about summary refs log tree commit diff
path: root/nixos/modules/virtualisation/cri-o.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/virtualisation/cri-o.nix')
-rw-r--r--nixos/modules/virtualisation/cri-o.nix41
1 files changed, 31 insertions, 10 deletions
diff --git a/nixos/modules/virtualisation/cri-o.nix b/nixos/modules/virtualisation/cri-o.nix
index 61c1e5be277b..e73c5893fb5c 100644
--- a/nixos/modules/virtualisation/cri-o.nix
+++ b/nixos/modules/virtualisation/cri-o.nix
@@ -5,6 +5,8 @@ with lib;
 let
   cfg = config.virtualisation.cri-o;
 
+  crioPackage = (pkgs.cri-o.override { inherit (cfg) extraPackages; });
+
   # Copy configuration files to avoid having the entire sources in the system closure
   copyFile = filePath: pkgs.runCommandNoCC (builtins.unsafeDiscardStringContext (builtins.baseNameOf filePath)) {} ''
     cp ${filePath} $out
@@ -23,13 +25,13 @@ in
     enable = mkEnableOption "Container Runtime Interface for OCI (CRI-O)";
 
     storageDriver = mkOption {
-      type = types.enum ["btrfs" "overlay" "vfs"];
+      type = types.enum [ "btrfs" "overlay" "vfs" ];
       default = "overlay";
       description = "Storage driver to be used";
     };
 
     logLevel = mkOption {
-      type = types.enum ["trace" "debug" "info" "warn" "error" "fatal"];
+      type = types.enum [ "trace" "debug" "info" "warn" "error" "fatal" ];
       default = "info";
       description = "Log level to be used";
     };
@@ -45,13 +47,34 @@ in
       default = "/pause";
       description = "Pause command to be executed";
     };
+
+    extraPackages = mkOption {
+      type = with types; listOf package;
+      default = [ ];
+      example = lib.literalExample ''
+        [
+          pkgs.gvisor
+        ]
+      '';
+      description = ''
+        Extra packages to be installed in the CRI-O wrapper.
+      '';
+    };
+
+    package = lib.mkOption {
+      type = types.package;
+      default = crioPackage;
+      internal = true;
+      description = ''
+        The final CRI-O package (including extra packages).
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs;
-      [ cri-o cri-tools conmon iptables runc utillinux ];
+    environment.systemPackages = [ cfg.package pkgs.cri-tools ];
 
-    environment.etc."crictl.yaml".source = copyFile "${pkgs.cri-o.src}/crictl.yaml";
+    environment.etc."crictl.yaml".source = copyFile "${pkgs.cri-o-unwrapped.src}/crictl.yaml";
 
     environment.etc."crio/crio.conf".text = ''
       [crio]
@@ -63,16 +86,14 @@ in
 
       [crio.network]
       plugin_dirs = ["${pkgs.cni-plugins}/bin/"]
-      network_dir = "/etc/cni/net.d/"
 
       [crio.runtime]
-      conmon = "${pkgs.conmon}/bin/conmon"
       cgroup_manager = "systemd"
       log_level = "${cfg.logLevel}"
       manage_ns_lifecycle = true
     '';
 
-    environment.etc."cni/net.d/10-crio-bridge.conf".source = copyFile "${pkgs.cri-o.src}/contrib/cni/10-crio-bridge.conf";
+    environment.etc."cni/net.d/10-crio-bridge.conf".source = copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/10-crio-bridge.conf";
 
     # Enable common /etc/containers configuration
     virtualisation.containers.enable = true;
@@ -82,10 +103,10 @@ in
       documentation = [ "https://github.com/cri-o/cri-o" ];
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];
-      path = [ pkgs.utillinux pkgs.runc pkgs.iptables ];
+      path = [ cfg.package ];
       serviceConfig = {
         Type = "notify";
-        ExecStart = "${pkgs.cri-o}/bin/crio";
+        ExecStart = "${cfg.package}/bin/crio";
         ExecReload = "/bin/kill -s HUP $MAINPID";
         TasksMax = "infinity";
         LimitNOFILE = "1048576";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-08 01:57:46 +0000