{ config, pkgs, inputs, ... }: let toml = pkgs.formats.toml {}; atticConfig = toml.generate "attic-upload-config.toml" { default-server = "cache"; servers.cache.endpoint = "https://cache-api.privatevoid.net"; }; inherit (inputs.attic.packages.${pkgs.system}) attic; in { age.secrets.attic-upload-key = { file = ../../../secrets/attic-upload-key.age; mode = "0400"; }; systemd.services.attic-upload = { description = "Attic Uploader"; wantedBy = [ "multi-user.target" ]; after = [ "network-online.target" ]; wants = [ "network-online.target" ]; path = [ config.nix.package ]; environment.XDG_CONFIG_HOME = "/tmp/attic-upload"; preStart = '' install -dm700 "$XDG_CONFIG_HOME/attic" cp --no-preserve=mode ${atticConfig} "$XDG_CONFIG_HOME/attic/config.toml" echo "token = \"$ATTIC_TOKEN\"" >> "$XDG_CONFIG_HOME/attic/config.toml" ''; serviceConfig = { ExecStart = "${attic}/bin/attic watch-store nix-store"; Restart = "always"; RestartSec = "10s"; DynamicUser = true; EnvironmentFile = config.age.secrets.attic-upload-key.path; }; }; }