Oskar Kapala
a5a1352e01
node-agent runs as uid 1000 (homelab) since the base compose sets user "1000:1000"; ssh in _ship_events_to_vps() has no -i flag and looks for keys in $HOME/.ssh = /home/homelab/.ssh. The old mount target /root/.ssh was never consulted, so rsync to VPS failed with 'Permission denied'. uid match (pi=1000 on RPi OS) keeps OpenSSH strict ownership checks happy. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
24 lines
1 KiB
YAML
24 lines
1 KiB
YAML
services:
|
|
node-agent:
|
|
# Docker GID on LUSTRO is 991 (not the Debian default 999).
|
|
# Compose concatenates group_add lists; 991 is what gives socket access here.
|
|
group_add:
|
|
- "991"
|
|
mem_limit: 256m # RPi4 4 GiB; MagicMirror consumes ~1.9 GiB — agent must be bounded
|
|
environment:
|
|
- NODE_NAME=lustro
|
|
- NODE_TYPE=sd_card
|
|
- VPS_EVENTS_HOST=100.95.58.48
|
|
- VPS_EVENTS_USER=oskar
|
|
- VPS_EVENTS_PATH=/opt/homelab/events
|
|
- CHECK_INTERVAL=60
|
|
volumes:
|
|
# pi's SSH key for rsync event shipping to VPS (push-based node, no repo
|
|
# checkout). Container runs as uid 1000 (homelab, HOME=/home/homelab) per
|
|
# the base compose — ssh has no -i flag, so the key must land in
|
|
# /home/homelab/.ssh, NOT /root/.ssh. uid match (pi=1000) satisfies
|
|
# OpenSSH strict ownership checks on the mounted key.
|
|
- /home/pi/.ssh:/home/homelab/.ssh:ro
|
|
# Override ../.. from the base compose to the pushed deploy dir (no repo on node)
|
|
- /opt/homelab/deploy/node-agent:/repo:ro
|