diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a5bb76489e086..8212e77e9b2ee 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -169,38 +169,14 @@ jobs: with: fetch-depth: 1 - - name: Setup Node - uses: ./.github/actions/setup-node - - - name: Setup Go - uses: ./.github/actions/setup-go - - - name: Setup sqlc - uses: ./.github/actions/setup-sqlc - - - name: go install tools - run: | - go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30 - go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33 - go install golang.org/x/tools/cmd/goimports@latest - go install github.com/mikefarah/yq/v4@v4.30.6 - go install github.com/golang/mock/mockgen@v1.6.0 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v4 - - name: Install Protoc - run: | - # protoc must be in lockstep with our dogfood Dockerfile or the - # version in the comments will differ. This is also defined in - # security.yaml - set -x - cd dogfood - DOCKER_BUILDKIT=1 docker build . --target proto -t protoc - protoc_path=/usr/local/bin/protoc - docker run --rm --entrypoint cat protoc /tmp/bin/protoc > $protoc_path - chmod +x $protoc_path - protoc --version + - name: Run the Magic Nix Cache + uses: DeterminateSystems/magic-nix-cache-action@v2 - name: make gen - run: "make --output-sync -j -B gen" + run: "nix-shell --command 'make --output-sync -j -B gen'" - name: Check for unstaged files run: ./scripts/check_unstaged.sh diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index f1a6c2e712fd0..bbed89679f7d1 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -5,11 +5,15 @@ on: branches: - main paths: + - "flake.nix" + - "flake.lock" - "dogfood/**" - ".github/workflows/dogfood.yaml" # Uncomment these lines when testing with CI. # pull_request: # paths: + # - "flake.nix" + # - "flake.lock" # - "dogfood/**" # - ".github/workflows/dogfood.yaml" workflow_dispatch: @@ -18,6 +22,9 @@ jobs: deploy_image: runs-on: buildjet-4vcpu-ubuntu-2204 steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Get branch name id: branch-name uses: tj-actions/branch-names@v6.5 @@ -30,11 +37,13 @@ jobs: tag=${tag//\//--} echo "tag=${tag}" >> $GITHUB_OUTPUT - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + - name: Run the Magic Nix Cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + + - run: nix build .#devEnvImage && ./result | docker load - name: Login to DockerHub uses: docker/login-action@v2 @@ -42,15 +51,10 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Build and push - uses: docker/build-push-action@v4 - with: - context: "{{defaultContext}}:dogfood" - pull: true - push: true - tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest" - cache-from: type=registry,ref=codercom/oss-dogfood:latest - cache-to: type=inline + - name: Tag and Push + run: | + docker tag codercom/oss-dogfood:latest codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }} + docker push codercom/oss-dogfood -a deploy_template: needs: deploy_image diff --git a/.gitignore b/.gitignore index b22db03c2089e..16c4b9a7aef94 100644 --- a/.gitignore +++ b/.gitignore @@ -61,3 +61,6 @@ site/stats/ ./scaletest/terraform/.terraform.lock.hcl scaletest/terraform/secrets.tfvars .terraform.tfstate.* + +# Nix +result diff --git a/.prettierignore b/.prettierignore index d68357703d7ce..29a161fcb86f5 100644 --- a/.prettierignore +++ b/.prettierignore @@ -64,6 +64,9 @@ site/stats/ ./scaletest/terraform/.terraform.lock.hcl scaletest/terraform/secrets.tfvars .terraform.tfstate.* + +# Nix +result # .prettierignore.include: # Helm templates contain variables that are invalid YAML and can't be formatted # by Prettier. diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile deleted file mode 100644 index 8f156bd5152e8..0000000000000 --- a/dogfood/Dockerfile +++ /dev/null @@ -1,348 +0,0 @@ -FROM rust:slim AS rust-utils -# Install rust helper programs -# ENV CARGO_NET_GIT_FETCH_WITH_CLI=true -ENV CARGO_INSTALL_ROOT=/tmp/ -RUN cargo install exa bat ripgrep typos-cli watchexec-cli - -FROM ubuntu:jammy AS go - -RUN apt-get update && apt-get install --yes curl gcc -# Install Go manually, so that we can control the version -ARG GO_VERSION=1.20.7 -RUN mkdir --parents /usr/local/go - -# Boring Go is needed to build FIPS-compliant binaries. -RUN curl --silent --show-error --location \ - "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ - -o /usr/local/go.tar.gz - -RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 - -ENV PATH=$PATH:/usr/local/go/bin - -# Install Go utilities. -ARG GOPATH="/tmp/" -RUN mkdir --parents "$GOPATH" && \ - # moq for Go tests. - go install github.com/matryer/moq@v0.2.3 && \ - # swag for Swagger doc generation - go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \ - # go-swagger tool to generate the go coder api client - go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \ - # goimports for updating imports - go install golang.org/x/tools/cmd/goimports@v0.1.7 && \ - # protoc-gen-go is needed to build sysbox from source - go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30 && \ - # drpc support for v2 - go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33 && \ - # migrate for migration support for v2 - go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \ - # goreleaser for compiling v2 binaries - go install github.com/goreleaser/goreleaser@v1.6.1 && \ - # Install the latest version of gopls for editors that support - # the language server protocol - go install golang.org/x/tools/gopls@latest && \ - # gotestsum makes test output more readable - go install gotest.tools/gotestsum@v1.9.0 && \ - # goveralls collects code coverage metrics from tests - # and sends to Coveralls - go install github.com/mattn/goveralls@v0.0.11 && \ - # kind for running Kubernetes-in-Docker, needed for tests - go install sigs.k8s.io/kind@v0.10.0 && \ - # helm-docs generates our Helm README based on a template and the - # charts and values files - go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \ - # sqlc for Go code generation - go install github.com/sqlc-dev/sqlc/cmd/sqlc@v1.20.0 && \ - # gcr-cleaner-cli used by CI to prune unused images - go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \ - # ruleguard for checking custom rules, without needing to run all of - # golangci-lint. Check the go.mod in the release of golangci-lint that - # we're using for the version of go-critic that it embeds, then check - # the version of ruleguard in go-critic for that tag. - go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \ - # go-fuzz for fuzzy testing. they don't publish releases so we rely on latest. - go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \ - go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \ - # go-releaser for building 'fat binaries' that work cross-platform - go install github.com/goreleaser/goreleaser@v1.6.1 && \ - go install mvdan.cc/sh/v3/cmd/shfmt@latest && \ - # nfpm is used with `make build` to make release packages - go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.16.0 && \ - # yq v4 is used to process yaml files in coder v2. Conflicts with - # yq v3 used in v1. - go install github.com/mikefarah/yq/v4@v4.30.6 && \ - mv /tmp/bin/yq /tmp/bin/yq4 && \ - go install github.com/golang/mock/mockgen@v1.6.0 - -FROM gcr.io/coder-dev-1/alpine:3.18 as proto -WORKDIR /tmp -RUN apk add curl unzip -RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip -RUN unzip protoc.zip - -FROM ubuntu:jammy - -SHELL ["/bin/bash", "-c"] - -# Updated certificates are necessary to use the teraswitch mirror. -# This must be ran before copying in configuration since the config replaces -# the default mirror with teraswitch. -RUN apt-get update && apt-get install --yes ca-certificates - -COPY files / - -# Install packages from apt repositories -ARG DEBIAN_FRONTEND="noninteractive" - -RUN apt-get update --quiet && apt-get install --yes \ - apt-transport-https \ - apt-utils \ - bash \ - bash-completion \ - bats \ - bind9-dnsutils \ - build-essential \ - ca-certificates \ - cmake \ - crypto-policies \ - curl \ - fd-find \ - file \ - git \ - gnupg \ - graphviz \ - htop \ - httpie \ - inetutils-tools \ - iproute2 \ - iputils-ping \ - iputils-tracepath \ - jq \ - language-pack-en \ - less \ - lsb-release \ - man \ - meld \ - net-tools \ - openjdk-11-jdk-headless \ - openssh-server \ - openssl \ - libssl-dev \ - pkg-config \ - python3 \ - python3-pip \ - rsync \ - shellcheck \ - strace \ - sudo \ - tcptraceroute \ - termshark \ - traceroute \ - vim \ - wget \ - xauth \ - zip \ - ncdu \ - cargo \ - asciinema \ - zsh \ - ansible \ - neovim \ - google-cloud-sdk \ - google-cloud-sdk-datastore-emulator \ - kubectl \ - postgresql-13 \ - containerd.io \ - docker-ce \ - docker-ce-cli \ - docker-compose-plugin \ - packer \ - terraform \ - fish \ - unzip \ - zstd \ - screen \ - gettext-base && \ - # Delete package cache to avoid consuming space in layer - apt-get clean && \ - # Configure FIPS-compliant policies - update-crypto-policies --set FIPS - -# Install the docker buildx component. -RUN DOCKER_BUILDX_VERSION=$(curl -s "https://api.github.com/repos/docker/buildx/releases/latest" | grep '"tag_name":' | sed -E 's/.*"(v[^"]+)".*/\1/') && \ - mkdir -p /usr/local/lib/docker/cli-plugins && \ - curl -Lo /usr/local/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/${DOCKER_BUILDX_VERSION}/buildx-${DOCKER_BUILDX_VERSION}.linux-amd64" && \ - chmod a+x /usr/local/lib/docker/cli-plugins/docker-buildx - -# See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof -# the apt repository is unreliable -RUN GH_CLI_VERSION=$(curl -s "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \ - curl -L https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.deb -o gh.deb && \ - dpkg -i gh.deb && \ - rm gh.deb - -# Install Lazygit -# See https://github.com/jesseduffield/lazygit#ubuntu -RUN LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v*([^"]+)".*/\1/') && \ - curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \ - tar xf lazygit.tar.gz -C /usr/local/bin lazygit - -# Install frontend utilities -RUN apt-get update && \ - # Node.js (from nodesource) and Yarn (from yarnpkg) - curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - &&\ - apt-get install --yes --quiet \ - nodejs yarn \ - # Install browsers for e2e testing - google-chrome-stable microsoft-edge-beta && \ - # Pre-install system dependencies that Playwright needs. npx doesn't work here - # for some reason. See https://github.com/microsoft/playwright-cli/issues/136 - npm i -g playwright@1.36.2 pnpm@^8 && playwright install-deps && \ - npm cache clean --force - -# Ensure PostgreSQL binaries are in the users $PATH. -RUN update-alternatives --install /usr/local/bin/initdb initdb /usr/lib/postgresql/13/bin/initdb 100 && \ - update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100 - -# Create links for injected dependencies -RUN ln --symbolic /var/tmp/coder/coder-cli/coder /usr/local/bin/coder && \ - ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server - -# Disable the PostgreSQL systemd service. -# Coder uses a custom timescale container to test the database instead. -RUN systemctl disable \ - postgresql - -# Configure systemd services for CVMs -RUN systemctl enable \ - docker \ - ssh - -# Install tools with published releases, where that is the -# preferred/recommended installation method. -ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \ - DIVE_VERSION=0.10.0 \ - DOCKER_GCR_VERSION=2.1.8 \ - GOLANGCI_LINT_VERSION=1.52.2 \ - GRYPE_VERSION=0.61.1 \ - HELM_VERSION=3.12.0 \ - KUBE_LINTER_VERSION=0.6.3 \ - KUBECTX_VERSION=0.9.4 \ - STRIPE_VERSION=1.14.5 \ - TERRAGRUNT_VERSION=0.45.11 \ - TRIVY_VERSION=0.41.0 - -# cloud_sql_proxy, for connecting to cloudsql instances -# the upstream go.mod prevents this from being installed with go install -RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \ - chmod a=rx /usr/local/bin/cloud_sql_proxy && \ - # dive for scanning image layer utilization metrics in CI - curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- dive && \ - # docker-credential-gcr is a Docker credential helper for pushing/pulling - # images from Google Container Registry and Artifact Registry - curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \ - # golangci-lint performs static code analysis for our Go code - curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \ - # Anchore Grype for scanning container images for security issues - curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- grype && \ - # Helm is necessary for deploying Coder - curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \ - # kube-linter for linting Kubernetes objects, including those - # that Helm generates from our charts - curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \ - # kubens and kubectx for managing Kubernetes namespaces and contexts - curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \ - curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \ - # stripe for coder.com billing API - curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \ - # terragrunt for running Terraform and Terragrunt files - curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \ - chmod a=rx /usr/local/bin/terragrunt && \ - # AquaSec Trivy for scanning container images for security issues - curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- trivy - -# Add Vercel globally. We can't install it in packages.json, because it -# includes Go files which make golangci-lint unhappy. -RUN yarn global add --prefix=/usr/local \ - vercel \ - typescript \ - typescript-language-server \ - prettier && \ - yarn cache clean - -# We use yq during "make deploy" to manually substitute out fields in -# our helm values.yaml file. See https://github.com/helm/helm/issues/3141 -# -# TODO: update to 4.x, we can't do this now because it included breaking -# changes (yq w doesn't work anymore) -# RUN curl --silent --show-error --location "https://github.com/mikefarah/yq/releases/download/v4.9.0/yq_linux_amd64.tar.gz" | \ -# tar --extract --gzip --directory=/usr/local/bin --file=- ./yq_linux_amd64 && \ -# mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq - -RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \ - chmod a=rx /usr/local/bin/yq - -# Install GoLand. -RUN mkdir --parents /usr/local/goland && \ - curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \ - ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland - -# Install Antlrv4, needed to generate paramlang lexer/parser -RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar" -ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}" - -# Add coder user and allow use of docker/sudo -RUN useradd coder \ - --create-home \ - --shell=/bin/bash \ - --groups=docker \ - --uid=1000 \ - --user-group - -# Adjust OpenSSH config -RUN echo "PermitUserEnvironment yes" >>/etc/ssh/sshd_config && \ - echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \ - echo "X11UseLocalhost no" >>/etc/ssh/sshd_config - -# We avoid copying the extracted directory since COPY slows to minutes when there -# are a lot of small files. -COPY --from=go /usr/local/go.tar.gz /usr/local/go.tar.gz -RUN mkdir /usr/local/go && \ - tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 - -ENV PATH=$PATH:/usr/local/go/bin - -RUN update-alternatives --install /usr/local/bin/gofmt gofmt /usr/local/go/bin/gofmt 100 - -COPY --from=go /tmp/bin /usr/local/bin -COPY --from=rust-utils /tmp/bin /usr/local/bin -COPY --from=proto /tmp/bin /usr/local/bin -COPY --from=proto /tmp/include /usr/local/bin/include - -USER coder - -# Ensure go bins are in the 'coder' user's path. Note that no go bins are -# installed in this docker file, as they'd be mounted over by the persistent -# home volume. -ENV PATH="/home/coder/go/bin:${PATH}" - -# This setting prevents Go from using the public checksum database for -# our module path prefixes. It is required because these are in private -# repositories that require authentication. -# -# For details, see: https://golang.org/ref/mod#private-modules -ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" - -# Increase memory allocation to NodeJS -ENV NODE_OPTIONS="--max-old-space-size=8192" diff --git a/dogfood/Makefile b/dogfood/Makefile deleted file mode 100644 index 061530f50dd45..0000000000000 --- a/dogfood/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -.PHONY: docker-build docker-push - -branch=$(shell git rev-parse --abbrev-ref HEAD) -build_tag=codercom/oss-dogfood:${branch} - -build: - DOCKER_BUILDKIT=1 docker build . -t ${build_tag} - -push: build - docker push ${build_tag} diff --git a/dogfood/files/etc/apt/apt.conf.d/80-no-recommends b/dogfood/files/etc/apt/apt.conf.d/80-no-recommends deleted file mode 100644 index 8cb79c96386c4..0000000000000 --- a/dogfood/files/etc/apt/apt.conf.d/80-no-recommends +++ /dev/null @@ -1,6 +0,0 @@ -// Do not install recommended packages by default -APT::Install-Recommends "0"; - -// Do not install suggested packages by default (this is already -// the Ubuntu default) -APT::Install-Suggests "0"; diff --git a/dogfood/files/etc/apt/apt.conf.d/80-retries b/dogfood/files/etc/apt/apt.conf.d/80-retries deleted file mode 100644 index d7ee5185258ec..0000000000000 --- a/dogfood/files/etc/apt/apt.conf.d/80-retries +++ /dev/null @@ -1 +0,0 @@ -APT::Acquire::Retries "3"; diff --git a/dogfood/files/etc/apt/preferences.d/docker b/dogfood/files/etc/apt/preferences.d/docker deleted file mode 100644 index a92c0abb03d7c..0000000000000 --- a/dogfood/files/etc/apt/preferences.d/docker +++ /dev/null @@ -1,19 +0,0 @@ -# Ignore all packages from this repository by default -Package: * -Pin: origin download.docker.com -Pin-Priority: 1 - -# Docker Community Edition -Package: docker-ce -Pin: origin download.docker.com -Pin-Priority: 500 - -# Docker command-line tool -Package: docker-ce-cli -Pin: origin download.docker.com -Pin-Priority: 500 - -# containerd runtime -Package: containerd.io -Pin: origin download.docker.com -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/github-cli b/dogfood/files/etc/apt/preferences.d/github-cli deleted file mode 100644 index d2dce9f5f3097..0000000000000 --- a/dogfood/files/etc/apt/preferences.d/github-cli +++ /dev/null @@ -1,8 +0,0 @@ -# Ignore all packages from this repository by default -Package: * -Pin: origin cli.github.com -Pin-Priority: 1 - -Package: gh -Pin: origin cli.github.com -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/google-chrome b/dogfood/files/etc/apt/preferences.d/google-chrome deleted file mode 100644 index 4551ec390ff20..0000000000000 --- a/dogfood/files/etc/apt/preferences.d/google-chrome +++ /dev/null @@ -1,16 +0,0 @@ -# Ignore all packages from this repository by default -Package: * -Pin: origin dl.google.com -Pin-Priority: 1 - -Package: google-chrome-stable -Pin: origin dl.google.com -Pin-Priority: 500 - -Package: google-chrome-beta -Pin: origin dl.google.com -Pin-Priority: 500 - -Package: google-chrome-unstable -Pin: origin dl.google.com -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/google-cloud b/dogfood/files/etc/apt/preferences.d/google-cloud deleted file mode 100644 index 637b0e9bb3c51..0000000000000 --- a/dogfood/files/etc/apt/preferences.d/google-cloud +++ /dev/null @@ -1,19 +0,0 @@ -# Ignore all packages from this repository by default -Package: * -Pin: origin packages.cloud.google.com -Pin-Priority: 1 - -# Google Cloud SDK for gcloud and gsutil CLI tools -Package: google-cloud-sdk -Pin: origin packages.cloud.google.com -Pin-Priority: 500 - -# Datastore emulator for working with the licensor -Package: google-cloud-sdk-datastore-emulator -Pin: origin packages.cloud.google.com -Pin-Priority: 500 - -# Kubectl for working with Kubernetes (GKE) -Package: kubectl -Pin: origin packages.cloud.google.com -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/hashicorp b/dogfood/files/etc/apt/preferences.d/hashicorp deleted file mode 100644 index 4323f331cc722..0000000000000 --- a/dogfood/files/etc/apt/preferences.d/hashicorp +++ /dev/null @@ -1,14 +0,0 @@ -# Ignore all packages from this repository by default -Package: * -Pin: origin apt.releases.hashicorp.com -Pin-Priority: 1 - -# Packer for creating virtual machine disk images -Package: packer -Pin: origin apt.releases.hashicorp.com -Pin-Priority: 500 - -# Terraform for managing infrastructure -Package: terraform -Pin: origin apt.releases.hashicorp.com -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/microsoft-edge b/dogfood/files/etc/apt/preferences.d/microsoft-edge deleted file mode 100644 index 2441961adac38..0000000000000 --- a/dogfood/files/etc/apt/preferences.d/microsoft-edge +++ /dev/null @@ -1,12 +0,0 @@ -# Ignore all packages from this repository by default -Package: * -Pin: origin packages.microsoft.com -Pin-Priority: 1 - -Package: microsoft-edge-beta -Pin: origin packages.microsoft.com -Pin-Priority: 500 - -Package: microsoft-edge-dev -Pin: origin packages.microsoft.com -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/nodesource b/dogfood/files/etc/apt/preferences.d/nodesource deleted file mode 100644 index de55d5553411e..0000000000000 --- a/dogfood/files/etc/apt/preferences.d/nodesource +++ /dev/null @@ -1,9 +0,0 @@ -# Ignore all packages from this repository by default -Package: * -Pin: origin deb.nodesource.com -Pin-Priority: 1 - -# Node.js for building the frontend -Package: nodejs -Pin: origin deb.nodesource.com -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/ppa b/dogfood/files/etc/apt/preferences.d/ppa deleted file mode 100644 index 1dc9da8f9fffc..0000000000000 --- a/dogfood/files/etc/apt/preferences.d/ppa +++ /dev/null @@ -1,19 +0,0 @@ -# Ignore all packages from this repository by default -Package: * -Pin: origin ppa.launchpad.net -Pin-Priority: 1 - -# Ansible -Package: ansible-base -Pin: origin ppa.launchpad.net -Pin-Priority: 500 - -# Neovim -Package: neovim -Pin: origin ppa.launchpad.net -Pin-Priority: 500 - -# Neovim Runtime -Package: neovim-runtime -Pin: origin ppa.launchpad.net -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/yarnpkg b/dogfood/files/etc/apt/preferences.d/yarnpkg deleted file mode 100644 index 7237fcad5c356..0000000000000 --- a/dogfood/files/etc/apt/preferences.d/yarnpkg +++ /dev/null @@ -1,9 +0,0 @@ -# Ignore all packages from this repository by default -Package: * -Pin: origin dl.yarnpkg.com -Pin-Priority: 1 - -# Yarn for managing Node.js packages -Package: yarn -Pin: origin dl.yarnpkg.com -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/sources.list b/dogfood/files/etc/apt/sources.list deleted file mode 100644 index 745bcefcf2b0c..0000000000000 --- a/dogfood/files/etc/apt/sources.list +++ /dev/null @@ -1,3 +0,0 @@ -deb https://mirror.pit.teraswitch.com/ubuntu/ jammy main restricted universe -deb https://mirror.pit.teraswitch.com/ubuntu/ jammy-updates main restricted universe -deb https://mirror.pit.teraswitch.com/ubuntu/ jammy-backports main restricted universe diff --git a/dogfood/files/etc/apt/sources.list.d/docker.list b/dogfood/files/etc/apt/sources.list.d/docker.list deleted file mode 100644 index f00cada1ad16e..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/docker.list +++ /dev/null @@ -1 +0,0 @@ -deb [signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable diff --git a/dogfood/files/etc/apt/sources.list.d/google-chrome.list b/dogfood/files/etc/apt/sources.list.d/google-chrome.list deleted file mode 100644 index 8dd71926f26df..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/google-chrome.list +++ /dev/null @@ -1 +0,0 @@ -deb [signed-by=/usr/share/keyrings/google-chrome.gpg] https://dl.google.com/linux/chrome/deb/ stable main diff --git a/dogfood/files/etc/apt/sources.list.d/google-cloud.list b/dogfood/files/etc/apt/sources.list.d/google-cloud.list deleted file mode 100644 index 24df98effea28..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/google-cloud.list +++ /dev/null @@ -1 +0,0 @@ -deb [signed-by=/usr/share/keyrings/google-cloud.gpg] https://packages.cloud.google.com/apt cloud-sdk main diff --git a/dogfood/files/etc/apt/sources.list.d/hashicorp.list b/dogfood/files/etc/apt/sources.list.d/hashicorp.list deleted file mode 100644 index 6e60053905ec7..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/hashicorp.list +++ /dev/null @@ -1 +0,0 @@ -deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com jammy main diff --git a/dogfood/files/etc/apt/sources.list.d/microsoft-edge.list b/dogfood/files/etc/apt/sources.list.d/microsoft-edge.list deleted file mode 100644 index f0c036f79a5c5..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/microsoft-edge.list +++ /dev/null @@ -1 +0,0 @@ -deb [signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main diff --git a/dogfood/files/etc/apt/sources.list.d/nodesource.list b/dogfood/files/etc/apt/sources.list.d/nodesource.list deleted file mode 100644 index a328c2c3c47dc..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/nodesource.list +++ /dev/null @@ -1 +0,0 @@ -deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x jammy main diff --git a/dogfood/files/etc/apt/sources.list.d/postgresql.list b/dogfood/files/etc/apt/sources.list.d/postgresql.list deleted file mode 100644 index 10262f3e64a10..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/postgresql.list +++ /dev/null @@ -1 +0,0 @@ -deb [signed-by=/usr/share/keyrings/postgresql.gpg] https://apt.postgresql.org/pub/repos/apt jammy-pgdg main diff --git a/dogfood/files/etc/apt/sources.list.d/ppa.list b/dogfood/files/etc/apt/sources.list.d/ppa.list deleted file mode 100644 index e817c20915cb1..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/ppa.list +++ /dev/null @@ -1,2 +0,0 @@ -deb [signed-by=/usr/share/keyrings/ansible.gpg] https://ppa.launchpadcontent.net/ansible/ansible/ubuntu focal main -deb [signed-by=/usr/share/keyrings/neovim.gpg] https://ppa.launchpadcontent.net/neovim-ppa/stable/ubuntu focal main diff --git a/dogfood/files/etc/apt/sources.list.d/security.list b/dogfood/files/etc/apt/sources.list.d/security.list deleted file mode 100644 index 1f3dae8d09b19..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/security.list +++ /dev/null @@ -1 +0,0 @@ -deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted universe diff --git a/dogfood/files/etc/apt/sources.list.d/yarnpkg.list b/dogfood/files/etc/apt/sources.list.d/yarnpkg.list deleted file mode 100644 index ada8a06f7b9b2..0000000000000 --- a/dogfood/files/etc/apt/sources.list.d/yarnpkg.list +++ /dev/null @@ -1 +0,0 @@ -deb [signed-by=/usr/share/keyrings/yarnpkg.gpg] https://dl.yarnpkg.com/debian/ stable main diff --git a/dogfood/files/etc/default/google-chrome b/dogfood/files/etc/default/google-chrome deleted file mode 100644 index 8620a6054380a..0000000000000 --- a/dogfood/files/etc/default/google-chrome +++ /dev/null @@ -1,4 +0,0 @@ -# These settings are required to prevent the postinst script -# from modifying /etc/apt/sources.list.d -repo_add_once="false" -repo_reenable_on_distupgrade="false" diff --git a/dogfood/files/etc/default/microsoft-edge-beta b/dogfood/files/etc/default/microsoft-edge-beta deleted file mode 100644 index 8620a6054380a..0000000000000 --- a/dogfood/files/etc/default/microsoft-edge-beta +++ /dev/null @@ -1,4 +0,0 @@ -# These settings are required to prevent the postinst script -# from modifying /etc/apt/sources.list.d -repo_add_once="false" -repo_reenable_on_distupgrade="false" diff --git a/dogfood/files/etc/docker/daemon.json b/dogfood/files/etc/docker/daemon.json deleted file mode 100644 index 8e19eeeec15b8..0000000000000 --- a/dogfood/files/etc/docker/daemon.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "registry-mirrors": ["https://mirror.gcr.io"] -} diff --git a/dogfood/files/etc/sudoers.d/nopasswd b/dogfood/files/etc/sudoers.d/nopasswd deleted file mode 100644 index 3283f4455630c..0000000000000 --- a/dogfood/files/etc/sudoers.d/nopasswd +++ /dev/null @@ -1 +0,0 @@ -coder ALL=(ALL) NOPASSWD:ALL diff --git a/dogfood/files/usr/share/keyrings/ansible.gpg b/dogfood/files/usr/share/keyrings/ansible.gpg deleted file mode 100644 index 1731dd2b2fbd7..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/ansible.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/docker.gpg b/dogfood/files/usr/share/keyrings/docker.gpg deleted file mode 100644 index e5dc8cfda8e5d..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/docker.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/github-cli.gpg b/dogfood/files/usr/share/keyrings/github-cli.gpg deleted file mode 100644 index eddea90bd75df..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/github-cli.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/google-chrome.gpg b/dogfood/files/usr/share/keyrings/google-chrome.gpg deleted file mode 100644 index cee005a7386d9..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/google-chrome.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/google-cloud.gpg b/dogfood/files/usr/share/keyrings/google-cloud.gpg deleted file mode 100644 index 0f478144f1491..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/google-cloud.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/hashicorp.gpg b/dogfood/files/usr/share/keyrings/hashicorp.gpg deleted file mode 100644 index 674dd40c4219e..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/hashicorp.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/microsoft.gpg b/dogfood/files/usr/share/keyrings/microsoft.gpg deleted file mode 100644 index 0cffae08d061d..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/microsoft.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/neovim.gpg b/dogfood/files/usr/share/keyrings/neovim.gpg deleted file mode 100644 index b88f69c53b482..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/neovim.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/nodesource.gpg b/dogfood/files/usr/share/keyrings/nodesource.gpg deleted file mode 100644 index 4f3ec4ed793b3..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/nodesource.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/postgresql.gpg b/dogfood/files/usr/share/keyrings/postgresql.gpg deleted file mode 100644 index afa15cb1087de..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/postgresql.gpg and /dev/null differ diff --git a/dogfood/files/usr/share/keyrings/yarnpkg.gpg b/dogfood/files/usr/share/keyrings/yarnpkg.gpg deleted file mode 100644 index 32a096756e317..0000000000000 Binary files a/dogfood/files/usr/share/keyrings/yarnpkg.gpg and /dev/null differ diff --git a/dogfood/main.tf b/dogfood/main.tf index 554ba21eda07f..da3e0a4960ca7 100644 --- a/dogfood/main.tf +++ b/dogfood/main.tf @@ -266,9 +266,7 @@ data "docker_registry_image" "dogfood" { resource "docker_image" "dogfood" { name = "${local.registry_name}@${data.docker_registry_image.dogfood.sha256_digest}" pull_triggers = [ - data.docker_registry_image.dogfood.sha256_digest, - sha1(join("", [for f in fileset(path.module, "files/*") : filesha1(f)])), - filesha1("Dockerfile"), + data.docker_registry_image.dogfood.sha256_digest ] keep_locally = true } diff --git a/dogfood/update-keys.sh b/dogfood/update-keys.sh deleted file mode 100755 index 9ebaf77bb5256..0000000000000 --- a/dogfood/update-keys.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -PROJECT_ROOT="$(git rev-parse --show-toplevel)" - -curl_flags=( - --silent - --show-error - --location -) - -gpg_flags=( - --dearmor - --yes -) - -pushd "$PROJECT_ROOT/dogfood/files/usr/share/keyrings" -# Upstream Docker signing key -curl "${curl_flags[@]}" "https://download.docker.com/linux/ubuntu/gpg" | - gpg "${gpg_flags[@]}" --output="docker.gpg" - -# Google Cloud signing key -curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | - gpg "${gpg_flags[@]}" --output="google-cloud.gpg" - -# Google Linux Software repository signing key (Chrome) -curl "${curl_flags[@]}" "https://dl.google.com/linux/linux_signing_key.pub" | - gpg "${gpg_flags[@]}" --output="google-chrome.gpg" - -# Microsoft repository signing key (Edge) -curl "${curl_flags[@]}" "https://packages.microsoft.com/keys/microsoft.asc" | - gpg "${gpg_flags[@]}" --output="microsoft.gpg" - -# Upstream PostgreSQL signing key -curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" | - gpg "${gpg_flags[@]}" --output="postgresql.gpg" - -# NodeSource signing key -curl "${curl_flags[@]}" "https://deb.nodesource.com/gpgkey/nodesource.gpg.key" | - gpg "${gpg_flags[@]}" --output="nodesource.gpg" - -# Yarnpkg signing key -curl "${curl_flags[@]}" "https://dl.yarnpkg.com/debian/pubkey.gpg" | - gpg "${gpg_flags[@]}" --output="yarnpkg.gpg" - -# Ansible PPA signing key -curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6125e2a8c77f2818fb7bd15b93c4a3fd7bb9c367" | - gpg "${gpg_flags[@]}" --output="ansible.gpg" - -# Neovim signing key -curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" | - gpg "${gpg_flags[@]}" --output="neovim.gpg" - -# Hashicorp signing key -curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" | - gpg "${gpg_flags[@]}" --output="hashicorp.gpg" - -# GitHub CLI signing key -curl "${curl_flags[@]}" "https://cli.github.com/packages/githubcli-archive-keyring.gpg" | - gpg "${gpg_flags[@]}" --output="github-cli.gpg" -popd diff --git a/flake.lock b/flake.lock index 79d823fd527c6..437d8fa38b19a 100644 --- a/flake.lock +++ b/flake.lock @@ -70,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1690179384, - "narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=", + "lastModified": 1692174805, + "narHash": "sha256-xmNPFDi/AUMIxwgOH/IVom55Dks34u1g7sFKKebxUm0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b12803b6d90e2e583429bb79b859ca53c348b39a", + "rev": "caac0eb6bdcad0b32cb2522e03e4002c8975c62e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 18d06adc4a98f..fb7ba9f64f133 100644 --- a/flake.nix +++ b/flake.nix @@ -11,50 +11,186 @@ flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; - in - { formatter = pkgs.nixpkgs-fmt; - devShells.default = pkgs.mkShell { - buildInputs = with pkgs; [ - bash - bat - cairo - drpc.defaultPackage.${system} - exa - getopt - git - go-migrate - go_1_20 - golangci-lint - gopls - gotestsum - jq - kubernetes-helm - mockgen - nfpm - nodePackages.pnpm - nodePackages.typescript - nodePackages.typescript-language-server - nodejs - openssh - openssl - pango - pixman - pkg-config - postgresql - protoc-gen-go - ripgrep - screen - shellcheck - shfmt - sqlc - terraform - typos - yq - zip - zstd + # Check in https://search.nixos.org/packages to find new packages. + # Use `nix flake update` to update the lock file if packages are out-of-date. + devShellPackages = with pkgs; [ + bat + bash + cairo + curl + docker + drpc.defaultPackage.${system} + exa + getopt + git + gnumake + gnused + go_1_20 + go-migrate + golangci-lint + gopls + gotestsum + jq + kubernetes-helm + mockgen + nfpm + nix + nodejs + nodePackages.pnpm + nodePackages.prettier + nodePackages.typescript + nodePackages.typescript-language-server + openssh + openssl + pango + pixman + pkg-config + postgresql + protobuf + protoc-gen-go + ripgrep + screen + shellcheck + shfmt + sqlc + strace + terraform + typos + vim + yq-go + zip + zstd + ]; + + # This is the base image for our Docker container used for development. + # Use `nix-prefetch-docker ubuntu --arch amd64 --image-tag lunar` to get this. + baseDevEnvImage = pkgs.dockerTools.pullImage { + imageName = "ubuntu"; + imageDigest = "sha256:7a520eeb6c18bc6d32a21bb7edcf673a7830813c169645d51c949cecb62387d0"; + sha256 = "ajZzFSG/q7F5wAXfBOPpYBT+aVy8lqAXtBzkmAe2SeE="; + finalImageName = "ubuntu"; + finalImageTag = "lunar"; + }; + # This is an intermediate stage that adds sudo with the setuid bit set. + # Nix doesn't allow setuid binaries in the store, so we have to do this + # in a separate stage. + intermediateDevEnvImage = pkgs.dockerTools.buildImage { + name = "intermediate"; + fromImage = baseDevEnvImage; + runAsRoot = '' + #!${pkgs.runtimeShell} + ${pkgs.dockerTools.shadowSetup} + userdel ubuntu + groupadd docker + useradd coder \ + --create-home \ + --shell=/bin/bash \ + --uid=1000 \ + --user-group \ + --groups docker + cp ${pkgs.sudo}/bin/sudo usr/bin/sudo + chmod 4755 usr/bin/sudo + mkdir -p /etc/init.d + ''; + }; + # Environment variables that live in `/etc/environment` in the container. + # These will also be applied to the container config. + devEnvVars = [ + "PATH=${pkgs.lib.makeBinPath devShellPackages}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/coder/go/bin" + # This setting prevents Go from using the public checksum database for + # our module path prefixes. It is required because these are in private + # repositories that require authentication. + # + # For details, see: https://golang.org/ref/mod#private-modules + "GOPRIVATE=coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" + # Increase memory allocation to NodeJS + "NODE_OPTIONS=--max_old_space_size=8192" + "TERM=xterm-256color" + ]; + # Builds our development environment image with all the tools included. + # Using Nix instead of Docker is **significantly** faster. This _build_ + # doesn't really build anything, it just copies pre-built binaries into + # a container and adds them to the $PATH. + # + # To test changes and iterate on this, you can run: + # > nix build .#devEnvImage && ./result | docker load + # This will import the image into your local Docker daemon. + devEnvImage = pkgs.dockerTools.streamLayeredImage { + name = "codercom/oss-dogfood"; + tag = "latest"; + fromImage = intermediateDevEnvImage; + maxLayers = 64; + contents = [ + # Required for `sudo` to persist the proper `PATH`. + ( + pkgs.writeTextDir "etc/environment" (pkgs.lib.strings.concatLines devEnvVars) + ) + # Allows `coder` to use `sudo` without a password. + ( + pkgs.writeTextDir "etc/sudoers" '' + coder ALL=(ALL) NOPASSWD:ALL + '' + ) + # Also allows `coder` to use `sudo` without a password. + ( + pkgs.writeTextDir "etc/pam.d/other" '' + account sufficient pam_unix.so + auth sufficient pam_rootok.so + password requisite pam_unix.so nullok yescrypt + session required pam_unix.so + '' + ) + # The default Nix config! + ( + pkgs.writeTextDir "etc/nix/nix.conf" '' + experimental-features = nix-command flakes + '' + ) + # This is the debian script for managing Docker with `sudo service docker ...`. + ( + pkgs.writeTextFile { + name = "docker"; + destination = "/etc/init.d/docker"; + executable = true; + text = (builtins.readFile ( + pkgs.fetchFromGitHub + { + owner = "moby"; + repo = "moby"; + rev = "ae737656f9817fbd5afab96aa083754cfb81aab0"; + sha256 = "sha256-oS3WplsxhKHCuHwL4/ytsCNJ1N/SZhlUZmzZTf81AoE="; + } + "/contrib/init/sysvinit-debian/docker" + )); + } + ) + # The Docker script above looks here for the daemon binary location. + # Because we're injecting it with Nix, it's not in the default spot. + ( + pkgs.writeTextDir "etc/default/docker" '' + DOCKERD=${pkgs.docker}/bin/dockerd + '' + ) + # The same as `sudo apt install ca-certificates -y'. + ( + pkgs.writeTextDir "etc/ssl/certs/ca-certificates.crt" + (builtins.readFile "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt") + ) ]; + + config = { + Env = devEnvVars; + Entrypoint = [ "/bin/bash" ]; + User = "coder"; + }; + }; + in + { + packages = { + devEnvImage = devEnvImage; }; + defaultPackage = formatter; # or replace it with your desired default package. + devShell = pkgs.mkShell { buildInputs = devShellPackages; }; } ); } diff --git a/provisionerd/proto/provisionerd.pb.go b/provisionerd/proto/provisionerd.pb.go index d7db84d69813e..0a3d897150913 100644 --- a/provisionerd/proto/provisionerd.pb.go +++ b/provisionerd/proto/provisionerd.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v4.23.3 +// protoc-gen-go v1.31.0 +// protoc v3.21.12 // source: provisionerd/proto/provisionerd.proto package proto diff --git a/provisionerd/proto/provisionerd_drpc.pb.go b/provisionerd/proto/provisionerd_drpc.pb.go index ed3155fb21eaa..058af595809b8 100644 --- a/provisionerd/proto/provisionerd_drpc.pb.go +++ b/provisionerd/proto/provisionerd_drpc.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-go-drpc. DO NOT EDIT. -// protoc-gen-go-drpc version: v0.0.33 +// protoc-gen-go-drpc version: (devel) // source: provisionerd/proto/provisionerd.proto package proto diff --git a/provisionersdk/proto/provisioner.pb.go b/provisionersdk/proto/provisioner.pb.go index 24281d4c252db..52f60cede1d51 100644 --- a/provisionersdk/proto/provisioner.pb.go +++ b/provisionersdk/proto/provisioner.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v4.23.3 +// protoc-gen-go v1.31.0 +// protoc v3.21.12 // source: provisionersdk/proto/provisioner.proto package proto diff --git a/provisionersdk/proto/provisioner_drpc.pb.go b/provisionersdk/proto/provisioner_drpc.pb.go index d8b40060cd376..d307402447c78 100644 --- a/provisionersdk/proto/provisioner_drpc.pb.go +++ b/provisionersdk/proto/provisioner_drpc.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-go-drpc. DO NOT EDIT. -// protoc-gen-go-drpc version: v0.0.33 +// protoc-gen-go-drpc version: (devel) // source: provisionersdk/proto/provisioner.proto package proto @@ -76,10 +76,6 @@ type drpcProvisioner_ParseClient struct { drpc.Stream } -func (x *drpcProvisioner_ParseClient) GetStream() drpc.Stream { - return x.Stream -} - func (x *drpcProvisioner_ParseClient) Recv() (*Parse_Response, error) { m := new(Parse_Response) if err := x.MsgRecv(m, drpcEncoding_File_provisionersdk_proto_provisioner_proto{}); err != nil { @@ -111,10 +107,6 @@ type drpcProvisioner_ProvisionClient struct { drpc.Stream } -func (x *drpcProvisioner_ProvisionClient) GetStream() drpc.Stream { - return x.Stream -} - func (x *drpcProvisioner_ProvisionClient) Send(m *Provision_Request) error { return x.MsgSend(m, drpcEncoding_File_provisionersdk_proto_provisioner_proto{}) } diff --git a/site/.eslintignore b/site/.eslintignore index 9bed2be372b11..71c636297172e 100644 --- a/site/.eslintignore +++ b/site/.eslintignore @@ -64,6 +64,9 @@ stats/ .././scaletest/terraform/.terraform.lock.hcl ../scaletest/terraform/secrets.tfvars .terraform.tfstate.* + +# Nix +result # .prettierignore.include: # Helm templates contain variables that are invalid YAML and can't be formatted # by Prettier. diff --git a/site/.prettierignore b/site/.prettierignore index 9bed2be372b11..71c636297172e 100644 --- a/site/.prettierignore +++ b/site/.prettierignore @@ -64,6 +64,9 @@ stats/ .././scaletest/terraform/.terraform.lock.hcl ../scaletest/terraform/secrets.tfvars .terraform.tfstate.* + +# Nix +result # .prettierignore.include: # Helm templates contain variables that are invalid YAML and can't be formatted # by Prettier.