1 files changed, 299 insertions, 0 deletions
diff --git a/TODOs.rst b/TODOs.rst
new file mode 100644
index 0000000..6d86655
--- /dev/null
+++ b/TODOs.rst
@@ -0,0 +1,299 @@
+Tasks
+=====
+
+.. _bc537812-5f9d-4760-8c95-9ae933ecbd57:
+
+TODO Try running on the Raspberry Pi
+------------------------------------
+- TODO in 2020-01-12
+
+  a b c
+
+- DONE in 2020-01-02
+
+  xu pliuw
+
+nest
+~~~~
+
+#. woeifj
+
+   #. woeifj
+
+.. _ac19877b-55e3-48c8-8c3a-071124d23cd2:
+
+TODO Use custom README converter
+--------------------------------
+
+- TODO in 2021-01-12
+
+----
+
+Convert ``README`` file using markdown instead of plain text.
+
+.. _92d8ad8d-df93-49c1-8393-eb7147326c29:
+
+DONE Add index.html on built website
+------------------------------------
+
+-  State "DONE" from [2020-12-02 mer. 15:47]
+   Generate index.html from README.md. Done in
+   :commit:6d95acf144a4f2e48cb603af3a8032c172ceb53e .
+-  State "TODO" from [2020-12-02 mer. 15:41]
+
+.. _dee378cd-9e41-402b-9018-e9ebb05ef75d:
+
+TODO Test Guix deploy
+---------------------
+
+-  State "TODO" from [2020-12-02 mer. 17:21]
+
+.. _d76d4d2c-f07e-420b-8f30-28eb258494a6:
+
+TODO External volume
+--------------------
+
+-  State "TODO" from [2020-11-30 lun. 01:19]
+
+.. code:: hcl
+
+   variable "storage_name" {
+     type        = string
+     description = "Name of the block storage volume, which will also be the name of it's mount point."
+   }
+
+   resource "vultr_block_storage" "vps_storage" {
+     size_gb     = 10
+     region_id   = 9
+     attached_id = vultr_server.vps_server.id
+     label       = var.storage_name
+     live        = "yes"
+   }
+
+.. _708bcd4f-4574-4227-8737-fcb10621f1ec:
+
+TODO Backups
+------------
+
+-  State "TODO" from [2020-11-30 lun. 01:19]
+
+If possible, put every data subfolder under the same folder, and just
+backup the top-level folder. This also allows me to put it on an
+external volum and grow it more easily.
+
+No real need to backup cgit, Jekyll, documetation and Cuirass, but
+useful to have if available.
+
+The certificates should be backed up, so that restoring doesn't involve
+re-creating everything from scratch.
+
+.. _email:
+
+TODO Email
+~~~~~~~~~~
+
+-  State "TODO" from [2020-11-30 lun. 01:20]
+
+.. _matrix:
+
+TODO Matrix
+~~~~~~~~~~~
+
+-  State "TODO" from [2020-11-30 lun. 01:19]
+
+.. _certificates:
+
+TODO Certificates
+~~~~~~~~~~~~~~~~~
+
+-  State "TODO" from [2020-11-30 lun. 01:19]
+
+::
+
+   /etc/letsencrypt
+
+.. _5f0457af-49dc-4122-83ff-a0604e3c6a02:
+
+TODO Monitoring
+---------------
+
+-  State "TODO" from [2020-11-30 lun. 01:20]
+
+-  https://mmonit.com/monit/
+
+-  https://collectd.org/
+
+Reports via email.
+
+.. _ee160451-cfe8-49b2-a71f-6f1dca02cb9d:
+
+TODO Intrusion prevention and detection
+---------------------------------------
+
+-  State "TODO" from [2020-11-30 lun. 01:20]
+
+-  http://www.fail2ban.org/wiki/index.php/Main_Page
+
+-  http://rkhunter.sourceforge.net/
+
+.. _f8a54acf-a417-4957-ac13-21df9a57ed4c:
+
+TODO Security review
+--------------------
+
+-  State "TODO" from [2020-11-30 lun. 01:20]
+
+https://cheatsheetseries.owasp.org/Glossary.html
+
+.. _7d57aa50-597e-4a86-b9d7-c2d84f53e1c6:
+
+TODO Build new Guix image and document the steps
+------------------------------------------------
+
+-  State "TODO" from [2020-11-29 dim. 02:10]
+
+Instead of syncing the ``.bashrc`` file, I should put my aliases in the
+base image.
+
+Setup custom SSH port in the base image itself.
+
+.. _43a7a634-84ec-41de-b243-c27fd4a44c25:
+
+TODO Setup cgit
+---------------
+
+-  State "TODO" from [2020-11-30 lun. 01:20]
+
+-  setup ``README`` file rendering
+
+-  force redirect HTTPS
+
+-  permanent redirect www and everything else to non-www
+
+.. _dd3f2bc7-8d6d-4bab-9a5e-d3211115e4f4:
+
+TODO Add email mcron job report
+-------------------------------
+
+-  State "TODO" from [2020-11-29 dim. 20:21]
+
+Bugs
+====
+
+Improvements
+============
+
+Services
+========
+
+.. _git.tld-cgit:
+
+TODO ``git.$tld``: cgit
+-----------------------
+
+.. _project.tld-static-documentation-for-projects:
+
+TODO ``$project.$tld``: static documentation for projects
+---------------------------------------------------------
+
+.. _ci.tld-single-static-html-ci-page:
+
+TODO ``ci.$tld``: single static HTML CI page
+--------------------------------------------
+
+.. _mail.tld-email:
+
+TODO ``mail.$tld``: email
+-------------------------
+
+.. _chat.tld-matrixxmpp:
+
+TODO ``chat.$tld``: Matrix/XMPP
+-------------------------------
+
+https://news.ycombinator.com/item?id=25669864
+
+.. _meet.tld-jitsinextcloud-talk:
+
+TODO ``meet.$tld``: Jitsi/Nextcloud Talk
+----------------------------------------
+
+.. _tld-jekyll-blog:
+
+TODO ``$tld``: Jekyll blog
+--------------------------
+
+Decisions
+=========
+
+.. _d38019ac-a2ad-484d-91e5-f4bdb1fa00ca:
+
+DONE On public SSH key leakage
+------------------------------
+
+CLOSED: [2020-11-29 dim. 00:27]
+
+-  State "DONE" from [2020-09-06 dim. 00:00]
+
+As described in "`Public SSH keys can leak your private
+infrastructure <https://rushter.com/blog/public-ssh-keys/>`__", public
+SSH keys can expose undesired infrastructure, specially for targeted
+attacks.
+
+I'm not considering this a threat, since the link between the server and
+e is already public. It may be much more effective to just change the
+SSH port away from the default: it doesn't accomplish the same thing,
+but it prevents simple detections. It is still possible to find this out
+via a script, but is orders of magnitute harder for the attacker.
+
+.. _de89fc4e-5c36-4f6b-9227-221b70e9f321:
+
+DONE Matrix over XMPP
+---------------------
+
+CLOSED: [2020-11-29 dim. 00:29]
+
+-  State "DONE" from [2020-11-29 dim. 00:29]
+
+I'm picking Matrix. Not because of the protocol or anything else, but
+because it has the two relevant double-puppeting bridges:
+mautrix-telegram and mautrix-whatsapp.
+
+TBH I like XMPP much more, but without working puppeting bridges, I
+would stay isolated with it, which would defeat the purpose of having a
+chat server on the first place.
+
+Maybe an XMPP double-puppeting bridge could allow me to use an XMPP
+client to talk with Telegram and WhatsApp chats.
+
+Resources
+=========
+
+https://framagit.org/tyreunom/system-configuration/
+---------------------------------------------------
+
+https://framagit.org/Jeko/guix-machine-os-ynm/
+----------------------------------------------
+
+Scrath
+======
+
+Server requiremets:
+
+-  Guix for CI
+-  NGINX
+-  CGit, Git, Git Annex
+-  Prosody for XMPP
+-  Synapse for Matrix
+-  OpenSMTPD, Dovecot for email
+
+NGINX settings:
+
+-  HTTP2
+-  gzip
+-  cache everything
+# mutt
+- configure in ~/annex/bin/misc/mail/
+
+# VPS
+- setup chat servers: XMPP and Matrix