dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/TODO.md
DannyDannyDanny 1338fb1b68 Rename nixos-server to sunken-ship 
- Rename hosts/nixos-server.nix -> sunken-ship.nix, nixos-server-hardware.nix -> sunken-ship-hardware.nix
- Flake: nixos-server -> sunken-ship, update module path
- Set networking.hostName = sunken-ship in server configs
- Update AGENTS.md, nixos/readme.md, docs/ssh-and-secrets.md, TODO.md

Made-with: Cursor
2026-03-01 12:44:28 +01:00

1.3 KiB
Raw Blame History

TODO

  1. Secrets — Approach A (see docs/ssh-and-secrets.md): public repo only, one key per purpose (AGENTS.md), server keys via scp. Optional later: private repo + sops-nix.

    • GitHub: Use id_ed25519_github; in ~/.ssh/config: Host github.com with IdentityFile ~/.ssh/id_ed25519_github and IdentitiesOnly yes. Remove id_rsa_github from GitHub and locally once confirmed unused.
    • sunken-ship: Switch to key auth if still on password: on server mkdir -p ~/.ssh; chmod 700 ~/.ssh; from Mac scp ~/.ssh/id_ed25519_github.pub danny@SERVER:/tmp/; on server cat /tmp/id_ed25519_github.pub >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys. Optional: create id_ed25519_servers and use only for servers (add Host in config).
    • Forgejo: When needed: create id_ed25519_forgejo, add to forge, add Host in ~/.ssh/config.

  2. Server

    • Only I use the machine. Access: SSH keys only (no password auth).
    • Continue configuring (add services in hosts/sunken-ship.nix as needed).
    • SSH: key-only auth; disable password auth. Optionally restrict SSH to LAN.
    • Passwordless sudo for wheel.

  3. Rename nixos-server to sunken-ship Done.

  4. Give wifi access instead of ethernet.

  5. Host telegram bot once again (for what purpose?)