aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--TODOs.md37
-rw-r--r--src/infrastructure/machines.scm25
2 files changed, 37 insertions, 25 deletions
diff --git a/TODOs.md b/TODOs.md
index 2b9fd8d..3517703 100644
--- a/TODOs.md
+++ b/TODOs.md
@@ -1,5 +1,42 @@
# Tasks
+## TODO Automate implicit dependencies {#td-366e93f7-659f-7f48-4c8e-4d5eb1362df5}
+- TODO in 2022-03-28
+
+---
+
+FIXME
+From `src/infrastructure/machines.scm`:
+
+```scheme
+;;
+;; Implicit dependencies, to be automated:
+;; - /srv and /opt directories:
+;; # mkdir -p /srv/http /opt/secrets
+;; # chown -R andreh:users /opt /srv
+;; # chmod -R 755 /opt /srv
+;; - create /opt/secrets/borg-passphrase.txt
+;; $ pass generate VPS/$SERVER/borg/passphrase.txt 999
+;; $ pass show VPS/$SERVER/borg/passphrase | ssh $SERVER 'cat - > /opt/secrets/borg-passphrase.tx
+t'
+;; - create the SSH key
+;; $ ssh-keygen
+;; - *manually* add that to the authorized_keys on rsync.net:
+;; $ scp suyin:.ssh/authorized_keys src/rsync.net/
+;; $ # add 'restrict,command="..."' to the authorized_keys entry
+;; $ ssh $SERVER cat .ssh/id_rsa.pub >> authorized_keys
+;; $ scp src/rsync.net/authorized_keys suyin:.ssh/
+;; - copy borg key after the first backup:
+;; $ ?
+;; - generate DKIM key
+;; $ guix shell openssl -- openssl genrsa -out /opt/secrets/dkim.arrobaponto.org.key 1024
+;; $ guix shell openssl -- openssl rsa -in /opt/secrets/dkim.arrobaponto.org.key -pubout -out
+ /opt/secrets/dkim.arrobaponto.org.pub
+ ;; - manually load /etc/profile-extra, /etc/bashrc-extra and /etc/ps1.sh
+ ;; to ~/.bashrc and ~root/.bashrc
+ ;;
+```
+
## TODO Remove `info` alias {#td-1f71cdc9-374f-4e2a-bbd0-034bd12e9685}
- TODO in 2022-03-28
diff --git a/src/infrastructure/machines.scm b/src/infrastructure/machines.scm
index a45bec4..f51e74a 100644
--- a/src/infrastructure/machines.scm
+++ b/src/infrastructure/machines.scm
@@ -11,31 +11,6 @@
(gnu services ssh)
(gnu services web))
-;;
-;; Implicit dependencies, to be automated:
-;; - /srv and /opt directories:
-;; # mkdir -p /srv/http /opt/secrets
-;; # chown -R andreh:users /opt /srv
-;; # chmod -R 755 /opt /srv
-;; - create /opt/secrets/borg-passphrase.txt
-;; $ pass generate VPS/$SERVER/borg/passphrase.txt 999
-;; $ pass show VPS/$SERVER/borg/passphrase | ssh $SERVER 'cat - > /opt/secrets/borg-passphrase.txt'
-;; - create the SSH key
-;; $ ssh-keygen
-;; - *manually* add that to the authorized_keys on rsync.net:
-;; $ scp suyin:.ssh/authorized_keys src/rsync.net/
-;; $ # add 'restrict,command="..."' to the authorized_keys entry
-;; $ ssh $SERVER cat .ssh/id_rsa.pub >> authorized_keys
-;; $ scp src/rsync.net/authorized_keys suyin:.ssh/
-;; - copy borg key after the first backup:
-;; $ ?
-;; - generate DKIM key
-;; $ guix shell openssl -- openssl genrsa -out /opt/secrets/dkim.arrobaponto.org.key 1024
-;; $ guix shell openssl -- openssl rsa -in /opt/secrets/dkim.arrobaponto.org.key -pubout -out /opt/secrets/dkim.arrobaponto.org.pub
-;; - manually load /etc/profile-extra, /etc/bashrc-extra and /etc/ps1.sh
-;; to ~/.bashrc and ~root/.bashrc
-;;
-
(define ssh.conf #"""-
ClientAliveInterval 30