version: '3.8'

services:
  coder:
    image: ghcr.io/coder/coder:latest
    container_name: coder
    restart: unless-stopped
    user: "5000:5000"  # 非 root
    environment:
      # === 資料庫 ===
      CODER_PG_CONNECTION_URL: postgresql://coder:${POSTGRES_PASSWORD}@postgres:5432/coder?sslmode=disable

      # === 外部 URL ===
      CODER_ACCESS_URL: https://code.karylab.com
      CODER_WILDCARD_ACCESS_URL: https://*.code.karylab.com

      # === TLS 由 Nginx 處理 ===
      CODER_TLS_ENABLE: "false"

      # === GitHub OIDC ===
      CODER_OIDC_ISSUER_URL: https://token.actions.githubusercontent.com
      CODER_OIDC_CLIENT_ID: ${CODER_OIDC_CLIENT_ID}
      CODER_OIDC_CLIENT_SECRET: ${CODER_OIDC_CLIENT_SECRET}
      CODER_OIDC_ALLOW_SIGNUPS: "true"

      CODER_HOME: /config/coder

    volumes:
      # 使用者 config（.config, .cache, extensions）→ volume
      - user_config:/config/users
      # 使用者程式碼 → 宿主實體目錄（bind mount）
      - /mnt/data/External/code:/projects
      # Coder 系統設定 → volume
      - coder_system:/config/coder
    networks:
      - coder-net
      - webproxy  # webproxy 網橋
    depends_on:
      - postgres

  postgres:
    image: postgres:15-alpine
    container_name: coder-postgres
    restart: unless-stopped
    environment:
      POSTGRES_DB: coder
      POSTGRES_USER: coder
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - coder-net

volumes:
  user_config:        # 所有使用者 .config, .cache
  coder_system:       # Coder 系統設定
  postgres_data:      # 資料庫

networks:
  coder-net:
    driver: bridge
  webproxy:
    external: true  #外部網橋