Initial commit

2026-03-16 22:18:16 +01:00
commit f806c8046c
7 changed files with 103 additions and 0 deletions
--- a/26
+++ b/26
@@ -0,0 +1,26 @@
+FROM node:20-slim
+
+RUN apt-get update && apt-get install -y \
+    git \
+    curl \
+    wget \
+    jq \
+    netcat-openbsd \
+    socat \
+    iputils-ping \
+    iproute2 \
+    dnsutils \
+    python3 \
+    && rm -rf /var/lib/apt/lists/*
+
+ARG UID=1000
+ARG GID=1000
+
+RUN npm install -g @anthropic-ai/claude-code
+
+RUN groupmod -g $GID node && usermod -u $UID -g $GID -l claude node && usermod -d /home/claude -m claude
+USER claude
+
+WORKDIR /workspace
+
+CMD ["claude"]
--- a/build.sh
+++ b/build.sh
@@ -0,0 +1 @@
+sudo UID=$(id -u) GID=$(id -g) docker compose build
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,26 @@
+services:
+  claude-code:
+    build:
+      context: .
+      args:
+        UID: ${UID:-1000}
+        GID: ${GID:-1000}
+    stdin_open: true
+    tty: true
+    environment:
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
+      - TERM=xterm-256color
+      - COLORTERM=truecolor
+    volumes:
+      - ./workspace:/workspace
+      - ./claude-home:/home/claude
+    networks:
+      - claude-isolated
+
+networks:
+  claude-isolated:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.28.0.0/24
+          gateway: 172.28.0.1
--- a/etc_conf/daemon.json
+++ b/etc_conf/daemon.json
@@ -0,0 +1,5 @@
+{
+  "default-address-pools": [
+    {"base": "172.16.0.0/13", "size": 24}
+  ]
+}
--- a/etc_conf/nftables.conf
+++ b/etc_conf/nftables.conf
@@ -0,0 +1,33 @@
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+destroy table inet filter
+destroy table ip filter-custom
+
+table inet filter {
+  chain input {
+    type filter hook input priority filter
+    policy drop
+
+    ct state invalid drop comment "early drop of invalid connections"
+    ct state {established, related} accept comment "allow tracked connections"
+    iif lo accept comment "allow from loopback"
+    ip protocol icmp accept comment "allow icmp"
+    meta l4proto ipv6-icmp accept comment "allow icmp v6"
+    tcp dport ssh accept comment "allow sshd"
+    pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
+    counter
+  }
+
+  chain forward {
+    type filter hook forward priority filter + 1; policy drop;
+  }
+}
+
+table ip filter-custom {
+  chain forward {
+    type filter hook forward priority filter - 1; policy accept;
+    ct state established,related accept
+    ip saddr 172.16.0.0/12 ip daddr 192.168.0.0/16 drop
+  }
+}
--- a/start-with-local.sh
+++ b/start-with-local.sh
@@ -0,0 +1,11 @@
+sudo \
+  ANTHROPIC_BASE_URL=http://192.168.2.99:11434 \
+  ANTHROPIC_AUTH_TOKEN=ollama \
+  ANTHROPIC_API_KEY="" \
+  UID=$(id -u) \
+  GID=$(id -g) \
+  docker compose run \
+  -e ANTHROPIC_BASE_URL \
+  -e ANTHROPIC_AUTH_TOKEN \
+  -e ANTHROPIC_API_KEY \
+  claude-code claude --model gpt-oss:20b --dangerously-skip-permissions "$@"
--- a/start.sh
+++ b/start.sh
@@ -0,0 +1 @@
+sudo UID=$(id -u) GID=$(id -g) docker compose run --rm claude-code claude --dangerously-skip-permissions "$@"
				`@@ -0,0 +1 @@`
				`sudo UID=$(id -u) GID=$(id -g) docker compose build`