From c6ea1433d346fc6cad458c12628e440c9b837739 Mon Sep 17 00:00:00 2001 From: Hektor Misplon Date: Fri, 22 May 2026 20:19:49 +0200 Subject: [PATCH] feat(k3s): add enable option --- modules/k3s/default.nix | 119 ++++++++++++++++------------------------ 1 file changed, 48 insertions(+), 71 deletions(-) diff --git a/modules/k3s/default.nix b/modules/k3s/default.nix index 9d73fa17..245c593f 100644 --- a/modules/k3s/default.nix +++ b/modules/k3s/default.nix @@ -1,79 +1,56 @@ -{ pkgs, ... }: - { - # TODO: see if this works with podman - # TODO: check if docker/podman is enabled + lib, + config, + pkgs, + ... +}: - # Rootless K3S +let + cfg = config.k3s; +in +{ + options.k3s.enable = lib.mkEnableOption "k3s rootless"; - # FIXME - environment.systemPackages = with pkgs; [ - k3s - rootlesskit - slirp4netns - ]; - - # running K3S on rootless docker was causing the following error: "failed to find cpuset cgroup (v2)" (in `docker logs k3d-lab-server-0` output) - # - # see - # see - # see - systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids"; - - # taken from as described in - systemd.user.services."k3s-rootless" = with pkgs; { - path = with pkgs; [ - "${rootlesskit}" - "${slirp4netns}" - "${fuse-overlayfs}" - "${fuse3}" - "/run/wrappers" + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + k3s + rootlesskit + slirp4netns ]; - # systemd unit file for k3s (rootless) - # - # Usage: - # - [Optional] Enable cgroup v2 delegation, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ . - # This step is optional, but highly recommended for enabling CPU and memory resource limtitation. - # - # - Copy this file as `~/.config/systemd/user/k3s-rootless.service`. - # Installing this file as a system-wide service (`/etc/systemd/...`) is not supported. - # Depending on the path of `k3s` binary, you might need to modify the `ExecStart=/usr/local/bin/k3s ...` line of this file. - # - # - Run `systemctl --user daemon-reload` - # - # - Run `systemctl --user enable --now k3s-rootless` - # - # - Run `KUBECONFIG=~/.kube/k3s.yaml kubectl get pods -A`, and make sure the pods are running. - # - # Troubleshooting: - # - See `systemctl --user status k3s-rootless` to check the daemon status - # - See `journalctl --user -f -u k3s-rootless` to see the daemon log - # - See also https://rootlesscontaine.rs/ - enable = true; - description = "k3s (Rootless)"; - serviceConfig = { - # NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation. - # If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope. - ExecStart = "${k3s}/bin/k3s server --rootless --snapshotter=fuse-overlayfs"; - ExecReload = "/run/current-system/sw/bin/kill -s HUP $MAINPID"; - TimeoutSec = 0; - RestartSec = 2; - Restart = "always"; - StartLimitBurst = 3; - StartLimitInterval = "60s"; - LimitNOFILE = "infinity"; - LimitNPROC = "infinity"; - LimitCORE = "infinity"; - TasksMax = "infinity"; - Delegate = "yes"; - Type = "simple"; - KillMode = "mixed"; + + systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids"; + + systemd.user.services."k3s-rootless" = { + path = with pkgs; [ + "${rootlesskit}" + "${slirp4netns}" + "${fuse-overlayfs}" + "${fuse3}" + "/run/wrappers" + ]; + enable = true; + description = "k3s (Rootless)"; + serviceConfig = { + ExecStart = "${pkgs.k3s}/bin/k3s server --rootless --snapshotter=fuse-overlayfs"; + ExecReload = "/run/current-system/sw/bin/kill -s HUP $MAINPID"; + TimeoutSec = 0; + RestartSec = 2; + Restart = "always"; + StartLimitBurst = 3; + StartLimitInterval = "60s"; + LimitNOFILE = "infinity"; + LimitNPROC = "infinity"; + LimitCORE = "infinity"; + TasksMax = "infinity"; + Delegate = "yes"; + Type = "simple"; + KillMode = "mixed"; + }; + wantedBy = [ "default.target" ]; }; - wantedBy = [ "default.target" ]; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + }; }; }