From 5e601b184036a971b95f46ee804ef7d853965e7b Mon Sep 17 00:00:00 2001
From: orion <orion@op.hangman-lab.top>
Date: Wed, 15 Apr 2026 15:41:02 +0000
Subject: [PATCH] fix: chown wizard_config volume to nonroot uid via init
 sidecar

The abstract-wizard image runs as nonroot (65532), but the named
volume is created with root:root ownership, causing PUT writes to
harborforge.json to return 500. Add a busybox wizard_init service
that chowns /config to 65532:65532 before wizard starts.
---
 docker-compose.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index c74906c..ebec5f0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -80,6 +80,14 @@ services:
     networks:
       - app-network
 
+  wizard_init:
+    image: busybox:1.36
+    restart: "no"
+    user: "0:0"
+    volumes:
+      - wizard_config:/config
+    command: ["sh", "-c", "chown -R 65532:65532 /config"]
+
   wizard:
     image: git.hangman-lab.top/nav/abstract-wizard:latest
     ports:
@@ -91,6 +99,9 @@ services:
       LISTEN_ADDR: "0.0.0.0:8080"
       MAX_BACKUPS: "5"
       CORS_ORIGINS: ${HF_FRONTEND_HOST}
+    depends_on:
+      wizard_init:
+        condition: service_completed_successfully
     networks:
       - app-network