@@ -454,6 +454,11 @@ resource "coder_agent" "dev" {
454454threshold = . coder_parameter . res_mon_volume_threshold . value
455455path = . coder_parameter . res_mon_volume_path . value
456456 }
457+ volume {
458+ enabled = true
459+ threshold = . coder_parameter . res_mon_volume_threshold . value
460+ path = " /var/lib/docker"
461+ }
457462 }
458463
459464startup_script = <<- EOT
@@ -483,15 +488,13 @@ resource "coder_agent" "dev" {
483488 #!/usr/bin/env bash
484489 set -eux -o pipefail
485490
486- # Stop all running containers and prune the system to clean up
487- # /var/lib/docker to prevent errors during workspace destroy.
491+ # Clean up the unused resources to keep storage usage low.
488492 #
489493 # WARNING! This will remove:
490- # - all containers
491- # - all networks
492- # - all images
493- # - all build cache
494- docker ps -q | xargs docker stop
494+ # - all stopped containers
495+ # - all networks not used by at least one container
496+ # - all images without at least one container associated to them
497+ # - all build cache
495498 docker system prune -a -f
496499
497500 # Stop the Docker service to prevent errors during workspace destroy.
@@ -532,6 +535,38 @@ resource "docker_volume" "home_volume" {
532535 }
533536}
534537
538+ resource "coder_metadata" "docker_volume" {
539+ resource_id = . docker_volume . id
540+ hide = true # Hide it as it is not useful to see in the UI.
541+ }
542+
543+ resource "docker_volume" "docker_volume" {
544+ name = " coder-${ data . coder_workspace . me . id } -docker"
545+ # Protect the volume from being deleted due to changes in attributes.
546+ lifecycle {
547+ ignore_changes =
548+ }
549+ # Add labels in Docker to keep track of orphan resources.
550+ labels {
551+ label = " coder.owner"
552+ value = . coder_workspace_owner . me . name
553+ }
554+ labels {
555+ label = " coder.owner_id"
556+ value = . coder_workspace_owner . me . id
557+ }
558+ labels {
559+ label = " coder.workspace_id"
560+ value = . coder_workspace . me . id
561+ }
562+ # This field becomes outdated if the workspace is renamed but can
563+ # be useful for debugging or cleaning out dangling volumes.
564+ labels {
565+ label = " coder.workspace_name_at_creation"
566+ value = . coder_workspace . me . name
567+ }
568+ }
569+
535570data "docker_registry_image" "dogfood" {
536571name = . coder_parameter . image_type . value
537572}
@@ -593,6 +628,11 @@ resource "docker_container" "workspace" {
593628volume_name = . home_volume . name
594629read_only = false
595630 }
631+ volumes {
632+ container_path = " /var/lib/docker/"
633+ volume_name = . docker_volume . name
634+ read_only = false
635+ }
596636capabilities {
597637add = " CAP_NET_ADMIN" " CAP_SYS_NICE"
598638 }