- Uses unix socket for
code-server
- Host
code-server
usingnginx
(via unix socket) for SSL termination and virtual hosts. - Automatically restart
code-server
when updated withpacman
- Automatically start
code-server
as specified user (usingsystemd
) - Automatically fix socket permissions so
nginx
can read/write to unix socket. (usingsystemd
)
Last active
December 13, 2022 23:16
-
-
Save eth-p/aec1985a0f9f90c034cda2649d4940e8 to your computer and use it in GitHub Desktop.
Code-Server Systemd Units + Pacman Hooks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Code Server Post-Exec Setup | |
[Service] | |
# Socket path. | |
Environment=CODE_SERVER_SOCKET=/var/server/socket/code-server/http.sock | |
# Update socket permissions. | |
ExecStartPre=sh -c 'setfacl -m mask::rwx "$CODE_SERVER_SOCKET"' | |
# Do nothing while looking pretty. | |
# This prevents the watcher (.path unit) from firing continuously. | |
ExecStart=sh -c 'tail --pid="$(systemctl show --property MainPID code-server.service | cut -d= -f2)" -f /dev/null' | |
TimeoutStopSec=0 | |
# Service type. | |
Type=simple | |
[Install] | |
Also=code-server-postexec.path code-server-postexec.service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Code Server Post-Exec Trigger | |
Before = code-server.service | |
[Path] | |
PathExists=/var/server/socket/code-server/http.sock | |
Unit=code-server-postexec.service | |
[Install] | |
Also=code-server.service code-server-postexec.service | |
WantedBy=code-server.service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Code Server (Web-Based Visual Studio Code) | |
After = multi-user.target syslog.target network.target network-online.target | |
Requires = multi-user.target | |
[Service] | |
# Run as me. | |
Environment=RUNAS_USER=me | |
Environment=RUNAS_GROUP=me | |
Environment=NGINX_USER=nginx | |
Environment=NGINX_GROUP=nginx | |
# Socket path. | |
Environment=CODE_SERVER_SOCKET=/var/server/socket/code-server/http.sock | |
# Create directory for the socket. | |
ExecStartPre=sh -c 'test -d "$(dirname "$CODE_SERVER_SOCKET")" || mkdir "$(dirname "$CODE_SERVER_SOCKET")"' | |
ExecStartPre=sh -c 'setfacl -m user:"$RUNAS_USER":rwx -m user:"$NGINX_USER":r-x -m group:"$NGINX_GROUP":r-x -m default:user:"$NGINX_USER":rwx -m default:group:"$NGINX_GROUP":rwx "$(dirname "$CODE_SERVER_SOCKET")"' | |
ExecStartPre=sh -c 'chown -R "$RUNAS_USER":"$RUNAS_GROUP" "$(dirname "$CODE_SERVER_SOCKET")"' | |
ExecStartPre=sh -c 'chmod -R 770 "$(dirname "$CODE_SERVER_SOCKET")"' | |
# Start code-server. | |
ExecStart=sh -c 'su -g "$RUNAS_GROUP" "$RUNAS_USER" --login --command="code-server --socket=\"$CODE_SERVER_SOCKET\""' | |
# Clean up socket after. | |
ExecStopPost=sh -c 'rm "$CODE_SERVER_SOCKET"' | |
# Service type. | |
Type=simple | |
SuccessExitStatus=0 SIGTERM | |
Restart=always | |
# Use official Microsoft extension gallery. | |
Environment=EXTENSIONS_GALLERY='{"serviceUrl":"https://marketplace.visualstudio.com/_apis/public/gallery","cacheUrl":"https://vscode.blob.core.windows.net/gallery/index","itemUrl":"https://marketplace.visualstudio.com/items","controlUrl":"","recommendationsUrl":""}' | |
[Install] | |
WantedBy=default.target | |
Also=code-server-postexec.path code-server-postexec.service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name code-server.example.com; | |
ssl_certificate /etc/letsencrypt/live/code-server/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/code-server/privkey.pem; | |
ssl_trusted_certificate /etc/letsencrypt/live/code-server/chain.pem; | |
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem; | |
root /var/www/app/code-server; | |
try_files $uri @proxy; | |
location @proxy { | |
proxy_pass http://ide_code_server; | |
proxy_http_version 1.1; | |
proxy_set_header Host $host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
} | |
} | |
upstream ide_code_server { | |
server unix:/var/server/socket/code-server/http.sock; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment