commit c092eff2c84244e5071e7b45ae6e3432cc175eb9 Author: zhilv Date: Thu Jan 8 14:52:58 2026 +0800 feat: init custom code-server read-only image diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cb46fa9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +# 忽略挂载的真实代码目录 +repos/ +storage/ +data/ +code-data/ + +# 忽略 Docker 可能产生的临时文件 +*.log + +# 忽略系统文件 +.DS_Store +Thumbs.db \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..05510bb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,55 @@ +# 使用官方 GitHub 源镜像 +FROM ghcr.io/coder/code-server:latest + +# 切换 root 进行安装 +USER root + +# 1. 安装基础工具 +RUN apt-get update && apt-get install -y \ + git \ + locales \ + && rm -rf /var/lib/apt/lists/* \ + && locale-gen zh_CN.UTF-8 + +# 设置语言环境 +ENV LANG=zh_CN.UTF-8 +ENV LC_ALL=zh_CN.UTF-8 + +# 2. [安全] 物理禁用终端 +RUN usermod -s /usr/sbin/nologin coder + +# 切换回 coder 用户进行插件和配置操作 +USER coder + +# ... (前面的步骤保持不变) + +# 3. [插件] 预装必要的阅读插件 +# 修正了 One Dark Pro 的 ID,并优化了安装逻辑 +RUN code-server --install-extension MS-CEINTL.vscode-language-pack-zh-hans \ + && code-server --install-extension eamodio.gitlens \ + && code-server --install-extension mhutchie.git-graph \ + && code-server --install-extension pkief.material-icon-theme \ + # --- [修正点] 使用正确的 ID --- + && code-server --install-extension zhuangtongfa.Material-theme \ + # --------------------------- + && code-server --install-extension golang.Go \ + && code-server --install-extension ms-python.python + +# 4. [配置] 注入设置文件 +RUN mkdir -p /home/coder/.local/share/code-server/User +COPY --chown=coder:coder settings.json /home/coder/.local/share/code-server/User/settings.json +COPY --chown=coder:coder keybindings.json /home/coder/.local/share/code-server/User/keybindings.json + +# 切换回 root 进行最后的“封锁”操作 +USER root + +# 5. [核心封锁] 锁定插件目录,禁止写入 +# 将插件目录权限设为 555 (只读/执行),用户无法再安装或卸载任何东西 +RUN chmod -R 555 /home/coder/.local/share/code-server/extensions + +# 6. [核心封锁] 屏蔽插件市场网络 (可选) +# 通过设置环境变量,把插件市场 URL 指向空,这样搜索插件会直接报错或为空 +ENV EXTENSIONS_GALLERY='{"serviceUrl": ""}' + +# 最后切换回 coder 用户运行 +USER coder \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..be5c812 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,15 @@ +services: + code-viewer: + build: . + image: code-server:v1 + container_name: code-viewer + restart: always + environment: + - TZ=Asia/Shanghai + - AUTH=none + - PASSWORD=123456 + volumes: + # 只挂载代码,不挂载配置和插件目录! + - ./repos:/home/coder/project:ro + ports: + - "8443:8080" diff --git a/keybindings.json b/keybindings.json new file mode 100644 index 0000000..29351fc --- /dev/null +++ b/keybindings.json @@ -0,0 +1,12 @@ +[ + // 拦截 F5 调试 + { "key": "f5", "command": "-workbench.action.debug.start" }, + { "key": "shift+f5", "command": "-workbench.action.debug.stop" }, + + // 拦截 调试面板 (Ctrl+Shift+D) + { "key": "ctrl+shift+d", "command": "-workbench.view.debug" }, + + // 拦截 终端快捷键 (Ctrl+` 和 Ctrl+Shift+`) + { "key": "ctrl+`", "command": "-workbench.action.terminal.toggleTerminal" }, + { "key": "ctrl+shift+`", "command": "-workbench.action.terminal.new" } +] \ No newline at end of file diff --git a/settings.json b/settings.json new file mode 100644 index 0000000..3dfde93 --- /dev/null +++ b/settings.json @@ -0,0 +1,34 @@ +{ + /* ------ 1. 缩放功能 ------ */ + "editor.mouseWheelZoom": true, + + /* ------ 2. UI 隐藏 ------ */ + // 隐藏侧边栏的“扩展”视图 (软隐藏) + // 虽然用户能通过菜单打开,但打开了也装不了东西(因为我们锁了权限) + "workbench.view.extensions.visible": false, + "workbench.view.debug.visible": false, + + // 隐藏状态栏 + "workbench.statusBar.visible": false, + + // 顶部菜单紧凑 + "window.menuBarVisibility": "compact", + + // 隐藏小地图 + "editor.minimap.enabled": false, + + /* ------ 3. 插件管理策略 ------ */ + // 禁止自动更新插件 + "extensions.autoUpdate": false, + // 忽略推荐 + "extensions.ignoreRecommendations": true, + + /* ------ 4. 终端与只读 ------ */ + "terminal.integrated.visible": false, + "files.readonlyInclude": { "**": true }, + "files.autoSave": "off", + + /* ------ 5. 主题 ------ */ + "workbench.colorTheme": "One Dark Pro", + "workbench.iconTheme": "material-icon-theme" +} \ No newline at end of file