vasceannie/code-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d7fd50d7a3db418fcaf736e5624132597cc7edcc
code-tools/tf/workspace.tf

243 lines
7.8 KiB
HCL
Raw Blame History

# =============================================================================
# Development Workspace Container
# Main development environment with all required tools
# =============================================================================
# =============================================================================
# Coder Agent - Workspace Management
# =============================================================================
resource "coder_agent" "main" {
arch = data.coder_provisioner.me.arch
os = "linux"
dir = "/workspaces"
# Environment variables for development
env = {
"GIT_AUTHOR_NAME" = local.git_author_name
"GIT_AUTHOR_EMAIL" = local.git_author_email
"GIT_COMMITTER_NAME" = local.git_author_name
"GIT_COMMITTER_EMAIL" = local.git_author_email
"NODE_VERSION" = var.node_version
"PYTHON_VERSION" = var.python_version
"PATH" = "$PATH:/home/coder/bin:/home/coder/.cargo/bin:/home/coder/.local/bin:/usr/local/bin"
"HOME" = "/home/coder"
"USER" = "coder"
# Suppress NVM symlink warnings
"NVM_SYMLINK_CURRENT" = "false"
# Workspace ID for scripts
"CODER_WORKSPACE_ID" = local.workspace_id
# Service URLs for development
"POSTGRES_URL" = data.coder_parameter.enable_services.value ? "postgresql://postgres:${var.postgres_password}@postgres-${local.workspace_id}:5432/postgres" : ""
"REDIS_URL" = data.coder_parameter.enable_services.value ? "redis://:${var.redis_password}@redis-${local.workspace_id}:6379" : ""
"QDRANT_URL" = data.coder_parameter.enable_services.value ? "http://qdrant-${local.workspace_id}:6333" : ""
# Additional environment variables for scripts
"ENABLE_SERVICES" = tostring(data.coder_parameter.enable_services.value)
# Security: Block file transfer commands to prevent data exfiltration
"CODER_AGENT_BLOCK_FILE_TRANSFER" = var.block_file_transfer ? "1" : ""
# Repository to clone on startup
"CODER_WORKSPACE_REPO" = local.repo_url != "custom" ? local.repo_url : ""
}
# Reference bind-mounted startup script plus service port forwarding
startup_script = data.coder_parameter.enable_services.value ? "echo '${base64encode(local.port_forward_script)}' | base64 -d | tr -d '\\r' | bash" : "echo 'Starting workspace...'"
# Performance and resource monitoring
metadata {
display_name = "CPU Usage"
key = "cpu_usage"
script = "{ export NVM_SYMLINK_CURRENT=false; top -bn1 2>/dev/null | grep 'Cpu(s)' | awk '{print $2 \"%\"}' || echo 'N/A'; } 2>/dev/null"
interval = 60
timeout = 10
}
metadata {
display_name = "RAM Usage"
key = "ram_usage"
script = "{ export NVM_SYMLINK_CURRENT=false; free 2>/dev/null | grep Mem | awk '{printf \"%d%%\", int($3/$2 * 100)}' || echo 'N/A'; } 2>/dev/null"
interval = 60
timeout = 10
}
metadata {
display_name = "Disk Usage"
key = "disk_usage"
script = "{ export NVM_SYMLINK_CURRENT=false; df -h /workspaces 2>/dev/null | tail -1 | awk '{print $5}' || echo 'N/A'; } 2>&1 | head -1"
interval = 300
timeout = 10
}
metadata {
display_name = "Git Branch"
key = "git_branch"
script = "{ export NVM_SYMLINK_CURRENT=false; cd /workspaces && git branch --show-current 2>/dev/null || echo 'no-repo'; } 2>&1 | head -1"
interval = 300
timeout = 5
}
}
# =============================================================================
# Persistent Home Volume for Development Container
# =============================================================================
resource "docker_volume" "coder_home" {
name = "coder-home-${local.workspace_id}"
labels {
label = "coder.workspace_id"
value = local.workspace_id
}
labels {
label = "coder.owner"
value = data.coder_workspace_owner.me.name
}
labels {
label = "coder.type"
value = "home-directory"
}
}
# =============================================================================
# Main Development Container
# =============================================================================
resource "docker_container" "workspace" {
count = data.coder_workspace.me.start_count
image = docker_image.devcontainer.image_id
name = local.container_name
hostname = data.coder_workspace.me.name
# Container resource limits
memory = var.workspace_memory_limit * 1024 * 1024 # Convert MB to bytes
# Environment variables
env = [
"GIT_AUTHOR_NAME=${local.git_author_name}",
"GIT_AUTHOR_EMAIL=${local.git_author_email}",
"GIT_COMMITTER_NAME=${local.git_author_name}",
"GIT_COMMITTER_EMAIL=${local.git_author_email}",
"NODE_VERSION=${var.node_version}",
"PYTHON_VERSION=${var.python_version}",
"CODER_AGENT_TOKEN=${coder_agent.main.token}"
]
# Network configuration
networks_advanced {
name = docker_network.workspace.name
}
# Host networking for Docker-in-Docker and reverse proxy support
host {
host = "host.docker.internal"
ip = "host-gateway"
}
# No port mappings needed - reverse proxy will handle routing
# All services run within the isolated workspace network
# Coder's port forwarding and apps will provide access via reverse proxy
# Volume mounts
volumes {
container_path = "/workspaces"
volume_name = docker_volume.workspaces.name
read_only = false
}
# Mount a dynamically created home volume for user data persistence
volumes {
container_path = "/home/coder"
volume_name = docker_volume.coder_home.name
read_only = false
}
# Docker socket for Docker-in-Docker (optional)
dynamic "volumes" {
for_each = var.enable_docker_in_docker ? [1] : []
content {
host_path = "/var/run/docker.sock"
container_path = "/var/run/docker.sock"
}
}
# Working directory
working_dir = "/workspaces"
# Keep container running
command = ["/bin/bash", "-c", "${coder_agent.main.init_script} && sleep infinity"]
# Container labels for management
labels {
label = "coder.owner"
value = data.coder_workspace_owner.me.name
}
labels {
label = "coder.workspace_id"
value = local.workspace_id
}
labels {
label = "coder.project"
value = var.project_name
}
# Dependencies
depends_on = [
docker_network.workspace,
docker_volume.workspaces,
docker_volume.coder_home,
docker_image.devcontainer
]
}
# =============================================================================
# JetBrains Gateway Integration
# =============================================================================
module "jetbrains_gateway" {
count = data.coder_parameter.enable_jetbrains.value && data.coder_workspace.me.start_count > 0 ? 1 : 0
source = "registry.coder.com/modules/jetbrains-gateway/coder"
version = "1.0.29"
agent_id = coder_agent.main.id
folder = "/workspaces"
jetbrains_ides = ["IU", "WS", "PY", "GO"]
default = "IU"
latest = false
jetbrains_ide_versions = {
"IU" = {
build_number = "251.25410.129"
version = "2025.1"
}
"WS" = {
build_number = "251.25410.129"
version = "2025.1"
}
"PY" = {
build_number = "251.25410.129"
version = "2025.1"
}
"GO" = {
build_number = "251.25410.129"
version = "2025.1"
}
"CL" = {
build_number = "251.25410.129"
version = "2025.1"
}
"PS" = {
build_number = "251.25410.129"
version = "2025.1"
}
"RR" = {
build_number = "251.25410.129"
version = "2025.1"
}
"RM" = {
build_number = "251.25410.129"
version = "2025.1"
}
"RD" = {
build_number = "251.25410.129"
version = "2025.1"
}
}
}
Reference in New Issue View Git Blame Copy Permalink