compose: persist LAN jump key (devbox-ssh-local volume) + docs

Persist ~/.ssh-local so the generated LAN-jump key survives container
recreation; authorize it on the host once per machine. Adds the volume
to the compose template and documents it in the README volumes table.
LAN-access mechanism/script changes are inherited from base-pi-only
(opencode-devbox).

CHANGELOG.md

@@ -8,7 +8,17 @@ Tags follow the pi npm version: `v{pi_version}[letter]` — bare tag for the fir
 
 ## Unreleased
 
-_(no changes since v0.78.0c)_
+### Added: persist the LAN-jump key + one-line authorize hint
+
+- **compose:** persist `~/.ssh-local` via a new `devbox-ssh-local` named volume
+  so the generated LAN-jump key survives `docker compose up --force-recreate`.
+  You authorize the key on the host **once per machine** instead of after every
+  container update.
+- **Inherited from base:** `setup-lan-access.sh` now prints a copy-paste
+  `echo '…' >> ~/.ssh/authorized_keys` line when it generates a new key
+  (published via opencode-devbox's `base-pi-only`). No helper file to locate.
+
+_(no other changes since v0.78.0c)_
 
 ## v0.78.0c — 2026-06-04
 

README.md

@@ -159,6 +159,7 @@ Persistent state is what makes the difference between "use this once" and "make
 | Volume | Mount point | What survives | Notes |
 |---|---|---|---|
 | `devbox-pi-config` | `/home/developer/.pi/` | pi settings.json, extension toggles, sessions, user-installed pi packages | `NPM_CONFIG_PREFIX` set inside the container so `pi install npm:…` and `npm install -g` lands here automatically |
+| `devbox-ssh-local` | `/home/developer/.ssh-local` | generated LAN-jump keypair + known_hosts | Authorize the jump key on the host **once per machine**; persisting it avoids re-authorizing after every update (see opencode-devbox README → *Reaching your LAN*) |
 | `devbox-shell-history` | `/home/developer/.cache/bash` | bash history | Across container recreate |
 | `devbox-zoxide` | `/home/developer/.local/share/zoxide` | zoxide directory jump history | The `z`/`zi` shortcuts remember where you've been |
 | `devbox-nvim-data` | `/home/developer/.local/share/nvim` | neovim plugin & Mason package state | LazyVim plugins persist |

docker-compose.yml

@@ -49,6 +49,12 @@ services:
       # Persist pi config (settings.json, extensions, sessions, auth)
       - devbox-pi-config:/home/developer/.pi
 
+      # Persist the generated LAN-jump keypair (~/.ssh-local) across recreates.
+      # setup-lan-access.sh generates this key once and reuses it; persisting
+      # it means you authorize it on the host ONCE rather than re-authorizing
+      # after every `docker compose up --force-recreate`.
+      - devbox-ssh-local:/home/developer/.ssh-local
+
       # Persist bash history across container recreations
       - devbox-shell-history:/home/developer/.cache/bash
 
@@ -72,6 +78,7 @@ services:
 
 volumes:
   devbox-pi-config:
+  devbox-ssh-local:
   devbox-shell-history:
   devbox-zoxide:
   devbox-nvim-data: