From a9e02398eb3f3f4c4f4b7068d08be77350748ecd Mon Sep 17 00:00:00 2001
From: "Fabian @ Blax Software" <fabian@blax.at>
Date: Thu, 28 May 2026 10:56:37 +0200
Subject: [PATCH] I README: bind mounts under ./docker-data/, no named volumes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Named volumes get wiped by 'docker compose down -v' — that command
is in too many people's muscle memory for ssh host keys to live
behind it. Bind-mount /etc/ssh/keys to ./docker-data/bastion-*/keys
instead, matching the laravel-workkit §6 convention.
---
 README.md | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index a9a6f8e..3df031e 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - ~/.ssh/authorized_keys:/etc/bastion/authorized_keys.host:ro
       - ./docker/bastion/authorized_keys:/etc/bastion/authorized_keys.repo:ro
-      - bastion-keys:/etc/ssh/keys
+      - ./docker-data/bastion-app/keys:/etc/ssh/keys
     restart: unless-stopped
 
   ssh-deploy:
@@ -44,14 +44,15 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - .:/workspace:ro
       - ~/.ssh/authorized_keys:/etc/bastion/authorized_keys.host:ro
-      - bastion-keys-deploy:/etc/ssh/keys
+      - ./docker-data/bastion-deploy/keys:/etc/ssh/keys
     restart: unless-stopped
-
-volumes:
-  bastion-keys:
-  bastion-keys-deploy:
 ```
 
+> Host keys live in `./docker-data/bastion-*/keys/` as bind mounts — never
+> named volumes. `docker compose down -v` then can't wipe them, and the
+> client doesn't see "REMOTE HOST IDENTIFICATION HAS CHANGED" after a
+> rebuild. Gitignore `docker-data/` in the surrounding repo.
+
 Then from the client:
 
 ```bash