nixos-server: flake, hardware, readme bootstrap, server-quickstart, TODO

Made-with: Cursor

TODO.md

@@ -1,16 +1,15 @@
 # TODO
 
-1. ~~**AGENTS.md**~~ Done.
+1. **Secrets** (started)
+   - SSH public keys removed from `nixos/hosts/nixos-server.nix` and `nixos/server-install-configuration.nix`. Keys are not managed by NixOS there; use scp (see comments in those files and server-quickstart.md).
+   - Optional: audit repo for other IDs (emails, UUIDs) if desired.
 
-2. **Secrets**
-   - Make sure we're not exposing any information in the repo. Prefer pushing keys via `scp` rather than committing them.
+2. ~~**Server hardware before testing**~~ Done. Fetched via `ssh danny@server 'sudo cat /etc/nixos/hardware-configuration.nix'`, replaced stub; added boot.loader and system.stateVersion; flake check passes.
 
-3. **Server hardware before testing**
-   - Before checking if the server flake setup works: do we need to fetch anything from the server? (e.g. a hardware file?)
-   - The current `nixos/hosts/nixos-server-hardware.nix` is a stub, not based on the server's actual hardware. The repo's existing `hardware-configuration.nix` is for the MacBook. Fetch the server's config (e.g. `nixos-generate-config --show-hardware-config` on the server) and replace the stub.
+3. **Server**
+   - Continue configuring the server (add more services to `hosts/nixos-server.nix` as needed).
 
-4. **Server**
-   - Continue configuring the server.
-
-5. **Verify**
+4. **Verify**
    - After 2–4: confirm server hardware in repo, flake builds, auto-rebuild works.
+
+5. Rename nixos-server to <something-cooler>