From 4d8eb01e4cf9f6d18d26ebf94439b5c6658313ec Mon Sep 17 00:00:00 2001
From: Davide Grilli <davide.grilli@outlook.com>
Date: Thu, 7 May 2026 08:16:35 +0200
Subject: [PATCH] fix: set wg-data ownership to repo user in wg-init

Mount the repo root read-only (/repo) in wg-init and use
`stat -c '%u:%g' /repo` to detect the host user automatically.
chown is applied before chmod 700, so the directory is accessible
without sudo on any machine regardless of UID.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 docker-compose.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index e28d773..8166ac3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,6 +5,7 @@ services:
       - SYS_MODULE
     volumes:
       - ./wg-data:/data
+      - ./:/repo:ro
       - /lib/modules:/lib/modules:ro
     command:
       - /bin/sh
@@ -12,6 +13,7 @@ services:
       - |
         modprobe ip6_tables 2>/dev/null || true
         modprobe ip6table_nat 2>/dev/null || true
+        chown "$(stat -c '%u:%g' /repo)" /data
         chmod 700 /data
     restart: "no"