I README: bind mounts under ./docker-data/, no named volumes

Named volumes get wiped by 'docker compose down -v' — that command is in too many people's muscle memory for ssh host keys to live behind it. Bind-mount /etc/ssh/keys to ./docker-data/bastion-*/keys instead, matching the laravel-workkit §6 convention.
2026-05-28 10:56:37 +02:00 · 2026-05-28 10:56:37 +02:00 · a9e02398eb
parent 86b8966130
commit a9e02398eb
1 changed files with 7 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -31,7 +31,7 @@ services:
      - /var/run/docker.sock:/var/run/docker.sock
      - ~/.ssh/authorized_keys:/etc/bastion/authorized_keys.host:ro
      - ./docker/bastion/authorized_keys:/etc/bastion/authorized_keys.repo:ro
-      - bastion-keys:/etc/ssh/keys
+      - ./docker-data/bastion-app/keys:/etc/ssh/keys
    restart: unless-stopped

  ssh-deploy:
@ -44,14 +44,15 @@ services:
      - /var/run/docker.sock:/var/run/docker.sock
      - .:/workspace:ro
      - ~/.ssh/authorized_keys:/etc/bastion/authorized_keys.host:ro
-      - bastion-keys-deploy:/etc/ssh/keys
+      - ./docker-data/bastion-deploy/keys:/etc/ssh/keys
    restart: unless-stopped
-
-volumes:
-  bastion-keys:
-  bastion-keys-deploy:
 ```

+> Host keys live in `./docker-data/bastion-*/keys/` as bind mounts — never
+> named volumes. `docker compose down -v` then can't wipe them, and the
+> client doesn't see "REMOTE HOST IDENTIFICATION HAS CHANGED" after a
+> rebuild. Gitignore `docker-data/` in the surrounding repo.
+
 Then from the client:

 ```bash