Skip to content

Commit eb64473

Browse files
evgeniy-scherbinaevgeniy-scherbina
authored
feat: enable boundary on dogfood (#20766)
Enable boundary on dogfood. Allowed domains are specified in config.yaml file.
1 parent a83328c commit eb64473

File tree

2 files changed

+238
-1
lines changed

2 files changed

+238
-1
lines changed

dogfood/coder/boundary-config.yaml

Lines changed: 222 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,222 @@
1+
allowlist:
2+
# specified in claude-code module as well (effectively a duplicate); needed for basic functionality of claude-code agent
3+
- domain=anthropic.com
4+
- domain=registry.npmjs.org
5+
- domain=sentry.io
6+
- domain=claude.ai
7+
- domain=dev.coder.com
8+
9+
# test domains
10+
- method=GET domain=google.com
11+
- method=GET domain=typicode.com
12+
13+
# domain used in coder task workspaces
14+
- method=POST domain=http-intake.logs.datadoghq.com
15+
16+
# Default allowed domains from Claude Code on the web
17+
# Source: https://code.claude.com/docs/en/claude-code-on-the-web#default-allowed-domains
18+
# Anthropic Services
19+
- domain=api.anthropic.com
20+
- domain=statsig.anthropic.com
21+
- domain=claude.ai
22+
23+
# Version Control
24+
- domain=github.com
25+
- domain=www.github.com
26+
- domain=api.github.com
27+
- domain=raw.githubusercontent.com
28+
- domain=objects.githubusercontent.com
29+
- domain=codeload.github.com
30+
- domain=avatars.githubusercontent.com
31+
- domain=camo.githubusercontent.com
32+
- domain=gist.github.com
33+
- domain=gitlab.com
34+
- domain=www.gitlab.com
35+
- domain=registry.gitlab.com
36+
- domain=bitbucket.org
37+
- domain=www.bitbucket.org
38+
- domain=api.bitbucket.org
39+
40+
# Container Registries
41+
- domain=registry-1.docker.io
42+
- domain=auth.docker.io
43+
- domain=index.docker.io
44+
- domain=hub.docker.com
45+
- domain=www.docker.com
46+
- domain=production.cloudflare.docker.com
47+
- domain=download.docker.com
48+
- domain=*.gcr.io
49+
- domain=ghcr.io
50+
- domain=mcr.microsoft.com
51+
- domain=*.data.mcr.microsoft.com
52+
53+
# Cloud Platforms
54+
- domain=cloud.google.com
55+
- domain=accounts.google.com
56+
- domain=gcloud.google.com
57+
- domain=*.googleapis.com
58+
- domain=storage.googleapis.com
59+
- domain=compute.googleapis.com
60+
- domain=container.googleapis.com
61+
- domain=azure.com
62+
- domain=portal.azure.com
63+
- domain=microsoft.com
64+
- domain=www.microsoft.com
65+
- domain=*.microsoftonline.com
66+
- domain=packages.microsoft.com
67+
- domain=dotnet.microsoft.com
68+
- domain=dot.net
69+
- domain=visualstudio.com
70+
- domain=dev.azure.com
71+
- domain=oracle.com
72+
- domain=www.oracle.com
73+
- domain=java.com
74+
- domain=www.java.com
75+
- domain=java.net
76+
- domain=www.java.net
77+
- domain=download.oracle.com
78+
- domain=yum.oracle.com
79+
80+
# Package Managers - JavaScript/Node
81+
- domain=registry.npmjs.org
82+
- domain=www.npmjs.com
83+
- domain=www.npmjs.org
84+
- domain=npmjs.com
85+
- domain=npmjs.org
86+
- domain=yarnpkg.com
87+
- domain=registry.yarnpkg.com
88+
89+
# Package Managers - Python
90+
- domain=pypi.org
91+
- domain=www.pypi.org
92+
- domain=files.pythonhosted.org
93+
- domain=pythonhosted.org
94+
- domain=test.pypi.org
95+
- domain=pypi.python.org
96+
- domain=pypa.io
97+
- domain=www.pypa.io
98+
99+
# Package Managers - Ruby
100+
- domain=rubygems.org
101+
- domain=www.rubygems.org
102+
- domain=api.rubygems.org
103+
- domain=index.rubygems.org
104+
- domain=ruby-lang.org
105+
- domain=www.ruby-lang.org
106+
- domain=rubyforge.org
107+
- domain=www.rubyforge.org
108+
- domain=rubyonrails.org
109+
- domain=www.rubyonrails.org
110+
- domain=rvm.io
111+
- domain=get.rvm.io
112+
113+
# Package Managers - Rust
114+
- domain=crates.io
115+
- domain=www.crates.io
116+
- domain=static.crates.io
117+
- domain=rustup.rs
118+
- domain=static.rust-lang.org
119+
- domain=www.rust-lang.org
120+
121+
# Package Managers - Go
122+
- domain=proxy.golang.org
123+
- domain=sum.golang.org
124+
- domain=index.golang.org
125+
- domain=golang.org
126+
- domain=www.golang.org
127+
- domain=goproxy.io
128+
- domain=pkg.go.dev
129+
130+
# Package Managers - JVM
131+
- domain=maven.org
132+
- domain=repo.maven.org
133+
- domain=central.maven.org
134+
- domain=repo1.maven.org
135+
- domain=jcenter.bintray.com
136+
- domain=gradle.org
137+
- domain=www.gradle.org
138+
- domain=services.gradle.org
139+
- domain=spring.io
140+
- domain=repo.spring.io
141+
142+
# Package Managers - Other Languages
143+
- domain=packagist.org
144+
- domain=www.packagist.org
145+
- domain=repo.packagist.org
146+
- domain=nuget.org
147+
- domain=www.nuget.org
148+
- domain=api.nuget.org
149+
- domain=pub.dev
150+
- domain=api.pub.dev
151+
- domain=hex.pm
152+
- domain=www.hex.pm
153+
- domain=cpan.org
154+
- domain=www.cpan.org
155+
- domain=metacpan.org
156+
- domain=www.metacpan.org
157+
- domain=api.metacpan.org
158+
- domain=cocoapods.org
159+
- domain=www.cocoapods.org
160+
- domain=cdn.cocoapods.org
161+
- domain=haskell.org
162+
- domain=www.haskell.org
163+
- domain=hackage.haskell.org
164+
- domain=swift.org
165+
- domain=www.swift.org
166+
167+
# Linux Distributions
168+
- domain=archive.ubuntu.com
169+
- domain=security.ubuntu.com
170+
- domain=ubuntu.com
171+
- domain=www.ubuntu.com
172+
- domain=*.ubuntu.com
173+
- domain=ppa.launchpad.net
174+
- domain=launchpad.net
175+
- domain=www.launchpad.net
176+
177+
# Development Tools & Platforms
178+
- domain=dl.k8s.io
179+
- domain=pkgs.k8s.io
180+
- domain=k8s.io
181+
- domain=www.k8s.io
182+
- domain=releases.hashicorp.com
183+
- domain=apt.releases.hashicorp.com
184+
- domain=rpm.releases.hashicorp.com
185+
- domain=archive.releases.hashicorp.com
186+
- domain=hashicorp.com
187+
- domain=www.hashicorp.com
188+
- domain=repo.anaconda.com
189+
- domain=conda.anaconda.org
190+
- domain=anaconda.org
191+
- domain=www.anaconda.com
192+
- domain=anaconda.com
193+
- domain=continuum.io
194+
- domain=apache.org
195+
- domain=www.apache.org
196+
- domain=archive.apache.org
197+
- domain=downloads.apache.org
198+
- domain=eclipse.org
199+
- domain=www.eclipse.org
200+
- domain=download.eclipse.org
201+
- domain=nodejs.org
202+
- domain=www.nodejs.org
203+
204+
# Cloud Services & Monitoring
205+
- domain=statsig.com
206+
- domain=www.statsig.com
207+
- domain=api.statsig.com
208+
- domain=*.sentry.io
209+
210+
# Content Delivery & Mirrors
211+
- domain=*.sourceforge.net
212+
- domain=packagecloud.io
213+
- domain=*.packagecloud.io
214+
215+
# Schema & Configuration
216+
- domain=json-schema.org
217+
- domain=www.json-schema.org
218+
- domain=json.schemastore.org
219+
- domain=www.schemastore.org
220+
log_dir: /tmp/boundary_logs
221+
log_level: warn
222+
proxy_port: 8087

dogfood/coder/main.tf

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -844,10 +844,25 @@ locals {
844844
EOT
845845
}
846846

847+
resource "coder_script" "boundary_config_setup" {
848+
agent_id = coder_agent.dev.id
849+
display_name = "Boundary Setup Configuration"
850+
run_on_start = true
851+
852+
script = <<-EOF
853+
#!/bin/sh
854+
mkdir -p ~/.config/coder_boundary
855+
echo '${base64encode(file("${path.module}/boundary-config.yaml"))}' | base64 -d > ~/.config/coder_boundary/config.yaml
856+
chmod 600 ~/.config/coder_boundary/config.yaml
857+
EOF
858+
}
859+
847860
module "claude-code" {
848861
count = data.coder_task.me.enabled ? data.coder_workspace.me.start_count : 0
849862
source = "dev.registry.coder.com/coder/claude-code/coder"
850-
version = "4.0.0"
863+
version = "4.1.0"
864+
enable_boundary = true
865+
boundary_version = "v0.2.0"
851866
agent_id = coder_agent.dev.id
852867
workdir = local.repo_dir
853868
claude_code_version = "latest"

0 commit comments

Comments
 (0)