{ config, pkgs, lib, inputs, ... }: # TODO: # * [x] ~~generate a ssh key if not existing~~ # * [ ] prompt to make a token using 'gh'? # * [ ] possibly store some key using nix-sops # * [ ] automatically pull the repo on first boot # * [ ] customize the shit out of vscode # * [ ] don't ignore PDFs # * [ ] fix the taskrunner # * [ ] fix the markdown preview not opening when prompted # * [ ] run the whole thing in a xvfb? should enable drawio and curv # * [ ] switch to openvscode-server? https://sourcegraph.com/github.com/bendlas/nixos-config/-/blob/code-server.container.nix?L39%3A26= # https://github.com/coder/code-server/discussions/4267 let hostName = config.networking.hostName; subdomain = "code-server.${config.networking.fqdn}"; container-name = "code-server-pandoc-papers"; container = config.containers.${container-name}.config; in { networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.externalInterface = "eno1"; # TODO: can i make this automatic? #networking.nat.enableIPv6 = true; #imports = [ # "/home/pbsds/repos/nixpkgs-trees/containers-mkdir/nixos/modules/virtualisation/nixos-containers.nix" #]; #disabledModules = [ # "virtualisation/nixos-containers.nix" #]; # data can be destroyed with `nixos-container destroy code-server-pandoc` containers.${container-name} = { autoStart = true; # container has no network access privateNetwork = true; hostAddress = "10.240.100.2"; localAddress = "10.240.100.3"; config = { config, pkgs, lib, ... }: { system.stateVersion = "22.11"; imports = [ inputs.home-manager.nixosModule ]; home-manager.useGlobalPkgs = true; # brrr home-manager.useUserPackages = true; # required, installs user packages to /etc instead of ~/.nix-profile home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: { home.stateVersion = "22.11"; programs.git.enable = true; programs.git.userName = "code-server"; programs.git.userEmail = "pbsds@hotmail.com"; #programs.vscode.extensions #programs.vscode.bindings #programs.vscode.userSettings }; systemd.services.initial-setup = { enable = true; wantedBy = [ "code-server.service" ]; before = [ "code-server.service" ]; # TODO: run as the correct user serviceConfig.User = config.services.code-server.user; serviceConfig.Group = config.services.code-server.group; # TODO: make the ssh key comment automatic script = '' test -s "$HOME/.ssh/id_ed25519.pub" || { test -d "$HOME/.ssh" || mkdir -p "$HOME/.ssh" echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@code-server-pandoc-${hostName}" -f "$HOME/.ssh/id_ed25519" echo } echo "My pubkey is:" cat "$HOME/.ssh/id_ed25519.pub" #${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)" test -d "$HOME/repo" || ( set -x cp -a ${inputs.pbsds-papers.outPath} "$HOME/repo" chmod -R +w "$HOME/repo" ) test -e "$HOME/repo/neural-intersection-fields/.vscode" || ( cd "$HOME/repo/neural-intersection-fields" ln -s ../.vscode . ) if test -d "$HOME/repo/.git"; then ( cd $HOME/repo; git pull --rebase --autostash ) # TODO: somehow rollback if failed fi ''; }; services.code-server = { enable = true; host = "0.0.0.0"; # container port = 53754; #user = "code-server"; #group = "code.server"; # a nice tool if you don't care about security: https://argon2.online/ hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2 extraArguments = [ "${config.users.users.${config.services.code-server.user}.home}/repo/neural-intersection-fields" ]; package = pkgs.vscode-with-extensions.override { vscode = pkgs.code-server.overrideAttrs (old: { # vscode-with-extensions compatibility # https://github.com/NixOS/nixpkgs/pull/192889 passthru.executableName = "code-server"; passthru.longName = "Visual Studio Code Server"; }); #vscodeExtensions = with pkgs.unstable.vscode-extensions; [ vscodeExtensions = with pkgs.vscode-extensions; [ shd101wyy.markdown-preview-enhanced sanaajani.taskrunnercode # doesn't work? tomoki1207.pdf # no firefox? ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ { name = "new-railscasts"; publisher = "carakan"; version = "1.0.68"; sha256 = "sha256-uZCAurvZu7QHjTR6ukmYbsI58GpfTo3shdoX/MH2ElA="; } { name = "theme-railscasts"; publisher = "PaulOlteanu"; version = "4.0.1"; sha256 = "sha256-67RNcMr+hvzn2FvapkHLd8OdEBAz8w4cwsGlu0tbCNY="; } { name = "trailscasts"; publisher = "mksafi"; version = "1.2.3"; sha256 = "sha256-mZ9I1BYf8x3lpl5/2sojk+5GMfhDqRBzs6nFkumlPKg="; } { name = "vscode-theme-railscasts-plus"; publisher = "marlosirapuan"; version = "0.0.6"; sha256 = "sha256-8GyyxDeehFo/lGSmA6dfXZ3DMZ/B632ax+9q3+irjws="; } { name = "theme-railscast-next"; publisher = "edus44"; version = "0.0.2"; sha256 = "sha256-RYk6X4iKoEQlKSVhydnwWQJqt884+HC9DZN2aqIbfNI="; } { # best, but no markdown name = "railscasts"; publisher = "mrded"; version = "0.0.4"; sha256 = "sha256-vjfoeRW+rmYlzSuEbYJqg41r03zSfbfuNCfAhHYyjDc="; } { name = "beardedtheme"; publisher = "BeardedBear"; version = "7.4.0"; sha256 = "sha256-8FY9my7v7bcfD0LH5AVNGI2dF1qMLnVp2LR/CiP01NQ="; } ]; }; extraPackages = (with pkgs; [ git gh hub micro ]) ++ (let shell = import "${inputs.pbsds-papers}/shell.nix" { inherit pkgs; }; in (with pkgs; [ imagemagick librsvg ]) # for some reason it isn't picked up from from shell.nix? ++ shell.buildInputs ++ shell.nativeBuildInputs ++ shell.propagatedBuildInputs ++ shell.propagatedNativeBuildInputs ); }; networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ config.services.code-server.port ]; }; }; services.nginx.virtualHosts.${subdomain} = { forceSSL = true; # addSSL = true; enableACME = true; #useACMEHost = acmeDomain; locations."/" = { #proxyPass = "http://127.0.0.1:${toString container.services.code-server.port}"; #proxyPass = "http://10.240.100.3:${toString container.services.code-server.port}"; proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString container.services.code-server.port}"; proxyWebsockets = true; }; }; }