Add declarative attic cache

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/configs/system/nix/default.nix

@@ -43,7 +43,9 @@
       ];
       download-buffer-size = 524288000;
       substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
-      trusted-public-keys = lib.mkBefore [ "main:nJVRBnv73MDkwuV5sgm52m4E2ImOhWHvY12qzjPegAk=" ];
+      trusted-public-keys = lib.mkBefore [
+        "nix.karaolidis.com:1yz1tIVLGDEOFC1p/uYtR4Sx+nIbdYDqsDv4kkV0uyk="
+      ];
       netrc-file = config.sops.templates.nix-netrc.path;
     };
 

hosts/jupiter/users/storm/configs/console/podman/attic/default.nix

@@ -16,6 +16,7 @@ in
         "attic/postgresql".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
         "attic/rs256".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
         "attic/admin".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
+        "attic/keypairs/main".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
       };
 
       templates = {
@@ -94,6 +95,7 @@ in
               [
                 "/mnt/storage/private/storm/containers/storage/volumes/attic/_data:/var/lib/attic"
                 "${hmConfig.sops.templates.attic-server.path}:/etc/attic/server.toml:ro"
+                "${hmConfig.sops.secrets."attic/keypairs/main".path}:/etc/attic/keypairs/main:ro"
                 "${postStart}:/etc/attic/post-start.sh:ro"
               ];
             environmentFiles = [ hmConfig.sops.templates.attic-env.path ];

hosts/jupiter/users/storm/configs/console/podman/attic/post-start.sh

@@ -11,9 +11,11 @@ while true; do
   set -o errexit
 
   if [ $status -eq 0 ]; then
+    attic cache configure "$CACHE_NAME" --keypair-path "/etc/attic/keypairs/$CACHE_NAME"
     break
   elif echo "$out" | grep -q "NoSuchCache"; then
-    attic cache create "$CACHE_NAME"
+    attic cache create "$CACHE_NAME" --keypair-path "/etc/attic/keypairs/$CACHE_NAME"
+    break
   elif echo "$out" | grep -q "404"; then
     sleep 0.1
   else