ncps: Add support for the --cache-temp-path flag

2026-01-11 10:22:54 +08:00 · 2025-08-30 10:50:44 -07:00
parent a0817f37f2
commit 414c23facc
1 changed files with 19 additions and 1 deletions
--- a/nixos/modules/services/networking/ncps.nix
+++ b/nixos/modules/services/networking/ncps.nix
@@ -37,6 +37,7 @@ let
      "--cache-hostname='${cfg.cache.hostName}'"
      "--cache-data-path='${cfg.cache.dataPath}'"
      "--cache-database-url='${cfg.cache.databaseURL}'"
+      "--cache-temp-path='${cfg.cache.tempPath}'"
      "--server-addr='${cfg.server.addr}'"
    ]
    ++ (lib.optional cfg.cache.allowDeleteVerb "--cache-allow-delete-verb")
@@ -170,6 +171,14 @@ in
            empty to automatically generate a private/public key.
          '';
        };
+
+        tempPath = lib.mkOption {
+          type = lib.types.str;
+          default = "/tmp";
+          description = ''
+            The path to the temporary directory that is used by the cache to download NAR files
+          '';
+        };
      };

      server = {
@@ -219,7 +228,7 @@ in
    };
    users.groups.ncps = { };

-    systemd.services.ncps-create-datadirs = {
+    systemd.services.ncps-create-directories = {
      description = "Created required directories by ncps";
      serviceConfig = {
        Type = "oneshot";
@@ -237,6 +246,12 @@ in
            mkdir -p ${dbDir}
            chown ncps:ncps ${dbDir}
          fi
+        '')
+        + (lib.optionalString (cfg.cache.tempPath != "/tmp") ''
+          if ! test -d ${cfg.cache.tempPath}; then
+            mkdir -p ${cfg.cache.tempPath}
+            chown ncps:ncps ${cfg.cache.tempPath}
+          fi
        '');
      wantedBy = [ "ncps.service" ];
      before = [ "ncps.service" ];
@@ -278,6 +293,9 @@ in
        (lib.mkIf (isSqlite && !lib.strings.hasPrefix "/var/lib/ncps" dbDir) {
          ReadWritePaths = [ dbDir ];
        })
+        (lib.mkIf (cfg.cache.tempPath != "/tmp") {
+          ReadWritePaths = [ cfg.cache.tempPath ];
+        })

        # Hardening
        {