Git Product home page Git Product logo

system-configs's People

Contributors

dependabot[bot] avatar rosuavio avatar

Watchers

avatar avatar

system-configs's Issues

Commit preserving auto-merge

The auto merge tool in github relies on the github merge methods, I don't like them because they dont use the same head commit from the branch.

I need some other method to automerge that does use put the same HEAD commit from the PR to main (probably something that uses git commands under the hood).

I need this for when I want to auto-merge my hand written changes and auto generates ones from github actions.

Upgrade my zpools

On pulsar (at least) I zpool status tells me my zpool can be upgraded. I should get around to this.

CI: nixpkgs update action rewites commits on merge

The github action to update nixpkgs pin will create a PR that will get its HEAD commit tested, and if the PR gets merged. It uses github's rebase-merge which re-writes commits causing another CI run on the essentially the same changes.

Avoid performance impact of encrypting non-sensitive programs and data

On my systems I encrypt the entire drives by default, but all types of encryption have an negative impact on performance. I have my drives encrypted to protect any sensitive data from being read from my drives when they are offline and to make it prohibitively difficult to tamper with any data or programs on the system without it being detected.

Given my requirements, full drive encryption is being used on data that need not be encrypted and causing unnecessary performance desegregation.

Most of the system configuration has no plain text secrets, but I do need to be able to verify that is has not been tampered with before it is used (on boot). This means it does not need to be encrypted.

Much of the user directories can contain data that needs to be protected, so keeping those encrypted makes sense.

Some of programs and config for the users is not sensitive and some of it is sensitive.

Much of the software that users build is sensitive and might rarely not be.

What this means for a system using nix

While the volatile and mutable data can easily just live encrypted home directories. Programs and config build with nix all end up in the nix store, but at the different levels (system/user/project) the need for encryption varies drastically. Unfortunately the files in the nix-store cannot easily be from a mix of encrypted and non-encrypted partitions. There might be somethings that can be done with linux overlayfs and maybe the in RFC feature "local-overlay" could help too.

Essentially we would need a nix store for the non-sensitive parts of the system. another for the sensitive parts of the system. Another nix store for the non-sensitive parts of the user config and another for the sensitive parts and another store of the possibly sensitive ad-hock shells. All of the sensitive stores can be on an (or many) encrypted partition(s).

This seems like it would be impossible or very inconvenient currently.

Make rewirting rebased commits imposible

While it is possible to get tested commits on main, by opening a PR and when CI passes on the head of the PR pushing that commit to main, it is still possible to use a github merge method instead on the github web interface.

I dont like githubs merge methods. It would be really cool to make it impossible (or really difficult) use those merge methods.

It could help if I check CI status threw the gh cli tool instead of opening the web interface. (The less i look at github.com the less remember that the PR can be merged on the web.)

Passwordless disk unlocking

Having to manually type in a password to decrypt volumes on boot is significantly inconvenient. When remoting into a system if I reboot the system then I wont be able to reconnect until I provide the encryption password for the drive at the physical machine.

I encrypt the drive to protect the offline data from being read and from being tampered with.

Possible solutions

Use TPM module to decrypt the drive with using a password/passphrase as a fallback method for decryption.

Docs navigation

Make the docs easier to navigate. This might involve directory structures, numbered pages, and themes.

Wrap nixos-option

Like how we wrap nixos-rebuild, maybe we want to provide wrapped `nixos-option

All examples and instructions are tested

I want to have all example code for using this repo to always be tested and always pass tests.

This includes standalone code examples as well examples in documentation.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.