chore(template): align Docker/Compose defaults and improve docs safety

- unify container user/home defaults across Dockerfile and Compose
- make PIP_DEFAULT_TIMEOUT configurable and consistent (build + runtime)
- fix Poetry dev install flag to `--with dev`
- normalize Compose entrypoints/args for codex login and jupyter ip
- harden `.env.dist` secret placeholders to avoid key-like examples
- improve README quickstart, rebuild guidance, and secret-safe config sharing
- remove duplicated/outdated README closing text

Author: jamm1985

.env.dist

@@ -20,6 +20,7 @@ POETRY_OPTIONS_APP="--only main --compile"
 POETRY_OPTIONS_DEV="--no-root --with dev --compile"
 POETRY_NO_INTERACTION=1
 
-JUPYTER_TOKEN=_change_me_please_!1_
-OPENAI_API_KEY="sk-xxxxxxxxxxxxxxxxxxxx"
-GEMINI_API_KEY="YOUR_GEMINI_API_KEY"
+# Secrets: keep in local .env only; never paste them into logs/issues.
+JUPYTER_TOKEN=change_me_to_a_strong_random_token
+OPENAI_API_KEY=
+GEMINI_API_KEY=

Dockerfile

@@ -2,11 +2,12 @@ FROM archlinux:base-devel AS python-base
 ARG TZ=Asia/Vladivostok
 ARG DOCKER_HOST_UID=1000
 ARG DOCKER_HOST_GID=1000
-ARG DOCKER_USER=devuser
-ARG DOCKER_USER_HOME=/home/devuser
+ARG DOCKER_USER=developer
+ARG DOCKER_USER_HOME=/home/developer
 ARG MIRROR_LIST_COUNTRY=RU
 ARG BUILD_PACKAGES="pyenv git gnupg sudo postgresql-libs mariadb-libs openmp"
 ARG PYTHON_VERSION=3.14
+ARG PIP_DEFAULT_TIMEOUT=300
 ARG POETRY_VERSION=2.3.2
 RUN echo "* soft core 0" >> /etc/security/limits.conf && \
     echo "* hard core 0" >> /etc/security/limits.conf && \
@@ -50,7 +51,7 @@ RUN pyenv install --skip-existing $PYTHON_VERSION && \
   pyenv rehash && \
   rm -rf "$PYENV_ROOT/cache" "$PYENV_ROOT/sources" /tmp/python-build*
 ENV PYTHONUNBUFFERED=1
-ENV PIP_DEFAULT_TIMEOUT=100
+ENV PIP_DEFAULT_TIMEOUT=$PIP_DEFAULT_TIMEOUT
 ENV POETRY_NO_INTERACTION=1
 ENV POETRY_HOME=/opt/poetry
 ENV POETRY_CACHE_DIR=/var/cache/pypoetry
@@ -69,7 +70,7 @@ ENV PYTHON_VERSION=$PYTHON_VERSION
 FROM python-base AS poetry
 ARG DOCKER_HOST_UID=1000
 ARG DOCKER_HOST_GID=1000
-ARG DOCKER_USER=devuser
+ARG DOCKER_USER=developer
 RUN mkdir -p $POETRY_CACHE_DIR && \
   chown -R $DOCKER_USER $POETRY_CACHE_DIR
 RUN mkdir -p $PIP_CACHE_DIR && \
@@ -80,7 +81,7 @@ WORKDIR /application
 FROM python-base AS app-build
 ARG DOCKER_HOST_UID=1000
 ARG DOCKER_HOST_GID=1000
-ARG DOCKER_USER=devuser
+ARG DOCKER_USER=developer
 COPY src/ build/src
 COPY README.md /build/
 COPY pyproject.toml poetry.lock /build/
@@ -92,9 +93,9 @@ USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
 WORKDIR /application
 
 FROM python-base AS build-deps-dev
-ARG DOCKER_USER=devuser
+ARG DOCKER_USER=developer
 ARG VIM_PACKAGES="python vim vim-spell-en vim-spell-ru ctags ripgrep bat npm nodejs-lts-jod openai-codex gemini-cli"
-ARG POETRY_OPTIONS_DEV="--no-root --with-dev --compile"
+ARG POETRY_OPTIONS_DEV="--no-root --with dev --compile"
 RUN pacman -Sy --noconfirm && \
   pacman -S --noconfirm --needed $VIM_PACKAGES && \
   pacman -Scc --noconfirm && \
@@ -116,16 +117,16 @@ RUN mkdir -p $DOCKER_USER_HOME/.local/share/jupyter && \
 FROM build-deps-dev AS dev-build
 ARG DOCKER_HOST_UID=1000
 ARG DOCKER_HOST_GID=1000
-ARG DOCKER_USER=devuser
+ARG DOCKER_USER=developer
 USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
 WORKDIR /application
 RUN git config --global --add safe.directory /application
 
 FROM build-deps-dev AS vim-ide
 ARG DOCKER_HOST_UID=1000
 ARG DOCKER_HOST_GID=1000
-ARG DOCKER_USER=devuser
-ARG DOCKER_USER_HOME=/home/devuser
+ARG DOCKER_USER=developer
+ARG DOCKER_USER_HOME=/home/developer
 USER ${DOCKER_HOST_UID}:${DOCKER_HOST_GID}
 RUN curl -fLo $DOCKER_USER_HOME/.vim/autoload/plug.vim --create-dirs \
   https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim

README.md

@@ -89,6 +89,8 @@ Use it as-is or tailor it to match your team's development workflow.
 
 ```bash
 cp .env.dist .env
+cp .vimrc.dist .vimrc
+cp .coc-settings.json.dist .coc-settings.json
 docker compose build vim-ide
 docker compose run --rm vim-ide
 ```
@@ -165,7 +167,9 @@ docker compose run --rm poetry lock
 ```
 
 > 🔄 Note: If you've changed dependencies (e.g. updated pyproject.toml or
-> poetry.lock), you must rebuild the Vim IDE image to apply them:
+> poetry.lock), rebuild the image(s) that install Python dependencies:
+> `vim-ide`, `dev`, `codex`, `gemini`, `jupyterlab`, and/or `app` depending on
+> what you run.
 
 ```bash
 docker compose build vim-ide
@@ -356,6 +360,9 @@ docker compose run --rm codex suggest tests --file src/sample/main.py
 Never commit `.env` (it contains secrets like `OPENAI_API_KEY`,
 `GEMINI_API_KEY`, and `JUPYTER_TOKEN`).
 
+If you need to share the resolved Compose config, use
+`docker compose config --no-interpolate` to avoid printing secret values.
+
 Browser-based auth persists under `${DOCKER_USER_HOME}/.codex` and
 `${DOCKER_USER_HOME}/.gemini` via the `codex-auth` and `gemini-auth` Docker
 volumes.
@@ -437,13 +444,3 @@ productivity and designed to work out of the box — but is fully customizable.
 * To update CoC extensions: `:CocUpdate`
 * Snippets can be edited under `~/.vim/plugged/vim-snippets`
 * Full configuration lives in `.vimrc.dist` — tweak freely
-
-This is a template for python-based projects. Many DS/ML workflows require
-hardware-specific platforms in detailed OS-level libraries and python
-dependencies. In some cases, it is useful to perform code editing in the same
-environment in which applications are run. This template can help vim users to
-run vim-ide with the same project environment on a local or remote machine.
-Please, feel free to massage everything in the template as you wish.
-
-Vim is configured in a modern style and supports almost all ide-specific
-features. Please see `.vimrc.dist` for reference.

compose.yaml

@@ -1,6 +1,6 @@
 x-default-env: &default-env
   POETRY_NO_INTERACTION: "1"
-  PIP_DEFAULT_TIMEOUT: "600"
+  PIP_DEFAULT_TIMEOUT: "${PIP_DEFAULT_TIMEOUT:-300}"
   PYTHONUNBUFFERED: "1"
 
 x-platform: &platform ${DOCKER_PLATFORM:-linux/amd64}
@@ -15,6 +15,7 @@ x-default-args: &default-args
   BUILD_PACKAGES: ${BUILD_PACKAGES:-pyenv git gnupg sudo postgresql-libs mariadb-libs openmp}
   VIM_PACKAGES: ${VIM_PACKAGES:-python vim vim-spell-en vim-spell-ru ctags ripgrep bat npm nodejs-lts-jod openai-codex gemini-cli}
   PYTHON_VERSION: ${PYTHON_VERSION:-3.14}
+  PIP_DEFAULT_TIMEOUT: ${PIP_DEFAULT_TIMEOUT:-300}
   POETRY_VERSION: ${POETRY_VERSION:-2.3.2}
   POETRY_OPTIONS_APP: ${POETRY_OPTIONS_APP:---only main --compile}
   POETRY_OPTIONS_DEV: ${POETRY_OPTIONS_DEV:---no-root --with dev --compile}
@@ -102,7 +103,9 @@ services:
         target: ${DOCKER_USER_HOME}/.codex
   codex-web-login:
     platform: *platform
-    entrypoint: codex login
+    entrypoint:
+      - codex
+      - login
     build:
       target: dev-build
       args: *default-args
@@ -119,7 +122,7 @@ services:
     entrypoint:
       - jupyter-lab
       - --port=8888
-      - --ip="0.0.0.0"
+      - --ip=0.0.0.0
       - --no-browser
       - --IdentityProvider.token=${JUPYTER_TOKEN}
     ports: