experiment with k3s + nix-snapshotter

2024-06-13 16:42:55 +02:00 · 2024-06-13 16:42:55 +02:00 · f986a8300d
commit f986a8300d
parent 1533077234
6 changed files with 593 additions and 4 deletions
--- a/nix/os/devices/steveej-x13s/configuration.nix
+++ b/nix/os/devices/steveej-x13s/configuration.nix
@ -9,6 +9,12 @@
  system,
  ...
 }: {
+  nixpkgs.overlays = [
+    (final: previous: {
+      # inherit (nodeFlake.inputs.nixpkgs-systemd256.legacyPackages.${system}) systemd systemdMinimal;
+    })
+  ];
+
  nixos-x13s = {
    enable = true;
    # TODO: use hardware address
@ -86,6 +92,8 @@
      sops.secrets.builder-private-key = {};
      nix.distributedBuilds = true;
      nix.buildMachines = [
+        # test these with: sudo nix store ping --store 'ssh-ng://nix-remote-builder@sj-bm-hostkey0.dev.infra.holochain.org?ssh-key=/run/secrets/builder-private-key'
+
        {
          hostName = "sj-bm-hostkey0.dev.infra.holochain.org";
          sshUser = "nix-remote-builder";
@ -147,6 +155,40 @@
    ../../snippets/radicale.nix

    ../../snippets/holo-zerotier.nix
+
+    {
+      # (1) Import nixos module.
+      imports = [
+        nodeFlake.inputs.nix-snapshotter.nixosModules.default
+      ];
+
+      # (2) Add overlay.
+      nixpkgs.overlays = [nodeFlake.inputs.nix-snapshotter.overlays.default];
+
+      # (3) Enable service.
+      virtualisation.containerd = {
+        enable = true;
+        k3sIntegration = false;
+        nixSnapshotterIntegration = true;
+
+        # TODO: understand if this has an influence on the systemd LoadCredential issue
+        settings.plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options.SystemdCgroup = lib.mkForce true;
+      };
+      services.nix-snapshotter = {
+        enable = true;
+      };
+
+      # (4) Add a containerd CLI like nerdctl.
+      environment.systemPackages = [
+        pkgs.nerdctl
+        nodeFlake.inputs.nix-snapshotter.packages.${system}.nix-snapshotter
+      ];
+
+      services.k3s = {
+        enable = false;
+        setKubeConfig = true;
+      };
+    }
  ];

  networking.hostName = nodeName;
@ -228,11 +270,11 @@

  # android on linux
  virtualisation.waydroid.enable = false;
-  virtualisation.podman.enable = true;
-  virtualisation.podman.dockerCompat = true;
-
  hardware.ledger.enable = true;

+  virtualisation.containers.enable = true;
+  virtualisation.podman.enable = true;
+
  nix.settings.substituters = [
    "https://nixos-x13s.cachix.org"
  ];