From 36d1097c2605c82f1e6af2f9628ee7a65addb304 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Thu, 27 Mar 2025 23:41:24 -0400
Subject: [PATCH] add cache priv key to nix.conf

---
 hosts/common.nix | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/hosts/common.nix b/hosts/common.nix
index 1d54545..77e0edb 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -1,4 +1,4 @@
-{ inputs, ... }:
+{ inputs, config, ... }:
 {
   nix = {
     settings = {
@@ -9,7 +9,7 @@
         "root"
         "@wheel"
       ];
-      trusted-public-keys = [
+      extra-trusted-public-keys = [
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8="
       ];
@@ -17,6 +17,9 @@
         "https://nix-community.cachix.org"
         "https://nixcache.cy7.sh"
       ];
+      secret-key-files = [
+        config.sops.secrets.cache-priv-key.path
+      ];
     };
     channel.enable = false;
     optimise = {
@@ -74,4 +77,11 @@
 
   services.thermald.enable = true;
   environment.enableAllTerminfo = true;
+
+  sops.secrets.cache-priv-key = {
+    format = "binary";
+    sopsFile = ../secrets/cache-priv-key.pem;
+    mode = "0440";
+    group = "users";
+  };
 }