# code-server — VS Code in the browser, served from the box. The point:
# Claude Code (extension + CLI) runs *inside this container*, so long
# agent tasks keep running when the laptop sleeps. Any device on the
# tailnet gets the full VS Code experience at http://framework:8443.
#
# linuxserver image over codercom/code-server for the PUID/PGID
# convention (matches host `noise` UID 1000 so workspace files don't
# come out root-owned) and the s6 init that chowns /config.
#
# Extensions come from Open VSX (code-server's default registry). The
# official Claude Code extension is published there:
# https://open-vsx.org/extension/Anthropic/claude-code
#
# Persistent state: /config is the container user's $HOME — extensions,
# settings, ~/.claude (OAuth creds + session history), ~/.local/bin
# (claude CLI). Survives container recreation; back up one path.
services:
  code-server:
    image: lscr.io/linuxserver/code-server:latest
    container_name: code-server
    restart: unless-stopped

    # No PASSWORD env set — auth is disabled, same trust model as every
    # other service here: reachable over Tailscale only. If this host
    # ever sees LAN/internet traffic, set HASHED_PASSWORD (and even then
    # prefer "127.0.0.1:8443:8443" + tunnel — a browser terminal is a
    # shell on the box's docker network).
    ports:
      - "8443:8443"

    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      # Open this folder by default instead of the "welcome" screen.
      - DEFAULT_WORKSPACE=/workspace
      # tmux inside the container: detachable terminals for long claude
      # runs, so a browser-tab close or code-server reconnect hiccup
      # can't orphan your view of a session (the process itself never
      # depended on the tab — it's a child of the container).
      - DOCKER_MODS=linuxserver/mods:universal-package-install
      - INSTALL_PACKAGES=tmux

    extra_hosts:
      # Reach the sibling services (Ollama :11434, LiteLLM :4000,
      # Phoenix :6006, ...) from the integrated terminal / extensions.
      - "host.docker.internal:host-gateway"

    volumes:
      - /srv/docker/code-server/config:/config
      # Default project area. Container-scoped on purpose — Claude Code
      # in here can't touch /srv/docker compose stacks or the host.
      # Mount additional repos explicitly when you want them editable:
      #   - /home/noise/src/somerepo:/workspace/somerepo
      - /srv/docker/code-server/workspace:/workspace