feat: add initial attic chart

charts/attic/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

charts/attic/Chart.yaml

@@ -1,9 +1,10 @@
 apiVersion: v2
-name: attic-repo
+name: attic
-description: A Nix binary caching server
+description: |
-appVersion: bdafd64910bb2b861cf90fa15f1fc93318b6fbf6
+  A Nix binary caching server
+appVersion: 4dbdbee45728d8ce5788db6461aaaa89d98081f0
 type: application
-version: 0.5.1
+version: 0.1.0
 maintainers:
 - name: Tommy Skaug
   email: tommy@skaug.me

charts/attic/templates/_helpers.tpl

@@ -0,0 +1,30 @@
+# Define a template for the chart's full name.
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "attic.fullname" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+# Define a template for standard labels.
+{{/*
+Common labels
+*/}}
+{{- define "attic.labels" -}}
+helm.sh/chart: {{ include "attic.chart" . }}
+app.kubernetes.io/name: {{ include "attic.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.Version | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+# Define a template for the chart name and version.
+{{/*
+Generate basic labels
+*/}}
+{{- define "attic.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" -}}
+{{- end }}
+
+# Optionally, add more helper templates as needed.

charts/attic/templates/configuration.yaml

@@ -0,0 +1,74 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "attic.fullname" . }}
+  labels:
+    {{- include "attic.labels" . | nindent 4 }}
+data:
+  config.toml: |
+    listen = "[::]:8080"
+    allowed-hosts = []
+    #api-endpoint = "https://your.domain.tld/"
+    #soft-delete-caches = false
+
+    [storage]
+    # Can be "local" or "s3".
+    type = "local"
+
+    # The directory to store all files under
+    path = "/var/lib/atticd/storage"
+
+    [database]
+    #require-proof-of-possession = true
+    #heartbeat = false
+
+    # Set this if you are using an S3-compatible object storage (e.g., Minio).
+    #endpoint = "https://xxx.r2.cloudflarestorage.com"
+
+    # If unset, the credentials are read from the `AWS_ACCESS_KEY_ID` and
+    # `AWS_SECRET_ACCESS_KEY` environment variables.
+    #[storage.credentials]
+    #  access_key_id = ""
+    #  secret_access_key = ""
+
+    [chunking]
+    # If 0, chunking is disabled entirely for newly-uploaded NARs.
+    # If 1, all NARs are chunked.
+    nar-size-threshold = 65536 # chunk files that are 64 KiB or larger
+
+    # The preferred minimum size of a chunk, in bytes
+    min-size = 16384 # 16 KiB
+
+    # The preferred average size of a chunk, in bytes
+    avg-size = 65536 # 64 KiB
+
+    # The preferred maximum size of a chunk, in bytes
+    max-size = 262144 # 256 KiB
+
+    # Compression
+    [compression]
+    # Compression type
+    #
+    # Can be "none", "brotli", "zstd", or "xz"
+    type = "zstd"
+
+    # Compression level
+    #level = 8
+
+    # Garbage collection
+    [garbage-collection]
+    # The frequency to run garbage collection at
+    #
+    # By default it's 12 hours. You can use natural language
+    # to specify the interval, like "1 day".
+    #
+    # If zero, automatic garbage collection is disabled, but
+    # it can still be run manually with `atticd --mode garbage-collector-once`.
+    interval = "12 hours"
+
+    # Default retention period
+    #
+    # Zero (default) means time-based garbage-collection is
+    # disabled by default. You can enable it on a per-cache basis.
+    #default-retention-period = "6 months"

charts/attic/templates/db-init.yaml

@@ -0,0 +1,21 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "attic.fullname" . }}-db-init
+  labels:
+    {{- include "attic.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: general-db-init
+          image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}"
+          envFrom:
+            - secretRef:
+                name: {{ .Values.postgres.secretName }}
+      # Tolerate a few failures, adjust the number as needed
+  backoffLimit: 3

charts/attic/templates/deployment-server.yaml

@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "attic.fullname" . }}
+  labels:
+    {{- include "attic.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ include "attic.fullname" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "attic.fullname" . }}
+    spec:
+      serviceAccountName: {{ include "attic.fullname" . }}
+      containers:
+      - name: {{ include "attic.fullname" . }}
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        command: ["atticd"]
+        args: ["-f", "/var/lib/atticd/config.toml"]
+        env:
+          - name: ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64
+            value: {{ .Values.config.externalUrl }}
+        envFrom:
+          - secretRef:
+              name: {{ .Values.envFromSecret }}
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        ports:
+        - containerPort: 8080
+          name: http
+        volumeMounts:
+        - name: {{ include "attic.fullname" . }}
+          mountPath: "/var/lib/atticd/storage"
+          readOnly: false
+        - name: config
+          mountPath: "/var/lib/atticd/config.toml"
+          readOnly: true
+      volumes:
+        - name: {{ include "attic.fullname" . }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim }}
+        - name: config
+          configMap:
+            name: {{ include "attic.fullname" . }}

charts/attic/templates/service-server.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "attic.fullname" . }}
+  labels:
+    {{- include "attic.labels" . | nindent 4 }}
+spec:
+  selector:
+    app: {{ include "attic.fullname" . }}
+  ports:
+  - port: 8080
+    targetPort: 8080

charts/attic/templates/serviceaccount.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "attic.fullname" . }}
+  labels:
+    {{- include "attic.labels" . | nindent 4 }}

charts/attic/values.yaml

@@ -1,6 +1,31 @@
-replicaCount: 1
+config:
+  externalUrl: https://cache.example.com/
+
+persistence:
+  existingClaim: attic
+
+initContainers:
+  dbInit:
+    image:
+      repository: ghcr.io/onedr0p/postgres-init
+      tag: "16"
+    envFrom:
+    - secretRef:
+        name: attic-secret
+
+envFromSecret: attic-secret
 
 image:
-  repository: zhaofengli/attic
+  repository: ghcr.io/zhaofengli/attic
-  pullPolicy: IfNotPresent
+  tag: 4dbdbee45728d8ce5788db6461aaaa89d98081f0
-  tag: bdafd64910bb2b861cf90fa15f1fc93318b6fbf6
+
+postgres:
+  secretName: attic-secret
+
+resources:
+  limits:
+    memory: "3Gi"
+    cpu: "1000m"
+#  requests:
+#    cpu: 100m
+#    memory: 250Mi