From 5829c0d9e4b6186b6ac6cc7346525029ba1bce4b Mon Sep 17 00:00:00 2001
From: Mathias Fredriksson <mafredri@gmail.com>
Date: Thu, 19 Jun 2025 12:24:48 +0000
Subject: [PATCH] feat(dogfood/coder): add docker volume for... docker

This change is in preparation for enabling devcontainers as well as
allowing Docker image cache to be re-used across workspace restarts.

For now, any running container will result in the retention of related
resources (image, volumes, etc).
---
 dogfood/coder/main.tf | 54 +++++++++++++++++++++++++++++++++++++------
 1 file changed, 47 insertions(+), 7 deletions(-)

diff --git a/dogfood/coder/main.tf b/dogfood/coder/main.tf
index c7d91088b8401..a3352ca03ee71 100644
--- a/dogfood/coder/main.tf
+++ b/dogfood/coder/main.tf
@@ -447,6 +447,11 @@ resource "coder_agent" "dev" {
       threshold = data.coder_parameter.res_mon_volume_threshold.value
       path      = data.coder_parameter.res_mon_volume_path.value
     }
+    volume {
+      enabled   = true
+      threshold = data.coder_parameter.res_mon_volume_threshold.value
+      path      = "/var/lib/docker"
+    }
   }
 
   startup_script = <<-EOT
@@ -476,15 +481,13 @@ resource "coder_agent" "dev" {
     #!/usr/bin/env bash
     set -eux -o pipefail
 
-    # Stop all running containers and prune the system to clean up
-    # /var/lib/docker to prevent errors during workspace destroy.
+    # Clean up the unused resources to keep storage usage low.
     #
     # WARNING! This will remove:
-    # - all containers
-    # - all networks
-    # - all images
-    # - all build cache
-    docker ps -q | xargs docker stop
+    #   - all stopped containers
+    #   - all networks not used by at least one container
+    #   - all images without at least one container associated to them
+    #   - all build cache
     docker system prune -a -f
 
     # Stop the Docker service to prevent errors during workspace destroy.
@@ -525,6 +528,38 @@ resource "docker_volume" "home_volume" {
   }
 }
 
+resource "coder_metadata" "docker_volume" {
+  resource_id = docker_volume.docker_volume.id
+  hide        = true # Hide it as it is not useful to see in the UI.
+}
+
+resource "docker_volume" "docker_volume" {
+  name = "coder-${data.coder_workspace.me.id}-docker"
+  # Protect the volume from being deleted due to changes in attributes.
+  lifecycle {
+    ignore_changes = all
+  }
+  # Add labels in Docker to keep track of orphan resources.
+  labels {
+    label = "coder.owner"
+    value = data.coder_workspace_owner.me.name
+  }
+  labels {
+    label = "coder.owner_id"
+    value = data.coder_workspace_owner.me.id
+  }
+  labels {
+    label = "coder.workspace_id"
+    value = data.coder_workspace.me.id
+  }
+  # This field becomes outdated if the workspace is renamed but can
+  # be useful for debugging or cleaning out dangling volumes.
+  labels {
+    label = "coder.workspace_name_at_creation"
+    value = data.coder_workspace.me.name
+  }
+}
+
 data "docker_registry_image" "dogfood" {
   name = data.coder_parameter.image_type.value
 }
@@ -586,6 +621,11 @@ resource "docker_container" "workspace" {
     volume_name    = docker_volume.home_volume.name
     read_only      = false
   }
+  volumes {
+    container_path = "/var/lib/docker/"
+    volume_name    = docker_volume.docker_volume.name
+    read_only      = false
+  }
   capabilities {
     add = ["CAP_NET_ADMIN", "CAP_SYS_NICE"]
   }

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/18455.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/18455.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/18455.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder/pull/18455.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>