Atuin is a nice tool to sync, search and backup shell history between machines. This post describes how to setup a Atuin server with TLS on NiXOS and how to use home-manager to configure the client.

Server setup

We are going to install the Atuin service and set up a ngnix reverse proxy to terminate TLS. Add the following to your configuration file of choice, for example configuration.nix

  security.acme.acceptTerms = true;
  security.acme.certs = {
    "atuin.example.com".email = "<e-mail>>";
  };
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
      "atuin.example.com" =  {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:8888";
          proxyWebsockets = false;
          extraConfig =
            "proxy_ssl_server_name on;" +
            "proxy_pass_header Authorization;"
            ;
        };
      };
    };
  };
  services.atuin = {
    enable = true;
    openFirewall = false;
    openRegistration = true;
  };

I created a small module to install Atuin on my clients machines.

{ pkgs, lib, config, ... }:
with lib; let
  cfg = config.features.tools.atuin;
in {
  options.features.tools.atuin.enable = mkEnableOption "enable atuin with config";
  config = mkIf cfg.enable {
    programs.atuin = {
      enable = true;
      enableFishIntegration = true;
      settings = {
        auto_sync = true;
        sync_address = "https://atuin.example.com";
        sync_frequency = "5m";
        style = "compact";
        workspaces = true;
      };
    };
  };
}

Create an account on your first client:

atuin register

On all your other clients use

atuin login

To log in to the server.

You can now set openRegistration to false in your server configuration.

Good luck, have fun! :)