201 lines
7.3 KiB
Nix
201 lines
7.3 KiB
Nix
{ config, pkgs, lib, inputs, ... }:
|
|
|
|
# TODO:
|
|
# * [x] ~~generate a ssh key if not existing~~
|
|
# * [ ] prompt to make a token using 'gh'?
|
|
# * [ ] possibly store some key using nix-sops
|
|
# * [ ] automatically pull the repo on first boot
|
|
# * [ ] customize the shit out of vscode
|
|
# * [ ] don't ignore PDFs
|
|
# * [ ] fix the taskrunner
|
|
# * [ ] fix the markdown preview not opening when prompted
|
|
# * [ ] run the whole thing in a xvfb? should enable drawio and curv
|
|
# * [ ] switch to openvscode-server? https://sourcegraph.com/github.com/bendlas/nixos-config/-/blob/code-server.container.nix?L39%3A26=
|
|
|
|
# https://github.com/coder/code-server/discussions/4267
|
|
|
|
let
|
|
hostName = config.networking.hostName;
|
|
subdomain = "code-server.${config.networking.fqdn}";
|
|
container-name = "code-server-pandoc-papers";
|
|
container = config.containers.${container-name}.config;
|
|
in {
|
|
networking.nat.enable = true;
|
|
networking.nat.internalInterfaces = ["ve-+"];
|
|
networking.nat.externalInterface = "eno1"; # TODO: can i make this automatic?
|
|
#networking.nat.enableIPv6 = true;
|
|
|
|
#imports = [
|
|
# "/home/pbsds/repos/nixpkgs-trees/containers-mkdir/nixos/modules/virtualisation/nixos-containers.nix"
|
|
#];
|
|
#disabledModules = [
|
|
# "virtualisation/nixos-containers.nix"
|
|
#];
|
|
|
|
# data can be destroyed with `nixos-container destroy code-server-pandoc`
|
|
containers.${container-name} = {
|
|
autoStart = true;
|
|
|
|
# container has no network access
|
|
privateNetwork = true;
|
|
hostAddress = "10.240.100.2";
|
|
localAddress = "10.240.100.3";
|
|
|
|
config = { config, pkgs, lib, ... }: {
|
|
system.stateVersion = "22.11";
|
|
|
|
imports = [ inputs.home-manager.nixosModule ];
|
|
home-manager.useGlobalPkgs = true; # brrr
|
|
home-manager.useUserPackages = true; # required, installs user packages to /etc instead of ~/.nix-profile
|
|
home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
|
|
home.stateVersion = "22.11";
|
|
programs.git.enable = true;
|
|
programs.git.userName = "code-server";
|
|
programs.git.userEmail = "pbsds@hotmail.com";
|
|
#programs.vscode.extensions
|
|
#programs.vscode.bindings
|
|
#programs.vscode.userSettings
|
|
};
|
|
|
|
systemd.services.initial-setup = {
|
|
enable = true;
|
|
wantedBy = [ "code-server.service" ];
|
|
before = [ "code-server.service" ];
|
|
|
|
# TODO: run as the correct user
|
|
serviceConfig.User = config.services.code-server.user;
|
|
serviceConfig.Group = config.services.code-server.group;
|
|
|
|
# TODO: make the ssh key comment automatic
|
|
script = ''
|
|
test -s "$HOME/.ssh/id_ed25519.pub" || {
|
|
test -d "$HOME/.ssh" || mkdir -p "$HOME/.ssh"
|
|
echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@code-server-pandoc-${hostName}" -f "$HOME/.ssh/id_ed25519"
|
|
echo
|
|
}
|
|
echo "My pubkey is:"
|
|
cat "$HOME/.ssh/id_ed25519.pub"
|
|
|
|
#${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)"
|
|
|
|
test -d "$HOME/repo" || (
|
|
set -x
|
|
cp -a ${inputs.pbsds-papers.outPath} "$HOME/repo"
|
|
chmod -R +w "$HOME/repo"
|
|
)
|
|
test -e "$HOME/repo/neural-intersection-fields/.vscode" || (
|
|
cd "$HOME/repo/neural-intersection-fields"
|
|
ln -s ../.vscode .
|
|
)
|
|
|
|
if test -d "$HOME/repo/.git"; then
|
|
( cd $HOME/repo; git pull --rebase --autostash ) # TODO: somehow rollback if failed
|
|
fi
|
|
'';
|
|
};
|
|
|
|
services.code-server = {
|
|
enable = true;
|
|
host = "0.0.0.0"; # container
|
|
port = 53754;
|
|
#user = "code-server";
|
|
#group = "code.server";
|
|
|
|
# a nice tool if you don't care about security: https://argon2.online/
|
|
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2
|
|
|
|
extraArguments = [
|
|
"${config.users.users.${config.services.code-server.user}.home}/repo/neural-intersection-fields"
|
|
];
|
|
|
|
package = pkgs.vscode-with-extensions.override {
|
|
vscode = pkgs.code-server.overrideAttrs (old: {
|
|
# vscode-with-extensions compatibility
|
|
# https://github.com/NixOS/nixpkgs/pull/192889
|
|
passthru.executableName = "code-server";
|
|
passthru.longName = "Visual Studio Code Server";
|
|
});
|
|
#vscodeExtensions = with pkgs.unstable.vscode-extensions; [
|
|
vscodeExtensions = with pkgs.vscode-extensions; [
|
|
shd101wyy.markdown-preview-enhanced
|
|
sanaajani.taskrunnercode # doesn't work?
|
|
tomoki1207.pdf # no firefox?
|
|
] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
|
|
{
|
|
name = "new-railscasts";
|
|
publisher = "carakan";
|
|
version = "1.0.68";
|
|
sha256 = "sha256-uZCAurvZu7QHjTR6ukmYbsI58GpfTo3shdoX/MH2ElA=";
|
|
}
|
|
{
|
|
name = "theme-railscasts";
|
|
publisher = "PaulOlteanu";
|
|
version = "4.0.1";
|
|
sha256 = "sha256-67RNcMr+hvzn2FvapkHLd8OdEBAz8w4cwsGlu0tbCNY=";
|
|
}
|
|
{
|
|
name = "trailscasts";
|
|
publisher = "mksafi";
|
|
version = "1.2.3";
|
|
sha256 = "sha256-mZ9I1BYf8x3lpl5/2sojk+5GMfhDqRBzs6nFkumlPKg=";
|
|
}
|
|
{
|
|
name = "vscode-theme-railscasts-plus";
|
|
publisher = "marlosirapuan";
|
|
version = "0.0.6";
|
|
sha256 = "sha256-8GyyxDeehFo/lGSmA6dfXZ3DMZ/B632ax+9q3+irjws=";
|
|
}
|
|
{
|
|
name = "theme-railscast-next";
|
|
publisher = "edus44";
|
|
version = "0.0.2";
|
|
sha256 = "sha256-RYk6X4iKoEQlKSVhydnwWQJqt884+HC9DZN2aqIbfNI=";
|
|
}
|
|
{ # best, but no markdown
|
|
name = "railscasts";
|
|
publisher = "mrded";
|
|
version = "0.0.4";
|
|
sha256 = "sha256-vjfoeRW+rmYlzSuEbYJqg41r03zSfbfuNCfAhHYyjDc=";
|
|
}
|
|
{
|
|
name = "beardedtheme";
|
|
publisher = "BeardedBear";
|
|
version = "7.4.0";
|
|
sha256 = "sha256-8FY9my7v7bcfD0LH5AVNGI2dF1qMLnVp2LR/CiP01NQ=";
|
|
}
|
|
];
|
|
};
|
|
extraPackages = (with pkgs; [
|
|
git gh hub
|
|
micro
|
|
]) ++ (let
|
|
shell = import "${inputs.pbsds-papers}/shell.nix" { inherit pkgs; };
|
|
in
|
|
(with pkgs; [ imagemagick librsvg ]) # for some reason it isn't picked up from from shell.nix?
|
|
++ shell.buildInputs
|
|
++ shell.nativeBuildInputs
|
|
++ shell.propagatedBuildInputs
|
|
++ shell.propagatedNativeBuildInputs
|
|
);
|
|
};
|
|
|
|
networking.firewall.enable = true;
|
|
networking.firewall.allowedTCPPorts = [
|
|
config.services.code-server.port
|
|
];
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts.${subdomain} = {
|
|
forceSSL = true; # addSSL = true;
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
locations."/" = {
|
|
#proxyPass = "http://127.0.0.1:${toString container.services.code-server.port}";
|
|
#proxyPass = "http://10.240.100.3:${toString container.services.code-server.port}";
|
|
proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString container.services.code-server.port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
}
|