Installing the cni plugins.

2025-12-18 00:27:18 -05:00 · 2025-12-18 00:27:18 -05:00 · 1da6250301
commit 1da6250301
parent c61da527f2
4 changed files with 60 additions and 12 deletions
--- a/nix/kubernetes/roles/containerd/default.nix
+++ b/nix/kubernetes/roles/containerd/default.nix
@ -20,22 +20,23 @@
  config = lib.mkIf config.me.containerd.enable {
    virtualisation.containerd.enable = true;
    virtualisation.containerd.settings =
-      # let
-      #   my-cni-plugins = pkgs.buildEnv {
-      #     name = "my-cni-plugins";
-      #     paths = with pkgs; [
-      #       cni-plugins
-      #       cni-plugin-flannel
-      #     ];
-      #   };
-      # in
+      let
+        my-cni-plugins = pkgs.buildEnv {
+          name = "my-cni-plugins";
+          paths = with pkgs; [
+            cni-plugins
+            cni-plugin-flannel
+          ];
+        };
+      in
      {
        "plugins" = {
          "io.containerd.grpc.v1.cri" = {
            "cni" = {
-              "bin_dir" = "/opt/cni/bin";
-              # "bin_dir" = "${my-cni-plugins}/bin";
-              "conf_dir" = "/etc/cni/net.d";
+              # "bin_dir" = "/opt/cni/bin";
+              "bin_dir" = "${my-cni-plugins}/bin";
+              # "conf_dir" = "/etc/cni/net.d";
+              "conf_dir" = "${pkgs.callPackage ./package/cni_conf/package.nix { }}";
            };
            "containerd" = {
              "default_runtime_name" = "runc";
--- a/nix/kubernetes/roles/containerd/package/cni_conf/files/10-bridge.conf
+++ b/nix/kubernetes/roles/containerd/package/cni_conf/files/10-bridge.conf
@ -0,0 +1,15 @@
+{
+  "cniVersion": "1.0.0",
+  "name": "bridge",
+  "type": "bridge",
+  "bridge": "cni0",
+  "isGateway": true,
+  "ipMasq": true,
+  "ipam": {
+    "type": "host-local",
+    "ranges": [
+      [{"subnet": "SUBNET"}]
+    ],
+    "routes": [{"dst": "0.0.0.0/0"}]
+  }
+}
--- a/nix/kubernetes/roles/containerd/package/cni_conf/files/99-loopback.conf
+++ b/nix/kubernetes/roles/containerd/package/cni_conf/files/99-loopback.conf
@ -0,0 +1,5 @@
+{
+  "cniVersion": "1.1.0",
+  "name": "lo",
+  "type": "loopback"
+}
--- a/nix/kubernetes/roles/containerd/package/cni_conf/package.nix
+++ b/nix/kubernetes/roles/containerd/package/cni_conf/package.nix
@ -0,0 +1,27 @@
+# unpackPhase
+# patchPhase
+# configurePhase
+# buildPhase
+# checkPhase
+# installPhase
+# fixupPhase
+# installCheckPhase
+# distPhase
+{
+  stdenv,
+  openssl,
+  ...
+}:
+stdenv.mkDerivation (finalAttrs: {
+  name = "cni-conf";
+  nativeBuildInputs = [ openssl ];
+  buildInputs = [ ];
+
+  unpackPhase = "true";
+
+  installPhase = ''
+    mkdir -p "$out"
+    cd "$out"
+    install ${./files/10-bridge.conf} ${./files/99-loopback.conf} $out/
+  '';
+})