# TODO: Set up a proxy to harbor for OCI compliance: https://github.com/moby/moby/pull/34319#issuecomment-720606627 { config, lib, pkgs, ... }: let my-cni-plugins = pkgs.buildEnv { name = "my-cni-plugins"; paths = with pkgs; [ cni-plugins # cni-plugin-flannel ]; }; my-cni-configs = pkgs.callPackage ./package/cni_conf/package.nix { }; in { imports = [ ]; options.me = { containerd.enable = lib.mkOption { type = lib.types.bool; default = false; example = true; description = "Whether we want to install containerd."; }; }; config = lib.mkIf config.me.containerd.enable { virtualisation.containerd.enable = true; virtualisation.containerd.settings = lib.mkForce { "plugins" = { "io.containerd.cri.v1.images" = { "registry" = { "config_path" = "/.persist/containerd/certs.d"; }; "snapshotter" = "overlayfs"; }; "io.containerd.cri.v1.runtime" = { "cni" = { "bin_dirs" = [ "/opt/cni/bin" ]; "conf_dir" = "/etc/cni/net.d"; }; "containerd" = { "default_runtime_name" = "runc"; "runtimes" = { "runc" = { "runtime_type" = "io.containerd.runc.v2"; }; }; }; }; "io.containerd.cri.v1.services" = { "containerd" = { "runtimes" = { "runc" = { "options" = { "SystemdCgroup" = true; }; }; }; }; }; }; "version" = 3; }; systemd.services.containerd.preStart = '' ${pkgs.toybox}/bin/install -d -m 0755 /opt/cni/bin /etc/cni/net.d ${pkgs.toybox}/bin/install ${my-cni-plugins}/bin/* /opt/cni/bin/ ${pkgs.toybox}/bin/install ${my-cni-configs}/* /etc/cni/net.d/ echo "Copied CNI plugins/config." ''; environment.persistence."/disk" = lib.mkIf (config.me.mountPersistence) { hideMounts = lib.mkForce false; directories = [ "/var/lib/containerd" ]; }; }; }