Skip to content

Support for rootless Podman #159

@worldofgeese

Description

@worldofgeese

I have a rootless Podman setup that uses podman-in-podman to run Forgejo runners as you can see here:

services:
  tailscale:
    image: tailscale/tailscale:latest
    container_name: openclaw-tailscale
    hostname: openclaw
    environment:
      - TS_AUTHKEY=
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_USERSPACE=true
      - TS_SERVE_CONFIG=/config/serve.json
      - TS_AUTH_ONCE=true
    volumes:
      - ~/.openclaw-tailscale-state:/var/lib/tailscale:Z
      - ./serve.json:/config/serve.json:ro,Z
    restart: unless-stopped

  openclaw-gateway:
    build:
      context: .
      dockerfile: ./Containerfile.nix
      target: runtime
    container_name: openclaw-gateway
    restart: unless-stopped
    stdin_open: true
    tty: true
    network_mode: service:tailscale
    depends_on:
      - tailscale
    environment:
      - NODE_ENV=production
      - UMASK=002
      - OPENCLAW_SKIP_SERVICE_CHECK=true
    volumes:
      # Using the named volume we migrated to
      - openclaw_data:/home/node/.openclaw:U,Z
#      - ./compose.yaml:/home/node/.openclaw/workspace/compose.yaml:Z,U

  openclaw-cli:
    build:
      context: .
      dockerfile: ./Containerfile.nix
      target: runtime
    container_name: openclaw-cli
    stdin_open: true
    tty: true
    environment:
      - NODE_ENV=production
      - UMASK=002
    volumes:
      - openclaw_data:/home/node/.openclaw:U,Z
    profiles:
      - cli

  podman-in-podman:
    image: quay.io/podman/stable
    container_name: podman-in-podman
    privileged: true
    environment:
      - _CONTAINERS_USERNS_CONFIGURED=""
    volumes:
      - podman_data:/var/lib/containers:Z
    security_opt:
      - label=disable
    command: ["podman", "system", "service", "-t", "0", "tcp:0.0.0.0:2375"]
    restart: unless-stopped

  forgejo-runner:
    image: data.forgejo.org/forgejo/runner:11
    container_name: forgejo_runner
    working_dir: /data
    depends_on:
      - podman-in-podman
    environment:
      - DOCKER_HOST=tcp://podman-in-podman:2375
    volumes:
      - openclaw_data:/home/node/.openclaw:U,Z
      - runner_data:/data:Z,U
    restart: unless-stopped
    command: ["/bin/sh", "-c", "sleep 5; forgejo-runner daemon --config /data/config.yml"]

volumes:
  openclaw_data:
    external: true
  podman_data:
  runner_data:

Would such support be possible for Perry workspaces? I'd like to make use of them, but I don't think aliasing docker to podman is going to be enough.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions