nixos/modules/virtualisation/containerd.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / virtualisation / containerd.nix
at 22.05-pre 2.9 kB view raw
  1{ pkgs, lib, config, ... }:
  2let
  3  cfg = config.virtualisation.containerd;
  4
  5  configFile = if cfg.configFile == null then
  6    settingsFormat.generate "containerd.toml" cfg.settings
  7  else
  8    cfg.configFile;
  9
 10  containerdConfigChecked = pkgs.runCommand "containerd-config-checked.toml" {
 11    nativeBuildInputs = [ pkgs.containerd ];
 12  } ''
 13    containerd -c ${configFile} config dump >/dev/null
 14    ln -s ${configFile} $out
 15  '';
 16
 17  settingsFormat = pkgs.formats.toml {};
 18in
 19{
 20
 21  options.virtualisation.containerd = with lib.types; {
 22    enable = lib.mkEnableOption "containerd container runtime";
 23
 24    configFile = lib.mkOption {
 25      default = null;
 26      description = ''
 27       Path to containerd config file.
 28       Setting this option will override any configuration applied by the settings option.
 29      '';
 30      type = nullOr path;
 31    };
 32
 33    settings = lib.mkOption {
 34      type = settingsFormat.type;
 35      default = {};
 36      description = ''
 37        Verbatim lines to add to containerd.toml
 38      '';
 39    };
 40
 41    args = lib.mkOption {
 42      default = {};
 43      description = "extra args to append to the containerd cmdline";
 44      type = attrsOf str;
 45    };
 46  };
 47
 48  config = lib.mkIf cfg.enable {
 49    warnings = lib.optional (cfg.configFile != null) ''
 50      `virtualisation.containerd.configFile` is deprecated. use `virtualisation.containerd.settings` instead.
 51    '';
 52
 53    virtualisation.containerd = {
 54      args.config = toString containerdConfigChecked;
 55      settings = {
 56        plugins."io.containerd.grpc.v1.cri" = {
 57         containerd.snapshotter =
 58           lib.mkIf config.boot.zfs.enabled (lib.mkOptionDefault "zfs");
 59         cni.bin_dir = lib.mkOptionDefault "${pkgs.cni-plugins}/bin";
 60        };
 61      };
 62    };
 63
 64    environment.systemPackages = [ pkgs.containerd ];
 65
 66    systemd.services.containerd = {
 67      description = "containerd - container runtime";
 68      wantedBy = [ "multi-user.target" ];
 69      after = [ "network.target" ];
 70      path = with pkgs; [
 71        containerd
 72        runc
 73        iptables
 74      ] ++ lib.optional config.boot.zfs.enabled config.boot.zfs.package;
 75      serviceConfig = {
 76        ExecStart = ''${pkgs.containerd}/bin/containerd ${lib.concatStringsSep " " (lib.cli.toGNUCommandLine {} cfg.args)}'';
 77        Delegate = "yes";
 78        KillMode = "process";
 79        Type = "notify";
 80        Restart = "always";
 81        RestartSec = "10";
 82
 83        # "limits" defined below are adopted from upstream: https://github.com/containerd/containerd/blob/master/containerd.service
 84        LimitNPROC = "infinity";
 85        LimitCORE = "infinity";
 86        LimitNOFILE = "infinity";
 87        TasksMax = "infinity";
 88        OOMScoreAdjust = "-999";
 89
 90        StateDirectory = "containerd";
 91        RuntimeDirectory = "containerd";
 92        RuntimeDirectoryPreserve = "yes";
 93      };
 94      unitConfig = {
 95        StartLimitBurst = "16";
 96        StartLimitIntervalSec = "120s";
 97      };
 98    };
 99  };
100}