nixos/modules/virtualisation/containerd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / virtualisation / containerd.nix
at 25.11-pre 3.1 kB view raw
  1{
  2  pkgs,
  3  lib,
  4  config,
  5  ...
  6}:
  7let
  8  cfg = config.virtualisation.containerd;
  9
 10  configFile =
 11    if cfg.configFile == null then
 12      settingsFormat.generate "containerd.toml" cfg.settings
 13    else
 14      cfg.configFile;
 15
 16  containerdConfigChecked =
 17    pkgs.runCommand "containerd-config-checked.toml"
 18      {
 19        nativeBuildInputs = [ pkgs.containerd ];
 20      }
 21      ''
 22        containerd -c ${configFile} config dump >/dev/null
 23        ln -s ${configFile} $out
 24      '';
 25
 26  settingsFormat = pkgs.formats.toml { };
 27in
 28{
 29
 30  options.virtualisation.containerd = with lib.types; {
 31    enable = lib.mkEnableOption "containerd container runtime";
 32
 33    configFile = lib.mkOption {
 34      default = null;
 35      description = ''
 36        Path to containerd config file.
 37        Setting this option will override any configuration applied by the settings option.
 38      '';
 39      type = nullOr path;
 40    };
 41
 42    settings = lib.mkOption {
 43      type = settingsFormat.type;
 44      default = { };
 45      description = ''
 46        Verbatim lines to add to containerd.toml
 47      '';
 48    };
 49
 50    args = lib.mkOption {
 51      default = { };
 52      description = "extra args to append to the containerd cmdline";
 53      type = attrsOf str;
 54    };
 55  };
 56
 57  config = lib.mkIf cfg.enable {
 58    warnings = lib.optional (cfg.configFile != null) ''
 59      `virtualisation.containerd.configFile` is deprecated. use `virtualisation.containerd.settings` instead.
 60    '';
 61
 62    virtualisation.containerd = {
 63      args.config = toString containerdConfigChecked;
 64      settings = {
 65        version = 2;
 66        plugins."io.containerd.grpc.v1.cri" = {
 67          containerd.snapshotter = lib.mkIf config.boot.zfs.enabled (lib.mkOptionDefault "zfs");
 68          cni.bin_dir = lib.mkOptionDefault "${pkgs.cni-plugins}/bin";
 69        };
 70      };
 71    };
 72
 73    environment.systemPackages = [ pkgs.containerd ];
 74
 75    systemd.services.containerd = {
 76      description = "containerd - container runtime";
 77      wantedBy = [ "multi-user.target" ];
 78      after = [
 79        "network.target"
 80        "local-fs.target"
 81        "dbus.service"
 82      ];
 83      path =
 84        with pkgs;
 85        [
 86          containerd
 87          runc
 88          iptables
 89        ]
 90        ++ lib.optional config.boot.zfs.enabled config.boot.zfs.package;
 91      serviceConfig = {
 92        ExecStart = ''${pkgs.containerd}/bin/containerd ${
 93          lib.concatStringsSep " " (lib.cli.toGNUCommandLine { } cfg.args)
 94        }'';
 95        Delegate = "yes";
 96        KillMode = "process";
 97        Type = "notify";
 98        Restart = "always";
 99        RestartSec = "10";
100
101        # "limits" defined below are adopted from upstream: https://github.com/containerd/containerd/blob/master/containerd.service
102        LimitNPROC = "infinity";
103        LimitCORE = "infinity";
104        TasksMax = "infinity";
105        OOMScoreAdjust = "-999";
106
107        StateDirectory = "containerd";
108        RuntimeDirectory = "containerd";
109        RuntimeDirectoryPreserve = "yes";
110      };
111      unitConfig = {
112        StartLimitBurst = "16";
113        StartLimitIntervalSec = "120s";
114      };
115    };
116  };
117}