# TODOs

This document contains ideas about possible extensions or improvements of my NixOS configuration. Many more TODOs can be found as comments inside other files of this repository.

* Monthly BTRFS scrub
  * Drives @yodaNas, @yodaHedgehog reach about 45°C
  * Control case fan speed by drive temp

* Script to update, reboot and unlock FDE headless servers.
  * `niv` -> `colmena apply --on ... --reboot boot` -> `ssh unlock...` -> Fill in FDE password with `expect`

* Nitrokey LUKS unlock
    * Yubikey LUKS: https://nixos.wiki/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS
    * Yubikey LUKS: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix
    * Old wiki entry, initramfs smartcard LUKS unlock: https://wiki.ubuntu.com/SmartCardLUKSDiskEncryption#SmartCard_Setup
* Nitrokey PAM log-in
    * https://docs.nitrokey.com/pro/linux/login-with-pam
        * You have two options: `pam_p11` or `PAM Poldi`.
        * The solution with pam_p11 is more difficult to achieve and is based on S/MIME certificates.
    * I could not find pam-poldi for NixOS :/

* Impermanence, opt-in to persistence:
  https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance
* nix-shell / lorri
    * https://ghedam.at/15978/an-introduction-to-nix-shell
        * docker-compose.yml for services and nix-shell to run the code