From 6b31922615985736cdeed8f7ab5ce5ef7a40d028 Mon Sep 17 00:00:00 2001
From: servius <servius@darksailor.dev>
Date: Wed, 11 Feb 2026 16:56:23 +0530
Subject: [PATCH] feat: Added attic ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64

---
 nixos/tako/services/attic.nix | 19 ++++++++++++-------
 secrets/secrets.yaml          |  6 ++++--
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/nixos/tako/services/attic.nix b/nixos/tako/services/attic.nix
index 31018258..2dc2dd00 100644
--- a/nixos/tako/services/attic.nix
+++ b/nixos/tako/services/attic.nix
@@ -1,16 +1,21 @@
-{...}: {
+{config, ...}: let
+  socket = "/run/attic/attic.sock";
+in {
+  sops = {
+    secrets."attic/jwt_secret" = {};
+    templates."attic.env".content = ''
+      ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.sops.placeholder."attic/jwt_secret"}
+    '';
+  };
   services = {
     atticd = {
       enable = true;
-      listen = "/run/attic/attic.sock";
+      settings.listen = socket;
+      environmentFile = config.sops.templates."attic.env".path;
     };
     caddy = {
       virtualHosts."cache.darksailor.dev".extraConfig = ''
-        reverse_proxy /run/attic/attic.sock {
-          transport http {
-            protocol = "fd"
-          }
-        }
+        reverse_proxy unix/${socket}
       '';
     };
   };
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 2a9a4f85..4ac7141b 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -92,6 +92,8 @@ tuwunel:
     registration_token: ENC[AES256_GCM,data:A0Wd9DTruGnCoPosKUHrd3AgN3T9JbkW/6fTJyzcryV0COqLSjOqCD4W2PXPwnk83MFeQ84RpJ3J4tuvYv2JuQ==,iv:7JIQUwfeEN03N0F35z6VipN66DpErqnY6aQrLznnw8g=,tag:RF2gB8kVKT3ioPVVRyj4aQ==,type:str]
 excalidraw:
     jwt_secret: ENC[AES256_GCM,data:W1Tqr8tjd7xmp3WiGXfrRgS4YD5f9MUECs3zum7KY0bv2fp4J9jn/pt1PfY=,iv:TJWkJdP2eItuzsyqaGzUwd+v0iQXShoqUL8X10TME+8=,tag:htJC/jKB7mYVKOR59pEekQ==,type:str]
+attic:
+    jwt_secret: ENC[AES256_GCM,data:cfYN/gE59mXBAuCZmlJXq8GsJ9I22PL9GQjdbaDHbNYdRB8kJh/IFdkqX4ezYIEGDnqVtgPPDCMxzZyCb02qQ5POEgCA4etL7AenGdN0DswIhWQLKCiHLOfLO7gCBp8TEvZlOe4n7POIuovXyZBWdiWTkCnpIJ7fHzL8axC+gOKhPZS9ahHN9eYBRnCDeybVvQ+nuUwZrLp6UrGwqMfzpTtirZWoSR4Zx01capl1dSujHlCo9IwDDU41UJExK8469rQlurF4u7Skd6ZfXNtjn0fV/J3B2hJ2kh1kGQVTgJl+iJ33ihmxVEgVnBNGhnWNZgwbKTM1KpryBfX6rBrbSN/5PTuAeyqFLn0rxU0oPUujDPic68Cppqy+M2WNBec+hk+0pqYK+KwMwoPhfrOn+BNFoY/Nz4zEkhY7vV8EPmMImp0XO++7hFpgPLQFLpGF11jJTDbCEA9o2cAGxRIlXLOpX9sRVIA/XN5CKWEOAebW5GNLXXS6kyZHDvFMqHqbrqRmeRLlJ90clxJ4LWAkkBw5Hjbts1Z/bRwc2VdeBFyojqxQeVLnFRIzGac0qeXd0UFWmEY4rth3L0U9JBFvikXdLI5mwyet9Oy38Jlqrr/7fS4Zl9EcYVx1BsIx6GeeLsk9kJ64CxWGCxdYgHqQTTdHyQJxntDQ3xa1/ZvzZlyqRAc7efFVI0z3jzYfnCkdfnXpiHNIFxhvjj/01UuCexskUWZUewQLb10iLIOE33RC4GVoAQAC+NBndRnQOGIMLM5/J/e4SVbjio2lLESvD15waiD5Eq4BxI7Yel8ZobRZH7EfYNe8uR9kkYloPKSZ6VYRnfokYT67jRfTvcU+1Xzefev8P/qOyDUABc+hehTeG2PQcrbR52y9LYuEJgmUhZaexvVQ6NGQD2/DOOkgIaCIr7BDYM32ATnLWmG0L1zoEmuE/QQqYoJ91ZB0w8FRKi9/mr939LMfELtEZNsGcXg4vNxC/TuME1RHpn38nzyPWMenG4jDbbi/kwbHzoP4oh+fWtL/yMmtjkP+res9Pu968SqgOmMuOvQjFqfvakJs/aBZ/1vBo1oQVfXtqWc3jwUWC6hdr3VGLa71w+X7t80BDALqCCHeHm8OhT364XFm440CPmm4lRay1hDM6xKhNau22bJzKmpl6pyRDbzVQvkHDRlkZWu5VN2nvzHkRPkJD4In1USN+vMwK8lqTVOHd1UVy96H6FHXkJVxDJeZumAkuSDwbPptJoqHgLVGvSlWFnoSHvguaLpOY1HOlkpiQ1Rjn5x+TZV/cajTH26wBpU68L0qZ3Y2+iC5jSgtOBpLFNk+DE1vVXSyB8ZBHo4AQ9ylvAZGMuoQcHqrHmudGIyByAz4eKZk7Q3nsKlosHHYbuHkEGwy1Ynq3B0LMDzmDbT0LR89/jKzzPJEFHtk6NzoKogmrMRlkL91gXwvXlBLvDjKOipZoUTCfRTwtEIrGjowMPuI5OF8L9usEfw+413ndp8Xt+VstyjbFZpNuVk6LKQp4iBQL/AZaPZlS4vKdqCMF3NTpzHAd+tX4+/GVmICUoGGIpLucid9ek1pfLty5phPMkKMMEpcDBdBrDIfP5NgfOssk5YWIiVfZziGQHdjENVe70stMPIim6ZyAQEipCZeqXgHxtr4qYuzR+Se+lxchUYrblshAIdoyebshqWjfpyGAmceJsqPldymXDMdu3MJDt7W86fIhUjEM86yMVc/2WU8jV8DFNBvtKmJWdtRON0MSLO/jmz8pBGm7I18Go5segvdowT6QweiyrUcW/mmQ8SbBtCyfF8AHv7rz6EK0l9h2797t5+qCLpE91COq6MsksOKvaW6+EG1zXmp7bOmeRFBFheEmvJz+UCSNGVic/ZT+a4lXYNZT5DatbNqngA7DWjSdCeTha7S4K7IDl2/LTyPwP6LFlu1kJDTVxzXSgLrPQF1gu/f8plbRfaox9lM35+ZUO45EKbS+phe/Hp94FHiXUIfEjFvldE6m1HeJ8nWw5MIrXUvO1vZc8V5gZmTmSVFG35EhopQUS1VDAuF8ECJV+J7mTbWaMhXxEJXUST5ucNC0Z5/Xew9NaFeF/yOMWWPDaLI7EZfgmWO4bp6peoMHz79+h4Hi4fip0Yeu1p4NOBewqOUlL/sqkNhrh7Dmmt5tFNUfSyJBg60CbGiCyvVSx2J9UTpEpfYaTurI9ST5ohbQSATYzrBeGgefSLYXGkoYKBD9h645Rgh1oOOe40K4OE3KKQcqYLj6De2nYjr+3u+57k+0C31QQ9tB48W2eSyqy9iBFWcsAzV06A2YTWJK8IWnK1e0Z/r2YpevM+z55Hfs3zNaWnbJUaaIHt3RvUawO+uLjQs+i6FQK89w1clem0moQEpSiRQ41/QjoVeCAd3xN98nYPnkRgiBYxOuysV4g68RJ5QdPKe24FhbD5gyY/3CJPnlRKpzNZVgKkFcNDpy0QFR42HDK69sbJ3GEWvx6PdwM8Y+hB9pr9qDgnsKjPt599xWEUmRtxpwDY1HtBGmx/d1OGimR8zSwgoBBcqVuk1r9twM1sw5fVK8JYpXh8pjEAAl2k5ySX3qjC2hj1qtLXZn04eLunbYi85yrBn+i6uRU1lE8+C+EFfUCSmyefXh1dRDxqhc4DHcleeX4CeiZ4QOX3qIpdXsl0oaxgzg/j7XICrd9OE6o5Lk8zCLFp1rQKVaVZ3kK6kruz22SRK+iZn9uvrx+wBM8182oUfEuX8wrWK4XJMsSBCTIMUjN3CXmLHFfjO0+NB6tkB4jSB29YGtfdCo2lz5emFNmLNL+znXtc/knjAtYd3bPcez6KeWYQ/T2AWIrqu6XeJK/ghJJE4zESnI6hUzoCNLNGjYpJYxRXynGNG+IMc+PWOBzRWo9iovi1GSbP2zFvz87wX84M7zByn9LNa2PtCKdFzONEyV9OdhTU9pZSdPq6HRZR+rjK6g1wVX6QDXljaXGgq9GKmJ7Ild2rsKVetmY5J92Ul+z6xlYu6zAtP1oAh63vSM0ZE9nCE0HRC1A40GpgmWGj+Jx5TSDsg+E4RnmFDaYDDVPG9gLSN5YOhvugkVyTn41KQWgg781tElWd4yr1ImeJs1Fx3eHFAPgIKIgsxADde6yaBwnoUqdauohB/RkECkvtUasiiIqyBrtqGZ26KRPsm99NlveyCfwVZRI7/04R7rFtwtFYYB0RSbUDY0e6D1pMRuleA+dauXHQ+fovmyZFxVFZKp6t2Ar5sIEFCqPosMwpK6zOb7MTZeJF77KtxZ5A0pJvd2X6vRxL3KPDi+f4Nb91MWNWKxFc12xbWIwWQqdbJJz2rSR7IJcpC4kfe8g1LKEMFZDCdsqCLowbYuCtwQh95x/OaFzTiTw/vh1ENQIaILorJXBiI0OzH7q+5XvlTZBALHLuJTJV8BI12jc3a28yxGXirljOpwNZNNhULTM0rTUuFMLbw34wdAy+sqbCe+n/BUdmWumoFMq6N6gdjsqN+EkrsSVx0kLuIDtzMVuVbGlBflZg5eCfbeY41PVHqBiy0KflLy/0x9dNwP/60Mhl9HW0VpgdWP/w34neq5O5fMbxccvB9t3qq55+YfdfL4W7FLfWTNzt8moI5bv6GzGLVK3AOQLPpnOv4S/AEg6exsqqxfTPCcqcReFkHORz+PIsiEiuR1yYkwV7CTIxB9FK9zRxZCAinSbFuRJ/ZyptlE8SOdjwCyozFGD2fAjWlJ54EWdE++PjkAoWhxPZpdIMsXrYsr8JrpxcLnhPE7msVGMF5KBdnHylgO+2P5zHaHfPkq9eHaRVA8QKmJVDtdztSyzs3JmPFHphwGlkgILx4U62OaABGhS7CIZkdIil8bWalZ2dmmAkC0AInIcgekSg/y+mNOGJKTA76tb9QrZvH37wCoU1qzbyeYveg7GPxbp7KDSlRM2PNyGsSu2vE3XRD0X1lBX9gEncG3iX9e/DD7Q0G0tuHb2RU5v2RBJEmEQqPZT+u7/wYJbL5UAxGifAxsExBbmO1FvO0egnmYaSmL9kGJDbPYw7r74pQTMVSINP0sEFtHbTYMvelhWSOSLnmGkezx+d9PiLsOSBZelnjr9slx61YToubInlYHEB9nobG8C06Gm3gKv912ZNAzyYsWHbYyj3w8wCT0aOcuWQb1FCDMOyB5VY+FcVaMa7b0HaxYVznmKE86DZnD65huN2gOWJNuVtowlJvh2yylgkYSxF7f6vUJAwYonmQUcZ7Cav8ldVj27T/ePtmnfFjXNdLrCKp9bi06tL0983t2As7jqpePuUcS4wtOXin58AhtB2+TkK9dp/MaYTraW8+6ZMdEb3STiItxSvdkgZpVm/w3tmp2rMT5zSDvSZ480Du7z3ita1apC8aaVQ3Ybzbd8B2/mB1mHX7YIm/+532vAI7lDTgJNae0RPn37wlMpO6aG/LPrtF7IQXq2gxgq6nKdcSApB5umhVpSt3Fu0eNHAztxdX6AtwQsZriZuGsD4NORrOkYJS6CCXDpOOHj9gaDUlGRjXwCpNcVXb6F8i6vs9OQPrhkP8tQvvI70fKQbTKTZ+1+b4QKaXLxhkJ36T4R05Ey4mG6b5aNZSEfdJiyZhXa3tDiP3XOsXuVQabpM2vSeof4NMx7CfU9dhzD2lOAESJeMr3UA0867nH9BjDKakg/EL9Gcy1QOQh2wTbkYkvV+fMkJN2SHjFokSCv9HVhFnvsb+T+rLx9pX0rdC2ZW7/xubacXaaEn/GYlfbEJVOGK7p/rYu1lPgOsHD2rWqN3+p0I063pHY0PABaZ7BStHFD+f8lxUIgstBGsIY0qoFnutoDQvCWFy2miPIQgiDCE0/+DrG5fb8w5W++J+5UzVVRFAwLYi8OvqPrNn7CvCybhc6Ql/+uldFyF11jJxeu3m6XZfVfwW2aJenLamjdL4AD/mPiwmkauqbaPjltTbVcwwbw6L6pqUg5IvwmPo0xRn/hUJCm1AS9GBSTL+I1SYOeltHLXi2OaKQlyhpN4ebqCIdns7mG5ipyk+EqEFbiy+R5wtt17vPI7vcfwdmVIh/kaFhK6fQkst//gYxVhQnbgLH6FBSfSnvVj50Gwg53sz/Pj16fefUobp8/KEIKK+zgt3kkXJY9x3nTbSGPbk4TKgO0j98wboiHAAdlsKGNU4nMLPPILL7Ecjtp/Tjqj9Qq+DUbUzUSTu7ygveNr3a7X+go0imyQb+YkSPRKI4I66F77iRl4d6zxOh0Wz9+oRZnl5QMBKOGBNoYftRMr+LaRYV9+mYwhHxEMvzuTRhRvbvcoQezjpmGbcYyKP4z0XSPfPM6YuZgxDbALwKk8EuCeyQZrIbx2Z9Y1Epz+WWPUXtTBjwKdX7DBib3VZfeagTYCAd61zbItoKVtr9ugN/VYodIZjCpO9WdQdYSEbJystovrEA85baZBtq6R/GxnRo8zG1GcvatQ4OhKNxfvog9oGBwvZhXwkoOwEBHe8SdITvSOqhCyZwLWK6P6Ls3tLwrMave99N4mwHiPs33raPib9LmeVd2pbFhbJfq1jPz8euG+9EbYztWv01vnsc5eNM/EWG+AIyVA3yjBhMZzmL1K+yOH7phZc8FW5ccwvIamBaF9DdQDzbYeDwJ1eQ/scETnrfW8CLR1Ttic3CdM6GD+Uqa3+05kuKjcN/OCS1ZCpeFyS72Yd+Cm4SQan3OqdOZHFA3rI8RpgbNUkRlksVey40X9gA4V+Rp/GMOHuqni8FPtLjMck/VjA1W8L0MvEZmzXZUNZQw==,iv:jwzQBWv+AeNxxCs63ei3sxUPgHCoYN3BVkJW4c9FGPk=,tag:rdhdj7eFldLJxb+b5wn6jQ==,type:str]
 sops:
     age:
         - recipient: age1pw7kluxp7872c63ne4jecq75glj060jkmqwzkk6esatuyck9egfswufdpk
@@ -103,7 +105,7 @@ sops:
             VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
             ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-10T22:47:33Z"
-    mac: ENC[AES256_GCM,data:E9MGlDYKb7Uf5rnGrowqaSyYexfgS6LXSZRWd/H1q9eizY65Z4otbY9eEVJu9yC4SJasiL48+FLnkrmCz9pRz2VK9s16jOUFhNItUqRWrCjQ4HD+FHMrJsqoxB+3jr2QwbX+zKkAVDbO9UZEZRbg8zNNVrOYzaR21WQzDQo0L0g=,iv:VZl7zPsvWIPE3ZuwC8VWqeSSTq3gJgIOZ33IGmNCc5s=,tag:nC+pw1fNy/cIcjiLPgxfwA==,type:str]
+    lastmodified: "2026-02-11T11:25:34Z"
+    mac: ENC[AES256_GCM,data:FOAd2fMvevYgEU0pqj7PJRKd66e9H6ziYcun8vPDcnjfVVR8EVfNrd6/PATu8pUdevZ9a79UjFnm96KgMbQ/8v2BU7E88/Qtq2vHp89DMPuvXtcEupJAGbPSnvuu6oWTKBGVIKZeA+d0kp6cQWe/AdDsMHLipQ1/RZBb+L8/FRM=,iv:z1l+Psyihs9u1eSKJFBwRV9Hyv5cNSY4m4+cB8IWwOw=,tag:G+Slac9IGnmCf53tBndM5g==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0