version: '3.8'

services:
  coder:
    image: ghcr.io/coder/coder:latest
    container_name: coder
    restart: unless-stopped
    environment:
      # === 資料庫連線（同 stack 內的 postgres）===
      CODER_PG_CONNECTION_URL: postgresql://coder:${POSTGRES_PASSWORD}@postgres:5432/coder?sslmode=disable

      # === 外部存取設定 ===
      CODER_ADDRESS: 0.0.0.0:3000
      CODER_WILDCARD_ACCESS_URL: "https://*.coder.your-domain.com"  # 子域名給 workspace
      CODER_ACCESS_URL: "https://coder.your-domain.com"            # 主 dashboard

      # === TLS 由 Nginx/Cloudflared 處理 ===
      CODER_TLS_ENABLE: "false"

      # === GitHub OIDC SSO（多使用者自動登入）===
      CODER_OIDC_ISSUER_URL: "https://token.actions.githubusercontent.com"
      CODER_OIDC_CLIENT_ID: "${CODER_OIDC_CLIENT_ID}"
      CODER_OIDC_CLIENT_SECRET: "${CODER_OIDC_CLIENT_SECRET}"
      CODER_OIDC_EMAIL_DOMAIN: ""  # 留空允許所有 GitHub 帳號
      CODER_OIDC_ALLOW_SIGNUPS: "true"

      # === Docker 權限（讓 Coder 建立 workspace 容器）===
      DOCKER_HOST: "unix:///var/run/docker.sock"

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - coder_data:/home/coder/.config
    networks:
      - coder-net
    depends_on:
      - postgres
    # 不暴露端口！由 Nginx 反向代理
    # ports:
    #   - "3000:3000"

  postgres:
    image: postgres:15-alpine
    container_name: coder-postgres
    restart: unless-stopped
    environment:
      POSTGRES_DB: coder
      POSTGRES_USER: coder
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - coder-net

volumes:
  coder_data:
    driver: local
  postgres_data:
    driver: local

networks:
  coder-net:
    driver: bridge
    name: coder_network