platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

feat: Add nix cache

Browse Source
This commit is contained in:
Moritz Jörg
2025-08-20 11:41:31 +02:00
parent 620f3553ef
commit 2eee0e5e6d
5 changed files with 154 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/ncps/manifests/ingress.yaml
+31
View File
@@ -0,0 +1,31 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/ssl-redirect: "true"
oceanbox.io/expose: internal
labels:
app.kubernetes.io/component: nix-cache
name: nix-cache
namespace: ncps
spec:
ingressClassName: nginx
rules:
- host: cache.oceanbox.io
http:
paths:
- backend:
service:
name: nix-cache
port:
name: http-web
path: /
pathType: ImplementationSpecific
tls:
- hosts:
- cache.oceanbox.io
secretName: cache.oceanbox.io-tls
values/ncps/manifests/ncps.yaml
+33
View File
@@ -0,0 +1,33 @@
{{- if .Values.clusterConfig.argo.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ncps
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: ncps
server: 'https://kubernetes.default.svc'
sources:
- repoURL: {{ .Values.clusterConfig.manifests }}
targetRevision: HEAD
path: values/ncps/manifests
project: sys
syncPolicy:
managedNamespaceMetadata:
labels:
component: sys
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
# - ServerSideApply=true
{{- if .Values.ncps.autosync }}
automated:
prune: true
# selfHeal: false
{{- end }}
{{- end }}
values/ncps/manifests/pvc.yaml
+13
View File
@@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nix-cache
labels:
app: nix-cache
tier: proxy
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
values/ncps/manifests/sts.yaml
+62
View File
@@ -0,0 +1,62 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nix-cache
labels:
app: nix-cache
tier: proxy
spec:
replicas: 1
selector:
matchLabels:
app: nix-cache
tier: proxy
template:
metadata:
labels:
app: nix-cache
tier: proxy
spec:
initContainers:
- image: alpine:latest
name: create-directories
args:
- /bin/sh
- -c
- "mkdir -m 0755 -p /storage/var && mkdir -m 0700 -p /storage/var/ncps && mkdir -m 0700 -p /storage/var/ncps/db"
volumeMounts:
- name: nix-cache-persistent-storage
mountPath: /storage
- image: kalbasit/ncps:latest # NOTE: It's recommended to use a tag here, but we live dangerously
name: migrate-database
args:
- /bin/dbmate
- --url=sqlite:/storage/var/ncps/db/db.sqlite
- migrate
- up
volumeMounts:
- name: nix-cache-persistent-storage
mountPath: /storage
containers:
- image: kalbasit/ncps:latest # NOTE: It's recommended to use a tag here!
name: nix-cache
args:
- /bin/ncps
- serve
- --cache-hostname=cache.oceanbox.io # TODO: Setup ingress
- --cache-data-path=/storage
- --cache-database-url=sqlite:/storage/var/ncps/db/db.sqlite
- --upstream-cache=https://cache.nixos.org
- --upstream-cache=https://nix-community.cachix.org
- --upstream-public-key=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
- --upstream-public-key=nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
ports:
- containerPort: 8501
name: http-web
volumeMounts:
- name: nix-cache-persistent-storage
mountPath: /storage
volumes:
- name: nix-cache-persistent-storage
persistentVolumeClaim:
claimName: nix-cache
values/ncps/manifests/svc.yaml
+15
View File
@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: nix-cache
labels:
app: nix-cache
tier: proxy
spec:
type: ClusterIP
ports:
- name: http-web
port: 8501
selector:
app: nix-cache
tier: proxy