From 44501d92d07e087e4a16932e3903f69e6552b5e6 Mon Sep 17 00:00:00 2001
From: Franck Cuny <fcuny@roblox.com>
Date: Wed, 28 Jan 2026 15:07:51 -0800
Subject: install a recent version of coder for work

---
 flake.nix              |   1 +
 home/programs/ssh.nix  |  19 +++++++-
 machines/mbp-work.nix  |   7 +++
 pkgs/coder/default.nix | 116 +++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 142 insertions(+), 1 deletion(-)
 create mode 100644 pkgs/coder/default.nix

diff --git a/flake.nix b/flake.nix
index 0e10b43..7ccf5e0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -226,6 +226,7 @@
       overlays.default = _final: prev: {
         sapi = prev.callPackage ./pkgs/sapi { };
         hashi = prev.callPackage ./pkgs/hashi { };
+        coder-mainline = prev.callPackage ./pkgs/coder { channel = "mainline"; };
       };
 
       formatter = forAllSystems (
diff --git a/home/programs/ssh.nix b/home/programs/ssh.nix
index efc3085..b7a5796 100644
--- a/home/programs/ssh.nix
+++ b/home/programs/ssh.nix
@@ -1,9 +1,26 @@
-{ config, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
   programs.ssh = {
     enable = true;
     enableDefaultConfig = false;
     matchBlocks = {
+      "*.coder" = {
+        proxyCommand = "${lib.getExe pkgs.coder-mainline} --global-config \"/Users/fcuny/Library/Application Support/coderv2\" ssh --stdio %h";
+        extraOptions = {
+          "ConnectTimeout" = "0";
+          "StrictHostKeyChecking" = "no";
+          "UserKnownHostsFile" = "/dev/null";
+          "LogLevel" = "ERROR";
+          # Disable ControlMaster for Coder to avoid "stuck" tunnels if a workspace restarts.
+          "ControlMaster" = "no";
+          "ControlPath" = "none";
+        };
+      };
       "*" = {
         controlMaster = "auto";
         controlPath = "${config.home.homeDirectory}/.ssh/sockets/S.%r@%h:%p";
diff --git a/machines/mbp-work.nix b/machines/mbp-work.nix
index ba1c349..c13d966 100644
--- a/machines/mbp-work.nix
+++ b/machines/mbp-work.nix
@@ -10,9 +10,11 @@
   };
 
   imports = [
+    #keep-sorted start
     ../profiles/darwin.nix
     ../profiles/home-manager.nix
     ../profiles/users/home-manager.nix
+    #keep-sorted end
   ];
 
   users.users.${adminUser.name} = {
@@ -24,19 +26,24 @@
     home.stateVersion = "23.05";
     home.homeDirectory = "/Users/${adminUser.name}";
     imports = [
+      #keep-sorted start
       ../home/profiles/darwin.nix
       ../home/profiles/development.nix
       ../home/profiles/k8s.nix
       ../home/programs/hashi.nix
       ../home/programs/sapi.nix
+      #keep-sorted end
     ];
     home.packages = with pkgs; [
+      #keep-sorted start
       _1password-cli
       awscli2
       boundary # for secure remote access
+      coder-mainline
       grpcurl
       tfswitch
       vault
+      #keep-sorted end
     ];
   };
 }
diff --git a/pkgs/coder/default.nix b/pkgs/coder/default.nix
new file mode 100644
index 0000000..f27e0b8
--- /dev/null
+++ b/pkgs/coder/default.nix
@@ -0,0 +1,116 @@
+{
+  lib,
+  channel ? "stable",
+  fetchurl,
+  installShellFiles,
+  makeBinaryWrapper,
+  terraform,
+  stdenvNoCC,
+  unzip,
+  nixosTests,
+}:
+
+let
+  inherit (stdenvNoCC.hostPlatform) system;
+
+  channels = {
+    stable = {
+      version = "2.28.6";
+      hash = {
+        x86_64-linux = "sha256-OBnEOR6uNCzfsnWIQupSN9JMykNbrojrkb5lcPXL1W8=";
+        x86_64-darwin = "sha256-ixI5BPxq7spPk1Un6eYVke+IkhqoIxTqDTXo5FehaEk=";
+        aarch64-linux = "sha256-w+5PMff13nUp7jAYGSQlozShWqjsF+NLKQiquxD07wc=";
+        aarch64-darwin = "sha256-nrx0Z1NdzkeQbeWzwOhpATIYnCCucG5lKRoUaRVjiQE=";
+      };
+    };
+    mainline = {
+      version = "2.29.1";
+      hash = {
+        x86_64-linux = "sha256-LxYADRdkiIsvHBaMy+MtJuUo8p5MLDKDL6pMtHaqokw=";
+        x86_64-darwin = "sha256-OwZpCTjEVzTu4M9jf0vOuTuiyn66qRc/pEO/DLD8pvg=";
+        aarch64-linux = "sha256-hNPimwzopC2Hj8i0I6KJAtvKXANACpmcN+onGvAaMvc=";
+        aarch64-darwin = "sha256-AuNFtvnG40Toll/hmEXeGuV6ZcxfuVuUTFqdtTLXRn8=";
+      };
+    };
+  };
+in
+stdenvNoCC.mkDerivation (finalAttrs: {
+  pname = "coder";
+  version = channels.${channel}.version;
+  src = fetchurl {
+    hash = (channels.${channel}.hash).${system};
+
+    url =
+      let
+        systemName =
+          {
+            x86_64-linux = "linux_amd64";
+            aarch64-linux = "linux_arm64";
+            x86_64-darwin = "darwin_amd64";
+            aarch64-darwin = "darwin_arm64";
+          }
+          .${system};
+
+        ext =
+          {
+            x86_64-linux = "tar.gz";
+            aarch64-linux = "tar.gz";
+            x86_64-darwin = "zip";
+            aarch64-darwin = "zip";
+          }
+          .${system};
+      in
+      "https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
+  };
+
+  nativeBuildInputs = [
+    installShellFiles
+    makeBinaryWrapper
+    unzip
+  ];
+
+  unpackPhase = ''
+    runHook preUnpack
+
+    case $src in
+        *.tar.gz) tar -xz -f "$src" ;;
+        *.zip)    unzip      "$src" ;;
+    esac
+
+    runHook postUnpack
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    install -D -m755 coder $out/bin/coder
+
+    runHook postInstall
+  '';
+
+  postInstall = ''
+    wrapProgram $out/bin/coder \
+      --prefix PATH : ${lib.makeBinPath [ terraform ]}
+  '';
+
+  # integration tests require network access
+  doCheck = false;
+
+  meta = {
+    description = "Provision remote development environments via Terraform";
+    homepage = "https://coder.com";
+    license = lib.licenses.agpl3Only;
+    mainProgram = "coder";
+    maintainers = with lib.maintainers; [
+      ghuntley
+      kylecarbs
+    ];
+  };
+
+  passthru = {
+    updateScript = ./update.sh;
+    tests = {
+      inherit (nixosTests) coder;
+    };
+  };
+})
-- 
cgit v1.2.3