diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
index c7ad29646cf6..a82932ce6626 100644
--- a/nixos/doc/manual/release-notes/rl-2505.section.md
+++ b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -55,6 +55,10 @@
 
 - `gkraken` software and `hardware.gkraken.enable` option have been removed, use `coolercontrol` via `programs.coolercontrol.enable` option instead.
 
+- `containerd` has been updated to v2, which contains breaking changes. See the [containerd
+  2.0](https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md) documentation for more
+  details.
+
 - the notmuch vim plugin now lives in a separate output of the `notmuch`
   package. Installing `notmuch` will not bring the notmuch vim package anymore,
   add `vimPlugins.notmuch-vim` to your (Neo)vim configuration if you want the
diff --git a/nixos/modules/virtualisation/containerd.nix b/nixos/modules/virtualisation/containerd.nix
index 73fb9f3b55d2..edb22a855d54 100644
--- a/nixos/modules/virtualisation/containerd.nix
+++ b/nixos/modules/virtualisation/containerd.nix
@@ -67,7 +67,7 @@ in
     systemd.services.containerd = {
       description = "containerd - container runtime";
       wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
+      after = [ "network.target" "local-fs.target" "dbus.service" ];
       path = with pkgs; [
         containerd
         runc
diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix
index 36afd5bedcdf..75ef93f3d139 100644
--- a/pkgs/applications/virtualization/docker/default.nix
+++ b/pkgs/applications/virtualization/docker/default.nix
@@ -53,6 +53,9 @@ rec {
       pname = "docker-containerd";
       inherit version;
 
+      # We only need binaries
+      outputs = [ "out" ];
+
       src = fetchFromGitHub {
         owner = "containerd";
         repo = "containerd";
@@ -62,6 +65,9 @@ rec {
 
       buildInputs = oldAttrs.buildInputs
         ++ lib.optionals withSeccomp [ libseccomp ];
+
+      # See above
+      installTargets = "install";
     });
 
     docker-tini = tini.overrideAttrs {
diff --git a/pkgs/by-name/co/containerd/package.nix b/pkgs/by-name/co/containerd/package.nix
index ad2a338ba8fb..d11a60b9e064 100644
--- a/pkgs/by-name/co/containerd/package.nix
+++ b/pkgs/by-name/co/containerd/package.nix
@@ -1,56 +1,102 @@
-{ lib
-, fetchFromGitHub
-, buildGoModule
-, btrfs-progs
-, go-md2man
-, installShellFiles
-, util-linux
-, nixosTests
-, kubernetes
+{
+  lib,
+  stdenv,
+  pkgsCross,
+  btrfs-progs,
+  buildGoModule,
+  fetchFromGitHub,
+  go-md2man,
+  kubernetes,
+  nix-update-script,
+  nixosTests,
+  util-linux,
+  btrfsSupport ? btrfs-progs != null,
+  withMan ? stdenv.buildPlatform.canExecute stdenv.hostPlatform,
 }:
 
 buildGoModule rec {
   pname = "containerd";
-  version = "1.7.23";
+  version = "2.0.0";
+
+  outputs = [
+    "out"
+    "doc"
+  ] ++ lib.optional withMan "man";
 
   src = fetchFromGitHub {
     owner = "containerd";
     repo = "containerd";
-    rev = "v${version}";
-    hash = "sha256-vuOefU1cZr1pKCYHKyDBx/ohghgPlXhK3a38PQKH0pc=";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-DFAP+zjBYP2SpyD8KXGvI3i/PUZ6d4jdzGyFfr1lzj4=";
   };
 
+  postPatch = "patchShebangs .";
+
   vendorHash = null;
 
-  nativeBuildInputs = [ go-md2man installShellFiles util-linux ];
+  strictDeps = true;
 
-  buildInputs = [ btrfs-progs ];
+  nativeBuildInputs = [
+    util-linux
+  ] ++ lib.optional withMan go-md2man;
 
-  BUILDTAGS = lib.optionals (btrfs-progs == null) [ "no_btrfs" ];
+  buildInputs = lib.optional btrfsSupport btrfs-progs;
+
+  tags = lib.optional (!btrfsSupport) "no_btrfs";
+
+  makeFlags = [
+    "PREFIX=${placeholder "out"}"
+
+    "BUILDTAGS=${toString tags}"
+    "REVISION=${src.rev}"
+    "VERSION=v${version}"
+  ];
+
+  installTargets = [
+    "install"
+    "install-doc"
+  ] ++ lib.optional withMan "install-man";
 
   buildPhase = ''
     runHook preBuild
-    patchShebangs .
-    make binaries "VERSION=v${version}" "REVISION=${src.rev}"
+    make $makeFlags
     runHook postBuild
   '';
 
   installPhase = ''
     runHook preInstall
-    install -Dm555 bin/* -t $out/bin
-    installShellCompletion --bash contrib/autocomplete/ctr
-    installShellCompletion --zsh --name _ctr contrib/autocomplete/zsh_autocomplete
+    make $makeFlags $installTargets
     runHook postInstall
   '';
 
-  passthru.tests = { inherit (nixosTests) docker; } // kubernetes.tests;
+  passthru = {
+    tests = lib.optionalAttrs stdenv.hostPlatform.isLinux (
+      {
+        cross =
+          let
+            systemString = if stdenv.buildPlatform.isAarch64 then "gnu64" else "aarch64-multiplatform";
+          in
+          pkgsCross.${systemString}.containerd;
 
-  meta = with lib; {
-    changelog = "https://github.com/containerd/containerd/releases/tag/${src.rev}";
-    homepage = "https://containerd.io/";
+        inherit (nixosTests) docker;
+      }
+      // kubernetes.tests
+    );
+
+    updateScript = nix-update-script { };
+  };
+
+  meta = {
     description = "Daemon to control runC";
-    license = licenses.asl20;
-    maintainers = with maintainers; [ offline vdemeester ];
-    platforms = platforms.linux;
+    homepage = "https://containerd.io/";
+    changelog = "https://github.com/containerd/containerd/releases/tag/${version}";
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [
+      offline
+      vdemeester
+      getchoo
+    ];
+    mainProgram = "containerd";
+    platforms = lib.platforms.linux;
   };
 }