From dfeac5585f95fd4f07a164e9002cca3b5527f3be Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 17:29:34 -0500 Subject: [PATCH 1/2] chore: added task to README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index dc12d35..ba6bfc2 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins +- [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices ## Broken things - [ ] figure out steam vr things? @@ -65,6 +66,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut +- [ ] every service needs to have its own data pool - [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 ## Data Access From c6b129726d772900d459824979697d7d5eb19e99 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 17:45:26 -0500 Subject: [PATCH 2/2] chore: added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ba6bfc2..08c689f 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards - [ ] make radarr, sonarr, and bazarr accessible over vpn - [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's ## Services - [ ] vikunja service for project management