lgmrszd/nix-cfg
1
0
Fork 0
mirror of https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git synced 2024-11-25 12:28:55 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

vps: enable openvscode, vscode-server, container

Browse source
This commit is contained in:
Lgmrszd 2024-02-18 13:07:09 +03:00
parent 85654ce3a9
commit c96a0534aa
No known key found for this signature in database
GPG key ID: 9396B8BA6FBB14DE
2 changed files with 72 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -120,6 +120,7 @@
inputs.nh.nixosModules.default inputs.nh.nixosModules.default
./hosts/vps1/configuration.nix ./hosts/vps1/configuration.nix
./hosts/vps1/hardware-configuration.nix ./hosts/vps1/hardware-configuration.nix
sops-nix.nixosModules.sops
]; ];
}; };
}; };

74
hosts/vps1/configuration.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, config, ... }:
let let
rootDomain = "lgmrszd.xyz"; rootDomain = "lgmrszd.xyz";
gtnhDomain = "gtnh.${rootDomain}"; gtnhDomain = "gtnh.${rootDomain}";
@ -9,8 +9,13 @@ in
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
(fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; })
];
systemd.tmpfiles.rules = [
"d /shared/openvscode 2770 root ${config.services.openvscode-server.group}"
]; ];
programs.fish.enable = true; programs.fish.enable = true;
@ -29,12 +34,69 @@ in
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "eth0";
services.endlessh-go = { services.endlessh-go = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
port = 22; port = 22;
}; };
services.vscode-server = {
enable = true;
nodejsPackage = pkgs.nodejs_18;
installPath = "$HOME/.vscodium-server";
};
services.openvscode-server = {
enable = true;
};
containers.akkotest = let secretpath = "${config.sops.secrets.example_key.path}"; in {
ephemeral = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
bindMounts."${secretpath}".isReadOnly = true;
specialArgs = {inherit secretpath;};
config =
{ config, pkgs, secretpath, ... }:
{
users = {
users."akkoma" = {
description = "Akkoma user";
group = "akkoma";
isSystemUser = true;
uid = 1234;
};
groups."akkoma" = { gid = 1234; };
};
};
};
users = {
users."akkoma" = {
description = "Fake Akkoma user to set up secrets permissions";
group = "akkoma";
isSystemUser = true;
uid = 1234;
};
groups."akkoma" = { gid = 1234; };
};
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
secrets.example_key = {
owner = config.users.users.akkoma.name;
group = config.users.users.akkoma.group;
};
};
users.users.nginx.extraGroups = [ "acme" ]; users.users.nginx.extraGroups = [ "acme" ];
services.nginx = { services.nginx = {
@ -93,12 +155,18 @@ in
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
vim vim
tmux
sops
]; ];
users.users.lgm = { users.users.lgm = {
isNormalUser = true; isNormalUser = true;
description = "lgm"; description = "lgm";
extraGroups = [ "wheel""docker"]; extraGroups = [
"wheel"
"docker"
config.services.openvscode-server.group
];
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos'']; openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
}; };