Code-Server Systemd Units + Pacman Hooks

README.md

Code-Server Setup

• Uses unix socket for code-server
• Host code-server using nginx (via unix socket) for SSL termination and virtual hosts.
• Automatically restart code-server when updated with pacman
• Automatically start code-server as specified user (using systemd)
• Automatically fix socket permissions so nginx can read/write to unix socket. (using systemd)

etc_systemd_system_code-server-postexec.service

[Unit]
Description=Code Server Post-Exec Setup

[Service]
# Socket path.
Environment=CODE_SERVER_SOCKET=/var/server/socket/code-server/http.sock

# Update socket permissions.
ExecStartPre=sh -c 'setfacl -m mask::rwx "$CODE_SERVER_SOCKET"'

# Do nothing while looking pretty.
# This prevents the watcher (.path unit) from firing continuously.
ExecStart=sh -c 'tail --pid="$(systemctl show --property MainPID code-server.service | cut -d= -f2)" -f /dev/null'
TimeoutStopSec=0

# Service type.
Type=simple

[Install]
Also=code-server-postexec.path code-server-postexec.service

etc_systemd_system_code-server.path

[Unit]
Description=Code Server Post-Exec Trigger

Before = code-server.service

[Path]
PathExists=/var/server/socket/code-server/http.sock
Unit=code-server-postexec.service

[Install]
Also=code-server.service code-server-postexec.service
WantedBy=code-server.service

etc_systemd_system_code-server.service

[Unit]
Description=Code Server (Web-Based Visual Studio Code)

After = multi-user.target syslog.target network.target network-online.target
Requires = multi-user.target

[Service]
# Run as me.
Environment=RUNAS_USER=me
Environment=RUNAS_GROUP=me
Environment=NGINX_USER=nginx
Environment=NGINX_GROUP=nginx

# Socket path.
Environment=CODE_SERVER_SOCKET=/var/server/socket/code-server/http.sock

# Create directory for the socket.
ExecStartPre=sh -c 'test -d "$(dirname "$CODE_SERVER_SOCKET")" || mkdir "$(dirname "$CODE_SERVER_SOCKET")"'
ExecStartPre=sh -c 'setfacl -m user:"$RUNAS_USER":rwx -m user:"$NGINX_USER":r-x -m group:"$NGINX_GROUP":r-x -m default:user:"$NGINX_USER":rwx -m default:group:"$NGINX_GROUP":rwx "$(dirname "$CODE_SERVER_SOCKET")"'
ExecStartPre=sh -c 'chown -R "$RUNAS_USER":"$RUNAS_GROUP" "$(dirname "$CODE_SERVER_SOCKET")"'
ExecStartPre=sh -c 'chmod -R 770 "$(dirname "$CODE_SERVER_SOCKET")"'

# Start code-server.
ExecStart=sh -c 'su -g "$RUNAS_GROUP" "$RUNAS_USER" --login --command="code-server --socket=\"$CODE_SERVER_SOCKET\""'

# Clean up socket after.
ExecStopPost=sh -c 'rm "$CODE_SERVER_SOCKET"'

# Service type.
Type=simple
SuccessExitStatus=0 SIGTERM
Restart=always

# Use official Microsoft extension gallery.
Environment=EXTENSIONS_GALLERY='{"serviceUrl":"https://marketplace.visualstudio.com/_apis/public/gallery","cacheUrl":"https://vscode.blob.core.windows.net/gallery/index","itemUrl":"https://marketplace.visualstudio.com/items","controlUrl":"","recommendationsUrl":""}'

[Install]
WantedBy=default.target
Also=code-server-postexec.path code-server-postexec.service

nginx_code-server.conf

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name code-server.example.com;
	
	ssl_certificate         /etc/letsencrypt/live/code-server/fullchain.pem;
	ssl_certificate_key     /etc/letsencrypt/live/code-server/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/code-server/chain.pem;
	ssl_dhparam             /etc/letsencrypt/dhparams/dhparam.pem;
	
	root /var/www/app/code-server;

	try_files $uri @proxy;

	location @proxy {
		proxy_pass http://ide_code_server;
		proxy_http_version 1.1;
		proxy_set_header Host $host;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}
}

upstream ide_code_server {
	server unix:/var/server/socket/code-server/http.sock;
}

usr_share_libalpm_hooks_code-server.hook

[Trigger]
Type = Package
Operation = Install
Operation = Upgrade
Target = code-server

[Action]
Description = Restarting code-server...
When = PostTransaction
Exec = /usr/bin/systemctl restart code-server