From d0bff8b84851199c8f6481b257f827ed5568ef65 Mon Sep 17 00:00:00 2001
From: Pinghao Wu <xdavidwuph@gmail.com>
Date: Mon, 3 Mar 2025 21:12:57 +0800
Subject: [PATCH] sourcehut: docs

---
 applications/sourcehut/deployment-meta.yaml | 3 +++
 applications/sourcehut/kustomization.yaml   | 1 +
 containers/metasrht.apko.yaml               | 1 +
 3 files changed, 5 insertions(+)

diff --git a/applications/sourcehut/deployment-meta.yaml b/applications/sourcehut/deployment-meta.yaml
index fd7839f..b645475 100644
--- a/applications/sourcehut/deployment-meta.yaml
+++ b/applications/sourcehut/deployment-meta.yaml
@@ -19,6 +19,9 @@ spec:
             - name: secrets
               mountPath: /etc/sr.ht/config.ini
               subPath: config.ini
+            # PAM from host via pam_unix
+            # XXX perhaps socket-interfaced PAM instead (sssd?)
+            # or consider remote auth (is NIS or LDAP worth it?)
             - name: passwd
               mountPath: /etc/passwd
               readOnly: true
diff --git a/applications/sourcehut/kustomization.yaml b/applications/sourcehut/kustomization.yaml
index d70b42d..399fa0f 100644
--- a/applications/sourcehut/kustomization.yaml
+++ b/applications/sourcehut/kustomization.yaml
@@ -8,6 +8,7 @@ labels:
     includeSelectors: true
 resources:
   - namespace.yaml
+  # TODO untie python flask, go graphql, celery webhooks
   - deployment-pages.yaml
   - service-pages.yaml
   - deployment-paste.yaml
diff --git a/containers/metasrht.apko.yaml b/containers/metasrht.apko.yaml
index 66ab9f8..baba6a4 100644
--- a/containers/metasrht.apko.yaml
+++ b/containers/metasrht.apko.yaml
@@ -11,6 +11,7 @@ contents:
   packages:
     - busybox
     - meta.sr.ht
+    # XXX testing mixture
     - py3-pam@testing
 
 accounts:
-- 
2.45.2