coder
diff --git a/‎admin/access-control/manage.md
Lines changed: 8 additions & 12 deletions b/‎admin/access-control/manage.md
Lines changed: 8 additions & 12 deletions
diff --git a/‎admin/access-control/users/password-reset.md
Lines changed: 2 additions & 1 deletion b/‎admin/access-control/users/password-reset.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎admin/satellites/migration.md
Lines changed: 4 additions & 3 deletions b/‎admin/satellites/migration.md
Lines changed: 4 additions & 3 deletions
diff --git a/‎admin/workspace-management/cvms/management.md
Lines changed: 84 additions & 3 deletions b/‎admin/workspace-management/cvms/management.md
Lines changed: 84 additions & 3 deletions
diff --git a/‎admin/workspace-management/process-logging.md
Lines changed: 1 addition & 1 deletion b/‎admin/workspace-management/process-logging.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎admin/workspace-management/tun-device.md
Lines changed: 0 additions & 38 deletions b/‎admin/workspace-management/tun-device.md
Lines changed: 0 additions & 38 deletions
diff --git a/‎admin/workspace-providers/deployment/docker.md
Lines changed: 103 additions & 0 deletions b/‎admin/workspace-providers/deployment/docker.md
Lines changed: 103 additions & 0 deletions
diff --git a/‎admin/workspace-providers/deployment/kubernetes.md
Lines changed: 1 addition & 1 deletion b/‎admin/workspace-providers/deployment/kubernetes.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎admin/workspace-providers/management.md
Lines changed: 1 addition & 1 deletion b/‎admin/workspace-providers/management.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎assets/admin/cached-cvms.png
-186 KB b/‎assets/admin/cached-cvms.png
-186 KB
@@ -22,9 +22,9 @@ domain name for the OIDC token callback; use
 `https://coder.my-company.com/oidc/callback`.
 
 Once you've registered a Coder application with your OIDC provider, you'll need
-to return to Coder and complete the setup process. Under **Admin** > **Manage** >
-**Authentication**, ensure that you've selected **OpenID Connect** as the
-authentication type. Then, provide the following parameters:
+to return to Coder and complete the setup process. Under **Admin** >
+**Manage** > **Authentication**, ensure that you've selected **OpenID Connect**
+as the authentication type. Then, provide the following parameters:
 
 - **Client ID**: The client ID for the Coder application you registered with the
   OIDC provider
@@ -43,9 +43,9 @@ you:
   tokens from `https://<yourDomain>/api/v0/users/me/oidc-access-token`
 - **Additional Scopes:** Specify any scopes (beyond the default) that you would
   like Coder to request from the authentication provider. By default, Coder
-requests the scopes `openid`, `email`, and `profile`. Consult your
-authentication provider's documentation for information on which scopes they
-support.
+  requests the scopes `openid`, `email`, and `profile`. Consult your
+  authentication provider's documentation for information on which scopes they
+  support.
 - **Disable built-in authentication:** Choose whether Coder removes the ability
   to log in with an email/password option when you've enabled OIDC
   authentication
@@ -62,9 +62,5 @@ To do so, navigate to **Manage** > **Admin** > **Authentication**. Then, toggle
 **Disable built-in authentication** to **On** and click **Save preferences**.
 
 [Site managers](users/user-roles#site-manager-permissions) can still use
-built-in authentication. To view this option on the login page, add the
-following query parameter to the URL you use to access your Coder deployment:
-
-```text
-/login?showAllAuthenticationTypes=1
-```
+built-in authentication. The **Admin Login** option will be visible on the login
+page if built-in authentication is disabled.
@@ -35,7 +35,8 @@ If you need to reset the password for a site admin, you can do so using
 > sure to install it before proceeding.
 >
 > If you are using Docker, follow
-> [these instructions](../../../setup/docker#admin-password) instead.
+> [these instructions](../../../setup/coder-for-docker/local.md#admin-password)
+> instead.
 
 To reset the site admin password, run the following in the terminal:
 
 
@@ -63,9 +63,10 @@ satellite to any cluster and any namespace.
 
 ### Step 2: Enable Networking v2
 
-Log into Coder as a site manager, and go to **Manage** > **Providers**. Select
-the workspace provider, click the **vertical ellipsis** to its right, and select
-**Edit**. Enable the **NetworkingV2 toggle** and click **Update Provider**.
+Log into Coder as a site manager, and go to **Manage** > **Workspace
+providers**. Select the workspace provider, click the **vertical ellipsis** to
+its right, and select **Edit**. Enable the **NetworkingV2 toggle** and click
+**Update Provider**.
 
 At this point, rebuild a workspace to ensure connectivity between the workspace
 provider and the workspace. Note that latency to the workspace may be negatively
 
@@ -9,7 +9,14 @@ a site manager must enable CVMs. To do so:
 1. Go to **Manage > Admin > Infrastructure**.
 1. Toggle the **Enable Container-Based Virtual Machines** option to **Enable**.
 
-## Cached CVMs
+This section also describes the customization features that Coder offers for
+CVMs:
+
+![CVM Settings](../../../assets/admin/cvm-settings.png)
+
+These settings will apply to workspaces **after** they have been rebuilt.
+
+## Caching
 
 > Cached CVMs are currently an **alpha** feature.
 
@@ -18,7 +25,7 @@ To improve the startup time for CVM-based workspaces, you can enable caching.
 Cached CVMs require the `shiftfs` kernel to be present on the node. Some
 distributions (such as Ubuntu) include `shiftfs`. If you're unsure if `shiftfs`
 is present on your nodes, you can check by running `modinfo shiftfs`. If no
-output is returned, then you do not have `shiftfs` installed.
+output is returned, you do not have `shiftfs` installed.
 
 If you don't want to install `shiftfs` yourself, you can have Coder install the
 module automatically for you. **It is important that you do not have secure boot
@@ -27,4 +34,78 @@ install `shiftfs` on your behalf.**
 
 > GPUs are not supported with cached CVMs at this time.
 
-![Cached CVMs](../../../assets/admin/cached-cvms.png)
+## Self-contained workspace builds
+
+> Self-contained workspace builds are currently an **alpha** feature.
+
+By default, Coder initializes workspaces by running commands inside the
+container. Workspaces, however, control the initialization sequence instead when
+you enable [self-contained workspace builds]. This enables cluster operations
+that restrict command execution inside containers using the Kubernetes API, such
+as the `kubectl exec` command.
+
+[self-contained workspace builds]: ../self-contained-builds.md
+
+## Workspace process logging
+
+> Workspace process logging is currently an **alpha** feature.
+
+[Workspace process logging] enables auditing of commands executed inside the
+workspace container.
+
+[workspace process logging]: ../process-logging.md
+
+## TUN device
+
+> TUN devices currently an **alpha** feature.
+
+Coder allows the creation of custom network interfaces using the Linux TUN
+device. When using the **Enable TUN device** setting, Coder workspaces will have
+a `/dev/net/tun` device mounted into the workspace at build time. VPN usage
+often requires a TUN device.
+
+Users may need root (or `sudo`) access within their workspace to use the TUN
+device and start a VPN client.
+
+> At this time, Coder does not support TUN devices for non-Kubernetes workspace
+> types, such as EC2 or Docker.
+>
+> If you're working with EC2 workspaces, we recommend enabling privileged mode
+> in the workspace provider settings, which will allow users to create their own
+> TUN device.
+
+We've tested this feature using the [Tailscale](https://tailscale.com/) VPN
+within Coder. Remember that you may have to change your VPN settings to keep any
+persistent files (such as configuration/identity) files in your home volume, as
+any data outside the home volume is cleared when the workspace is rebuilt.
+
+## FUSE device
+
+> FUSE devices are currently an **alpha** feature.
+
+Coder allows the creation of custom filesystems using the Linux FUSE userspace
+filesystem device. By enabling the **Enable FUSE device** setting, Coder
+workspaces will have a `/dev/fuse` device mounted into the workspace at build
+time. These devices are often used to mount specialized filesystems, such as
+Google Cloud Storage buckets, to your workspace.
+
+Users may need root (or `sudo`) access within their workspace to use the FUSE
+device and start a FUSE filesystem.
+
+> At this time, Coder does not support FUSE devices for non-Kubernetes workspace
+> types, such as EC2 or Docker.
+>
+> If you're working with EC2 workspaces, we recommend enabling privileged mode
+> in the workspace provider settings, which will allow users to create their own
+> FUSE device.
+
+For example, you can mount a directory from a remote SSH server using `sshfs`:
+
+```console
+mkdir /tmp/mnt
+sshfs user@host:/ /tmp/mnt
+```
+
+Then, in a second terminal, run `ls /tmp/mnt` to list the files from the remote
+host. You should also be able to see a `fuse.sshfs` entry in the output from the
+`mount` command.
@@ -150,7 +150,7 @@ fields @timestamp, log_processed.fields.cmdline
   sidecar container. Depending on how your Kubernetes cluster is configured, you
   may incur extra charges from your cloud provider to store the additional logs.
 
-[c4d-doc]: ../../setup/docker.md
+[c4d-doc]: ../../setup/coder-for-docker/index.md
 [ebpf]: https://ebpf.io
 [ec2-doc]: ../workspace-providers/deployment/ec2.md
 [eks-cloudwatch]:
 
@@ -0,0 +1,103 @@
+---
+title: Docker
+description: Learn how to deploy a workspace provider to a Docker instance.
+state: alpha
+---
+
+This article walks you through the process of deploying a workspace provider to
+a remote VM instance using Docker.
+
+## Prerequisites
+
+- You must have a provisioned VM with the Docker Engine installed and running.
+  The Docker Engine must be at least version [20.10][docker-engine-version].
+
+- Coder must be able to access the VM over an SSH connection.
+
+- The Coder deployment must be accessible from the containers deployed inside
+  the VM.
+
+## 1. Create a new SSH key
+
+Coder uses SSH to connect to the remote VM and communicate with the Docker
+Engine.
+
+We recommend that you create a new SSH key for this purpose and do _not_ reuse
+this key. Furthermore, ensure that you save this key, since you'll need it to
+edit your workspace provider in the future.
+
+> &#10071; Coder does not currently support password-protected SSH keys; the SSH
+> key must be unencrypted.
+
+To generate your SSH key, run:
+
+```console
+ssh-keygen -t ed25519 -C remote-c4d -f $HOME/.ssh/remote_c4d -N ""
+```
+
+## 2. Add the SSH key to the remote VM
+
+Add your SSH key to the remote VM's `authorized_keys` file; this will allow
+Coder to connect via SSH using the new `remote_c4d` key:
+
+```console
+# Replace 'remote-user@192.0.2.10' with your VM's user and host/ip.
+ssh-copy-id -f -i $HOME/.ssh/remote_c4d.pub remote-user@192.0.2.10
+```
+
+## 3. Verify the SSH key
+
+Verify that you can use the key to connect via SSH to your remote VM:
+
+```console
+# Replace 'remote-user@192.0.2.10' with your VM's user and host/ip.
+ssh remote-user@192.0.2.10 -o IdentitiesOnly=yes -i $HOME/.ssh/remote_c4d 'echo All good!'
+```
+
+## 4. Enable the Docker providers feature flag
+
+In your Coder for Docker deployment, ensure that you've enabled the **Remote
+Docker Providers** feature flag.
+
+1. Log in to Coder, and go to **Account** > **Feature Preview**
+
+   ![See feature flags](../../../assets/deployment/docker/feature-flag-setting.png)
+
+1. Click to enable **Remote Docker Providers**
+
+   ![Enable feature flag](../../../assets/deployment/docker/docker-feature.png)
+
+## 5. Create the workspace provider
+
+To create your workspace provider, go to **Manage** > **Workspace providers**.
+Click the dropdown in the top-right corner to launch **Create Docker Provider**
+
+![Create docker provider](../../../assets/deployment/docker/create-docker-provider.png)
+
+You can now fill out the provider form.
+
+1. Provide a **name** for your new provider.
+
+1. For the **Docker Daemon URL**, use `unix:///var/run./docker.sock`
+
+1. Under the **SSH configuration** section:
+
+   1. Under **SSH Host URL**, provide the SSH URL for the remote VM, **including
+      the port** (e.g., `remote-user@192.0.2.10:22`)
+   1. Copy over the private key that you created earlier (you can retrieve it
+      with `cat $HOME/.ssh/remote_c4d`)
+   1. Run the keyscan provided for known host verification, and copy over the
+      output:
+
+      ```console
+      # Example:
+      ssh-keyscan -p 22 -H 192.0.2.10
+      ```
+
+   1. Optionally, set the access URL to an IP address or URL that workspaces can
+      use to access `coderd`. You do not need this override if the site-wide
+      access URL is accessible from the workspace container.
+
+   ![Docker ssh config](../../../assets/deployment/docker/docker-ssh-config.png)
+
+[docker-engine-version]: https://docs.docker.com/engine/release-notes/#20100
@@ -16,7 +16,7 @@ Install the following dependencies if you haven't already:
 
 ## Creating the new workspace provider
 
-1. Log in to Coder, and go to **Manage** > **Providers**.
+1. Log in to Coder, and go to **Manage** > **Workspace providers**.
 
 1. Click **Create New** in the top-right corner to launch the **Create a
    Kubernetes Provider** page.
 
@@ -151,7 +151,7 @@ Once you've made your changes, click **Update Provider** to save and continue.
 
 ## Delete a workspace provider
 
-1. Log in to Coder, and go to **Manage** > **Providers**.
+1. Log in to Coder, and go to **Manage** > **Workspace providers**.
 
 1. In the **Providers** list, find the workspace provider you want to delete.
    Click the vertical ellipsis to its right. Select **Delete**.
Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,8 @@ If you need to reset the password for a site admin, you can do so using`
`35`	`35`	`> sure to install it before proceeding.`
`36`	`36`	`>`
`37`	`37`	`> If you are using Docker, follow`
`38`		`-> [these instructions](../../../setup/docker#admin-password) instead.`
	`38`	`+> [these instructions](../../../setup/coder-for-docker/local.md#admin-password)`
	`39`	`+> instead.`
`39`	`40`
`40`	`41`	`To reset the site admin password, run the following in the terminal:`
`41`	`42`