terraform { required_providers { coder = { source = "coder/coder" version = "~> 0.12.0" } kubernetes = { source = "hashicorp/kubernetes" version = "~> 2.23" } } } provider "coder" {} variable "use_kubeconfig" { type = bool description = "Use kubeconfig instead of in-cluster config" default = false } provider "kubernetes" { # If running inside the cluster, this will use the service account token. # If running locally for dev, set use_kubeconfig = true config_path = var.use_kubeconfig ? "~/.kube/config" : null } data "coder_workspace" "me" {} resource "coder_agent" "main" { arch = "arm64" os = "linux" startup_script = <> ~/.bashrc # Install Node.js (via NVM or direct) - Installing Node 20 LTS for ARM64 curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - sudo apt-get install -y nodejs # Configure Git to use the token git config --global credential.helper store # We can't easily inject the password here without a secret, but we can setup the user git config --global user.name "${data.coder_workspace.me.owner}" git config --global user.email "${data.coder_workspace.me.owner_email}" # Clone repo if not exists if [ ! -d "~/evrak" ]; then git clone https://git.konstantiniyye.studio/muhammed/evrak.git ~/evrak fi EOT # These environment variables are available in the workspace env = { GIT_AUTHOR_NAME = "${data.coder_workspace.me.owner}" GIT_COMMITTER_NAME = "${data.coder_workspace.me.owner}" GIT_AUTHOR_EMAIL = "${data.coder_workspace.me.owner_email}" GIT_COMMITTER_EMAIL = "${data.coder_workspace.me.owner_email}" } } resource "kubernetes_persistent_volume_claim" "home" { metadata { name = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}-home" namespace = "default" # Adjust if Coder runs in a different namespace or if you want workspaces elsewhere labels = { "app.kubernetes.io/name" = "coder-pvc" "app.kubernetes.io/instance" = "coder-pvc-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}" "app.kubernetes.io/part-of" = "coder" "app.kubernetes.io/managed-by" = "coder" } } wait_until_bound = false spec { access_modes = ["ReadWriteOnce"] resources { requests = { storage = "10Gi" } } } } resource "kubernetes_pod" "main" { count = data.coder_workspace.me.start_count metadata { name = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}" namespace = "default" } spec { security_context { run_as_user = 1000 fs_group = 1000 } container { name = "dev" image = "ubuntu:22.04" command = ["sh", "-c", coder_agent.main.init_script] security_context { run_as_user = 1000 } env { name = "CODER_AGENT_TOKEN" value = coder_agent.main.token } resources { requests = { "cpu" = "250m" "memory" = "512Mi" } limits = { "cpu" = "2" "memory" = "4Gi" } } volume_mount { mount_path = "/home/coder" name = "home" read_only = false } } volume { name = "home" persistent_volume_claim { claim_name = kubernetes_persistent_volume_claim.home.metadata.0.name } } affinity { node_affinity { required_during_scheduling_ignored_during_execution { node_selector_term { match_expressions { key = "kubernetes.io/arch" operator = "In" values = ["arm64"] } } } } } } }