homelab-codex-ws/services/node-agent/docker-compose.yml

services:
  node-agent:
    build: .
    container_name: node-agent
    user: "1000:1000"
    group_add:
      - "999"
    restart: unless-stopped

    environment:
      - RUNTIME_PATH=/opt/homelab
      - REPO_ROOT=/repo
      # NODE_NAME must be set to the canonical topology node name, e.g.:
      #   NODE_NAME=piha
      # The agent uses this to determine its cleanup policy (lte_node / sd_card /
      # ai_node / standard) and to tag emitted events with the correct node name.
      - NODE_NAME=${NODE_NAME:-}
      # NODE_TYPE overrides auto-detection if needed:
      #   lte_node | sd_card | ai_node | standard
      - NODE_TYPE=${NODE_TYPE:-}
      # VPS event shipping (non-VPS nodes only).
      # Set VPS_EVENTS_HOST to the VPS Tailscale hostname or IP so that events
      # emitted on this node are rsynced to the VPS observer.
      # Also mount an SSH key (see commented volume below).
      - VPS_EVENTS_HOST=${VPS_EVENTS_HOST:-}
      - VPS_EVENTS_USER=${VPS_EVENTS_USER:-oskar}
      - VPS_EVENTS_PATH=${VPS_EVENTS_PATH:-/opt/homelab/events}
      # How often (seconds) to run a full health check cycle (default: 60)
      - CHECK_INTERVAL=${CHECK_INTERVAL:-60}

    volumes:
      # Runtime filesystem — events, state, actions, logs
      - /opt/homelab:/opt/homelab
      # Docker socket — required for container health checks and Docker cleanup
      - /var/run/docker.sock:/var/run/docker.sock
      # Repo (read-only) — scripts and host config accessible to agent
      - ../..:/repo:ro
      # SSH key for event shipping to VPS.
      # Uncomment and set SSH_KEY_PATH on nodes where VPS_EVENTS_HOST is set:
      # - ${SSH_KEY_PATH:-/home/oskar/.ssh/id_ed25519}:/root/.ssh/id_rsa:ro

    healthcheck:
      test: ["CMD", "test", "-f", "/opt/homelab/state/node-agent.heartbeat"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 15s