petersweb-infra/nixos/vnc-desktop/Dockerfile
Philip Peterson 855f5dbded fix VNC pid exhaustion: remove bluez loop, raise machine.slice limit
kded5 was activating org.bluez.obex in a tight loop (no BT hardware in
container), spawning thousands of obexd threads until the libpod scope hit
its TasksMax=9286 systemd default — causing fork failures and a 502.

- vnc-desktop/Dockerfile: purge bluez/bluez-obexd and delete D-Bus service
  activation files so kded5 can't trigger the loop
- linux.nix: machine.slice TasksMax=infinity so the libpod scope ceiling
  can't be hit by legitimate KDE thread counts
- linux.nix: containers.conf pids_limit=0 (unlimited) to let podman pass
  TasksMax=infinity to new container scopes

pids.current went from 9286 (exhausted) to 159 after the fix.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 19:53:28 -08:00

29 lines
765 B
Docker

FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y \
tigervnc-standalone-server \
tigervnc-common \
novnc \
python3-websockify \
kde-plasma-desktop \
konsole \
x11-utils \
xfonts-base \
dbus-x11 \
openssh-client \
&& rm -rf /var/lib/apt/lists/*
# Remove Bluetooth stack — obexd gets activated in a tight loop by kded5
# inside the container (no BT hardware), which exhausts the process limit.
RUN apt-get purge -y --auto-remove bluez bluez-obexd 2>/dev/null || true; \
rm -f /usr/share/dbus-1/services/org.bluez.obex.service \
/usr/share/dbus-1/system-services/org.bluez.service
COPY start.sh /start.sh
RUN chmod +x /start.sh
EXPOSE 6080
CMD ["/start.sh"]