mirror of
https://github.com/zhaofengli/attic.git
synced 2025-03-15 13:07:49 +00:00
book/admin-guide: Add some docs on the NixOS module
This commit is contained in:
parent
a42953bd9a
commit
c77b5fb64e
3 changed files with 90 additions and 0 deletions
|
@ -4,6 +4,7 @@
|
||||||
- [Tutorial](./tutorial.md)
|
- [Tutorial](./tutorial.md)
|
||||||
- [User Guide](./user-guide/README.md)
|
- [User Guide](./user-guide/README.md)
|
||||||
- [Admin Guide](./admin-guide/README.md)
|
- [Admin Guide](./admin-guide/README.md)
|
||||||
|
- [Deploying to NixOS](./admin-guide/deployment/nixos.md)
|
||||||
- [Chunking](./admin-guide/chunking.md)
|
- [Chunking](./admin-guide/chunking.md)
|
||||||
- [FAQs](./faqs.md)
|
- [FAQs](./faqs.md)
|
||||||
- [Reference](./reference/README.md)
|
- [Reference](./reference/README.md)
|
||||||
|
|
|
@ -1,3 +1,9 @@
|
||||||
# Admin Guide
|
# Admin Guide
|
||||||
|
|
||||||
> This section is under construction.
|
> This section is under construction.
|
||||||
|
|
||||||
|
This section describes how to set up and administer an Attic Server.
|
||||||
|
For a quick start, read the [Tutorial](../tutorial.md).
|
||||||
|
|
||||||
|
- **[Deploying to NixOS](./deployment/nixos.md)** - Deploying to a NixOS machine
|
||||||
|
- **[Chunking](./chunking.md)** - Configuring Content-Defined Chunking data deduplication in Attic
|
||||||
|
|
83
book/src/admin-guide/deployment/nixos.md
Normal file
83
book/src/admin-guide/deployment/nixos.md
Normal file
|
@ -0,0 +1,83 @@
|
||||||
|
# Deploying to NixOS
|
||||||
|
|
||||||
|
Attic provides [a NixOS module](https://github.com/zhaofengli/attic/blob/main/nixos/atticd.nix) that allows you to deploy the Attic Server on a NixOS machine.
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
1. A machine running NixOS
|
||||||
|
1. _(Optional)_ A dedicated bucket on S3 or a S3-compatible storage service
|
||||||
|
- You can either [set up Minio](https://search.nixos.org/options?query=services.minio) or use a hosted service like [Backblaze B2](https://www.backblaze.com/b2/docs) and [Cloudflare R2](https://developers.cloudflare.com/r2).
|
||||||
|
1. _(Optional)_ A PostgreSQL database
|
||||||
|
|
||||||
|
## Generating the Credentials File
|
||||||
|
|
||||||
|
The HS256 JWT secret can be generated with the `openssl` utility:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
openssl rand 64 | base64 -w0
|
||||||
|
```
|
||||||
|
|
||||||
|
Create a file on the server containing the following contents:
|
||||||
|
|
||||||
|
```
|
||||||
|
ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64="output from openssl"
|
||||||
|
```
|
||||||
|
|
||||||
|
Ensure the file is only accessible by root.
|
||||||
|
|
||||||
|
## Importing the Module
|
||||||
|
|
||||||
|
You can import the module in one of two ways:
|
||||||
|
|
||||||
|
- Ad-hoc: Import the `nixos/atticd.nix` from [the repository](https://github.com/zhaofengli/attic).
|
||||||
|
- Flakes: Add `github:zhaofengli/attic` as an input, then import `attic.nixosModules.atticd`.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
> Note: These options are subject to change.
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{
|
||||||
|
services.atticd = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
# Replace with absolute path to your credentials file
|
||||||
|
credentialsFile = "/etc/atticd.env";
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
listen = "[::]:8080";
|
||||||
|
|
||||||
|
# Data chunking
|
||||||
|
#
|
||||||
|
# Warning: If you change any of the values here, it will be
|
||||||
|
# difficult to reuse existing chunks for newly-uploaded NARs
|
||||||
|
# since the cutpoints will be different. As a result, the
|
||||||
|
# deduplication ratio will suffer for a while after the change.
|
||||||
|
chunking = {
|
||||||
|
# The minimum NAR size to trigger chunking
|
||||||
|
#
|
||||||
|
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
||||||
|
# If 1, all NARs are chunked.
|
||||||
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||||
|
|
||||||
|
# The preferred minimum size of a chunk, in bytes
|
||||||
|
min-size = 16 * 1024; # 16 KiB
|
||||||
|
|
||||||
|
# The preferred average size of a chunk, in bytes
|
||||||
|
avg-size = 64 * 1024; # 64 KiB
|
||||||
|
|
||||||
|
# The preferred maximum size of a chunk, in bytes
|
||||||
|
max-size = 256 * 1024; # 256 KiB
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
After the new configuration is deployed, the Attic Server will be accessible on port 8080.
|
||||||
|
It's highly recommended to place it behind a reverse proxy like [NGINX](https://nixos.wiki/wiki/Nginx) to provide HTTPS.
|
||||||
|
|
||||||
|
## Operations
|
||||||
|
|
||||||
|
The NixOS module installs the `atticd-atticadm` wrapper which runs the `atticadm` command as the `atticd` user.
|
||||||
|
Use this command to [generate new tokens](../../reference/atticadm-cli.md#atticadm-make-token) to be distributed to users.
|
Loading…
Add table
Reference in a new issue