[Backport release-25.05] ncps: Update the module for ncps v0.3.0 (#440346)

2026-01-11 10:22:54 +08:00 · 2025-09-06 12:44:04 -07:00
parent cdd2a78e55 bb7c2bf89f
commit 88469b5caa
1 changed files with 24 additions and 1 deletions
--- a/nixos/modules/services/networking/ncps.nix
+++ b/nixos/modules/services/networking/ncps.nix
@@ -27,6 +27,9 @@ let
        cfg.openTelemetry.grpcURL != null
      ) "--otel-grpc-url='${cfg.openTelemetry.grpcURL}'")
    ))
+    ++ (lib.optionals cfg.prometheus.enable [
+      "--prometheus-enabled"
+    ])
  );

  serveFlags = lib.concatStringsSep " " (
@@ -34,6 +37,7 @@ let
      "--cache-hostname='${cfg.cache.hostName}'"
      "--cache-data-path='${cfg.cache.dataPath}'"
      "--cache-database-url='${cfg.cache.databaseURL}'"
+      "--cache-temp-path='${cfg.cache.tempPath}'"
      "--server-addr='${cfg.server.addr}'"
    ]
    ++ (lib.optional cfg.cache.allowDeleteVerb "--cache-allow-delete-verb")
@@ -76,6 +80,8 @@ in
        };
      };

+      prometheus.enable = lib.mkEnableOption "Enable Prometheus metrics endpoint at /metrics";
+
      logLevel = lib.mkOption {
        type = lib.types.enum logLevels;
        default = "info";
@@ -165,6 +171,14 @@ in
            empty to automatically generate a private/public key.
          '';
        };
+
+        tempPath = lib.mkOption {
+          type = lib.types.str;
+          default = "/tmp";
+          description = ''
+            The path to the temporary directory that is used by the cache to download NAR files
+          '';
+        };
      };

      server = {
@@ -214,7 +228,7 @@ in
    };
    users.groups.ncps = { };

-    systemd.services.ncps-create-datadirs = {
+    systemd.services.ncps-create-directories = {
      description = "Created required directories by ncps";
      serviceConfig = {
        Type = "oneshot";
@@ -232,6 +246,12 @@ in
            mkdir -p ${dbDir}
            chown ncps:ncps ${dbDir}
          fi
+        '')
+        + (lib.optionalString (cfg.cache.tempPath != "/tmp") ''
+          if ! test -d ${cfg.cache.tempPath}; then
+            mkdir -p ${cfg.cache.tempPath}
+            chown ncps:ncps ${cfg.cache.tempPath}
+          fi
        '');
      wantedBy = [ "ncps.service" ];
      before = [ "ncps.service" ];
@@ -273,6 +293,9 @@ in
        (lib.mkIf (isSqlite && !lib.strings.hasPrefix "/var/lib/ncps" dbDir) {
          ReadWritePaths = [ dbDir ];
        })
+        (lib.mkIf (cfg.cache.tempPath != "/tmp") {
+          ReadWritePaths = [ cfg.cache.tempPath ];
+        })

        # Hardening
        {