colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nix-files/TODO.md

4.9 KiB
Raw Permalink Blame History

BUGS

  • mpv UI is sometimes blank for audio/podcasts?
    • i think it's when the audio file has no thumbnail?
  • why i need to manually restart wireguard-wg-ovpns on servo periodically
    • else DNS fails
  • fix epiphany URL bar input on moby
  • sxmo: wvkbd: missing font for icons on the 3rd page

REFACTORING:

sops/secrets

  • attach secrets to the thing they're used by (sane.programs)
  • rework secrets to leverage sane.fs
  • remove sops activation script as it's covered by my systemd sane.fs impl

roles

  • allow any host to take the role of uninsane.org
    • will make it easier to test new services?

upstreaming

upstreaming to non-nixpkgs repos

IMPROVEMENTS:

security/resilience

  • validate duplicity backups!
  • encrypt more ~ dirs (~/archives, ~/records, ..?)
    • best to do this after i know for sure i have good backups
  • have sane.programs be wrapped such that they run in a cgroup?
    • at least, only give them access to the portion of the fs they need.
    • Android takes approach of giving each app its own user: could hack that in here.
    • systemd-run takes a command and runs it in a temporary scope (cgroup)
    • flatpak does this, somehow
    • apparmor? SElinux? (desktop) "portals"?
    • see Spectrum OS; Alyssa Ross; etc
    • bubblewrap-based sandboxing: https://github.com/nixpak/nixpak
  • canaries for important services
    • e.g. daily email checks; daily backup checks
    • integrate nix check into Gitea actions?

user experience

  • moby: sxmo: fix youtube scripts (package youtube-cli)
  • moby: tune GPS
    • run only geoclue, and not gpsd, to save power?
    • tune QGPS setting in eg25-control, for less jitter?
    • direct mepo to prefer gpsd, with fallback to geoclue, for better accuracy?
    • configure geoclue to do some smoothing?
    • manually do smoothing, as some layer between mepo and geoclue/gpsd?
  • neovim: set up language server (lsp; rnix-lsp; nvim-lspconfig)
  • Helix: make copy-to-system clipboard be the default
  • firefox/librewolf: persist history
    • just not cookies or tabs
  • moby: improve gPodder launch time
  • moby: theme GTK apps (i.e. non-adwaita styles)
  • package Nix/NixOS docs for Zeal
  • have xdg-open parse `repo:... URIs (or adjust them so that it can parse)
  • sane-bt-search: show details like 5.1 vs stereo, h264 vs h265
  • uninsane.org: make URLs relative to allow local use (and as offline homepage)
  • email: fix so that local mail doesn't go to junk
    • git sendmail flow adds the DKIM signatures, but gets delivered locally w/o having the sig checked, so goes into Junk
    • could change junk filter from "no DKIM success" to explicit "DKIM failed"
  • sxmo: don't put all deps on PATH
    • maybe: use resholve to hard-code them
      • this is the most "correct", but least patchable
    • maybe: express each invocation as a function in sxmo_common.sh
      • this will require some patching to handle exec <foo> style
    • maybe: save original PATH and reset it before invoking user files

perf

  • add pkgs.impure-cached.<foo> package set to build things with ccache enabled
    • every package here can be auto-generated, and marked with some env var so that it doesn't pollute the pure package set
    • would be super handy for package prototyping!
  • why does nixos-rebuild switch take 5 minutes when net is flakey?
    • trying to auto-mount servo?
    • something to do with systemd services restarting/stalling
    • maybe wireguard & its refresh operation, specifically?
  • get moby to build without binfmt emulation (i.e. make all emulation explicit)
    • then i can distribute builds across servo + desko, and also allow servo to pull packages from desko w/o worrying about purity

NEW FEATURES: