mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-09 21:38:34 +01:00
vps: enable openvscode, vscode-server, container
This commit is contained in:
parent
85654ce3a9
commit
c96a0534aa
2 changed files with 72 additions and 3 deletions
|
@ -120,6 +120,7 @@
|
|||
inputs.nh.nixosModules.default
|
||||
./hosts/vps1/configuration.nix
|
||||
./hosts/vps1/hardware-configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, ... }:
|
||||
{ pkgs, config, ... }:
|
||||
let
|
||||
rootDomain = "lgmrszd.xyz";
|
||||
gtnhDomain = "gtnh.${rootDomain}";
|
||||
|
@ -9,8 +9,13 @@ in
|
|||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
(fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; })
|
||||
|
||||
];
|
||||
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /shared/openvscode 2770 root ${config.services.openvscode-server.group}"
|
||||
];
|
||||
|
||||
programs.fish.enable = true;
|
||||
|
@ -29,12 +34,69 @@ in
|
|||
settings.PasswordAuthentication = false;
|
||||
};
|
||||
|
||||
networking.nat.enable = true;
|
||||
networking.nat.internalInterfaces = ["ve-+"];
|
||||
networking.nat.externalInterface = "eth0";
|
||||
|
||||
services.endlessh-go = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
port = 22;
|
||||
};
|
||||
|
||||
services.vscode-server = {
|
||||
enable = true;
|
||||
nodejsPackage = pkgs.nodejs_18;
|
||||
installPath = "$HOME/.vscodium-server";
|
||||
};
|
||||
|
||||
services.openvscode-server = {
|
||||
enable = true;
|
||||
|
||||
};
|
||||
|
||||
containers.akkotest = let secretpath = "${config.sops.secrets.example_key.path}"; in {
|
||||
ephemeral = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.10";
|
||||
localAddress = "192.168.100.11";
|
||||
bindMounts."${secretpath}".isReadOnly = true;
|
||||
specialArgs = {inherit secretpath;};
|
||||
|
||||
config =
|
||||
{ config, pkgs, secretpath, ... }:
|
||||
{
|
||||
users = {
|
||||
users."akkoma" = {
|
||||
description = "Akkoma user";
|
||||
group = "akkoma";
|
||||
isSystemUser = true;
|
||||
uid = 1234;
|
||||
};
|
||||
groups."akkoma" = { gid = 1234; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
users."akkoma" = {
|
||||
description = "Fake Akkoma user to set up secrets permissions";
|
||||
group = "akkoma";
|
||||
isSystemUser = true;
|
||||
uid = 1234;
|
||||
};
|
||||
groups."akkoma" = { gid = 1234; };
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ../../secrets/secrets.yaml;
|
||||
defaultSopsFormat = "yaml";
|
||||
secrets.example_key = {
|
||||
owner = config.users.users.akkoma.name;
|
||||
group = config.users.users.akkoma.group;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.nginx.extraGroups = [ "acme" ];
|
||||
|
||||
services.nginx = {
|
||||
|
@ -93,12 +155,18 @@ in
|
|||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
vim
|
||||
tmux
|
||||
sops
|
||||
];
|
||||
|
||||
users.users.lgm = {
|
||||
isNormalUser = true;
|
||||
description = "lgm";
|
||||
extraGroups = [ "wheel""docker"];
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"docker"
|
||||
config.services.openvscode-server.group
|
||||
];
|
||||
shell = pkgs.fish;
|
||||
openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue