{ config, pkgs, lib, ... }: with lib; let # Container config name = "vscodium"; # Version tagging vscodiumVersion = "1.110.11607-ls15"; # Storage optimization spindown = config.numbus-server.hardware.HddSpindown; optimizedDir = if spindown.enable && (spindown.optimize == "compatible" || (isList spindown.optimize && elem name spindown.optimize)) then cfg.configDir else cfg.dataDir; # Helper helper = import ../service-helper.nix { inherit config pkgs lib; }; cfg = config.numbus-server.services.vscodium; in helper.mkPodmanService { inherit name; description = "VScodium, an open-source version of VScode in your web browser"; defaultPort = "8000"; configDirEnabled = optimizedDir == cfg.configDir; dataDirEnabled = optimizedDir == cfg.dataDir; middlewares = [ "secureHeaders" ]; dirPermissions = [ "100999:100 ${optimizedDir}" "100999:100 ${cfg.configDir}" "100999:100 ${optimizedDir}/workspace" "100999:100 ${cfg.configDir}/config" ]; composeText = '' services: vscodium: image: lscr.io/linuxserver/vscodium-web:${vscodiumVersion} container_name: vscodium hostname: vscodium user: '1000:1000' networks: vscodium: ipv4_address: 10.89.50.253 ports: - "${defaultPort}:8000" volumes: - ${cfg.configDir}/config:/config - ${optimizedDir}/workspace:/workspace environment: - PUID=1000 - PGID=1000 - TZ=${time.timeZone} - CONNECTION_TOKEN=${config.sops.placeholder."vscodium/connection_token"} shm_size: "1gb" cap_add: - IPC_LOCK cap_drop: - NET_RAW security_opt: - no-new-privileges:true restart: unless-stopped networks: vscodium: name: vscodium driver: bridge ipam: config: - subnet: "10.89.50.0/24" gateway: "10.89.50.254" ''; extraConfig = { sops.secrets."vscodium/connection_token" = { sopsFile = /etc/nixos/secrets/podman/vscodium.yaml; gid = "100"; uid = "1000"; mode = "0400"; }; }; }