diff options
| author | EuAndreh <eu@euandre.org> | 2020-11-16 22:10:25 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2020-11-16 22:26:54 -0300 |
| commit | 1bf3861318f9cc362384722d4f312f3dd439c749 (patch) | |
| tree | 2f06c18b3ede05a935cdbc55787941ee6fe42179 /TODOs.org | |
| parent | Fix tests.sh (diff) | |
| download | server-1bf3861318f9cc362384722d4f312f3dd439c749.tar.gz server-1bf3861318f9cc362384722d4f312f3dd439c749.tar.xz | |
Add base Guix configuration and start switching to it
- remove NixOS stateVersion from .envrc;
- add guix-reconfigure.sh;
- add vps.scm with initial Guix system configuration;
- update vps.tf to use the new "base-guix" snapshot.
The "base-guix" image doesn't need a password. The "andreh" users has one, but
it is configured for not requiring it when running commands as "sudo".
The expected minimal steps one has to go through for privilege scalation is via
the SSH private key, and accessing the VPS via SSH. Since password login is
disabled and root can't login via SSH either, only the private SSH key allows
access to the server. After that, the attacker will be able to run commands as
root.
Diffstat (limited to 'TODOs.org')
| -rw-r--r-- | TODOs.org | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -1,4 +1,5 @@ * Tasks +** TODO External volume ** TODO Backups If possible, put every data subfolder under the same folder, and just backup the toplevel folder. This also allows me to put it on an external volum and grow it @@ -19,6 +20,7 @@ re-creating everything from scratch. ** TODO =ci.$tld=: cuirass ** TODO =$tld=: Jekyll blog ** TODO =$project.$tld=: static documentation for projects +** TODO =audio.$tld=: FunkWhale * Decisions ** Matrix over XMPP I'm picking Matrix. Not because of the protocol or anything else, but because it |