Limitations & Development Roadmap
Limitations
- No CI / Cachix – All builds happen on each host; slow and brittle.
- No Automated Backups – Snapshots are manual and local; lose the disk, lose the data.
- Monitoring Absent – No Prometheus, Grafana, or alerting modules in the repo.
- Secret Management – Nothing like
sops-nix; secrets appear to be baked or entered manually. - Air-Gap / Fleet Management – Not implemented; every install is snowflake-ish.
Roadmap
| P1 | Wire CI + binary cache (GitHub Actions → Cachix) | Need signing key, budget. |
| P2 | Automatic hourly Btrfs snapshots + weekly btrfs-send off-site | Storage target & script. |
| P3 | Replace manual switch.sh with systemd-timer + health-check | Decide schedule. |
| P4 | Integrate sops-nix for secrets | YubiKey or HSM rollout. implement secrets for head/tail scale |
| P5 | Basic Prometheus node-exporter + Grafana dashboards | VM or SaaS endpoint. |