dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/cri-o: Add RFC42 'settings' option

Browse Source
This commit is contained in:
embr 2021-07-16 12:29:26 +02:00 committed by zowoq
parent 9a846d9be4
commit 1cf78b53af
1 changed files with 38 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
nixos/modules/virtualisation/cri-o.nix
View File

@ -6,6 +6,9 @@ let
crioPackage = (pkgs.cri-o.override { inherit (cfg) extraPackages; }); crioPackage = (pkgs.cri-o.override { inherit (cfg) extraPackages; });
format = pkgs.formats.toml { };
cfgFile = format.generate "00-default.conf" cfg.settings;
in in
{ {
imports = [ imports = [
@ -80,6 +83,15 @@ in
description = "Override the network_dir option."; description = "Override the network_dir option.";
internal = true; internal = true;
}; };
settings = lib.mkOption {
type = format.type;
default = { };
description = ''
Configuration for cri-o, see
<link xlink:href="https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md"/>.
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -87,36 +99,38 @@ in
environment.etc."crictl.yaml".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/crictl.yaml"; environment.etc."crictl.yaml".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/crictl.yaml";
environment.etc."crio/crio.conf.d/00-default.conf".text = '' virtualisation.cri-o.settings.crio = {
[crio] storage_driver = cfg.storageDriver;
storage_driver = "${cfg.storageDriver}"
[crio.image] image = {
${optionalString (cfg.pauseImage != null) ''pause_image = "${cfg.pauseImage}"''} pause_image = lib.mkIf (cfg.pauseImage != null) cfg.pauseImage;
${optionalString (cfg.pauseCommand != null) ''pause_command = "${cfg.pauseCommand}"''} pause_command = lib.mkIf (cfg.pauseCommand != null) cfg.pauseCommand;
};
[crio.network] network = {
plugin_dirs = ["${pkgs.cni-plugins}/bin/"] plugin_dirs = [ "${pkgs.cni-plugins}/bin" ];
${optionalString (cfg.networkDir != null) ''network_dir = "${cfg.networkDir}"''} network_dir = lib.mkIf (cfg.networkDir != null) cfg.networkDir;
};
[crio.runtime] runtime = {
cgroup_manager = "systemd" cgroup_manager = "systemd";
log_level = "${cfg.logLevel}" log_level = cfg.logLevel;
pinns_path = "${cfg.package}/bin/pinns" manage_ns_lifecycle = true;
hooks_dir = [ pinns_path = "${cfg.package}/bin/pinns";
${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable hooks_dir =
''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''} optional (config.virtualisation.containers.ociSeccompBpfHook.enable)
] config.boot.kernelPackages.oci-seccomp-bpf-hook;
${optionalString (cfg.runtime != null) '' default_runtime = lib.mkIf (cfg.runtime != null) cfg.runtime;
default_runtime = "${cfg.runtime}" runtimes = lib.mkIf (cfg.runtime != null) {
[crio.runtime.runtimes] "${cfg.runtime}" = { };
[crio.runtime.runtimes.${cfg.runtime}] };
''} };
''; };
environment.etc."cni/net.d/10-crio-bridge.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/10-crio-bridge.conf"; environment.etc."cni/net.d/10-crio-bridge.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/10-crio-bridge.conf";
environment.etc."cni/net.d/99-loopback.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/99-loopback.conf"; environment.etc."cni/net.d/99-loopback.conf".source = utils.copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/99-loopback.conf";
environment.etc."crio/crio.conf.d/00-default.conf".source = cfgFile;
# Enable common /etc/containers configuration # Enable common /etc/containers configuration
virtualisation.containers.enable = true; virtualisation.containers.enable = true;
@ -139,6 +153,7 @@ in
TimeoutStartSec = "0"; TimeoutStartSec = "0";
Restart = "on-abnormal"; Restart = "on-abnormal";
}; };
restartTriggers = [ cfgFile ];
}; };
}; };
} }