fixed rootless docker setup

This commit is contained in:
2026-06-07 17:12:17 +02:00
parent c5e5e463f9
commit 675bf15828
+8 -9
View File
@@ -167,15 +167,17 @@ sudo -u rss-svc -H curl -fsSL https://get.docker.com/rootless -o /tmp/install-ro
sudo -u rss-svc -H sh /tmp/install-rootless.sh
```
Add to `~/.bashrc` (as `rss-svc` — e.g. `sudo -u rss-svc -H bash`):
The installer detects there's no active systemd **user session** for `rss-svc` (we're not logging in interactively), so instead of wiring up a per-user service it falls back to a runtime directory under the user's home — and prints the exact paths to use, e.g.:
```sh
export XDG_RUNTIME_DIR=/home/rss-svc/.docker/run
export PATH=/home/rss-svc/bin:$PATH
export XDG_RUNTIME_DIR=/run/rss-svc-docker
export DOCKER_HOST=unix:///run/rss-svc-docker/docker.sock
export DOCKER_HOST=unix:///home/rss-svc/.docker/run/docker.sock
```
Now create the system unit at `/etc/systemd/system/docker-rss-svc.service`:
Use the values **the installer prints for you** (add them to `~/.bashrc` as `rss-svc` — e.g. `sudo -u rss-svc -H bash`) — this is actually convenient for us, since `~/.docker/run` is a regular on-disk directory that persists across reboots without any `tmpfiles`/`RuntimeDirectory=` trickery.
Now create the system unit at `/etc/systemd/system/docker-rss-svc.service`, pointing `XDG_RUNTIME_DIR` at that same directory:
```ini
[Unit]
@@ -186,10 +188,7 @@ After=network.target
User=rss-svc
Group=rss-svc
Environment=PATH=/home/rss-svc/bin:/usr/bin:/bin
Environment=XDG_RUNTIME_DIR=%t/rss-svc-docker
RuntimeDirectory=rss-svc-docker
RuntimeDirectoryMode=0700
RuntimeDirectoryPreserve=yes
Environment=XDG_RUNTIME_DIR=/home/rss-svc/.docker/run
ExecStart=/home/rss-svc/bin/dockerd-rootless.sh
Restart=always
RestartSec=2
@@ -204,7 +203,7 @@ LimitNOFILE=1048576
WantedBy=multi-user.target
```
`RuntimeDirectory=` makes systemd create `/run/rss-svc-docker` (owned by `rss-svc`, mode `0700`) on every boot — that's the `XDG_RUNTIME_DIR` rootless Docker needs, supplied without any session manager. Then enable and start it:
Then enable and start it:
```sh
sudo systemctl daemon-reload