* Tasks :PROPERTIES: :CUSTOM_ID: tasks :END: ** TODO Add index.html on built website - State "TODO" from [2020-12-02 mer. 15:41] ** TODO External volume - State "TODO" from [2020-11-30 lun. 01:19] #+BEGIN_SRC hcl variable "storage_name" { type = string description = "Name of the block storage volume, which will also be the name of it's mount point." } resource "vultr_block_storage" "vps_storage" { size_gb = 10 region_id = 9 attached_id = vultr_server.vps_server.id label = var.storage_name live = "yes" } #+END_SRC ** TODO Backups - State "TODO" from [2020-11-30 lun. 01:19] If possible, put every data subfolder under the same folder, and just backup the top-level folder. This also allows me to put it on an external volum and grow it more easily. No real need to backup cgit, Jekyll, documetation and Cuirass, but useful to have if available. The certificates should be backed up, so that restoring doesn't involve re-creating everything from scratch. *** TODO Email - State "TODO" from [2020-11-30 lun. 01:20] *** TODO Matrix - State "TODO" from [2020-11-30 lun. 01:19] *** TODO Certificates - State "TODO" from [2020-11-30 lun. 01:19] : /etc/letsencrypt ** TODO Monitoring - State "TODO" from [2020-11-30 lun. 01:20] - https://mmonit.com/monit/ - https://collectd.org/ Reports via email. ** TODO Intrusion prevention and detection - State "TODO" from [2020-11-30 lun. 01:20] - http://www.fail2ban.org/wiki/index.php/Main_Page - http://rkhunter.sourceforge.net/ ** TODO Security review - State "TODO" from [2020-11-30 lun. 01:20] https://cheatsheetseries.owasp.org/Glossary.html ** TODO Build new Guix image and document the steps - State "TODO" from [2020-11-29 dim. 02:10] Instead of syncing the =.bashrc= file, I should put my aliases in the base image. ** TODO Setup cgit - State "TODO" from [2020-11-30 lun. 01:20] - setup =README= file rendering - force redirect HTTPS - permanent redirect www and everything else to non-www ** TODO Add email mcron job report - State "TODO" from [2020-11-29 dim. 20:21] * Bugs :PROPERTIES: :CUSTOM_ID: bugs :END: * Services ** TODO =git.$tld=: cgit ** TODO =$project.$tld=: static documentation for projects ** TODO =ci.$tld=: cuirass ** TODO =mail.$tld=: email ** TODO =chat.$tld=: Matrix/XMPP ** TODO =meet.$tld=: Jitsi/Nextcloud Talk ** TODO =$tld=: Jekyll blog * Improvements * Decisions :PROPERTIES: :CUSTOM_ID: decisions :END: ** DONE On public SSH key leakage :PROPERTIES: :CUSTOM_ID: d38019ac-a2ad-484d-91e5-f4bdb1fa00ca :END: CLOSED: [2020-11-29 dim. 00:27] - State "DONE" from [2020-09-06 dim. 00:00] As described in "[[https://rushter.com/blog/public-ssh-keys/][Public SSH keys can leak your private infrastructure]]", public SSH keys can expose undesired infrastructure, specially for targeted attacks. I'm not considering this a threat, since the link between the server and me is already public. It may be much more effective to just change the SSH port away from the default: it doesn't accomplish the same thing, but it prevents simple detections. It is still possible to find this out via a script, but is orders of magnitute harder for the attacker. ** DONE Matrix over XMPP :PROPERTIES: :CUSTOM_ID: de89fc4e-5c36-4f6b-9227-221b70e9f321 :END: CLOSED: [2020-11-29 dim. 00:29] - State "DONE" from [2020-11-29 dim. 00:29] I'm picking Matrix. Not because of the protocol or anything else, but because it has the two relevant double-puppeting bridges: mautrix-telegram and mautrix-whatsapp. TBH I like XMPP much more, but without working puppeting bridges, I would stay isolated with it, which would defeat the purpose of having a chat server on the first place. Maybe an XMPP double-puppeting bridge could allow me to use an XMPP client to talk with Telegram and WhatsApp chats. * Resources ** https://framagit.org/tyreunom/system-configuration/ * Scrath