Configuration for my NixOS based systems and Home Manager
Fix coder deployment
+26
-5
+14
-5
host-specific/odin/services.nix
+14
-5
host-specific/odin/services.nix
···
1
-
{ ... }:
1
+
{ config, ... }:
2
2
{
3
3
# Some programs need SUID wrappers, can be configured further or are
4
4
# started in user sessions.
···
30
30
storageDriver = "overlay2";
31
31
};
32
32
};
33
-
33
+
age.secrets.coder_client_secret = {
34
+
file = ../../secrets/coder-client-secret.age;
35
+
owner = "coder";
36
+
group = "coder";
37
+
mode = "660";
38
+
};
39
+
users.users.coder.extraGroups = [ "docker" ];
34
40
services.coder = {
35
41
enable = true;
36
42
listenAddress = "0.0.0.0:3000";
43
+
accessUrl = "https://coder.ngp.computer";
37
44
environment.extra = {
38
45
CODER_OIDC_ISSUER_URL = "https://id.ngp.computer";
39
-
CODER_OIDC_EMAIL_DOMAIN = "ngp.computer";
40
-
CODER_OIDC_CLIENT_ID = "test";
41
-
CODER_OIDC_CLIENT_SECRET = "testsecret";
46
+
CODER_OIDC_EMAIL_DOMAIN = "ngp.computer,packetlost.dev";
47
+
CODER_DISABLE_PASSWORD_AUTH = "true";
48
+
CODER_OIDC_SCOPES = "openid,profile,email,offline_access";
49
+
CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE = "false";
42
50
};
51
+
environment.file = config.age.secrets.coder_client_secret.path;
43
52
};
44
53
}
+11
secrets/coder-client-secret.age
+11
secrets/coder-client-secret.age
···
1
+
age-encryption.org/v1
2
+
-> ssh-ed25519 OV+2QQ NVSsMV9sm0beuy8jJRQ2UV06ApRpHTUmBbYijE5jliU
3
+
j7XS+O/LXcfefZ95kKHuIdeD7riaPKutQH2upRLZ9bk
4
+
-> ssh-ed25519 QBbeMw zrYpZF+1inNFUkuoU8ehEMJsZ6c1jw7frpG35HQKuU4
5
+
eeAdt3VpLVC748ZDGm0v3+fy6xpAb2M9Ix5GBrqVIqI
6
+
-> ssh-ed25519 Wv0Urw 0zPLYZ2/CJ/DXeUdUu0ajg5XNmVrIQDnFdbQaXZMaRs
7
+
3EYA1VwILL7ui9BhvzXco4Q80IJj1aN1Z50HcyLZZHA
8
+
-> ssh-ed25519 WVNCXA LoJGdG7ObWiYSnxTOsn2DIWeX20gn4YA79UiexOMjF4
9
+
yBYsDs0cFcFv5IAWhmg9hcwCZ/aymXbcH/+sJqIq3Lc
10
+
--- 4HUCWRbPEjdvsaDSu/V9cPEKcLgAZtjTFSOxbA3C7zg
11
+
�9v^����� KX��a�� #s*�V�����o���qUl�. �g������q#������p���7�1�����`�����XI�ј8�
�|�ԑ������C����I�+��{ݡ������[&)
b'����e�Z_W/�3�ooKD]��>K