add old content

9 files changed, 484 insertions, 0 deletions

diff --git a/unsorted/docker_compose_stacks/README.md b/unsorted/docker_compose_stacks/README.md
new file mode 100644
index 0000000..c139989
--- /dev/null
+++ b/unsorted/docker_compose_stacks/README.md
@@ -0,0 +1,5 @@
+# Docker Compose Stacks
+
+My docker compose stacks.
+
+Each stack is contained in its own directory with a `docker-compose.yaml` file and a `README.md` file describing the stack and its configuration. Other files may be present as needed for configuration or data persistence.
diff --git a/unsorted/docker_compose_stacks/code-server-via-tailscale/README.md b/unsorted/docker_compose_stacks/code-server-via-tailscale/README.md
new file mode 100644
index 0000000..9e3b897
--- /dev/null
+++ b/unsorted/docker_compose_stacks/code-server-via-tailscale/README.md
@@ -0,0 +1,134 @@
+# Code Server via Tailscale
+
+This Docker Compose stack deploys [code-server](https://github.com/coder/code-server) (VS Code in the browser) accessible securely through your [Tailscale](https://tailscale.com/) network.
+
+## What This Does
+
+- Runs code-server (web-based VS Code) on port 80
+- Exposes code-server exclusively through Tailscale (not accessible on local network)
+- Provides secure remote access to your development environment from anywhere on your Tailnet
+
+## Prerequisites
+
+- Docker and Docker Compose installed
+- A Tailscale account
+- Tailscale authentication key (get one from [Tailscale Admin Console](https://login.tailscale.com/admin/settings/keys))
+
+## Configuration
+
+### 1. Set Code Server Password
+
+Edit `docker-compose.yaml` and change the default password:
+
+```yaml
+environment:
+  - PASSWORD=CHANGEME # Change this to a secure password
+```
+
+### 2. Configure Tailscale
+
+Before starting the stack, you need to provide a Tailscale auth key. You can either:
+
+**Option A: Set environment variable**
+
+```bash
+export TS_AUTHKEY="tskey-auth-xxxxx"
+```
+
+**Option B: Edit docker-compose.yaml**
+
+Add the auth key to the tailscale service environment variables:
+
+```yaml
+environment:
+  - TS_AUTHKEY=tskey-auth-xxxxx
+  - TS_AUTH_ONCE="true"
+  - TS_STATE_DIR=/var/lib/tailscale
+```
+
+### 3. (Optional) Customize Hostname
+
+The service will appear as `code-server` in your Tailscale admin console. To change this, edit the `hostname` field in the tailscale service.
+
+## Deployment
+
+1. Start the stack:
+
+   ```bash
+   docker compose up -d
+   ```
+
+2. Check that both services are running:
+
+   ```bash
+   docker compose ps
+   ```
+
+3. View logs to confirm Tailscale authentication:
+   ```bash
+   docker compose logs tailscale
+   ```
+
+## Accessing Code Server
+
+1. Find your code-server URL in the [Tailscale Admin Console](https://login.tailscale.com/admin/machines)
+2. Navigate to `http://code-server` (or the custom hostname you set) in your browser
+3. Enter the password you configured
+4. Start coding!
+
+## Directory Structure
+
+After deployment, the following directories will be created:
+
+- `./config` - Code-server configuration and settings
+- `./project` - Your project files and workspace
+- `./tailscale-data` - Tailscale state data (authentication and network info)
+
+## Important Notes
+
+- **Security**: Code-server is only accessible through your Tailscale network, providing zero-trust security
+- **Network Mode**: The code-server container uses the tailscale service's network stack (`network_mode: service:tailscale`)
+- **Password**: Make sure to change the default password before deploying to production
+- **Persistence**: All data is stored in local volumes, so your work persists across container restarts
+- **Resource Access**: The tailscale service needs `NET_ADMIN` and `NET_RAW` capabilities to manage the VPN tunnel
+
+## Stopping the Stack
+
+```bash
+docker compose down
+```
+
+To remove all data (including your projects):
+
+```bash
+docker compose down -v
+rm -rf config project tailscale-data
+```
+
+## Troubleshooting
+
+### Can't connect to code-server
+
+1. Verify Tailscale is authenticated:
+
+   ```bash
+   docker compose logs tailscale
+   ```
+
+2. Check that both containers are running:
+
+   ```bash
+   docker compose ps
+   ```
+
+3. Ensure you're connected to Tailscale on your client device
+
+### Authentication issues
+
+- Make sure your Tailscale auth key is valid and not expired
+- Auth keys can be reusable or one-time use - check your key settings in the Tailscale admin console
+
+## Version Information
+
+- **code-server**: 4.107.0-39
+- **tailscale**: v1.92.4
diff --git a/unsorted/docker_compose_stacks/code-server-via-tailscale/docker-compose.yaml b/unsorted/docker_compose_stacks/code-server-via-tailscale/docker-compose.yaml
new file mode 100644
index 0000000..f18ba3b
--- /dev/null
+++ b/unsorted/docker_compose_stacks/code-server-via-tailscale/docker-compose.yaml
@@ -0,0 +1,25 @@
+services:
+  code-server:
+    image: codercom/code-server:4.107.0-39
+    network_mode: service:tailscale
+    environment:
+      - PASSWORD=CHANGEME
+    volumes:
+      - ./config:/home/coder/.local/share/code-server
+      - ./project:/home/coder/project
+    restart: unless-stopped
+    command: ["--bind-addr", "0.0.0.0:80", "--auth", "password"]
+
+  tailscale:
+    image: tailscale/tailscale:v1.92.4
+    hostname: code-server
+    environment:
+      - TS_AUTH_ONCE="true"
+      - TS_STATE_DIR=/var/lib/tailscale
+    volumes:
+      - ./tailscale-data:/var/lib/tailscale
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    restart: unless-stopped
\ No newline at end of file
diff --git a/unsorted/docker_compose_stacks/pihole-via-tailscale/README.md b/unsorted/docker_compose_stacks/pihole-via-tailscale/README.md
new file mode 100644
index 0000000..47b6869
--- /dev/null
+++ b/unsorted/docker_compose_stacks/pihole-via-tailscale/README.md
@@ -0,0 +1,34 @@
+# Pi-hole via Tailscale
+
+A Docker Compose stack that runs [Pi-hole](https://pi-hole.net/) behind [Tailscale](https://tailscale.com/), making your Pi-hole instance accessible only via your Tailnet.
+
+## Services
+
+- **Pi-hole** - Network-wide ad blocking DNS server
+- **Tailscale** - Secure mesh VPN for private network access
+
+## Setup
+
+1. Change the `WEBPASSWORD` environment variable in `docker-compose.yaml` to a secure password
+2. Start the stack:
+   ```bash
+   docker compose up -d
+   ```
+3. Get the Tailscale login URL:
+   ```bash
+   docker compose logs -f tailscale
+   ```
+4. Open the login URL in your browser to authenticate with Tailscale
+5. Access Pi-hole's admin interface at `http://pihole:80/admin` from any device on your Tailnet
+
+## Configuration
+
+- **Timezone**: Set via `TZ` environment variable (default: `Europe/London`)
+- **Web Password**: Set via `WEBPASSWORD` environment variable
+- **DNS Listening Mode**: Set to `ALL` to accept queries from all origins
+
+## Volumes
+
+- `./etc-pihole` - Pi-hole configuration
+- `./etc-dnsmasq.d` - dnsmasq configuration
+- `./tailscale-data` - Tailscale state
diff --git a/unsorted/docker_compose_stacks/pihole-via-tailscale/docker-compose.yaml b/unsorted/docker_compose_stacks/pihole-via-tailscale/docker-compose.yaml
new file mode 100644
index 0000000..f5a8070
--- /dev/null
+++ b/unsorted/docker_compose_stacks/pihole-via-tailscale/docker-compose.yaml
@@ -0,0 +1,30 @@
+services:
+  pihole:
+    image: pihole/pihole:2025.11.1
+    network_mode: service:tailscale
+    environment:
+      TZ: "Europe/London"
+      WEBPASSWORD: "CHANGEME"
+      FTLCONF_dns_listeningMode: "ALL"
+    volumes:
+      - "./etc-pihole:/etc/pihole"
+      - "./etc-dnsmasq.d:/etc/dnsmasq.d"
+    restart: unless-stopped
+    cap_add:
+      - SYS_NICE
+    depends_on:
+      - tailscale
+
+  tailscale:
+    image: tailscale/tailscale:v1.92.4
+    hostname: pihole
+    environment:
+      - TS_AUTH_ONCE="true"
+      - TS_STATE_DIR=/var/lib/tailscale
+    volumes:
+      - ./tailscale-data:/var/lib/tailscale
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    restart: unless-stopped
diff --git a/unsorted/docker_compose_stacks/pihole/README.md b/unsorted/docker_compose_stacks/pihole/README.md
new file mode 100644
index 0000000..e19a1a8
--- /dev/null
+++ b/unsorted/docker_compose_stacks/pihole/README.md
@@ -0,0 +1,89 @@
+# Pi-hole Docker Stack
+
+A Docker Compose configuration for running [Pi-hole](https://pi-hole.net/), a network-wide ad blocker that acts as a DNS sinkhole.
+
+## Features
+
+- DNS-based ad blocking for your entire network
+- Web-based admin interface
+- DHCP server capability
+- NTP server for time synchronization
+
+## Exposed Ports
+
+| Port | Protocol | Service               |
+| ---- | -------- | --------------------- |
+| 53   | TCP/UDP  | DNS                   |
+| 80   | TCP      | HTTP (Web Interface)  |
+| 443  | TCP      | HTTPS (Web Interface) |
+| 67   | UDP      | DHCP                  |
+| 123  | UDP      | NTP                   |
+
+## Configuration
+
+### Environment Variables
+
+| Variable                         | Description                  | Default         |
+| -------------------------------- | ---------------------------- | --------------- |
+| `TZ`                             | Timezone                     | `Europe/London` |
+| `FTLCONF_webserver_api_password` | Admin web interface password | `CHANGEME`      |
+| `FTLCONF_dns_listeningMode`      | DNS listening mode           | `ALL`           |
+
+> ⚠️ **Important:** Change `FTLCONF_webserver_api_password` to a secure password before deployment.
+
+### Volumes
+
+- `./etc-pihole` - Pi-hole configuration files
+- `./etc-dnsmasq.d` - dnsmasq configuration files
+
+### Capabilities
+
+The container requires the following Linux capabilities:
+
+- `NET_ADMIN` - Network administration (required for DHCP)
+- `SYS_TIME` - System time modification (required for NTP)
+- `SYS_NICE` - Process priority adjustment
+
+## Usage
+
+### Starting the Stack
+
+```bash
+docker compose up -d
+```
+
+### Accessing the Web Interface
+
+Navigate to `http://<host-ip>/admin` and log in with the password set in `FTLCONF_webserver_api_password`.
+
+### Stopping the Stack
+
+```bash
+docker compose down
+```
+
+### Viewing Logs
+
+```bash
+docker compose logs -f pihole
+```
+
+## Network Configuration
+
+To use Pi-hole as your DNS server, configure your devices or router to use the host machine's IP address as the primary DNS server.
+
+### Option 1: Per-Device
+
+Set the DNS server on individual devices to point to the Pi-hole host IP.
+
+### Option 2: Router-Level
+
+Configure your router's DHCP settings to distribute the Pi-hole host IP as the DNS server to all clients.
+
+### Option 3: DHCP Server
+
+Disable DHCP on your router and let Pi-hole handle DHCP by configuring it through the web interface.
+
+## Image Version
+
+This stack uses Pi-hole version `2025.11.1`.
diff --git a/unsorted/docker_compose_stacks/pihole/docker-compose.yaml b/unsorted/docker_compose_stacks/pihole/docker-compose.yaml
new file mode 100644
index 0000000..f258ef4
--- /dev/null
+++ b/unsorted/docker_compose_stacks/pihole/docker-compose.yaml
@@ -0,0 +1,27 @@
+services:
+  pihole:
+    image: pihole/pihole:2025.11.1
+    ports:
+      # DNS
+      - "53:53/tcp"
+      - "53:53/udp"
+      # HTTP
+      - "80:80/tcp"
+      # HTTPS
+      - "443:443/tcp"
+      # DHCP
+      - "67:67/udp"
+      # NTP
+      - "123:123/udp"
+    environment:
+      TZ: "Europe/London"
+      FTLCONF_webserver_api_password: "CHANGEME"
+      FTLCONF_dns_listeningMode: "ALL"
+    volumes:
+      - "./etc-pihole:/etc/pihole"
+      - "./etc-dnsmasq.d:/etc/dnsmasq.d"
+    cap_add:
+      - NET_ADMIN
+      - SYS_TIME
+      - SYS_NICE
+    restart: unless-stopped
diff --git a/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md
new file mode 100644
index 0000000..6f152b7
--- /dev/null
+++ b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md
@@ -0,0 +1,99 @@
+# Sovereign Docker Compose Editor
+
+A secure, web-based code editor for managing Docker Compose files, accessible through Tailscale.
+
+## Overview
+
+This stack provides a code-server instance that allows you to edit Docker Compose files through a web interface. It's connected to Tailscale for secure remote access and has direct access to the host's Docker socket for managing containers.
+
+## Services
+
+### code-server
+
+- **Base Image**: `codercom/code-server:4.107.0-bookworm`
+- **Purpose**: Web-based VS Code editor
+- **Features**:
+  - Docker CLI installed for container management
+  - Password authentication
+  - Accessible via Tailscale network
+
+### tailscale
+
+- **Image**: `tailscale/tailscale:v1.92.4`
+- **Purpose**: Secure network access via Tailscale VPN
+- **Hostname**: `sovereign-docker-compose-editor`
+
+## Setup
+
+1. **Configure Password**
+
+   Edit the `PASSWORD` environment variable in the `docker-compose.yaml`:
+
+   ```yaml
+   environment:
+     - PASSWORD=your-secure-password-here
+   ```
+
+2. **Tailscale Authentication**
+
+   On first run, check the logs to get the Tailscale authentication URL:
+
+   ```bash
+   docker compose logs tailscale
+   ```
+
+   Visit the URL to authenticate the device to your Tailscale network.
+
+3. **Start the Services**
+   ```bash
+   docker compose up -d
+   ```
+
+## Access
+
+Once running and authenticated with Tailscale:
+
+- Access the editor at: `http://sovereign-docker-compose-editor`
+- Login with the password you configured
+
+## Volumes
+
+- `./config` - code-server configuration and settings
+- `/mnt/user/root/docker-compose/` - Project directory (editable Docker Compose files)
+- `./tailscale-data` - Tailscale state and configuration
+- `/var/run/docker.sock` - Host Docker socket for container management
+
+## Security Notes
+
+- The editor runs as root to access the Docker socket
+- Access is restricted to your Tailscale network
+- Change the default password immediately
+- The Docker socket provides full control over host containers - use with caution
+
+## Managing Docker Containers
+
+With the Docker CLI installed and socket mounted, you can:
+
+- View running containers: `docker ps`
+- Manage compose stacks: `docker compose up/down`
+- View logs: `docker compose logs`
+- All standard Docker commands are available
+
+## Customization
+
+### Change the Port
+
+The editor listens on port 80 within the Tailscale network. To change:
+
+```yaml
+command: ["--bind-addr", "0.0.0.0:8080", "--auth", "password"]
+```
+
+### Change Project Directory
+
+Update the volume mount to point to your Docker Compose files:
+
+```yaml
+volumes:
+  - /your/compose/files:/home/coder/project
+```
diff --git a/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml
new file mode 100644
index 0000000..8dd20c1
--- /dev/null
+++ b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml
@@ -0,0 +1,41 @@
+services:
+  code-server:
+    build:
+      context: .
+      dockerfile_inline: |
+        FROM codercom/code-server:4.107.0-bookworm
+
+        # Switch to root to install packages
+        USER root
+
+        # Install Docker CLI
+        RUN curl https://get.docker.com | sh
+
+        # Switch back to the default user
+        USER coder
+
+    network_mode: service:tailscale
+    environment:
+      - PASSWORD=CHANGEME
+    volumes:
+      - ./config:/home/coder/.local/share/code-server
+      - /mnt/user/root/docker-compose/:/home/coder/project
+      # Mount the Host Docker Socket
+      - /var/run/docker.sock:/var/run/docker.sock
+    restart: unless-stopped
+    command: ["--bind-addr", "0.0.0.0:80", "--auth", "password"]
+    user: root
+
+  tailscale:
+    image: tailscale/tailscale:v1.92.4
+    hostname: sovereign-docker-compose-editor
+    environment:
+      - TS_AUTH_ONCE="true"
+      - TS_STATE_DIR=/var/lib/tailscale
+    volumes:
+      - ./tailscale-data:/var/lib/tailscale
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    restart: unless-stopped