Last active
January 23, 2026 09:14
-
-
Save Lillecarl/e99638ab8d811de7e1ce71c924a35b2e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| + STORAGE_PATH=/var/lib/ncps | |
| + mkdir --parents /var/lib/ncps /var/lib/ncps/db | |
| + export DATABASE_URL=sqlite:///var/lib/ncps/db/db.sqlite | |
| + DATABASE_URL=sqlite:///var/lib/ncps/db/db.sqlite | |
| + dbmate-ncps up | |
| + export CACHE_DATABASE_URL=sqlite:///var/lib/ncps/db/db.sqlite | |
| + CACHE_DATABASE_URL=sqlite:///var/lib/ncps/db/db.sqlite | |
| + export CACHE_HOSTNAME=ncps | |
| + CACHE_HOSTNAME=ncps | |
| + export CACHE_SIGN_NARINFO=false | |
| + CACHE_SIGN_NARINFO=false | |
| + export CACHE_STORAGE_LOCAL=/var/lib/ncps | |
| + CACHE_STORAGE_LOCAL=/var/lib/ncps | |
| + export CACHE_UPSTREAM_PUBLIC_KEYS=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| + CACHE_UPSTREAM_PUBLIC_KEYS=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| + export CACHE_UPSTREAM_URLS=https://cache.nixos.org | |
| + CACHE_UPSTREAM_URLS=https://cache.nixos.org | |
| + export CACHE_MAX_SIZE=9G | |
| + CACHE_MAX_SIZE=9G | |
| + ncps serve | |
| {"level":"info","log_level":"info","time":"2026-01-23T08:55:58Z","message":"logger created"} | |
| {"level":"info","cmd":"serve","operation":"auto-max-procs","time":"2026-01-23T08:55:58Z","message":"maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined"} | |
| {"level":"info","cmd":"serve","time":"2026-01-23T08:55:58Z","message":"using local locks (single-instance mode)"} | |
| {"level":"info","cmd":"serve","otel-enabled":false,"otel-grpc-url":"","time":"2026-01-23T08:55:58Z","message":"setting up tracer provider to discard traces"} | |
| {"level":"info","cmd":"serve","otel-enabled":false,"otel-grpc-url":"","time":"2026-01-23T08:55:58Z","message":"setting up meter provider to discard metrics"} | |
| {"level":"info","cmd":"serve","otel-enabled":false,"otel-grpc-url":"","time":"2026-01-23T08:55:58Z","message":"setting up logger provider to discard logs"} | |
| {"level":"info","cmd":"serve","endpoint":"otlp.ncps.dev:443","time":"2026-01-23T08:55:58Z","message":"Reporting anonymous metrics to the project maintainers"} | |
| {"level":"warn","cmd":"serve","error":"open /var/empty/.netrc: no such file or directory","time":"2026-01-23T08:55:58Z","message":"failed to parse netrc file, proceeding without netrc authentication"} | |
| {"level":"info","cmd":"serve","path":"/var/lib/ncps","time":"2026-01-23T08:55:58Z","message":"using local storage"} | |
| {"level":"info","cmd":"serve","time":"2026-01-23T08:55:58Z","message":"generated and stored a new secret key in the database"} | |
| {"level":"info","cmd":"serve","server_addr":":8501","time":"2026-01-23T08:55:58Z","message":"Server started"} | |
| {"level":"info","cmd":"serve","upstream":"cache.nixos.org","time":"2026-01-23T08:55:59Z","message":"upstream became healthy and is now available for requests"} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| config, | |
| pkgs, | |
| lib, | |
| ... | |
| }: | |
| { | |
| config = | |
| let | |
| cacheSizeGB = 10; | |
| storagePath = "/var/lib/ncps"; | |
| ncps = | |
| let | |
| version = "0.7.1"; | |
| in | |
| pkgs.ncps.overrideAttrs { | |
| version = "0.7.1"; | |
| src = builtins.fetchTree { | |
| type = "github"; | |
| owner = "kalbasit"; | |
| repo = "ncps"; | |
| ref = "v${version}"; | |
| }; | |
| vendorHash = "sha256-nnt4HIG4Fs7RhHjVb7mYJ39UgvFKc46Cu42cURMmr1s="; | |
| doCheck = false; | |
| doInstallCheck = false; | |
| }; | |
| ncps-start = pkgs.writeShellApplication { | |
| name = "ncps-start"; | |
| excludeShellChecks = [ "SC2154" ]; # Disable unassigned variable checking | |
| runtimeInputs = [ ncps ]; | |
| text = '' | |
| set -x | |
| STORAGE_PATH=''${STORAGE_PATH:-"/var/lib/ncps"} | |
| mkdir --parents {"$STORAGE_PATH","$STORAGE_PATH/db"} | |
| export DATABASE_URL="sqlite://$STORAGE_PATH/db/db.sqlite" | |
| dbmate-ncps up | |
| export CACHE_DATABASE_URL=''${CACHE_DATABASE_URL:-"$DATABASE_URL"} | |
| export CACHE_HOSTNAME=''${CACHE_HOSTNAME:-"ncps"} | |
| export CACHE_MAX_SIZE=''${CACHE_MAX_SIZE:-"${toString (cacheSizeGB - 1)}G"} | |
| export CACHE_SIGN_NARINFO=''${CACHE_SIGN_NARINFO:-"false"} | |
| export CACHE_STORAGE_LOCAL=''${CACHE_STORAGE_LOCAL:-"$STORAGE_PATH"} | |
| export CACHE_UPSTREAM_PUBLIC_KEYS=''${CACHE_UPSTREAM_PUBLIC_KEYS:-"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="} | |
| export CACHE_UPSTREAM_URLS=''${CACHE_UPSTREAM_URLS:-"https://cache.nixos.org"} | |
| ncps serve | |
| ''; | |
| }; | |
| ncps-env = pkgs.buildEnv { | |
| name = "ncps-env"; | |
| paths = [ | |
| # required | |
| pkgs.dockerTools.caCertificates | |
| pkgs.dockerTools.fakeNss | |
| # dev (some are PATH added by "script") | |
| pkgs.bash | |
| pkgs.coreutils | |
| pkgs.fishMinimal | |
| ]; | |
| }; | |
| labels = { | |
| "app.kubernetes.io/name" = "ncps"; | |
| }; | |
| in | |
| lib.mkIf (config.stage == "full") { | |
| kubernetes.resources.nix-csi = { | |
| StatefulSet.ncps = { | |
| spec = { | |
| serviceName = "ncps"; | |
| updateStrategy.type = "RollingUpdate"; | |
| selector.matchLabels = labels; | |
| template = { | |
| metadata.labels = labels; | |
| metadata.annotations = { | |
| "kubectl.kubernetes.io/default-container" = "ncps"; | |
| }; | |
| spec = { | |
| nodeSelector."kubernetes.io/arch" = "amd64"; | |
| containers = lib.mkNamedList { | |
| ncps = { | |
| image = "ghcr.io/lillecarl/nix-csi/scratch:1.0.1"; | |
| command = [ | |
| (lib.getExe pkgs.tini) | |
| (lib.getExe ncps-start) | |
| ]; | |
| env = lib.mkNamedList { | |
| STORAGE_PATH.value = storagePath; | |
| }; | |
| volumeMounts = | |
| let | |
| # TODO: Move to hlib/nix-csi something | |
| makeMounts = | |
| name: paths: | |
| lib.map ( | |
| inPath: | |
| let | |
| noSuffix = if lib.hasSuffix "/" inPath then lib.removeSuffix "/" inPath else inPath; | |
| mountPath = if lib.hasPrefix "/" noSuffix then noSuffix else "/${noSuffix}"; | |
| subPath = lib.removePrefix "/" mountPath; | |
| in | |
| { | |
| inherit name mountPath subPath; | |
| readOnly = true; | |
| } | |
| ) paths; | |
| in | |
| makeMounts "nix-store" [ | |
| "/nix" | |
| "/etc/group" | |
| "/etc/passwd" | |
| "/etc/nsswitch.conf" | |
| "/etc/ssl" | |
| "/etc/pki" | |
| ] | |
| ++ [ | |
| { | |
| name = "storage"; | |
| mountPath = storagePath; | |
| } | |
| ]; | |
| }; | |
| }; | |
| volumes = lib.mkNamedList { | |
| nix-store.csi = { | |
| driver = "nix.csi.store"; | |
| readOnly = true; | |
| volumeAttributes.${pkgs.stdenv.hostPlatform.system} = ncps-env; | |
| }; | |
| }; | |
| }; | |
| }; | |
| volumeClaimTemplates = [ | |
| { | |
| metadata.name = "storage"; | |
| spec = { | |
| accessModes = [ "ReadWriteOnce" ]; | |
| resources.requests.storage = "${toString cacheSizeGB}Gi"; | |
| }; | |
| } | |
| ]; | |
| }; | |
| }; | |
| }; | |
| }; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Please edit the object below. Lines beginning with a '#' will be ignored, | |
| # and an empty file will abort the edit. If an error occurs while saving this file will be | |
| # reopened with the relevant failures. | |
| # | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| annotations: | |
| kubectl.kubernetes.io/default-container: ncps | |
| vpaInPlaceUpdated: "true" | |
| vpaObservedContainers: ncps | |
| vpaUpdates: 'Pod resources updated by ncps: container 0: cpu request, memory request' | |
| creationTimestamp: "2026-01-23T08:55:53Z" | |
| generateName: ncps- | |
| generation: 2 | |
| labels: | |
| app.kubernetes.io/name: ncps | |
| apps.kubernetes.io/pod-index: "0" | |
| controller-revision-hash: ncps-597bcd488f | |
| statefulset.kubernetes.io/pod-name: ncps-0 | |
| name: ncps-0 | |
| namespace: nix-csi | |
| ownerReferences: | |
| - apiVersion: apps/v1 | |
| blockOwnerDeletion: true | |
| controller: true | |
| kind: StatefulSet | |
| name: ncps | |
| uid: d54a734d-f50f-465d-93a1-994dd85e2f06 | |
| resourceVersion: "30632997" | |
| uid: 7d6fb688-0adb-4be9-a751-85cbf0d2d429 | |
| spec: | |
| containers: | |
| - command: | |
| - /nix/store/5jx4n3sbp7m6vxlvsj3bljkj21v1isi6-tini-0.19.0/bin/tini | |
| - /nix/store/qhy12g6qfx0hb8ddgb19d51kmhi3kz3r-ncps-start/bin/ncps-start | |
| env: | |
| - name: STORAGE_PATH | |
| value: /var/lib/ncps | |
| image: ghcr.io/lillecarl/nix-csi/scratch:1.0.1 | |
| imagePullPolicy: IfNotPresent | |
| name: ncps | |
| resources: | |
| requests: | |
| cpu: 25m | |
| memory: "36253748" | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| volumeMounts: | |
| - mountPath: /nix | |
| name: nix-store | |
| readOnly: true | |
| subPath: nix | |
| - mountPath: /etc/group | |
| name: nix-store | |
| readOnly: true | |
| subPath: etc/group | |
| - mountPath: /etc/passwd | |
| name: nix-store | |
| readOnly: true | |
| subPath: etc/passwd | |
| - mountPath: /etc/nsswitch.conf | |
| name: nix-store | |
| readOnly: true | |
| subPath: etc/nsswitch.conf | |
| - mountPath: /etc/ssl | |
| name: nix-store | |
| readOnly: true | |
| subPath: etc/ssl | |
| - mountPath: /etc/pki | |
| name: nix-store | |
| readOnly: true | |
| subPath: etc/pki | |
| - mountPath: /var/lib/ncps | |
| name: storage | |
| - mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
| name: kube-api-access-gk22m | |
| readOnly: true | |
| dnsPolicy: ClusterFirst | |
| enableServiceLinks: true | |
| hostname: ncps-0 | |
| nodeName: hetzkube-workers-x86-g2br8-gffw4 | |
| nodeSelector: | |
| kubernetes.io/arch: amd64 | |
| preemptionPolicy: PreemptLowerPriority | |
| priority: 0 | |
| restartPolicy: Always | |
| schedulerName: default-scheduler | |
| securityContext: {} | |
| serviceAccount: default | |
| serviceAccountName: default | |
| subdomain: ncps | |
| terminationGracePeriodSeconds: 30 | |
| tolerations: | |
| - effect: NoExecute | |
| key: node.kubernetes.io/not-ready | |
| operator: Exists | |
| tolerationSeconds: 300 | |
| - effect: NoExecute | |
| key: node.kubernetes.io/unreachable | |
| operator: Exists | |
| tolerationSeconds: 300 | |
| volumes: | |
| - name: storage | |
| persistentVolumeClaim: | |
| claimName: storage-ncps-0 | |
| - csi: | |
| driver: nix.csi.store | |
| readOnly: true | |
| volumeAttributes: | |
| x86_64-linux: /nix/store/d5flyrv49x990qca312nddm35r1v5a4i-ncps-env | |
| name: nix-store | |
| - name: kube-api-access-gk22m | |
| projected: | |
| defaultMode: 420 | |
| sources: | |
| - serviceAccountToken: | |
| expirationSeconds: 3607 | |
| path: token | |
| - configMap: | |
| items: | |
| - key: ca.crt | |
| path: ca.crt | |
| name: kube-root-ca.crt | |
| - downwardAPI: | |
| items: | |
| - fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.namespace | |
| path: namespace | |
| status: | |
| conditions: | |
| - lastProbeTime: null | |
| lastTransitionTime: "2026-01-23T08:55:59Z" | |
| observedGeneration: 2 | |
| status: "True" | |
| type: PodReadyToStartContainers | |
| - lastProbeTime: null | |
| lastTransitionTime: "2026-01-23T08:55:53Z" | |
| observedGeneration: 2 | |
| status: "True" | |
| type: Initialized | |
| - lastProbeTime: null | |
| lastTransitionTime: "2026-01-23T08:55:59Z" | |
| observedGeneration: 2 | |
| status: "True" | |
| type: Ready | |
| - lastProbeTime: null | |
| lastTransitionTime: "2026-01-23T08:55:59Z" | |
| observedGeneration: 2 | |
| status: "True" | |
| type: ContainersReady | |
| - lastProbeTime: null | |
| lastTransitionTime: "2026-01-23T08:55:53Z" | |
| observedGeneration: 2 | |
| status: "True" | |
| type: PodScheduled | |
| containerStatuses: | |
| - allocatedResources: | |
| cpu: 25m | |
| memory: "36253748" | |
| containerID: containerd://0485ac98ae57f9eceb5c39bb06ca22a90f02a1fcca31a5785b8c90f955c3e972 | |
| image: ghcr.io/lillecarl/nix-csi/scratch:1.0.1 | |
| imageID: ghcr.io/lillecarl/nix-csi/scratch@sha256:1e18f768215787db6022af8a9929da54d601dceeb5b5ac960fb18abd8df46e51 | |
| lastState: {} | |
| name: ncps | |
| ready: true | |
| resources: | |
| requests: | |
| cpu: 25m | |
| memory: "36253748" | |
| restartCount: 0 | |
| started: true | |
| state: | |
| running: | |
| startedAt: "2026-01-23T08:55:58Z" | |
| user: | |
| linux: | |
| gid: 0 | |
| supplementalGroups: | |
| - 0 | |
| uid: 0 | |
| volumeMounts: | |
| - mountPath: /nix | |
| name: nix-store | |
| readOnly: true | |
| recursiveReadOnly: Disabled | |
| - mountPath: /etc/group | |
| name: nix-store | |
| readOnly: true | |
| recursiveReadOnly: Disabled | |
| - mountPath: /etc/passwd | |
| name: nix-store | |
| readOnly: true | |
| recursiveReadOnly: Disabled | |
| - mountPath: /etc/nsswitch.conf | |
| name: nix-store | |
| readOnly: true | |
| recursiveReadOnly: Disabled | |
| - mountPath: /etc/ssl | |
| name: nix-store | |
| readOnly: true | |
| recursiveReadOnly: Disabled | |
| - mountPath: /etc/pki | |
| name: nix-store | |
| readOnly: true | |
| recursiveReadOnly: Disabled | |
| - mountPath: /var/lib/ncps | |
| name: storage | |
| - mountPath: /var/run/secrets/kubernetes.io/serviceaccount | |
| name: kube-api-access-gk22m | |
| readOnly: true | |
| recursiveReadOnly: Disabled | |
| hostIP: 157.180.69.43 | |
| hostIPs: | |
| - ip: 157.180.69.43 | |
| - ip: 2a01:4f9:c013:5e2b::1 | |
| observedGeneration: 2 | |
| phase: Running | |
| podIP: 10.133.1.106 | |
| podIPs: | |
| - ip: 10.133.1.106 | |
| - ip: 2a01:4f9:c013:5e2b:8000::29ff | |
| qosClass: Burstable | |
| startTime: "2026-01-23T08:55:53Z" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment