feat: local paths/users

scripts/migrate-stack.sh

@@ -163,8 +163,8 @@ setup_remote_repository(){
     exit 1
   fi
 
-  # Create local-storage directory structure
-  run_ssh "mkdir -p '$PROJECT_DIR/local-storage/modules'"
+  # Create local-storage directory structure with proper ownership
+  run_ssh "mkdir -p '$PROJECT_DIR/local-storage/modules' && chown -R $USER: '$PROJECT_DIR/local-storage'"
 
   echo "   • Repository synchronized ✓"
 }

scripts/mysql-entrypoint.sh

@@ -0,0 +1,82 @@
+#!/bin/bash
+# Wrapper entrypoint to adapt MySQL container UID/GID to match host user expectations.
+set -euo pipefail
+
+ORIGINAL_ENTRYPOINT="${MYSQL_ORIGINAL_ENTRYPOINT:-docker-entrypoint.sh}"
+if ! command -v "$ORIGINAL_ENTRYPOINT" >/dev/null 2>&1; then
+  # Fallback to common install path
+  if [ -x /usr/local/bin/docker-entrypoint.sh ]; then
+    ORIGINAL_ENTRYPOINT=/usr/local/bin/docker-entrypoint.sh
+  fi
+fi
+
+TARGET_SPEC="${MYSQL_RUNTIME_USER:-${CONTAINER_USER:-}}"
+if [ -z "${TARGET_SPEC:-}" ] || [ "${TARGET_SPEC}" = "0:0" ]; then
+  exec "$ORIGINAL_ENTRYPOINT" "$@"
+fi
+
+if [[ "$TARGET_SPEC" != *:* ]]; then
+  echo "mysql-entrypoint: Expected MYSQL_RUNTIME_USER/CONTAINER_USER in uid:gid form, got '${TARGET_SPEC}'" >&2
+  exit 1
+fi
+
+IFS=':' read -r TARGET_UID TARGET_GID <<< "$TARGET_SPEC"
+
+if ! [[ "$TARGET_UID" =~ ^[0-9]+$ ]] || ! [[ "$TARGET_GID" =~ ^[0-9]+$ ]]; then
+  echo "mysql-entrypoint: UID/GID must be numeric (received uid='${TARGET_UID}' gid='${TARGET_GID}')" >&2
+  exit 1
+fi
+
+if ! id mysql >/dev/null 2>&1; then
+  echo "mysql-entrypoint: mysql user not found in container" >&2
+  exit 1
+fi
+
+current_uid="$(id -u mysql)"
+current_gid="$(id -g mysql)"
+
+# Adjust group if needed
+target_group_name=""
+if [ "$current_gid" != "$TARGET_GID" ]; then
+  if groupmod -g "$TARGET_GID" mysql 2>/dev/null; then
+    target_group_name="mysql"
+  else
+    existing_group="$(getent group "$TARGET_GID" | cut -d: -f1 || true)"
+    if [ -z "$existing_group" ]; then
+      existing_group="mysql-host"
+      if ! getent group "$existing_group" >/dev/null 2>&1; then
+        groupadd -g "$TARGET_GID" "$existing_group"
+      fi
+    fi
+    usermod -g "$existing_group" mysql
+    target_group_name="$existing_group"
+  fi
+else
+  target_group_name="$(getent group mysql | cut -d: -f1)"
+fi
+
+if [ -z "$target_group_name" ]; then
+  target_group_name="$(getent group "$TARGET_GID" | cut -d: -f1 || true)"
+fi
+
+# Adjust user UID if needed
+if [ "$current_uid" != "$TARGET_UID" ]; then
+  if getent passwd "$TARGET_UID" >/dev/null 2>&1 && [ "$(getent passwd "$TARGET_UID" | cut -d: -f1)" != "mysql" ]; then
+    echo "mysql-entrypoint: UID ${TARGET_UID} already in use by $(getent passwd "$TARGET_UID" | cut -d: -f1)." >&2
+    echo "mysql-entrypoint: Please choose a different CONTAINER_USER or adjust the image." >&2
+    exit 1
+  fi
+  usermod -u "$TARGET_UID" mysql
+fi
+
+# Ensure group lookup after potential changes
+target_group_name="$(getent group "$TARGET_GID" | cut -d: -f1 || echo "$target_group_name")"
+
+# Update ownership on relevant directories if they exist
+for path in /var/lib/mysql-runtime /var/lib/mysql /var/lib/mysql-persistent /backups; do
+  if [ -e "$path" ]; then
+    chown -R mysql:"$target_group_name" "$path"
+  fi
+done
+
+exec "$ORIGINAL_ENTRYPOINT" "$@"

scripts/rebuild-with-modules.sh

@@ -168,15 +168,15 @@ REBUILD_SOURCE_PATH="$(realpath "$REBUILD_SOURCE_PATH" 2>/dev/null || echo "$REB
 
 # Check for modules in source directory first, then fall back to shared storage
 LOCAL_MODULES_DIR="$REBUILD_SOURCE_PATH/modules"
-SHARED_MODULES_DIR="$STORAGE_PATH/modules"
+LOCAL_STAGING_MODULES_DIR="$LOCAL_STORAGE_PATH/modules"
 
 if [ -d "$LOCAL_MODULES_DIR" ]; then
   echo "🔧 Using modules from source directory: $LOCAL_MODULES_DIR"
   MODULES_DIR="$LOCAL_MODULES_DIR"
   # Build sentinel always stays in local storage for consistency
 else
-  echo "🔧 Using modules from shared storage: $SHARED_MODULES_DIR"
-  MODULES_DIR="$SHARED_MODULES_DIR"
+  echo "🔧 Using modules from local staging: $LOCAL_STAGING_MODULES_DIR"
+  MODULES_DIR="$LOCAL_STAGING_MODULES_DIR"
   # Build sentinel always stays in local storage for consistency
 fi
 
@@ -352,9 +352,6 @@ remove_sentinel(){
 }
 
 remove_sentinel "$SENTINEL_FILE"
-if [ -n "$SHARED_MODULES_DIR" ]; then
-  remove_sentinel "$SHARED_MODULES_DIR/.requires_rebuild"
-fi
 
 echo ""
 echo -e "${GREEN}⚔️ Module build forged successfully! ⚔️${NC}"

scripts/stage-modules.sh

@@ -17,6 +17,37 @@ show_staging_step(){
   printf '%b\n' "${YELLOW}🔧 ${step}: ${message}...${NC}"
 }
 
+sync_local_staging(){
+  local src_root="$LOCAL_STORAGE_PATH"
+  local dest_root="$STORAGE_PATH"
+
+  if [ -z "$src_root" ] || [ -z "$dest_root" ]; then
+    return
+  fi
+
+  if [ "$src_root" = "$dest_root" ]; then
+    return
+  fi
+
+  local src_modules="${src_root}/modules"
+  local dest_modules="${dest_root}/modules"
+
+  if [ ! -d "$src_modules" ]; then
+    echo "ℹ️  No local module staging found at $src_modules (skipping sync)."
+    return
+  fi
+
+  echo "📦 Syncing local module staging from $src_modules to $dest_modules"
+  mkdir -p "$dest_modules"
+
+  if command -v rsync >/dev/null 2>&1; then
+    rsync -a --delete "$src_modules"/ "$dest_modules"/
+  else
+    find "$dest_modules" -mindepth 1 -maxdepth 1 -exec rm -rf {} + 2>/dev/null || true
+    (cd "$src_modules" && tar cf - .) | (cd "$dest_modules" && tar xf -)
+  fi
+}
+
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
 ENV_FILE="$PROJECT_DIR/.env"
@@ -220,6 +251,7 @@ fi
 
 # Stage the services
 show_staging_step "Service Orchestration" "Preparing realm services"
+sync_local_staging
 echo "🎬 Staging services with profile: services-$TARGET_PROFILE"
 echo "⏳ Pulling images and starting containers; this can take several minutes on first run."