# HolyClaude

**AI Coding Workstation (Claude Code CLI + Web UI)**

## Service Overview

| Property | Value |
|----------|-------|
| **Service Name** | holyclaude |
| **Host** | seattle |
| **Category** | AI / Development |
| **Docker Image** | `coderluii/holyclaude:latest` |
| **Compose File** | `hosts/vms/seattle/holyclaude.yaml` |
| **Port** | 3059 (container :3001) |
| **URL** | `http://seattle:3059` (Tailscale-only) |
| **Status** | Testing |

## Purpose

HolyClaude bundles the Claude Code CLI, the [siteboon/claude-code-ui](https://github.com/siteboon/claude-code-ui) web UI, multiple AI CLIs, and a headless Chromium into a single Docker image. Upstream: [github.com/CoderLuii/HolyClaude](https://github.com/CoderLuii/HolyClaude) (MIT).

Deployed on seattle as a testing sandbox for evaluating the web UI workflow.

## Access

Bound to the Tailscale interface only (`100.82.197.124:3059`). Not reachable from the public IP (YOUR_WAN_IP). Access via Tailscale from any node on the tailnet:

```
http://seattle:3059
http://100.82.197.124:3059
```

First visit prompts you to create a username/password for the UI.

## Volumes

| Container Path | Docker Volume | Purpose |
|----------------|---------------|---------|
| `/home/claude` | `holyclaude-data` | UI config, user account, Claude Code state, plugins |
| `/workspace` | `holyclaude-workspace` | Project code (WORKDIR inside the container) |

## Configuration

Environment variables set in the compose file:

| Variable | Value |
|----------|-------|
| `TZ` | `America/Los_Angeles` |
| `PUID` | `1000` |
| `PGID` | `1000` |

The image runs as `root` internally (typical for dev-workstation containers — it drops to the `claude` user for most work via s6-overlay).

## Management

```bash
# From seattle
cd /root/repos/homelab/hosts/vms/seattle

docker compose -f holyclaude.yaml ps
docker compose -f holyclaude.yaml logs -f
docker compose -f holyclaude.yaml restart
docker compose -f holyclaude.yaml pull && docker compose -f holyclaude.yaml up -d

# Tear down (keep data):
docker compose -f holyclaude.yaml down

# Tear down + wipe volumes:
docker compose -f holyclaude.yaml down -v
```

## Security Notes

- Bound to Tailscale IP only — no public exposure.
- Third-party community image; pinned to `:latest` for now since this is testing. Pin to a digest before treating as production.
- Container runs privileged-as-root internally; any project code mounted into `/workspace` is readable/writable by the container.
- The bundled UI accepts arbitrary shell commands — treat access to the UI the same as SSH to the host.

## Troubleshooting

| Issue | Check |
|-------|-------|
| UI unreachable | `docker ps --filter name=holyclaude` — container healthy? |
| Port conflict | `ss -tlnp \| grep 3059` — anything else bound to 3059? |
| Can't reach over Tailscale | `tailscale status` on client; confirm seattle is online |
| Stuck at login | First-run creates the account; if forgotten, `docker compose down -v` resets everything |