vps: enable openvscode, vscode-server, container

This commit is contained in:
Lgmrszd 2024-02-18 13:07:09 +03:00
parent 85654ce3a9
commit c96a0534aa
No known key found for this signature in database
GPG key ID: 9396B8BA6FBB14DE
2 changed files with 72 additions and 3 deletions

View file

@ -120,6 +120,7 @@
inputs.nh.nixosModules.default
./hosts/vps1/configuration.nix
./hosts/vps1/hardware-configuration.nix
sops-nix.nixosModules.sops
];
};
};

View file

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, config, ... }:
let
rootDomain = "lgmrszd.xyz";
gtnhDomain = "gtnh.${rootDomain}";
@ -9,8 +9,13 @@ in
{
imports = [
./hardware-configuration.nix
(fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; })
];
systemd.tmpfiles.rules = [
"d /shared/openvscode 2770 root ${config.services.openvscode-server.group}"
];
programs.fish.enable = true;
@ -29,12 +34,69 @@ in
settings.PasswordAuthentication = false;
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "eth0";
services.endlessh-go = {
enable = true;
openFirewall = true;
port = 22;
};
services.vscode-server = {
enable = true;
nodejsPackage = pkgs.nodejs_18;
installPath = "$HOME/.vscodium-server";
};
services.openvscode-server = {
enable = true;
};
containers.akkotest = let secretpath = "${config.sops.secrets.example_key.path}"; in {
ephemeral = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
bindMounts."${secretpath}".isReadOnly = true;
specialArgs = {inherit secretpath;};
config =
{ config, pkgs, secretpath, ... }:
{
users = {
users."akkoma" = {
description = "Akkoma user";
group = "akkoma";
isSystemUser = true;
uid = 1234;
};
groups."akkoma" = { gid = 1234; };
};
};
};
users = {
users."akkoma" = {
description = "Fake Akkoma user to set up secrets permissions";
group = "akkoma";
isSystemUser = true;
uid = 1234;
};
groups."akkoma" = { gid = 1234; };
};
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
secrets.example_key = {
owner = config.users.users.akkoma.name;
group = config.users.users.akkoma.group;
};
};
users.users.nginx.extraGroups = [ "acme" ];
services.nginx = {
@ -93,12 +155,18 @@ in
environment.systemPackages = with pkgs; [
git
vim
tmux
sops
];
users.users.lgm = {
isNormalUser = true;
description = "lgm";
extraGroups = [ "wheel""docker"];
extraGroups = [
"wheel"
"docker"
config.services.openvscode-server.group
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
};