TazPod: Container Lifecycle Detail

Level 3 (Detail) — Docker container create, start, stop, and remove.

Concept

TazPod manages a single Docker container per project. The container is disposable — all persistent state lives in the mounted workspace directory. Container lifecycle is managed by lifecycle.go.

Commands

tazpod up

File: cmd/tazpod/lifecycle.goup() (lines 10-18)

  1. Validate cfg.Image is set (error if missing)
  2. ensureContainerUp() — create or start container
  3. Spawn sync daemon: tazpod __internal_sync_daemon

tazpod down

File: cmd/tazpod/lifecycle.godown() (lines 20-25)

exec.Command("docker", "stop", cfg.ContainerName).Run()
exec.Command("docker", "rm", cfg.ContainerName).Run()

Stops and removes the container. The workspace and vault on the host are preserved.

tazpod enter / tazpod ssh

File: cmd/tazpod/lifecycle.goenter() (line 27)

Delegates to smartEntry().

Container Creation

File: cmd/tazpod/lifecycle.goensureContainerUp() (lines 107-131)

docker run -d --name <name> \
  --cap-add SYS_ADMIN \
  --security-opt apparmor=unconfined \
  --dns 1.1.1.1 --dns 1.0.0.1 \
  -v <cwd>:/workspace \
  -v ~/.ssh:/home/tazpod/.ssh:ro \
  -e HOST_CWD=<cwd> \
  <image> sleep infinity
FlagPurpose
--cap-add SYS_ADMINRequired for mount operations (tmpfs, bind mounts)
--security-opt apparmor=unconfinedPrevents AppArmor from blocking mount syscalls
--dns 1.1.1.1 / 1.0.0.1Cloudflare DNS
-v <cwd>:/workspaceCurrent project directory mounted into container
-v ~/.ssh:/home/tazpod/.ssh:roHost SSH keys shared read-only
-e HOST_CWD=<cwd>Host working directory for host-path resolution
sleep infinityLong-lived process keeping the container alive

Container name is derived from cfg.ContainerName (default: <project-folder>-lab).

Container State Machine

Container missing?  ──► docker run (create + start)
       │
Container stopped?  ──► docker start
       │
Container running?  ──► proceed to smartEntry

Known Issues

  • TD-018: Default bridge MTU (1500) causes HTTPS/TLS handshake failures when the host network uses a lower MTU (e.g., mobile hotspot or Tailscale). The container is created with Docker’s default network MTU. No automated MTU adjustment is configured.

Code Paths

FileFunctionLineRole
lifecycle.goup()10Start container + spawn daemon
lifecycle.godown()20Stop + remove container
lifecycle.goensureContainerUp()107Create/start check

See Also