From 258e3e3bac906d93799657ada84b1fc83464eacc Mon Sep 17 00:00:00 2001
From: Wael Nasreddine <wael.nasreddine@gmail.com>
Date: Sat, 30 Aug 2025 10:49:12 -0700
Subject: [PATCH 1/2] ncps: Add support for the --prometheus-enabled flag

(cherry picked from commit a0817f37f23f077e53fe14bc5589bdeb00e558ab)
---
 nixos/modules/services/networking/ncps.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nixos/modules/services/networking/ncps.nix b/nixos/modules/services/networking/ncps.nix
index d29a24445ae7..77d1a77c4889 100644
--- a/nixos/modules/services/networking/ncps.nix
+++ b/nixos/modules/services/networking/ncps.nix
@@ -27,6 +27,9 @@ let
         cfg.openTelemetry.grpcURL != null
       ) "--otel-grpc-url='${cfg.openTelemetry.grpcURL}'")
     ))
+    ++ (lib.optionals cfg.prometheus.enable [
+      "--prometheus-enabled"
+    ])
   );
 
   serveFlags = lib.concatStringsSep " " (
@@ -76,6 +79,8 @@ in
         };
       };
 
+      prometheus.enable = lib.mkEnableOption "Enable Prometheus metrics endpoint at /metrics";
+
       logLevel = lib.mkOption {
         type = lib.types.enum logLevels;
         default = "info";

From bb7c2bf89f6e955e3c75c39cad1f8bbd31b35ebb Mon Sep 17 00:00:00 2001
From: Wael Nasreddine <wael.nasreddine@gmail.com>
Date: Sat, 30 Aug 2025 10:50:44 -0700
Subject: [PATCH 2/2] ncps: Add support for the --cache-temp-path flag

(cherry picked from commit 414c23faccf416ff4995ca999de620597ab8c1c5)
---
 nixos/modules/services/networking/ncps.nix | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/ncps.nix b/nixos/modules/services/networking/ncps.nix
index 77d1a77c4889..a9f16e022307 100644
--- a/nixos/modules/services/networking/ncps.nix
+++ b/nixos/modules/services/networking/ncps.nix
@@ -37,6 +37,7 @@ let
       "--cache-hostname='${cfg.cache.hostName}'"
       "--cache-data-path='${cfg.cache.dataPath}'"
       "--cache-database-url='${cfg.cache.databaseURL}'"
+      "--cache-temp-path='${cfg.cache.tempPath}'"
       "--server-addr='${cfg.server.addr}'"
     ]
     ++ (lib.optional cfg.cache.allowDeleteVerb "--cache-allow-delete-verb")
@@ -170,6 +171,14 @@ in
             empty to automatically generate a private/public key.
           '';
         };
+
+        tempPath = lib.mkOption {
+          type = lib.types.str;
+          default = "/tmp";
+          description = ''
+            The path to the temporary directory that is used by the cache to download NAR files
+          '';
+        };
       };
 
       server = {
@@ -219,7 +228,7 @@ in
     };
     users.groups.ncps = { };
 
-    systemd.services.ncps-create-datadirs = {
+    systemd.services.ncps-create-directories = {
       description = "Created required directories by ncps";
       serviceConfig = {
         Type = "oneshot";
@@ -237,6 +246,12 @@ in
             mkdir -p ${dbDir}
             chown ncps:ncps ${dbDir}
           fi
+        '')
+        + (lib.optionalString (cfg.cache.tempPath != "/tmp") ''
+          if ! test -d ${cfg.cache.tempPath}; then
+            mkdir -p ${cfg.cache.tempPath}
+            chown ncps:ncps ${cfg.cache.tempPath}
+          fi
         '');
       wantedBy = [ "ncps.service" ];
       before = [ "ncps.service" ];
@@ -278,6 +293,9 @@ in
         (lib.mkIf (isSqlite && !lib.strings.hasPrefix "/var/lib/ncps" dbDir) {
           ReadWritePaths = [ dbDir ];
         })
+        (lib.mkIf (cfg.cache.tempPath != "/tmp") {
+          ReadWritePaths = [ cfg.cache.tempPath ];
+        })
 
         # Hardening
         {