mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-25 12:28:55 +01:00
vps: enable openvscode, vscode-server, container
This commit is contained in:
parent
85654ce3a9
commit
c96a0534aa
2 changed files with 72 additions and 3 deletions
|
@ -120,6 +120,7 @@
|
||||||
inputs.nh.nixosModules.default
|
inputs.nh.nixosModules.default
|
||||||
./hosts/vps1/configuration.nix
|
./hosts/vps1/configuration.nix
|
||||||
./hosts/vps1/hardware-configuration.nix
|
./hosts/vps1/hardware-configuration.nix
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, config, ... }:
|
||||||
let
|
let
|
||||||
rootDomain = "lgmrszd.xyz";
|
rootDomain = "lgmrszd.xyz";
|
||||||
gtnhDomain = "gtnh.${rootDomain}";
|
gtnhDomain = "gtnh.${rootDomain}";
|
||||||
|
@ -9,8 +9,13 @@ in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
(fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; })
|
||||||
|
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /shared/openvscode 2770 root ${config.services.openvscode-server.group}"
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.fish.enable = true;
|
programs.fish.enable = true;
|
||||||
|
@ -29,12 +34,69 @@ in
|
||||||
settings.PasswordAuthentication = false;
|
settings.PasswordAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.nat.enable = true;
|
||||||
|
networking.nat.internalInterfaces = ["ve-+"];
|
||||||
|
networking.nat.externalInterface = "eth0";
|
||||||
|
|
||||||
services.endlessh-go = {
|
services.endlessh-go = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
port = 22;
|
port = 22;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.vscode-server = {
|
||||||
|
enable = true;
|
||||||
|
nodejsPackage = pkgs.nodejs_18;
|
||||||
|
installPath = "$HOME/.vscodium-server";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.openvscode-server = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
containers.akkotest = let secretpath = "${config.sops.secrets.example_key.path}"; in {
|
||||||
|
ephemeral = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.100.10";
|
||||||
|
localAddress = "192.168.100.11";
|
||||||
|
bindMounts."${secretpath}".isReadOnly = true;
|
||||||
|
specialArgs = {inherit secretpath;};
|
||||||
|
|
||||||
|
config =
|
||||||
|
{ config, pkgs, secretpath, ... }:
|
||||||
|
{
|
||||||
|
users = {
|
||||||
|
users."akkoma" = {
|
||||||
|
description = "Akkoma user";
|
||||||
|
group = "akkoma";
|
||||||
|
isSystemUser = true;
|
||||||
|
uid = 1234;
|
||||||
|
};
|
||||||
|
groups."akkoma" = { gid = 1234; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users = {
|
||||||
|
users."akkoma" = {
|
||||||
|
description = "Fake Akkoma user to set up secrets permissions";
|
||||||
|
group = "akkoma";
|
||||||
|
isSystemUser = true;
|
||||||
|
uid = 1234;
|
||||||
|
};
|
||||||
|
groups."akkoma" = { gid = 1234; };
|
||||||
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ../../secrets/secrets.yaml;
|
||||||
|
defaultSopsFormat = "yaml";
|
||||||
|
secrets.example_key = {
|
||||||
|
owner = config.users.users.akkoma.name;
|
||||||
|
group = config.users.users.akkoma.group;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
users.users.nginx.extraGroups = [ "acme" ];
|
users.users.nginx.extraGroups = [ "acme" ];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
@ -93,12 +155,18 @@ in
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
git
|
git
|
||||||
vim
|
vim
|
||||||
|
tmux
|
||||||
|
sops
|
||||||
];
|
];
|
||||||
|
|
||||||
users.users.lgm = {
|
users.users.lgm = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "lgm";
|
description = "lgm";
|
||||||
extraGroups = [ "wheel""docker"];
|
extraGroups = [
|
||||||
|
"wheel"
|
||||||
|
"docker"
|
||||||
|
config.services.openvscode-server.group
|
||||||
|
];
|
||||||
shell = pkgs.fish;
|
shell = pkgs.fish;
|
||||||
openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
|
openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue