2024-12-14
Atuin is a nice tool to sync, search and backup shell history between machines. This post describes how to setup a Atuin server with TLS on NiXOS and how to use home-manager to configure the client.
We are going to install the Atuin service and set up a ngnix reverse proxy to terminate TLS. Add the following to your configuration file of choice, for example configuration.nix
security.acme.acceptTerms = true;
security.acme.certs = {
"atuin.example.com".email = "<e-mail>>";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"atuin.example.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8888";
proxyWebsockets = false;
extraConfig =
"proxy_ssl_server_name on;" +
"proxy_pass_header Authorization;"
;
};
};
};
};
services.atuin = {
enable = true;
openFirewall = false;
openRegistration = true;
};
I created a small module to install Atuin on my clients machines.
{ pkgs, lib, config, ... }:
with lib; let
cfg = config.features.tools.atuin;
in {
options.features.tools.atuin.enable = mkEnableOption "enable atuin with config";
config = mkIf cfg.enable {
programs.atuin = {
enable = true;
enableFishIntegration = true;
settings = {
auto_sync = true;
sync_address = "https://atuin.example.com";
sync_frequency = "5m";
style = "compact";
workspaces = true;
};
};
};
}
Create an account on your first client:
atuin register
On all your other clients use
atuin login
To log in to the server.
You can now set openRegistration to false in your server configuration.
Good luck, have fun! :)