start tracking TODO items in-repo
This commit is contained in:
parent
596aaf93f6
commit
efd45c58f1
23
TODO.md
Normal file
23
TODO.md
Normal file
|
@ -0,0 +1,23 @@
|
|||
## refactoring:
|
||||
### sops/secrets
|
||||
- move every secret into its own file.
|
||||
- define SOPS secrets by crawling the ./secrets directory instead of manually defining them.
|
||||
- see about removing the sops activation script and just using systemd scripts instead.
|
||||
- maybe this fixes the multiple "building the system configuration..." messages during nixos-rebuild switch?
|
||||
|
||||
### roles
|
||||
- allow any host to take the role of `uninsane.org`
|
||||
- will make it easier to test new services?
|
||||
|
||||
## improvements:
|
||||
### security
|
||||
- have `sane.programs` be wrapped such that they run in a cgroup?
|
||||
- at least, only give them access to the portion of the fs they *need*.
|
||||
- Android takes approach of giving each app its own user: could hack that in here.
|
||||
|
||||
|
||||
## new features:
|
||||
- add a FTP-accessible file share to servo
|
||||
- just /var/www?
|
||||
- migrate MAME cabinet to nix
|
||||
- boot it from PXE from servo?
|
Loading…
Reference in New Issue
Block a user