From 6e5580a4ac17c488ec0682ae5ed5f8f22b698cad Mon Sep 17 00:00:00 2001
From: Yingchi Long <longyingchi24s@ict.ac.cn>
Date: Thu, 26 Dec 2024 17:30:12 +0800
Subject: [PATCH 1/3] nixos/configurations/adrastea/code-server: the web
 version of vscode

---
 .../adrastea/code-server/README.md            |  3 +
 .../adrastea/code-server/default.nix          | 55 +++++++++++++++++++
 .../adrastea/code-server/start-code-server.py | 15 +++++
 nixos/configurations/adrastea/default.nix     |  6 +-
 secrets/general.yaml                          | 10 +++-
 5 files changed, 85 insertions(+), 4 deletions(-)
 create mode 100644 nixos/configurations/adrastea/code-server/README.md
 create mode 100644 nixos/configurations/adrastea/code-server/default.nix
 create mode 100644 nixos/configurations/adrastea/code-server/start-code-server.py

diff --git a/nixos/configurations/adrastea/code-server/README.md b/nixos/configurations/adrastea/code-server/README.md
new file mode 100644
index 0000000..6e17478
--- /dev/null
+++ b/nixos/configurations/adrastea/code-server/README.md
@@ -0,0 +1,3 @@
+# Code server
+
+This submodule declares using vscodium web services.
diff --git a/nixos/configurations/adrastea/code-server/default.nix b/nixos/configurations/adrastea/code-server/default.nix
new file mode 100644
index 0000000..f15edd5
--- /dev/null
+++ b/nixos/configurations/adrastea/code-server/default.nix
@@ -0,0 +1,55 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  mkUser =
+    user:
+    let
+      secretName = "code/adrastea/${user}";
+      port =
+        {
+          "lyc" = "63300";
+          "zxy" = "63301";
+        }
+        .${user};
+    in
+    {
+      sops.secrets.${secretName} = {
+        owner = user;
+      };
+      systemd.user.services."code-server-fhs-${user}" = {
+        description = "Code Server with FHS";
+        wantedBy = [ "multi-user.target" ];
+
+        serviceConfig = {
+          ExecStart = "${pkgs.writeScript "start-code-server" ''
+            #!${lib.getExe pkgs.linux-fhs-python}
+            ${builtins.readFile ./start-code-server.py}
+          ''}";
+          Environment = [
+            "WebHost=${pkgs.vscodium-web-host}"
+            "Port=${port}"
+            "ConnectionTokenFile=${config.sops.secrets.${secretName}.path}"
+          ];
+        };
+      };
+
+      services.caddy = {
+        enable = true;
+        virtualHosts = {
+          "${user}.adrastea.code.inclyc.cn" = {
+            extraConfig = "
+          reverse_proxy http://127.0.0.1:${port}
+        ";
+          };
+        };
+      };
+    };
+in
+lib.mkMerge [
+  (mkUser "lyc")
+  (mkUser "zxy")
+]
diff --git a/nixos/configurations/adrastea/code-server/start-code-server.py b/nixos/configurations/adrastea/code-server/start-code-server.py
new file mode 100644
index 0000000..7ebc2c5
--- /dev/null
+++ b/nixos/configurations/adrastea/code-server/start-code-server.py
@@ -0,0 +1,15 @@
+import subprocess
+import os
+import os.path
+
+subprocess.run(
+    [
+        f"{os.environ["WebHost"]}/bin/codium-server",
+        "--host",
+        "127.0.0.1",
+        "--port",
+        os.environ["Port"],
+        "--connection-token-file",
+        os.environ["ConnectionTokenFile"],
+    ]
+)
diff --git a/nixos/configurations/adrastea/default.nix b/nixos/configurations/adrastea/default.nix
index 0e305be..aab546d 100644
--- a/nixos/configurations/adrastea/default.nix
+++ b/nixos/configurations/adrastea/default.nix
@@ -24,9 +24,11 @@
   };
 
   imports = [
-    # Include the results of the hardware scan.
+    # Codium server, for easy FHS access.
+    ./code-server
     ./game.nix
     ./gitea.nix
+    # Include the results of the hardware scan.
     ./hardware-configuration.nix
     ./networking.nix
     ./wireguard.nix
@@ -135,6 +137,8 @@
     elan
 
     esbuild
+
+    linux-fhs-python
   ];
 
   virtualisation.spiceUSBRedirection.enable = true;
diff --git a/secrets/general.yaml b/secrets/general.yaml
index 061c09b..dfe79b5 100644
--- a/secrets/general.yaml
+++ b/secrets/general.yaml
@@ -21,6 +21,10 @@ gitea:
     runners:
         simd: ENC[AES256_GCM,data:qicPRCb6kw4a62H99XYS/vZUx/oc0hERtXm8iOHxs3LWEL8PQ8ZWvOoXxYON1BE=,iv:UyIJvLkwSUYuuKEbolAClV/FfFnCKTexEYH0wkJrqLk=,tag:PNECKkvc+LkOugxau1wkMA==,type:str]
         fuse-feature: ENC[AES256_GCM,data:pOulePuS9AbEcl3EM6LSOzvWmpVxKs3YcMsfofdlYOI1GOSE/oIjI1gpvssA59U=,iv:BmWCKURIfQSXJ5ryBzfIOeIISlrF43Nir9wOgzZjMGs=,tag:O2Wc/c/DtXvzOfG/TF/6UQ==,type:str]
+code:
+    adrastea:
+        lyc: ENC[AES256_GCM,data:5qHFyJP7JTA0jCWVhssoylt4lKh+YzsIFiMi4WpY1lkMdbGu,iv:ZT9dHzS6vstDkPHkVatooZNzLALiTNc+f/CmNtYj5pc=,tag:NKhu61Ut5rutGrifiFW78g==,type:str]
+        zxy: ENC[AES256_GCM,data:U8vIiard9j/jgBJ+4n3q0VO6DLpT+PEg7EYWxojty3t6eLD3,iv:dB1mTLkVr3OPNiqSYoE+WHY6pZtdoJIJpc9r3EiETvs=,tag:xsXH/RwmVOdp6MiYvAmOUw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -63,8 +67,8 @@ sops:
             ZDg0T2hqR2tROVI1T1BLeFNnaGVYY1EKOnOp5ZPo48XIB7d9PnG2sKvsoLX32XEm
             Pqf4UTOmT47SSKsvu5xgxPXJrhBySkspn97gtpl9bYG4n8HYCSw+hg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-27T17:03:22Z"
-    mac: ENC[AES256_GCM,data:aA3nNctclT040XLk46Lon7LaxqmK5xPB1Qxrvm2Sfc1jEo/0q4Sx008o1euSX1zhPDyHftJco40uUyGvRo1mOH4XCFTzTxHvMWCJUUsTEkrl7bLgK63pEohCUAoeVWnVKMeHGuthPqb94PbpKFpzf46o7DihJ7fTwDMU4QUduk4=,iv:dUymSvKQhZbesmlhlYJCO7xjIybXPltG57Er0+oHRpU=,tag:WxLxh2JhK5keXdEhXkaF2A==,type:str]
+    lastmodified: "2024-12-26T08:35:58Z"
+    mac: ENC[AES256_GCM,data:zSn2R/cz1cR0brEBm8u8YqXDc4JLfPOMdorDQDvzMq8+o228EOHPLgRVIGXsZeLgX/5ye2LN+mfCNnBHc4Vv2vPSD0Bk0t40C6KDdw8AGG5npsz0imYHb7T9YW0dXHQbgbWEEKUahnfVPNHbemq4E/GqfyqZff4qu12XNvyzV0g=,iv:J6NlKrXKQm8EhLc3BLYU3q5MLlGLblPvhrLn0ETdNP0=,tag:CVy3GrNdC6r8u+KHN4AfJQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.2

From dfe966d913aa96275ec3a1e768247ac5c0bc37c0 Mon Sep 17 00:00:00 2001
From: Yingchi Long <longyingchi24s@ict.ac.cn>
Date: Fri, 27 Dec 2024 14:38:26 +0800
Subject: [PATCH 2/3] fixup 1

---
 nixos/configurations/adrastea/default.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nixos/configurations/adrastea/default.nix b/nixos/configurations/adrastea/default.nix
index aab546d..eb4e78a 100644
--- a/nixos/configurations/adrastea/default.nix
+++ b/nixos/configurations/adrastea/default.nix
@@ -137,8 +137,6 @@
     elan
 
     esbuild
-
-    linux-fhs-python
   ];
 
   virtualisation.spiceUSBRedirection.enable = true;

From 3e51f47a68e84e47db8bcf226b21e90216fce0d3 Mon Sep 17 00:00:00 2001
From: Yingchi Long <longyingchi24s@ict.ac.cn>
Date: Fri, 27 Dec 2024 14:40:49 +0800
Subject: [PATCH 3/3] fixup2

---
 .../adrastea/code-server/default.nix           | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/nixos/configurations/adrastea/code-server/default.nix b/nixos/configurations/adrastea/code-server/default.nix
index f15edd5..9ad8351 100644
--- a/nixos/configurations/adrastea/code-server/default.nix
+++ b/nixos/configurations/adrastea/code-server/default.nix
@@ -6,15 +6,9 @@
 }:
 let
   mkUser =
-    user:
+    { user, port }:
     let
       secretName = "code/adrastea/${user}";
-      port =
-        {
-          "lyc" = "63300";
-          "zxy" = "63301";
-        }
-        .${user};
     in
     {
       sops.secrets.${secretName} = {
@@ -50,6 +44,12 @@ let
     };
 in
 lib.mkMerge [
-  (mkUser "lyc")
-  (mkUser "zxy")
+  (mkUser {
+    user = "lyc";
+    port = "63300";
+  })
+  (mkUser {
+    user = "zxy";
+    port = "63301";
+  })
 ]