From 3d978c0291b44c7f0dfbc7eba4e819bcffe9fd94 Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Sun, 1 Mar 2026 11:42:10 -0600
Subject: [PATCH] fix(deploy): add MOSAIC_SECRET_KEY + docker socket to api
 service (MS22)

---
 docker-compose.swarm.portainer.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docker-compose.swarm.portainer.yml b/docker-compose.swarm.portainer.yml
index a5cc05e..239d5c2 100644
--- a/docker-compose.swarm.portainer.yml
+++ b/docker-compose.swarm.portainer.yml
@@ -121,6 +121,10 @@ services:
       OLLAMA_ENDPOINT: ${OLLAMA_ENDPOINT}
       OPENBAO_ADDR: ${OPENBAO_ADDR}
       ENCRYPTION_KEY: ${ENCRYPTION_KEY}
+      # MS22: fleet encryption key (AES-256-GCM for provider API keys, agent tokens)
+      MOSAIC_SECRET_KEY: ${MOSAIC_SECRET_KEY}
+      # MS22: Docker socket for per-user container lifecycle (optional: set DOCKER_HOST for TCP)
+      DOCKER_HOST: ${DOCKER_HOST:-}
       # Matrix bridge (optional — configure after Synapse is running)
       MATRIX_HOMESERVER_URL: ${MATRIX_HOMESERVER_URL:-http://synapse:8008}
       MATRIX_ACCESS_TOKEN: ${MATRIX_ACCESS_TOKEN:-}
@@ -142,6 +146,8 @@ services:
       NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL}
       NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL}
       TRUSTED_ORIGINS: ${TRUSTED_ORIGINS:-}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
     healthcheck:
       test:
         [
-- 
2.49.1