diff --git a/.github/workflows/build-container-code.yml b/.github/workflows/build-container-code.yml
new file mode 100644
index 0000000..abe71c1
--- /dev/null
+++ b/.github/workflows/build-container-code.yml
@@ -0,0 +1,28 @@
+name: build container - code + cli
+run-name: building container - code + cli
+on:
+  schedule:
+    - cron: "0 0 1 * *"
+  workflow_dispatch:
+jobs:
+  build:
+    permissions:
+      contents: read
+      packages: write
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-24.04
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Run podman build - code-cli
+        run: podman build -t ghcr.io/gbraad-devenv/fedora/code-cli:41 -f containers/Containerfile-code-cli .
+      - name: Push image to ghcr.io - code-cli
+        run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/fedora/code-cli:41
+      - name: Run podman build - code
+        run: podman build -t ghcr.io/gbraad-devenv/fedora/code:41 -f containers/Containerfile-code .
+      - name: Push image to ghcr.io - code
+        run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/fedora/code:41
diff --git a/.github/workflows/tailscale-code.yml b/.github/workflows/tailscale-code.yml
new file mode 100644
index 0000000..045c8f0
--- /dev/null
+++ b/.github/workflows/tailscale-code.yml
@@ -0,0 +1,29 @@
+name: tailscale-code
+on:
+  workflow_dispatch:
+
+jobs:
+  code-test:
+    runs-on: ubuntu-24.04
+    
+    steps:
+      - name: Run system container with `podman`
+        run: |
+          podman run -d --name code --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/fedora/code:41
+      - name: Tailscale setup (root)
+        run: |
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY}
+          do
+              sleep 0.1
+          done
+          podman exec code tailscale set --ssh
+          podman exec code tailscale set --hostname github-code-${HOSTNAME}
+        env:
+          TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Hang around
+        run: |
+          podman exec -d code code serve-web --without-connection-token
+          podman exec -d code tailscale serve --bg 8000
+          URL=`podman exec code tailscale status --peers=false --json | jq '.CertDomains[0]' | sed 's/["]//g'`
+          echo "Open in your web browser: https://${URL}"
+          sleep infinity
diff --git a/containers/Containerfile-code b/containers/Containerfile-code
new file mode 100644
index 0000000..05e4166
--- /dev/null
+++ b/containers/Containerfile-code
@@ -0,0 +1,9 @@
+ARG BASE_VERSION="41"
+
+FROM ghcr.io/gbraad-devenv/fedora/systemd:${BASE_VERSION}
+
+LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/fedora"
+
+RUN curl -fL https://code.visualstudio.com/sha/download?build=stable\&os=linux-rpm-x64 -o code.rpm \
+    && dnf install -y code.rpm \
+    && rm -f code.rpm
diff --git a/containers/Containerfile-code-cli b/containers/Containerfile-code-cli
new file mode 100644
index 0000000..c6ec62a
--- /dev/null
+++ b/containers/Containerfile-code-cli
@@ -0,0 +1,13 @@
+ARG BASE_VERSION="41"
+
+FROM ghcr.io/gbraad-devenv/fedora/dotfiles:${BASE_VERSION}
+
+LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/fedora"
+
+RUN cd /tmp \
+    && curl -fL https://code.visualstudio.com/sha/download?build=stable\&os=cli-alpine-x64 -o code-cli.tar.gz \
+    && tar zxvf code-cli.tar.gz \
+    && mv code ~/.local/bin/ \
+    && rm -f code-cli.tar.gz
+
+ENTRYPOINT [ "/home/gbraad/.local/bin/code" ]