plausible + other fixes
This commit is contained in:
Danilo Reyes
@@ -19,7 +19,7 @@ Deliver MVP as User Story 1 (primary host reverse proxy + keep services on host
|
||||
- [x] T003 [P] Review mainServer and enableProxy options in hosts/server/toggles.nix and modules/modules.nix
|
||||
- [x] T004 [P] Review wireguard module in modules/services/wireguard.nix and VPS host config in hosts/vps/configuration.nix
|
||||
- [x] T005 [P] Review SSH host/IP settings in config/jawz.nix and modules/modules.nix for vps IP updates
|
||||
- [x] T006 [P] Review caddy file list references in jawz_hist and sudo_hist to prepare subdomain comparison inputs
|
||||
- [x] T006 [P] Review caddy file list references in ./jawz_hist and ./sudo_hist to prepare subdomain comparison inputs
|
||||
|
||||
## Phase 3: User Story 1 (P1) - Primary VPS reverse proxy
|
||||
|
||||
@@ -51,7 +51,7 @@ Deliver MVP as User Story 1 (primary host reverse proxy + keep services on host
|
||||
- [x] T014 [US3] Update wireguard peer configuration in modules/services/wireguard.nix using sops secrets refs for public/private keys (no plaintext)
|
||||
- [x] T015 [US3] Add service users and groups deploy and lidarr-reports with authorized_keys in hosts/vps/configuration.nix using secrets/ssh/ed25519_deploy.pub and secrets/ssh/ed25519_lidarr-reports.pub
|
||||
- [x] T016 [US3] Add admin SSH authorized_keys for workstation, server, deacero, galaxy in hosts/vps/configuration.nix
|
||||
- [x] T017 [US3] Configure sshd port and auth settings in config/base.nix to match: Port 3456, PermitRootLogin no, PasswordAuthentication no, AuthorizedKeysFile .ssh/authorized_keys
|
||||
- [x] T017 [US3] Configure sshd port and auth settings in hosts/vps/configuration.nix to match: Port 3456, PermitRootLogin no, PasswordAuthentication no
|
||||
- [x] T018 [US3] Harden remote rebuild access by switching to a non-root SSH user for rebuilds (nixremote) and requiring sudo for nixos-rebuild in hosts/vps/configuration.nix and modules/users/nixremote.nix
|
||||
- [x] T019 [US3] Restrict SSH access for remote rebuilds by limiting allowed users/keys for nixremote (update inputs.self.lib.getSshKeys list in hosts/vps/configuration.nix)
|
||||
- [x] T020 [US3] Update VPS IP to 45.33.0.228 in modules/modules.nix and config/jawz.nix SSH host entry
|
||||
@@ -63,14 +63,14 @@ Deliver MVP as User Story 1 (primary host reverse proxy + keep services on host
|
||||
|
||||
**Independent test criteria**: Clarification list exists and each task has a verification step.
|
||||
|
||||
- [ ] T022 [US4] Review sudo_hist and jawz_hist for missing configuration; record clarification list in specs/004-vps-migration/quickstart.md
|
||||
- [x] T022 [US4] Review sudo_hist and jawz_hist for missing configuration; record clarification list in specs/004-vps-migration/quickstart.md
|
||||
- [ ] T023 [US4] Document analytics data migration steps (export, import, validate) in specs/004-vps-migration/quickstart.md
|
||||
- [ ] T024 [US4] Add verification steps for each task in specs/004-vps-migration/quickstart.md
|
||||
- [x] T024 [US4] Add verification steps for each task in specs/004-vps-migration/quickstart.md
|
||||
|
||||
## Phase 7: Polish & Cross-Cutting Concerns
|
||||
|
||||
- [ ] T025 [P] Update any references to old VPS proxy logic (caddy) to ensure nginx is the only proxy in documentation (README.org or docs/ if applicable)
|
||||
- [ ] T026 [P] Validate that all tasks have explicit file paths and update task descriptions accordingly
|
||||
- [x] T025 [P] Update references to old VPS proxy logic (caddy) to ensure nginx is the only runtime proxy in README.org and docs/*.md
|
||||
- [x] T026 [P] Validate all task descriptions include explicit file paths in specs/004-vps-migration/tasks.md and update mismatches
|
||||
|
||||
## Dependencies
|
||||
|
||||
|
||||
Reference in New Issue
Block a user