From 19fd8799d9f3616395eefe306662836552e2f36a Mon Sep 17 00:00:00 2001 From: Oskar Kapala Date: Wed, 3 Jun 2026 18:20:31 +0200 Subject: [PATCH] fix(node-agent): run as uid 1000 with docker group access node-agent had no USER instruction and no user: in compose, running as root and writing root-owned files to /opt/homelab bind-mount. - Dockerfile: add useradd -m -u 1000 homelab + USER homelab - docker-compose.yml: add user: "1000:1000" and group_add: ["999"] (GID 999 = docker group on VPS) to retain docker.sock access Co-Authored-By: Claude Sonnet 4.6 --- services/node-agent/Dockerfile | 3 +++ services/node-agent/docker-compose.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/services/node-agent/Dockerfile b/services/node-agent/Dockerfile index efce50d..1ad0b40 100644 --- a/services/node-agent/Dockerfile +++ b/services/node-agent/Dockerfile @@ -14,8 +14,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ # pyyaml : may be needed for reading host config snippets RUN pip install --no-cache-dir "docker>=6.0" psutil pyyaml +RUN useradd -m -u 1000 homelab + COPY src/ /app/src/ ENV PYTHONUNBUFFERED=1 +USER homelab CMD ["python", "src/node_agent.py"] diff --git a/services/node-agent/docker-compose.yml b/services/node-agent/docker-compose.yml index 0303987..083037e 100644 --- a/services/node-agent/docker-compose.yml +++ b/services/node-agent/docker-compose.yml @@ -2,6 +2,9 @@ services: node-agent: build: . container_name: node-agent + user: "1000:1000" + group_add: + - "999" restart: unless-stopped environment: