pre-c8 checkpoint

README.md

@@ -2,12 +2,10 @@
 
 ### Sec:
 
-* This repo is public. Mind cred slip-ups.
-* Please note changes to /etc/sshd/sshd_conf made by lll script. If different method is used, audit manually.
-* Note app Dockerfile debug console, found at /console. Werkzeug/flask is WILDLY insecure if left in dev/dbg.
-* Avoid docker socks stuff.
-
-
+- This repo is public. Mind cred slip-ups.
+- Please note changes to /etc/sshd/sshd_conf made by lll script. If different method is used, audit manually.
+- Note app Dockerfile debug console, found at /console. Werkzeug/flask is WILDLY insecure if left in dev/dbg.
+- Avoid docker socks stuff.
 
 ### Install:
 
@@ -49,19 +47,28 @@ set up cron job for script
         pmb-pf - git clone of my mail thing
         other - ref and non-sensitive files for dns
 
-### Timeline:
+### Setup cheat:
 
-set up certbot dns\
-see tar of cert dir with script
+- set up certbot dns (prod)
+- see tar of cert dir with script (prod)
+- flask vs uwsgi in backend compose section (prod)
+- build vs local image in pmb-pf compose section
+- git clone pmb-pf
+- copy example .env in root dir
+- copy example .env in pmb-pf
+- copy example conf in proxy
+- do pmb-pf setup, and adjust root .env
+- mind backend config db settings
 
 ### Notes:
 This repo is minimally-sensitive. Falling outside the repo dir structure are reference awesome-compose files used as baseline -- nginx-flask-mysql -- and certs, containing letsencrypt script. Script may be backed up into repo carefully, sanitizing any tkens.
 
-TODO: gitea subdomain will require wildcard cert -- therefore "*.oily.dad" AND "oily.dad" DONE
-
 ### Changing gitea subdomain:
 
 Find in proxy/conf.\
 Find in gitea conf.\
 Rebuild images.
 
+### Todo:
+- gitea subdomain will require wildcard cert -- therefore "*.oily.dad" AND "oily.dad" DONE
+- move more stuff from backend config into root .env