pi-devbox/docker-compose.yml

# pi-devbox docker-compose
#
# Usage:
#   cp .env.example .env    # configure your keys
#   docker compose up -d
#   docker compose exec -u developer devbox pi
#
# Or for interactive one-shot:
#   docker compose run --rm devbox

name: pi-devbox

services:
  devbox:
    image: joakimp/pi-devbox:latest
    # To build from source instead of pulling from Docker Hub:
    # build:
    #   context: .
    #   dockerfile: Dockerfile.variant
    #   args:
    #     # Pin a specific base build by hash instead of tracking base-latest:
    #     BASE_IMAGE: "joakimp/pi-devbox:base-<hash>"
    #     # PI_VERSION must be a concrete version, not 'latest', to defeat
    #     # the registry-buildcache cache-hit footgun. CI resolves this from
    #     # the npm registry; for a local build you can set it manually.
    #     PI_VERSION: "0.79.1"
    container_name: pi-devbox
    stdin_open: true
    tty: true
    env_file:
      - .env
    environment:
      - TERM=xterm-256color
      # Secrets (GITEA_*, GITHUB_*, and any others) are delivered to the
      # container via `env_file: .env` above — do NOT duplicate them here.
      # An `environment:` entry overrides env_file AND is interpolated from
      # the host shell, so a stale shell export (e.g. one auto-loaded by a
      # dotenv hook) would silently shadow the value in your .env. Keeping
      # secrets env_file-only decouples the container from the host shell.
      # See .env.example for the full list of supported variables.
    volumes:
      # Host workspace — mount your project here
      - ${WORKSPACE_PATH:-.}:/workspace

      # SSH keys (read-only) — for git push/pull
      - ${SSH_KEY_PATH:-~/.ssh}:/home/developer/.ssh:ro

      # Optional: host-owned shell config + LAN jump overrides. The image's
      # ~/.bash_aliases sources ~/.config/devbox-shell/bash_aliases if present,
      # and setup-lan-access.sh reads ~/.config/devbox-shell/ssh-lan.conf for
      # named-peer `ProxyJump host` overrides (reach LAN peers by name via
      # `dssh <peer>`; see opencode-devbox's ssh-lan.conf.example).
      # - ~/.config/devbox-shell:/home/developer/.config/devbox-shell:ro

      # Optional: mount skillset repo for automatic skill/instruction deployment.
      # - ${SKILLSET_PATH}:/home/developer/skillset

      # Persist pi config (settings.json, extensions, sessions, auth)
      - devbox-pi-config:/home/developer/.pi

      # Persist the generated LAN-jump keypair (~/.ssh-local) across recreates.
      # setup-lan-access.sh generates this key once and reuses it; persisting
      # it means you authorize it on the host ONCE rather than re-authorizing
      # after every `docker compose up --force-recreate`.
      - devbox-ssh-local:/home/developer/.ssh-local

      # Persist bash history across container recreations
      - devbox-shell-history:/home/developer/.cache/bash

      # Persist zoxide directory history
      - devbox-zoxide:/home/developer/.local/share/zoxide

      # Persist neovim plugin/Mason data
      - devbox-nvim-data:/home/developer/.local/share/nvim

      # Persist uv data (Python installs, tool installs)
      - devbox-uv:/home/developer/.local/share/uv

      # Optional: persist MemPalace data (conversation memory, knowledge graph)
      # - devbox-palace:/home/developer/.mempalace

      # Optional: persist ChromaDB embedding model cache (~79 MB)
      # - devbox-chroma-cache:/home/developer/.cache/chroma

      # Optional: AWS credentials/SSO config
      # - ~/.aws:/home/developer/.aws

volumes:
  devbox-pi-config:
  devbox-ssh-local:
  devbox-shell-history:
  devbox-zoxide:
  devbox-nvim-data:
  devbox-uv:
  # devbox-palace:
  # devbox-chroma-cache: