From fe47dcd69f41869f76321ef08e99310c823da9ca Mon Sep 17 00:00:00 2001
From: ammario <ammar@ammar.io>
Date: Wed, 13 Jul 2022 00:26:23 +0000
Subject: [PATCH 1/4] Setup base template

---
 dogfood/README.md | 17 +++++++++++
 dogfood/main.tf   | 78 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 95 insertions(+)
 create mode 100644 dogfood/README.md
 create mode 100644 dogfood/main.tf

diff --git a/dogfood/README.md b/dogfood/README.md
new file mode 100644
index 0000000000000..ad98626584100
--- /dev/null
+++ b/dogfood/README.md
@@ -0,0 +1,17 @@
+# dogfood template
+
+## How is this hosted?
+
+Coder dogfoods on a beefy, single Teraswitch machine. We decided to use
+a bare metal provider for best-in-class cost-to-performance. We decided to
+use a single machine for crazy fast parallelized builds.
+
+# How is the provisioner configured?
+
+Our dogfood VM runs an SSH tunnel to our dogfood Docker host's docker socket.
+The socket is mounted on `/var/run/dogfood-docker.sock`.
+
+The SSH command can be found hanging out in the screen session named
+`docker-dogfood-tunnel`.
+
+The tunnel and corresponding SSH key is under the root user.
diff --git a/dogfood/main.tf b/dogfood/main.tf
new file mode 100644
index 0000000000000..7011fd714cf2f
--- /dev/null
+++ b/dogfood/main.tf
@@ -0,0 +1,78 @@
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = "0.4.2"
+    }
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~> 2.16.0"
+    }
+  }
+}
+
+# Admin parameters
+
+provider "docker" {
+  host = "unix:///var/run/dogfood-docker.sock"
+}
+
+provider "coder" {
+}
+
+data "coder_workspace" "me" {
+}
+
+resource "coder_agent" "dev" {
+  arch           = "amd64"
+  os             = "linux"
+  startup_script = <<EOF
+    #!/bin/sh
+    # install and start code-server
+    curl -fsSL https://code-server.dev/install.sh | sh
+    code-server --auth none --port 13337
+    EOF
+}
+
+resource "coder_app" "code-server" {
+  agent_id = coder_agent.dev.id
+  name     = "code-server"
+  url      = "http://localhost:13337/?folder=/home/coder"
+  icon     = "/icon/code.svg"
+}
+
+
+resource "docker_volume" "home_volume" {
+  name = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}-home"
+}
+
+resource "docker_container" "workspace" {
+  count = data.coder_workspace.me.start_count
+  image = "gcr.io/coder-dogfood/master/coder-dev-ubuntu:latest"
+  # Uses lower() to avoid Docker restriction on container names.
+  name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
+  # Hostname makes the shell more user friendly: coder@my-workspace:~$
+  hostname = lower(data.coder_workspace.me.name)
+  dns      = ["1.1.1.1"]
+  # Use the docker gateway if the access URL is 127.0.0.1
+  command = [
+    "sh", "-c",
+    <<EOT
+    trap '[ $? -ne 0 ] && echo === Agent script exited with non-zero code. Sleeping infinitely to preserve logs... && sleep infinity' EXIT
+    ${replace(coder_agent.dev.init_script, "localhost", "host.docker.internal")}
+    EOT
+  ]
+  # CPU limits are unnecessary since Docker will load balance automatically
+  memory  = 8192
+  runtime = "sysbox-runc"
+  env     = ["CODER_AGENT_TOKEN=${coder_agent.dev.token}"]
+  host {
+    host = "host.docker.internal"
+    ip   = "host-gateway"
+  }
+  volumes {
+    container_path = "/home/coder/"
+    volume_name    = docker_volume.home_volume.name
+    read_only      = false
+  }
+}

From b11ec1752245d1a293999a8caec2b018d7c21ded Mon Sep 17 00:00:00 2001
From: ammario <ammar@ammar.io>
Date: Wed, 13 Jul 2022 00:54:08 +0000
Subject: [PATCH 2/4] Add sysbox

---
 dogfood/README.md | 13 +++++++++++--
 dogfood/main.tf   |  4 +++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/dogfood/README.md b/dogfood/README.md
index ad98626584100..ed05f574e254e 100644
--- a/dogfood/README.md
+++ b/dogfood/README.md
@@ -1,10 +1,19 @@
 # dogfood template
 
+Ammar is this template's admin.
+
+This template runs the `gcr.io/coder-dogfood/master/coder-dev-ubuntu` Docker
+image in a `sysbox-runc` container.
+
+## Personalization
+
+The startup script runs your `~/personalize` file if it exists.
+
 ## How is this hosted?
 
 Coder dogfoods on a beefy, single Teraswitch machine. We decided to use
 a bare metal provider for best-in-class cost-to-performance. We decided to
-use a single machine for crazy fast parallelized builds.
+use a single machine for crazy fast parallelized builds and tests.
 
 # How is the provisioner configured?
 
@@ -12,6 +21,6 @@ Our dogfood VM runs an SSH tunnel to our dogfood Docker host's docker socket.
 The socket is mounted on `/var/run/dogfood-docker.sock`.
 
 The SSH command can be found hanging out in the screen session named
-`docker-dogfood-tunnel`.
+`forward`.
 
 The tunnel and corresponding SSH key is under the root user.
diff --git a/dogfood/main.tf b/dogfood/main.tf
index 7011fd714cf2f..7e713217a5cb0 100644
--- a/dogfood/main.tf
+++ b/dogfood/main.tf
@@ -6,7 +6,7 @@ terraform {
     }
     docker = {
       source  = "kreuzwerker/docker"
-      version = "~> 2.16.0"
+      version = "~> 2.18.0"
     }
   }
 }
@@ -31,6 +31,8 @@ resource "coder_agent" "dev" {
     # install and start code-server
     curl -fsSL https://code-server.dev/install.sh | sh
     code-server --auth none --port 13337
+    sudo service docker start
+    if [ -f ~/personalize ]; then ~/personalize 2>&1 | tee  ~/.personalize.log; fi
     EOF
 }
 

From b5a85265c3d63554544a920cebe1141488567b14 Mon Sep 17 00:00:00 2001
From: ammario <ammar@ammar.io>
Date: Wed, 13 Jul 2022 01:06:44 +0000
Subject: [PATCH 3/4] Run code-server in background

---
 dogfood/main.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dogfood/main.tf b/dogfood/main.tf
index 7e713217a5cb0..f37dc0c9fdb6f 100644
--- a/dogfood/main.tf
+++ b/dogfood/main.tf
@@ -28,9 +28,10 @@ resource "coder_agent" "dev" {
   os             = "linux"
   startup_script = <<EOF
     #!/bin/sh
+    set -x
     # install and start code-server
     curl -fsSL https://code-server.dev/install.sh | sh
-    code-server --auth none --port 13337
+    code-server --auth none --port 13337 &
     sudo service docker start
     if [ -f ~/personalize ]; then ~/personalize 2>&1 | tee  ~/.personalize.log; fi
     EOF

From 7e1d1d3936c81178fbc9dc8cf72050bbccfd446b Mon Sep 17 00:00:00 2001
From: ammario <ammar@ammar.io>
Date: Wed, 13 Jul 2022 01:12:59 +0000
Subject: [PATCH 4/4] Fix small typo

---
 dogfood/README.md | 2 +-
 dogfood/main.tf   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dogfood/README.md b/dogfood/README.md
index ed05f574e254e..e4ffc192e95e7 100644
--- a/dogfood/README.md
+++ b/dogfood/README.md
@@ -15,7 +15,7 @@ Coder dogfoods on a beefy, single Teraswitch machine. We decided to use
 a bare metal provider for best-in-class cost-to-performance. We decided to
 use a single machine for crazy fast parallelized builds and tests.
 
-# How is the provisioner configured?
+## How is the provisioner configured?
 
 Our dogfood VM runs an SSH tunnel to our dogfood Docker host's docker socket.
 The socket is mounted on `/var/run/dogfood-docker.sock`.
diff --git a/dogfood/main.tf b/dogfood/main.tf
index f37dc0c9fdb6f..5407a631e16e3 100644
--- a/dogfood/main.tf
+++ b/dogfood/main.tf
@@ -66,7 +66,7 @@ resource "docker_container" "workspace" {
     EOT
   ]
   # CPU limits are unnecessary since Docker will load balance automatically
-  memory  = 8192
+  memory  = 32768
   runtime = "sysbox-runc"
   env     = ["CODER_AGENT_TOKEN=${coder_agent.dev.token}"]
   host {