code-server — Setup

Browser-based VS Code. Runs as a Docker container on LXC 118 (tools), behind oauth2-proxy for PocketID authentication.

Links

• GitHub: https://github.com/coder/code-server
• Website: https://coder.com/docs/code-server

Infrastructure

Host	Internal	URL
Docker (LXC 118)	192.168.1.118:8092	https://code.eva-00.network

Observability

Logs

code-server logs are collected via Grafana Alloy Docker discovery and shipped to Loki.

Query	Purpose
{container="code-server"}	All container output
{container="code-server"} \|= "error"	Errors only
{container="code-server"} \|= "workspace"	Workspace issues

Access: Grafana → Explore → Loki → Enter query

Metrics

code-server does not export Prometheus metrics by default. Use Loki logs to diagnose issues.

IaC

Artifact	Path
Playbook	ansible/playbooks/tools.yml
Workflow	.forgejo/workflows/tools.yml
Compose	services/code-server/docker-compose.yml

Auth components

Component	Role
oauth2-proxy	OIDC proxy in front of code-server, validates PocketID session
PocketID	OIDC provider, issues tokens after passkey auth

Authentication is handled by PocketID (passkey). No separate password required.

Secrets (stored in Vault)

secret/code-server   → pocketid_client_id, pocketid_client_secret, oauth2_cookie_secret, password

Workspace

Workspace is persisted in the code-server-workspace Docker volume on LXC 118.