oskar/homelab-codex-ws
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: oskar:e6a2443412088b327418794faa8ca2a32501be6a
Branches Tags
oskar:master
oskar:task/ha-piha
oskar:main
oskar:feat/vps-service-migration
oskar:chelsty-stability-agent
oskar:vps-control-plane-deploy
oskar:observer-runtime
oskar:runtime-supervisor
oskar:runtime-event-system
oskar:bootstrap-new-node
oskar:chelsty-runtime-bootstrap
oskar:runtime-hardening
oskar:deploy-runtime
oskar:capability-model
oskar:chelsty-home-automation
oskar:deployment-foundation
oskar:inventory-foundation
oskar:v0.1-homelab-platform-foundation
oskar:v0.3-chelsty-bootstrap
oskar:v0.2-runtime
oskar:v0.1-foundation
...
compare: oskar:58ac6edd7dc3df89809671f7cb58e0a64e8d0f7a
Branches Tags
oskar:task/ha-piha
oskar:master
oskar:main
oskar:feat/vps-service-migration
oskar:chelsty-stability-agent
oskar:vps-control-plane-deploy
oskar:observer-runtime
oskar:runtime-supervisor
oskar:runtime-event-system
oskar:bootstrap-new-node
oskar:chelsty-runtime-bootstrap
oskar:runtime-hardening
oskar:deploy-runtime
oskar:capability-model
oskar:chelsty-home-automation
oskar:deployment-foundation
oskar:inventory-foundation
oskar:v0.1-homelab-platform-foundation
oskar:v0.3-chelsty-bootstrap
oskar:v0.2-runtime
oskar:v0.1-foundation

3 commits
e6a2443412 ... 58ac6edd7d

Author SHA1 Message Date
Oskar Kapala 58ac6edd7d fix(stability-agent): run as uid 1000 with docker group access 
stability-agent had no USER instruction and no user: in compose, running
as root and writing root-owned files to /opt/homelab bind-mount.

- Dockerfile: add useradd -m -u 1000 homelab + USER homelab
- docker-compose.yml: add user: "1000:1000" and group_add: ["999"]
  (GID 999 = docker group on VPS) to retain docker.sock:ro access

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-03 18:20:54 +02:00
Oskar Kapala 19fd8799d9 fix(node-agent): run as uid 1000 with docker group access 
node-agent had no USER instruction and no user: in compose, running
as root and writing root-owned files to /opt/homelab bind-mount.

- Dockerfile: add useradd -m -u 1000 homelab + USER homelab
- docker-compose.yml: add user: "1000:1000" and group_add: ["999"]
  (GID 999 = docker group on VPS) to retain docker.sock access

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-03 18:20:31 +02:00
Oskar Kapala 7f17b65278 fix(control-plane): run executor as uid 1000 with docker group access 
Executor was the only control-plane container running as root (uid=0),
writing root-owned files to /opt/homelab via bind-mount and triggering
false sudo on every deploy.

- Dockerfile: add USER homelab after useradd (useradd already present)
- docker-compose.yml: add user: "1000:1000" and group_add: ["999"]
  (GID 999 = docker group on VPS) so executor retains docker.sock access

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-03 18:19:58 +02:00
6 changed files with 16 additions and 1 deletions
Show stats Expand all files Collapse all files

1
services/control-plane/Dockerfile
View file

@ -20,4 +20,5 @@ ENV RUNTIME_PATH=/opt/homelab
ENV PYTHONUNBUFFERED=1
# Default command (will be overridden in docker-compose)
USER homelab
CMD ["python", "src/operator_ui.py"]

3
services/control-plane/docker-compose.yml
View file

@ -56,6 +56,9 @@ services:
executor:
build: .
container_name: control-plane-executor
user: "1000:1000"
group_add:
- "999"
command: python src/executor.py
volumes:
- /opt/homelab:/opt/homelab

3
services/node-agent/Dockerfile
View file

@ -14,8 +14,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
# pyyaml : may be needed for reading host config snippets
RUN pip install --no-cache-dir "docker>=6.0" psutil pyyaml
RUN useradd -m -u 1000 homelab
COPY src/ /app/src/
ENV PYTHONUNBUFFERED=1
USER homelab
CMD ["python", "src/node_agent.py"]

3
services/node-agent/docker-compose.yml
View file

@ -2,6 +2,9 @@ services:
node-agent:
build: .
container_name: node-agent
user: "1000:1000"
group_add:
- "999"
restart: unless-stopped
environment:

4
services/stability-agent/Dockerfile
View file

@ -5,6 +5,8 @@ WORKDIR /app
# No extra dependencies needed beyond standard library for the current script
# But we might need them if we decide to use libraries later.
RUN useradd -m -u 1000 homelab
COPY src/stability_agent.py .
COPY healthcheck.sh .
RUN chmod +x healthcheck.sh
@ -12,5 +14,5 @@ RUN chmod +x healthcheck.sh
# Create the expected directories
RUN mkdir -p /opt/homelab/state /opt/homelab/events
# Run the agent
USER homelab
CMD ["python", "stability_agent.py"]

3
services/stability-agent/docker-compose.yml
View file

@ -2,6 +2,9 @@ services:
stability-agent:
build: .
container_name: stability-agent
user: "1000:1000"
group_add:
- "999"
restart: unless-stopped
volumes:
- /opt/homelab:/opt/homelab