From d856839526c7e05e3280022f757c7419955b9666 Mon Sep 17 00:00:00 2001
From: noisedestroyers <noisedestroyers@gmail.com>
Date: Fri, 8 May 2026 15:19:13 -0400
Subject: [PATCH] Fix Kokoro bind-mount permissions

The kokoro-fastapi image runs as UID 1000 and downloads models into
/app/api/src/models on first start. Our 2775 root:docker permissions
weren't writable by that user (the container isn't in the docker
group). Symptom: PermissionError on download_model.py, container
crashloops.

Chown the host dir to 1000:1000 to match the image's user.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 pyinfra/framework/deploy.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/pyinfra/framework/deploy.py b/pyinfra/framework/deploy.py
index f2fe7eb..57cd15a 100644
--- a/pyinfra/framework/deploy.py
+++ b/pyinfra/framework/deploy.py
@@ -503,9 +503,14 @@ files.directory(
 )
 files.directory(
     name="Kokoro models dir",
+    # The kokoro-fastapi image runs as UID 1000 (non-root) and downloads
+    # models into this dir on first start. Has to be writable by 1000;
+    # 2775 root:docker isn't enough since the container isn't in the
+    # docker group. Owning it as 1000:1000 matches the image's user.
     path=f"{COMPOSE_DIR}/kokoro/models",
-    group="docker",
-    mode="2775",
+    user="1000",
+    group="1000",
+    mode="0755",
     _sudo=True,
 )