services:
  coder:
    # This MUST be stable for our documentation and
    # other automations.
    image: ${CODER_REPO:-ghcr.io/coder/coder}:${CODER_VERSION:-latest}
    ports:
      - "7080:7080"
    environment:
      CODER_PG_CONNECTION_URL: "postgresql://${POSTGRES_USER:-username}:${POSTGRES_PASSWORD:-password}@database/${POSTGRES_DB:-coder}?sslmode=disable"
      CODER_HTTP_ADDRESS: "0.0.0.0:7080"
      # You'll need to set CODER_ACCESS_URL to an IP or domain
      # that workspaces can reach. This cannot be localhost
      # or 127.0.0.1 for non-Docker templates!
      CODER_ACCESS_URL: "${CODER_ACCESS_URL}"
      
      # OpenID connect config
      CODER_OIDC_ISSUER_URL: "${CODER_OIDC_ISSUER_URL}"
      CODER_OIDC_EMAIL_DOMAIN: "${CODER_OIDC_EMAIL_DOMAIN}"
      CODER_OIDC_CLIENT_ID: "${CODER_OIDC_CLIENT_ID}"
      CODER_OIDC_CLIENT_SECRET: "${CODER_OIDC_CLIENT_SECRET}"
      CODER_OIDC_IGNORE_EMAIL_VERIFIED: true
      CODER_OIDC_SIGN_IN_TEXT: "Sign in with Authentik"
      CODER_OIDC_ICON_URL: https://authentik.company/static/dist/assets/icons/icon.png
      CODER_OIDC_SCOPES: openid,profile,email,offline_access

    # If the coder user does not have write permissions on
    # the docker socket, you can uncomment the following
    # lines and set the group ID to one that has write
    # permissions on the docker socket.
    group_add:
     - "998" # docker group on host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      # Run "docker volume rm coder_coder_home" to reset the dev tunnel url (https://abc.xyz.try.coder.app).
      # This volume is not required in a production environment - you may safely remove it.
      # Coder can recreate all the files it needs on restart.
      - coder_home:/home/coder
    depends_on:
      database:
        condition: service_healthy
  database:
    # Minimum supported version is 13.
    # More versions here: https://hub.docker.com/_/postgres
    image: "postgres:17"
    # Uncomment the next two lines to allow connections to the database from outside the server.
    #ports:
    #  - "5432:5432"
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-username} # The PostgreSQL user (useful to connect to the database)
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-password} # The PostgreSQL password (useful to connect to the database)
      POSTGRES_DB: ${POSTGRES_DB:-coder} # The PostgreSQL default database (automatically created at first launch)
    volumes:
      - coder_data:/var/lib/postgresql/data # Use "docker volume rm coder_coder_data" to reset Coder
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "pg_isready -U ${POSTGRES_USER:-username} -d ${POSTGRES_DB:-coder}",
        ]
      interval: 5s
      timeout: 5s
      retries: 5
volumes:
  coder_data:
  coder_home: