diff options
Diffstat (limited to 'unsorted/docker_compose_stacks')
9 files changed, 484 insertions, 0 deletions
diff --git a/unsorted/docker_compose_stacks/README.md b/unsorted/docker_compose_stacks/README.md new file mode 100644 index 0000000..c139989 --- /dev/null +++ b/unsorted/docker_compose_stacks/README.md @@ -0,0 +1,5 @@ +# Docker Compose Stacks + +My docker compose stacks. + +Each stack is contained in its own directory with a `docker-compose.yaml` file and a `README.md` file describing the stack and its configuration. Other files may be present as needed for configuration or data persistence. diff --git a/unsorted/docker_compose_stacks/code-server-via-tailscale/README.md b/unsorted/docker_compose_stacks/code-server-via-tailscale/README.md new file mode 100644 index 0000000..9e3b897 --- /dev/null +++ b/unsorted/docker_compose_stacks/code-server-via-tailscale/README.md @@ -0,0 +1,134 @@ +# Code Server via Tailscale + +This Docker Compose stack deploys [code-server](https://github.com/coder/code-server) (VS Code in the browser) accessible securely through your [Tailscale](https://tailscale.com/) network. + +## What This Does + +- Runs code-server (web-based VS Code) on port 80 +- Exposes code-server exclusively through Tailscale (not accessible on local network) +- Provides secure remote access to your development environment from anywhere on your Tailnet + +## Prerequisites + +- Docker and Docker Compose installed +- A Tailscale account +- Tailscale authentication key (get one from [Tailscale Admin Console](https://login.tailscale.com/admin/settings/keys)) + +## Configuration + +### 1. Set Code Server Password + +Edit `docker-compose.yaml` and change the default password: + +```yaml +environment: + - PASSWORD=CHANGEME # Change this to a secure password +``` + +### 2. Configure Tailscale + +Before starting the stack, you need to provide a Tailscale auth key. You can either: + +**Option A: Set environment variable** + +```bash +export TS_AUTHKEY="tskey-auth-xxxxx" +``` + +**Option B: Edit docker-compose.yaml** + +Add the auth key to the tailscale service environment variables: + +```yaml +environment: + - TS_AUTHKEY=tskey-auth-xxxxx + - TS_AUTH_ONCE="true" + - TS_STATE_DIR=/var/lib/tailscale +``` + +### 3. (Optional) Customize Hostname + +The service will appear as `code-server` in your Tailscale admin console. To change this, edit the `hostname` field in the tailscale service. + +## Deployment + +1. Start the stack: + + ```bash + docker compose up -d + ``` + +2. Check that both services are running: + + ```bash + docker compose ps + ``` + +3. View logs to confirm Tailscale authentication: + ```bash + docker compose logs tailscale + ``` + +## Accessing Code Server + +1. Find your code-server URL in the [Tailscale Admin Console](https://login.tailscale.com/admin/machines) +2. Navigate to `http://code-server` (or the custom hostname you set) in your browser +3. Enter the password you configured +4. Start coding! + +## Directory Structure + +After deployment, the following directories will be created: + +- `./config` - Code-server configuration and settings +- `./project` - Your project files and workspace +- `./tailscale-data` - Tailscale state data (authentication and network info) + +## Important Notes + +- **Security**: Code-server is only accessible through your Tailscale network, providing zero-trust security +- **Network Mode**: The code-server container uses the tailscale service's network stack (`network_mode: service:tailscale`) +- **Password**: Make sure to change the default password before deploying to production +- **Persistence**: All data is stored in local volumes, so your work persists across container restarts +- **Resource Access**: The tailscale service needs `NET_ADMIN` and `NET_RAW` capabilities to manage the VPN tunnel + +## Stopping the Stack + +```bash +docker compose down +``` + +To remove all data (including your projects): + +```bash +docker compose down -v +rm -rf config project tailscale-data +``` + +## Troubleshooting + +### Can't connect to code-server + +1. Verify Tailscale is authenticated: + + ```bash + docker compose logs tailscale + ``` + +2. Check that both containers are running: + + ```bash + docker compose ps + ``` + +3. Ensure you're connected to Tailscale on your client device + +### Authentication issues + +- Make sure your Tailscale auth key is valid and not expired +- Auth keys can be reusable or one-time use - check your key settings in the Tailscale admin console + +## Version Information + +- **code-server**: 4.107.0-39 +- **tailscale**: v1.92.4 diff --git a/unsorted/docker_compose_stacks/code-server-via-tailscale/docker-compose.yaml b/unsorted/docker_compose_stacks/code-server-via-tailscale/docker-compose.yaml new file mode 100644 index 0000000..f18ba3b --- /dev/null +++ b/unsorted/docker_compose_stacks/code-server-via-tailscale/docker-compose.yaml @@ -0,0 +1,25 @@ +services: + code-server: + image: codercom/code-server:4.107.0-39 + network_mode: service:tailscale + environment: + - PASSWORD=CHANGEME + volumes: + - ./config:/home/coder/.local/share/code-server + - ./project:/home/coder/project + restart: unless-stopped + command: ["--bind-addr", "0.0.0.0:80", "--auth", "password"] + + tailscale: + image: tailscale/tailscale:v1.92.4 + hostname: code-server + environment: + - TS_AUTH_ONCE="true" + - TS_STATE_DIR=/var/lib/tailscale + volumes: + - ./tailscale-data:/var/lib/tailscale + - /dev/net/tun:/dev/net/tun + cap_add: + - NET_ADMIN + - NET_RAW + restart: unless-stopped
\ No newline at end of file diff --git a/unsorted/docker_compose_stacks/pihole-via-tailscale/README.md b/unsorted/docker_compose_stacks/pihole-via-tailscale/README.md new file mode 100644 index 0000000..47b6869 --- /dev/null +++ b/unsorted/docker_compose_stacks/pihole-via-tailscale/README.md @@ -0,0 +1,34 @@ +# Pi-hole via Tailscale + +A Docker Compose stack that runs [Pi-hole](https://pi-hole.net/) behind [Tailscale](https://tailscale.com/), making your Pi-hole instance accessible only via your Tailnet. + +## Services + +- **Pi-hole** - Network-wide ad blocking DNS server +- **Tailscale** - Secure mesh VPN for private network access + +## Setup + +1. Change the `WEBPASSWORD` environment variable in `docker-compose.yaml` to a secure password +2. Start the stack: + ```bash + docker compose up -d + ``` +3. Get the Tailscale login URL: + ```bash + docker compose logs -f tailscale + ``` +4. Open the login URL in your browser to authenticate with Tailscale +5. Access Pi-hole's admin interface at `http://pihole:80/admin` from any device on your Tailnet + +## Configuration + +- **Timezone**: Set via `TZ` environment variable (default: `Europe/London`) +- **Web Password**: Set via `WEBPASSWORD` environment variable +- **DNS Listening Mode**: Set to `ALL` to accept queries from all origins + +## Volumes + +- `./etc-pihole` - Pi-hole configuration +- `./etc-dnsmasq.d` - dnsmasq configuration +- `./tailscale-data` - Tailscale state diff --git a/unsorted/docker_compose_stacks/pihole-via-tailscale/docker-compose.yaml b/unsorted/docker_compose_stacks/pihole-via-tailscale/docker-compose.yaml new file mode 100644 index 0000000..f5a8070 --- /dev/null +++ b/unsorted/docker_compose_stacks/pihole-via-tailscale/docker-compose.yaml @@ -0,0 +1,30 @@ +services: + pihole: + image: pihole/pihole:2025.11.1 + network_mode: service:tailscale + environment: + TZ: "Europe/London" + WEBPASSWORD: "CHANGEME" + FTLCONF_dns_listeningMode: "ALL" + volumes: + - "./etc-pihole:/etc/pihole" + - "./etc-dnsmasq.d:/etc/dnsmasq.d" + restart: unless-stopped + cap_add: + - SYS_NICE + depends_on: + - tailscale + + tailscale: + image: tailscale/tailscale:v1.92.4 + hostname: pihole + environment: + - TS_AUTH_ONCE="true" + - TS_STATE_DIR=/var/lib/tailscale + volumes: + - ./tailscale-data:/var/lib/tailscale + - /dev/net/tun:/dev/net/tun + cap_add: + - NET_ADMIN + - NET_RAW + restart: unless-stopped diff --git a/unsorted/docker_compose_stacks/pihole/README.md b/unsorted/docker_compose_stacks/pihole/README.md new file mode 100644 index 0000000..e19a1a8 --- /dev/null +++ b/unsorted/docker_compose_stacks/pihole/README.md @@ -0,0 +1,89 @@ +# Pi-hole Docker Stack + +A Docker Compose configuration for running [Pi-hole](https://pi-hole.net/), a network-wide ad blocker that acts as a DNS sinkhole. + +## Features + +- DNS-based ad blocking for your entire network +- Web-based admin interface +- DHCP server capability +- NTP server for time synchronization + +## Exposed Ports + +| Port | Protocol | Service | +| ---- | -------- | --------------------- | +| 53 | TCP/UDP | DNS | +| 80 | TCP | HTTP (Web Interface) | +| 443 | TCP | HTTPS (Web Interface) | +| 67 | UDP | DHCP | +| 123 | UDP | NTP | + +## Configuration + +### Environment Variables + +| Variable | Description | Default | +| -------------------------------- | ---------------------------- | --------------- | +| `TZ` | Timezone | `Europe/London` | +| `FTLCONF_webserver_api_password` | Admin web interface password | `CHANGEME` | +| `FTLCONF_dns_listeningMode` | DNS listening mode | `ALL` | + +> ⚠️ **Important:** Change `FTLCONF_webserver_api_password` to a secure password before deployment. + +### Volumes + +- `./etc-pihole` - Pi-hole configuration files +- `./etc-dnsmasq.d` - dnsmasq configuration files + +### Capabilities + +The container requires the following Linux capabilities: + +- `NET_ADMIN` - Network administration (required for DHCP) +- `SYS_TIME` - System time modification (required for NTP) +- `SYS_NICE` - Process priority adjustment + +## Usage + +### Starting the Stack + +```bash +docker compose up -d +``` + +### Accessing the Web Interface + +Navigate to `http://<host-ip>/admin` and log in with the password set in `FTLCONF_webserver_api_password`. + +### Stopping the Stack + +```bash +docker compose down +``` + +### Viewing Logs + +```bash +docker compose logs -f pihole +``` + +## Network Configuration + +To use Pi-hole as your DNS server, configure your devices or router to use the host machine's IP address as the primary DNS server. + +### Option 1: Per-Device + +Set the DNS server on individual devices to point to the Pi-hole host IP. + +### Option 2: Router-Level + +Configure your router's DHCP settings to distribute the Pi-hole host IP as the DNS server to all clients. + +### Option 3: DHCP Server + +Disable DHCP on your router and let Pi-hole handle DHCP by configuring it through the web interface. + +## Image Version + +This stack uses Pi-hole version `2025.11.1`. diff --git a/unsorted/docker_compose_stacks/pihole/docker-compose.yaml b/unsorted/docker_compose_stacks/pihole/docker-compose.yaml new file mode 100644 index 0000000..f258ef4 --- /dev/null +++ b/unsorted/docker_compose_stacks/pihole/docker-compose.yaml @@ -0,0 +1,27 @@ +services: + pihole: + image: pihole/pihole:2025.11.1 + ports: + # DNS + - "53:53/tcp" + - "53:53/udp" + # HTTP + - "80:80/tcp" + # HTTPS + - "443:443/tcp" + # DHCP + - "67:67/udp" + # NTP + - "123:123/udp" + environment: + TZ: "Europe/London" + FTLCONF_webserver_api_password: "CHANGEME" + FTLCONF_dns_listeningMode: "ALL" + volumes: + - "./etc-pihole:/etc/pihole" + - "./etc-dnsmasq.d:/etc/dnsmasq.d" + cap_add: + - NET_ADMIN + - SYS_TIME + - SYS_NICE + restart: unless-stopped diff --git a/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md new file mode 100644 index 0000000..6f152b7 --- /dev/null +++ b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/README.md @@ -0,0 +1,99 @@ +# Sovereign Docker Compose Editor + +A secure, web-based code editor for managing Docker Compose files, accessible through Tailscale. + +## Overview + +This stack provides a code-server instance that allows you to edit Docker Compose files through a web interface. It's connected to Tailscale for secure remote access and has direct access to the host's Docker socket for managing containers. + +## Services + +### code-server + +- **Base Image**: `codercom/code-server:4.107.0-bookworm` +- **Purpose**: Web-based VS Code editor +- **Features**: + - Docker CLI installed for container management + - Password authentication + - Accessible via Tailscale network + +### tailscale + +- **Image**: `tailscale/tailscale:v1.92.4` +- **Purpose**: Secure network access via Tailscale VPN +- **Hostname**: `sovereign-docker-compose-editor` + +## Setup + +1. **Configure Password** + + Edit the `PASSWORD` environment variable in the `docker-compose.yaml`: + + ```yaml + environment: + - PASSWORD=your-secure-password-here + ``` + +2. **Tailscale Authentication** + + On first run, check the logs to get the Tailscale authentication URL: + + ```bash + docker compose logs tailscale + ``` + + Visit the URL to authenticate the device to your Tailscale network. + +3. **Start the Services** + ```bash + docker compose up -d + ``` + +## Access + +Once running and authenticated with Tailscale: + +- Access the editor at: `http://sovereign-docker-compose-editor` +- Login with the password you configured + +## Volumes + +- `./config` - code-server configuration and settings +- `/mnt/user/root/docker-compose/` - Project directory (editable Docker Compose files) +- `./tailscale-data` - Tailscale state and configuration +- `/var/run/docker.sock` - Host Docker socket for container management + +## Security Notes + +- The editor runs as root to access the Docker socket +- Access is restricted to your Tailscale network +- Change the default password immediately +- The Docker socket provides full control over host containers - use with caution + +## Managing Docker Containers + +With the Docker CLI installed and socket mounted, you can: + +- View running containers: `docker ps` +- Manage compose stacks: `docker compose up/down` +- View logs: `docker compose logs` +- All standard Docker commands are available + +## Customization + +### Change the Port + +The editor listens on port 80 within the Tailscale network. To change: + +```yaml +command: ["--bind-addr", "0.0.0.0:8080", "--auth", "password"] +``` + +### Change Project Directory + +Update the volume mount to point to your Docker Compose files: + +```yaml +volumes: + - /your/compose/files:/home/coder/project +``` diff --git a/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml new file mode 100644 index 0000000..8dd20c1 --- /dev/null +++ b/unsorted/docker_compose_stacks/sovereign-docker-compose-editor/docker-compose.yaml @@ -0,0 +1,41 @@ +services: + code-server: + build: + context: . + dockerfile_inline: | + FROM codercom/code-server:4.107.0-bookworm + + # Switch to root to install packages + USER root + + # Install Docker CLI + RUN curl https://get.docker.com | sh + + # Switch back to the default user + USER coder + + network_mode: service:tailscale + environment: + - PASSWORD=CHANGEME + volumes: + - ./config:/home/coder/.local/share/code-server + - /mnt/user/root/docker-compose/:/home/coder/project + # Mount the Host Docker Socket + - /var/run/docker.sock:/var/run/docker.sock + restart: unless-stopped + command: ["--bind-addr", "0.0.0.0:80", "--auth", "password"] + user: root + + tailscale: + image: tailscale/tailscale:v1.92.4 + hostname: sovereign-docker-compose-editor + environment: + - TS_AUTH_ONCE="true" + - TS_STATE_DIR=/var/lib/tailscale + volumes: + - ./tailscale-data:/var/lib/tailscale + - /dev/net/tun:/dev/net/tun + cap_add: + - NET_ADMIN + - NET_RAW + restart: unless-stopped |