nixos/cri-o: copy upstream config

author: zowoq <59103226+zowoq@users.noreply.github.com> 2020-05-03 17:09:33 +1000
committer: zowoq <59103226+zowoq@users.noreply.github.com> 2020-05-03 17:17:05 +1000
commit: a44b3b6afc32849533052528c976c8e23ea7ed92 (patch)
tree: 67a739f74d5c794984d73df51257ec8a5fba6d7d /nixos/modules/virtualisation
parent: 5ce11e68530af4b572a5befe1349a1488c073231 (diff)
download: nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar
nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.gz
nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.bz2
nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.lz
nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.xz
nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.zst
nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.zip
1 files changed, 9 insertions, 20 deletions
diff --git a/nixos/modules/virtualisation/cri-o.nix b/nixos/modules/virtualisation/cri-o.nix
index 89ba9c3c6636..2af4214302d6 100644
--- a/nixos/modules/virtualisation/cri-o.nix
+++ b/nixos/modules/virtualisation/cri-o.nix
@@ -4,6 +4,11 @@ with lib;
 
 let
   cfg = config.virtualisation.cri-o;
+
+  # Copy configuration files to avoid having the entire sources in the system closure
+  copyFile = filePath: pkgs.runCommandNoCC (builtins.unsafeDiscardStringContext (builtins.baseNameOf filePath)) {} ''
+    cp ${filePath} $out
+  '';
 in
 {
   imports = [
@@ -45,9 +50,9 @@ in
   config = mkIf cfg.enable {
     environment.systemPackages = with pkgs;
       [ cri-o cri-tools conmon iptables runc utillinux ];
-    environment.etc."crictl.yaml".text = ''
-      runtime-endpoint: unix:///var/run/crio/crio.sock
-    '';
+
+    environment.etc."crictl.yaml".source = copyFile "${pkgs.cri-o.src}/crictl.yaml";
+
     environment.etc."crio/crio.conf".text = ''
       [crio]
       storage_driver = "${cfg.storageDriver}"
@@ -66,23 +71,7 @@ in
       manage_network_ns_lifecycle = true
     '';
 
-    environment.etc."cni/net.d/20-cri-o-bridge.conf".text = ''
-      {
-        "cniVersion": "0.3.1",
-        "name": "crio-bridge",
-        "type": "bridge",
-        "bridge": "cni0",
-        "isGateway": true,
-        "ipMasq": true,
-        "ipam": {
-          "type": "host-local",
-          "subnet": "10.88.0.0/16",
-          "routes": [
-              { "dst": "0.0.0.0/0" }
-          ]
-        }
-      }
-    '';
+    environment.etc."cni/net.d/10-crio-bridge.conf".source = copyFile "${pkgs.cri-o.src}/contrib/cni/10-crio-bridge.conf";
 
     # Enable common /etc/containers configuration
     virtualisation.containers.enable = true;
author	zowoq <59103226+zowoq@users.noreply.github.com>	2020-05-03 17:09:33 +1000
committer	zowoq <59103226+zowoq@users.noreply.github.com>	2020-05-03 17:17:05 +1000
commit	a44b3b6afc32849533052528c976c8e23ea7ed92 (patch)
tree	67a739f74d5c794984d73df51257ec8a5fba6d7d /nixos/modules/virtualisation
parent	5ce11e68530af4b572a5befe1349a1488c073231 (diff)
download	nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.gz nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.bz2 nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.lz nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.xz nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.tar.zst nixlib-a44b3b6afc32849533052528c976c8e23ea7ed92.zip