diff --git a/nixos/configurations/adrastea/code-server/README.md b/nixos/configurations/adrastea/code-server/README.md
new file mode 100644
index 0000000..6e17478
--- /dev/null
+++ b/nixos/configurations/adrastea/code-server/README.md
@@ -0,0 +1,3 @@
+# Code server
+
+This submodule declares using vscodium web services.
diff --git a/nixos/configurations/adrastea/code-server/default.nix b/nixos/configurations/adrastea/code-server/default.nix
new file mode 100644
index 0000000..9ad8351
--- /dev/null
+++ b/nixos/configurations/adrastea/code-server/default.nix
@@ -0,0 +1,55 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  mkUser =
+    { user, port }:
+    let
+      secretName = "code/adrastea/${user}";
+    in
+    {
+      sops.secrets.${secretName} = {
+        owner = user;
+      };
+      systemd.user.services."code-server-fhs-${user}" = {
+        description = "Code Server with FHS";
+        wantedBy = [ "multi-user.target" ];
+
+        serviceConfig = {
+          ExecStart = "${pkgs.writeScript "start-code-server" ''
+            #!${lib.getExe pkgs.linux-fhs-python}
+            ${builtins.readFile ./start-code-server.py}
+          ''}";
+          Environment = [
+            "WebHost=${pkgs.vscodium-web-host}"
+            "Port=${port}"
+            "ConnectionTokenFile=${config.sops.secrets.${secretName}.path}"
+          ];
+        };
+      };
+
+      services.caddy = {
+        enable = true;
+        virtualHosts = {
+          "${user}.adrastea.code.inclyc.cn" = {
+            extraConfig = "
+          reverse_proxy http://127.0.0.1:${port}
+        ";
+          };
+        };
+      };
+    };
+in
+lib.mkMerge [
+  (mkUser {
+    user = "lyc";
+    port = "63300";
+  })
+  (mkUser {
+    user = "zxy";
+    port = "63301";
+  })
+]
diff --git a/nixos/configurations/adrastea/code-server/start-code-server.py b/nixos/configurations/adrastea/code-server/start-code-server.py
new file mode 100644
index 0000000..7ebc2c5
--- /dev/null
+++ b/nixos/configurations/adrastea/code-server/start-code-server.py
@@ -0,0 +1,15 @@
+import subprocess
+import os
+import os.path
+
+subprocess.run(
+    [
+        f"{os.environ["WebHost"]}/bin/codium-server",
+        "--host",
+        "127.0.0.1",
+        "--port",
+        os.environ["Port"],
+        "--connection-token-file",
+        os.environ["ConnectionTokenFile"],
+    ]
+)
diff --git a/nixos/configurations/adrastea/default.nix b/nixos/configurations/adrastea/default.nix
index 0e305be..eb4e78a 100644
--- a/nixos/configurations/adrastea/default.nix
+++ b/nixos/configurations/adrastea/default.nix
@@ -24,9 +24,11 @@
   };
 
   imports = [
-    # Include the results of the hardware scan.
+    # Codium server, for easy FHS access.
+    ./code-server
     ./game.nix
     ./gitea.nix
+    # Include the results of the hardware scan.
     ./hardware-configuration.nix
     ./networking.nix
     ./wireguard.nix
diff --git a/secrets/general.yaml b/secrets/general.yaml
index 061c09b..dfe79b5 100644
--- a/secrets/general.yaml
+++ b/secrets/general.yaml
@@ -21,6 +21,10 @@ gitea:
     runners:
         simd: ENC[AES256_GCM,data:qicPRCb6kw4a62H99XYS/vZUx/oc0hERtXm8iOHxs3LWEL8PQ8ZWvOoXxYON1BE=,iv:UyIJvLkwSUYuuKEbolAClV/FfFnCKTexEYH0wkJrqLk=,tag:PNECKkvc+LkOugxau1wkMA==,type:str]
         fuse-feature: ENC[AES256_GCM,data:pOulePuS9AbEcl3EM6LSOzvWmpVxKs3YcMsfofdlYOI1GOSE/oIjI1gpvssA59U=,iv:BmWCKURIfQSXJ5ryBzfIOeIISlrF43Nir9wOgzZjMGs=,tag:O2Wc/c/DtXvzOfG/TF/6UQ==,type:str]
+code:
+    adrastea:
+        lyc: ENC[AES256_GCM,data:5qHFyJP7JTA0jCWVhssoylt4lKh+YzsIFiMi4WpY1lkMdbGu,iv:ZT9dHzS6vstDkPHkVatooZNzLALiTNc+f/CmNtYj5pc=,tag:NKhu61Ut5rutGrifiFW78g==,type:str]
+        zxy: ENC[AES256_GCM,data:U8vIiard9j/jgBJ+4n3q0VO6DLpT+PEg7EYWxojty3t6eLD3,iv:dB1mTLkVr3OPNiqSYoE+WHY6pZtdoJIJpc9r3EiETvs=,tag:xsXH/RwmVOdp6MiYvAmOUw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -63,8 +67,8 @@ sops:
             ZDg0T2hqR2tROVI1T1BLeFNnaGVYY1EKOnOp5ZPo48XIB7d9PnG2sKvsoLX32XEm
             Pqf4UTOmT47SSKsvu5xgxPXJrhBySkspn97gtpl9bYG4n8HYCSw+hg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-27T17:03:22Z"
-    mac: ENC[AES256_GCM,data:aA3nNctclT040XLk46Lon7LaxqmK5xPB1Qxrvm2Sfc1jEo/0q4Sx008o1euSX1zhPDyHftJco40uUyGvRo1mOH4XCFTzTxHvMWCJUUsTEkrl7bLgK63pEohCUAoeVWnVKMeHGuthPqb94PbpKFpzf46o7DihJ7fTwDMU4QUduk4=,iv:dUymSvKQhZbesmlhlYJCO7xjIybXPltG57Er0+oHRpU=,tag:WxLxh2JhK5keXdEhXkaF2A==,type:str]
+    lastmodified: "2024-12-26T08:35:58Z"
+    mac: ENC[AES256_GCM,data:zSn2R/cz1cR0brEBm8u8YqXDc4JLfPOMdorDQDvzMq8+o228EOHPLgRVIGXsZeLgX/5ye2LN+mfCNnBHc4Vv2vPSD0Bk0t40C6KDdw8AGG5npsz0imYHb7T9YW0dXHQbgbWEEKUahnfVPNHbemq4E/GqfyqZff4qu12XNvyzV0g=,iv:J6NlKrXKQm8EhLc3BLYU3q5MLlGLblPvhrLn0ETdNP0=,tag:CVy3GrNdC6r8u+KHN4AfJQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.2