24 lines
885 B
Markdown
24 lines
885 B
Markdown
|
## refactoring:
|
||
|
### sops/secrets
|
||
|
- move every secret into its own file.
|
||
|
- define SOPS secrets by crawling the ./secrets directory instead of manually defining them.
|
||
|
- see about removing the sops activation script and just using systemd scripts instead.
|
||
|
- maybe this fixes the multiple "building the system configuration..." messages during nixos-rebuild switch?
|
||
|
|
||
|
### roles
|
||
|
- allow any host to take the role of `uninsane.org`
|
||
|
- will make it easier to test new services?
|
||
|
|
||
|
## improvements:
|
||
|
### security
|
||
|
- have `sane.programs` be wrapped such that they run in a cgroup?
|
||
|
- at least, only give them access to the portion of the fs they *need*.
|
||
|
- Android takes approach of giving each app its own user: could hack that in here.
|
||
|
|
||
|
|
||
|
## new features:
|
||
|
- add a FTP-accessible file share to servo
|
||
|
- just /var/www?
|
||
|
- migrate MAME cabinet to nix
|
||
|
- boot it from PXE from servo?
|