code-remote papers
This commit is contained in:
parent
615392d05d
commit
dfd4e54fcc
|
@ -13,6 +13,9 @@
|
||||||
#sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
#sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
#matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix
|
#matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix
|
||||||
|
|
||||||
|
inputs.pbsds-papers.url = "git+ssh://git@github.com/pbsds/papers.git";
|
||||||
|
inputs.pbsds-papers.flake = false;
|
||||||
|
|
||||||
# temp
|
# temp
|
||||||
inputs.pr-polaris14.url = "github:pbsds/nixpkgs/polaris-14";
|
inputs.pr-polaris14.url = "github:pbsds/nixpkgs/polaris-14";
|
||||||
|
|
||||||
|
|
|
@ -1,18 +1,18 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, inputs, ... }:
|
||||||
|
|
||||||
# TODO:
|
# TODO:
|
||||||
# * [ ] fix network sandboxing, so the container cant access localhost services on host
|
# * [x] generate a ssh key if not existing
|
||||||
# * [ ] automatically pull the repo on boot, do i need keys for that?
|
# * [ ] automatically pull the repo on boot, do i need keys for that?
|
||||||
# * [ ] generate a ssh key if not existing
|
|
||||||
# * [ ] attempt to pull, otherwise print the ssh-pubkey
|
|
||||||
# * [ ] Make vscode default to our repo
|
|
||||||
# * [ ] customize the shit out of vscode
|
# * [ ] customize the shit out of vscode
|
||||||
|
# * [ ] don't ignore PDFs
|
||||||
|
# * [ ] run the whole thing in a xvfb? should enable drawio and curv
|
||||||
|
|
||||||
let
|
let
|
||||||
domain = "${config.networking.hostName}.${config.networking.domain}";
|
domain = "${config.networking.hostName}.${config.networking.domain}";
|
||||||
mkDomain = subname: "${subname}.${domain}";
|
mkDomain = subname: "${subname}.${domain}";
|
||||||
container-name = "code-server-pandoc";
|
hostName = config.networking.hostName;
|
||||||
cnt = config.containers.${container-name}.config;
|
container-name = "code-server-pandoc-papers";
|
||||||
|
container = config.containers.${container-name}.config;
|
||||||
in {
|
in {
|
||||||
networking.nat = {
|
networking.nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -34,7 +34,7 @@ in {
|
||||||
|
|
||||||
# container has no network access
|
# container has no network access
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostAddress = "10.240.100.2";
|
hostAddress = "10.240.100.2";
|
||||||
localAddress = "10.240.100.3";
|
localAddress = "10.240.100.3";
|
||||||
|
|
||||||
#forwardPorts = [
|
#forwardPorts = [
|
||||||
|
@ -51,11 +51,11 @@ in {
|
||||||
# isReadOnly = false;
|
# isReadOnly = false;
|
||||||
#};
|
#};
|
||||||
config = { config, pkgs, lib, ... }: {
|
config = { config, pkgs, lib, ... }: {
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.11";
|
||||||
|
|
||||||
#imports = [ <home-manager/nixos> ];
|
#imports = [ <home-manager/nixos> ];
|
||||||
#home-manager.useUserPackages = true; # install to /etc instead of ~/.nix-profile, needed for containers
|
|
||||||
#home-manager.useGlobalPkgs = true; # brrr
|
#home-manager.useGlobalPkgs = true; # brrr
|
||||||
|
#home-manager.useUserPackages = true; # requiredm installs user packages to /etc instead of ~/.nix-profile
|
||||||
#home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
|
#home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
|
||||||
# programs.git.enable = true;
|
# programs.git.enable = true;
|
||||||
# programs.git.userName = "Noximilien code-server";
|
# programs.git.userName = "Noximilien code-server";
|
||||||
|
@ -63,29 +63,33 @@ in {
|
||||||
#};
|
#};
|
||||||
|
|
||||||
systemd.services.initial-setup = {
|
systemd.services.initial-setup = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
enable = true;
|
||||||
|
wantedBy = [ "code-server.service" ];
|
||||||
|
before = [ "code-server.service" ];
|
||||||
|
|
||||||
# TODO: run as the correct user
|
# TODO: run as the correct user
|
||||||
serviceConfig.User = config.services.code-server.user;
|
serviceConfig.User = config.services.code-server.user;
|
||||||
serviceConfig.Group = config.services.code-server.group;
|
serviceConfig.Group = config.services.code-server.group;
|
||||||
|
|
||||||
# TODO: make the ssh key comment automatic
|
# TODO: make the ssh key comment automatic
|
||||||
script = ''
|
script = ''
|
||||||
test -s "$HOME/.ssh/id_rsa.pub" || {
|
test -s "$HOME/.ssh/id_ed25519.pub" || {
|
||||||
mkdir "$HOME/.ssh"
|
test -d "$HOME/.ssh" || mkdir -p "$HOME/.ssh"
|
||||||
echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@noximilien" -f "$HOME/.ssh/id_ed25519"
|
echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@code-server-pandoc-${hostName}" -f "$HOME/.ssh/id_ed25519"
|
||||||
echo
|
echo
|
||||||
echo "You pubkey is:"
|
|
||||||
cat "$HOME/.ssh/id_ed25519.pub"
|
|
||||||
echo
|
|
||||||
exit
|
|
||||||
}
|
}
|
||||||
|
echo "My pubkey is:"
|
||||||
|
cat "$HOME/.ssh/id_ed25519.pub"
|
||||||
|
|
||||||
#${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)"
|
#${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)"
|
||||||
|
|
||||||
test -d "$HOME/repos/papers" || {
|
test -d "$HOME/repo" || (
|
||||||
mkdir -p "$HOME/repos"
|
set -x
|
||||||
${pkgs.git}/bin/git clone git@github.com:pbsds/papers.git
|
cp -a ${inputs.pbsds-papers.outPath} "$HOME/repo"
|
||||||
|
chmod -R a+w "$HOME/repo"
|
||||||
}
|
cd "$HOME/repo/neural-intersection-fields"
|
||||||
|
ln -s ../.vscode .
|
||||||
|
)
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -93,10 +97,16 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
host = "0.0.0.0"; # container
|
host = "0.0.0.0"; # container
|
||||||
port = 53754;
|
port = 53754;
|
||||||
#user = "code-server";
|
#user = "code-server";
|
||||||
#group = "code.server";
|
#group = "code.server";
|
||||||
|
|
||||||
# a nice tool if you don't care about security: https://argon2.online/
|
# a nice tool if you don't care about security: https://argon2.online/
|
||||||
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2
|
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2
|
||||||
|
|
||||||
|
extraArguments = [
|
||||||
|
"${config.users.users.${config.services.code-server.user}.home}/repo/neural-intersection-fields"
|
||||||
|
];
|
||||||
|
|
||||||
package = pkgs.vscode-with-extensions.override {
|
package = pkgs.vscode-with-extensions.override {
|
||||||
vscode = pkgs.code-server.overrideAttrs (old: {
|
vscode = pkgs.code-server.overrideAttrs (old: {
|
||||||
# vscode-with-extensions compatibility
|
# vscode-with-extensions compatibility
|
||||||
|
@ -154,57 +164,13 @@ in {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
extraPackages = with pkgs; [
|
extraPackages = let
|
||||||
# based on https://github.com/pbsds/papers/blob/main/shell.nix
|
shellnix = import "${inputs.pbsds-papers}/shell.nix" { inherit pkgs; };
|
||||||
(writeShellScriptBin "pandoc" ''
|
in (with pkgs; [ imagemagick ]) # for some reason it isn't passed from shell.nix
|
||||||
export XDG_DATA_HOME=${pandoc-lua-filters}/share
|
++ shellnix.buildInputs
|
||||||
exec ${pandoc}/bin/pandoc "$@"
|
++ shellnix.nativeBuildInputs
|
||||||
'')
|
++ shellnix.propagatedBuildInputs
|
||||||
|
++ shellnix.propagatedNativeBuildInputs;
|
||||||
(texlive.combine {
|
|
||||||
inherit (texlive)
|
|
||||||
scheme-small
|
|
||||||
titlesec
|
|
||||||
fontaxes
|
|
||||||
supertabular
|
|
||||||
xtab
|
|
||||||
# boxed quotes
|
|
||||||
mdframed
|
|
||||||
zref
|
|
||||||
needspace
|
|
||||||
soul
|
|
||||||
atkinson
|
|
||||||
;
|
|
||||||
})
|
|
||||||
|
|
||||||
(python310.withPackages (ps: with ps; [
|
|
||||||
python-lsp-server
|
|
||||||
numpy
|
|
||||||
matplotlib
|
|
||||||
imageio
|
|
||||||
#(callPackage ./nix-modules/pytikz.nix { })
|
|
||||||
#(callPackage ./nix-modules/pyrender.nix { })
|
|
||||||
]))
|
|
||||||
|
|
||||||
pandoc-imagine
|
|
||||||
haskellPackages.pandoc-crossref
|
|
||||||
#haskellPackages.pandoc-plot
|
|
||||||
#pandoc-plantuml-filter nodePackages.mermaid-cli
|
|
||||||
|
|
||||||
# tikz stuff
|
|
||||||
imagemagick
|
|
||||||
drawio-headless
|
|
||||||
openscad
|
|
||||||
#curv
|
|
||||||
|
|
||||||
bash
|
|
||||||
git
|
|
||||||
bat
|
|
||||||
gnumake
|
|
||||||
boxes
|
|
||||||
graphviz
|
|
||||||
#python3Packages.cairosvg
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
|
@ -213,9 +179,6 @@ in {
|
||||||
config.services.code-server.port
|
config.services.code-server.port
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Manually configure nameserver. Using resolved inside the container seems to fail currently
|
|
||||||
#environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -223,9 +186,9 @@ in {
|
||||||
forceSSL = true; # addSSL = true;
|
forceSSL = true; # addSSL = true;
|
||||||
enableACME = true; #useACMEHost = acmeDomain;
|
enableACME = true; #useACMEHost = acmeDomain;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
#proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
|
#proxyPass = "http://127.0.0.1:${toString container.services.code-server.port}";
|
||||||
#proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
|
#proxyPass = "http://10.240.100.3:${toString container.services.code-server.port}";
|
||||||
proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString cnt.services.code-server.port}";
|
proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString container.services.code-server.port}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue