Add nix-snapshotter support to the embedded containerd

[nuketownada]

Proposed Changes

Add the nix-snapshotter plugin to k3s's embedded containerd, enabling rootless k3s with nix-snapshotter. This follows the same integration pattern as the existing stargz snapshotter.

Changes:

• Register nix-snapshotter plugin via blank import in builtins_linux.go
• Add NixSupported() validation functions for linux and windows
• Add "nix" case to snapshotter switch with image service socket config
• Add nix snapshotter containerd config blocks in both v2 and v3 templates
• Set disable_snapshot_annotations = false for nix (required for layer annotations)

Usage: k3s server --snapshotter=nix

Context

This revives #9319 (closed as stale), updated for k3s 1.34 and containerd v2.

Key differences from the original PR:

• Targets nix-snapshotter v0.4.0 (includes gRPC forward-compatibility fix)
• Updated for containerd v2 API (new plugin registration, config template structure)
• Config moved from config.go → config_linux.go (matching current k3s structure)
• Templates updated for both v2 and v3 config formats in templates.go

nix-snapshotter is a containerd snapshotter that understands nix store paths natively, enabling fully declarative container images built with Nix. See the architecture docs for details on the image service.

Types of Changes

• Adds nix-snapshotter as a Go dependency (1 line in go.mod)
• Adds nix as a valid snapshotter option for the agent
• When using nix snapshotter, configures it as an image service

Testing

• nix build .#k3s produces working k3s binary with nix-snapshotter linked in
• Integration test to be added

Add nix-snapshotter plugin to the embedded containerd to enable rootless k3s + nix-snapshotter

🤖 Generated with Claude Code