From 1ec6471eb4dcb4671ee125113a529adbfb2e10a3 Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Mon, 10 Aug 2020 17:16:22 -0300
Subject: Semi working setup: Terraform and LetsEncrypt working

---
 README.md | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 56 insertions(+), 3 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 897dce3..06c4933 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 # VPS
 
-## Re-creating everything from scratch
+## Workflow
+### Re-creating everything from scratch
 
 ```shell
 git crypt unlock
@@ -10,10 +11,62 @@ direnv allow
 ./nixos-update.sh
 ```
 
-## After an update on `vps.tf`
+### After an update on `vps.tf`
 
 Same as above.
 
-## After editing `vps-configuration.nix` or other OS files
+### After editing `vps-configuration.nix` or other OS files
 
 Just run the `./nixos-update.sh` script.
+
+## Base image
+The basic `configuration.nix` file in the current snapshots looks just like this:
+
+```nix
+{ config, pkgs, ... }:
+
+{
+  imports = [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
+
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+
+  environment.systemPackages = with pkgs; [ vim ];
+
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "no";
+
+  users.extraUsers.andreh = {
+    uid = 1000;
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    password = "...password...";
+    openssh.authorizedKeys.keys = [
+      "...ssh public key..."
+    ];
+  };
+
+  system.stateVersion = "19.09";
+}
+```
+
+This basic setup allows it to boot, starts the OpenSSH server agent and allows
+the listed `openssh.authorizedKeys.keys` to login.
+
+I've also changed the nix-channel to the `nixos-unstable` imperatively before
+creating the image snapshot:
+
+```shell
+sudo nix-channel --remove nixos
+sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos
+```
+
+So the first run of `./nixos-update.sh` will already get the latest channel from
+unstable, which makes this image not tied to the particular original 19.09 NixOS
+distribution.
-- 
cgit v1.2.3