fix: dynamic UID in first-boot-containers.sh, remove temp fix-ssh workflow
Replace hardcoded /run/user/1000 with $(id -u archipelago) so first-boot works regardless of the archipelago user's UID. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
178b728892
commit
2daadb7a1d
@ -1,23 +0,0 @@
|
|||||||
name: Fix SSH Permissions
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: [main]
|
|
||||||
|
|
||||||
env:
|
|
||||||
HOME: /tmp
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
fix-ssh:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
timeout-minutes: 2
|
|
||||||
steps:
|
|
||||||
- name: Fix debian user UID and SSH
|
|
||||||
working-directory: /tmp
|
|
||||||
run: |
|
|
||||||
echo "Fixing SSH..."
|
|
||||||
sudo chown -R 1000:1000 /home/debian
|
|
||||||
sudo chmod 700 /home/debian/.ssh
|
|
||||||
sudo chmod 600 /home/debian/.ssh/authorized_keys
|
|
||||||
sudo systemctl restart sshd
|
|
||||||
echo "SSH fixed"
|
|
||||||
@ -44,9 +44,9 @@ SCRIPT_DIR_FBC="$(cd "$(dirname "$0")" && pwd)"
|
|||||||
|
|
||||||
# Run podman as the archipelago user (rootless) — NOT as root.
|
# Run podman as the archipelago user (rootless) — NOT as root.
|
||||||
# The backend service runs as User=archipelago and connects to the rootless
|
# The backend service runs as User=archipelago and connects to the rootless
|
||||||
# podman socket at /run/user/1000/podman/podman.sock. If we create containers
|
# podman socket at /run/user/$(id -u archipelago)/podman/podman.sock. If we create containers
|
||||||
# as root (rootful podman), the backend can't see them at all.
|
# as root (rootful podman), the backend can't see them at all.
|
||||||
DOCKER="runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/1000 podman"
|
DOCKER="runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/$(id -u archipelago) podman"
|
||||||
|
|
||||||
TARGET_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
|
TARGET_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
|
||||||
[ -z "$TARGET_IP" ] && TARGET_IP="127.0.0.1"
|
[ -z "$TARGET_IP" ] && TARGET_IP="127.0.0.1"
|
||||||
@ -250,11 +250,11 @@ grep -q "^archipelago:" /etc/subuid 2>/dev/null || {
|
|||||||
chmod 644 /etc/hosts 2>/dev/null
|
chmod 644 /etc/hosts 2>/dev/null
|
||||||
|
|
||||||
# Ensure XDG_RUNTIME_DIR exists for rootless podman
|
# Ensure XDG_RUNTIME_DIR exists for rootless podman
|
||||||
mkdir -p /run/user/1000
|
mkdir -p /run/user/$(id -u archipelago)
|
||||||
chown archipelago:archipelago /run/user/1000
|
chown archipelago:archipelago /run/user/$(id -u archipelago)
|
||||||
chmod 700 /run/user/1000
|
chmod 700 /run/user/$(id -u archipelago)
|
||||||
# Start rootless podman socket (required before first podman command)
|
# Start rootless podman socket (required before first podman command)
|
||||||
runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/1000 \
|
runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/$(id -u archipelago) \
|
||||||
systemctl --user start podman.socket 2>/dev/null || true
|
systemctl --user start podman.socket 2>/dev/null || true
|
||||||
|
|
||||||
# Ensure archy-net exists — critical for inter-container DNS (mempool→bitcoin, etc.)
|
# Ensure archy-net exists — critical for inter-container DNS (mempool→bitcoin, etc.)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user