hektor/nix
1
0
Fork 0
Code Pull Requests Activity

feat(k3s): add enable option

Browse Source
This commit is contained in:
Hektor Misplon
2026-05-22 20:19:49 +02:00
parent a3fd052204
commit c6ea1433d3
1 changed files with 48 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
modules/k3s/default.nix
View File

@@ -1,27 +1,26 @@
{ pkgs, ... }:
{ {
# TODO: see if this works with podman lib,
# TODO: check if docker/podman is enabled config,
pkgs,
...
}:
# Rootless K3S let
cfg = config.k3s;
in
{
options.k3s.enable = lib.mkEnableOption "k3s rootless";
# FIXME config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
k3s k3s
rootlesskit rootlesskit
slirp4netns slirp4netns
]; ];
# running K3S on rootless docker was causing the following error: "failed to find cpuset cgroup (v2)" (in `docker logs k3d-lab-server-0` output)
#
# see <https://docs.k3s.io/advanced#known-issues-with-rootless-mode>
# see <https://rootlesscontaine.rs/getting-started/common/cgroup2/>
# see <https://discourse.nixos.org/t/declarative-rootless-k3s/49839>
systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids"; systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids";
# taken from <https://github.com/k3s-io/k3s/blob/main/k3s-rootless.service> as described in <https://docs.k3s.io/advanced#known-issues-with-rootless-mode#Rootless> systemd.user.services."k3s-rootless" = {
systemd.user.services."k3s-rootless" = with pkgs; {
path = with pkgs; [ path = with pkgs; [
"${rootlesskit}" "${rootlesskit}"
"${slirp4netns}" "${slirp4netns}"
@@ -29,32 +28,10 @@
"${fuse3}" "${fuse3}"
"/run/wrappers" "/run/wrappers"
]; ];
# systemd unit file for k3s (rootless)
#
# Usage:
# - [Optional] Enable cgroup v2 delegation, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .
# This step is optional, but highly recommended for enabling CPU and memory resource limtitation.
#
# - Copy this file as `~/.config/systemd/user/k3s-rootless.service`.
# Installing this file as a system-wide service (`/etc/systemd/...`) is not supported.
# Depending on the path of `k3s` binary, you might need to modify the `ExecStart=/usr/local/bin/k3s ...` line of this file.
#
# - Run `systemctl --user daemon-reload`
#
# - Run `systemctl --user enable --now k3s-rootless`
#
# - Run `KUBECONFIG=~/.kube/k3s.yaml kubectl get pods -A`, and make sure the pods are running.
#
# Troubleshooting:
# - See `systemctl --user status k3s-rootless` to check the daemon status
# - See `journalctl --user -f -u k3s-rootless` to see the daemon log
# - See also https://rootlesscontaine.rs/
enable = true; enable = true;
description = "k3s (Rootless)"; description = "k3s (Rootless)";
serviceConfig = { serviceConfig = {
# NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation. ExecStart = "${pkgs.k3s}/bin/k3s server --rootless --snapshotter=fuse-overlayfs";
# If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope.
ExecStart = "${k3s}/bin/k3s server --rootless --snapshotter=fuse-overlayfs";
ExecReload = "/run/current-system/sw/bin/kill -s HUP $MAINPID"; ExecReload = "/run/current-system/sw/bin/kill -s HUP $MAINPID";
TimeoutSec = 0; TimeoutSec = 0;
RestartSec = 2; RestartSec = 2;
@@ -69,11 +46,11 @@
Type = "simple"; Type = "simple";
KillMode = "mixed"; KillMode = "mixed";
}; };
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
}; };
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
}; };
};
} }