feat: experimental k3s + nix-snapshotter snippet

2024-06-13 16:42:55 +02:00 · 2024-06-13 16:42:55 +02:00 · 53481414df
commit 53481414df
parent 7f8bf5c525
7 changed files with 602 additions and 4 deletions
--- a/nix/os/snippets/k3s-w-nix-snapshotter.nix
+++ b/nix/os/snippets/k3s-w-nix-snapshotter.nix
@ -0,0 +1,41 @@
+# experiment with k3s, nix-snapshotter, and nixos images
+{
+  nodeFlake,
+  nodeFlakeInputs',
+  pkgs,
+  lib,
+  system,
+  ...
+}: {
+  # (1) Import nixos module.
+  imports = [
+    nodeFlake.inputs.nix-snapshotter.nixosModules.default
+  ];
+
+  # (2) Add overlay.
+  nixpkgs.overlays = [nodeFlake.inputs.nix-snapshotter.overlays.default];
+
+  # (3) Enable service.
+  virtualisation.containerd = {
+    enable = true;
+    k3sIntegration = false;
+    nixSnapshotterIntegration = true;
+
+    # TODO: understand if this has an influence on the systemd LoadCredential issue
+    settings.plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options.SystemdCgroup = lib.mkForce true;
+  };
+  services.nix-snapshotter = {
+    enable = true;
+  };
+
+  # (4) Add a containerd CLI like nerdctl.
+  environment.systemPackages = [
+    pkgs.nerdctl
+    nodeFlake.inputs.nix-snapshotter.packages.${system}.default
+  ];
+
+  services.k3s = {
+    enable = false;
+    setKubeConfig = true;
+  };
+}