dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

bd daemon sync: 2026-01-07 10:45:26

Browse source
This commit is contained in:
Dan 2026-01-07 10:45:26 -08:00
parent 6263c3207b
commit e4d2aa619d
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.beads/issues.jsonl
View file

@ -30,7 +30,7 @@
{"id":"ops-jrz1-5oe","title":"Create NixOS module for code-server containers","description":"Module to manage per-user Podman containers, nginx routing, secrets. Use virtualisation.oci-containers. Generate systemd units.","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-05T17:16:54.656121092-08:00","updated_at":"2025-12-28T00:05:44.743524099-05:00","closed_at":"2025-12-28T00:05:44.743524099-05:00","close_reason":"Parent epic cancelled - browser-based dev approach abandoned","dependencies":[{"issue_id":"ops-jrz1-5oe","depends_on_id":"ops-jrz1-3so","type":"parent-child","created_at":"2025-12-05T17:17:36.386278268-08:00","created_by":"daemon","metadata":"{}"},{"issue_id":"ops-jrz1-5oe","depends_on_id":"ops-jrz1-d58","type":"blocks","created_at":"2025-12-05T17:17:38.694752468-08:00","created_by":"daemon","metadata":"{}"}]}
{"id":"ops-jrz1-5wf","title":"Evaluate Tailscale for private VPS access","description":"Research Tailscale setup on NixOS. Consider: replaces public SSH, integrates with phone, MagicDNS for easy naming.","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-05T17:25:32.639656649-08:00","created_by":"dan","updated_at":"2026-01-05T17:29:39.308362443-08:00","closed_at":"2026-01-05T17:29:39.308362443-08:00","close_reason":"Not needed - public SSH with key-only auth is sufficient"}
{"id":"ops-jrz1-62b","title":"dev-add: check devs group exists before creating user","description":"dev-add failed silently when devs group was missing. User was created but SSH key wasn't set up. Script should validate prerequisites first.","status":"closed","priority":2,"issue_type":"bug","created_at":"2026-01-03T11:50:57.134573631-08:00","created_by":"dan","updated_at":"2026-01-03T11:53:40.714806901-08:00","closed_at":"2026-01-03T11:53:40.714806901-08:00","close_reason":"Added devs group check before user creation in dev-add.sh"}
{"id":"ops-jrz1-6dd","title":"Manage Slack tokens via sops-nix instead of /etc/slack-dev.env","description":"/etc/slack-dev.env with Slack tokens is managed manually outside NixOS. Not declarative, could be lost on rebuild. Add to secrets.yaml and deploy via sops-nix for consistency.","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-05T15:44:41.749258935-08:00","created_by":"dan","updated_at":"2026-01-05T15:44:41.749258935-08:00"}
{"id":"ops-jrz1-6dd","title":"Manage Slack tokens via sops-nix instead of /etc/slack-dev.env","description":"/etc/slack-dev.env with Slack tokens is managed manually outside NixOS. Not declarative, could be lost on rebuild. Add to secrets.yaml and deploy via sops-nix for consistency.","status":"closed","priority":3,"issue_type":"task","created_at":"2026-01-05T15:44:41.749258935-08:00","created_by":"dan","updated_at":"2026-01-07T10:45:26.269107512-08:00","closed_at":"2026-01-07T10:45:26.269107512-08:00","close_reason":"Implemented: Slack tokens now in sops-nix with group=devs, mode=0440. Deployed and verified."}
{"id":"ops-jrz1-6es","title":"Update egress-watchdog source to use 'killswitch' not /usr/local/bin path","description":"scripts/egress-watchdog:44 has hardcoded /usr/local/bin/killswitch. The Nix build uses replaceStrings to fix this, but source should reflect reality. Change to just 'killswitch'.","status":"closed","priority":3,"issue_type":"task","created_at":"2026-01-03T17:35:58.211053165-08:00","created_by":"dan","updated_at":"2026-01-05T09:12:47.279119754-08:00","closed_at":"2026-01-05T09:12:47.279119754-08:00","close_reason":"Updated scripts to use killswitch directly, removed replaceStrings from config"}
{"id":"ops-jrz1-6ip","title":"Remove unused Nix lambda patterns (deadnix findings)","description":"deadnix found 4 unused declarations: configuration.nix:1 (config), flake.nix:27 (pkgs), hosts/ops-jrz1.nix:1 (config, pkgs-unstable), modules/dev-services.nix:2 (pkgs). Fix: Remove or prefix with underscore.","status":"closed","priority":3,"issue_type":"task","created_at":"2026-01-05T15:44:25.617107094-08:00","created_by":"dan","updated_at":"2026-01-05T18:23:54.976849305-08:00","closed_at":"2026-01-05T18:23:54.976849305-08:00","close_reason":"Closed"}
{"id":"ops-jrz1-6of","title":"AI cost/rate limiting per user","description":"One user could drain API credits with runaway script. Need rate limiting per user, either via proxy middleware or opencode config. Track usage.","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-05T15:32:30.772304538-08:00","updated_at":"2025-12-05T17:42:42.773613559-08:00","closed_at":"2025-12-05T17:42:42.773613559-08:00","dependencies":[{"issue_id":"ops-jrz1-6of","depends_on_id":"ops-jrz1-3so","type":"parent-child","created_at":"2025-12-05T17:05:47.206816868-08:00","created_by":"daemon","metadata":"{}"},{"issue_id":"ops-jrz1-6of","depends_on_id":"ops-jrz1-wj2","type":"blocks","created_at":"2025-12-05T17:17:38.658742196-08:00","created_by":"daemon","metadata":"{}"}]}
@ -124,5 +124,5 @@
{"id":"ops-jrz1-xz7","title":"Research: Multi-user auth storage for agentic coders","description":"Investigate where auth credentials are stored for each agentic coder when multiple users authenticate:\n\n## Questions\n- Claude Code: Where is OAuth token stored? ~/.claude? Conflicts between users?\n- opencode: Auth storage location?\n- gemini-cli: Auth storage?\n- codex: Auth storage?\n\n## Goal\nUnderstand if there are isolation issues when multiple users auth on same server.","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-02T17:30:15.028994987-08:00","created_by":"dan","updated_at":"2026-01-02T17:30:15.028994987-08:00"}
{"id":"ops-jrz1-yhu","title":"configuration.nix: Consider custom iptables chain for egress rules","description":"Same iptables match pattern repeated 8 times. Could create custom chain for cleaner rule management. Optional - readability tradeoff. configuration.nix:68-79","status":"closed","priority":3,"issue_type":"task","created_at":"2026-01-03T08:17:35.532609792-08:00","created_by":"dan","updated_at":"2026-01-03T10:07:28.725278889-08:00","closed_at":"2026-01-03T10:07:28.725278889-08:00","close_reason":"Wontfix: current inline rules work fine, custom chain is marginal improvement"}
{"id":"ops-jrz1-zk9","title":"Enhance egress watchdog to alert on suspicious traffic patterns","description":"Current egress watchdog counts rate-limit hits and kills users after 3 strikes. Consider adding alerts for: (1) Known malicious IPs/domains, (2) Crypto mining pool connections, (3) Unusual port patterns (IRC, etc), (4) High volume to single destination. Could integrate with fail2ban or custom alerting.","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-04T13:49:38.854307436-08:00","created_by":"dan","updated_at":"2026-01-04T13:49:50.048618935-08:00"}
{"id":"ops-jrz1-zm2","title":"Remove empty Slack token placeholders from secrets.yaml","description":"secrets/secrets.yaml:3-4 has empty strings for slack-oauth-token and slack-app-token. Confusing; suggests they should be populated. Remove if unused or document why empty.","status":"open","priority":4,"issue_type":"task","created_at":"2026-01-05T15:44:34.18597284-08:00","created_by":"dan","updated_at":"2026-01-05T15:44:34.18597284-08:00"}
{"id":"ops-jrz1-zm2","title":"Remove empty Slack token placeholders from secrets.yaml","description":"secrets/secrets.yaml:3-4 has empty strings for slack-oauth-token and slack-app-token. Confusing; suggests they should be populated. Remove if unused or document why empty.","status":"closed","priority":4,"issue_type":"task","created_at":"2026-01-05T15:44:34.18597284-08:00","created_by":"dan","updated_at":"2026-01-07T10:45:26.397155955-08:00","closed_at":"2026-01-07T10:45:26.397155955-08:00","close_reason":"Superseded by ops-jrz1-l5s (cleanup null value). Old placeholders replaced with real tokens."}
{"id":"ops-jrz1-zvh","title":"Fix maubot health check (failing every 5 min)","description":"Health check at /_matrix/maubot/v1/version returns 401 (auth required). Check script doesn't provide auth token. Spamming error logs every 5 minutes.","status":"closed","priority":2,"issue_type":"bug","created_at":"2025-12-04T22:55:25.755541054-08:00","updated_at":"2025-12-05T02:00:19.284410671-08:00","closed_at":"2025-12-05T02:00:19.284410671-08:00"}