forked from mikael-lovqvist/claude-docker
mikael-lovqvists-claude-agent
2c8d1a1adb
README covers the three-part firewall setup (daemon.json, Docker network subnet, nftables) with permalinks to avoid line drift. todo.md tracks documentation still to be written. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
16 lines
1.1 KiB
Markdown
16 lines
1.1 KiB
Markdown
# Documentation TODO
|
|
|
|
## README additions
|
|
|
|
- **File placement guide** — where each file goes on the host (`daemon.json` → `/etc/docker/daemon.json`, `nftables.conf` → `/etc/nftables.conf`, etc.)
|
|
- **Setup order** — step-by-step: daemon config → restart Docker → nftables → build image → create workspace + `.env` → run
|
|
- **Run instructions** — `docker compose run --rm claude-code`, mention `--build-arg UID/GID` for matching host user
|
|
- **Security model** — explain the layered approach: Docker network subnet isolation + nftables forward chain blocking LAN access
|
|
- **Partial load behaviour** — what happens if nftables isn't running, or only part of the config is loaded
|
|
- **Granting LAN access opt-in** — how to punch a hole for a specific host/port (e.g. a local database), with priority ordering explanation
|
|
- **Volume mounts** — explain `./workspace:/workspace` and `./claude-home:/home/claude` and their purpose (persistent home, bind-mounted project dir)
|
|
|
|
## dockerfile.md
|
|
|
|
- Update code block in user setup section to match current Dockerfile (shows old single-line version without the conditional deletions)
|