From 425d53cb578acabc697325ddd24d0ad959f377b3 Mon Sep 17 00:00:00 2001 From: Joakim Persson Date: Wed, 22 Apr 2026 21:24:59 +0200 Subject: [PATCH] Update multi-user docs to reflect own-account vs shared-account modes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The shared-machine section in README.md still claimed named volumes were isolated by directory-name prefixing alone, which was the bug we just fixed. Rewrite to document both modes (own-account with automatic $USER fallback, shared-account with explicit SIGNUM) and explicitly note that the Docker daemon is system-wide — directory name prefixing is NOT sufficient for volume isolation. --- README.md | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 2c39225..409398f 100644 --- a/README.md +++ b/README.md @@ -273,11 +273,17 @@ volumes: - devbox-vscode:/home/developer/.vscode-server ``` -### Shared machine setup (multiple users, single OS account) +### Multi-user setup -For machines where multiple users share one OS account (e.g. a common `garage` user), a separate compose file isolates each user's config and data using a `SIGNUM` variable. +The shared-machine compose file (`docker-compose.shared.yml`) supports two modes: -Each user creates their own directory and setup: +**Own-account mode** (each user has their own OS login — the common case): +Leave `SIGNUM` unset in `.env`. The project name defaults to `devbox-$USER`, so each OS user automatically gets isolated container names and named volumes with zero configuration. + +**Shared-account mode** (everyone logs in as the same OS user, e.g. `garage`): +Each user sets `SIGNUM=` in `.env` to get isolation. + +Setup per user: ```bash # Replace with your username/identifier @@ -291,17 +297,17 @@ cp /path/to/opencode-devbox/.env.shared.example .env # Create per-user config directory mkdir -p ~//.config/opencode -# Edit .env with your signum, provider, keys, etc. +# Edit .env — set SIGNUM only if you're in shared-account mode vim .env # Start docker compose up -d -docker compose exec -u developer devbox- opencode +docker compose exec -u developer devbox opencode ``` Each user's container, config, and named volumes are fully isolated: -- Container name: `devbox-` (no collisions) -- Named volumes: prefixed with the project directory name (automatic per-user isolation) +- Container name: `devbox-` (or `devbox-$USER` in own-account mode) +- Named volumes: prefixed with the project name (`devbox-_devbox-data`, etc.) — the Docker daemon is system-wide, so directory-name prefixing alone is NOT sufficient for isolation - Opencode config: `~//.config/opencode/` (per-user settings, OMOS config, etc.) See `docker-compose.shared.yml` and `.env.shared.example` for the full configuration.