diff --git a/hosts/dark-firepit/default.nix b/hosts/dark-firepit/default.nix index 2a9f09b..244fe7c 100644 --- a/hosts/dark-firepit/default.nix +++ b/hosts/dark-firepit/default.nix @@ -456,6 +456,12 @@ in { enable = true; port = 1995; }; + + code-server = { + enable = true; + domain = "dev-firepit.oat.zone"; + port = 4444; + }; }; }; diff --git a/modules/services/code-server.nix b/modules/services/code-server.nix new file mode 100644 index 0000000..216dcee --- /dev/null +++ b/modules/services/code-server.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, options, ... }: + +with lib; +let + cfg = config.modules.services.code-server; +in { + options.modules.services.code-server = { + enable = mkOption { + type = types.bool; + default = false; + }; + domain = mkOption { + type = types.str; + default = "dev-firepit.oat.zone"; + }; + port = mkOption { + type = types.int; + default = 4444; + }; + }; + + config = mkIf cfg.enable { + services = { + code-server = { + enable = true; + port = cfg.port; + # temporary + auth = "password"; + # temporary; be sure to remove trailing newline + hashedPassword = builtins.readFile /etc/code-server-password; + + extraPackages = with pkgs; [ git ]; + }; + + nginx.virtualHosts."${cfg.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + ''; + }; + locations."= /robots.txt" = { + extraConfig = '' + add_header Content-Type text/plain; + return 200 "User-agent: *\nDisallow: /\n"; + ''; + }; + }; + }; + + users.users.code-server = { + extraGroups = [ "nix-users" "dotfiles" ]; + shell = pkgs.unstable.fish; + }; + }; +}