fixed rootless docker setup
This commit is contained in:
@@ -167,15 +167,17 @@ sudo -u rss-svc -H curl -fsSL https://get.docker.com/rootless -o /tmp/install-ro
|
||||
sudo -u rss-svc -H sh /tmp/install-rootless.sh
|
||||
```
|
||||
|
||||
Add to `~/.bashrc` (as `rss-svc` — e.g. `sudo -u rss-svc -H bash`):
|
||||
The installer detects there's no active systemd **user session** for `rss-svc` (we're not logging in interactively), so instead of wiring up a per-user service it falls back to a runtime directory under the user's home — and prints the exact paths to use, e.g.:
|
||||
|
||||
```sh
|
||||
export XDG_RUNTIME_DIR=/home/rss-svc/.docker/run
|
||||
export PATH=/home/rss-svc/bin:$PATH
|
||||
export XDG_RUNTIME_DIR=/run/rss-svc-docker
|
||||
export DOCKER_HOST=unix:///run/rss-svc-docker/docker.sock
|
||||
export DOCKER_HOST=unix:///home/rss-svc/.docker/run/docker.sock
|
||||
```
|
||||
|
||||
Now create the system unit at `/etc/systemd/system/docker-rss-svc.service`:
|
||||
Use the values **the installer prints for you** (add them to `~/.bashrc` as `rss-svc` — e.g. `sudo -u rss-svc -H bash`) — this is actually convenient for us, since `~/.docker/run` is a regular on-disk directory that persists across reboots without any `tmpfiles`/`RuntimeDirectory=` trickery.
|
||||
|
||||
Now create the system unit at `/etc/systemd/system/docker-rss-svc.service`, pointing `XDG_RUNTIME_DIR` at that same directory:
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
@@ -186,10 +188,7 @@ After=network.target
|
||||
User=rss-svc
|
||||
Group=rss-svc
|
||||
Environment=PATH=/home/rss-svc/bin:/usr/bin:/bin
|
||||
Environment=XDG_RUNTIME_DIR=%t/rss-svc-docker
|
||||
RuntimeDirectory=rss-svc-docker
|
||||
RuntimeDirectoryMode=0700
|
||||
RuntimeDirectoryPreserve=yes
|
||||
Environment=XDG_RUNTIME_DIR=/home/rss-svc/.docker/run
|
||||
ExecStart=/home/rss-svc/bin/dockerd-rootless.sh
|
||||
Restart=always
|
||||
RestartSec=2
|
||||
@@ -204,7 +203,7 @@ LimitNOFILE=1048576
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
`RuntimeDirectory=` makes systemd create `/run/rss-svc-docker` (owned by `rss-svc`, mode `0700`) on every boot — that's the `XDG_RUNTIME_DIR` rootless Docker needs, supplied without any session manager. Then enable and start it:
|
||||
Then enable and start it:
|
||||
|
||||
```sh
|
||||
sudo systemctl daemon-reload
|
||||
|
||||
Reference in New Issue
Block a user