cleanup modules

author: Max Audron <audron@cocaine.farm> 2023-08-11 16:51:35 +0200
committer: Max Audron <audron@cocaine.farm> 2023-08-11 16:51:35 +0200
commit: 40790797e111cec5ff682806998d50c38ed7bca9 (patch)
tree: 6db95b93f0797a62637845ea4bda5a3eedbc9306 /modules/kubernetes/cri-o.nix
parent: move nixinate to own flake (diff)
1 files changed, 38 insertions, 0 deletions
diff --git a/modules/kubernetes/cri-o.nix b/modules/kubernetes/cri-o.nix
new file mode 100644
index 0000000..cc32b26
--- /dev/null
+++ b/modules/kubernetes/cri-o.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+
+{
+  virtualisation.cri-o = {
+    enable = true;
+    settings = {
+      crio = {
+        network.plugin_dir = "/opt/cni/bin";
+        default_runtime = "crun";
+        runtime = {
+          allowed_devices = [ "/dev/fuse" ];
+          default_sysctls = [
+            "net.ipv4.ping_group_range=0 2147483647"
+          ];
+          workloads = {
+            gitlab = {
+              activation_annotation = "io.kubernetes.cri-o.workload/gitlab";
+              allowed_annotations = [
+                "io.kubernetes.cri-o.userns-mode"
+                "io.kubernetes.cri-o.Devices"
+                "io.kubernetes.cri-o.ShmSize"
+              ];
+            };
+          };
+          runtimes.crun = {
+            runtime_type = "oci";
+            runtime_root = "/run/crun";
+            allowed_annotations = [
+              "io.kubernetes.cri-o.userns-mode"
+              "io.kubernetes.cri-o.Devices"
+              "io.kubernetes.cri-o.ShmSize"
+            ];
+          };
+        };
+      };
+    };
+  };
+}
author	Max Audron <audron@cocaine.farm>	2023-08-11 16:51:35 +0200
committer	Max Audron <audron@cocaine.farm>	2023-08-11 16:51:35 +0200
commit	40790797e111cec5ff682806998d50c38ed7bca9 (patch)
tree	6db95b93f0797a62637845ea4bda5a3eedbc9306 /modules/kubernetes/cri-o.nix
parent	move nixinate to own flake (diff)