From f2e4cb7f20bc3919fec844741120d85aad2cab98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 1 Jun 2021 08:26:42 +0200
Subject: [PATCH] nixos/containerd: improve zfs support

---
 nixos/modules/virtualisation/containerd.nix | 45 +++++++++++++++++----
 1 file changed, 38 insertions(+), 7 deletions(-)

diff --git a/nixos/modules/virtualisation/containerd.nix b/nixos/modules/virtualisation/containerd.nix
index b554bc6ea24..c7ceb816a31 100644
--- a/nixos/modules/virtualisation/containerd.nix
+++ b/nixos/modules/virtualisation/containerd.nix
@@ -1,10 +1,20 @@
 { pkgs, lib, config, ... }:
 let
   cfg = config.virtualisation.containerd;
-  containerdConfigChecked = pkgs.runCommand "containerd-config-checked.toml" { nativeBuildInputs = [pkgs.containerd]; } ''
-    containerd -c ${cfg.configFile} config dump >/dev/null
-    ln -s ${cfg.configFile} $out
+
+  configFile = if cfg.configFile == null then
+    settingsFormat.generate "containerd.toml" cfg.settings
+  else
+    cfg.configFile;
+
+  containerdConfigChecked = pkgs.runCommand "containerd-config-checked.toml" {
+    nativeBuildInputs = [ pkgs.containerd ];
+  } ''
+    containerd -c ${configFile} config dump >/dev/null
+    ln -s ${configFile} $out
   '';
+
+  settingsFormat = pkgs.formats.toml {};
 in
 {
 
@@ -13,10 +23,21 @@ in
 
     configFile = lib.mkOption {
       default = null;
-      description = "path to containerd config file";
+      description = ''
+       Path to containerd config file.
+       Setting this option will override any configuration applied by the settings option.
+      '';
       type = nullOr path;
     };
 
+    settings = lib.mkOption {
+      type = settingsFormat.type;
+      default = {};
+      description = ''
+        Verbatim lines to add to containerd.toml
+      '';
+    };
+
     args = lib.mkOption {
       default = {};
       description = "extra args to append to the containerd cmdline";
@@ -25,9 +46,19 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    virtualisation.containerd.args.config = lib.mkIf (cfg.configFile != null) (toString containerdConfigChecked);
+    warnings = lib.optional (cfg.configFile != null) ''
+      `virtualisation.containerd.configFile` is deprecated. use `virtualisation.containerd.settings` instead.
+    '';
 
-    environment.systemPackages = [pkgs.containerd];
+    virtualisation.containerd = {
+      args.config = toString containerdConfigChecked;
+      settings = {
+        plugins.cri.containerd.snapshotter = lib.mkIf config.boot.zfs.enabled "zfs";
+        plugins.cri.cni.bin_dir = lib.mkDefault "${pkgs.cni-plugins}/bin";
+      };
+    };
+
+    environment.systemPackages = [ pkgs.containerd ];
 
     systemd.services.containerd = {
       description = "containerd - container runtime";
@@ -37,7 +68,7 @@ in
         containerd
         runc
         iptables
-      ];
+      ] ++ lib.optional config.boot.zfs.enabled config.boot.zfs.package;
       serviceConfig = {
         ExecStart = ''${pkgs.containerd}/bin/containerd ${lib.concatStringsSep " " (lib.cli.toGNUCommandLine {} cfg.args)}'';
         Delegate = "yes";