forked from mikael-lovqvist/claude-docker
mikael-lovqvists-claude-agent
2c8d1a1adb
README covers the three-part firewall setup (daemon.json, Docker network subnet, nftables) with permalinks to avoid line drift. todo.md tracks documentation still to be written. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1.1 KiB
1.1 KiB
Documentation TODO
README additions
- File placement guide — where each file goes on the host (
daemon.json→/etc/docker/daemon.json,nftables.conf→/etc/nftables.conf, etc.) - Setup order — step-by-step: daemon config → restart Docker → nftables → build image → create workspace +
.env→ run - Run instructions —
docker compose run --rm claude-code, mention--build-arg UID/GIDfor matching host user - Security model — explain the layered approach: Docker network subnet isolation + nftables forward chain blocking LAN access
- Partial load behaviour — what happens if nftables isn't running, or only part of the config is loaded
- Granting LAN access opt-in — how to punch a hole for a specific host/port (e.g. a local database), with priority ordering explanation
- Volume mounts — explain
./workspace:/workspaceand./claude-home:/home/claudeand their purpose (persistent home, bind-mounted project dir)
dockerfile.md
- Update code block in user setup section to match current Dockerfile (shows old single-line version without the conditional deletions)