From 8712f4307fbf38efb6deb3669668b031946dbbea Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sat, 18 Feb 2023 15:08:12 +0100
Subject: [PATCH] add options to auto-enable userns-remap

---
 tasks/config.yml                                            | 4 ++--
 templates/etc/sysconfig/docker.j2                           | 2 ++
 .../etc/systemd/system/docker.service.d/override.conf.j2    | 6 ++++++
 templates/etc/systemd/system/docker.service.d/override.j2   | 4 ----
 4 files changed, 10 insertions(+), 6 deletions(-)
 create mode 100644 templates/etc/systemd/system/docker.service.d/override.conf.j2
 delete mode 100644 templates/etc/systemd/system/docker.service.d/override.j2

diff --git a/tasks/config.yml b/tasks/config.yml
index 05f61a7..0dd8b5d 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -49,9 +49,9 @@
         state: directory
         mode: "{{ item.mode }}"
 
-    - name: Write service override
+    - name: Write service override.conf
       template:
-        src: etc/systemd/system/docker.service.d/override.j2
+        src: etc/systemd/system/docker.service.d/override.conf.j2
         dest: /etc/systemd/system/docker.service.d/override.conf
         mode: 0644
       notify: __docker_restart
diff --git a/templates/etc/sysconfig/docker.j2 b/templates/etc/sysconfig/docker.j2
index 7576971..882e0bb 100644
--- a/templates/etc/sysconfig/docker.j2
+++ b/templates/etc/sysconfig/docker.j2
@@ -1,4 +1,6 @@
 {{ ansible_managed | comment }}
+OPTIONS='{{' --userns-remap=' + dockerengine_nsremap_user + ':' + dockerengine_nsremap_user if dockerengine_usernamespace_enabled | bool else '' }}'
+
 # Proxy settings
 {% if dockerengine_http_proxy is defined %}
 HTTP_PROXY={{ dockerengine_http_proxy }}
diff --git a/templates/etc/systemd/system/docker.service.d/override.conf.j2 b/templates/etc/systemd/system/docker.service.d/override.conf.j2
new file mode 100644
index 0000000..0a37281
--- /dev/null
+++ b/templates/etc/systemd/system/docker.service.d/override.conf.j2
@@ -0,0 +1,6 @@
+[Service]
+EnvironmentFile=-/etc/sysconfig/docker
+ExecStart=
+ExecStart=/usr/bin/dockerd -H fd:// \
+    --containerd=/run/containerd/containerd.sock \
+    $OPTIONS
diff --git a/templates/etc/systemd/system/docker.service.d/override.j2 b/templates/etc/systemd/system/docker.service.d/override.j2
deleted file mode 100644
index fe59d11..0000000
--- a/templates/etc/systemd/system/docker.service.d/override.j2
+++ /dev/null
@@ -1,4 +0,0 @@
-[Service]
-EnvironmentFile=-/etc/sysconfig/docker
-ExecStart=
-ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock