|
| 1 | +# Template inheritance |
| 2 | + |
| 3 | +In instances where you want to reuse code across different Coder templates, such as common scripts or resource definitions, we suggest using [Terraform Modules](https://developer.hashicorp.com/terraform/language/modules). |
| 4 | + |
| 5 | +These modules can be stored externally from Coder, like in a Git repository or a Terraform registry. Below is an example of how to reference a module in your template: |
| 6 | + |
| 7 | +```hcl |
| 8 | +data "coder_workspace" "me" {} |
| 9 | +
|
| 10 | +module "coder-base" { |
| 11 | + source = "github.com/my-organization/coder-base" |
| 12 | +
|
| 13 | + # Modules take in variables and can provision infrastructure |
| 14 | + vpc_name = "devex-3" |
| 15 | + subnet_tags = { "name": data.coder_workspace.me.name } |
| 16 | + code_server_version = 4.14.1 |
| 17 | +} |
| 18 | +
|
| 19 | +resource "coder_agent" "dev" { |
| 20 | + # Modules can provide outputs, such as helper scripts |
| 21 | + startup_script=<<EOF |
| 22 | + #!/bin/sh |
| 23 | + ${module.coder-base.code_server_install_command} |
| 24 | + EOF |
| 25 | +} |
| 26 | +``` |
| 27 | + |
| 28 | +> Learn more about [creating modules](https://developer.hashicorp.com/terraform/language/modules) and [module sources](https://developer.hashicorp.com/terraform/language/modules/sources) in the Terraform documentation. |
| 29 | +
|
| 30 | +## Git authentication |
| 31 | + |
| 32 | +If you are importing a module from a private git repository, the Coder server [or provisioner](../admin/provisioners.md) needs git credentials. Since this token will only be used for cloning your repositories with modules, it is best to create a token with limited access to repositories and no extra permissions. In GitHub, you can generate a [fine-grained token](https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28) with read only access to repos. |
| 33 | + |
| 34 | +If you are running Coder on a VM, make sure you have `git` installed and the `coder` user has access to the following files |
| 35 | + |
| 36 | +```sh |
| 37 | +# /home/coder/.gitconfig |
| 38 | +[credential] |
| 39 | + helper = store |
| 40 | +``` |
| 41 | + |
| 42 | +```sh |
| 43 | +# /home/coder/.gitconfig |
| 44 | + |
| 45 | +# GitHub example: |
| 46 | +https://your-github-username:your-github-pat@github.com |
| 47 | +``` |
| 48 | + |
| 49 | +If you are running Coder on Docker or Kubernetes, `git` is pre-installed in the Coder image. However, you still need to mount credentials. This can be done via a Docker volume mount or Kubernetes secrets. |
| 50 | + |
| 51 | +### Passing git credentials in Kubernetes |
| 52 | + |
| 53 | +First, create a `.gitconfig` and `.git-credentials` file on your local machine. You may want to do this in a temporary directory to avoid conflicting with your own git credentials. |
| 54 | + |
| 55 | +Next, create the secret in Kubernetes. Be sure to do this in the same namespace that Coder is installed in. |
| 56 | + |
| 57 | +```sh |
| 58 | +export NAMESPACE=coder |
| 59 | +kubectl apply -f - <<EOF |
| 60 | +apiVersion: v1 |
| 61 | +kind: Secret |
| 62 | +metadata: |
| 63 | + name: git-secrets |
| 64 | + namespace: $NAMESPACE |
| 65 | +type: Opaque |
| 66 | +data: |
| 67 | + .gitconfig: $(cat .gitconfig | base64 | tr -d '\n') |
| 68 | + .git-credentials: $(cat .git-credentials | base64 | tr -d '\n') |
| 69 | +EOF |
| 70 | +``` |
| 71 | + |
| 72 | +Then, modify Coder's Helm values to mount the secret. |
| 73 | + |
| 74 | +```yaml |
| 75 | +coder: |
| 76 | + volumes: |
| 77 | + - name: git-secrets |
| 78 | + secret: |
| 79 | + secretName: git-secrets |
| 80 | + volumeMounts: |
| 81 | + - name: git-secrets |
| 82 | + mountPath: "/home/coder/.gitconfig" |
| 83 | + subPath: .gitconfig |
| 84 | + readOnly: true |
| 85 | + - name: git-secrets |
| 86 | + mountPath: "/home/coder/.git-credentials" |
| 87 | + subPath: .git-credentials |
| 88 | + readOnly: true |
| 89 | +``` |
0 commit comments