{ config, pkgs, lib, ... }: # TODO: # * [ ] fix network sandboxing, so the container cant access localhost services on host # * [ ] automatically pull the repo on boot, do i need keys for that? # * [ ] generate a ssh key if not existing # * [ ] attempt to pull, otherwise print the ssh-pubkey # * [ ] Make vscode default to our repo # * [ ] customize the shit out of vscode let domain = "${config.networking.hostName}.${config.networking.domain}"; mkDomain = subname: "${subname}.${domain}"; container-name = "code-server-pandoc"; cnt = config.containers.${container-name}.config; in { networking.nat = { enable = true; internalInterfaces = ["ve-+"]; externalInterface = "eno1"; # TODO: can i make this automatic? #enableIPv6 = true; }; #imports = [ # "/home/pbsds/repos/nixpkgs-trees/containers-mkdir/nixos/modules/virtualisation/nixos-containers.nix" #]; #disabledModules = [ # "virtualisation/nixos-containers.nix" #]; # data can be destroyed with `nixos-container destroy code-server-pandoc` containers.${container-name} = { autoStart = true; # container has no network access privateNetwork = true; hostAddress = "10.240.100.2"; localAddress = "10.240.100.3"; #forwardPorts = [ # { # #hostAddress = "127.0.0.1"; # does not exist # hostPort = 53754; # containerPort = 53754; # protocol = "tcp"; # } #]; #bindMounts."/home" = { # hostPath = "/var/lib/code-server"; # isReadOnly = false; #}; config = { config, pkgs, lib, ... }: { system.stateVersion = "22.05"; #imports = [ ]; #home-manager.useUserPackages = true; # install to /etc instead of ~/.nix-profile, needed for containers #home-manager.useGlobalPkgs = true; # brrr #home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: { # programs.git.enable = true; # programs.git.userName = "Noximilien code-server"; # programs.git.userEmail = "theotheo@ntnu.no"; #}; systemd.services.initial-setup = { wantedBy = [ "multi-user.target" ]; # TODO: run as the correct user serviceConfig.User = config.services.code-server.user; serviceConfig.Group = config.services.code-server.group; # TODO: make the ssh key comment automatic script = '' test -s "$HOME/.ssh/id_rsa.pub" || { mkdir "$HOME/.ssh" echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@noximilien" -f "$HOME/.ssh/id_ed25519" echo echo "You pubkey is:" cat "$HOME/.ssh/id_ed25519.pub" echo exit } #${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)" test -d "$HOME/repos/papers" || { mkdir -p "$HOME/repos" ${pkgs.git}/bin/git clone git@github.com:pbsds/papers.git } ''; }; services.code-server = { enable = true; host = "0.0.0.0"; # container port = 53754; #user = "code-server"; #group = "code.server"; # a nice tool if you don't care about security: https://argon2.online/ hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2 package = pkgs.vscode-with-extensions.override { vscode = pkgs.code-server.overrideAttrs (old: { # vscode-with-extensions compatibility # https://github.com/NixOS/nixpkgs/pull/192889 passthru.executableName = "code-server"; passthru.longName = "Visual Studio Code Server"; }); #vscodeExtensions = with (import {}).vscode-extensions; [ vscodeExtensions = with pkgs.vscode-extensions; [ shd101wyy.markdown-preview-enhanced sanaajani.taskrunnercode tomoki1207.pdf ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ { name = "new-railscasts"; publisher = "carakan"; version = "1.0.68"; sha256 = "sha256-uZCAurvZu7QHjTR6ukmYbsI58GpfTo3shdoX/MH2ElA="; } { name = "theme-railscasts"; publisher = "PaulOlteanu"; version = "4.0.1"; sha256 = "sha256-67RNcMr+hvzn2FvapkHLd8OdEBAz8w4cwsGlu0tbCNY="; } { name = "trailscasts"; publisher = "mksafi"; version = "1.2.3"; sha256 = "sha256-mZ9I1BYf8x3lpl5/2sojk+5GMfhDqRBzs6nFkumlPKg="; } { name = "vscode-theme-railscasts-plus"; publisher = "marlosirapuan"; version = "0.0.6"; sha256 = "sha256-8GyyxDeehFo/lGSmA6dfXZ3DMZ/B632ax+9q3+irjws="; } { name = "theme-railscast-next"; publisher = "edus44"; version = "0.0.2"; sha256 = "sha256-RYk6X4iKoEQlKSVhydnwWQJqt884+HC9DZN2aqIbfNI="; } { # best, but no markdown name = "railscasts"; publisher = "mrded"; version = "0.0.4"; sha256 = "sha256-vjfoeRW+rmYlzSuEbYJqg41r03zSfbfuNCfAhHYyjDc="; } { name = "beardedtheme"; publisher = "BeardedBear"; version = "7.4.0"; sha256 = "sha256-8FY9my7v7bcfD0LH5AVNGI2dF1qMLnVp2LR/CiP01NQ="; } ]; }; extraPackages = with pkgs; [ # based on https://github.com/pbsds/papers/blob/main/shell.nix (writeShellScriptBin "pandoc" '' export XDG_DATA_HOME=${pandoc-lua-filters}/share exec ${pandoc}/bin/pandoc "$@" '') (texlive.combine { inherit (texlive) scheme-small titlesec fontaxes supertabular xtab # boxed quotes mdframed zref needspace soul atkinson ; }) (python310.withPackages (ps: with ps; [ python-lsp-server numpy matplotlib imageio #(callPackage ./nix-modules/pytikz.nix { }) #(callPackage ./nix-modules/pyrender.nix { }) ])) pandoc-imagine haskellPackages.pandoc-crossref #haskellPackages.pandoc-plot #pandoc-plantuml-filter nodePackages.mermaid-cli # tikz stuff imagemagick drawio-headless openscad #curv bash git bat gnumake boxes graphviz #python3Packages.cairosvg ]; }; networking.firewall = { enable = true; allowedTCPPorts = [ config.services.code-server.port ]; }; # Manually configure nameserver. Using resolved inside the container seems to fail currently #environment.etc."resolv.conf".text = "nameserver 8.8.8.8"; }; }; services.nginx.virtualHosts.${mkDomain "code-server"} = { forceSSL = true; # addSSL = true; enableACME = true; #useACMEHost = acmeDomain; locations."/" = { #proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}"; #proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}"; proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString cnt.services.code-server.port}"; proxyWebsockets = true; }; }; }