From 2daadb7a1d5069363d73fb5689dbc5be1b85db9f Mon Sep 17 00:00:00 2001 From: Dorian Date: Fri, 3 Apr 2026 12:33:15 +0100 Subject: [PATCH] fix: dynamic UID in first-boot-containers.sh, remove temp fix-ssh workflow Replace hardcoded /run/user/1000 with $(id -u archipelago) so first-boot works regardless of the archipelago user's UID. Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/fix-ssh.yml | 23 ----------------------- scripts/first-boot-containers.sh | 12 ++++++------ 2 files changed, 6 insertions(+), 29 deletions(-) delete mode 100644 .gitea/workflows/fix-ssh.yml diff --git a/.gitea/workflows/fix-ssh.yml b/.gitea/workflows/fix-ssh.yml deleted file mode 100644 index bef69004..00000000 --- a/.gitea/workflows/fix-ssh.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Fix SSH Permissions - -on: - push: - branches: [main] - -env: - HOME: /tmp - -jobs: - fix-ssh: - runs-on: ubuntu-latest - timeout-minutes: 2 - steps: - - name: Fix debian user UID and SSH - working-directory: /tmp - run: | - echo "Fixing SSH..." - sudo chown -R 1000:1000 /home/debian - sudo chmod 700 /home/debian/.ssh - sudo chmod 600 /home/debian/.ssh/authorized_keys - sudo systemctl restart sshd - echo "SSH fixed" diff --git a/scripts/first-boot-containers.sh b/scripts/first-boot-containers.sh index 45bc7ba9..823d169f 100644 --- a/scripts/first-boot-containers.sh +++ b/scripts/first-boot-containers.sh @@ -44,9 +44,9 @@ SCRIPT_DIR_FBC="$(cd "$(dirname "$0")" && pwd)" # Run podman as the archipelago user (rootless) — NOT as root. # The backend service runs as User=archipelago and connects to the rootless -# podman socket at /run/user/1000/podman/podman.sock. If we create containers +# podman socket at /run/user/$(id -u archipelago)/podman/podman.sock. If we create containers # as root (rootful podman), the backend can't see them at all. -DOCKER="runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/1000 podman" +DOCKER="runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/$(id -u archipelago) podman" TARGET_IP=$(hostname -I 2>/dev/null | awk '{print $1}') [ -z "$TARGET_IP" ] && TARGET_IP="127.0.0.1" @@ -250,11 +250,11 @@ grep -q "^archipelago:" /etc/subuid 2>/dev/null || { chmod 644 /etc/hosts 2>/dev/null # Ensure XDG_RUNTIME_DIR exists for rootless podman -mkdir -p /run/user/1000 -chown archipelago:archipelago /run/user/1000 -chmod 700 /run/user/1000 +mkdir -p /run/user/$(id -u archipelago) +chown archipelago:archipelago /run/user/$(id -u archipelago) +chmod 700 /run/user/$(id -u archipelago) # Start rootless podman socket (required before first podman command) -runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/1000 \ +runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/$(id -u archipelago) \ systemctl --user start podman.socket 2>/dev/null || true # Ensure archy-net exists — critical for inter-container DNS (mempool→bitcoin, etc.)