diff --git a/stack/vs-code-server.yml b/stack/vs-code-server.yml
new file mode 100644
index 0000000..f5fe807
--- /dev/null
+++ b/stack/vs-code-server.yml
@@ -0,0 +1,63 @@
+version: '3.8'
+
+services:
+  coder:
+    image: ghcr.io/coder/coder:latest
+    container_name: coder
+    restart: unless-stopped
+    environment:
+      # === 資料庫連線（同 stack 內的 postgres）===
+      CODER_PG_CONNECTION_URL: postgresql://coder:${POSTGRES_PASSWORD}@postgres:5432/coder?sslmode=disable
+
+      # === 外部存取設定 ===
+      CODER_ADDRESS: 0.0.0.0:3000
+      CODER_WILDCARD_ACCESS_URL: "https://*.coder.your-domain.com"  # 子域名給 workspace
+      CODER_ACCESS_URL: "https://coder.your-domain.com"            # 主 dashboard
+
+      # === TLS 由 Nginx/Cloudflared 處理 ===
+      CODER_TLS_ENABLE: "false"
+
+      # === GitHub OIDC SSO（多使用者自動登入）===
+      CODER_OIDC_ISSUER_URL: "https://token.actions.githubusercontent.com"
+      CODER_OIDC_CLIENT_ID: "${CODER_OIDC_CLIENT_ID}"
+      CODER_OIDC_CLIENT_SECRET: "${CODER_OIDC_CLIENT_SECRET}"
+      CODER_OIDC_EMAIL_DOMAIN: ""  # 留空允許所有 GitHub 帳號
+      CODER_OIDC_ALLOW_SIGNUPS: "true"
+
+      # === Docker 權限（讓 Coder 建立 workspace 容器）===
+      DOCKER_HOST: "unix:///var/run/docker.sock"
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - coder_data:/home/coder/.config
+    networks:
+      - coder-net
+    depends_on:
+      - postgres
+    # 不暴露端口！由 Nginx 反向代理
+    # ports:
+    #   - "3000:3000"
+
+  postgres:
+    image: postgres:15-alpine
+    container_name: coder-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: coder
+      POSTGRES_USER: coder
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    networks:
+      - coder-net
+
+volumes:
+  coder_data:
+    driver: local
+  postgres_data:
+    driver: local
+
+networks:
+  coder-net:
+    driver: bridge
+    name: coder_network