### Title If you want to see proper documentation, please visit the [documentation](documentation_titlepage.md) page. The following repository is also mirrored at the local PRG git or at Codeberg: - https://git.prg-radio.org/root/the_prg_server_configuration - https://codeberg.org/polyteknisk-radiogruppe/the_prg_server_configuration Hewo :3 - you have found the Polyteknisk Radiogruppe's NixOS configurations of our server, feel free to poke holes at it, as security through obscurity isn't really security. Like don't be a douche poking holes, but be nice, do not ruin it if you were on the other side, silliness is okay, but consent is best. TODO HECK - [x] Do a massive overhaul of the file structure, like there should be like modules where it is possible to call things to be packages. I.e. Calling the OVMF/SeaBIOS + Gnome/Plasma/Sway + Local changes, which two former would be separate .nix files. -> Probably will do a V3 or v2.1 later on when mature - [ ] Add the .env for the configurations so that we add the `git config --global user.email "you@example.com"` and `git config --global user.name "Your Name"` with the account custom made for this. - [?] Clean up the hanging configurations -> PiHole DNS Stuff needs to be transferred over elegantly, don't want to touch it unless I am myself en-site. - [x] Find a more clean way to store initial passwords (.env??) -> [nix-sops](https://github.com/Mic92/sops-nix) - [?] Create proper build automation scripts -> Needs to be properly done. - [ ] Attach more NixOS weblinks... - [ ] Update Forgejo Styling - [x] Figure out what the ***hecc*** to do with SSL Certifications in the most elegant way -> Use Traefik - [x] Add Git Actions to Forgejo -> It was already added, just need to setup the CI itself. - [ ] Setup the CI backend. - [x] Create the Podman x Portainer NixOS module -> See `Songsheet` - [ ] Read up more about how to a backup machine stuff and making it Nix-y... - [ ] Figure out my life - [ ] Setup Hardware Keys - [ ] Setup a VPN (Likely OpenVPN) ## NOTES FOR FUTURE ``` ServiceException: 401 Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist). ``` You need to run ```zsh sudo gcloud init sudo gcloud auth activate-service-account --key-file /run/secrets/gcloud_bucket ``` Cheesus Crust, document this plz Google, whyyyyyyyyy