Address code review: extract DB wait function, fix Docker socket API, improve UID/GID docs

Co-authored-by: DocwatZ <227472400+DocwatZ@users.noreply.github.com>

agent/agent.mjs

@@ -111,7 +111,7 @@ function collectNetworkMetrics() {
   return nets
 }
 
-/** Collect Docker container status via Docker socket */
+/** Collect Docker container status via Docker socket using Node.js http module */
 async function collectDockerMetrics() {
   const containers = []
 
@@ -119,21 +119,29 @@ async function collectDockerMetrics() {
     const socketPath = '/var/run/docker.sock'
     if (!existsSync(socketPath)) return containers
 
-    const response = await fetch('http://localhost/containers/json?all=true', {
-      socketPath,
-    }).catch(() => null)
-
-    if (response && response.ok) {
-      const data = await response.json()
-      for (const container of data) {
-        containers.push({
-          id: container.Id?.substring(0, 12),
-          name: container.Names?.[0]?.replace(/^\//, ''),
-          image: container.Image,
-          state: container.State,
-          status: container.Status,
+    // Use Node.js http module for Unix socket support (fetch API does not support socketPath)
+    const { request } = await import('node:http')
+    const data = await new Promise((resolve, reject) => {
+      const req = request({ socketPath, path: '/containers/json?all=true', method: 'GET' }, (res) => {
+        let body = ''
+        res.on('data', (chunk) => { body += chunk })
+        res.on('end', () => {
+          try { resolve(JSON.parse(body)) } catch { resolve([]) }
         })
-      }
+      })
+      req.on('error', () => resolve([]))
+      req.setTimeout(5000, () => { req.destroy(); resolve([]) })
+      req.end()
+    })
+
+    for (const container of data) {
+      containers.push({
+        id: container.Id?.substring(0, 12),
+        name: container.Names?.[0]?.replace(/^\//, ''),
+        image: container.Image,
+        state: container.State,
+        status: container.Status,
+      })
     }
   } catch {
     // Docker metrics may not be available

docs/homelab/truenas-guide.md

@@ -105,17 +105,23 @@ If using the Nginx proxy (port 80):
 
 ### Permissions
 
-TrueNAS uses ACLs for dataset permissions. Set the dataset owner:
+TrueNAS uses ACLs for dataset permissions. Set the dataset owner to match the container user:
 
 ```bash
-# For Docker Compose deployments
+# Default container user is UID 1000. Verify with:
+docker compose exec nomad-app id
+
+# Set ownership accordingly
 chown -R 1000:1000 /mnt/pool/apps/project-nomad/storage
 ```
 
 Or configure ACLs in the TrueNAS UI:
 1. Go to **Storage** → select your dataset → **Edit Permissions**
-2. Set User: `1000`, Group: `1000`
-3. Apply recursively
+2. Set User to the UID shown by the command above (default: `1000`)
+3. Set Group to the GID shown (default: `1000`)
+4. Apply recursively
+
+> **Note:** If your TrueNAS user mapping differs, adjust the UID/GID to match your container runtime configuration.
 
 ## Updating on TrueNAS
 

install/entrypoint.sh

@@ -15,11 +15,23 @@ DB_PORT="${DB_PORT:-3306}"
 MAX_RETRIES=60
 RETRY_INTERVAL=2
 
+wait_for_tcp() {
+  local host="$1"
+  local port="$2"
+  node -e "
+    const net = require('net');
+    const s = new net.Socket();
+    s.setTimeout(2000);
+    s.connect($port, '$host', () => { s.destroy(); process.exit(0); });
+    s.on('error', () => process.exit(1));
+    s.on('timeout', () => { s.destroy(); process.exit(1); });
+  " 2>/dev/null
+}
+
 echo "Waiting for database at ${DB_HOST}:${DB_PORT}..."
 retries=0
 while [ $retries -lt $MAX_RETRIES ]; do
-  if curl -sf "http://${DB_HOST}:${DB_PORT}" >/dev/null 2>&1 || \
-     node -e "const net = require('net'); const s = new net.Socket(); s.setTimeout(2000); s.connect(${DB_PORT}, '${DB_HOST}', () => { s.destroy(); process.exit(0); }); s.on('error', () => process.exit(1)); s.on('timeout', () => { s.destroy(); process.exit(1); });" 2>/dev/null; then
+  if wait_for_tcp "${DB_HOST}" "${DB_PORT}"; then
     echo "Database is ready!"
     break
   fi