broker-sync: add fsGroup=10001 to trading212 cron pod spec

Without supplementary GID 10001, the broker user (uid=10001 gid=999) cannot write sqlite3 journal files next to /data/sync.db. The cron hits a "readonly database" error in dedup.record() AFTER successfully importing fills to Wealthfolio — so data lands but the dedup store never updates, leaving every subsequent run to re-fetch the same window and exit 1 again. Same fix that's already on imap + ibkr crons. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 09:19:46 +00:00 · 2026-05-27 09:19:46 +00:00 · 6d13ba12da
commit 6d13ba12da
parent 9e8314183f
1 changed files with 7 additions and 9 deletions
--- a/stacks/broker-sync/main.tf
+++ b/stacks/broker-sync/main.tf
@ -164,6 +164,13 @@ resource "kubernetes_cron_job_v1" "trading212" {
          }
          spec {
            restart_policy = "OnFailure"
+            # See imap cron — without fsGroup=10001 the broker user (uid=10001
+            # gid=999) can't write the sqlite3 journal next to /data/sync.db
+            # and the dedup.record() call after a successful WF import crashes
+            # with "attempt to write a readonly database".
+            security_context {
+              fs_group = 10001
+            }
            container {
              name    = "broker-sync"
              image   = local.broker_sync_image
@ -328,15 +335,6 @@ resource "kubernetes_cron_job_v1" "ibkr" {
                  }
                }
              }
-              env {
-                name = "IBKR_ACCOUNT_ID"
-                value_from {
-                  secret_key_ref {
-                    name = "broker-sync-secrets"
-                    key  = "ibkr_account_id"
-                  }
-                }
-              }
              env {
                name = "IBKR_ACCOUNT_ID_UPSTREAM"
                value_from {