The Work Mac Studio serves as a dedicated Docker development server in the homelab environment. This powerful Apple Silicon-based workstation provides a high-performance platform for containerized development workflows, CI/CD pipelines, and testing environments while maintaining compatibility with the broader homelab infrastructure.
The Work Mac Studio addresses several key needs:
brew install --cask docker
1. **Configure Docker resources**:
2. **Enable Rosetta for x86 emulation**:
- Open Docker Desktop preferences
- Allocate appropriate CPU cores (16-18 cores recommended)
- Set memory limit (48-96GB depending on total RAM)
- Enable virtual disk size limit based on needs
```bash
## In Docker Desktop settings, enable "Use Rosetta for x86/amd64 emulation on Apple Silicon"
Create Docker daemon configuration:
## Create daemon config directory
mkdir -p ~/.docker
## Configure Docker daemon
cat > ~/.docker/daemon.json << EOF
{
"builder": {
"gc": {
"defaultKeepStorage": "20GB",
"enabled": true
}
},
"experimental": true,
"features": {
"buildkit": true
}
}
EOF
Configure Docker Buildx for multi-platform builds:
## Create new builder instance
docker buildx create --name multiarch --use
## Bootstrap the builder
docker buildx inspect --bootstrap
## Verify platforms
docker buildx ls
Organize development projects:
## Create base directories
mkdir -p ~/docker/{projects,volumes,configs,scripts}
mkdir -p ~/docker/projects/{work,personal,testing}
Create a base docker-compose configuration for development:
## ~/docker/configs/docker-compose.base.yml
version: '3.9'
x-common-variables: &common-variables
TZ: ${TZ:-America/New_York}
PUID: ${PUID:-1000}
PGID: ${PGID:-1000}
x-common-networks: &common-networks
networks:
- development
networks:
development:
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
Install essential development tools:
## Install Homebrew if not present
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
## Install development tools
brew install \
git \
docker-compose \
dive \
lazydocker \
ctop \
httpie \
jq \
yq
## Install container debugging tools
brew install --cask lens
brew install tailscale
sudo tailscale up
tailscale ip -4
1. **Update Ansible Inventory**:
Replace `REPLACE_WITH_TAILSCALE_IP` in the inventory with the actual Tailscale IP address.
## Service Discovery
Configure Avahi for local service discovery:
```bash
## Install Avahi
brew install avahi
## Start Avahi service
brew services start avahi
Mount homelab NAS shares for development:
## Create mount points
sudo mkdir -p /Volumes/nas02-docker
sudo mkdir -p /Volumes/nas02-development
## Mount via SMB (adjust credentials)
mount_smbfs //mspeicher@nas02.local/docker /Volumes/nas02-docker
mount_smbfs //mspeicher@nas02.local/development /Volumes/nas02-development
Deploy a local Docker registry for development:
## ~/docker/projects/work/registry/docker-compose.yml
version: '3.9'
services:
registry:
image: registry:2
container_name: work-registry
restart: unless-stopped
ports:
- "5000:5000"
volumes:
- ./data:/var/lib/registry
- ./config:/etc/docker/registry
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/cert.pem
REGISTRY_HTTP_TLS_KEY: /certs/key.pem
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
Set up registry authentication:
## Create auth directory
mkdir -p ~/docker/projects/work/registry/auth
## Create htpasswd file
docker run --rm --entrypoint htpasswd \
httpd:2 -Bbn myuser mypassword > ~/docker/projects/work/registry/auth/htpasswd
Deploy Gitea and Drone for local CI/CD:
## ~/docker/projects/work/cicd/docker-compose.yml
version: '3.9'
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=postgres:5432
restart: unless-stopped
volumes:
- ./gitea/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"
depends_on:
- postgres
postgres:
image: postgres:14
container_name: gitea_postgres
restart: unless-stopped
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
volumes:
- ./postgres:/var/lib/postgresql/data
Configure build caching:
## Create buildkit config
mkdir -p ~/.config/buildkit
cat > ~/.config/buildkit/buildkitd.toml << EOF
[worker.oci]
max-parallelism = 4
[registry."docker.io"]
mirrors = ["mirror.gcr.io"]
EOF
Deploy monitoring stack:
## ~/docker/projects/work/monitoring/docker-compose.yml
version: '3.9'
services:
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
container_name: cadvisor
ports:
- "8080:8080"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
restart: unless-stopped
prometheus:
image: prom/prometheus
container_name: prometheus
ports:
- "9090:9090"
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- prometheus_data:/prometheus
restart: unless-stopped
volumes:
prometheus_data:
Implement automated backups:
#!/bin/bash
## ~/docker/scripts/backup-docker-volumes.sh
BACKUP_DIR="/Volumes/nas02-docker/backups/work-mac-studio"
DATE=$(date +%Y%m%d_%H%M%S)
## Create backup directory
mkdir -p "$BACKUP_DIR/$DATE"
## Backup all Docker volumes
for volume in $(docker volume ls -q); do
echo "Backing up volume: $volume"
docker run --rm \
-v "$volume":/source:ro \
-v "$BACKUP_DIR/$DATE":/backup \
alpine tar -czf "/backup/${volume}.tar.gz" -C /source .
done
## Clean old backups (keep last 7 days)
find "$BACKUP_DIR" -type d -mtime +7 -exec rm -rf {} +
Regular maintenance checklist:
Weekly:
Monthly:
Quarterly:
Update Docker Desktop
Clean unused images: docker image prune -a
Remove stopped containers: docker container prune
Review resource allocation
Update base images
Audit security patches
macOS system updates
Docker Desktop major updates
Performance optimization review
ssh-keygen -t ed25519 -C "work-mac-studio"
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
1. **Firewall Configuration**:
```bash
## Enable macOS firewall
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
## Allow specific applications
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Docker.app
Implement security scanning:
## Install Trivy for vulnerability scanning
brew install aquasecurity/trivy/trivy
## Scan images before deployment
trivy image myapp:latest
rm -rf ~/Library/Group\ Containers/group.com.docker
rm -rf ~/Library/Containers/com.docker.docker
rm -rf ~/.docker
1. **Disk space issues**:
```bash
## Clean Docker system
docker system prune -a --volumes
## Check disk usage
docker system df
docker network prune
docker network create bridge
## Next Steps
After initial setup:
1. Configure automated startup of essential services
2. Set up development project templates
3. Integrate with existing homelab monitoring
4. Establish backup verification procedures
5. Document specific work project configurations
## References
- [Docker Desktop for Mac Documentation](https://docs.docker.com/desktop/mac/)
- [Apple Silicon Docker Considerations](https://docs.docker.com/desktop/mac/apple-silicon/)
- [Docker BuildX Multi-Architecture Guide](https://docs.docker.com/buildx/working-with-buildx/)
- [Tailscale macOS Setup](https://tailscale.com/kb/1016/install-mac/)