feat: Replace ncps with attic

values/ncps/env-oceanbox.yaml.gotmpl

@@ -1,2 +0,0 @@
-ncps:
-  enabled: true

values/ncps/env.yaml.gotmpl

@@ -1,3 +0,0 @@
-ncps:
-  enabled: false
-  autosync: false

values/ncps/manifests/ingress.yaml

@@ -1,31 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/enable-cors: "true"
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    oceanbox.io/expose: internal
-  labels:
-    app.kubernetes.io/component: nix-cache
-  name: nix-cache
-  namespace: ncps
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: cache.srv.oceanbox.io
-    http:
-      paths:
-      - backend:
-          service:
-            name: nix-cache
-            port:
-              name: http-web
-        path: /
-        pathType: ImplementationSpecific
-  tls:
-  - hosts:
-    - cache.srv.oceanbox.io
-    secretName: cache.srv.oceanbox.io-tls

values/ncps/manifests/ncps.yaml

@@ -1,27 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: ncps
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  destination:
-    namespace: ncps
-    server: 'https://kubernetes.default.svc'
-  sources:
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: HEAD
-    path: values/ncps/manifests
-  project: sys
-  syncPolicy:
-    managedNamespaceMetadata:
-      labels:
-        component: sys
-    syncOptions:
-      - CreateNamespace=true
-      - ApplyOutOfSyncOnly=true
-      # - ServerSideApply=true
-    automated:
-      prune: true
-      # selfHeal: false

values/ncps/manifests/policies/allow-cache-nixos.yaml

@@ -1,13 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: allow-cache-nixos
-  namespace: ncps
-spec:
-  egress:
-    - toFQDNs:
-        - matchPattern: 'cache.nixos.org'
-        - matchPattern: 'nix-community.cachix.org'
-  endpointSelector:
-    matchLabels:
-      app: nix-cache

values/ncps/manifests/pvc.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nix-cache
-  labels:
-    app: nix-cache
-    tier: proxy
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi

values/ncps/manifests/sts.yaml

@@ -1,62 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: nix-cache
-  labels:
-    app: nix-cache
-    tier: proxy
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: nix-cache
-      tier: proxy
-  template:
-    metadata:
-      labels:
-        app: nix-cache
-        tier: proxy
-    spec:
-      initContainers:
-        - image: alpine:latest
-          name: create-directories
-          args:
-            - /bin/sh
-            - -c
-            - "mkdir -m 0755 -p /storage/var && mkdir -m 0700 -p /storage/var/ncps && mkdir -m 0700 -p /storage/var/ncps/db"
-          volumeMounts:
-            - name: nix-cache-persistent-storage
-              mountPath: /storage
-        - image: kalbasit/ncps:latest # NOTE: It's recommended to use a tag here, but we live dangerously
-          name: migrate-database
-          args:
-            - /bin/dbmate
-            - --url=sqlite:/storage/var/ncps/db/db.sqlite
-            - migrate
-            - up
-          volumeMounts:
-            - name: nix-cache-persistent-storage
-              mountPath: /storage
-      containers:
-        - image: kalbasit/ncps:latest # NOTE: It's recommended to use a tag here!
-          name: nix-cache
-          args:
-            - /bin/ncps
-            - serve
-            - --cache-hostname=cache.srv.oceanbox.io
-            - --cache-data-path=/storage
-            - --cache-database-url=sqlite:/storage/var/ncps/db/db.sqlite
-            - --upstream-cache=https://cache.nixos.org
-            - --upstream-cache=https://nix-community.cachix.org
-            - --upstream-public-key=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
-            - --upstream-public-key=nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
-          ports:
-            - containerPort: 8501
-              name: http-web
-          volumeMounts:
-            - name: nix-cache-persistent-storage
-              mountPath: /storage
-      volumes:
-        - name: nix-cache-persistent-storage
-          persistentVolumeClaim:
-            claimName: nix-cache

values/ncps/manifests/svc.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nix-cache
-  labels:
-    app: nix-cache
-    tier: proxy
-spec:
-  type: ClusterIP
-  ports:
-    - name: http-web
-      port: 8501
-  selector:
-    app: nix-cache
-    tier: proxy