tuxedocat · February 21, 2023 17:07
diff --git a/lima_docker_rootless.yaml b/lima_docker_rootless.yaml
 # Example to use Docker instead of containerd & nerdctl
 # $ limactl start ./lima_docker_rootless.yaml
 # $ limactl shell lima_docker_rootless docker run -it -v $HOME:$HOME --rm alpine

 # To run `docker` on the host (assumes docker-cli is installed):
 # $ export DOCKER_HOST=unix://$HOME/docker.sock
 # $ docker ...

 # This example requires Lima v0.7.3 or later
 # CPUs: if you see performance issues, try limiting cpus to 1.
 # Default: 4
 cpus: 4
 # Memory size
 # Default: "4GiB"
 memory: "10GiB"
 # Disk size
 # Default: "100GiB"
 disk: "100GiB"

 images:
  # Hint: run `limactl prune` to invalidate the "current" cache
  - location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-amd64.img"
    arch: "x86_64"
  - location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-arm64.img"
    arch: "aarch64"
 mounts:
 #  - location: "~/repos"
 #    writable: true
  - location: "/tmp/lima"
    writable: true
 ssh:
  localPort: 60022
  # Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub , for allowing DOCKER_HOST=ssh:// .
  # This option is enabled by default.
  # If you have an insecure key under ~/.ssh, do not use this option.
  loadDotSSHPubKeys: true
 # containerd is managed by Docker, not by Lima, so the values are set to false here.
 containerd:
  system: false
  user: false
 provision:
  - mode: system
    script: |
      #!/bin/bash
      set -eux -o pipefail
      command -v docker >/dev/null 2>&1 && exit 0
      export DEBIAN_FRONTEND=noninteractive
      curl -fsSL https://get.docker.com | sh
      # NOTE: you may remove the lines below, if you prefer to use rootful docker, not rootless
      systemctl disable --now docker
      apt-get install -y uidmap dbus-user-session
  - mode: user
    script: |
      #!/bin/bash
      set -eux -o pipefail
      systemctl --user start dbus
      dockerd-rootless-setuptool.sh install
      docker context use rootless
  - mode: system
    script: |
      #!/bin/bash
      set -eux -o pipefail
      sudo cat <<__EOF__ >/etc/docker/daemon.json
      {"hosts": ["tcp://127.0.0.1:2375", "unix:///var/run/docker.sock"]}
      __EOF__
      sudo mkdir -p /etc/systemd/system/docker.service.d
      sudo cat <<__EOF__ >/etc/systemd/system/docker.service.d/override.conf
      [Service]
      ExecStart=
      ExecStart=/usr/bin/dockerd
      __EOF__
      sudo systemctl daemon-reload
      sudo systemctl restart docker.service
 probes:
  - script: |
      #!/bin/bash
      set -eux -o pipefail
      if ! timeout 30s bash -c "until command -v docker >/dev/null 2>&1; do sleep 3; done"; then
        echo >&2 "docker is not installed yet"
        exit 1
      fi
      if ! timeout 30s bash -c "until pgrep rootlesskit; do sleep 3; done"; then
        echo >&2 "rootlesskit (used by rootless docker) is not running"
        exit 1
      fi
    hint: See "/var/log/cloud-init-output.log". in the guest
 portForwards:
  - guestSocket: "/run/user/{{.UID}}/docker.sock"
    hostSocket: "{{.Home}}/docker.sock"
	# Example to use Docker instead of containerd & nerdctl
	# $ limactl start ./lima_docker_rootless.yaml
	# $ limactl shell lima_docker_rootless docker run -it -v $HOME:$HOME --rm alpine

	# To run `docker` on the host (assumes docker-cli is installed):
	# $ export DOCKER_HOST=unix://$HOME/docker.sock
	# $ docker ...

	# This example requires Lima v0.7.3 or later
	# CPUs: if you see performance issues, try limiting cpus to 1.
	# Default: 4
	cpus: 4
	# Memory size
	# Default: "4GiB"
	memory: "10GiB"
	# Disk size
	# Default: "100GiB"
	disk: "100GiB"

	images:
	# Hint: run `limactl prune` to invalidate the "current" cache
	- location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-amd64.img"
	arch: "x86_64"
	- location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-arm64.img"
	arch: "aarch64"
	mounts:
	# - location: "~/repos"
	# writable: true
	- location: "/tmp/lima"
	writable: true
	ssh:
	localPort: 60022
	# Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub , for allowing DOCKER_HOST=ssh:// .
	# This option is enabled by default.
	# If you have an insecure key under ~/.ssh, do not use this option.
	loadDotSSHPubKeys: true
	# containerd is managed by Docker, not by Lima, so the values are set to false here.
	containerd:
	system: false
	user: false
	provision:
	- mode: system
	script: \|
	#!/bin/bash
	set -eux -o pipefail
	command -v docker >/dev/null 2>&1 && exit 0
	export DEBIAN_FRONTEND=noninteractive
	curl -fsSL https://get.docker.com \| sh
	# NOTE: you may remove the lines below, if you prefer to use rootful docker, not rootless
	systemctl disable --now docker
	apt-get install -y uidmap dbus-user-session
	- mode: user
	script: \|
	#!/bin/bash
	set -eux -o pipefail
	systemctl --user start dbus
	dockerd-rootless-setuptool.sh install
	docker context use rootless
	- mode: system
	script: \|
	#!/bin/bash
	set -eux -o pipefail
	sudo cat <<__EOF__ >/etc/docker/daemon.json
	{"hosts": ["tcp://127.0.0.1:2375", "unix:///var/run/docker.sock"]}
	__EOF__
	sudo mkdir -p /etc/systemd/system/docker.service.d
	sudo cat <<__EOF__ >/etc/systemd/system/docker.service.d/override.conf
	[Service]
	ExecStart=
	ExecStart=/usr/bin/dockerd
	__EOF__
	sudo systemctl daemon-reload
	sudo systemctl restart docker.service
	probes:
	- script: \|
	#!/bin/bash
	set -eux -o pipefail
	if ! timeout 30s bash -c "until command -v docker >/dev/null 2>&1; do sleep 3; done"; then
	echo >&2 "docker is not installed yet"
	exit 1
	fi
	if ! timeout 30s bash -c "until pgrep rootlesskit; do sleep 3; done"; then
	echo >&2 "rootlesskit (used by rootless docker) is not running"
	exit 1
	fi
	hint: See "/var/log/cloud-init-output.log". in the guest
	portForwards:
	- guestSocket: "/run/user/{{.UID}}/docker.sock"
	hostSocket: "{{.Home}}/docker.sock"