From 414c23faccf416ff4995ca999de620597ab8c1c5 Mon Sep 17 00:00:00 2001 From: Wael Nasreddine Date: Sat, 30 Aug 2025 10:50:44 -0700 Subject: [PATCH] ncps: Add support for the --cache-temp-path flag --- nixos/modules/services/networking/ncps.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/ncps.nix b/nixos/modules/services/networking/ncps.nix index 77d1a77c4889..a9f16e022307 100644 --- a/nixos/modules/services/networking/ncps.nix +++ b/nixos/modules/services/networking/ncps.nix @@ -37,6 +37,7 @@ let "--cache-hostname='${cfg.cache.hostName}'" "--cache-data-path='${cfg.cache.dataPath}'" "--cache-database-url='${cfg.cache.databaseURL}'" + "--cache-temp-path='${cfg.cache.tempPath}'" "--server-addr='${cfg.server.addr}'" ] ++ (lib.optional cfg.cache.allowDeleteVerb "--cache-allow-delete-verb") @@ -170,6 +171,14 @@ in empty to automatically generate a private/public key. ''; }; + + tempPath = lib.mkOption { + type = lib.types.str; + default = "/tmp"; + description = '' + The path to the temporary directory that is used by the cache to download NAR files + ''; + }; }; server = { @@ -219,7 +228,7 @@ in }; users.groups.ncps = { }; - systemd.services.ncps-create-datadirs = { + systemd.services.ncps-create-directories = { description = "Created required directories by ncps"; serviceConfig = { Type = "oneshot"; @@ -237,6 +246,12 @@ in mkdir -p ${dbDir} chown ncps:ncps ${dbDir} fi + '') + + (lib.optionalString (cfg.cache.tempPath != "/tmp") '' + if ! test -d ${cfg.cache.tempPath}; then + mkdir -p ${cfg.cache.tempPath} + chown ncps:ncps ${cfg.cache.tempPath} + fi ''); wantedBy = [ "ncps.service" ]; before = [ "ncps.service" ]; @@ -278,6 +293,9 @@ in (lib.mkIf (isSqlite && !lib.strings.hasPrefix "/var/lib/ncps" dbDir) { ReadWritePaths = [ dbDir ]; }) + (lib.mkIf (cfg.cache.tempPath != "/tmp") { + ReadWritePaths = [ cfg.cache.tempPath ]; + }) # Hardening {