pederbs/config
2
1
Fork 0
Code Issues Pull Requests Releases Activity

Initial commit

Browse Source
This commit is contained in:
Peder Bergebakken Sundt
2023-02-24 21:36:30 +01:00
parent a6a0b16300
commit 019c139a5c
16 changed files with 657 additions and 339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
profiles/code-remote/default.nix
View File

@@ -1,14 +1,24 @@
{ config, pkgs, lib, ... }:
# TODO:
# * [ ] fix network sandboxing, so the container cant access localhost services on host
# * [ ] automatically pull the repo on boot, do i need keys for that?
# * [ ] generate a ssh key if not existing
# * [ ] attempt to pull, otherwise print the ssh-pubkey
# * [ ] Make vscode default to our repo
# * [ ] customize the shit out of vscode
let
domain = "${config.networking.hostName}.${config.networking.domain}";
mkDomain = subname: "${subname}.${domain}";
cnt = config.containers.code-server-theo.config;
container-name = "code-server-pandoc";
cnt = config.containers.${container-name}.config;
in {
networking.nat = {
enable = true;
internalInterfaces = ["ve-+"];
externalInterface = "eno1"; # TODO: can i make this dynamic?
externalInterface = "eno1"; # TODO: can i make this automatic?
#enableIPv6 = true;
};
#imports = [
@@ -18,12 +28,11 @@ in {
# "virtualisation/nixos-containers.nix"
#];
# data can be destroyed with `nixos-container destroy code-server-theo`
containers.code-server-theo = {
# data can be destroyed with `nixos-container destroy code-server-pandoc`
containers.${container-name} = {
autoStart = true;
# container has no network access
#
privateNetwork = true;
hostAddress = "10.240.100.2";
localAddress = "10.240.100.3";
@@ -41,7 +50,7 @@ in {
# hostPath = "/var/lib/code-server";
# isReadOnly = false;
#};
config = { config, pkgs, ... }: {
config = { config, pkgs, lib, ... }: {
system.stateVersion = "22.05";
#imports = [ <home-manager/nixos> ];
@@ -49,23 +58,54 @@ in {
#home-manager.useGlobalPkgs = true; # brrr
#home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
# programs.git.enable = true;
# programs.git.userName = "Theoharis Theoharis";
# programs.git.userName = "Noximilien code-server";
# programs.git.userEmail = "theotheo@ntnu.no";
#};
systemd.services.initial-setup = {
wantedBy = [ "multi-user.target" ];
# TODO: run as the correct user
serviceConfig.User = config.services.code-server.user;
serviceConfig.Group = config.services.code-server.group;
# TODO: make the ssh key comment automatic
script = ''
test -s "$HOME/.ssh/id_rsa.pub" || {
mkdir "$HOME/.ssh"
echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@noximilien" -f "$HOME/.ssh/id_ed25519"
echo
echo "You pubkey is:"
cat "$HOME/.ssh/id_ed25519.pub"
echo
exit
}
#${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)"
test -d "$HOME/repos/papers" || {
mkdir -p "$HOME/repos"
${pkgs.git}/bin/git clone git@github.com:pbsds/papers.git
}
'';
};
services.code-server = {
enable = true;
host = "0.0.0.0"; # container
port = 53754;
# if you don't care about security: https://argon2.online/
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg";
#user = "code-server";
#group = "code.server";
# a nice tool if you don't care about security: https://argon2.online/
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2
package = pkgs.vscode-with-extensions.override {
vscode = pkgs.code-server.overrideAttrs (old: {
# vscode-with-extensions compatibility
# https://github.com/NixOS/nixpkgs/pull/192889
passthru.executableName = "code-server";
passthru.longName = "Visual Studio Code Server";
});
#vscodeExtensions = vscode-extensions; [
vscodeExtensions = with (import <nixos-unstable> {}).vscode-extensions; [
#vscodeExtensions = with (import <nixos-unstable> {}).vscode-extensions; [
vscodeExtensions = with pkgs.vscode-extensions; [
shd101wyy.markdown-preview-enhanced
sanaajani.taskrunnercode
tomoki1207.pdf
@@ -115,6 +155,7 @@ in {
];
};
extraPackages = with pkgs; [
# based on https://github.com/pbsds/papers/blob/main/shell.nix
(writeShellScriptBin "pandoc" ''
export XDG_DATA_HOME=${pandoc-lua-filters}/share
exec ${pandoc}/bin/pandoc "$@"
@@ -136,11 +177,26 @@ in {
;
})
(python310.withPackages (ps: with ps; [
python-lsp-server
numpy
matplotlib
imageio
#(callPackage ./nix-modules/pytikz.nix { })
#(callPackage ./nix-modules/pyrender.nix { })
]))
pandoc-imagine
haskellPackages.pandoc-crossref
#haskellPackages.pandoc-plot
#pandoc-plantuml-filter nodePackages.mermaid-cli
# tikz stuff
imagemagick
drawio-headless
openscad
#curv
bash
git
bat
@@ -148,13 +204,6 @@ in {
boxes
graphviz
#python3Packages.cairosvg
(python3.withPackages (ps: with ps; [
numpy
matplotlib
#python-lsp-server
]))
];
};
@@ -165,6 +214,8 @@ in {
];
};
# Manually configure nameserver. Using resolved inside the container seems to fail currently
#environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
};
};
@@ -174,10 +225,9 @@ in {
locations."/" = {
#proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
#proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
proxyPass = "http://${config.containers.code-server-theo.localAddress}:${toString cnt.services.code-server.port}";
proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString cnt.services.code-server.port}";
proxyWebsockets = true;
};
};
}

113
profiles/code-remote/default.nix.bak Normal file
View File

@@ -0,0 +1,113 @@
{ config, pkgs, lib, ... }:
let
domain = "${config.networking.hostName}.${config.networking.domain}";
mkDomain = subname: "${subname}.${domain}";
cnt = config.containers.vscode-remote-test.config;
in {
networking.nat = {
enable = true;
internalInterfaces = ["ve-+"];
externalInterface = "eno1"; # TODO: can i make this dynamic?
};
#imports = [
# "/home/pbsds/repos/nixpkgs-trees/containers-mkdir/nixos/modules/virtualisation/nixos-containers.nix"
#];
#disabledModules = [
# "virtualisation/nixos-containers.nix"
#];
containers.vscode-remote-test = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.240.100.2";
localAddress = "10.240.100.3";
#bindMounts."/home" = {
# hostPath = "/var/lib/code-server";
# isReadOnly = false;
#};
config = { config, pkgs, ... }: {
system.stateVersion = "22.05";
imports = [ <home-manager/nixos> ];
home-manager.useUserPackages = true; # install to /etc instead of ~/.nix-profile, needed for containers
home-manager.useGlobalPkgs = true; # brrr
home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
programs.git.enable = true;
programs.git.userName = "Theoharis Theoharis";
programs.git.userEmail = "theotheo@ntnu.no";
programs.vscode.extensions = with pkgs.vscode-extensions; [
shd101wyy.markdown-preview-enhanced
sanaajani.taskrunnercode
tomoki1207.pdf
];
};
services.code-server = {
enable = true;
port = 53754;
# if you don't care about security: https://argon2.online/
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg";
extraPackages = with pkgs; [
(writeShellScriptBin "pandoc" ''
export XDG_DATA_HOME=${pandoc-lua-filters}/share
exec ${pandoc}/bin/pandoc "$@"
'')
(texlive.combine {
inherit (texlive)
scheme-small
titlesec
fontaxes
supertabular
xtab
# boxed quotes
mdframed
zref
needspace
soul
atkinson
;})
pandoc-imagine
haskellPackages.pandoc-crossref
#haskellPackages.pandoc-plot
#pandoc-plantuml-filter nodePackages.mermaid-cli
bash
bat
gnumake
boxes
graphviz
#python3Packages.cairosvg
(python3.withPackages (ps: with ps; [
numpy
matplotlib
#python-lsp-server
]))
];
};
#networking.firewall = {
# enable = true;
# allowedTCPPorts = [ 80 ];
#};
};
};
services.nginx.virtualHosts.${mkDomain "code-remote"} = {
forceSSL = true; # addSSL = true;
enableACME = true; #useACMEHost = acmeDomain;
locations."/" = {
#proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
proxyWebsockets = true;
};
};
}