Use new image with new SSH key and andreh user

4 files changed, 9 insertions, 11 deletions

diff --git a/TODOs.org b/TODOs.org
index bbe8a7e..0df6ab4 100644
--- a/TODOs.org
+++ b/TODOs.org
@@ -1,30 +1,26 @@
 * Tasks - v4
 ** TODO Run =sudo= as =nixos= user in server
+** TODO Change from =nixos= user to =andreh= user
 ** TODO nginx magic =sslCiphers= value
 Why not the default? What do those mean?
-** TODO How to handle IP changes in mail server?
-** TODO Add borg backup to crontab
-** TODO Add 2FA to Vultr
-** TODO Clean-up garbage backups from rsync.net
+** TODO cron: borg and nixos update
 ** TODO Harden the server
 *** TODO [#C] [[https://www.reddit.com/r/selfhosted/comments/bw8hqq/top_3_measures_to_secure_your_virtual_private/][Top 3 measures to secure your Virtual Private Server? (VPS)]]
 *** TODO [#A] [[https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html][Nextcloud: Hardening and security guidance]]
 *** TODO [#A] [[https://ownyourbits.com/2017/03/25/nextcloud-a-security-analysis/][NextCloud, a security analysis]]
 *** TODO [#B] [[https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md][Check for HSTS header configuration]]
-** TODO README with setup instructions
-** TODO Fix =file: command not found= in CI
-The =file= package is imported in =shell.nix= but =~/.buildenv= is sourced before.
-** TODO Use =--pure= for =nix-shell= scripts
+*** TODO Move secrets outside the Nix store
 ** TODO Add volume to fstab
 Can I use Terraform form this?
 * Services - v2
 ** TODO =cloud.$tld=: Nextcloud: storage, calendar, contacts, notes and talk
 ** TODO =chat.$tld=: Matrix Synapse server, or a XMPP server
 ** TODO =git.$tld=: git-instaweb (or cgit) server with repositories from ~/dev/libre/
-** TODO =audio.$tld=: FunkWhale
 ** TODO =mail.$tld=: postfix, dovecot, spamassasin, opendkim, etc
 No need for roundcube, Nextcloud has a web interface client.
 ** TODO =$tld=: current Jekyll blog
+** Nice to have
+*** TODO =audio.$tld=: FunkWhale
 * Resources
 ** [[https://github.com/mail-in-a-box/mailinabox][Mail-in-a-Box]]
 ** [[https://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/][NSA-proof your e-mail in 2 hours]]
@@ -35,6 +31,8 @@ No need for roundcube, Nextcloud has a web interface client.
 ** [[https://github.com/Kickball/awesome-selfhosted#email][Awesome-Selfhosted: Email]]
 ** [[https://arstechnica.com/information-technology/2014/04/taking-e-mail-back-part-4-the-finale-with-webmail-everything-after/][Taking e-mail back]]
 ** [[https://jacobneplokh.com/how-to-setup-nextcloud-on-nixos][How to Setup Nextcloud on NixOS]]
+** [[https://www.vultr.com/docs/install-nixos-on-vultr][Install NixOS on Vultr]]
+** [[https://www.linode.com/docs/tools-reference/custom-kernels-distros/install-nixos-on-linode/][Install and Configure NixOS on a Linode]]
 * Decisions
 ** Use external git repository as an encrypted database
 Terraform does have the support for "backends" where it can store =.tfstate= files.
diff --git a/nixos-update.sh b/nixos-update.sh
index 7db0bf8..bcadfd6 100755
--- a/nixos-update.sh
+++ b/nixos-update.sh
@@ -7,5 +7,5 @@ cd "$(dirname "${BASH_SOURCE[0]}")"
 git crypt unlock
 direnv allow
 
-envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/vps-configuration.nix'
+envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/configuration.nix'
 ssh "$TLD" sudo nixos-rebuild switch --upgrade
diff --git a/secrets/secret-envrc.sh b/secrets/secret-envrc.sh
index 6b8f06c..214ac25 100644
--- a/secrets/secret-envrc.sh
+++ b/secrets/secret-envrc.sh
diff --git a/vps.tf b/vps.tf
index e0c3262..3a84b00 100644
--- a/vps.tf
+++ b/vps.tf
@@ -46,7 +46,7 @@ resource "vultr_server" "vps_server" {
   # $ curl https://api.vultr.com/v1/plans/list?type=vc2 | jq '.["201"]'
   plan_id = 201
   # $ curl -H "API-Key: $TF_VAR_vultr_api_key" https://api.vultr.com/v1/snapshot/list | jq
-  snapshot_id = "7245f30a2f3b3"
+  snapshot_id = "e1d5f317b0f7a"
 }
 
 resource "vultr_block_storage" "vps_storage" {