Add base Guix configuration and start switching to it

- remove NixOS stateVersion from .envrc;
- add guix-reconfigure.sh;
- add vps.scm with initial Guix system configuration;
- update vps.tf to use the new "base-guix" snapshot.

The "base-guix" image doesn't need a password. The "andreh" users has one, but
it is configured for not requiring it when running commands as "sudo".

The expected minimal steps one has to go through for privilege scalation is via
the SSH private key, and accessing the VPS via SSH. Since password login is
disabled and root can't login via SSH either, only the private SSH key allows
access to the server. After that, the attacker will be able to run commands as
root.

5 files changed, 0 insertions, 0 deletions

diff --git a/secrets/terraform/plan-files/2020-11-16T20:02:03-03:00.tfplan b/secrets/terraform/plan-files/2020-11-16T20:02:03-03:00.tfplan
new file mode 100644
index 0000000..d05d691
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-16T20:02:03-03:00.tfplan
diff --git a/secrets/terraform/plan-files/2020-11-16T20:11:50-03:00.tfplan b/secrets/terraform/plan-files/2020-11-16T20:11:50-03:00.tfplan
new file mode 100644
index 0000000..08d5e79
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-16T20:11:50-03:00.tfplan
diff --git a/secrets/terraform/plan-files/2020-11-16T22:16:40-03:00.tfplan b/secrets/terraform/plan-files/2020-11-16T22:16:40-03:00.tfplan
new file mode 100644
index 0000000..2272d23
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-16T22:16:40-03:00.tfplan
diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate
index df179b7..135ef81 100644
--- a/secrets/terraform/terraform.tfstate
+++ b/secrets/terraform/terraform.tfstate
diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup
index 21c7872..775ca09 100644
--- a/secrets/terraform/terraform.tfstate.backup
+++ b/secrets/terraform/terraform.tfstate.backup