Oskar Kapala
7f17b65278
Executor was the only control-plane container running as root (uid=0), writing root-owned files to /opt/homelab via bind-mount and triggering false sudo on every deploy. - Dockerfile: add USER homelab after useradd (useradd already present) - docker-compose.yml: add user: "1000:1000" and group_add: ["999"] (GID 999 = docker group on VPS) so executor retains docker.sock access Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 lines
645 B
Docker
25 lines
645 B
Docker
FROM python:3.11-slim
|
|
|
|
WORKDIR /app
|
|
|
|
RUN pip install --no-cache-dir pyyaml
|
|
|
|
# Create homelab user
|
|
RUN useradd -m -u 1000 homelab
|
|
|
|
# Copy sources
|
|
COPY src/ /app/src/
|
|
# Also need the observer script if we want to run it from here,
|
|
# but I'll copy it from the repo during build or mount it.
|
|
# Actually, I'll copy the entire scripts/ directory to /repo/scripts
|
|
# so the supervisor/executor can find them.
|
|
|
|
# For simplicity, we'll assume the repo is mounted at /repo
|
|
ENV REPO_ROOT=/repo
|
|
ENV RUNTIME_PATH=/opt/homelab
|
|
ENV PYTHONUNBUFFERED=1
|
|
|
|
# Default command (will be overridden in docker-compose)
|
|
USER homelab
|
|
CMD ["python", "src/operator_ui.py"]
|