diff options
Diffstat (limited to 'TODOs.org')
| -rw-r--r-- | TODOs.org | 184 |
1 files changed, 0 insertions, 184 deletions
diff --git a/TODOs.org b/TODOs.org deleted file mode 100644 index c6634a2..0000000 --- a/TODOs.org +++ /dev/null @@ -1,184 +0,0 @@ -* Tasks -:PROPERTIES: -:CUSTOM_ID: tasks -:END: -** TODO Try running on the Raspberry Pi -:PROPERTIES: -:CUSTOM_ID: bc537812-5f9d-4760-8c95-9ae933ecbd57 -:END: -- State "TODO" from [2021-01-12 mar. 17:56] -** TODO Use custom README converter -:PROPERTIES: -:CUSTOM_ID: ac19877b-55e3-48c8-8c3a-071124d23cd2 -:END: -- State "TODO" from [2021-01-12 mar. 17:54] -Convert =README= file using markdown instead of plain text. -** DONE Add index.html on built website -CLOSED: [2020-12-02 mer. 15:47] -:PROPERTIES: -:CUSTOM_ID: 92d8ad8d-df93-49c1-8393-eb7147326c29 -:END: -- State "DONE" from [2020-12-02 mer. 15:47] \\ - Generate index.html from README.md. Done in {{{commit(6d95acf144a4f2e48cb603af3a8032c172ceb53e)}}}. -- State "TODO" from [2020-12-02 mer. 15:41] -** TODO Test Guix deploy -:PROPERTIES: -:CUSTOM_ID: dee378cd-9e41-402b-9018-e9ebb05ef75d -:END: -- State "TODO" from [2020-12-02 mer. 17:21] -** TODO External volume -:PROPERTIES: -:CUSTOM_ID: d76d4d2c-f07e-420b-8f30-28eb258494a6 -:END: -- State "TODO" from [2020-11-30 lun. 01:19] - -#+BEGIN_SRC hcl -variable "storage_name" { - type = string - description = "Name of the block storage volume, which will also be the name of it's mount point." -} - -resource "vultr_block_storage" "vps_storage" { - size_gb = 10 - region_id = 9 - attached_id = vultr_server.vps_server.id - label = var.storage_name - live = "yes" -} -#+END_SRC -** TODO Backups -:PROPERTIES: -:CUSTOM_ID: 708bcd4f-4574-4227-8737-fcb10621f1ec -:END: -- State "TODO" from [2020-11-30 lun. 01:19] - -If possible, put every data subfolder under the same folder, and just backup the -top-level folder. This also allows me to put it on an external volum and grow it -more easily. - -No real need to backup cgit, Jekyll, documetation and Cuirass, but useful to -have if available. - -The certificates should be backed up, so that restoring doesn't involve -re-creating everything from scratch. -*** TODO Email -- State "TODO" from [2020-11-30 lun. 01:20] -*** TODO Matrix -- State "TODO" from [2020-11-30 lun. 01:19] -*** TODO Certificates -- State "TODO" from [2020-11-30 lun. 01:19] - -: /etc/letsencrypt -** TODO Monitoring -:PROPERTIES: -:CUSTOM_ID: 5f0457af-49dc-4122-83ff-a0604e3c6a02 -:END: -- State "TODO" from [2020-11-30 lun. 01:20] - -- https://mmonit.com/monit/ -- https://collectd.org/ - -Reports via email. -** TODO Intrusion prevention and detection -:PROPERTIES: -:CUSTOM_ID: ee160451-cfe8-49b2-a71f-6f1dca02cb9d -:END: -- State "TODO" from [2020-11-30 lun. 01:20] - -- http://www.fail2ban.org/wiki/index.php/Main_Page -- http://rkhunter.sourceforge.net/ -** TODO Security review -:PROPERTIES: -:CUSTOM_ID: f8a54acf-a417-4957-ac13-21df9a57ed4c -:END: -- State "TODO" from [2020-11-30 lun. 01:20] - -https://cheatsheetseries.owasp.org/Glossary.html -** TODO Build new Guix image and document the steps -:PROPERTIES: -:CUSTOM_ID: 7d57aa50-597e-4a86-b9d7-c2d84f53e1c6 -:END: -- State "TODO" from [2020-11-29 dim. 02:10] - -Instead of syncing the =.bashrc= file, I should put my aliases in the base image. - -Setup custom SSH port in the base image itself. -** TODO Setup cgit -:PROPERTIES: -:CUSTOM_ID: 43a7a634-84ec-41de-b243-c27fd4a44c25 -:END: -- State "TODO" from [2020-11-30 lun. 01:20] - -- setup =README= file rendering -- force redirect HTTPS -- permanent redirect www and everything else to non-www -** TODO Add email mcron job report -:PROPERTIES: -:CUSTOM_ID: dd3f2bc7-8d6d-4bab-9a5e-d3211115e4f4 -:END: -- State "TODO" from [2020-11-29 dim. 20:21] -* Bugs -:PROPERTIES: -:CUSTOM_ID: bugs -:END: -* Improvements -* Services -** TODO =git.$tld=: cgit -** TODO =$project.$tld=: static documentation for projects -** TODO =ci.$tld=: single static HTML CI page -** TODO =mail.$tld=: email -** TODO =chat.$tld=: Matrix/XMPP -https://news.ycombinator.com/item?id=25669864 -** TODO =meet.$tld=: Jitsi/Nextcloud Talk -** TODO =$tld=: Jekyll blog -* Decisions -:PROPERTIES: -:CUSTOM_ID: decisions -:END: -** DONE On public SSH key leakage -:PROPERTIES: -:CUSTOM_ID: d38019ac-a2ad-484d-91e5-f4bdb1fa00ca -:END: -CLOSED: [2020-11-29 dim. 00:27] -- State "DONE" from [2020-09-06 dim. 00:00] - -As described in "[[https://rushter.com/blog/public-ssh-keys/][Public SSH keys can leak your private infrastructure]]", public -SSH keys can expose undesired infrastructure, specially for targeted attacks. - -I'm not considering this a threat, since the link between the server and me is -already public. It may be much more effective to just change the SSH port away -from the default: it doesn't accomplish the same thing, but it prevents simple -detections. It is still possible to find this out via a script, but is orders of -magnitute harder for the attacker. -** DONE Matrix over XMPP -:PROPERTIES: -:CUSTOM_ID: de89fc4e-5c36-4f6b-9227-221b70e9f321 -:END: -CLOSED: [2020-11-29 dim. 00:29] -- State "DONE" from [2020-11-29 dim. 00:29] -I'm picking Matrix. Not because of the protocol or anything else, but because it -has the two relevant double-puppeting bridges: mautrix-telegram and -mautrix-whatsapp. - -TBH I like XMPP much more, but without working puppeting bridges, I would stay -isolated with it, which would defeat the purpose of having a chat server on the -first place. - -Maybe an XMPP double-puppeting bridge could allow me to use an XMPP client to -talk with Telegram and WhatsApp chats. -* Resources -** https://framagit.org/tyreunom/system-configuration/ -** https://framagit.org/Jeko/guix-machine-os-ynm/ -* Scrath -Server requiremets: -- Guix for CI -- NGINX -- CGit, Git, Git Annex -- Prosody for XMPP -- Synapse for Matrix -- OpenSMTPD, Dovecot for email - -NGINX settings: -- HTTP2 -- gzip -- cache everything |