dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/TODO.md
DannyDannyDanny cd7658f452 doc: SSH key management and secrets 📝 
- Updated AGENTS.md to specify one key per purpose for SSH access, including naming conventions and configuration tips.
- Revised README.md to streamline the roadmap and link to SSH and secrets documentation.
- Created docs/ssh-and-secrets.md to outline the strategy for managing SSH keys and secrets in a public repo.
- Refined TODO.md to reflect the new approach for secrets and server configuration tasks.
2026-03-01 11:55:44 +01:00

1.9 KiB
Raw Blame History

TODO

  1. Secrets — Approach A (see docs/ssh-and-secrets.md): public repo only, one key per purpose (AGENTS.md), server keys via scp. Optional later: private repo + sops-nix.

    • GitHub: Use id_ed25519_github; in ~/.ssh/config: Host github.com with IdentityFile ~/.ssh/id_ed25519_github and IdentitiesOnly yes. Remove id_rsa_github from GitHub and locally once confirmed unused.
    • nixos-server: Switch to key auth if still on password: on server mkdir -p ~/.ssh; chmod 700 ~/.ssh; from Mac scp ~/.ssh/id_ed25519_github.pub danny@SERVER:/tmp/; on server cat /tmp/id_ed25519_github.pub >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys. Optional: create id_ed25519_servers and use only for servers (add Host in config).
    • Forgejo: When needed: create id_ed25519_forgejo, add to forge, add Host in ~/.ssh/config.

  2. Server

    • Only I use the machine. Access: SSH keys only (no password auth).
    • Continue configuring (add services in hosts/nixos-server.nix as needed).
    • SSH: key-only auth; disable password auth. Optionally restrict SSH to LAN.
    • Passwordless sudo for wheel.

  3. Rename nixos-server to

    • Shortlist hostnames; then do flake + hostname + docs in one pass.
    • Monte Cristothemed candidates (two-word, non-human):
      • Ships / sea: sunken-ship, phantom-ship, rusty-anchor, salty-wind, stormy-wave, calm-harbor, distant-shore, foreign-port, wooden-hull, anchor-chain
      • Prison / stone: prison-rock, cold-stone, iron-chain, damp-cell, guard-tower, midnight-bell, stony-corridor, broken-chain
      • Secrets / treasure: buried-treasure, secret-cave, forgotten-tunnel, hidden-key, rusty-sword, faded-parchment, ancient-map, broken-seal, buried-chest
      • Atmosphere: strange-companion, masked-ball, poison-vial

  4. Give wifi access instead of ethernet.

  5. Host telegram bot once again (for what purpose?)