name: claude-share
description: Share host's Claude CLI state (auth, history, plugins, top-level config) into containers.
config:
  environment.PATH: ${HOME}/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
devices:
  claude-state:
    type: disk
    source: ${HOME}/.claude
    path: ${HOME}/.claude
    shift: "true"
  claude-config:
    type: disk
    source: ${HOME}/.claude.json
    path: ${HOME}/.claude.json
    shift: "true"
  claude-bin:
    type: disk
    source: ${HOME}/.local/bin/claude
    path: ${HOME}/.local/bin/claude
    readonly: "true"
    shift: "true"
name: docker
description: Enable Docker-in-container — Incus security keys plus a systemd drop-in that masks /sys/kernel/security for dockerd. After attaching, install docker.io inside the container.
config:
  security.nesting: "true"
  security.syscalls.intercept.mknod: "true"
  security.syscalls.intercept.setxattr: "true"
devices:
  docker-mask-apparmor:
    type: disk
    source: /usr/local/share/repoman/recipes/docker/mask-apparmor.conf
    path: /etc/systemd/system/docker.service.d/mask-apparmor.conf
    readonly: "true"
    shift: "true"
name: dotfiles
description: Bind common host dotfiles (.gitconfig, .hgrc) into containers.
config: {}
devices:
  gitconfig:
    type: disk
    source: ${HOME}/.gitconfig
    path: ${HOME}/.gitconfig
    readonly: "true"
    shift: "true"
  hgrc:
    type: disk
    source: ${HOME}/.hgrc
    path: ${HOME}/.hgrc
    readonly: "true"
    shift: "true"
name: llm-share
description: Wire containers to the host ollama daemon over LAN.
config:
  environment.OLLAMA_HOST: "http://${HOST_LAN_IP}:11434"
devices:
  ollama-bin:
    type: disk
    source: /usr/local/bin/ollama
    path: /usr/local/bin/ollama
    readonly: "true"
  ollama-state:
    type: disk
    source: ${HOME}/.ollama
    path: ${HOME}/.ollama
    shift: "true"