2023-05-13 10:04:46 +00:00
|
|
|
## refactoring:
|
|
|
|
|
### sops/secrets
|
2023-05-14 09:58:49 +00:00
|
|
|
- attach secrets to the thing they're used by (sane.programs)
|
|
|
|
|
- rework secrets to leverage `sane.fs`
|
|
|
|
|
- remove sops activation script as it's covered by my systemd sane.fs impl
|
2023-05-13 10:04:46 +00:00
|
|
|
|
|
|
|
|
### roles
|
|
|
|
|
- allow any host to take the role of `uninsane.org`
|
|
|
|
|
- will make it easier to test new services?
|
|
|
|
|
|
|
|
|
|
## improvements:
|
2023-05-14 02:08:09 +00:00
|
|
|
### security/resilience
|
|
|
|
|
- validate duplicity backups!
|
|
|
|
|
- encrypt more ~ dirs (~/archives, ~/records, ..?)
|
|
|
|
|
- best to do this after i know for sure i have good backups
|
2023-05-13 10:04:46 +00:00
|
|
|
- have `sane.programs` be wrapped such that they run in a cgroup?
|
|
|
|
|
- at least, only give them access to the portion of the fs they *need*.
|
|
|
|
|
- Android takes approach of giving each app its own user: could hack that in here.
|
2023-05-14 02:08:09 +00:00
|
|
|
- canaries for important services
|
|
|
|
|
- e.g. daily email checks; daily backup checks
|
2023-05-13 10:04:46 +00:00
|
|
|
|
2023-05-13 12:52:45 +00:00
|
|
|
### perf
|
|
|
|
|
- why does nixos-rebuild switch take 5 minutes when net is flakey?
|
2023-05-14 02:08:09 +00:00
|
|
|
- trying to auto-mount servo?
|
2023-05-13 12:52:45 +00:00
|
|
|
- something to do with systemd services restarting/stalling
|
|
|
|
|
- maybe wireguard & its refresh operation, specifically?
|
|
|
|
|
|
2023-05-13 10:04:46 +00:00
|
|
|
|
|
|
|
|
## new features:
|
|
|
|
|
- add a FTP-accessible file share to servo
|
|
|
|
|
- just /var/www?
|
|
|
|
|
- migrate MAME cabinet to nix
|
|
|
|
|
- boot it from PXE from servo?
|
