +;; $ scp suyin:.ssh/authorized_keys src/rsync.net/ +;; $ # add 'restrict,command="..."' to the authorized_keys entry +;; $ ssh $SERVER cat .ssh/id_rsa.pub >> authorized_keys +;; $ scp src/rsync.net/authorized_keys suyin:.ssh/ +;; - copy borg key after the first backup: +;; $ ? +;; - generate DKIM key +;; $ guix shell openssl -- openssl genrsa -out /opt/secrets/dkim.arrobaponto.org.key 1024 +;; $ guix shell openssl -- openssl rsa -in /opt/secrets/dkim.arrobaponto.org.key -pubout -out + /opt/secrets/dkim.arrobaponto.org.pub + ;; - manually load /etc/profile-extra, /etc/bashrc-extra and /etc/ps1.sh + ;; to ~/.bashrc and ~root/.bashrc + ;; +``` + ## TODO Remove `info` alias {#td-1f71cdc9-374f-4e2a-bbd0-034bd12e9685} - TODO in 2022-03-28 diff --git a/src/infrastructure/machines.scm b/src/infrastructure/machines.scm index a45bec4..f51e74a 100644 --- a/src/infrastructure/machines.scm +++ b/src/infrastructure/machines.scm @@ -11,31 +11,6 @@ (gnu services ssh) (gnu services web)) -;; -;; Implicit dependencies, to be automated: -;; - /srv and /opt directories: -;; # mkdir -p /srv/http /opt/secrets -;; # chown -R andreh:users /opt /srv -;; # chmod -R 755 /opt /srv -;; - create /opt/secrets/borg-passphrase.txt -;; $ pass generate VPS/$SERVER/borg/passphrase.txt 999 -;; $ pass show VPS/$SERVER/borg/passphrase | ssh $SERVER 'cat - > /opt/secrets/borg-passphrase.txt' -;; - create the SSH key -;; $ ssh-keygen -;; - *manually* add that to the authorized_keys on rsync.net: -;; $ scp suyin:.ssh/authorized_keys src/rsync.net/ -;; $ # add 'restrict,command="..."' to the authorized_keys entry -;; $ ssh $SERVER cat .ssh/id_rsa.pub >> authorized_keys -;; $ scp src/rsync.net/authorized_keys suyin:.ssh/ -;; - copy borg key after the first backup: -;; $ ? -;; - generate DKIM key -;; $ guix shell openssl -- openssl genrsa -out /opt/secrets/dkim.arrobaponto.org.key 1024 -;; $ guix shell openssl -- openssl rsa -in /opt/secrets/dkim.arrobaponto.org.key -pubout -out /opt/secrets/dkim.arrobaponto.org.pub -;; - manually load /etc/profile-extra, /etc/bashrc-extra and /etc/ps1.sh -;; to ~/.bashrc and ~root/.bashrc -;; - (define ssh.conf #"""- ClientAliveInterval 30 |