oskar/homelab-codex-ws
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(node-agent): run as uid 1000 with docker group access

Browse source 
node-agent had no USER instruction and no user: in compose, running
as root and writing root-owned files to /opt/homelab bind-mount.

- Dockerfile: add useradd -m -u 1000 homelab + USER homelab
- docker-compose.yml: add user: "1000:1000" and group_add: ["999"]
  (GID 999 = docker group on VPS) to retain docker.sock access

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Oskar Kapala 2026-06-03 18:20:31 +02:00
parent 7f17b65278
commit 19fd8799d9
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/node-agent/Dockerfile
View file

@ -14,8 +14,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
# pyyaml : may be needed for reading host config snippets # pyyaml : may be needed for reading host config snippets
RUN pip install --no-cache-dir "docker>=6.0" psutil pyyaml RUN pip install --no-cache-dir "docker>=6.0" psutil pyyaml
RUN useradd -m -u 1000 homelab
COPY src/ /app/src/ COPY src/ /app/src/
ENV PYTHONUNBUFFERED=1 ENV PYTHONUNBUFFERED=1
USER homelab
CMD ["python", "src/node_agent.py"] CMD ["python", "src/node_agent.py"]

3
services/node-agent/docker-compose.yml
View file

@ -2,6 +2,9 @@ services:
node-agent: node-agent:
build: . build: .
container_name: node-agent container_name: node-agent
user: "1000:1000"
group_add:
- "999"
restart: unless-stopped restart: unless-stopped
environment: environment: