{ config, lib, pkgs, ... }:

{
  virtualisation.cri-o = {
    enable = true;
    storageDriver = "overlay";
    extraPackages = with pkgs; [ fuse3 fuse-overlayfs ];
    settings = {
      crio = {
        network.plugin_dir = "/opt/cni/bin";
        default_runtime = "crun";
        runtime = {
          allowed_devices = [ "/dev/fuse" ];
          default_sysctls = [
            "net.ipv4.ping_group_range=0 2147483647"
          ];
          workloads = {
            gitlab = {
              activation_annotation = "io.kubernetes.cri-o.workload/gitlab";
              allowed_annotations = [
                "io.kubernetes.cri-o.userns-mode"
                "io.kubernetes.cri-o.Devices"
                "io.kubernetes.cri-o.ShmSize"
              ];
            };
          };
          runtimes.crun = {
            runtime_type = "oci";
            runtime_root = "/run/crun";
            allowed_annotations = [
              "io.kubernetes.cri-o.userns-mode"
              "io.kubernetes.cri-o.Devices"
              "io.kubernetes.cri-o.ShmSize"
            ];
          };
        };
      };
    };
  };
}