feat: implement Attic binary cache with remote build support and sops-nix integration

hosts/BinaryCache/default.nix

@@ -0,0 +1,49 @@
+{ config, pkgs, lib, system, ... }:
+
+let
+  hostIp = "192.168.0.25";
+in {
+  config = {
+    homelab = {
+      services.attic = {
+        enable = true;
+        enableRemoteBuilder = true;
+        openFirewall = true;
+      };
+      virtualisation.guest.enable = true;
+    };
+
+    networking = {
+      hostName = "BinaryCache";
+      hostId = "100002500";
+      domain = "depeuter.dev";
+
+      useDHCP = false;
+
+      enableIPv6 = true;
+
+      defaultGateway = {
+        address = "192.168.0.1";
+        interface = "ens18";
+      };
+
+      interfaces.ens18 = {
+        ipv4.addresses = [
+          {
+            address = hostIp;
+            prefixLength = 24;
+          }
+        ];
+      };
+
+      nameservers = [
+        "1.1.1.1" # Cloudflare
+        "1.0.0.1" # Cloudflare
+      ];
+    };
+
+    # Sops configuration for this host is now handled by the common module
+
+    system.stateVersion = "24.05";
+  };
+}

hosts/Binnenpost/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, inputs, config, ... }:
 
 {
   config = {
@@ -83,6 +83,14 @@
 
       "traefik.http.routers.hugo.rule" = "Host(`hugo.depeuter.dev`)";
       "traefik.http.services.hugo.loadbalancer.server.url" = "https://192.168.0.11:444";
+
+      "traefik.http.routers.attic.rule" = "Host(`${inputs.self.nixosConfigurations.BinaryCache.config.homelab.services.attic.domain}`)";
+      "traefik.http.services.attic.loadbalancer.server.url" = 
+        let
+          bcConfig = inputs.self.nixosConfigurations.BinaryCache.config;
+          bcIp = (pkgs.lib.head bcConfig.networking.interfaces.ens18.ipv4.addresses).address;
+          bcPort = bcConfig.homelab.services.attic.port;
+        in "http://${bcIp}:${toString bcPort}";
     };
 
     system.stateVersion = "24.05";