Setting DOCKER_USER with updated home directory?

[avaidyam]

This issue is more about deploying code-server using Docker, and relates to issue #2057 (I think). I think it makes sense to also change the home directory from /home/coder and I've made minor changes to the entrypoint.sh script for this:

#!/bin/sh
set -eu

# We do this first to ensure sudo works below when renaming the user.
# Otherwise the current container UID may not exist in the passwd database.
eval "$(fixuid -q)"

if [ "${DOCKER_USER-}" ]; then
  echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
  sudo usermod --login "$DOCKER_USER" ${DOCKER_HOME:+"--home"} $DOCKER_HOME coder
  sudo groupmod -n "$DOCKER_USER" coder

  USER="$DOCKER_USER"
  if [ "${DOCKER_HOME-}" ]; then
  	HOME="$DOCKER_HOME"
    mkdir -p $HOME/.local/share/R/library && cd $HOME
  fi

  sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
fi

dumb-init /usr/bin/code-server "$@"

The matching Dockerfile we use.

(NOTE: Do NOT use the SERVICE_URL and ITEM_URL we are using in this Dockerfile as part of a public project!)

FROM codercom/code-server:3.7.4
USER root

# Install Debian testing repository sources and Docker CLI
# Install Apt packages (R + Tidyverse, Python, NodeJS)
RUN \
  echo 'deb http://http.us.debian.org/debian/ testing non-free contrib main' >> /etc/apt/sources.list && \
  apt-get update -y && \
  apt-get install -y -t testing \
    docker.io \
    ffmpeg \
    dvipng \
    cm-super \
    libgeos-dev \
    tmux \
    nodejs \
    npm \
    python3-pip \
    r-base \
    r-base-dev \
    r-cran-littler \
    r-cran-devtools \
    r-cran-tidyverse \
    r-cran-upsetr \
    r-cran-irkernel

# Install Python packages
RUN pip3 install \
  numpy \
  scipy \
  matplotlib \
  ipython \
  jupyter \
  pandas \
  seaborn \
  altair \
  ipykernel \
  stats \
  geopy \
  tzwhere \
  dask \
  beautifulsoup4 \
  bokeh \
  bottleneck \
  cloudpickle \
  cython \
  dill \
  h5py \
  statsmodels \
  sympy \
  tables \
  numexpr \
  patsy \
  protobuf \
  sqlalchemy \
  xlrd \
  plotly \
  keras && \
  pip install scikit-learn scikit-image

# Configure IRKernel/IPyKernel.
RUN Rscript -e "IRkernel::installspec()" && python3 -m ipykernel install

# Configure VSCode extensions list and R/Py package managers.
ENV SERVICE_URL=https://marketplace.visualstudio.com/_apis/public/gallery
ENV ITEM_URL=https://marketplace.visualstudio.com/items
ENV R_LIBS_USER=~/.local/share/R/library
ENV PIP_USER=1

# VSCode extensions (must use --extra-extensions-dir=/opt/code-server/extensions)
RUN \
  code-server --extensions-dir /opt/code-server/extensions --install-extension ms-python.python && \
  code-server --extensions-dir /opt/code-server/extensions --install-extension ms-vscode.vscode-typescript-tslint-plugin && \
  code-server --extensions-dir /opt/code-server/extensions --install-extension ms-azuretools.vscode-docker && \
  code-server --extensions-dir /opt/code-server/extensions --install-extension ms-toolsai.jupyter && \
  code-server --extensions-dir /opt/code-server/extensions --install-extension GrapeCity.gc-excelviewer && \
  code-server --extensions-dir /opt/code-server/extensions --install-extension esbenp.prettier-vscode && \
  code-server --extensions-dir /opt/code-server/extensions --install-extension dbaeumer.vscode-eslint

# Updated the entrypoint script for DOCKER_HOME and restore from root to (different) UID:GID.
COPY ./entrypoint.sh /usr/bin/entrypoint.sh
RUN echo '{"folders": [{"path":"/home"},{"path":"/data"}],"settings":{"terminal.integrated.cwd": "${env:HOME}"}}' > /default.code-workspace
USER 500:500
ENTRYPOINT ["/usr/bin/entrypoint.sh", "--extra-extensions-dir", "/opt/code-server/extensions", "--disable-telemetry", "--bind-addr", "0.0.0.0:8080", "/default.code-workspace"]

@nhooyr I believe you made the entrypoint script changes some time ago, are there any plans to support behavior like this (i.e. DOCKER_HOME optional variable)?

[nhooyr]

We've tried to do this but were unable to get it to work correctly.

See the justification in the current script:

  # Unfortunately we cannot change $HOME as we cannot move any bind mounts
  # nor can we bind mount $HOME into a new home as that requires a privileged container.

[nhooyr]

Actually maybe we should support the second variable you mentioned. If $DOCKER_HOME is set, then it's on the user to make sure the bind mounts come in at the correct path.

[avaidyam]

@nhooyr Right, and because it's optional it plays nicely with existing configurations too. I've updated the original issue text with the final versions of the Dockerfile and entrypoint.sh we're using for a standardized IDE across our team/for teaching purposes.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no activity occurs in the next 5 days.

[KaKi87]

Hello,

Those SERVICE_URL & ITEM_URL values no longer work, would you have up to date ones ?

Thanks

[code-asher]

The marketplace settings were combined into a single JSON blob you can set via the `EXTENSIONS_GALLERY` environment variable. The valid keys are `serviceUrl`, `itemUrl`, and `resourceUrlTemplate`. Example with Open VSX: ``` { serviceUrl: "https://open-vsx.org/vscode/gallery", itemUrl: "https://open-vsx.org/vscode/item", resourceUrlTemplate: "https://open-vsx.org/vscode/asset/{publisher}/{name}/{version}/Microsoft.VisualStudio.Code.WebResources/{path}", } ``` Some info here in the docs as well: https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-use-my-own-extensions-marketplace

[KaKi87]

Yes but what are the up to date values for using the same data source as in OP's snippet ?
That was actually my question.
Thanks

[code-asher]

Ah, that I cannot comment on; technically code-server is not allowed to use the official marketplace.