fixed rootless docker setup

This commit is contained in:
2026-06-07 17:12:17 +02:00
parent c5e5e463f9
commit 675bf15828
+8 -9
View File
@@ -167,15 +167,17 @@ sudo -u rss-svc -H curl -fsSL https://get.docker.com/rootless -o /tmp/install-ro
sudo -u rss-svc -H sh /tmp/install-rootless.sh sudo -u rss-svc -H sh /tmp/install-rootless.sh
``` ```
Add to `~/.bashrc` (as `rss-svc` — e.g. `sudo -u rss-svc -H bash`): The installer detects there's no active systemd **user session** for `rss-svc` (we're not logging in interactively), so instead of wiring up a per-user service it falls back to a runtime directory under the user's home — and prints the exact paths to use, e.g.:
```sh ```sh
export XDG_RUNTIME_DIR=/home/rss-svc/.docker/run
export PATH=/home/rss-svc/bin:$PATH export PATH=/home/rss-svc/bin:$PATH
export XDG_RUNTIME_DIR=/run/rss-svc-docker export DOCKER_HOST=unix:///home/rss-svc/.docker/run/docker.sock
export DOCKER_HOST=unix:///run/rss-svc-docker/docker.sock
``` ```
Now create the system unit at `/etc/systemd/system/docker-rss-svc.service`: Use the values **the installer prints for you** (add them to `~/.bashrc` as `rss-svc` — e.g. `sudo -u rss-svc -H bash`) — this is actually convenient for us, since `~/.docker/run` is a regular on-disk directory that persists across reboots without any `tmpfiles`/`RuntimeDirectory=` trickery.
Now create the system unit at `/etc/systemd/system/docker-rss-svc.service`, pointing `XDG_RUNTIME_DIR` at that same directory:
```ini ```ini
[Unit] [Unit]
@@ -186,10 +188,7 @@ After=network.target
User=rss-svc User=rss-svc
Group=rss-svc Group=rss-svc
Environment=PATH=/home/rss-svc/bin:/usr/bin:/bin Environment=PATH=/home/rss-svc/bin:/usr/bin:/bin
Environment=XDG_RUNTIME_DIR=%t/rss-svc-docker Environment=XDG_RUNTIME_DIR=/home/rss-svc/.docker/run
RuntimeDirectory=rss-svc-docker
RuntimeDirectoryMode=0700
RuntimeDirectoryPreserve=yes
ExecStart=/home/rss-svc/bin/dockerd-rootless.sh ExecStart=/home/rss-svc/bin/dockerd-rootless.sh
Restart=always Restart=always
RestartSec=2 RestartSec=2
@@ -204,7 +203,7 @@ LimitNOFILE=1048576
WantedBy=multi-user.target WantedBy=multi-user.target
``` ```
`RuntimeDirectory=` makes systemd create `/run/rss-svc-docker` (owned by `rss-svc`, mode `0700`) on every boot — that's the `XDG_RUNTIME_DIR` rootless Docker needs, supplied without any session manager. Then enable and start it: Then enable and start it:
```sh ```sh
sudo systemctl daemon-reload sudo systemctl daemon-reload