diff options
Diffstat (limited to 'unsorted/docker_compose_stacks/sovereign-docker-compose-editor')
| -rw-r--r-- | unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md | 99 | ||||
| -rw-r--r-- | unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml | 41 |
2 files changed, 140 insertions, 0 deletions
diff --git a/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md new file mode 100644 index 0000000..6f152b7 --- /dev/null +++ b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md @@ -0,0 +1,99 @@ +# Sovereign Docker Compose Editor + +A secure, web-based code editor for managing Docker Compose files, accessible through Tailscale. + +## Overview + +This stack provides a code-server instance that allows you to edit Docker Compose files through a web interface. It's connected to Tailscale for secure remote access and has direct access to the host's Docker socket for managing containers. + +## Services + +### code-server + +- **Base Image**: `codercom/code-server:4.107.0-bookworm` +- **Purpose**: Web-based VS Code editor +- **Features**: + - Docker CLI installed for container management + - Password authentication + - Accessible via Tailscale network + +### tailscale + +- **Image**: `tailscale/tailscale:v1.92.4` +- **Purpose**: Secure network access via Tailscale VPN +- **Hostname**: `sovereign-docker-compose-editor` + +## Setup + +1. **Configure Password** + + Edit the `PASSWORD` environment variable in the `docker-compose.yaml`: + + ```yaml + environment: + - PASSWORD=your-secure-password-here + ``` + +2. **Tailscale Authentication** + + On first run, check the logs to get the Tailscale authentication URL: + + ```bash + docker compose logs tailscale + ``` + + Visit the URL to authenticate the device to your Tailscale network. + +3. **Start the Services** + ```bash + docker compose up -d + ``` + +## Access + +Once running and authenticated with Tailscale: + +- Access the editor at: `http://sovereign-docker-compose-editor` +- Login with the password you configured + +## Volumes + +- `./config` - code-server configuration and settings +- `/mnt/user/root/docker-compose/` - Project directory (editable Docker Compose files) +- `./tailscale-data` - Tailscale state and configuration +- `/var/run/docker.sock` - Host Docker socket for container management + +## Security Notes + +- The editor runs as root to access the Docker socket +- Access is restricted to your Tailscale network +- Change the default password immediately +- The Docker socket provides full control over host containers - use with caution + +## Managing Docker Containers + +With the Docker CLI installed and socket mounted, you can: + +- View running containers: `docker ps` +- Manage compose stacks: `docker compose up/down` +- View logs: `docker compose logs` +- All standard Docker commands are available + +## Customization + +### Change the Port + +The editor listens on port 80 within the Tailscale network. To change: + +```yaml +command: ["--bind-addr", "0.0.0.0:8080", "--auth", "password"] +``` + +### Change Project Directory + +Update the volume mount to point to your Docker Compose files: + +```yaml +volumes: + - /your/compose/files:/home/coder/project +``` diff --git a/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml new file mode 100644 index 0000000..8dd20c1 --- /dev/null +++ b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml @@ -0,0 +1,41 @@ +services: + code-server: + build: + context: . + dockerfile_inline: | + FROM codercom/code-server:4.107.0-bookworm + + # Switch to root to install packages + USER root + + # Install Docker CLI + RUN curl https://get.docker.com | sh + + # Switch back to the default user + USER coder + + network_mode: service:tailscale + environment: + - PASSWORD=CHANGEME + volumes: + - ./config:/home/coder/.local/share/code-server + - /mnt/user/root/docker-compose/:/home/coder/project + # Mount the Host Docker Socket + - /var/run/docker.sock:/var/run/docker.sock + restart: unless-stopped + command: ["--bind-addr", "0.0.0.0:80", "--auth", "password"] + user: root + + tailscale: + image: tailscale/tailscale:v1.92.4 + hostname: sovereign-docker-compose-editor + environment: + - TS_AUTH_ONCE="true" + - TS_STATE_DIR=/var/lib/tailscale + volumes: + - ./tailscale-data:/var/lib/tailscale + - /dev/net/tun:/dev/net/tun + cap_add: + - NET_ADMIN + - NET_RAW + restart: unless-stopped |