openvscode server nixos container on blue

yomaq · Apr 9, 2024 · 90dff0b · 90dff0b
1 parent 6967f79
commit 90dff0b
Show file tree

Hide file tree

Showing 3 changed files with 112 additions and 1 deletion.
diff --git a/hosts/blue/blue.nix b/hosts/blue/blue.nix
@@ -3,6 +3,7 @@
   imports =[
     # import custom modules
     inputs.self.nixosModules.yomaq
+    inputs.self.nixosModules.pods
     # import hardware
     (modulesPath + "/installer/scan/not-detected.nix")
     inputs.nixos-hardware.nixosModules.lenovo-legion-15ach6
@@ -29,6 +30,11 @@
         # for building iso
         preApprovedSshAuthkey = true;
       };
+      network = {
+        useBr0 = true;
+        physicalInterfaceName = "enp5s0";
+      };
+      nixos-containers.openvscode.enable = true;
       glances.enable = lib.mkForce false;
       gnome.enable = true;
       scripts.enable = true;

diff --git a/hosts/teal/nixoscontainer.nix b/hosts/teal/nixoscontainer.nix
@@ -24,7 +24,7 @@ in
     yomaq.homepage.groups.services.services = [{
       "Code Server" = {
         icon = "si-visualstudiocode";
-        href = "${NAME}.${tailnetName}.ts.net";
+        href = "https://${NAME}.${tailnetName}.ts.net";
       };
     }];
 

diff --git a/modules/containers/nixos-containers/openvscode-server/nixos.nix b/modules/containers/nixos-containers/openvscode-server/nixos.nix
@@ -0,0 +1,105 @@
+{ config, lib, pkgs, inputs, modulesPath, ... }:
+let
+
+  NAME = "openvscode";
+
+  cfg = config.yomaq.nixos-containers.openvscode;
+
+  inherit (config.networking) hostName;
+  inherit (config.yomaq.impermanence) backup;
+  inherit (config.yomaq.impermanence) dontBackup;
+  inherit (config.yomaq.tailscale) tailnetName;
+  inherit (config.system) stateVersion;
+in
+{
+  options.yomaq.nixos-containers.openvscode.enable = lib.mkEnableOption (lib.mdDoc "Openvscode Server");
+
+  config = lib.mkIf cfg.enable {
+
+    systemd.tmpfiles.rules = [
+      "d ${dontBackup}/nixos-containers/${NAME}/tailscale"
+      "d ${dontBackup}/nixos-containers/${NAME}/data 0755 admin"
+      "d ${dontBackup}/nixos-containers/${NAME}/userdata 0755 admin"
+      "d ${dontBackup}/nixos-containers/${NAME}/extensions 0755 admin"
+      "d ${dontBackup}/nixos-containers/${NAME}/admin 0755 admin"
+    ];
+
+
+    yomaq.homepage.groups.services.services = [{
+      "Code Server" = {
+        icon = "si-visualstudiocode";
+        href = "https://${hostName}-${NAME}.${tailnetName}.ts.net";
+        siteMonitor = "https://${hostName}-${NAME}.${tailnetName}.ts.net";
+      };
+    }];
+
+    #will still need to set the network device name manually
+    yomaq.network.useBr0 = true;
+
+    containers."${hostName}-${NAME}" = {
+      autoStart = true;
+      privateNetwork = true;
+      hostBridge = "br0"; # Specify the bridge name
+      specialArgs = { inherit inputs; };
+      bindMounts = { 
+        "/etc/ssh/${hostName}" = { 
+          hostPath = "/etc/ssh/${hostName}";
+          isReadOnly = true; 
+        };
+        "/var/lib/tailscale/" = {
+          hostPath = "${dontBackup}/nixos-containers/${NAME}/tailscale";
+          isReadOnly = false; 
+        };
+        "${dontBackup}/nixos-containers/${NAME}/data" = {
+          hostPath = "${dontBackup}/nixos-containers/${NAME}/data";
+          isReadOnly = false; 
+        };
+        "${dontBackup}/nixos-containers/${NAME}/userdata" = {
+          hostPath = "${dontBackup}/nixos-containers/${NAME}/userdata";
+          isReadOnly = false; 
+        };
+        "${dontBackup}/nixos-containers/${NAME}/extensions" = {
+          hostPath = "${dontBackup}/nixos-containers/${NAME}/extensions";
+          isReadOnly = false; 
+        };
+        "/home/admin" = {
+          hostPath = "${dontBackup}/nixos-containers/${NAME}/admin";
+          isReadOnly = false; 
+        };
+      };
+      enableTun = true;
+      ephemeral = true;
+      config = {
+        imports = [
+          inputs.self.nixosModules.yomaq
+          (inputs.self + /users/admin)
+          ];
+        system.stateVersion = stateVersion;
+        age.identityPaths = ["/etc/ssh/${hostName}"];
+        networking.useHostResolvConf = lib.mkForce false;
+        yomaq = {
+          suites = {
+            foundation.enable = true;
+            };
+          tailscale = {
+            enable = true;
+            extraUpFlags = ["--ssh=true" "--reset=true"];
+          };
+        };
+
+        environment.persistence."${dontBackup}".users.admin = lib.mkForce {};
+
+        services.openvscode-server = {
+          enable = true;
+          user = "admin";
+          host = "127.0.0.1";
+          withoutConnectionToken = true;
+          telemetryLevel = "off";
+          serverDataDir = "${dontBackup}/nixos-containers/${NAME}/data";
+          userDataDir = "${dontBackup}/nixos-containers/${NAME}/userdata";
+          extensionsDir = "${dontBackup}/nixos-containers/${NAME}/extensions";
+        };
+      };
+    };
+  };
+}