-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcompose.yaml
More file actions
94 lines (76 loc) · 3.19 KB
/
Copy pathcompose.yaml
File metadata and controls
94 lines (76 loc) · 3.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: code-server
x-daemonless:
title: "code-server"
icon: ":material-microsoft-visual-studio-code:"
category: "Development"
description: "VS Code in the browser — run a full development environment on your FreeBSD server and access it from anywhere."
notes: |
!!! warning "Work in Progress"
This image is functional but may change significantly in a future release.
Common dev tools (gcc, clang, llvm, python, gmake, git, ssh) are baked into the image for now.
## Running commands as `root` in Terminal
Podman strips the setuid bit from binaries at runtime, so `sudo`, `su`, and `doas` will not work inside the code-server terminal.
To allow running commands as the `root` user, we can use FreeBSD's MAC framework and the `mdo` command which does not depend on the setuid bit being set.
The `mac_do` kernel module has to be loaded on the host which runs Podman before the container is started.
You can load the module at runtime by running
```sh
kldload mac_do
```
To load the module automatically during boot you can add it to `rc.conf` with
```sh
sysrc kld_list+=mac_do
```
If the `mac_do` module is loaded when the container starts, it will automatically install a rule that allows the `bsd` user to execute commands as root by running `mdo <command>`.
To disable the installation of the `mac_do` rule that allows the privilege elevation, you can set the `DISABLE_MDO` environment variable to `true` or `yes`:
```yaml
services:
code-server:
environment:
- DISABLE_MDO=true
```
## Installing Packages
If the `mac_do` module is loaded on the host you can install packages in the terminal by running
```sh
mdo pkg install...
```
If the module is not loaded or if `DISABLE_MDO` is set to `true` you have to install additional packages from the host using `podman exec`:
```sh
# Podman
doas podman exec -it -u root code-server pkg install rust cargo
# AppJail
doas appjail cmd jexec code_server pkg install rust cargo
```
!!! warning "Packages are not persistent"
If you recreate the container, you will need to reinstall any packages you have added.
upstream_url: "https://github.com/coder/code-server"
web_url: "https://coder.com/docs/code-server"
upstream_binary: true
user: "bsd"
mlock: false
community: ""
appjail: true
docs:
env:
PUID: "User ID for the application process"
PGID: "Group ID for the application process"
TZ: "Timezone for the container"
PASSWORD: "Password for web UI (leave unset to disable auth)"
DEFAULT_WORKSPACE: "Default folder opened in the editor (default: /config/workspace)"
DISABLE_MDO: "Do not use FreeBSD's mac_do facility to allow executing commands as root from the terminal (optional)"
volumes:
/config: "Configuration directory"
ports:
8080: "Web UI"
services:
code-server:
image: ghcr.io/daemonless/code-server:latest
container_name: code-server
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=UTC
volumes:
- /path/to/containers/code-server:/config
ports:
- 8080:8080