commit f806c8046cb419f1ad69d027fec3014d86588341 Author: Mikael Lövqvist Date: Mon Mar 16 22:18:16 2026 +0100 Initial commit diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..dd34a9f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,26 @@ +FROM node:20-slim + +RUN apt-get update && apt-get install -y \ + git \ + curl \ + wget \ + jq \ + netcat-openbsd \ + socat \ + iputils-ping \ + iproute2 \ + dnsutils \ + python3 \ + && rm -rf /var/lib/apt/lists/* + +ARG UID=1000 +ARG GID=1000 + +RUN npm install -g @anthropic-ai/claude-code + +RUN groupmod -g $GID node && usermod -u $UID -g $GID -l claude node && usermod -d /home/claude -m claude +USER claude + +WORKDIR /workspace + +CMD ["claude"] \ No newline at end of file diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..c7a69c5 --- /dev/null +++ b/build.sh @@ -0,0 +1 @@ +sudo UID=$(id -u) GID=$(id -g) docker compose build \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..09b7287 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,26 @@ +services: + claude-code: + build: + context: . + args: + UID: ${UID:-1000} + GID: ${GID:-1000} + stdin_open: true + tty: true + environment: + - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-} + - TERM=xterm-256color + - COLORTERM=truecolor + volumes: + - ./workspace:/workspace + - ./claude-home:/home/claude + networks: + - claude-isolated + +networks: + claude-isolated: + driver: bridge + ipam: + config: + - subnet: 172.28.0.0/24 + gateway: 172.28.0.1 \ No newline at end of file diff --git a/etc_conf/daemon.json b/etc_conf/daemon.json new file mode 100644 index 0000000..32a3e65 --- /dev/null +++ b/etc_conf/daemon.json @@ -0,0 +1,5 @@ +{ + "default-address-pools": [ + {"base": "172.16.0.0/13", "size": 24} + ] +} \ No newline at end of file diff --git a/etc_conf/nftables.conf b/etc_conf/nftables.conf new file mode 100644 index 0000000..a2e770b --- /dev/null +++ b/etc_conf/nftables.conf @@ -0,0 +1,33 @@ +#!/usr/bin/nft -f +# vim:set ts=2 sw=2 et: + +destroy table inet filter +destroy table ip filter-custom + +table inet filter { + chain input { + type filter hook input priority filter + policy drop + + ct state invalid drop comment "early drop of invalid connections" + ct state {established, related} accept comment "allow tracked connections" + iif lo accept comment "allow from loopback" + ip protocol icmp accept comment "allow icmp" + meta l4proto ipv6-icmp accept comment "allow icmp v6" + tcp dport ssh accept comment "allow sshd" + pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited + counter + } + + chain forward { + type filter hook forward priority filter + 1; policy drop; + } +} + +table ip filter-custom { + chain forward { + type filter hook forward priority filter - 1; policy accept; + ct state established,related accept + ip saddr 172.16.0.0/12 ip daddr 192.168.0.0/16 drop + } +} \ No newline at end of file diff --git a/start-with-local.sh b/start-with-local.sh new file mode 100755 index 0000000..3d9a392 --- /dev/null +++ b/start-with-local.sh @@ -0,0 +1,11 @@ +sudo \ + ANTHROPIC_BASE_URL=http://192.168.2.99:11434 \ + ANTHROPIC_AUTH_TOKEN=ollama \ + ANTHROPIC_API_KEY="" \ + UID=$(id -u) \ + GID=$(id -g) \ + docker compose run \ + -e ANTHROPIC_BASE_URL \ + -e ANTHROPIC_AUTH_TOKEN \ + -e ANTHROPIC_API_KEY \ + claude-code claude --model gpt-oss:20b --dangerously-skip-permissions "$@" \ No newline at end of file diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..4b03692 --- /dev/null +++ b/start.sh @@ -0,0 +1 @@ +sudo UID=$(id -u) GID=$(id -g) docker compose run --rm claude-code claude --dangerously-skip-permissions "$@"