From e7ffffb91c58afc7771fed7fc2aeec35c1cef164 Mon Sep 17 00:00:00 2001 From: Yingchi Long Date: Fri, 27 Dec 2024 14:45:25 +0800 Subject: [PATCH] nixos/configurations/adrastea/code-server: the web version of vscode (#163) --- .../adrastea/code-server/README.md | 3 + .../adrastea/code-server/default.nix | 55 +++++++++++++++++++ .../adrastea/code-server/start-code-server.py | 15 +++++ nixos/configurations/adrastea/default.nix | 4 +- secrets/general.yaml | 10 +++- 5 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 nixos/configurations/adrastea/code-server/README.md create mode 100644 nixos/configurations/adrastea/code-server/default.nix create mode 100644 nixos/configurations/adrastea/code-server/start-code-server.py diff --git a/nixos/configurations/adrastea/code-server/README.md b/nixos/configurations/adrastea/code-server/README.md new file mode 100644 index 00000000..6e17478b --- /dev/null +++ b/nixos/configurations/adrastea/code-server/README.md @@ -0,0 +1,3 @@ +# Code server + +This submodule declares using vscodium web services. diff --git a/nixos/configurations/adrastea/code-server/default.nix b/nixos/configurations/adrastea/code-server/default.nix new file mode 100644 index 00000000..9ad83512 --- /dev/null +++ b/nixos/configurations/adrastea/code-server/default.nix @@ -0,0 +1,55 @@ +{ + pkgs, + lib, + config, + ... +}: +let + mkUser = + { user, port }: + let + secretName = "code/adrastea/${user}"; + in + { + sops.secrets.${secretName} = { + owner = user; + }; + systemd.user.services."code-server-fhs-${user}" = { + description = "Code Server with FHS"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.writeScript "start-code-server" '' + #!${lib.getExe pkgs.linux-fhs-python} + ${builtins.readFile ./start-code-server.py} + ''}"; + Environment = [ + "WebHost=${pkgs.vscodium-web-host}" + "Port=${port}" + "ConnectionTokenFile=${config.sops.secrets.${secretName}.path}" + ]; + }; + }; + + services.caddy = { + enable = true; + virtualHosts = { + "${user}.adrastea.code.inclyc.cn" = { + extraConfig = " + reverse_proxy http://127.0.0.1:${port} + "; + }; + }; + }; + }; +in +lib.mkMerge [ + (mkUser { + user = "lyc"; + port = "63300"; + }) + (mkUser { + user = "zxy"; + port = "63301"; + }) +] diff --git a/nixos/configurations/adrastea/code-server/start-code-server.py b/nixos/configurations/adrastea/code-server/start-code-server.py new file mode 100644 index 00000000..7ebc2c59 --- /dev/null +++ b/nixos/configurations/adrastea/code-server/start-code-server.py @@ -0,0 +1,15 @@ +import subprocess +import os +import os.path + +subprocess.run( + [ + f"{os.environ["WebHost"]}/bin/codium-server", + "--host", + "127.0.0.1", + "--port", + os.environ["Port"], + "--connection-token-file", + os.environ["ConnectionTokenFile"], + ] +) diff --git a/nixos/configurations/adrastea/default.nix b/nixos/configurations/adrastea/default.nix index c3e77299..0fb224c2 100644 --- a/nixos/configurations/adrastea/default.nix +++ b/nixos/configurations/adrastea/default.nix @@ -24,9 +24,11 @@ }; imports = [ - # Include the results of the hardware scan. + # Codium server, for easy FHS access. + ./code-server ./game.nix ./gitea.nix + # Include the results of the hardware scan. ./hardware-configuration.nix ./networking.nix ./vm diff --git a/secrets/general.yaml b/secrets/general.yaml index 061c09b8..dfe79b56 100644 --- a/secrets/general.yaml +++ b/secrets/general.yaml @@ -21,6 +21,10 @@ gitea: runners: simd: ENC[AES256_GCM,data:qicPRCb6kw4a62H99XYS/vZUx/oc0hERtXm8iOHxs3LWEL8PQ8ZWvOoXxYON1BE=,iv:UyIJvLkwSUYuuKEbolAClV/FfFnCKTexEYH0wkJrqLk=,tag:PNECKkvc+LkOugxau1wkMA==,type:str] fuse-feature: ENC[AES256_GCM,data:pOulePuS9AbEcl3EM6LSOzvWmpVxKs3YcMsfofdlYOI1GOSE/oIjI1gpvssA59U=,iv:BmWCKURIfQSXJ5ryBzfIOeIISlrF43Nir9wOgzZjMGs=,tag:O2Wc/c/DtXvzOfG/TF/6UQ==,type:str] +code: + adrastea: + lyc: ENC[AES256_GCM,data:5qHFyJP7JTA0jCWVhssoylt4lKh+YzsIFiMi4WpY1lkMdbGu,iv:ZT9dHzS6vstDkPHkVatooZNzLALiTNc+f/CmNtYj5pc=,tag:NKhu61Ut5rutGrifiFW78g==,type:str] + zxy: ENC[AES256_GCM,data:U8vIiard9j/jgBJ+4n3q0VO6DLpT+PEg7EYWxojty3t6eLD3,iv:dB1mTLkVr3OPNiqSYoE+WHY6pZtdoJIJpc9r3EiETvs=,tag:xsXH/RwmVOdp6MiYvAmOUw==,type:str] sops: kms: [] gcp_kms: [] @@ -63,8 +67,8 @@ sops: ZDg0T2hqR2tROVI1T1BLeFNnaGVYY1EKOnOp5ZPo48XIB7d9PnG2sKvsoLX32XEm Pqf4UTOmT47SSKsvu5xgxPXJrhBySkspn97gtpl9bYG4n8HYCSw+hg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-27T17:03:22Z" - mac: ENC[AES256_GCM,data:aA3nNctclT040XLk46Lon7LaxqmK5xPB1Qxrvm2Sfc1jEo/0q4Sx008o1euSX1zhPDyHftJco40uUyGvRo1mOH4XCFTzTxHvMWCJUUsTEkrl7bLgK63pEohCUAoeVWnVKMeHGuthPqb94PbpKFpzf46o7DihJ7fTwDMU4QUduk4=,iv:dUymSvKQhZbesmlhlYJCO7xjIybXPltG57Er0+oHRpU=,tag:WxLxh2JhK5keXdEhXkaF2A==,type:str] + lastmodified: "2024-12-26T08:35:58Z" + mac: ENC[AES256_GCM,data:zSn2R/cz1cR0brEBm8u8YqXDc4JLfPOMdorDQDvzMq8+o228EOHPLgRVIGXsZeLgX/5ye2LN+mfCNnBHc4Vv2vPSD0Bk0t40C6KDdw8AGG5npsz0imYHb7T9YW0dXHQbgbWEEKUahnfVPNHbemq4E/GqfyqZff4qu12XNvyzV0g=,iv:J6NlKrXKQm8EhLc3BLYU3q5MLlGLblPvhrLn0ETdNP0=,tag:CVy3GrNdC6r8u+KHN4AfJQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2