60 lines
2.1 KiB
Docker
60 lines
2.1 KiB
Docker
# 使用官方 GitHub 源镜像
|
||
FROM ghcr.io/coder/code-server:latest
|
||
|
||
# 切换 root 进行安装
|
||
USER root
|
||
|
||
# 1. 安装基础工具
|
||
RUN apt-get update && apt-get install -y \
|
||
git \
|
||
locales \
|
||
&& rm -rf /var/lib/apt/lists/* \
|
||
&& locale-gen zh_CN.UTF-8
|
||
|
||
# 设置语言环境
|
||
ENV LANG=zh_CN.UTF-8
|
||
ENV LC_ALL=zh_CN.UTF-8
|
||
|
||
# 2. [安全] 物理禁用终端
|
||
RUN usermod -s /usr/sbin/nologin coder
|
||
|
||
# 切换回 coder 用户进行插件和配置操作
|
||
USER coder
|
||
|
||
# ... (前面的步骤保持不变)
|
||
|
||
# 3. [插件] 预装必要的阅读插件
|
||
# 修正了 One Dark Pro 的 ID,并优化了安装逻辑
|
||
RUN code-server --install-extension MS-CEINTL.vscode-language-pack-zh-hans \
|
||
&& code-server --install-extension eamodio.gitlens \
|
||
&& code-server --install-extension mhutchie.git-graph \
|
||
&& code-server --install-extension pkief.material-icon-theme \
|
||
# --- [修正点] 使用正确的 ID ---
|
||
&& code-server --install-extension zhuangtongfa.Material-theme \
|
||
# ---------------------------
|
||
&& code-server --install-extension golang.Go \
|
||
&& code-server --install-extension ms-python.python
|
||
|
||
# 4. [配置] 注入设置文件
|
||
RUN mkdir -p /home/coder/.local/share/code-server/User
|
||
COPY --chown=coder:coder settings.json /home/coder/.local/share/code-server/User/settings.json
|
||
COPY --chown=coder:coder keybindings.json /home/coder/.local/share/code-server/User/keybindings.json
|
||
|
||
# 切换回 root 进行最后的“封锁”操作
|
||
USER root
|
||
|
||
# 5. [核心封锁] 锁定插件目录,禁止写入
|
||
# 将插件目录权限设为 555 (只读/执行),用户无法再安装或卸载任何东西
|
||
RUN chmod -R 555 /home/coder/.local/share/code-server/extensions
|
||
|
||
# 6. [核心封锁] 屏蔽插件市场网络 (可选)
|
||
# 通过设置环境变量,把插件市场 URL 指向空,这样搜索插件会直接报错或为空
|
||
ENV EXTENSIONS_GALLERY='{"serviceUrl": ""}'
|
||
|
||
# 删除历史遗留的 config.yaml,避免 auth 被写死
|
||
RUN rm -f /home/coder/.config/code-server/config.yaml
|
||
|
||
# 最后切换回 coder 用户运行
|
||
USER coder
|
||
|
||
CMD ["code-server", "--bind-addr", "0.0.0.0:8080", "--auth", "none"] |