feat: init custom code-server read-only image

2026-01-08 14:52:58 +08:00
commit c092eff2c8
5 changed files with 128 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,12 @@
 # 忽略挂载的真实代码目录
 repos/
 storage/
 data/
 code-data/
 # 忽略 Docker 可能产生的临时文件
 *.log
 # 忽略系统文件
 .DS_Store
 Thumbs.db
--- a/55
+++ b/55
@@ -0,0 +1,55 @@
 # 使用官方 GitHub 源镜像
 FROM ghcr.io/coder/code-server:latest
 # 切换 root 进行安装
 USER root
 # 1. 安装基础工具
 RUN apt-get update && apt-get install -y \
    git \
    locales \
    && rm -rf /var/lib/apt/lists/* \
    && locale-gen zh_CN.UTF-8
 # 设置语言环境
 ENV LANG=zh_CN.UTF-8
 ENV LC_ALL=zh_CN.UTF-8
 # 2. [安全] 物理禁用终端
 RUN usermod -s /usr/sbin/nologin coder
 # 切换回 coder 用户进行插件和配置操作
 USER coder
 # ... (前面的步骤保持不变)
 # 3. [插件] 预装必要的阅读插件
 # 修正了 One Dark Pro 的 ID，并优化了安装逻辑
 RUN code-server --install-extension MS-CEINTL.vscode-language-pack-zh-hans \
    && code-server --install-extension eamodio.gitlens \
    && code-server --install-extension mhutchie.git-graph \
    && code-server --install-extension pkief.material-icon-theme \
    # --- [修正点] 使用正确的 ID ---
    && code-server --install-extension zhuangtongfa.Material-theme \
    # ---------------------------
    && code-server --install-extension golang.Go \
    && code-server --install-extension ms-python.python
 # 4. [配置] 注入设置文件
 RUN mkdir -p /home/coder/.local/share/code-server/User
 COPY --chown=coder:coder settings.json /home/coder/.local/share/code-server/User/settings.json
 COPY --chown=coder:coder keybindings.json /home/coder/.local/share/code-server/User/keybindings.json
 # 切换回 root 进行最后的“封锁”操作
 USER root
 # 5. [核心封锁] 锁定插件目录，禁止写入
 # 将插件目录权限设为 555 (只读/执行)，用户无法再安装或卸载任何东西
 RUN chmod -R 555 /home/coder/.local/share/code-server/extensions
 # 6. [核心封锁] 屏蔽插件市场网络 (可选)
 # 通过设置环境变量，把插件市场 URL 指向空，这样搜索插件会直接报错或为空
 ENV EXTENSIONS_GALLERY='{"serviceUrl": ""}'
 # 最后切换回 coder 用户运行
 USER coder
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -0,0 +1,15 @@
 services:
  code-viewer:
    build: .
    image: code-server:v1
    container_name: code-viewer
    restart: always
    environment:
      - TZ=Asia/Shanghai
      - AUTH=none
      - PASSWORD=123456
    volumes:
      # 只挂载代码，不挂载配置和插件目录！
      - ./repos:/home/coder/project:ro
    ports:
      - "8443:8080"
--- a/keybindings.json
+++ b/keybindings.json
@@ -0,0 +1,12 @@
 [
    // 拦截 F5 调试
    { "key": "f5", "command": "-workbench.action.debug.start" },
    { "key": "shift+f5", "command": "-workbench.action.debug.stop" },
    // 拦截 调试面板 (Ctrl+Shift+D)
    { "key": "ctrl+shift+d", "command": "-workbench.view.debug" },
    // 拦截 终端快捷键 (Ctrl+` 和 Ctrl+Shift+`)
    { "key": "ctrl+`", "command": "-workbench.action.terminal.toggleTerminal" },
    { "key": "ctrl+shift+`", "command": "-workbench.action.terminal.new" }
 ]
--- a/settings.json
+++ b/settings.json
@@ -0,0 +1,34 @@
 {
    /* ------ 1. 缩放功能 ------ */
    "editor.mouseWheelZoom": true,
    /* ------ 2. UI 隐藏 ------ */
    // 隐藏侧边栏的“扩展”视图 (软隐藏)
    // 虽然用户能通过菜单打开，但打开了也装不了东西(因为我们锁了权限)
    "workbench.view.extensions.visible": false,
    "workbench.view.debug.visible": false,
    // 隐藏状态栏
    "workbench.statusBar.visible": false,
    // 顶部菜单紧凑
    "window.menuBarVisibility": "compact",
    // 隐藏小地图
    "editor.minimap.enabled": false,
    /* ------ 3. 插件管理策略 ------ */
    // 禁止自动更新插件
    "extensions.autoUpdate": false,
    // 忽略推荐
    "extensions.ignoreRecommendations": true,
    /* ------ 4. 终端与只读 ------ */
    "terminal.integrated.visible": false,
    "files.readonlyInclude": { "**": true },
    "files.autoSave": "off",
    /* ------ 5. 主题 ------ */
    "workbench.colorTheme": "One Dark Pro",
    "workbench.iconTheme": "material-icon-theme"
 }