-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.example.yml
More file actions
113 lines (93 loc) · 3.91 KB
/
docker-compose.example.yml
File metadata and controls
113 lines (93 loc) · 3.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
services:
agentsafe:
build:
context: .
args:
CLAUDE_UID: ${CLAUDE_UID:-1000}
CLAUDE_GID: ${CLAUDE_GID:-1000}
image: agentsafe:latest
container_name: agentsafe
hostname: agentsafe
# --- GPU ---
runtime: nvidia
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: all
capabilities: [gpu]
# --- Ports ---
ports:
- "2222:22" # SSH access from external devices
- "8000-8099:8000-8099" # Web app serving range
# --- Volumes ---
volumes:
# All projects visible as read-only by default
- ~/projects:/workspace/projects:ro
# Scratch space for the agent (temp files, experiments)
- ./workspace:/workspace/scratch
# Active development overrides (rw) — inner mounts take precedence
# Use scripts/mount-project.sh to add/remove projects, or add manually:
# - ~/projects/my-project:/workspace/projects/my-project
# Claude OAuth credentials — mounted read-only to a staging path;
# entrypoint copies to the writable location so CLI can refresh tokens
- ./config/.credentials.json:/home/claude/.claude/.credentials-seed.json:ro
# GitHub machine user credentials — read-only
- ./config/git-credentials:/home/claude/.git-credentials:ro
# SSH authorized keys for remote access — read-only
- ./config/authorized_keys:/home/claude/.ssh/authorized_keys:ro
# Hardened sshd config — read-only
- ./config/sshd_config:/etc/ssh/sshd_config:ro
# Claude CLI settings (permissions, hooks, statusline) — read-only
- ./config/settings.json:/home/claude/.claude/settings.json:ro
- ./config/statusline.sh:/home/claude/.claude/statusline.sh:ro
# Host's global CLAUDE.md — keeps container preferences in sync with host
- ~/.claude/CLAUDE.md:/home/claude/.claude/CLAUDE.md:ro
# Codex CLI defaults (approval/sandbox/web search) — read-only
- ./config/codex-config.toml:/home/claude/.codex/config.toml:ro
# .aiexclude — read-only
- ./config/.aiexclude:/home/claude/.claude/.aiexclude:ro
# Cortex memory — runtime (read-only) and shared data (read-write)
# Requires claude-cortex-core to be cloned and built on the host
# - ~/projects/claude-cortex-core:/opt/cortex:ro
# - ~/.claude-cortex:/home/claude/.claude-cortex
# --- Environment ---
env_file:
- ./config/.env
environment:
# NVIDIA
- NVIDIA_VISIBLE_DEVICES=all
- NVIDIA_DRIVER_CAPABILITIES=compute,utility
# Ollama host on LAN — use IP address, optional port (default 11434)
# Example: 192.168.1.50 or 192.168.1.50:11434
- OLLAMA_HOST=
# Cortex memory path (matches volume mount, optional)
# - CORTEX_PATH=/opt/cortex
# Appearance
- TERM=xterm-256color
# Git identity for the machine user
- GIT_AUTHOR_NAME=agentsafe-bot
- GIT_AUTHOR_EMAIL=agentsafe-bot@users.noreply.github.com
- GIT_COMMITTER_NAME=agentsafe-bot
- GIT_COMMITTER_EMAIL=agentsafe-bot@users.noreply.github.com
# --- Security ---
cap_drop:
- ALL
cap_add:
- CHOWN # Fix ownership on mounted volumes
- FOWNER # chmod on files not owned by root
- SETUID # gosu to drop from root to claude
- SETGID # gosu to drop from root to claude
- SYS_CHROOT # sshd privilege separation
- DAC_OVERRIDE # sshd reading authorized_keys
- AUDIT_WRITE # sshd audit logging
- NET_ADMIN # iptables egress rules
- NET_RAW # iptables
# NOTE: no-new-privileges is omitted because sshd needs setuid on child
# processes after authentication. Security is maintained via cap_drop ALL
# with only specific capabilities added back.
# --- Lifecycle ---
restart: unless-stopped
stdin_open: true
tty: true