fix(stability-agent): run as uid 1000 with docker group access
stability-agent had no USER instruction and no user: in compose, running as root and writing root-owned files to /opt/homelab bind-mount. - Dockerfile: add useradd -m -u 1000 homelab + USER homelab - docker-compose.yml: add user: "1000:1000" and group_add: ["999"] (GID 999 = docker group on VPS) to retain docker.sock:ro access Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
19fd8799d9
commit
58ac6edd7d
|
|
@ -5,6 +5,8 @@ WORKDIR /app
|
||||||
# No extra dependencies needed beyond standard library for the current script
|
# No extra dependencies needed beyond standard library for the current script
|
||||||
# But we might need them if we decide to use libraries later.
|
# But we might need them if we decide to use libraries later.
|
||||||
|
|
||||||
|
RUN useradd -m -u 1000 homelab
|
||||||
|
|
||||||
COPY src/stability_agent.py .
|
COPY src/stability_agent.py .
|
||||||
COPY healthcheck.sh .
|
COPY healthcheck.sh .
|
||||||
RUN chmod +x healthcheck.sh
|
RUN chmod +x healthcheck.sh
|
||||||
|
|
@ -12,5 +14,5 @@ RUN chmod +x healthcheck.sh
|
||||||
# Create the expected directories
|
# Create the expected directories
|
||||||
RUN mkdir -p /opt/homelab/state /opt/homelab/events
|
RUN mkdir -p /opt/homelab/state /opt/homelab/events
|
||||||
|
|
||||||
# Run the agent
|
USER homelab
|
||||||
CMD ["python", "stability_agent.py"]
|
CMD ["python", "stability_agent.py"]
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,9 @@ services:
|
||||||
stability-agent:
|
stability-agent:
|
||||||
build: .
|
build: .
|
||||||
container_name: stability-agent
|
container_name: stability-agent
|
||||||
|
user: "1000:1000"
|
||||||
|
group_add:
|
||||||
|
- "999"
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /opt/homelab:/opt/homelab
|
- /opt/homelab:/opt/homelab
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue