Remove most Nix files

1 files changed, 69 insertions, 58 deletions

diff --git a/README.md b/README.md
index 419c3ac..697d355 100644
--- a/README.md
+++ b/README.md
@@ -1,75 +1,86 @@
 # VPS
 
 ## Workflow
+
 ### Re-creating everything from scratch
 
 ```shell
+./shell.sh
 git crypt unlock
 direnv allow
-./terraform-update.sh
-# wait for the DNS to propagate, so
-# letsencrypt can create the certificates
-./nixos-switch.sh
+./terraform-apply.sh
+./guix-reconfigure.sh
 ```
 
 ### After an update on `vps.tf`
 
 Same as above.
 
-### After editing `vps-configuration.nix` or other OS files
-
-Just run the `./nixos-switch.sh` script.
-
-## Base image
-The basic `configuration.nix` file in the current snapshots looks just like this:
-
-```nix
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./hardware-configuration.nix
-  ];
-
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.device = "/dev/vda";
-
-  networking.useDHCP = false;
-  networking.interfaces.ens3.useDHCP = true;
-
-  environment.systemPackages = with pkgs; [ vim ];
-
-  services.openssh.enable = true;
-  services.openssh.permitRootLogin = "no";
-
-  users.extraUsers.andreh = {
-    uid = 1000;
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    password = "...tmp password...";
-    openssh.authorizedKeys.keys = [
-      "...ssh public key..."
-    ];
-  };
-
-  system.stateVersion = "19.09";
-}
+### After editing `sync/vps.scm` or other OS files
+
+Just run the `./guix-reconfigure.sh` script.
+
+## "base-guix-image"
+
+The base `sync/vps.scm` file in the current snapshot (snapshot ID 5c35fb3a74873)
+is:
+
+```scheme
+(use-modules (gnu))
+(use-service-modules networking ssh)
+(use-package-modules ssh)
+
+(define ssh-public-key
+  "ssh-rsa ...")
+
+(define sudoers "\
+root ALL=(ALL) ALL
+%wheel ALL=NOPASSWD: ALL\n")
+
+(operating-system
+  (locale "fr_FR.UTF-8")
+  (timezone "America/Sao_Paulo")
+  (keyboard-layout (keyboard-layout "us"))
+  (host-name "guix-pet-server")
+  (users (cons* (user-account
+                  (name "andreh")
+                  (group "users")
+                  (home-directory "/home/andreh")
+                  (supplementary-groups '("wheel")))
+                %base-user-accounts))
+  (sudoers-file (plain-file "sudoers" sudoers))
+  (packages
+    (append (map specification->package
+                 '("nss-certs"
+                   "rsync"))
+      %base-packages))
+  (services
+    (append
+      (list (service openssh-service-type
+                     (openssh-configuration
+                       (openssh openssh-sans-x)
+                       (password-authentication? #false)
+                       (authorized-keys
+                         `(("andreh" ,(plain-file "id_rsa.pub" ssh-public-key))))))
+            (service dhcp-client-service-type))
+      %base-services))
+  (bootloader
+    (bootloader-configuration
+      (bootloader grub-bootloader)
+      (target "/dev/vda")
+      (keyboard-layout keyboard-layout)))
+  (swap-devices
+    (list (uuid "79a91c82-f3e1-4ed7-8c4e-23569f1ae0ca")))
+  (file-systems
+    (cons* (file-system
+             (mount-point "/")
+             (device
+               (uuid "fddb6a4c-8b8c-4f57-b274-5d6d33200f28"
+                     'ext4))
+             (type "ext4"))
+           %base-file-systems)))
 ```
 
 This basic setup allows it to boot, starts the OpenSSH server agent and allows
-the listed `openssh.authorizedKeys.keys` to login.
-
-I've also changed the ownership of `/etc/nixos/configuration.nix` to allow my
-user to write to it by piping through SSH without trying some
-[non-working solutions like before][0]:
-
-```shell
-sudo chown andreh /etc/nixos/configuration.nix
-```
-
-With that `./nixos-switch.sh` can write to the NixOS configuration file without
-running into issues with `sudo` password permissions through the SSH pipe while
-writing to stdin.
-
-[0]: https://git.euandreh.xyz/vps/tree/nixos-switch.sh?id=a7983c859f3d8890e35c587176f497b73a7a7dc7#n7
+the listed `ssh-public-key` to login, and commands from the
+"andreh" user can run `sudo` without password.