# opencode-devbox environment configuration # Copy this file to .env and fill in your values: # cp .env.example .env # ── LLM Provider ───────────────────────────────────────────────────── # Which provider to auto-configure (anthropic, openai, amazon-bedrock) OPENCODE_PROVIDER=anthropic # Model override (optional, defaults per provider) # OPENCODE_MODEL=anthropic/claude-sonnet-4-6 # ── API Keys (set the one matching your provider) ──────────────────── # ANTHROPIC_API_KEY= # OPENAI_API_KEY= # GEMINI_API_KEY= # ── AWS Bedrock (if using amazon-bedrock provider) ─────────────────── # AWS_REGION=eu-west-1 # AWS_PROFILE=default # AWS_ACCESS_KEY_ID= # AWS_SECRET_ACCESS_KEY= # ── Git Configuration ──────────────────────────────────────────────── GIT_USER_NAME= GIT_USER_EMAIL= # ── Workspace ──────────────────────────────────────────────────────── # Path on host to mount as /workspace in the container WORKSPACE_PATH=~/projects # Path to SSH keys on host SSH_KEY_PATH=~/.ssh # ── LAN access from the container (host-OS-agnostic) ───────────────── # On VM-backed hosts (macOS OrbStack / Docker Desktop, also Docker Desktop # on Windows) the container runs in a Linux VM and CANNOT reach the host's # directly-attached LAN peers by default. On native Linux Docker the LAN is # reachable directly and nothing is needed. The entrypoint detects this and, # on VM-backed hosts, generates ~/.ssh-local/config so the host can be used # as an SSH jump (use the `dssh` alias). Reach the host itself with # `dssh host`. To reach named LAN peers, put `ProxyJump host` overrides in a # host-owned ~/.config/devbox-shell/ssh-lan.conf (bind-mounted in) rather than # editing your ~/.ssh/config — see ssh-lan.conf.example. Public-IP hosts (and # anything reached via a public jump host) connect directly, no jump needed. # # DEVBOX_LAN_ACCESS: auto (default) | jump | off # auto = set up the jump only on VM-backed hosts; no-op on native Linux. # jump = always set up (e.g. native Linux with extra_hosts host-gateway). # off = disable entirely. # DEVBOX_LAN_ACCESS=auto # # HOST_SSH_USER: your username on the host. REQUIRED for the jump to # authenticate. On first start the entrypoint prints the public key to # authorize on the host (append to the host's ~/.ssh/authorized_keys) and # reminds you to enable the host's SSH server (e.g. macOS Remote Login). # HOST_SSH_USER= # # DEVBOX_HOST_ALIAS: host hostname to reach (default host.docker.internal). # DEVBOX_HOST_ALIAS=host.docker.internal # # DEVBOX_LAN_AUTOJUMP_PRIVATE: 1 = ProxyJump ANY RFC1918 (private) IP through # the host, so bare `dssh user@` works on whatever LAN the (roaming) host # is currently joined to, without naming peers. Matches the typed address, not # the resolved HostName, so named hosts with their own ProxyJump are unaffected. # DEVBOX_LAN_AUTOJUMP_PRIVATE=0 # ── Skillset (agent skills and instructions) ───────────────────────── # If you have a skillset repo, the entrypoint auto-deploys skills and # instructions on container start using relative symlinks (portable # across host/container). # # Detection is automatic if the skillset lives directly at the workspace # root (i.e. WORKSPACE_PATH/skillset → /workspace/skillset in container). # # If the skillset lives in a subdirectory of your workspace, set # SKILLSET_CONTAINER_PATH to its location *inside the container*. This # is determined by the workspace mount: whatever is at # WORKSPACE_PATH/ on the host becomes /workspace/ # in the container. # # Examples: # Host skillset at ~/projects/skillset → already at /workspace/skillset (auto-detected, no config needed) # Host skillset at ~/projects/tools/skillset → SKILLSET_CONTAINER_PATH=/workspace/tools/skillset # Host skillset at ~/projects/local/skillset → SKILLSET_CONTAINER_PATH=/workspace/local/skillset # # Alternatively, mount the skillset repo at a dedicated path using the # SKILLSET_PATH volume in docker-compose.yml (see comments there). In # that case the entrypoint finds it at ~/skillset automatically. # # SKILLSET_CONTAINER_PATH= # ── Locale (defaults to en_US.UTF-8) ───────────────────────────────── # LANG=sv_SE.UTF-8 # LANGUAGE=sv_SE:sv # LC_ALL=sv_SE.UTF-8 # ── oh-my-opencode-slim (multi-agent orchestration) ────────────────── # Requires image built with INSTALL_OMOS=true # ENABLE_OMOS=false # OMOS_TMUX=false # Enable tmux multiplexer integration # OMOS_SKILLS=true # Install recommended skills (simplify, agent-browser, cartography) # OMOS_RESET=false # Force regenerate oh-my-opencode-slim config on next start # ── pi coding-agent (alternative/complementary harness) ───────────────── # Requires image built with INSTALL_PI=true. # When the image is built with both INSTALL_OPENCODE=true (default) and # INSTALL_PI=true, both harnesses share the same mempalace install and # palace path — wing data is mutually visible to either harness. # # Pi version is baked at build time via PI_VERSION (default: latest at # build). The baked `pi` binary is at /usr/bin/pi (system npm prefix); # rebuild the image to upgrade it. NPM_CONFIG_PREFIX is set to # /home/developer/.pi/npm-global, so anything installed via # `pi install npm:...` or `npm install -g` as the developer user # (themes, skills, extensions, including a user-installed pi itself) # lands on the named volume and survives container recreate AND image # rebuilds. A user-installed pi wins via PATH order over the baked one. # # Pi config (settings.json, extensions toggle state, sessions, auth) persists in the # devbox-pi-config named volume mounted at ~/.pi/. # # To launch pi from a `compose run` invocation: # docker compose run --rm devbox pi # To attach to a running container: # docker compose exec -u developer devbox pi # Default `compose run` (no args) drops to bash; pick the harness yourself. # # Build args (set in docker-compose.yml or via --build-arg on docker build): # INSTALL_PI=true # default false; opt-in # PI_VERSION=latest # pin a specific version, e.g. 0.73.0 # INSTALL_OPENCODE=false # build a pi-only image (still has Bun in -omos)