From d8f0cf16c753c9f6cf8a78f5c6f878fe9e0de365 Mon Sep 17 00:00:00 2001
From: Samir Boulahtit <samir.boulahtit@wizard.lu>
Date: Sat, 28 Feb 2026 00:27:45 +0100
Subject: [PATCH] fix(ops): handle sudo in verify-server.sh

Use SUDO_USER to resolve correct home directory when run with sudo.
Use --project-directory instead of -f for docker compose lookups.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 scripts/verify-server.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/scripts/verify-server.sh b/scripts/verify-server.sh
index 708fb195..79ecd9ba 100755
--- a/scripts/verify-server.sh
+++ b/scripts/verify-server.sh
@@ -178,7 +178,13 @@ fi
 
 if [ "$MODE" = "prod" ]; then
 
-    ORION_DIR="${ORION_DIR:-$HOME/apps/orion}"
+    # When run with sudo, $HOME is /root. Use SUDO_USER's home instead.
+    if [ -n "${SUDO_USER:-}" ]; then
+        REAL_HOME=$(getent passwd "$SUDO_USER" | cut -d: -f6)
+    else
+        REAL_HOME="$HOME"
+    fi
+    ORION_DIR="${ORION_DIR:-$REAL_HOME/apps/orion}"
 
     # -----------------------------------------------------------------------
     section "1. fail2ban"
@@ -228,7 +234,7 @@ if [ "$MODE" = "prod" ]; then
 
     EXPECTED_CONTAINERS="db redis api celery-worker celery-beat flower prometheus grafana node-exporter cadvisor alertmanager redis-exporter"
     for name in $EXPECTED_CONTAINERS; do
-        container=$(docker compose --profile full -f "$ORION_DIR/docker-compose.yml" ps --format '{{.Name}}' 2>/dev/null | grep "$name" || true)
+        container=$(docker compose --profile full --project-directory "$ORION_DIR" ps --format '{{.Name}}' 2>/dev/null | grep "$name" || true)
         if [ -n "$container" ]; then
             state=$(docker inspect --format='{{.State.Status}}' "$container" 2>/dev/null || echo "unknown")
             if [ "$state" = "running" ]; then
@@ -243,7 +249,7 @@ if [ "$MODE" = "prod" ]; then
 
     # Check for healthy status on containers with healthchecks
     for name in db redis api celery-worker; do
-        container=$(docker compose --profile full -f "$ORION_DIR/docker-compose.yml" ps --format '{{.Name}}' 2>/dev/null | grep "$name" || true)
+        container=$(docker compose --profile full --project-directory "$ORION_DIR" ps --format '{{.Name}}' 2>/dev/null | grep "$name" || true)
         if [ -n "$container" ]; then
             health=$(docker inspect --format='{{.State.Health.Status}}' "$container" 2>/dev/null || echo "none")
             if [ "$health" = "healthy" ]; then