Refactor vs-code-server.yml for clarity and structure

2025-11-16 12:15:18 +08:00
parent b85963054c
commit 4a514da6af
1 changed files with 20 additions and 21 deletions
--- a/stack/vs-code-server.yml
+++ b/stack/vs-code-server.yml
@@ -5,38 +5,32 @@ services:
    image: ghcr.io/coder/coder:latest
    container_name: coder
    restart: unless-stopped
+    user: "1000:1000"  # 非 root
    environment:
-      # === 資料庫連線（同 stack 內的 postgres）===
+      # === 資料庫 ===
      CODER_PG_CONNECTION_URL: postgresql://coder:${POSTGRES_PASSWORD}@postgres:5432/coder?sslmode=disable

-      # === 外部存取設定 ===
-      CODER_ADDRESS: 0.0.0.0:3000
-      CODER_WILDCARD_ACCESS_URL: "https://*.coder.your-domain.com"  # 子域名給 workspace
-      CODER_ACCESS_URL: "https://coder.your-domain.com"            # 主 dashboard
+      # === 外部 URL ===
+      CODER_ACCESS_URL: https://coder.your-domain.com
+      CODER_WILDCARD_ACCESS_URL: https://*.coder.your-domain.com

-      # === TLS 由 Nginx/Cloudflared 處理 ===
+      # === TLS 由 Nginx 處理 ===
      CODER_TLS_ENABLE: "false"

-      # === GitHub OIDC SSO（多使用者自動登入）===
-      CODER_OIDC_ISSUER_URL: "https://token.actions.githubusercontent.com"
-      CODER_OIDC_CLIENT_ID: "${CODER_OIDC_CLIENT_ID}"
-      CODER_OIDC_CLIENT_SECRET: "${CODER_OIDC_CLIENT_SECRET}"
-      CODER_OIDC_EMAIL_DOMAIN: ""  # 留空允許所有 GitHub 帳號
+      # === GitHub OIDC ===
+      CODER_OIDC_ISSUER_URL: https://token.actions.githubusercontent.com
+      CODER_OIDC_CLIENT_ID: ${CODER_OIDC_CLIENT_ID}
+      CODER_OIDC_CLIENT_SECRET: ${CODER_OIDC_CLIENT_SECRET}
      CODER_OIDC_ALLOW_SIGNUPS: "true"

-      # === Docker 權限（讓 Coder 建立 workspace 容器）===
-      DOCKER_HOST: "unix:///var/run/docker.sock"
-
    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - coder_data:/home/coder/.config
+      # 每個使用者獨立資料夾
+      - user_data:/home
+      - coder_config:/home/coder/.config
    networks:
      - coder-net
    depends_on:
      - postgres
-    # 不暴露端口！由 Nginx 反向代理
-    # ports:
-    #   - "3000:3000"

  postgres:
    image: postgres:15-alpine
@@ -52,7 +46,13 @@ services:
      - coder-net

 volumes:
-  coder_data:
+  user_data:
+    driver: local
+    driver_opts:
+      type: none
+      device: /path/to/host/user_data   # 宿主機目錄
+      o: bind
+  coder_config:
    driver: local
  postgres_data:
    driver: local
@@ -60,4 +60,3 @@ volumes:
 networks:
  coder-net:
    driver: bridge
-    name: coder_network