start tracking TODO items in-repo
This commit is contained in:
parent
596aaf93f6
commit
efd45c58f1
23
TODO.md
Normal file
23
TODO.md
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
## refactoring:
|
||||||
|
### sops/secrets
|
||||||
|
- move every secret into its own file.
|
||||||
|
- define SOPS secrets by crawling the ./secrets directory instead of manually defining them.
|
||||||
|
- see about removing the sops activation script and just using systemd scripts instead.
|
||||||
|
- maybe this fixes the multiple "building the system configuration..." messages during nixos-rebuild switch?
|
||||||
|
|
||||||
|
### roles
|
||||||
|
- allow any host to take the role of `uninsane.org`
|
||||||
|
- will make it easier to test new services?
|
||||||
|
|
||||||
|
## improvements:
|
||||||
|
### security
|
||||||
|
- have `sane.programs` be wrapped such that they run in a cgroup?
|
||||||
|
- at least, only give them access to the portion of the fs they *need*.
|
||||||
|
- Android takes approach of giving each app its own user: could hack that in here.
|
||||||
|
|
||||||
|
|
||||||
|
## new features:
|
||||||
|
- add a FTP-accessible file share to servo
|
||||||
|
- just /var/www?
|
||||||
|
- migrate MAME cabinet to nix
|
||||||
|
- boot it from PXE from servo?
|
Loading…
Reference in New Issue
Block a user