apiVersion: crd.chenshaowen.com/v1
kind: Task
metadata:
  name: install-nerdctl
  namespace: ops-system
spec:
  typeRef: cluster
  desc: install nerdctl tool in specified host
  variables:
    proxy: 
      default: https://mirror.ghproxy.com/
    version: 
      default: 1.7.6
    arch: 
      default: amd64
    nydus_version: 
      default: 2.2.4
    nydus_rpcversion: 
      default: 0.13.4
    nydus_os: 
      default: linux
  steps:
    - name: Check nerdctl
      content: |
        if [ -x "$(command -v nerdctl)" ]; then
          echo "nerdctl is already installed"
          exit 1
        fi
    - name: Install NVIDIA Docker
      content: |
        sudo apt-get update
        sudo apt-get install -y curl gnupg lsb-release
        if ! grep -q "^deb .\+nvidia-container-toolkit" /etc/apt/sources.list /etc/apt/sources.list.d/*; then
            curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg \
            && curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
            sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \
            sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
        else
            echo "NVIDIA Docker 源已经配置，跳过此步骤。"
        fi
        sudo apt-get update
        sudo apt-get install -y nvidia-container-toolkit
    - name: Download nerdctl
      content: wget ${proxy}https://github.com/containerd/nerdctl/releases/download/v${version}/nerdctl-full-${version}-linux-${arch}.tar.gz
    - name: Extract
      content: sudo tar -xvf nerdctl-full-${version}-linux-${arch}.tar.gz -C /usr/local
    - name: Move and Setup nerdctl as docker
      content: |
        cat << 'EOF' | sudo tee /usr/local/bin/docker
        #!/bin/bash
        /usr/local/bin/nerdctl $@
        EOF
        sudo chmod +x /usr/local/bin/docker
    - name: Setup Bash Completion
      content: |
        sudo apt install bash-completion -y
        sudo nerdctl completion bash | sudo tee /etc/bash_completion.d/nerdctl > /dev/null
        sudo nerdctl completion bash | sudo tee /etc/bash_completion.d/docker > /dev/null
        sudo chown root:containerd /etc/bash_completion.d/nerdctl
        sudo chmod 755 /etc/bash_completion.d/nerdctl
        sudo chown root:containerd /etc/bash_completion.d/docker
        sudo chmod 755 /etc/bash_completion.d/docker
        echo ". /etc/bash_completion.d/nerdctl" >> ~/.bashrc
        echo ". /etc/bash_completion.d/docker" >> ~/.bashrc
    - name: Setup Nerdctl Rootless
      content: |
        /usr/local/bin/containerd-rootless-setuptool.sh install
        /usr/local/bin/containerd-rootless-setuptool.sh install-buildkit
      privileged: false
    - name: Install Nydus
      content: |
        wget ${proxy}https://github.com/dragonflyoss/nydus/releases/download/v${nydus_version}/nydus-static-v${nydus_version}-${nydus_os}-${arch}.tgz
        tar -xzf nydus-static-v${nydus_version}-${nydus_os}-${arch}.tgz
        rm -rf nydus-static/configs
        mv -f nydus-static/* /usr/local/bin/
        rm -rf nydus-static-v${nydus_version}-${nydus_os}-${arch}.tgz nydus-static
        wget ${proxy}https://github.com/containerd/nydus-snapshotter/releases/download/v${nydus_rpcversion}/nydus-snapshotter-v${nydus_rpcversion}-x86_64.tgz
        tar -xzf nydus-snapshotter-v${nydus_rpcversion}-x86_64.tgz
        mv -f nydus-snapshotter/* /usr/local/bin/
        rm -rf nydus-snapshotter-v${nydus_rpcversion}-x86_64.tgz nydus-snapshotter
    - name: Configure containerd
      content: |
        sudo mkdir -p /etc/containerd
        containerd config default | sudo tee /etc/containerd/config.toml
        sudo sed -i '/\[plugins."io.containerd.grpc.v1.cri".registry.configs\]/a \\t[plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".tls]\n\t\tinsecure_skip_verify = true' /etc/containerd/config.toml
        sudo sed -i '/\[plugins\]/a \\t[plugins."io.containerd.grpc.v1.cri".containerd]\n\t\tdefault_runtime_name = "runc"\n\t\tignore_rdt_not_enabled_errors = false\n\t\tno_pivot = false\n\t\tdiscard_unpacked_layers = false\n\t\tdisable_snapshot_annotations = false\n\t\tsnapshotter = "nydus"' /etc/containerd/config.toml
        sudo sed -i '/\[proxy_plugins\]/a \\t[proxy_plugins.nydus]\n\t\ttype = "snapshot"\n\t\taddress = "/run/containerd-nydus/containerd-nydus-grpc.sock"' /etc/containerd/config.toml
        sudo containerd config dump | sudo tee /etc/containerd/config.toml
        sudo nvidia-ctk runtime configure --runtime=containerd
        sudo systemctl restart containerd
    - name: make etc dir
      content: sudo mkdir -p /etc/nerdctl
    - name: config
      content: echo 'namespace = "k8s.io"' > /etc/nerdctl/nerdctl.toml
    - name: Version
      content: nerdctl --version