From d8a667f90054718930c59826719182a94ead1f61 Mon Sep 17 00:00:00 2001
From: Mathias Fredriksson <mafredri@gmail.com>
Date: Wed, 28 Sep 2022 12:06:31 +0300
Subject: [PATCH 1/2] docs: Update Docker docs and docker-compose, mention
 `group-add`

---
 docker-compose.yaml    |  6 ++++++
 docs/install/docker.md | 11 +++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index b52fdc7bba91d..0c6e1695007b2 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -16,6 +16,12 @@ services:
       # Alternatively, you can enable CODER_TUNNEL for
       # proof-of-concept deployments.
       CODER_TUNNEL: "${CODER_TUNNEL:-false}"
+    # If the coder user does not have write permissions on
+    # the docker socket, you can uncomment the following
+    # lines and set the group ID to one that has write
+    # permissions on the docker socket.
+    #group_add:
+    #  - "998" # docker group on host
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     depends_on:
diff --git a/docs/install/docker.md b/docs/install/docker.md
index a36c0737f5ef8..34315f9545427 100644
--- a/docs/install/docker.md
+++ b/docs/install/docker.md
@@ -11,14 +11,21 @@ the following command:
 
 ```sh
 export CODER_DATA=$HOME/.config/coderv2-docker
+export DOCKER_GROUP=$(getent group docker | cut -d: -f3)
 mkdir -p $CODER_DATA
 docker run --rm -it \
   -e CODER_TUNNEL=true \
   -v $CODER_DATA:/home/coder/.config \
   -v /var/run/docker.sock:/var/run/docker.sock \
+  --group-add $DOCKER_GROUP \
   ghcr.io/coder/coder:latest
 ```
 
+**<sup>Note:</sup>** <sup>Coder runs as a non-root user, we use `--group-add` to
+ensure Coder has permissions to manage Docker via `docker.sock`. If the host
+systems `/var/run/docker.sock` is not group writeable or does not belong to the
+`docker` group, this method may not work.</sup>
+
 Coder configuration is defined via environment variables.
 Learn more about Coder's [configuration options](../admin/configure.md).
 
@@ -55,7 +62,7 @@ an PostgreSQL container and volume.
 3. Start Coder with `docker-compose up`:
 
    In order to use cloud-based templates (e.g. Kubernetes, AWS), you must have an external URL that users and workspaces will use to connect to Coder.
-   
+
    For proof-of-concept deployments, you can use [Coder's tunnel](../admin/configure.md#tunnel):
 
    ```sh
@@ -74,7 +81,7 @@ an PostgreSQL container and volume.
 
    > Without `CODER_ACCESS_URL` or `CODER_TUNNEL` set, Coder will bind to `localhost:7080`. This will only work for Docker-based templates.
 
-4. Visit the web ui via the configured url. You can add `/login` to the base url to create the first user via the ui. 
+4. Visit the web ui via the configured url. You can add `/login` to the base url to create the first user via the ui.
 
 5. Follow the on-screen instructions log in and create your first template and workspace
 

From 0c130775a209ce6659672f1b24d132dfac5d407d Mon Sep 17 00:00:00 2001
From: Mathias Fredriksson <mafredri@gmail.com>
Date: Wed, 28 Sep 2022 12:13:11 +0300
Subject: [PATCH 2/2] docs: Tweak

---
 docs/install/docker.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/install/docker.md b/docs/install/docker.md
index 34315f9545427..13f0eb7437520 100644
--- a/docs/install/docker.md
+++ b/docs/install/docker.md
@@ -24,7 +24,7 @@ docker run --rm -it \
 **<sup>Note:</sup>** <sup>Coder runs as a non-root user, we use `--group-add` to
 ensure Coder has permissions to manage Docker via `docker.sock`. If the host
 systems `/var/run/docker.sock` is not group writeable or does not belong to the
-`docker` group, this method may not work.</sup>
+`docker` group, the above may not work as-is.</sup>
 
 Coder configuration is defined via environment variables.
 Learn more about Coder's [configuration options](../admin/configure.md).