nixpkgs/nixos/modules/virtualisation/containerd.nix

{ pkgs, lib, config, ... }:
let
  cfg = config.virtualisation.containerd;
  containerdConfigChecked = pkgs.runCommand "containerd-config-checked.toml" { nativeBuildInputs = [pkgs.containerd]; } ''
    containerd -c ${cfg.configFile} config dump >/dev/null
    ln -s ${cfg.configFile} $out
  '';
in
{

  options.virtualisation.containerd = with lib.types; {
    enable = lib.mkEnableOption "containerd container runtime";

    configFile = lib.mkOption {
      default = null;
      description = "path to containerd config file";
      type = nullOr path;
    };

    args = lib.mkOption {
      default = {};
      description = "extra args to append to the containerd cmdline";
      type = attrsOf str;
    };
  };

  config = lib.mkIf cfg.enable {
    virtualisation.containerd.args.config = lib.mkIf (cfg.configFile != null) (toString containerdConfigChecked);

    environment.systemPackages = [pkgs.containerd];

    systemd.services.containerd = {
      description = "containerd - container runtime";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
      path = with pkgs; [
        containerd
        runc
        iptables
      ];
      serviceConfig = {
        ExecStart = ''${pkgs.containerd}/bin/containerd ${lib.concatStringsSep " " (lib.cli.toGNUCommandLine {} cfg.args)}'';
        Delegate = "yes";
        KillMode = "process";
        Type = "notify";
        Restart = "always";
        RestartSec = "10";

        # "limits" defined below are adopted from upstream: https://github.com/containerd/containerd/blob/master/containerd.service
        LimitNPROC = "infinity";
        LimitCORE = "infinity";
        LimitNOFILE = "infinity";
        TasksMax = "infinity";
        OOMScoreAdjust = "-999";

        StateDirectory = "containerd";
        RuntimeDirectory = "containerd";
      };
      unitConfig = {
        StartLimitBurst = "16";
        StartLimitIntervalSec = "120s";
      };
    };
  };
}
nixos/kubernetes: docker -> containerd also, nixos/containerd: module init 2021-02-25 16:00:59 +01:00			`{ pkgs, lib, config, ... }:`
			`let`
			`cfg = config.virtualisation.containerd;`
			`containerdConfigChecked = pkgs.runCommand "containerd-config-checked.toml" { nativeBuildInputs = [pkgs.containerd]; } ''`
			`containerd -c ${cfg.configFile} config dump >/dev/null`
			`ln -s ${cfg.configFile} $out`
			`'';`
			`in`
			`{`

			`options.virtualisation.containerd = with lib.types; {`
			`enable = lib.mkEnableOption "containerd container runtime";`

			`configFile = lib.mkOption {`
			`default = null;`
			`description = "path to containerd config file";`
			`type = nullOr path;`
			`};`

			`args = lib.mkOption {`
			`default = {};`
			`description = "extra args to append to the containerd cmdline";`
			`type = attrsOf str;`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`virtualisation.containerd.args.config = lib.mkIf (cfg.configFile != null) (toString containerdConfigChecked);`

			`environment.systemPackages = [pkgs.containerd];`

			`systemd.services.containerd = {`
			`description = "containerd - container runtime";`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network.target" ];`
			`path = with pkgs; [`
			`containerd`
			`runc`
			`iptables`
			`];`
			`serviceConfig = {`
			`ExecStart = ''${pkgs.containerd}/bin/containerd ${lib.concatStringsSep " " (lib.cli.toGNUCommandLine {} cfg.args)}'';`
			`Delegate = "yes";`
			`KillMode = "process";`
			`Type = "notify";`
			`Restart = "always";`
nixos/containerd: StartLimit* options must be in the unit-section also, raise limits to ensure reasonable startup time, now that StartLimits are actually enforced 2021-05-10 12:08:56 +02:00			`RestartSec = "10";`
nixos/kubernetes: docker -> containerd also, nixos/containerd: module init 2021-02-25 16:00:59 +01:00
			`# "limits" defined below are adopted from upstream: https://github.com/containerd/containerd/blob/master/containerd.service`
			`LimitNPROC = "infinity";`
			`LimitCORE = "infinity";`
			`LimitNOFILE = "infinity";`
			`TasksMax = "infinity";`
			`OOMScoreAdjust = "-999";`
nixos/containerd: sanitize StateDirectory and RuntimeDirectory 2021-05-10 12:01:10 +02:00
			`StateDirectory = "containerd";`
			`RuntimeDirectory = "containerd";`
nixos/kubernetes: docker -> containerd also, nixos/containerd: module init 2021-02-25 16:00:59 +01:00			`};`
nixos/containerd: StartLimit* options must be in the unit-section also, raise limits to ensure reasonable startup time, now that StartLimits are actually enforced 2021-05-10 12:08:56 +02:00			`unitConfig = {`
			`StartLimitBurst = "16";`
			`StartLimitIntervalSec = "120s";`
			`};`
nixos/kubernetes: docker -> containerd also, nixos/containerd: module init 2021-02-25 16:00:59 +01:00			`};`
			`};`
			`}`