fix(node-agent): run as uid 1000 with docker group access

node-agent had no USER instruction and no user: in compose, running
as root and writing root-owned files to /opt/homelab bind-mount.

- Dockerfile: add useradd -m -u 1000 homelab + USER homelab
- docker-compose.yml: add user: "1000:1000" and group_add: ["999"]
  (GID 999 = docker group on VPS) to retain docker.sock access

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

services/node-agent/Dockerfile

@@ -14,8 +14,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 # pyyaml      : may be needed for reading host config snippets
 RUN pip install --no-cache-dir "docker>=6.0" psutil pyyaml
 
+RUN useradd -m -u 1000 homelab
+
 COPY src/ /app/src/
 
 ENV PYTHONUNBUFFERED=1
 
+USER homelab
 CMD ["python", "src/node_agent.py"]

services/node-agent/docker-compose.yml

@@ -2,6 +2,9 @@ services:
   node-agent:
     build: .
     container_name: node-agent
+    user: "1000:1000"
+    group_add:
+      - "999"
     restart: unless-stopped
 
     environment: