attic icon indicating copy to clipboard operation
attic copied to clipboard

Published 20 hours ago verified publisher icon zhaofengli

`Error: Unauthorized: Unauthorized.` for a newly created token

Open misuzu opened this issue 8 months ago • 3 comments

What am I doing wrong?

{ config, pkgs, ... }:
{
  age.secrets."attic.env".file = ./attic.env.age;

  environment.systemPackages = with pkgs; [
    attic
  ];

  services.atticd = {
    enable = true;
    package = pkgs.attic;
    credentialsFile = config.age.secrets."attic.env".path;
    settings = {
      listen = "[::]:8080";
      chunking = {
        # The minimum NAR size to trigger chunking
        #
        # If 0, chunking is disabled entirely for newly-uploaded NARs.
        # If 1, all NARs are chunked.
        nar-size-threshold = 64 * 1024; # 64 KiB

        # The preferred minimum size of a chunk, in bytes
        min-size = 16 * 1024; # 16 KiB

        # The preferred average size of a chunk, in bytes
        avg-size = 64 * 1024; # 64 KiB

        # The preferred maximum size of a chunk, in bytes
        max-size = 256 * 1024; # 256 KiB
      };
      storage = {
        type = "local";
        path = "/var/lib/attic";
      };
    };
  };

  systemd.services.atticd.serviceConfig.ReadWritePaths = "/var/lib/attic";
}

% systemctl cat atticd.service
# /etc/systemd/system/atticd.service
[Unit]
After=network.target

[Service]
Environment="LOCALE_ARCHIVE=/nix/store/pdkclbn8qd1faqkf08k9k9g8f0y0cxgn-glibc-locales-2.37-8/lib/locale/locale-archive"
Environment="PATH=/nix/store/apn3p2b40xvirn7w740wv2gy330ppib5-coreutils-9.3/bin:/nix/store/xvhh3dzdqfaz78nhya1xildz2r38sy3s-findutils-4.9.0/bin:/nix/store/4hx292xs95frrd1hqwwfc2fpcz0niwgp-gnugrep-3.11/bin:/nix/store/7snlgj0l0ys6lbcl5pyy8vwnmk26wh8x-gnused-4.9/bin:/nix/store/rjz12jr6wa46vcaj7v2nsi2x17jibipm-systemd-253>
Environment="TZDIR=/nix/store/lvf61q95f827z8dzwnnchdbr0dlpbv8n-tzdata-2023c/share/zoneinfo"



DynamicUser=true
EnvironmentFile=/run/agenix/attic.env
ExecStart=/nix/store/kyhqs4yy1n5458vp46p13a5rxr1zmnsn-attic-0.1.0/bin/atticd -f /nix/store/nbdn05z120qv64dcx7c3a6kbqg8gz9ns-checked-attic-server.toml
Group=atticd
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
ReadWritePaths=/var/lib/attic
RestrictAddressFamilies=AF_INET
RestrictAddressFamilies=AF_INET6
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
StateDirectory=atticd
User=atticd
% cat /nix/store/nbdn05z120qv64dcx7c3a6kbqg8gz9ns-checked-attic-server.toml
listen = "[::]:8080"
[chunking]
avg-size = 65536
max-size = 262144
min-size = 16384
nar-size-threshold = 65536

[database]
url = "sqlite:///var/lib/atticd/server.db?mode=rwc"

[storage]
path = "/var/lib/attic"
type = "local"
% sudo atticd-atticadm make-token \
    --validity "100y" \
    --sub "hello" \
    --pull "hello" \
    --push "hello" \
    --create-cache "hello" \
    --configure-cache "hello" \
    --configure-cache-retention "hello" \
    --destroy-cache "hello"

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjU1ODY3MTUzMywic3ViIjoiaGVsbG8iLCJodHRwczovL2p3dC5hdHRpYy5ycy92MSI6eyJjYWNoZXMiOnsiaGVsbG8iOnsiciI6MSwidyI6MSwiY2MiOjEsImNyIjoxLCJjcSI6MSwiY2QiOjF9fX19.CwI4XgycQXYqcF_LlAyMgVN2zHDa6A-L-PkmbxdQCMQ
% attic login hello http://127.0.0.1:8080 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjU1ODY3MTUzMywic3ViIjoiaGVsbG8iLCJodHRwczovL2p3dC5hdHRpYy5ycy92MSI6eyJjYWNoZXMiOnsiaGVsbG8iOnsiciI6MSwidyI6MSwiY2MiOjEsImNyIjoxLCJjcSI6MSwiY2QiOjF9fX19.CwI4XgycQXYqcF_LlAyMgVN2zHDa6A-L-PkmbxdQCMQ
✍️ Configuring server "hello"
% attic cache create hello
Error: Unauthorized: Unauthorized.
% attic cache info hello
Error: Unauthorized: Unauthorized.

misuzu avatar Oct 21 '23 09:10 misuzu