8 files changed, 12 insertions, 9 deletions

diff --git a/README.md b/README.md
index df4707a..578826e 100644
--- a/README.md
+++ b/README.md
@@ -60,14 +60,16 @@ The basic `configuration.nix` file in the current snapshots looks just like this
 This basic setup allows it to boot, starts the OpenSSH server agent and allows
 the listed `openssh.authorizedKeys.keys` to login.
 
-I've also changed the nix-channel to the `nixos-unstable` imperatively before
-creating the image snapshot:
+I've also changed the ownership of `/etc/nixos/configuration.nix` to allow my
+user to write to it by piping through SSH without trying some
+[non-working solutions like before][0]:
 
 ```shell
-sudo nix-channel --remove nixos
-sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos
+sudo chown andreh /etc/nixos/configuration.nix
 ```
 
-So the first run of `./nixos-update.sh` will already get the latest channel from
-unstable, which makes this image not tied to the particular original 19.09 NixOS
-distribution.
+With that `./nixos-update.sh` can write to the NixOS configuration file without
+running into issues with `sudo` password permissions through the SSH pipe while
+writing to stdin.
+
+[0]: https://git.sr.ht/~euandreh/vps/tree/a7983c859f3d8890e35c587176f497b73a7a7dc7/nixos-switch.sh#L7
diff --git a/nixos-switch.sh b/nixos-switch.sh
index 856acb4..6a75a69 100755
--- a/nixos-switch.sh
+++ b/nixos-switch.sh
@@ -4,6 +4,6 @@
 set -Eeuo pipefail
 cd "$(dirname "${BASH_SOURCE[0]}")"
 
-cat <(echo "${USER_PASSWORD}") <(envsubst < vps-configuration.env.nix) | ssh "$TLD" sudo -S 'cat > /etc/nixos/configuration.nix'
+envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/configuration.nix'
 echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-${SYSTEM_STATE_VERSION}" nixos
 echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade
diff --git a/secrets/nix/5d05f383bcf61-snapshot-configuration.nix b/secrets/nix/5d05f383bcf61-snapshot-configuration.nix
new file mode 120000
index 0000000..c59f37b
--- /dev/null
+++ b/secrets/nix/5d05f383bcf61-snapshot-configuration.nix
@@ -0,0 +1 @@
+e1d5f317b0f7a-snapshot-configuration.nix
\ No newline at end of file
diff --git a/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan b/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan
new file mode 100644
index 0000000..0186490
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-08-15T16:41:48-03:00.tfplan
diff --git a/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan b/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan
new file mode 100644
index 0000000..5563d6a
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-08-15T17:08:42-03:00.tfplan
diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate
index c7f646f..d90cfa2 100644
--- a/secrets/terraform/terraform.tfstate
+++ b/secrets/terraform/terraform.tfstate
diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup
index b52e698..9db7c42 100644
--- a/secrets/terraform/terraform.tfstate.backup
+++ b/secrets/terraform/terraform.tfstate.backup
diff --git a/vps.tf b/vps.tf
index 3fa9e12..2754755 100644
--- a/vps.tf
+++ b/vps.tf
@@ -36,7 +36,7 @@ resource "vultr_server" "vps_server" {
   # $ curl https://api.vultr.com/v1/plans/list?type=vc2 | jq '.["201"]'
   plan_id = 201
   # $ curl -H "API-Key: $TF_VAR_vultr_api_key" https://api.vultr.com/v1/snapshot/list | jq
-  snapshot_id = "c565f318e4aea"
+  snapshot_id = "5d05f383bcf61"
 }
 
 output "public_ip" {