terraform { required_providers { coder = { source = "coder/coder" } docker = { source = "kreuzwerker/docker" version = "~> 3.0.0" } } } locals { // These are cluster service addresses mapped to Tailscale nodes. Ask Dean or // Kyle for help. docker_host = { "" = "tcp://dogfood-ts-cdr-dev.tailscale.svc.cluster.local:2375" "us-pittsburgh" = "tcp://dogfood-ts-cdr-dev.tailscale.svc.cluster.local:2375" "eu-helsinki" = "tcp://reinhard-hel-cdr-dev.tailscale.svc.cluster.local:2375" "ap-sydney" = "tcp://hildegard-sydney-cdr-dev.tailscale.svc.cluster.local:2375" "sa-saopaulo" = "tcp://oberstein-sao-cdr-dev.tailscale.svc.cluster.local:2375" "za-jnb" = "tcp://greenhill-jnb-cdr-dev.tailscale.svc.cluster.local:2375" } repo_base_dir = data.coder_parameter.repo_base_dir.value == "~" ? "/home/coder" : replace(data.coder_parameter.repo_base_dir.value, "/^~\\//", "/home/coder/") repo_dir = replace(module.git-clone.repo_dir, "/^~\\//", "/home/coder/") container_name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}" } data "coder_parameter" "repo_base_dir" { type = "string" name = "Coder Repository Base Directory" default = "~" description = "The directory specified will be created (if missing) and [coder/coder](https://github.com/coder/coder) will be automatically cloned into [base directory]/coder 🪄." mutable = true } data "coder_parameter" "image_type" { type = "string" name = "Coder Image" default = "codercom/oss-dogfood:latest" description = "The Docker image used to run your workspace. Choose between nix and non-nix images." option { icon = "/icon/coder.svg" name = "Dogfood (Default)" value = "codercom/oss-dogfood:latest" } option { icon = "/icon/nix.svg" name = "Dogfood Nix (Experimental)" value = "codercom/oss-dogfood-nix:latest" } } data "coder_parameter" "region" { type = "string" name = "Region" icon = "/emojis/1f30e.png" default = "us-pittsburgh" option { icon = "/emojis/1f1fa-1f1f8.png" name = "Pittsburgh" value = "us-pittsburgh" } option { icon = "/emojis/1f1eb-1f1ee.png" name = "Helsinki" value = "eu-helsinki" } option { icon = "/emojis/1f1e6-1f1fa.png" name = "Sydney" value = "ap-sydney" } option { icon = "/emojis/1f1e7-1f1f7.png" name = "São Paulo" value = "sa-saopaulo" } option { icon = "/emojis/1f1ff-1f1e6.png" name = "Johannesburg" value = "za-jnb" } } provider "docker" { host = lookup(local.docker_host, data.coder_parameter.region.value) } provider "coder" {} data "coder_external_auth" "github" { id = "github" } data "coder_workspace" "me" {} module "slackme" { source = "registry.coder.com/modules/slackme/coder" version = "1.0.2" agent_id = coder_agent.dev.id auth_provider_id = "slack" } module "dotfiles" { source = "registry.coder.com/modules/dotfiles/coder" version = "1.0.14" agent_id = coder_agent.dev.id } module "git-clone" { source = "registry.coder.com/modules/git-clone/coder" version = "1.0.12" agent_id = coder_agent.dev.id url = "https://github.com/coder/coder" base_dir = local.repo_base_dir } module "personalize" { source = "registry.coder.com/modules/personalize/coder" version = "1.0.2" agent_id = coder_agent.dev.id } module "code-server" { source = "registry.coder.com/modules/code-server/coder" version = "1.0.14" agent_id = coder_agent.dev.id folder = local.repo_dir auto_install_extensions = true } module "jetbrains_gateway" { source = "registry.coder.com/modules/jetbrains-gateway/coder" version = "1.0.13" agent_id = coder_agent.dev.id agent_name = "dev" folder = local.repo_dir jetbrains_ides = ["GO", "WS"] default = "GO" latest = true } module "filebrowser" { source = "registry.coder.com/modules/filebrowser/coder" version = "1.0.8" agent_id = coder_agent.dev.id } module "coder-login" { source = "registry.coder.com/modules/coder-login/coder" version = "1.0.2" agent_id = coder_agent.dev.id } resource "coder_agent" "dev" { arch = "amd64" os = "linux" dir = local.repo_dir env = { OIDC_TOKEN : data.coder_workspace.me.owner_oidc_access_token, } startup_script_behavior = "blocking" # The following metadata blocks are optional. They are used to display # information about your workspace in the dashboard. You can remove them # if you don't want to display any information. metadata { display_name = "CPU Usage" key = "0_cpu_usage" script = "coder stat cpu" interval = 10 timeout = 1 } metadata { display_name = "RAM Usage" key = "1_ram_usage" script = "coder stat mem" interval = 10 timeout = 1 } metadata { display_name = "CPU Usage (Host)" key = "2_cpu_usage_host" script = "coder stat cpu --host" interval = 10 timeout = 1 } metadata { display_name = "RAM Usage (Host)" key = "3_ram_usage_host" script = "coder stat mem --host" interval = 10 timeout = 1 } metadata { display_name = "Swap Usage (Host)" key = "4_swap_usage_host" script = <&1 | awk ' $0 ~ "Word of the Day: [A-z]+" { print $5; exit }' EOT interval = 86400 timeout = 5 } startup_script = <<-EOT set -eux -o pipefail # Allow synchronization between scripts. trap 'touch /tmp/.coder-startup-script.done' EXIT # Start Docker service sudo service docker start # Install playwright dependencies # We want to use the playwright version from site/package.json # Check if the directory exists At workspace creation as the coder_script runs in parallel so clone might not exist yet. while ! [[ -f "${local.repo_dir}/site/package.json" ]]; do sleep 1 done cd "${local.repo_dir}/site" && pnpm install && pnpm playwright:install EOT } resource "docker_volume" "home_volume" { name = "coder-${data.coder_workspace.me.id}-home" # Protect the volume from being deleted due to changes in attributes. lifecycle { ignore_changes = all } # Add labels in Docker to keep track of orphan resources. labels { label = "coder.owner" value = data.coder_workspace.me.owner } labels { label = "coder.owner_id" value = data.coder_workspace.me.owner_id } labels { label = "coder.workspace_id" value = data.coder_workspace.me.id } # This field becomes outdated if the workspace is renamed but can # be useful for debugging or cleaning out dangling volumes. labels { label = "coder.workspace_name_at_creation" value = data.coder_workspace.me.name } } data "docker_registry_image" "dogfood" { name = data.coder_parameter.image_type.value } resource "docker_image" "dogfood" { name = "${data.coder_parameter.image_type.value}@${data.docker_registry_image.dogfood.sha256_digest}" pull_triggers = [ data.docker_registry_image.dogfood.sha256_digest, sha1(join("", [for f in fileset(path.module, "files/*") : filesha1(f)])), filesha1("Dockerfile"), filesha1("Dockerfile.nix"), ] keep_locally = true } resource "docker_container" "workspace" { count = data.coder_workspace.me.start_count image = docker_image.dogfood.name name = local.container_name # Hostname makes the shell more user friendly: coder@my-workspace:~$ hostname = data.coder_workspace.me.name # Use the docker gateway if the access URL is 127.0.0.1 entrypoint = ["sh", "-c", coder_agent.dev.init_script] # CPU limits are unnecessary since Docker will load balance automatically memory = data.coder_workspace.me.owner == "code-asher" ? 65536 : 32768 runtime = "sysbox-runc" env = [ "CODER_AGENT_TOKEN=${coder_agent.dev.token}", "USE_CAP_NET_ADMIN=true", ] host { host = "host.docker.internal" ip = "host-gateway" } volumes { container_path = "/home/coder/" volume_name = docker_volume.home_volume.name read_only = false } capabilities { add = ["CAP_NET_ADMIN", "CAP_SYS_NICE"] } # Add labels in Docker to keep track of orphan resources. labels { label = "coder.owner" value = data.coder_workspace.me.owner } labels { label = "coder.owner_id" value = data.coder_workspace.me.owner_id } labels { label = "coder.workspace_id" value = data.coder_workspace.me.id } labels { label = "coder.workspace_name" value = data.coder_workspace.me.name } } resource "coder_metadata" "container_info" { count = data.coder_workspace.me.start_count resource_id = docker_container.workspace[0].id item { key = "memory" value = docker_container.workspace[0].memory } item { key = "runtime" value = docker_container.workspace[0].runtime } item { key = "region" value = data.coder_parameter.region.option[index(data.coder_parameter.region.option.*.value, data.coder_parameter.region.value)].name } }