nixos/containerd: sanitize StateDirectory and RuntimeDirectory

3 files changed, 7 insertions, 4 deletions

diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix
index 19edc338bba1b..0dc3649237b7f 100644
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@@ -7,12 +7,12 @@ let
 
   defaultContainerdConfigFile = pkgs.writeText "containerd.toml" ''
     version = 2
-    root = "/var/lib/containerd/daemon"
-    state = "/var/run/containerd/daemon"
+    root = "/var/lib/containerd"
+    state = "/run/containerd"
     oom_score = 0
 
     [grpc]
-      address = "/var/run/containerd/containerd.sock"
+      address = "/run/containerd/containerd.sock"
 
     [plugins."io.containerd.grpc.v1.cri"]
       sandbox_image = "pause:latest"
diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix
index a428a60800cd6..fcfcc84354772 100644
--- a/nixos/modules/services/cluster/kubernetes/kubelet.nix
+++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix
@@ -134,7 +134,7 @@ in
     containerRuntimeEndpoint = mkOption {
       description = "Endpoint at which to find the container runtime api interface/socket";
       type = str;
-      default = "unix:///var/run/containerd/containerd.sock";
+      default = "unix:///run/containerd/containerd.sock";
     };
 
     enable = mkEnableOption "Kubernetes kubelet.";
diff --git a/nixos/modules/virtualisation/containerd.nix b/nixos/modules/virtualisation/containerd.nix
index 194276d169588..6d6ba454bd841 100644
--- a/nixos/modules/virtualisation/containerd.nix
+++ b/nixos/modules/virtualisation/containerd.nix
@@ -54,6 +54,9 @@ in
         LimitNOFILE = "infinity";
         TasksMax = "infinity";
         OOMScoreAdjust = "-999";
+
+        StateDirectory = "containerd";
+        RuntimeDirectory = "containerd";
       };
     };
   };