diff options
author | embr <git@liclac.eu> | 2021-07-16 12:29:26 +0200 |
---|---|---|
committer | zowoq <59103226+zowoq@users.noreply.github.com> | 2021-07-20 15:35:45 +1000 |
commit | 1cf78b53afa080eaa7d34f912adad7e98c4290eb (patch) | |
tree | fdedf759069db98c59b21a40e90804b596d911bf /nixos/modules/virtualisation | |
parent | 9a846d9be40ee4db5323be9c3a4dcfea8664a5c6 (diff) | |
download | nixpkgs-1cf78b53afa080eaa7d34f912adad7e98c4290eb.tar nixpkgs-1cf78b53afa080eaa7d34f912adad7e98c4290eb.tar.gz nixpkgs-1cf78b53afa080eaa7d34f912adad7e98c4290eb.tar.bz2 nixpkgs-1cf78b53afa080eaa7d34f912adad7e98c4290eb.tar.lz nixpkgs-1cf78b53afa080eaa7d34f912adad7e98c4290eb.tar.xz nixpkgs-1cf78b53afa080eaa7d34f912adad7e98c4290eb.tar.zst nixpkgs-1cf78b53afa080eaa7d34f912adad7e98c4290eb.zip |
nixos/cri-o: Add RFC42 'settings' option
Diffstat (limited to 'nixos/modules/virtualisation')
-rw-r--r-- | nixos/modules/virtualisation/cri-o.nix | 69 |
1 files changed, 42 insertions, 27 deletions
diff --git a/nixos/modules/virtualisation/cri-o.nix b/nixos/modules/virtualisation/cri-o.nix index 8d352e36ef9..b93776a3871 100644 --- a/nixos/modules/virtualisation/cri-o.nix +++ b/nixos/modules/virtualisation/cri-o.nix @@ -6,6 +6,9 @@ let crioPackage = (pkgs.cri-o.override { inherit (cfg) extraPackages; }); + format = pkgs.formats.toml { }; + + cfgFile = format.generate "00-default.conf" cfg.settings; in { imports = [ @@ -80,6 +83,15 @@ in description = "Override the network_dir option."; internal = true; }; + + settings = lib.mkOption { + type = format.type; + default = { }; + description = '' + Configuration for cri-o, see + <link xlink:href="https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md"/>. + ''; + }; }; config = mkIf cfg.enable { @@ -87,36 +99,38 @@ in environment.etc."crictl.yaml".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/crictl.yaml"; - environment.etc."crio/crio.conf.d/00-default.conf".text = '' - [crio] - storage_driver = "${cfg.storageDriver}" - - [crio.image] - ${optionalString (cfg.pauseImage != null) ''pause_image = "${cfg.pauseImage}"''} - ${optionalString (cfg.pauseCommand != null) ''pause_command = "${cfg.pauseCommand}"''} - - [crio.network] - plugin_dirs = ["${pkgs.cni-plugins}/bin/"] - ${optionalString (cfg.networkDir != null) ''network_dir = "${cfg.networkDir}"''} - - [crio.runtime] - cgroup_manager = "systemd" - log_level = "${cfg.logLevel}" - pinns_path = "${cfg.package}/bin/pinns" - hooks_dir = [ - ${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable - ''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''} - ] - - ${optionalString (cfg.runtime != null) '' - default_runtime = "${cfg.runtime}" - [crio.runtime.runtimes] - [crio.runtime.runtimes.${cfg.runtime}] - ''} - ''; + virtualisation.cri-o.settings.crio = { + storage_driver = cfg.storageDriver; + + image = { + pause_image = lib.mkIf (cfg.pauseImage != null) cfg.pauseImage; + pause_command = lib.mkIf (cfg.pauseCommand != null) cfg.pauseCommand; + }; + + network = { + plugin_dirs = [ "${pkgs.cni-plugins}/bin" ]; + network_dir = lib.mkIf (cfg.networkDir != null) cfg.networkDir; + }; + + runtime = { + cgroup_manager = "systemd"; + log_level = cfg.logLevel; + manage_ns_lifecycle = true; + pinns_path = "${cfg.package}/bin/pinns"; + hooks_dir = + optional (config.virtualisation.containers.ociSeccompBpfHook.enable) + config.boot.kernelPackages.oci-seccomp-bpf-hook; + + default_runtime = lib.mkIf (cfg.runtime != null) cfg.runtime; + runtimes = lib.mkIf (cfg.runtime != null) { + "${cfg.runtime}" = { }; + }; + }; + }; environment.etc."cni/net.d/10-crio-bridge.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/10-crio-bridge.conf"; environment.etc."cni/net.d/99-loopback.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/99-loopback.conf"; + environment.etc."crio/crio.conf.d/00-default.conf".source = cfgFile; # Enable common /etc/containers configuration virtualisation.containers.enable = true; @@ -139,6 +153,7 @@ in TimeoutStartSec = "0"; Restart = "on-abnormal"; }; + restartTriggers = [ cfgFile ]; }; }; } |