todo.md: add netns-related tasks
This commit is contained in:
6
TODO.md
6
TODO.md
@@ -20,6 +20,8 @@
|
|||||||
- rsync to ssh target fails because of restrictive sandboxing
|
- rsync to ssh target fails because of restrictive sandboxing
|
||||||
- `/mnt/.servo_ftp` retries every 10s, endlessly, rather than doing a linear backoff
|
- `/mnt/.servo_ftp` retries every 10s, endlessly, rather than doing a linear backoff
|
||||||
- repro by `systemctl stop sftpgo` on servo, then watching `mnt-.servo_ftp.{mount,timer}` on desko
|
- repro by `systemctl stop sftpgo` on servo, then watching `mnt-.servo_ftp.{mount,timer}` on desko
|
||||||
|
- `ovpns` (and presumably `doof`) net namespaces aren't firewalled
|
||||||
|
- not great because things like `bitmagnet` expose unprotected admin APIs by default!
|
||||||
|
|
||||||
## REFACTORING:
|
## REFACTORING:
|
||||||
- fold hosts/modules/ into toplevel modules/
|
- fold hosts/modules/ into toplevel modules/
|
||||||
@@ -28,6 +30,10 @@
|
|||||||
- ~/dev becomes a link to ~/ref/cat/mine
|
- ~/dev becomes a link to ~/ref/cat/mine
|
||||||
- fold hosts/common/home/ssh.nix -> hosts/common/users/colin.nix
|
- fold hosts/common/home/ssh.nix -> hosts/common/users/colin.nix
|
||||||
- don't hardcode IP addresses so much in servo
|
- don't hardcode IP addresses so much in servo
|
||||||
|
- modules/netns: migrate `sane.netns.$NS.services = [ FOO ]` option to be `systemd.services.$FOO.sane.netns = NS`
|
||||||
|
- then change the ExecStartPre check to not ping `ipinfo.net` or whatever.
|
||||||
|
either port all of `sane-ip-check` to use a self-hosted reflector,
|
||||||
|
or settle for something like `test -eq "$(ip route get ...)" "$expectedGateway"`
|
||||||
|
|
||||||
### sops/secrets
|
### sops/secrets
|
||||||
- user secrets could just use `gocryptfs`, like with ~/private?
|
- user secrets could just use `gocryptfs`, like with ~/private?
|
||||||
|
|||||||
Reference in New Issue
Block a user