fixed rootless docker setup
This commit is contained in:
@@ -167,15 +167,17 @@ sudo -u rss-svc -H curl -fsSL https://get.docker.com/rootless -o /tmp/install-ro
|
|||||||
sudo -u rss-svc -H sh /tmp/install-rootless.sh
|
sudo -u rss-svc -H sh /tmp/install-rootless.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
Add to `~/.bashrc` (as `rss-svc` — e.g. `sudo -u rss-svc -H bash`):
|
The installer detects there's no active systemd **user session** for `rss-svc` (we're not logging in interactively), so instead of wiring up a per-user service it falls back to a runtime directory under the user's home — and prints the exact paths to use, e.g.:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
export XDG_RUNTIME_DIR=/home/rss-svc/.docker/run
|
||||||
export PATH=/home/rss-svc/bin:$PATH
|
export PATH=/home/rss-svc/bin:$PATH
|
||||||
export XDG_RUNTIME_DIR=/run/rss-svc-docker
|
export DOCKER_HOST=unix:///home/rss-svc/.docker/run/docker.sock
|
||||||
export DOCKER_HOST=unix:///run/rss-svc-docker/docker.sock
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Now create the system unit at `/etc/systemd/system/docker-rss-svc.service`:
|
Use the values **the installer prints for you** (add them to `~/.bashrc` as `rss-svc` — e.g. `sudo -u rss-svc -H bash`) — this is actually convenient for us, since `~/.docker/run` is a regular on-disk directory that persists across reboots without any `tmpfiles`/`RuntimeDirectory=` trickery.
|
||||||
|
|
||||||
|
Now create the system unit at `/etc/systemd/system/docker-rss-svc.service`, pointing `XDG_RUNTIME_DIR` at that same directory:
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
[Unit]
|
[Unit]
|
||||||
@@ -186,10 +188,7 @@ After=network.target
|
|||||||
User=rss-svc
|
User=rss-svc
|
||||||
Group=rss-svc
|
Group=rss-svc
|
||||||
Environment=PATH=/home/rss-svc/bin:/usr/bin:/bin
|
Environment=PATH=/home/rss-svc/bin:/usr/bin:/bin
|
||||||
Environment=XDG_RUNTIME_DIR=%t/rss-svc-docker
|
Environment=XDG_RUNTIME_DIR=/home/rss-svc/.docker/run
|
||||||
RuntimeDirectory=rss-svc-docker
|
|
||||||
RuntimeDirectoryMode=0700
|
|
||||||
RuntimeDirectoryPreserve=yes
|
|
||||||
ExecStart=/home/rss-svc/bin/dockerd-rootless.sh
|
ExecStart=/home/rss-svc/bin/dockerd-rootless.sh
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=2
|
RestartSec=2
|
||||||
@@ -204,7 +203,7 @@ LimitNOFILE=1048576
|
|||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
```
|
```
|
||||||
|
|
||||||
`RuntimeDirectory=` makes systemd create `/run/rss-svc-docker` (owned by `rss-svc`, mode `0700`) on every boot — that's the `XDG_RUNTIME_DIR` rootless Docker needs, supplied without any session manager. Then enable and start it:
|
Then enable and start it:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
|
|||||||
Reference in New Issue
Block a user