Add attic

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/configs/user/console/attic/default.nix

@@ -0,0 +1,33 @@
+{ user, home }:
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+let
+  hmConfig = config.home-manager.users.${user};
+in
+{
+  home-manager.users.${user} = {
+    sops = {
+      secrets."nix/cache/nix.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+
+      templates."attic" = {
+        content = builtins.readFile (
+          (pkgs.formats.toml { }).generate "config.toml" {
+            default-server = "main";
+
+            servers."main" = {
+              endpoint = "https://nix.karaolidis.com/";
+              token = hmConfig.sops.placeholder."nix/cache/nix.karaolidis.com";
+            };
+          }
+        );
+        path = "${home}/.config/attic/config.toml";
+      };
+    };
+
+    home.packages = with pkgs; [ attic-client ];
+  };
+}

hosts/common/configs/user/console/home-manager/default.nix

@@ -1,5 +1,10 @@
 { user, home }:
-{ config, inputs, ... }:
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
 {
   imports = [ inputs.home-manager.nixosModules.default ];
 
@@ -15,10 +20,18 @@
       home.stateVersion = "24.11";
       systemd.user.startServices = true;
 
-      nix.settings.experimental-features = [
-        "nix-command"
-        "flakes"
-      ];
+      nix.settings = {
+        use-xdg-base-directories = true;
+        experimental-features = [
+          "nix-command"
+          "flakes"
+        ];
+        download-buffer-size = 524288000;
+        substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
+        trusted-substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
+        trusted-public-keys = lib.mkBefore [ "main:nJVRBnv73MDkwuV5sgm52m4E2ImOhWHvY12qzjPegAk=" ];
+        netrc-file = config.sops.templates.nix-netrc.path;
+      };
     };
   };
 }

hosts/common/configs/user/console/syncthing/default.nix

@@ -14,11 +14,13 @@
     "syncthing/key" = {
       owner = user;
       group = "users";
+      mode = "0440";
     };
     # openssl req -new -x509 -key key.pem -out cert.pem -days 9999 -subj "/CN=syncthing"
     "syncthing/cert" = {
       owner = user;
       group = "users";
+      mode = "0440";
     };
   };