From 2eee0e5e6d61f48716998f80023053870707a6ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 20 Aug 2025 11:41:31 +0200 Subject: [PATCH] feat: Add nix cache --- values/ncps/manifests/ingress.yaml | 31 +++++++++++++++ values/ncps/manifests/ncps.yaml | 33 ++++++++++++++++ values/ncps/manifests/pvc.yaml | 13 +++++++ values/ncps/manifests/sts.yaml | 62 ++++++++++++++++++++++++++++++ values/ncps/manifests/svc.yaml | 15 ++++++++ 5 files changed, 154 insertions(+) create mode 100644 values/ncps/manifests/ingress.yaml create mode 100644 values/ncps/manifests/ncps.yaml create mode 100644 values/ncps/manifests/pvc.yaml create mode 100644 values/ncps/manifests/sts.yaml create mode 100644 values/ncps/manifests/svc.yaml diff --git a/values/ncps/manifests/ingress.yaml b/values/ncps/manifests/ingress.yaml new file mode 100644 index 00000000..5bc4dfeb --- /dev/null +++ b/values/ncps/manifests/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + nginx.ingress.kubernetes.io/ssl-redirect: "true" + oceanbox.io/expose: internal + labels: + app.kubernetes.io/component: nix-cache + name: nix-cache + namespace: ncps +spec: + ingressClassName: nginx + rules: + - host: cache.oceanbox.io + http: + paths: + - backend: + service: + name: nix-cache + port: + name: http-web + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - cache.oceanbox.io + secretName: cache.oceanbox.io-tls diff --git a/values/ncps/manifests/ncps.yaml b/values/ncps/manifests/ncps.yaml new file mode 100644 index 00000000..5e9eb8bc --- /dev/null +++ b/values/ncps/manifests/ncps.yaml @@ -0,0 +1,33 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ncps + namespace: argocd + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: ncps + server: 'https://kubernetes.default.svc' + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: values/ncps/manifests + project: sys + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + # - ServerSideApply=true + {{- if .Values.ncps.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +{{- end }} diff --git a/values/ncps/manifests/pvc.yaml b/values/ncps/manifests/pvc.yaml new file mode 100644 index 00000000..d1f2bff4 --- /dev/null +++ b/values/ncps/manifests/pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nix-cache + labels: + app: nix-cache + tier: proxy +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/values/ncps/manifests/sts.yaml b/values/ncps/manifests/sts.yaml new file mode 100644 index 00000000..15ba7d42 --- /dev/null +++ b/values/ncps/manifests/sts.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: nix-cache + labels: + app: nix-cache + tier: proxy +spec: + replicas: 1 + selector: + matchLabels: + app: nix-cache + tier: proxy + template: + metadata: + labels: + app: nix-cache + tier: proxy + spec: + initContainers: + - image: alpine:latest + name: create-directories + args: + - /bin/sh + - -c + - "mkdir -m 0755 -p /storage/var && mkdir -m 0700 -p /storage/var/ncps && mkdir -m 0700 -p /storage/var/ncps/db" + volumeMounts: + - name: nix-cache-persistent-storage + mountPath: /storage + - image: kalbasit/ncps:latest # NOTE: It's recommended to use a tag here, but we live dangerously + name: migrate-database + args: + - /bin/dbmate + - --url=sqlite:/storage/var/ncps/db/db.sqlite + - migrate + - up + volumeMounts: + - name: nix-cache-persistent-storage + mountPath: /storage + containers: + - image: kalbasit/ncps:latest # NOTE: It's recommended to use a tag here! + name: nix-cache + args: + - /bin/ncps + - serve + - --cache-hostname=cache.oceanbox.io # TODO: Setup ingress + - --cache-data-path=/storage + - --cache-database-url=sqlite:/storage/var/ncps/db/db.sqlite + - --upstream-cache=https://cache.nixos.org + - --upstream-cache=https://nix-community.cachix.org + - --upstream-public-key=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= + - --upstream-public-key=nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= + ports: + - containerPort: 8501 + name: http-web + volumeMounts: + - name: nix-cache-persistent-storage + mountPath: /storage + volumes: + - name: nix-cache-persistent-storage + persistentVolumeClaim: + claimName: nix-cache diff --git a/values/ncps/manifests/svc.yaml b/values/ncps/manifests/svc.yaml new file mode 100644 index 00000000..b58a7b59 --- /dev/null +++ b/values/ncps/manifests/svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: nix-cache + labels: + app: nix-cache + tier: proxy +spec: + type: ClusterIP + ports: + - name: http-web + port: 8501 + selector: + app: nix-cache + tier: proxy