From c96a0534aadb5f55e94c0b366082da1c7b535363 Mon Sep 17 00:00:00 2001
From: Lgmrszd <lgmrszd@disroot.org>
Date: Sun, 18 Feb 2024 13:07:09 +0300
Subject: [PATCH] vps: enable openvscode, vscode-server, container

---
 flake.nix                    |  1 +
 hosts/vps1/configuration.nix | 74 ++++++++++++++++++++++++++++++++++--
 2 files changed, 72 insertions(+), 3 deletions(-)

diff --git a/flake.nix b/flake.nix
index e8382fc..6ced436 100644
--- a/flake.nix
+++ b/flake.nix
@@ -120,6 +120,7 @@
         inputs.nh.nixosModules.default
         ./hosts/vps1/configuration.nix
         ./hosts/vps1/hardware-configuration.nix
+        sops-nix.nixosModules.sops
       ];
     };
   };
diff --git a/hosts/vps1/configuration.nix b/hosts/vps1/configuration.nix
index b42f04f..adb8d61 100644
--- a/hosts/vps1/configuration.nix
+++ b/hosts/vps1/configuration.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 let
   rootDomain = "lgmrszd.xyz";
   gtnhDomain = "gtnh.${rootDomain}";
@@ -9,8 +9,13 @@ in
 {
   imports = [
     ./hardware-configuration.nix
+    (fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; })
     
-    
+  ];
+
+
+  systemd.tmpfiles.rules = [
+    "d /shared/openvscode 2770 root ${config.services.openvscode-server.group}"
   ];
 
   programs.fish.enable = true;
@@ -29,12 +34,69 @@ in
     settings.PasswordAuthentication = false;
   };
 
+  networking.nat.enable = true;
+  networking.nat.internalInterfaces = ["ve-+"];
+  networking.nat.externalInterface = "eth0";
+
   services.endlessh-go = {
     enable = true;
     openFirewall = true;
     port = 22;
   };
 
+  services.vscode-server = {
+    enable = true;
+    nodejsPackage = pkgs.nodejs_18;
+    installPath = "$HOME/.vscodium-server";
+  };
+
+  services.openvscode-server = {
+    enable = true;
+    
+  };
+
+  containers.akkotest = let secretpath = "${config.sops.secrets.example_key.path}"; in {
+    ephemeral = true;
+    privateNetwork = true;
+    hostAddress = "192.168.100.10";
+    localAddress = "192.168.100.11";
+    bindMounts."${secretpath}".isReadOnly = true;
+    specialArgs = {inherit secretpath;};
+
+    config = 
+    { config, pkgs, secretpath, ... }:
+    {
+      users = {
+        users."akkoma" = {
+          description = "Akkoma user";
+          group = "akkoma";
+          isSystemUser = true;
+          uid = 1234;
+        };
+        groups."akkoma" = { gid = 1234; };
+      };
+    };
+  };
+
+  users = {
+    users."akkoma" = {
+      description = "Fake Akkoma user to set up secrets permissions";
+      group = "akkoma";
+      isSystemUser = true;
+      uid = 1234;
+    };
+    groups."akkoma" = { gid = 1234; };
+  };
+
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    secrets.example_key = {
+      owner = config.users.users.akkoma.name;
+      group = config.users.users.akkoma.group;
+    };
+  };
+
   users.users.nginx.extraGroups = [ "acme" ];
 
   services.nginx = {
@@ -93,12 +155,18 @@ in
   environment.systemPackages = with pkgs; [
     git
     vim
+    tmux
+    sops
   ];
   
   users.users.lgm = {
     isNormalUser = true;
     description = "lgm";
-    extraGroups = [ "wheel""docker"];
+    extraGroups = [
+      "wheel"
+      "docker"
+      config.services.openvscode-server.group
+    ];
     shell = pkgs.fish;
     openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
   };