fix(lustro): mount SSH key at /home/homelab/.ssh for node-agent event shipping

node-agent runs as uid 1000 (homelab) since the base compose sets user "1000:1000"; ssh in _ship_events_to_vps() has no -i flag and looks for keys in $HOME/.ssh = /home/homelab/.ssh. The old mount target /root/.ssh was never consulted, so rsync to VPS failed with 'Permission denied'. uid match (pi=1000 on RPi OS) keeps OpenSSH strict ownership checks happy. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 12:45:55 +02:00 · 2026-06-11 12:45:55 +02:00 · a5a1352e01
parent 2ade5be4b4
commit a5a1352e01
1 changed files with 6 additions and 2 deletions
--- a/hosts/lustro/runtime/node-agent/docker-compose.override.yml
+++ b/hosts/lustro/runtime/node-agent/docker-compose.override.yml
@ -13,7 +13,11 @@ services:
      - VPS_EVENTS_PATH=/opt/homelab/events
      - CHECK_INTERVAL=60
    volumes:
-      # pi's SSH key for rsync event shipping to VPS (push-based node, no repo checkout)
-      - /home/pi/.ssh:/root/.ssh:ro
+      # pi's SSH key for rsync event shipping to VPS (push-based node, no repo
+      # checkout). Container runs as uid 1000 (homelab, HOME=/home/homelab) per
+      # the base compose — ssh has no -i flag, so the key must land in
+      # /home/homelab/.ssh, NOT /root/.ssh. uid match (pi=1000) satisfies
+      # OpenSSH strict ownership checks on the mounted key.
+      - /home/pi/.ssh:/home/homelab/.ssh:ro
      # Override ../.. from the base compose to the pushed deploy dir (no repo on node)
      - /opt/homelab/deploy/node-agent:/repo:ro