From a5a1352e01c8e78b9b0bea6d6b3e43781064ba16 Mon Sep 17 00:00:00 2001 From: Oskar Kapala Date: Thu, 11 Jun 2026 12:45:55 +0200 Subject: [PATCH] fix(lustro): mount SSH key at /home/homelab/.ssh for node-agent event shipping node-agent runs as uid 1000 (homelab) since the base compose sets user "1000:1000"; ssh in _ship_events_to_vps() has no -i flag and looks for keys in $HOME/.ssh = /home/homelab/.ssh. The old mount target /root/.ssh was never consulted, so rsync to VPS failed with 'Permission denied'. uid match (pi=1000 on RPi OS) keeps OpenSSH strict ownership checks happy. Co-Authored-By: Claude Fable 5 --- .../lustro/runtime/node-agent/docker-compose.override.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hosts/lustro/runtime/node-agent/docker-compose.override.yml b/hosts/lustro/runtime/node-agent/docker-compose.override.yml index 6e9baf7..869f50c 100644 --- a/hosts/lustro/runtime/node-agent/docker-compose.override.yml +++ b/hosts/lustro/runtime/node-agent/docker-compose.override.yml @@ -13,7 +13,11 @@ services: - VPS_EVENTS_PATH=/opt/homelab/events - CHECK_INTERVAL=60 volumes: - # pi's SSH key for rsync event shipping to VPS (push-based node, no repo checkout) - - /home/pi/.ssh:/root/.ssh:ro + # pi's SSH key for rsync event shipping to VPS (push-based node, no repo + # checkout). Container runs as uid 1000 (homelab, HOME=/home/homelab) per + # the base compose — ssh has no -i flag, so the key must land in + # /home/homelab/.ssh, NOT /root/.ssh. uid match (pi=1000) satisfies + # OpenSSH strict ownership checks on the mounted key. + - /home/pi/.ssh:/home/homelab/.ssh:ro # Override ../.. from the base compose to the pushed deploy dir (no repo on node) - /opt/homelab/deploy/node-agent:/repo:ro