From 3b2e3ddaab7a95a9d6713d217187d77bb3284500 Mon Sep 17 00:00:00 2001 From: _cry64 Date: Mon, 16 Feb 2026 09:32:40 +1000 Subject: [PATCH 1/8] add nginx overlay to overlays.nix --- hosts/butterfly/services/nginx.nix | 70 ++++++++++-------------------- overlays/default.nix | 12 +++-- 2 files changed, 31 insertions(+), 51 deletions(-) diff --git a/hosts/butterfly/services/nginx.nix b/hosts/butterfly/services/nginx.nix index ba78c0a..5dcb5c6 100644 --- a/hosts/butterfly/services/nginx.nix +++ b/hosts/butterfly/services/nginx.nix @@ -1,30 +1,13 @@ -{ - inputs, - pkgs, - ... -}: { - nixpkgs.overlays = [ - (self: super: { - # in wake of CVE-2022-3602/CVE-2022-3786 - nginxStable = super.nginxStable.override {openssl = pkgs.libressl;}; - }) - inputs.dobutterfliescry-net.overlays.default - ]; - - # simple nginx instance to host static construction page - # TODO: I want sshd and forgejo's ssh server to both be bound to port 22 - # So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc) - # and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address) +{pkgs, ...}: { services.nginx = { enable = true; - # XXX: TODO: this should auto use the nginxStable overlay no? - # in wake of CVE-2022-3602/CVE-2022-3786 - # package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; + # NOTE: in wake of CVE-2022-3602/CVE-2022-3786 nginxStable is overlayed + package = pkgs.nginx; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; + # recommendedGzipSettings = true; + # recommendedOptimisation = true; + # recommendedProxySettings = true; + # recommendedTlsSettings = true; # streamConfig = '' # server { @@ -43,40 +26,33 @@ enableACME = true; # kTLS = true; # offload TLS to the linux kernel }; - - vault = - { - forceSSL = true; - locations."/".proxyPass = "${localhost}:8222"; - } - // std; - forge = - { - forceSSL = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "${localhost}:3000"; - } - // std; in { "dobutterfliescry.net" = { default = true; - addSSL = true; # not strictly enforced <3 - # root = "/var/www/cry"; + addSSL = true; # addSSL NOT forceSSL <3 root = "${pkgs.dobutterfliescry-net}/www"; # extraConfig = '' # error_page 404 /custom_404.html; # ''; } // std; - # Route "vault" subdomain to vaultwarden - "vault.imbored.dev" = vault; - # Route "forge" subdomain to forgejo - # TODO: use `forgejo.settings.server.ENABLE_ACME` instead? + "vault.imbored.dev" = + { + forceSSL = true; + locations."/".proxyPass = "${localhost}:8222"; + } + // std; + # "tearforge.net" = + # { + # forceSSL = true; + # extraConfig = '' + # client_max_body_size 512M; + # ''; + # locations."/".proxyPass = "${localhost}:3000"; + # } + # // std; # "tearforge.net" = forge; - "forge.dobutterfliescry.net" = forge; }; }; } diff --git a/overlays/default.nix b/overlays/default.nix index 5c6507a..d18a23d 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,5 +1,5 @@ -[ - (self: super: { +{inputs, ...}: ( + self: super: { angry-oxide = import ../packages/angryoxide { pkgs = super; inherit @@ -18,6 +18,10 @@ pkgs = super; }; + # in wake of CVE-2022-3602/CVE-2022-3786 + nginxStable = super.nginxStable.override {openssl = super.libressl;}; + nginx = super.nginx.override {openssl = super.libressl;}; + element-desktop = super.element-desktop.overrideAttrs (final: prev: { desktopItems = [ ((builtins.elemAt prev.desktopItems 0).override { @@ -25,5 +29,5 @@ }) ]; }); - }) -] + } +) From b22bb3217ebfaae4605849c0cd0addceac3989d0 Mon Sep 17 00:00:00 2001 From: _cry64 Date: Mon, 16 Feb 2026 09:33:25 +1000 Subject: [PATCH 2/8] update git config --- homes/modules/git.nix | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/homes/modules/git.nix b/homes/modules/git.nix index 402efaa..c1e3ed6 100755 --- a/homes/modules/git.nix +++ b/homes/modules/git.nix @@ -7,24 +7,24 @@ enable = true; lfs.enable = true; - userName = "_cry64"; - userEmail = "them@dobutterfliescry.net"; - signing = { # key = "F68745A836CA0412"; # format = "openpgp"; # signByDefault = true; }; - aliases = { - s = "status"; - d = "diff"; - l = "log"; - c = "commit"; - p = "push"; - }; + settings = { + user.name = "_cry64"; + user.email = "them@dobutterfliescry.net"; + + alias = { + s = "status"; + d = "diff"; + l = "log"; + c = "commit"; + p = "push"; + }; - extraConfig = { color.ui = true; core.editor = "hx"; github.user = "cry128"; @@ -51,7 +51,7 @@ "codeberg:" ]; }; - "forgejo@forge.dobutterfliescry.net:2222/" = { + "git@tearforge.net/" = { insteadOf = [ "cry:" "forge:" From 921741546ea58c4925f2d73422c6b20e61d1f857 Mon Sep 17 00:00:00 2001 From: _cry64 Date: Mon, 16 Feb 2026 09:33:33 +1000 Subject: [PATCH 3/8] remove modules/server --- homes/modules/server/fail2ban.nix | 17 --------------- homes/modules/server/nginx.nix | 35 ------------------------------- homes/modules/server/ssh.nix | 13 ------------ 3 files changed, 65 deletions(-) delete mode 100755 homes/modules/server/fail2ban.nix delete mode 100755 homes/modules/server/nginx.nix delete mode 100755 homes/modules/server/ssh.nix diff --git a/homes/modules/server/fail2ban.nix b/homes/modules/server/fail2ban.nix deleted file mode 100755 index 0681c68..0000000 --- a/homes/modules/server/fail2ban.nix +++ /dev/null @@ -1,17 +0,0 @@ -{...}: { - # simple fail2ban config (not production ready or anything though) - # refer to: https://nixos.wiki/wiki/Fail2Ban - services.fail2ban = { - enable = true; - - maxretry = 5; - bantime = "10m"; # 10 minute ban - bantime-increment = { - enable = true; - formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - multipliers = "1 2 4 8 16 32 64"; - maxtime = "168h"; # dont ban for more than 1 week - overalljails = true; - }; - }; -} diff --git a/homes/modules/server/nginx.nix b/homes/modules/server/nginx.nix deleted file mode 100755 index a11b65c..0000000 --- a/homes/modules/server/nginx.nix +++ /dev/null @@ -1,35 +0,0 @@ -{...}: { - services = { - # use nginx as the reverse proxy - # (also will use certbot and Let's Encrypt) - # refer to: https://nixos.wiki/wiki/Nginx - nginx = { - enable = true; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - # https://imbored.dev - virtualHosts = { - "imbored.dev" = { - forceSSL = true; - enableACME = true; - # config reverse proxy paths - locations = { - "/" = { - # TODO - proxyPass = "http://127.0.0.1:12345"; - }; - }; - }; - }; - }; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "eclarkboman@gmail.com"; - }; -} diff --git a/homes/modules/server/ssh.nix b/homes/modules/server/ssh.nix deleted file mode 100755 index b898468..0000000 --- a/homes/modules/server/ssh.nix +++ /dev/null @@ -1,13 +0,0 @@ -{...}: { - services.openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = true; - PermitRootLogin = "no"; - AllowUsers = null; # allow all users by default - UseDns = true; - X11Forwarding = false; - }; - }; -} From 821349be7158126a6d7405570694062260840b0a Mon Sep 17 00:00:00 2001 From: _cry64 Date: Mon, 16 Feb 2026 09:34:17 +1000 Subject: [PATCH 4/8] add flatpak + nh --- groups/all/default.nix | 7 +++++++ groups/all/modules/flatpak.nix | 14 +++++++------- groups/cryde/default.nix | 3 --- groups/cryos/programs.nix | 2 +- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/groups/all/default.nix b/groups/all/default.nix index 3860303..a636196 100644 --- a/groups/all/default.nix +++ b/groups/all/default.nix @@ -24,6 +24,13 @@ ]; }; + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 7d --keep 3"; + flake = "/home/me/flake"; # sets NH_OS_FLAKE variable for you + }; + nix.settings = { # make wheel group trusted users allows my "ae" user # to import packages not signed by a trusted key diff --git a/groups/all/modules/flatpak.nix b/groups/all/modules/flatpak.nix index 20cf828..fbc2b38 100644 --- a/groups/all/modules/flatpak.nix +++ b/groups/all/modules/flatpak.nix @@ -1,12 +1,12 @@ {...}: { services.flatpak = { - remotes = [ - { - location = "https://dl.flathub.org/repo/flathub.flatpakrepo"; - name = "flathub"; - } - ]; + # DEBUG: remotes = [ + # DEBUG: { + # DEBUG: location = "https://dl.flathub.org/repo/flathub.flatpakrepo"; + # DEBUG: name = "flathub"; + # DEBUG: } + # DEBUG: ]; - uninstallUnmanaged = true; + # DEBUG: uninstallUnmanaged = true; }; } diff --git a/groups/cryde/default.nix b/groups/cryde/default.nix index 03cdd2c..02c1be0 100644 --- a/groups/cryde/default.nix +++ b/groups/cryde/default.nix @@ -109,9 +109,6 @@ }; systemPackages = with pkgs; [ sddm-theme-corners - # dependencies for my sddm theme: - # XXX: add these as a buildInput - # pkgs.libsForQt5.qt5.qtgraphicaleffects ]; }; diff --git a/groups/cryos/programs.nix b/groups/cryos/programs.nix index 947a1e5..3e58545 100644 --- a/groups/cryos/programs.nix +++ b/groups/cryos/programs.nix @@ -19,7 +19,7 @@ hexyl # ASM nasm - # x86-manpages # DEBUG + x86-manpages # C Family gcc clang From b6202ad56a9b1c3f982661197c5b22a7fea1775e Mon Sep 17 00:00:00 2001 From: _cry64 Date: Mon, 16 Feb 2026 09:35:29 +1000 Subject: [PATCH 5/8] update hosts (+ update sshPort) --- groups/server/default.nix | 22 +++++++++++++++++++--- homes/me/default.nix | 38 +++++++++++++------------------------- snow.nix | 15 +++++++++------ 3 files changed, 41 insertions(+), 34 deletions(-) diff --git a/groups/server/default.nix b/groups/server/default.nix index 6182ef1..32fe569 100644 --- a/groups/server/default.nix +++ b/groups/server/default.nix @@ -1,7 +1,7 @@ {lib, ...}: { networking.firewall = { allowedTCPPorts = [ - 22 + 42069 # ssh ]; }; @@ -9,7 +9,7 @@ # accept Lets Encrypt's security policy acme = { acceptTerms = true; - defaults.email = "them@dobutterfliescry.net"; + defaults.email = "eclarkboman@gmail.com"; }; sudo = { @@ -26,7 +26,7 @@ services = { openssh = { enable = true; - ports = [22]; + ports = [42069]; settings = { PasswordAuthentication = false; PermitRootLogin = "no"; @@ -37,6 +37,22 @@ }; }; + # simple fail2ban config (not production ready or anything though) + # refer to: https://nixos.wiki/wiki/Fail2Ban + services.fail2ban = { + enable = true; + + maxretry = 5; + bantime = "10m"; # 10 minute ban + bantime-increment = { + enable = true; + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + # multipliers = "1 2 4 8 16 32 64"; + maxtime = "168h"; # dont ban for more than 1 week + overalljails = true; + }; + }; + users = { users = { # primary user diff --git a/homes/me/default.nix b/homes/me/default.nix index 8484344..169219f 100755 --- a/homes/me/default.nix +++ b/homes/me/default.nix @@ -106,42 +106,30 @@ }; # set ssh profiles - # NOTE: (IMPORTANT) this DOES NOT start the ssh-agent - # for that you need to use `services.ssh-agent.enable` + # WARNING: this DOES NOT start the ssh-agent + # WARNING: for that you need to use `services.ssh-agent.enable` ssh = { enable = true; forwardAgent = false; - addKeysToAgent = "no"; + addKeysToAgent = "yes"; matchBlocks = { - hyrule = { - hostname = "imbored.dev"; - user = "ae"; - port = 22; - identityFile = "~/.ssh/id_hyrule"; + butterfly = { + hostname = "dobutterfliescry.net"; + user = "cry"; + port = 42069; + identityFile = "~/.ssh/id_butterfly"; setEnv = { TERM = "linux"; }; }; clocktown = { - hostname = "clocktown.dobutterfliescry.net"; - user = "root"; - port = 22; - identityFile = "~/.ssh/id_clocktown"; - }; - subspace = { - hostname = "imbored.dev"; - user = "subspace"; - port = 22; - identityFile = "~/.ssh/id_subspace"; - }; - dead = { - hostname = "deadlyserver.com"; - user = "emile"; - port = 29843; - identityFile = "~/.ssh/id_deadlyserver"; + hostname = "hyrule.dobutterfliescry.net"; + user = "cry"; + port = 42069; + identityFile = "~/.ssh/id_hyrule"; setEnv = { - TERM = "xterm-256color"; + TERM = "linux"; }; }; youcue = { diff --git a/snow.nix b/snow.nix index 7b263f3..4d3b575 100644 --- a/snow.nix +++ b/snow.nix @@ -13,10 +13,6 @@ cerulean.mkNexus ./. (self: { server = {}; }; - extraModules = with inputs; [ - home-manager.nixosModules.default - ]; - nodes = let inherit (self.nexus) @@ -47,14 +43,21 @@ cerulean.mkNexus ./. (self: { butterfly = { system = "x86_64-linux"; groups = [groups.server]; - deploy.ssh.host = "dobutterfliescry.net"; + deploy.ssh = { + host = "dobutterfliescry.net"; + user = "cry"; + port = 42069; + }; }; # pls dont sue me im broke hyrule = { system = "x86_64-linux"; groups = [groups.server]; - deploy.ssh.host = "hyrule.dobutterfliescry.net"; + deploy.ssh = { + host = "hyrule.dobutterfliescry.net"; + user = "cry"; + }; }; # call me a statistician the way she spreads in my sheets From ed8618c8a641214bede2b67d37e1efadd30ee863 Mon Sep 17 00:00:00 2001 From: _cry64 Date: Mon, 16 Feb 2026 09:35:47 +1000 Subject: [PATCH 6/8] add default nixpkgs.nix --- nixpkgs.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/nixpkgs.nix b/nixpkgs.nix index 12e275c..816800f 100644 --- a/nixpkgs.nix +++ b/nixpkgs.nix @@ -3,15 +3,17 @@ inputs, system, ... -}: { - nixpkgs.channels.default = { +} @ args: { + nixpkgs.channels.default = rec { + default = pkgs; # nixpkgs (stable branch) pkgs = { inherit system; source = inputs.nixpkgs; - overlays = - [inputs.dobutterfliescry-net.overlays.default] - ++ import ./overlays/default.nix; + overlays = [ + inputs.dobutterfliescry-net.overlays.default + (import ./overlays/default.nix args) + ]; config = { # allowUnfree = false; allowBroken = false; @@ -31,9 +33,10 @@ upkgs = { inherit system; source = inputs.nixpkgs-unstable; - overlays = - [inputs.dobutterfliescry-net.overlays.default] - ++ import ./overlays/default.nix; + overlays = [ + inputs.dobutterfliescry-net.overlays.default + (import ./overlays/default.nix args) + ]; config = { allowUnfree = false; allowBroken = false; From 4ecb9ad03aefec1ea28c66fb97b3f53cb0708379 Mon Sep 17 00:00:00 2001 From: _cry64 Date: Mon, 16 Feb 2026 09:35:57 +1000 Subject: [PATCH 7/8] progress flake --- flake.lock | 134 +++++++++++++++++++++++++++++++++++++---------------- flake.nix | 9 ++-- 2 files changed, 97 insertions(+), 46 deletions(-) diff --git a/flake.lock b/flake.lock index 6285619..26fea2d 100644 --- a/flake.lock +++ b/flake.lock @@ -3,12 +3,11 @@ "cerulean": { "inputs": { "deploy-rs": "deploy-rs", + "home-manager": "home-manager", + "microvm": "microvm", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-unstable": [ - "nixpkgs-unstable" - ], "nt": [ "nt" ], @@ -17,20 +16,26 @@ ] }, "locked": { - "lastModified": 1770984845, - "narHash": "sha256-si6XCx0xGq3z7dZSVCx5NgVxgFdnTc1qaKro5IemG70=", - "path": "/home/me/cry/mk/Cerulean", - "type": "path" + "lastModified": 1771194110, + "narHash": "sha256-x6rijGWmPL5FTpkr+8vpcKKCOT33QHEV8bP6ibEAXFE=", + "owner": "cry128", + "repo": "Cerulean", + "rev": "d527937829dec0f410f126a2f85e374cb99a2fbb", + "type": "github" }, "original": { - "path": "/home/me/cry/mk/Cerulean", - "type": "path" + "owner": "cry128", + "repo": "Cerulean", + "type": "github" } }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "cerulean", + "nixpkgs" + ], "utils": "utils" }, "locked": { @@ -166,6 +171,7 @@ "home-manager": { "inputs": { "nixpkgs": [ + "cerulean", "nixpkgs" ] }, @@ -184,6 +190,49 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1770260404, + "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, + "microvm": { + "inputs": { + "nixpkgs": [ + "cerulean", + "nixpkgs" + ], + "spectrum": "spectrum" + }, + "locked": { + "lastModified": 1770310890, + "narHash": "sha256-lyWAs4XKg3kLYaf4gm5qc5WJrDkYy3/qeV5G733fJww=", + "owner": "microvm-nix", + "repo": "microvm.nix", + "rev": "68c9f9c6ca91841f04f726a298c385411b7bfcd5", + "type": "github" + }, + "original": { + "owner": "microvm-nix", + "repo": "microvm.nix", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1767983141, @@ -270,16 +319,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", - "owner": "NixOS", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -316,22 +365,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1770770419, - "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1767313136, "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", @@ -350,18 +383,21 @@ "nt": { "inputs": { "nix-unit": "nix-unit", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "systems": "systems_2" }, "locked": { - "lastModified": 1770975061, - "narHash": "sha256-dedEcQSEzur2/pBcxFFygkSrMuKGOUWThOUD2LXMCsA=", - "path": "/home/me/cry/mk/nt", - "type": "path" + "lastModified": 1770975056, + "narHash": "sha256-ZXTz/P3zUbbM6lNXzt91u8EwfNqhXpYMu8+wvFZqQHE=", + "owner": "cry128", + "repo": "nt", + "rev": "f42dcdd49a7921a7f433512e83d5f93696632412", + "type": "github" }, "original": { - "path": "/home/me/cry/mk/nt", - "type": "path" + "owner": "cry128", + "repo": "nt", + "type": "github" } }, "root": { @@ -369,15 +405,31 @@ "cerulean": "cerulean", "dobutterfliescry-net": "dobutterfliescry-net", "grub2-themes": "grub2-themes", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nix-flatpak": "nix-flatpak", "nixcord": "nixcord", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "nt": "nt", "systems": "systems_3" } }, + "spectrum": { + "flake": false, + "locked": { + "lastModified": 1759482047, + "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=", + "ref": "refs/heads/main", + "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9", + "revCount": 996, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 6f73362..2e7b315 100644 --- a/flake.nix +++ b/flake.nix @@ -12,16 +12,15 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # nt.url = "github:cry128/nt"; - nt.url = "/home/me/cry/mk/nt"; + nt.url = "github:cry128/nt"; + # nt.url = "/home/me/cry/mk/nt"; cerulean = { - # url = "github:cry128/Cerulean"; - url = "/home/me/cry/mk/Cerulean"; + url = "github:cry128/Cerulean"; + # url = "/home/me/cry/mk/Cerulean"; inputs = { systems.follows = "systems"; nixpkgs.follows = "nixpkgs"; - nixpkgs-unstable.follows = "nixpkgs-unstable"; nt.follows = "nt"; }; }; From 648f53ae758b1e39acfd06f0270ffb2dc4c834fe Mon Sep 17 00:00:00 2001 From: _cry64 Date: Mon, 16 Feb 2026 09:36:01 +1000 Subject: [PATCH 8/8] add TODO.md --- TODO.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 TODO.md diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..52635fc --- /dev/null +++ b/TODO.md @@ -0,0 +1,10 @@ +- [ ] Update the README.md +- [ ] switch ssh keys to ECC (fuck RSA) + +- [ ] migrate forge.dobutterfliescry.net -> tearforge.net +- [ ] rename forgejo user to git +- [ ] setup my own VPN +- [ ] connect match to my VPN +- [ ] use matcha to build stuff instead of using my laptop + +- [ ] make `ceru` do local and remote deployments