AGENTS.md: add public-repo note and concise NixOS server learnings; TODO.md: add verify step

Made-with: Cursor

AGENTS.md

@@ -12,3 +12,14 @@ darwin-rebuild switch --flake .
 
 Do not automatically run rebuild commands - ask the user first.
 
+## Repo is public
+
+No keys, tokens, or identifying secrets in the repo. Prefer `scp` or config outside the repo.
+
+## Learnings (NixOS server)
+
+- Minimal ISO: use Ethernet or the graphical installer (Wi‑Fi on minimal is fiddly).
+- Server hardware: stub in repo; user replaces with `nixos-generate-config --show-hardware-config` from the server.
+- Root password: console only; set danny’s password as root once for sudo.
+- SSH keys: use actual key names on the machine (e.g. `id_ed25519_github`), not assumed `id_ed25519`.
+

TODO.md

@@ -0,0 +1,16 @@
+# TODO
+
+1. ~~**AGENTS.md**~~ Done.
+
+2. **Secrets**
+   - Make sure we're not exposing any information in the repo. Prefer pushing keys via `scp` rather than committing them.
+
+3. **Server hardware before testing**
+   - Before checking if the server flake setup works: do we need to fetch anything from the server? (e.g. a hardware file?)
+   - The current `nixos/hosts/nixos-server-hardware.nix` is a stub, not based on the server's actual hardware. The repo's existing `hardware-configuration.nix` is for the MacBook. Fetch the server's config (e.g. `nixos-generate-config --show-hardware-config` on the server) and replace the stub.
+
+4. **Server**
+   - Continue configuring the server.
+
+5. **Verify**
+   - After 2–4: confirm server hardware in repo, flake builds, auto-rebuild works.