oskar/homelab-codex-ws
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(lustro): mount SSH key at /home/homelab/.ssh for node-agent event shipping

Browse source 
node-agent runs as uid 1000 (homelab) since the base compose sets
user "1000:1000"; ssh in _ship_events_to_vps() has no -i flag and looks
for keys in $HOME/.ssh = /home/homelab/.ssh. The old mount target
/root/.ssh was never consulted, so rsync to VPS failed with
'Permission denied'. uid match (pi=1000 on RPi OS) keeps OpenSSH strict
ownership checks happy.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Oskar Kapala 2026-06-11 12:45:55 +02:00
parent 2ade5be4b4
commit a5a1352e01
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hosts/lustro/runtime/node-agent/docker-compose.override.yml
View file

@ -13,7 +13,11 @@ services:
- VPS_EVENTS_PATH=/opt/homelab/events - VPS_EVENTS_PATH=/opt/homelab/events
- CHECK_INTERVAL=60 - CHECK_INTERVAL=60
volumes: volumes:
# pi's SSH key for rsync event shipping to VPS (push-based node, no repo checkout) # pi's SSH key for rsync event shipping to VPS (push-based node, no repo
- /home/pi/.ssh:/root/.ssh:ro # checkout). Container runs as uid 1000 (homelab, HOME=/home/homelab) per
# the base compose — ssh has no -i flag, so the key must land in
# /home/homelab/.ssh, NOT /root/.ssh. uid match (pi=1000) satisfies
# OpenSSH strict ownership checks on the mounted key.
- /home/pi/.ssh:/home/homelab/.ssh:ro
# Override ../.. from the base compose to the pushed deploy dir (no repo on node) # Override ../.. from the base compose to the pushed deploy dir (no repo on node)
- /opt/homelab/deploy/node-agent:/repo:ro - /opt/homelab/deploy/node-agent:/repo:ro