57 lines
1.2 KiB
Nix
57 lines
1.2 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.k3s;
|
|
in
|
|
{
|
|
options.k3s.enable = lib.mkEnableOption "k3s rootless";
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
environment.systemPackages = with pkgs; [
|
|
k3s
|
|
rootlesskit
|
|
slirp4netns
|
|
];
|
|
|
|
systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids";
|
|
|
|
systemd.user.services."k3s-rootless" = {
|
|
path = with pkgs; [
|
|
"${rootlesskit}"
|
|
"${slirp4netns}"
|
|
"${fuse-overlayfs}"
|
|
"${fuse3}"
|
|
"/run/wrappers"
|
|
];
|
|
enable = true;
|
|
description = "k3s (Rootless)";
|
|
serviceConfig = {
|
|
ExecStart = "${pkgs.k3s}/bin/k3s server --rootless --snapshotter=fuse-overlayfs";
|
|
ExecReload = "/run/current-system/sw/bin/kill -s HUP $MAINPID";
|
|
TimeoutSec = 0;
|
|
RestartSec = 2;
|
|
Restart = "always";
|
|
StartLimitBurst = 3;
|
|
StartLimitInterval = "60s";
|
|
LimitNOFILE = "infinity";
|
|
LimitNPROC = "infinity";
|
|
LimitCORE = "infinity";
|
|
TasksMax = "infinity";
|
|
Delegate = "yes";
|
|
Type = "simple";
|
|
KillMode = "mixed";
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.ip_forward" = 1;
|
|
};
|
|
};
|
|
}
|