talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
b129bf5e3e8cbcac57acf5a81543467bb3435616
machine_setup/nix/kubernetes/roles/containerd/default.nix
Tom Alexander 9beffb46b6 Set up containerd use harbor.fizz.buzz.
2026-05-02 18:25:07 -04:00

87 lines
2.1 KiB
Nix
Raw Blame History

# TODO: Set up a proxy to harbor for OCI compliance: https://github.com/moby/moby/pull/34319#issuecomment-720606627
{
config,
lib,
pkgs,
...
}:
let
my-cni-plugins = pkgs.buildEnv {
name = "my-cni-plugins";
paths = with pkgs; [
cni-plugins
# cni-plugin-flannel
];
};
my-cni-configs = pkgs.callPackage ./package/cni_conf/package.nix { };
in
{
imports = [ ];
options.me = {
containerd.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install containerd.";
};
};
config = lib.mkIf config.me.containerd.enable {
virtualisation.containerd.enable = true;
virtualisation.containerd.settings = lib.mkForce {
"plugins" = {
"io.containerd.cri.v1.images" = {
"registry" = {
"config_path" = "/.persist/containerd/certs.d";
};
"snapshotter" = "overlayfs";
};
"io.containerd.cri.v1.runtime" = {
"cni" = {
"bin_dirs" = [
"/opt/cni/bin"
];
"conf_dir" = "/etc/cni/net.d";
};
"containerd" = {
"default_runtime_name" = "runc";
"runtimes" = {
"runc" = {
"runtime_type" = "io.containerd.runc.v2";
};
};
};
};
"io.containerd.cri.v1.services" = {
"containerd" = {
"runtimes" = {
"runc" = {
"options" = {
"SystemdCgroup" = true;
};
};
};
};
};
};
"version" = 3;
};
systemd.services.containerd.preStart = ''
${pkgs.toybox}/bin/install -d -m 0755 /opt/cni/bin /etc/cni/net.d
${pkgs.toybox}/bin/install ${my-cni-plugins}/bin/* /opt/cni/bin/
${pkgs.toybox}/bin/install ${my-cni-configs}/* /etc/cni/net.d/
echo "Copied CNI plugins/config."
'';
environment.persistence."/disk" = lib.mkIf (config.me.mountPersistence) {
hideMounts = lib.mkForce false;
directories = [
"/var/lib/containerd"
];
};
};
}
Reference in New Issue View Git Blame Copy Permalink