dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

bd sync: 2026-01-05 19:14:46

Browse source
This commit is contained in:
Dan 2026-01-05 19:14:46 -08:00
parent 875e79464c
commit fb5dcf3908
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.beads/issues.jsonl
View file

@ -110,6 +110,7 @@
{"id":"ops-jrz1-u0w","title":"Security review of running server","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-04T21:03:22.420507724-08:00","updated_at":"2025-12-04T21:04:31.989886731-08:00","closed_at":"2025-12-04T21:04:31.989886731-08:00"}
{"id":"ops-jrz1-ujw","title":"Update systemd services to use nix store paths","description":"Change ExecStart from /usr/local/bin/cpu-watchdog to use the derivation path. Either reference package directly or use pkgs.writeShellApplication.","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-03T08:39:54.227335183-08:00","created_by":"dan","updated_at":"2026-01-03T09:20:08.685831615-08:00","closed_at":"2026-01-03T09:20:08.685831615-08:00","close_reason":"Systemd services now reference Nix store paths via ${pkg}/bin/script","dependencies":[{"issue_id":"ops-jrz1-ujw","depends_on_id":"ops-jrz1-5ef","type":"blocks","created_at":"2026-01-03T08:40:02.815677839-08:00","created_by":"dan"}]}
{"id":"ops-jrz1-unn","title":"Git worktree workflow for parallel Claude sessions","description":"Tooling for managing multiple git worktrees, each with own tmux window and Claude session. Enables parallel feature development.","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-05T17:25:32.913162022-08:00","created_by":"dan","updated_at":"2026-01-05T17:25:32.913162022-08:00"}
{"id":"ops-jrz1-vbt","title":"Improve test coverage: NixOS VM tests, script tests, integration tests","description":"Current testing is minimal - just build checks and post-deploy smoke tests.\n\n## Current state\n- `nix flake check` - verifies configs build\n- `scripts/smoke-test.sh` - post-deploy service/port/HTTP checks\n\n## Gaps\n\n### NixOS VM tests (nixosTest)\n- No actual VM tests despite ops-jrz1-vm.nix existing\n- Could test: service startup, port bindings, basic Matrix API\n- AGENTS.md says \"Add VM tests\" but none exist\n\n### Script tests\n- dev-add.sh / dev-remove.sh have no tests\n- killswitch / watchdogs untested\n- Edge cases: duplicate user, missing args, permissions\n\n### Integration tests\n- No message flow tests (Matrix ↔ Slack bridge)\n- No maubot plugin deployment test\n- No user onboarding end-to-end test\n\n### Security tests\n- fail2ban trigger verification\n- User isolation (can user A see user B files?)\n- Egress rate limit enforcement\n\n## Options\n1. Start with nixosTest for core services (low effort, high value)\n2. Add bats/shunit2 tests for shell scripts\n3. Integration tests need real credentials (harder)\n\n## Reference\n- NixOS testing: https://nixos.org/manual/nixos/stable/#sec-nixos-tests\n- smoke-test.sh pattern could extend to VM","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-05T19:14:36.134101488-08:00","created_by":"dan","updated_at":"2026-01-05T19:14:36.134101488-08:00"}
{"id":"ops-jrz1-vix","title":"Evaluate home-manager for per-user config","description":"Evaluate whether home-manager adds value for our setup.\n\n## What home-manager could manage\n- Shell config (.bashrc, .zshrc)\n- Git config (.gitconfig)\n- Tool configs (~/.config/*)\n- direnv integration\n\n## Questions\n- Do we need declarative per-user dotfiles?\n- Is the complexity worth it for a small team?\n- Can we start without it and add later?\n\n## Recommendation from consensus\n\"Optional but recommended\" - good for pushing default configs to all devs.\nStart without it, add if pain point emerges.","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-02T16:36:04.849881753-08:00","created_by":"dan","updated_at":"2026-01-02T16:36:04.849881753-08:00"}
{"id":"ops-jrz1-vw4","title":"Create watchdog-scripts package (writeShellApplication)","description":"Package killswitch, cpu-watchdog, egress-watchdog using writeShellApplication. Include runtimeInputs for procps, gawk, systemd, etc. These scripts are NOT added to PATH - only referenced directly by systemd services.","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-03T08:39:53.745385806-08:00","created_by":"dan","updated_at":"2026-01-03T09:20:08.62999227-08:00","closed_at":"2026-01-03T09:20:08.62999227-08:00","close_reason":"Implemented watchdog-scripts (killswitch, cpu-watchdog, egress-watchdog) using writeShellApplication with proper runtimeInputs"}
{"id":"ops-jrz1-w68","title":"Remote dev environment security and setup research","description":"Research and test security/setup questions for learner remote dev environments.\n\n## Context\nTwo dev paths identified:\n1. **Server-first**: SSH in, run agentic coders on server\n2. **Local VS Code**: Remote-SSH extension, code on server\n\nBoth have open questions around sandboxing, system packages, deployment access, and security boundaries.\n\n## Scope\n- System package management for learners\n- User isolation and sandboxing options\n- Agentic coder security (what can Claude do?)\n- Deployment pipeline security\n- VS Code extension behavior testing\n- Resource limits and quotas\n\n## Deliverables\n- Answers to open questions (documented)\n- Security recommendations\n- Implementation plan for chosen approach","status":"open","priority":2,"issue_type":"epic","created_at":"2026-01-02T12:26:48.104374079-08:00","created_by":"dan","updated_at":"2026-01-02T12:26:48.104374079-08:00","dependencies":[{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-9pe","type":"blocks","created_at":"2026-01-02T12:27:59.277687811-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-ghd","type":"blocks","created_at":"2026-01-02T12:27:59.32841874-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-3b1","type":"blocks","created_at":"2026-01-02T12:27:59.375858081-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-3au","type":"blocks","created_at":"2026-01-02T12:27:59.428509997-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-3jo","type":"blocks","created_at":"2026-01-02T12:27:59.473581774-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-bbn","type":"blocks","created_at":"2026-01-02T12:27:59.523975339-08:00","created_by":"dan"}]}