From d65f8cc0775e39b671f9a344149517534e085f91 Mon Sep 17 00:00:00 2001 From: Joakim Persson Date: Wed, 22 Apr 2026 21:17:07 +0200 Subject: [PATCH] Fix volume collision in shared-machine compose: scope project name by SIGNUM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Docker daemon is system-wide — named volumes are prefixed by the compose project name, which defaults to the basename of the directory holding docker-compose.yml. Two users whose compose file lives under a directory with the same name (e.g. ~/alice/opencode-devbox and ~/bob/opencode-devbox) would silently share volumes, corrupting each other's opencode data, bash history, and TUI settings. Add an explicit top-level 'name: devbox-${SIGNUM}' so the project name (and therefore all volume prefixes) is unique per user. The old comment claiming directory-name prefixing was sufficient was wrong — it only works if directory basenames differ, which isn't guaranteed on multi-user hosts or when users follow the same setup instructions. --- docker-compose.shared.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docker-compose.shared.yml b/docker-compose.shared.yml index 53675ba..7849fea 100644 --- a/docker-compose.shared.yml +++ b/docker-compose.shared.yml @@ -12,9 +12,13 @@ # 5. mkdir -p ~//.config/opencode # 6. docker compose up -d # -# Named volumes are automatically isolated per user because Docker Compose -# prefixes them with the project directory name (e.g. opencode-devbox_devbox-data). -# Since each user runs from ~//opencode-devbox/, volumes don't collide. +# Volume isolation: the top-level 'name:' field uses SIGNUM to derive a +# unique project name (devbox-), which Docker Compose uses as the +# prefix for all named volumes. Without this, two users whose compose file +# lives in a directory with the same basename would share volumes — the +# Docker daemon is system-wide and doesn't scope by OS user. + +name: devbox-${SIGNUM:?Set SIGNUM in .env} services: devbox: