Inanis_Vault/21-Server Reference/homelab/stacks/dockhand.md

# Dockhand

Docker management UI. Used to manage all containers on the server. Also the tool used to generate this documentation.

## Access
- **Tailscale:** [dockhand.bunny-wyvern.ts.net](https://dockhand.bunny-wyvern.ts.net)
- **LAN:** `http://192.168.2.114:5555`

## Containers

| Container | Image | Role |
|---|---|---|
| `dockhand` | `fnsys/dockhand:latest` | Main web UI |
| `dockhand-tailscale-sidecar` | `tailscale/tailscale:latest` | Tailscale node |

## Compose File
**Path:** `/home/artanis/DockerFiles/Dockhand/docker-compose.yaml`

```yaml
services:
  dockhand:
    image: fnsys/dockhand:latest
    container_name: dockhand
    restart: unless-stopped
    ports:
      - 5555:3000
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/artanis/DockerFiles:/DockerFiles
      - /Minecraft_Server/docker-compose.yaml:/DockerFiles/Minecraft_Server/docker-compose.yaml
      - dockhand_data:/app/data

  dockhand-tailscale-sidecar:
    image: tailscale/tailscale:latest
    container_name: dockhand-tailscale-sidecar
    restart: always
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - dockhand_tailscale_state:/var/lib/tailscale
      - /home/artanis/DockerFiles:/DockerFiles
    environment:
      - TS_AUTHKEY=<redacted>
      - TS_HOSTNAME=dockhand
      - TS_STATE_DIR=/var/lib/tailscale
    network_mode: "service:dockhand"

volumes:
  dockhand_data:
  dockhand_tailscale_state:
```

## Notes
- The entire `/home/artanis/DockerFiles` directory is mounted into the container at `/DockerFiles`, giving Dockhand read/write access to all compose files
- The Minecraft compose file lives outside `DockerFiles` (`/Minecraft_Server/`) so it is explicitly bind-mounted in
- `dockhand_data` is the named volume for Dockhand's internal state (environments, settings, user accounts)
- Dockhand also manages vulnerability scanning with two cached databases: `dockhand-grype-db` and `dockhand-trivy-db`