From c20ce4fd6c0d4ac17701acf3f1f8f825d121e26d Mon Sep 17 00:00:00 2001
From: zenfyr <git@zenfyr.dev>
Date: Sun, 4 Jan 2026 01:01:59 +0700
Subject: [PATCH] switch to rootless podman

---
 .../etc/containers/systemd/dind/dind.container   | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/beeper/etc/containers/systemd/dind/dind.container b/beeper/etc/containers/systemd/dind/dind.container
index 5679316..228a642 100644
--- a/beeper/etc/containers/systemd/dind/dind.container
+++ b/beeper/etc/containers/systemd/dind/dind.container
@@ -1,19 +1,21 @@
 [Unit]
-Description=Docker-in-Podman
+Description=Rootless Podman-in-Podman
 
 [Container]
-Image=docker.io/library/docker:dind
+Image=quay.io/podman/stable
 ContainerName=dind
 AutoUpdate=registry
-Environment=DOCKER_HOST=unix:///var/run/docker.sock
 SecurityLabelDisable=true
-PodmanArgs=--privileged --cgroupns=host
-HealthCmd=docker info || exit 1
+Unmask=ALL
+AddDevice=/dev/fuse
+HealthCmd=podman info || exit 1
 HealthInterval=5s
 HealthTimeout=3s
 HealthRetries=5
-Volume=dind.volume:/var/lib/docker:Z
-Volume=/var/run/dind:/var/run:z
+User=podman
+Volume=dind.volume:/home/podman/.local/share/containers:Z
+Volume=/var/run/dind:/var/run/1000:z
+Exec=sh -c "podman system service --time=0 unix:///var/run/1000/docker.sock & PID=$!; while [ ! -S /var/run/1000/docker.sock ]; do sleep 0.1; kill -0 $PID 2>/dev/null || exit 1; done && chmod 0666 /var/run/1000/docker.sock && wait $PID"
 
 [Service]
 Restart=always