Loading maintainers/maintainer-list.nix +6 −0 Original line number Diff line number Diff line Loading @@ -8854,6 +8854,12 @@ githubId = 100240294; name = "Florian Sanders"; }; FlorisMenninga = { email = "fl-ris@protonmail.com"; github = "Fl-ris"; githubId = 117688953; name = "Floris Menninga"; }; flosse = { email = "mail@markus-kohlhase.de"; github = "flosse"; Loading nixos/modules/services/networking/ncps.nix +9 −22 Original line number Diff line number Diff line Loading @@ -97,7 +97,6 @@ let lock = { backend = cfg.cache.lock.backend; redis.key-prefix = cfg.cache.lock.redisKeyPrefix; postgres.key-prefix = cfg.cache.lock.postgresKeyPrefix; download-lock-ttl = cfg.cache.lock.downloadTTL; lru-lock-ttl = cfg.cache.lock.lruTTL; retry = { Loading Loading @@ -151,6 +150,14 @@ in "ncps" "dbmatePackage" ] "dbmate is now wrapped within ncps package, you need to override ncps to change dbmate package") (lib.mkRemovedOptionModule [ "services" "ncps" "cache" "lock" "postgresKeyPrefix" ] "PostgreSQL lock backend was removed upstream") ]; options = { Loading Loading @@ -285,22 +292,11 @@ in type = lib.types.enum [ "local" "redis" "postgres" ]; default = "local"; description = '' Lock backend to use: 'local' (single instance), 'redis' (distributed), 'postgres' (distributed, requires PostgreSQL). Advisory Locks and Connection Pools: If you use PostgreSQL as your distributed lock backend, each active lock consumes a dedicated connection from the pool. A single request can consume up to 3 connections simultaneously. To avoid deadlocks under concurrent load, ensure {option}`services.ncps.cache.database.pool.maxOpenConns` is significantly higher than your expected concurrency (at least 50-100 is recommended). (distributed). ''; }; Loading @@ -313,15 +309,6 @@ in ''; }; postgresKeyPrefix = lib.mkOption { type = lib.types.str; default = "ncps:lock:"; description = '' Prefix for all PostgreSQL advisory lock keys (only used when PostgreSQL is configured as lock backend). ''; }; downloadTTL = lib.mkOption { type = lib.types.str; default = "5m0s"; Loading nixos/modules/services/web-apps/karakeep.nix +1 −1 Original line number Diff line number Diff line Loading @@ -34,7 +34,7 @@ in Environment variables to pass to Karakaeep. This is how most settings can be configured. Changing DATA_DIR is possible but not supported. See <https://docs.karakeep.app/configuration/> See <https://docs.karakeep.app/configuration/environment-variables> ''; type = lib.types.attrsOf lib.types.str; default = { }; Loading nixos/tests/all-tests.nix +0 −1 Original line number Diff line number Diff line Loading @@ -1049,7 +1049,6 @@ in imports = [ ./ncps.nix ]; defaults.services.ncps.cache.storage.local = "/path/to/ncps"; }; ncps-ha-pg = runTest ./ncps-ha-pg.nix; ncps-ha-pg-redis = runTest ./ncps-ha-pg-redis.nix; ndppd = runTest ./ndppd.nix; nebula-lighthouse-service = runTest ./nebula-lighthouse-service.nix; Loading nixos/tests/ncps-ha-pg.nixdeleted 100644 → 0 +0 −169 Original line number Diff line number Diff line { lib, pkgs, ... }: let # s3 creds bucket = "ncps"; region = "us-west-1"; accessKey = builtins.toFile "minio-access-key" "easy-key"; secretKey = builtins.toFile "minio-secret-key" "easy-secret"; # pg creds postgresPassword = "easypwd"; initMinio = pkgs.writeShellScriptBin "init-minio.sh" '' set -euo pipefail mc alias set local "http://127.0.0.1:9000" minioadmin minioadmin mc mb local/${bucket} mc admin user svcacct add --access-key "$(cat ${accessKey})" --secret-key "$(cat ${secretKey})" local minioadmin ''; ncpsAttrs = hostname: { services.ncps = { enable = true; analytics.reporting.enable = false; cache = { hostName = hostname; databaseURL = "postgres://ncps:${lib.escapeURL postgresPassword}@postgres:5432/ncps?sslmode=disable"; lock.backend = "postgres"; secretKeyPath = builtins.toString ( pkgs.writeText "ncps-cache-key" "ncps:dcrGsrku0KvltFhrR5lVIMqyloAdo0y8vYZOeIFUSLJS2IToL7dPHSSCk/fi+PJf8EorpBn8PU7MNhfvZoI8mA==" ); storage.s3 = { inherit bucket region; endpoint = "http://minio:9000"; accessKeyIdPath = accessKey; secretAccessKeyPath = secretKey; }; upstream = { urls = [ "http://harmonia:5000" ]; publicKeys = [ "cache.example.com-1:eIGQXcGQpc00x6/XFcyacLEUmC07u4RAEHt5Y8vdglo=" ]; }; }; }; networking.firewall.allowedTCPPorts = [ 8501 ]; }; in { name = "ncps-storage-s3"; meta = with lib.maintainers; { maintainers = [ aciceri kalbasit ]; }; nodes = { client0 = { nix.settings = { substituters = lib.mkForce [ "http://ncps0:8501" ]; trusted-public-keys = lib.mkForce [ "ncps:UtiE6C+3Tx0kgpP34vjyX/BKK6QZ/D1OzDYX72aCPJg=" ]; }; }; client1 = { nix.settings = { substituters = lib.mkForce [ "http://ncps1:8501" ]; trusted-public-keys = lib.mkForce [ "ncps:UtiE6C+3Tx0kgpP34vjyX/BKK6QZ/D1OzDYX72aCPJg=" ]; }; }; harmonia = { services.harmonia = { enable = true; signKeyPaths = [ (pkgs.writeText "cache-key" "cache.example.com-1:9FhO0w+7HjZrhvmzT1VlAZw4OSAlFGTgC24Seg3tmPl4gZBdwZClzTTHr9cVzJpwsRSYLTu7hEAQe3ljy92CWg==") ]; settings.priority = 35; }; networking.firewall.allowedTCPPorts = [ 5000 ]; system.extraDependencies = [ pkgs.emptyFile ]; }; minio = { services.minio = { inherit region; enable = true; }; networking.firewall.allowedTCPPorts = [ 9000 ]; environment.systemPackages = [ pkgs.minio-client initMinio ]; }; ncps0 = lib.mkMerge [ (ncpsAttrs "ncps0") { services.ncps.cache.databaseURL = lib.mkForce null; services.ncps.cache.databaseURLFile = builtins.toFile "db-url" "postgres://ncps:${lib.escapeURL postgresPassword}@postgres:5432/ncps?sslmode=disable"; } ]; ncps1 = ncpsAttrs "ncps1"; postgres = { services.postgresql = { enable = true; enableTCPIP = true; authentication = '' host all all all scram-sha-256 ''; initialScript = pkgs.writeText "init-postgres.sql" '' CREATE DATABASE "ncps" WITH ENCODING = 'UTF8'; CREATE ROLE "ncps" WITH LOGIN PASSWORD '${ builtins.replaceStrings [ "'" ] [ "''" ] postgresPassword }'; ALTER DATABASE "ncps" OWNER TO "ncps"; ''; }; networking.firewall.allowedTCPPorts = [ 5432 ]; }; }; testScript = { nodes, ... }: '' harmonia.start() minio.start() postgres.start() minio.wait_for_unit("minio.service") minio.wait_until_succeeds("init-minio.sh") postgres.wait_for_unit("postgresql.service") start_all() harmonia.wait_for_unit("harmonia.service") ncps0.wait_for_unit("ncps.service") ncps1.wait_for_unit("ncps.service") client0.wait_until_succeeds("curl -f http://ncps0:8501/ | grep '\"hostname\":\"${toString nodes.ncps0.services.ncps.cache.hostName}\"' >&2") client1.wait_until_succeeds("curl -f http://ncps1:8501/ | grep '\"hostname\":\"${toString nodes.ncps1.services.ncps.cache.hostName}\"' >&2") ''; } Loading
maintainers/maintainer-list.nix +6 −0 Original line number Diff line number Diff line Loading @@ -8854,6 +8854,12 @@ githubId = 100240294; name = "Florian Sanders"; }; FlorisMenninga = { email = "fl-ris@protonmail.com"; github = "Fl-ris"; githubId = 117688953; name = "Floris Menninga"; }; flosse = { email = "mail@markus-kohlhase.de"; github = "flosse"; Loading
nixos/modules/services/networking/ncps.nix +9 −22 Original line number Diff line number Diff line Loading @@ -97,7 +97,6 @@ let lock = { backend = cfg.cache.lock.backend; redis.key-prefix = cfg.cache.lock.redisKeyPrefix; postgres.key-prefix = cfg.cache.lock.postgresKeyPrefix; download-lock-ttl = cfg.cache.lock.downloadTTL; lru-lock-ttl = cfg.cache.lock.lruTTL; retry = { Loading Loading @@ -151,6 +150,14 @@ in "ncps" "dbmatePackage" ] "dbmate is now wrapped within ncps package, you need to override ncps to change dbmate package") (lib.mkRemovedOptionModule [ "services" "ncps" "cache" "lock" "postgresKeyPrefix" ] "PostgreSQL lock backend was removed upstream") ]; options = { Loading Loading @@ -285,22 +292,11 @@ in type = lib.types.enum [ "local" "redis" "postgres" ]; default = "local"; description = '' Lock backend to use: 'local' (single instance), 'redis' (distributed), 'postgres' (distributed, requires PostgreSQL). Advisory Locks and Connection Pools: If you use PostgreSQL as your distributed lock backend, each active lock consumes a dedicated connection from the pool. A single request can consume up to 3 connections simultaneously. To avoid deadlocks under concurrent load, ensure {option}`services.ncps.cache.database.pool.maxOpenConns` is significantly higher than your expected concurrency (at least 50-100 is recommended). (distributed). ''; }; Loading @@ -313,15 +309,6 @@ in ''; }; postgresKeyPrefix = lib.mkOption { type = lib.types.str; default = "ncps:lock:"; description = '' Prefix for all PostgreSQL advisory lock keys (only used when PostgreSQL is configured as lock backend). ''; }; downloadTTL = lib.mkOption { type = lib.types.str; default = "5m0s"; Loading
nixos/modules/services/web-apps/karakeep.nix +1 −1 Original line number Diff line number Diff line Loading @@ -34,7 +34,7 @@ in Environment variables to pass to Karakaeep. This is how most settings can be configured. Changing DATA_DIR is possible but not supported. See <https://docs.karakeep.app/configuration/> See <https://docs.karakeep.app/configuration/environment-variables> ''; type = lib.types.attrsOf lib.types.str; default = { }; Loading
nixos/tests/all-tests.nix +0 −1 Original line number Diff line number Diff line Loading @@ -1049,7 +1049,6 @@ in imports = [ ./ncps.nix ]; defaults.services.ncps.cache.storage.local = "/path/to/ncps"; }; ncps-ha-pg = runTest ./ncps-ha-pg.nix; ncps-ha-pg-redis = runTest ./ncps-ha-pg-redis.nix; ndppd = runTest ./ndppd.nix; nebula-lighthouse-service = runTest ./nebula-lighthouse-service.nix; Loading
nixos/tests/ncps-ha-pg.nixdeleted 100644 → 0 +0 −169 Original line number Diff line number Diff line { lib, pkgs, ... }: let # s3 creds bucket = "ncps"; region = "us-west-1"; accessKey = builtins.toFile "minio-access-key" "easy-key"; secretKey = builtins.toFile "minio-secret-key" "easy-secret"; # pg creds postgresPassword = "easypwd"; initMinio = pkgs.writeShellScriptBin "init-minio.sh" '' set -euo pipefail mc alias set local "http://127.0.0.1:9000" minioadmin minioadmin mc mb local/${bucket} mc admin user svcacct add --access-key "$(cat ${accessKey})" --secret-key "$(cat ${secretKey})" local minioadmin ''; ncpsAttrs = hostname: { services.ncps = { enable = true; analytics.reporting.enable = false; cache = { hostName = hostname; databaseURL = "postgres://ncps:${lib.escapeURL postgresPassword}@postgres:5432/ncps?sslmode=disable"; lock.backend = "postgres"; secretKeyPath = builtins.toString ( pkgs.writeText "ncps-cache-key" "ncps:dcrGsrku0KvltFhrR5lVIMqyloAdo0y8vYZOeIFUSLJS2IToL7dPHSSCk/fi+PJf8EorpBn8PU7MNhfvZoI8mA==" ); storage.s3 = { inherit bucket region; endpoint = "http://minio:9000"; accessKeyIdPath = accessKey; secretAccessKeyPath = secretKey; }; upstream = { urls = [ "http://harmonia:5000" ]; publicKeys = [ "cache.example.com-1:eIGQXcGQpc00x6/XFcyacLEUmC07u4RAEHt5Y8vdglo=" ]; }; }; }; networking.firewall.allowedTCPPorts = [ 8501 ]; }; in { name = "ncps-storage-s3"; meta = with lib.maintainers; { maintainers = [ aciceri kalbasit ]; }; nodes = { client0 = { nix.settings = { substituters = lib.mkForce [ "http://ncps0:8501" ]; trusted-public-keys = lib.mkForce [ "ncps:UtiE6C+3Tx0kgpP34vjyX/BKK6QZ/D1OzDYX72aCPJg=" ]; }; }; client1 = { nix.settings = { substituters = lib.mkForce [ "http://ncps1:8501" ]; trusted-public-keys = lib.mkForce [ "ncps:UtiE6C+3Tx0kgpP34vjyX/BKK6QZ/D1OzDYX72aCPJg=" ]; }; }; harmonia = { services.harmonia = { enable = true; signKeyPaths = [ (pkgs.writeText "cache-key" "cache.example.com-1:9FhO0w+7HjZrhvmzT1VlAZw4OSAlFGTgC24Seg3tmPl4gZBdwZClzTTHr9cVzJpwsRSYLTu7hEAQe3ljy92CWg==") ]; settings.priority = 35; }; networking.firewall.allowedTCPPorts = [ 5000 ]; system.extraDependencies = [ pkgs.emptyFile ]; }; minio = { services.minio = { inherit region; enable = true; }; networking.firewall.allowedTCPPorts = [ 9000 ]; environment.systemPackages = [ pkgs.minio-client initMinio ]; }; ncps0 = lib.mkMerge [ (ncpsAttrs "ncps0") { services.ncps.cache.databaseURL = lib.mkForce null; services.ncps.cache.databaseURLFile = builtins.toFile "db-url" "postgres://ncps:${lib.escapeURL postgresPassword}@postgres:5432/ncps?sslmode=disable"; } ]; ncps1 = ncpsAttrs "ncps1"; postgres = { services.postgresql = { enable = true; enableTCPIP = true; authentication = '' host all all all scram-sha-256 ''; initialScript = pkgs.writeText "init-postgres.sql" '' CREATE DATABASE "ncps" WITH ENCODING = 'UTF8'; CREATE ROLE "ncps" WITH LOGIN PASSWORD '${ builtins.replaceStrings [ "'" ] [ "''" ] postgresPassword }'; ALTER DATABASE "ncps" OWNER TO "ncps"; ''; }; networking.firewall.allowedTCPPorts = [ 5432 ]; }; }; testScript = { nodes, ... }: '' harmonia.start() minio.start() postgres.start() minio.wait_for_unit("minio.service") minio.wait_until_succeeds("init-minio.sh") postgres.wait_for_unit("postgresql.service") start_all() harmonia.wait_for_unit("harmonia.service") ncps0.wait_for_unit("ncps.service") ncps1.wait_for_unit("ncps.service") client0.wait_until_succeeds("curl -f http://ncps0:8501/ | grep '\"hostname\":\"${toString nodes.ncps0.services.ncps.cache.hostName}\"' >&2") client1.wait_until_succeeds("curl -f http://ncps1:8501/ | grep '\"hostname\":\"${toString nodes.ncps1.services.ncps.cache.hostName}\"' >&2") ''; }
![nixpkgs-ci[bot]'s avatar](https://secure.gravatar.com/avatar/21d9e4256a026824783d9069d7622ceb22d44398fd318ddfee596c72e5556369?s=48&d=identicon "nixpkgs-ci[bot]")