Basic OpenCode Sandboxing with Docker

1st of May 2026

#Linux #OpenSource #Bash #Web Development #Code

I’ve been playing with OpenCode as a way to test different models, play with self-hosted models and to avoid reliance on big tech provided systems. With these kinds of tools, I’m not keen on giving it free access to all my files. Therefore, I came up with a simple little docker based setup so that OpenCode’s access is limited somewhat.

Note: I am not a security expert and this kind of setup does not assure any kind of absolute sandboxing or security.

Here’s the Dockerfile:

FROM node:24-trixie

RUN npm install -g opencode-ai

RUN mkdir -p /home/node/.local/share/opencode \
             /home/node/.local/state/opencode \
             /home/node/.cache/opencode \
    && chown -R node:node /home/node

ENTRYPOINT ["opencode"]

This installs OpenCode within a Debian Trixie-based image with Node.js installed.

Build that from the same directory using docker build -t local:opencode .. Then create the following bash script as opencode, located somewhere in your $PATH:

#!/usr/bin/env bash

exec docker run --rm -it \
    --user "$(id -u):$(id -g)" \
    -v "$HOME/.config/opencode:/home/node/.config/opencode" \
    -v "$HOME/.cache/opencode:/home/node/.cache/opencode" \
    -v "$HOME/.local/share/opencode:/home/node/.local/share/opencode" \
    -v "$HOME/.local/state/opencode:/home/node/.local/state/opencode" \
    -v "$(pwd):/app$(pwd)" \
    -w "/app$(pwd)" \
    -p "4040:4040" \
    local:opencode "--port" "4040" "--hostname" "0.0.0.0" "$@"

This script runs the container, running OpenCode as the same user/group ID as the host user. All the OpenCode config/cache/state directories are passed through to retain sessions/login/state between sessions. Then the current working directory is mapped into the container at /app$(pwd). I include the /app prefix to contain working data to a specific place inside the container. Port 4040 is passed through between host and container, which is set for OpenCode on the next line, along with a 0.0.0.0 hostname. These are to allow the web UI to be accessed via http://localhost:4040 on the host (Warning: This may result in OpenCode being accessible to others on your network when running OpenCode). Lastly, it runs the container using the local:opencode tag we built it with, setting those web server UI options and then it passes any extra options which the user provided when running the bash script.

Make the script executable with chmod +x opencode. Then, with the script in your $PATH somewhere, you should be able to run opencode to start the docker-based OpenCode in your current working directory. In the bottom left corner you should see the path starting with /app/

To re-iterate, this does not assure security in any way, and there may be better options elsewhere such as in this thread but for me I wanted a setup which was simple, using the tools I’m familiar with, which should cover my greatest concern (unrestricted access to my files). Your concerns & considerations may differ.

There may also be limitations/complications/side-effects with this kind of setup, I’m still in the early stages of testing it.

I did try to initially use “Docker Sandboxes”, but I abandoned this route when it required me to accept non-open terms when following their usage guide. From what I can see at a glance, this is a proprietary service/offering.

Want to let me know what you think of this post?
You can find me on Mastodon @danb@fosstodon.org.

Latest Posts

By Tag

#opensource (22) #linux (15) #code (11) #selfhosted (10) #web development (10) #bash (8) #web (8) #hardware (7) #home (5) #bookstack (3) #career (3) #games (3) #gardening (3) #workupdates (3) #3d printing (2) #android (2) #ankylosingspondylitis (2) #css (2) #cats (1)