start tracking TODO items in-repo

2023-05-13 10:04:46 +00:00 · 2023-05-13 10:04:46 +00:00 · efd45c58f1
commit efd45c58f1
parent 596aaf93f6
1 changed files with 23 additions and 0 deletions
--- a/TODO.md
+++ b/TODO.md
@ -0,0 +1,23 @@
+## refactoring:
+### sops/secrets
+- move every secret into its own file.
+- define SOPS secrets by crawling the ./secrets directory instead of manually defining them.
+- see about removing the sops activation script and just using systemd scripts instead.
+    - maybe this fixes the multiple "building the system configuration..." messages during nixos-rebuild switch?
+
+### roles
+- allow any host to take the role of `uninsane.org`
+    - will make it easier to test new services?
+
+## improvements:
+### security
+- have `sane.programs` be wrapped such that they run in a cgroup?
+    - at least, only give them access to the portion of the fs they *need*.
+    - Android takes approach of giving each app its own user: could hack that in here.
+
+
+## new features:
+- add a FTP-accessible file share to servo
+    - just /var/www?
+- migrate MAME cabinet to nix
+    - boot it from PXE from servo?