dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

bd daemon sync: 2026-01-22 15:31:52

Browse source
This commit is contained in:
Dan 2026-01-22 15:31:52 -08:00
parent 1fd4e36c55
commit 6f5b198802
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.beads/issues.jsonl
View file

@ -51,7 +51,7 @@
{"id":"ops-jrz1-6t9","title":"Evaluate llm CLI: per-repo vs system-wide install","description":"Simon Willison's llm CLI tool. Options: (1) System-wide via nixpkgs, (2) Per-user via uv/pip, (3) Per-project .envrc. Consider: multiple users, plugin ecosystem, update frequency.","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-03T09:35:13.705897177-08:00","created_by":"dan","updated_at":"2026-01-03T09:35:13.705897177-08:00"}
{"id":"ops-jrz1-758","title":"VM test: Add config rendering verification","description":"Verify generated config files contain expected values (ports, DB DSN, server_name). Catches config generation bugs. Medium effort.","status":"open","priority":4,"issue_type":"task","created_at":"2026-01-08T00:58:33.180370223-08:00","created_by":"dan","updated_at":"2026-01-08T00:58:33.180370223-08:00"}
{"id":"ops-jrz1-7j4","title":"Git credential strategy for non-programmers","description":"Non-programmers can't manage SSH keys. Pre-configure git-credential-store or provide simple PAT workflow with docs. Store in persistent home with 600 perms.","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-05T15:32:19.673999683-08:00","updated_at":"2025-12-05T17:38:54.788694408-08:00","closed_at":"2025-12-05T17:38:54.788694408-08:00","dependencies":[{"issue_id":"ops-jrz1-7j4","depends_on_id":"ops-jrz1-3so","type":"parent-child","created_at":"2025-12-05T17:05:47.139749437-08:00","created_by":"daemon","metadata":"{}"}]}
{"id":"ops-jrz1-7nki","title":"Docs: User-facing documentation for dev server users","description":"Create/update documentation that goes in each user's home directory.\n\n## Scope\n- AGENTS.md - AI coding agent guidelines (already exists, needs review)\n- README.md - User welcome/orientation doc\n- Forgejo collaboration guide - How to use git.clarun.xyz\n\n## Context\n- docs/forgejo-collaboration.md created as starting point\n- scripts/dev-add.sh creates ~/AGENTS.md for new users\n- Need to ensure docs are current and useful\n\n## Tasks\n- [ ] Review/update AGENTS.md template in dev-add.sh\n- [ ] Create README.md template for user home dirs\n- [ ] Decide which docs to copy vs symlink\n- [ ] Update dev-add.sh to provision new docs","notes":"Related: ops-jrz1-xoad (changelog process)","status":"in_progress","priority":2,"issue_type":"task","owner":"dleink@gmail.com","created_at":"2026-01-22T15:30:21.473712307-08:00","created_by":"Dan","updated_at":"2026-01-22T15:31:37.564777247-08:00"}
{"id":"ops-jrz1-7nki","title":"Docs: User-facing documentation for dev server users","description":"Create/update documentation that goes in each user's home directory.\n\n## Scope\n- AGENTS.md - AI coding agent guidelines (already exists, needs review)\n- README.md - User welcome/orientation doc\n- Forgejo collaboration guide - How to use git.clarun.xyz\n\n## Context\n- docs/forgejo-collaboration.md created as starting point\n- scripts/dev-add.sh creates ~/AGENTS.md for new users\n- Need to ensure docs are current and useful\n\n## Tasks\n- [ ] Review/update AGENTS.md template in dev-add.sh\n- [ ] Create README.md template for user home dirs\n- [ ] Decide which docs to copy vs symlink\n- [ ] Update dev-add.sh to provision new docs","notes":"Related: ops-jrz1-xoad (changelog process)","status":"open","priority":2,"issue_type":"task","owner":"dleink@gmail.com","created_at":"2026-01-22T15:30:21.473712307-08:00","created_by":"Dan","updated_at":"2026-01-22T15:31:51.755160798-08:00"}
{"id":"ops-jrz1-7qg","title":"Pin PostgreSQL to version 15 before upgrade","description":"PostgreSQL is currently NOT explicitly pinned in the NixOS config. If 24.11 defaults to a different version, the service will fail to start.\n\n## Action\nAdd to dev-services.nix or hosts/ops-jrz1.nix:\n```nix\nservices.postgresql.package = pkgs.postgresql_15;\n```\n\n## Verification\nDeploy this change BEFORE the main upgrade to confirm no breakage.\n\n## Why Critical\n- PostgreSQL data directory is version-specific\n- NixOS does NOT auto-migrate databases\n- #1 cause of upgrade failures per orch consensus","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-09T17:06:19.512966961-08:00","created_by":"dan","updated_at":"2026-01-10T16:07:17.560819957-08:00","closed_at":"2026-01-10T16:07:17.560819957-08:00","close_reason":"Pinned to postgresql_15 in dev-services.nix","dependencies":[{"issue_id":"ops-jrz1-7qg","depends_on_id":"ops-jrz1-00e","type":"parent-child","created_at":"2026-01-09T17:07:04.385150479-08:00","created_by":"dan"}]}
{"id":"ops-jrz1-7vf","title":"Enable ssh-hardening module (imported but not active)","description":"ssh-hardening module has critical bugs that break SSH when enabled:\n\n1. UsePAM=false - NixOS SSH auth requires PAM even for key-based auth\n2. Protocol=2 - deprecated in OpenSSH 7.6+, causes sshd to crash\n3. AllowUsers default [\"admin\"] - locks out root and all dev users\n\nPartial fixes applied (removed UsePAM/Protocol, made AllowUsers conditional) but module needs full review before enabling. See commit bcfdf96.\n\nTODO:\n- [ ] Test module in VM before production\n- [ ] Verify all settings against modern OpenSSH\n- [ ] Consider removing AllowUsers entirely or rethinking default\n- [ ] Add integration test","status":"closed","priority":1,"issue_type":"bug","created_at":"2026-01-05T15:44:25.134403571-08:00","created_by":"dan","updated_at":"2026-01-05T23:09:25.390696268-08:00","closed_at":"2026-01-05T23:09:25.390696268-08:00","close_reason":"Wontfix: server already has solid SSH config (key-only, modern ciphers, no password auth). Module adds marginal hardening with deployment risk. Not worth the complexity."}
{"id":"ops-jrz1-85v","title":"npm registry blocked by Cloudflare (IP reputation)","description":"Cannot install/update/audit npm packages from VPS. Cloudflare blocking registry.npmjs.org and google.com. Likely IP reputation filtering on Vultr VPS range. Workarounds: use alternative registry, proxy through allowed endpoint, or request IP reputation review.","status":"closed","priority":2,"issue_type":"bug","created_at":"2026-01-07T10:45:54.736616259-08:00","created_by":"dan","updated_at":"2026-01-07T10:46:23.987248502-08:00","closed_at":"2026-01-07T10:46:23.987248502-08:00","close_reason":"Working now - was likely transient Cloudflare block or user hit egress rate limit (30/min new connections). Reopen if recurs."}