cidata: support system-wide buildkit and stargz-snapshotter

Signed-off-by: Akihiro Suda <[email protected]>

Author: AkihiroSuda

pkg/cidata/user-data.TEMPLATE

@@ -109,18 +109,25 @@ write_files:
         curl -fsSL https://github.com/containerd/nerdctl/releases/download/v${version}/nerdctl-full-${version}-linux-${goarch}.tar.gz | tar Cxz /usr/local
       fi
       {{- if .Containerd.System}}
-      systemctl enable containerd
-      systemctl start containerd
+      cat >"/etc/containerd/config.toml" <<EOF
+        version = 2
+        [proxy_plugins]
+          [proxy_plugins."stargz"]
+            type = "snapshot"
+            address = "/run/containerd-stargz-grpc/containerd-stargz-grpc.sock"
+      EOF
+      systemctl enable --now containerd buildkit stargz-snapshotter
       {{- end}}
       {{- if .Containerd.User}}
       modprobe tap || true
       if [ ! -e "/home/{{.User}}.linux/.config/containerd/config.toml" ]; then
         mkdir -p "/home/{{.User}}.linux/.config/containerd"
         cat >"/home/{{.User}}.linux/.config/containerd/config.toml" <<EOF
+        version = 2
         [proxy_plugins]
           [proxy_plugins."stargz"]
-                type = "snapshot"
-        address = "/run/user/{{.UID}}/containerd-stargz-grpc/containerd-stargz-grpc.sock"
+            type = "snapshot"
+            address = "/run/user/{{.UID}}/containerd-stargz-grpc/containerd-stargz-grpc.sock"
       EOF
         chown -R "{{.User}}" "/home/{{.User}}.linux/.config"
       fi

pkg/limayaml/default.TEMPLATE.yaml

@@ -59,10 +59,10 @@ video:
   display: "none"
 
 containerd:
-  # Enable system-wide containerd (systemctl enable containerd)
+  # Enable system-wide (aka rootful)  containerd and its dependencies (BuildKit, Stargz Snapshotter)
   # Default: false
   system: false
-  # Enable user-scoped containerd (systemctl --user enable containerd)
+  # Enable user-scoped (aka rootless) containerd and its dependencies
   # Default: true
   user: true