evrak/coder/main.tf

terraform {
  required_providers {
    coder = {
      source  = "coder/coder"
      version = "~> 0.12.0"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "~> 2.23"
    }
  }
}

provider "coder" {}

variable "use_kubeconfig" {
  type        = bool
  description = "Use kubeconfig instead of in-cluster config"
  default     = false
}

provider "kubernetes" {
  # If running inside the cluster, this will use the service account token.
  # If running locally for dev, set use_kubeconfig = true
  config_path = var.use_kubeconfig ? "~/.kube/config" : null
}

data "coder_workspace" "me" {}

resource "coder_agent" "main" {
  arch           = "arm64"
  os             = "linux"
  startup_script = <<EOT
    #!/bin/bash
    set -e

    # Install basic tools
    sudo apt-get update
    sudo apt-get install -y curl git unzip nano wget

    # Install Go (ARM64)
    wget https://go.dev/dl/go1.21.5.linux-arm64.tar.gz
    sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.21.5.linux-arm64.tar.gz
    export PATH=$PATH:/usr/local/go/bin
    echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc

    # Install Node.js (via NVM or direct) - Installing Node 20 LTS for ARM64
    curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
    sudo apt-get install -y nodejs

    # Configure Git to use the token
    git config --global credential.helper store
    # We can't easily inject the password here without a secret, but we can setup the user
    git config --global user.name "${data.coder_workspace.me.owner}"
    git config --global user.email "${data.coder_workspace.me.owner_email}"
    
    # Clone repo if not exists
    if [ ! -d "~/evrak" ]; then
      git clone https://git.konstantiniyye.studio/muhammed/evrak.git ~/evrak
    fi
  EOT

  # These environment variables are available in the workspace
  env = {
    GIT_AUTHOR_NAME     = "${data.coder_workspace.me.owner}"
    GIT_COMMITTER_NAME  = "${data.coder_workspace.me.owner}"
    GIT_AUTHOR_EMAIL    = "${data.coder_workspace.me.owner_email}"
    GIT_COMMITTER_EMAIL = "${data.coder_workspace.me.owner_email}"
  }
}

resource "kubernetes_persistent_volume_claim" "home" {
  metadata {
    name      = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}-home"
    namespace = "default" # Adjust if Coder runs in a different namespace or if you want workspaces elsewhere
    labels = {
      "app.kubernetes.io/name"       = "coder-pvc"
      "app.kubernetes.io/instance"   = "coder-pvc-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
      "app.kubernetes.io/part-of"    = "coder"
      "app.kubernetes.io/managed-by" = "coder"
    }
  }
  wait_until_bound = false
  spec {
    access_modes = ["ReadWriteOnce"]
    resources {
      requests = {
        storage = "10Gi"
      }
    }
  }
}

resource "kubernetes_pod" "main" {
  count = data.coder_workspace.me.start_count
  metadata {
    name      = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
    namespace = "default"
  }
  spec {
    security_context {
      run_as_user = 1000
      fs_group    = 1000
    }

    container {
      name    = "dev"
      image   = "ubuntu:22.04"
      command = ["sh", "-c", coder_agent.main.init_script]
      security_context {
        run_as_user = 1000
      }
      env {
        name  = "CODER_AGENT_TOKEN"
        value = coder_agent.main.token
      }
      resources {
        requests = {
          "cpu"    = "250m"
          "memory" = "512Mi"
        }
        limits = {
          "cpu"    = "2"
          "memory" = "4Gi"
        }
      }
      volume_mount {
        mount_path = "/home/coder"
        name       = "home"
        read_only  = false
      }
    }

    volume {
      name = "home"
      persistent_volume_claim {
        claim_name = kubernetes_persistent_volume_claim.home.metadata.0.name
      }
    }

    affinity {
      node_affinity {
        required_during_scheduling_ignored_during_execution {
          node_selector_term {
            match_expressions {
              key      = "kubernetes.io/arch"
              operator = "In"
              values   = ["arm64"]
            }
          }
        }
      }
    }
  }
}