pyrox.dev
nixos/cri-o: Add RFC42 'settings' option
+38
-23
nixos/modules/virtualisation/cri-o.nix
+38
-23
nixos/modules/virtualisation/cri-o.nix
···
6
7
crioPackage = (pkgs.cri-o.override { inherit (cfg) extraPackages; });
8
9
in
10
{
11
imports = [
···
80
description = "Override the network_dir option.";
81
internal = true;
82
};
83
};
84
85
config = mkIf cfg.enable {
···
87
88
environment.etc."crictl.yaml".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/crictl.yaml";
89
90
-
environment.etc."crio/crio.conf.d/00-default.conf".text = ''
91
-
[crio]
92
-
storage_driver = "${cfg.storageDriver}"
93
94
-
[crio.image]
95
-
${optionalString (cfg.pauseImage != null) ''pause_image = "${cfg.pauseImage}"''}
96
-
${optionalString (cfg.pauseCommand != null) ''pause_command = "${cfg.pauseCommand}"''}
97
98
-
[crio.network]
99
-
plugin_dirs = ["${pkgs.cni-plugins}/bin/"]
100
-
${optionalString (cfg.networkDir != null) ''network_dir = "${cfg.networkDir}"''}
101
102
-
[crio.runtime]
103
-
cgroup_manager = "systemd"
104
-
log_level = "${cfg.logLevel}"
105
-
pinns_path = "${cfg.package}/bin/pinns"
106
-
hooks_dir = [
107
-
${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable
108
-
''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''}
109
-
]
110
111
-
${optionalString (cfg.runtime != null) ''
112
-
default_runtime = "${cfg.runtime}"
113
-
[crio.runtime.runtimes]
114
-
[crio.runtime.runtimes.${cfg.runtime}]
115
-
''}
116
-
'';
117
118
environment.etc."cni/net.d/10-crio-bridge.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/10-crio-bridge.conf";
119
environment.etc."cni/net.d/99-loopback.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/99-loopback.conf";
120
121
# Enable common /etc/containers configuration
122
virtualisation.containers.enable = true;
···
139
TimeoutStartSec = "0";
140
Restart = "on-abnormal";
141
};
142
};
143
};
144
}
···
6
7
crioPackage = (pkgs.cri-o.override { inherit (cfg) extraPackages; });
8
9
+
format = pkgs.formats.toml { };
10
+
11
+
cfgFile = format.generate "00-default.conf" cfg.settings;
12
in
13
{
14
imports = [
···
83
description = "Override the network_dir option.";
84
internal = true;
85
};
86
+
87
+
settings = lib.mkOption {
88
+
type = format.type;
89
+
default = { };
90
+
description = ''
91
+
Configuration for cri-o, see
92
+
<link xlink:href="https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md"/>.
93
+
'';
94
+
};
95
};
96
97
config = mkIf cfg.enable {
···
99
100
environment.etc."crictl.yaml".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/crictl.yaml";
101
102
+
virtualisation.cri-o.settings.crio = {
103
+
storage_driver = cfg.storageDriver;
104
105
+
image = {
106
+
pause_image = lib.mkIf (cfg.pauseImage != null) cfg.pauseImage;
107
+
pause_command = lib.mkIf (cfg.pauseCommand != null) cfg.pauseCommand;
108
+
};
109
110
+
network = {
111
+
plugin_dirs = [ "${pkgs.cni-plugins}/bin" ];
112
+
network_dir = lib.mkIf (cfg.networkDir != null) cfg.networkDir;
113
+
};
114
115
+
runtime = {
116
+
cgroup_manager = "systemd";
117
+
log_level = cfg.logLevel;
118
+
manage_ns_lifecycle = true;
119
+
pinns_path = "${cfg.package}/bin/pinns";
120
+
hooks_dir =
121
+
optional (config.virtualisation.containers.ociSeccompBpfHook.enable)
122
+
config.boot.kernelPackages.oci-seccomp-bpf-hook;
123
124
+
default_runtime = lib.mkIf (cfg.runtime != null) cfg.runtime;
125
+
runtimes = lib.mkIf (cfg.runtime != null) {
126
+
"${cfg.runtime}" = { };
127
+
};
128
+
};
129
+
};
130
131
environment.etc."cni/net.d/10-crio-bridge.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/10-crio-bridge.conf";
132
environment.etc."cni/net.d/99-loopback.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/99-loopback.conf";
133
+
environment.etc."crio/crio.conf.d/00-default.conf".source = cfgFile;
134
135
# Enable common /etc/containers configuration
136
virtualisation.containers.enable = true;
···
153
TimeoutStartSec = "0";
154
Restart = "on-abnormal";
155
};
156
+
restartTriggers = [ cfgFile ];
157
};
158
};
159
}