init: first commit

.github/workflows/push.yaml

@@ -0,0 +1,59 @@
+name: push
+
+on: 
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+  schedule:
+    # Re-push all templates?
+    # https://crontab.guru/#0_0_*_*_5
+    - cron: "0 0 * * 5"
+
+permissions:
+  actions: read
+  checks: none
+  contents: read
+  id-token: write
+  deployments: none
+  issues: none
+  packages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: write
+  statuses: none
+
+jobs:
+  quick:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cancel previous runs
+        if: github.event_name == 'pull_request'
+        uses: styfle/[email protected]
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Check formatting
+        uses: dprint/[email protected]
+  templates:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cancel previous runs
+        if: github.event_name == 'pull_request'
+        uses: styfle/[email protected]
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Coder CLI
+        run: |    
+          curl -L https://coder.com/install.sh | sh
+          curl -X GET http://${{ secrets.CODER_ENV }}/api/v2/organizations/{organization}/templates \
+            -H 'Accept: application/json' \
+            -H 'Coder-Session-Token: ${{ secrets.CODER_SESSION_TOKEN }}'
+
+      - name: Push Templates to Coder
+        run: |
+          ${{ github.workspace }}/.scripts/push.sh \
+            --url ${{ secrets.CODER_ENV }} \
+            --token ${{ secrets.CODER_SESSION_TOKEN }} \
+            --directory ${{ github.workspace }}

.scripts/push.sh

@@ -0,0 +1,70 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+function usage() {
+  echo "Usage: ./$(basename "$0") [-h|--help] [-d|--directory] <template(s) directory> --url <Coder URL> --token <Coder session token>"
+  echo
+  echo "This script pushes example templates a Coder environment."
+  echo
+  echo "Options:"
+  echo " -h, --help                   Show this help text and exit"
+  echo " -d, --directory              Directory containing all base templates"
+  echo " --url                        URL of coderd server"
+  echo " --token                      Coder session"
+  exit 1
+}
+
+# Allow a failing exit status, as user input can cause this
+set +o errexit
+
+LONGOPTS=help,url:,token:,directory:
+OPTS=h,d:
+PARSED=$(getopt \
+          --name="$(basename "$0")" \
+          --longoptions=$LONGOPTS \
+          --options=$OPTS \
+          -- "$@") || usage
+
+set -o errexit
+
+eval set -- "$PARSED"
+while true; do
+  case "$1" in
+    -d|--directory)
+      shift
+      BASE_DIR="$1"
+      ;;
+    --url)
+      shift
+      CODER_URL="$1"
+      ;;
+    --token)
+      shift
+      CODER_SESSION_TOKEN="$1"
+      ;;
+    -h|--help)
+      usage
+      ;;
+    --)
+      shift
+      break
+      ;;
+    *)
+      echo "Unknown option: $1"
+      exit 1
+      ;;
+  esac
+  shift
+done
+
+source "./templates.sh"
+
+for TEMPLATE in "${TEMPLATES[@]}"; do
+    coder templates push \
+        --url $CODER_URL \
+        --token $CODER_SESSION_TOKEN \
+        --directory $BASE_DIR/$TEMPLATE \
+        --yes
+done
+

.scripts/templates.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+TEMPLATES=(
+    base
+)

base/code-server/main.tf

@@ -0,0 +1,32 @@
+terraform {
+    required_providers {
+        coder = {
+            source = "coder/coder"
+        }
+    }
+}
+
+resource "coder_script" "startup_script" {
+    agent_id     = var.agent_id
+    display_name = "jupyterlab"
+    icon         = "/icon/jupyter.svg"
+    script = templatefile("${path.module}/run.sh", {
+        PORT : var.port
+    })
+    run_on_start = true
+}
+
+resource "coder_app" "code-server" {
+    agent_id = coder_agent.coder.id
+    slug = "code-server"
+    icon = "/icon/code.svg"
+    url = "http://localhost:${var.port}?folder=${var.folder}"
+    subdomain = false
+    share = "authenticated"
+
+    healthcheck {
+        url       = "http://localhost:${var.port}/healthz"
+        interval  = 3
+        threshold = 10
+    }  
+}

base/code-server/run.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env sh
+
+BOLD='\033[0;1m'
+
+printf "$${BOLD}Installing code-server!\n"
+
+curl -fsSL https://code-server.dev/install.sh | sh
+code-server --auth none --port ${local.code_server_port} >/dev/null 2>&1 &
+coder login ${data.coder_workspace.me.access_url} --token ${data.coder_workspace_owner.me.session_token}

base/code-server/variables.tf

@@ -0,0 +1,13 @@
+variable "agent_id" {
+    type = string
+}
+
+variable "port" {
+    type = number
+    default = 13337
+}
+
+variable "folder" {
+    type = string
+    default = "/home/coder"
+}

base/docker.auto.tfvars.json

@@ -0,0 +1 @@
+{}

base/k8s.auto.tfvars.json

@@ -0,0 +1,4 @@
+{
+    "user_kubeconfig": false,
+    "workspaces_namespace": "coder"
+}

base/main.tf

@@ -0,0 +1,126 @@
+terraform {
+    required_providers {
+        coder = {
+            source = "coder/coder"
+        }
+        kubernetes = {
+            source = "hashicorp/kubernetes"
+        }
+    }
+}
+
+provider "kubernetes" {
+    config_path = var.use_kubeconfig == true ? "~/.kube/config" : null
+}
+
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+resource "coder_agent" "coder" {
+    os = "linux"
+    arch = "amd64"
+    dir = "/home/coder"
+    startup_script_behavior = "blocking"
+
+    display_apps {
+      vscode = false
+      vscode_insiders = false
+      web_terminal = true
+      ssh_helper = true
+      port_forwarding_helper = true
+    }
+}
+
+module "jupyterlab" {
+  source   = "registry.coder.com/modules/jupyterlab/coder"
+  version  = "1.0.19"
+  agent_id = coder_agent.coder.id
+  share = "owner"
+}
+
+# module "vscode-web" {
+#   source         = "registry.coder.com/modules/vscode-web/coder"
+#   version        = "1.0.20"
+#   agent_id       = coder_agent.coder.id
+#   accept_license = true
+#   share = "owner"
+# }
+
+module "code-server" {
+  source   = "registry.coder.com/modules/code-server/coder"
+  version  = "1.0.18"
+  agent_id = coder_agent.coder.id
+  share = "owner"
+}
+
+# module "code-server-local" {
+#   source   = "./code-server"
+#   agent_id = coder_agent.coder.id
+#   share = "owner"
+# }
+
+resource "kubernetes_pod" "main" {
+  count = data.coder_workspace.me.start_count
+  depends_on = [
+    kubernetes_persistent_volume_claim.home-directory
+  ]  
+  metadata {
+    name = lower("coder-${data.coder_workspace_owner.me.name}-${data.coder_workspace.me.name}")
+    namespace = var.workspaces_namespace
+  }
+  spec {
+    security_context {
+      run_as_user = "1000"
+      fs_group    = "1000"
+    }    
+    container {
+      name    = "coder-container"
+      image   = "codercom/enterprise-base:ubuntu"
+      image_pull_policy = "Always"
+      command = ["sh", "-c", coder_agent.coder.init_script]
+      security_context {
+        run_as_user = "1000"
+      }      
+      env {
+        name  = "CODER_AGENT_TOKEN"
+        value = coder_agent.coder.token
+      }  
+      resources {
+        requests = {
+          cpu    = "250m"
+          memory = "500Mi"
+        }        
+        limits = {
+          cpu    = "2"
+          memory = "4G"
+        }
+      }                       
+      volume_mount {
+        mount_path = "/home/coder"
+        name       = "home-directory"
+      }      
+    }
+    volume {
+      name = "home-directory"
+      persistent_volume_claim {
+        claim_name = kubernetes_persistent_volume_claim.home-directory.metadata.0.name
+      }
+    }        
+  }
+}
+
+resource "kubernetes_persistent_volume_claim" "home-directory" {
+  metadata {
+    name      = lower("home-coder-${data.coder_workspace_owner.me.name}-${data.coder_workspace.me.name}")
+    namespace = var.workspaces_namespace
+  }
+  wait_until_bound = false    
+  spec {
+    access_modes = ["ReadWriteOnce"]
+    resources {
+      requests = {
+        storage = "10Gi"
+      }
+    }
+  }
+}

base/variables.tf

@@ -0,0 +1,9 @@
+variable "use_kubeconfig" {
+    type = bool
+    default = false
+}
+
+variable "workspaces_namespace" {
+    type = string
+    default = "default"
+}