Error: Unauthorized: Unauthorized.

[TornaxO7]

This is my attic NixOS config:

port: { config, inputs, ... }:
let
  portStr = toString port;
in
{
  imports = [
    inputs.attic.nixosModules.atticd
  ];

  config = {
    services.atticd = {
      enable = true;

      credentialsFile = config.age.secrets.atticd.path;

      settings = {
        listen = "[::]:${portStr}";
        chunking = {
          # The minimum NAR size to trigger chunking
          #
          # If 0, chunking is disabled entirely for newly-uploaded NARs.
          # If 1, all NARs are chunked.
          nar-size-threshold = 64 * 1024; # 64 KiB

          # The preferred minimum size of a chunk, in bytes
          min-size = 16 * 1024; # 16 KiB

          # The preferred average size of a chunk, in bytes
          avg-size = 64 * 1024; # 64 KiB

          # The preferred maximum size of a chunk, in bytes
          max-size = 256 * 1024; # 256 KiB
        };
      };
    };
  };
}

It also seems to be healthy (output of sudo systemctl status atticd.service`):

● atticd.service
     Loaded: loaded (/etc/systemd/system/atticd.service; enabled; preset: enabled)
     Active: active (running) since Mon 2024-09-02 00:55:25 CEST; 9min ago
   Main PID: 1640779 (atticd)
         IP: 1.8K in, 1.1K out
         IO: 0B read, 32.0K written
      Tasks: 8 (limit: 38215)
     Memory: 2.9M (peak: 3.7M)
        CPU: 61ms
     CGroup: /system.slice/atticd.service
             └─1640779 /nix/store/k98rsc5md431frxfdnz98wb0cz983yz7-attic-server-0.1.0/bin/atticd -f /nix/store/mjaav1x8rpqqf4qy0mbbml7j7lk5qcp1-checked-attic-server.toml --mode monolithic
                                                                                                                                                                                             
Sep 02 00:55:25 nas systemd[1]: Started atticd.service.
Sep 02 00:55:25 nas atticd[1640779]: Attic Server 0.1.0 (release)
Sep 02 00:55:25 nas atticd[1640779]: Running migrations...
Sep 02 00:55:25 nas atticd[1640779]: Starting API server...
Sep 02 00:55:25 nas atticd[1640779]: Listening on [::]:49400...

I created then a token with the following command:

# somehow I'm getting a `cd permission denied` error if I'm in my home-directory, so I'm going to the `/tmp` directory
# where everyone can write to it
cd /tmp
sudo atticd-atticadm make-token --sub main --validity "99 years" --pull "main" --push "main">  ~/attic_token.txt

afterwards, on a client, I'm executing:

attic login --set-default nas http://nas:49400 <token>
attic cache create test

but attic cache create test gives me the following error message:

Error: Unauthorized: Unauthorized.

does anyone know why this happens?

[cole-h]

That's because the create-cache permission is separate from the push and pull permissions. If you want to be able to create caches with that token, you'll need to give it that permission.

[TornaxO7]

I created the token with

sudo atticd-atticadm make-token --sub "main" --validity "99 years" --pull "main" --push "main" --de
lete "main" --create-cache "main" --configure-cache "main" --configure-cache-retention "main" --destr
oy-cache "main" > ~/attic_token.txt

now, but I'm still getting the error message on one of my clients after executing:

attic login --set-default nas http://nas:49400 <token>
attic cache create main

Different approach

Somehow I'm getting a different error message, if I use a file for the token:
On my server, I'm executing:

cd /tmp
sudo atticd-atticadm make-token --sub "main" --validity "99 years" --pull "main" --push "main" --delete "main" --create-cache "main" --configure-cache "main" --configure-cache-retention "main" --destroy-cache "main" > attic_token.txt
# send the token to my pc (client)
rsync ./attic_token.txt pc:/home/tornax

then on my pc:

attic login --set-default nas http://nas:49400 $(cat attic_token.txt)
attic cache create main

    thread 'main' panicked at client/src/api/mod.rs:242:79:
    called `Result::unwrap()` on an `Err` value: InvalidHeaderValue
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

[zhaofengli]

What does your ~/.config/attic/config.toml look like after all this? Remember to redact the actual endpoint and the tokens.

[TornaxO7]

What does your ~/.config/attic/config.toml look like after all this? Remember to redact the actual endpoint and the tokens.

default-server = "nas"

[servers.nas]
endpoint = "http://nas:49400"
token = "<chars>\r"

[zhaofengli]

That extra \r seems to be the issue. Could you try removing it?

The Attic client should just strip out trailing line endings when adding the token. Adding a todo for later.

[TornaxO7]

That extra \r seems to be the issue. Could you try removing it?

The Attic client should just strip out trailing line endings when adding the token. Adding a todo for later.

Now I'm getting

thread 'main' panicked at client/src/api/mod.rs:242:79:
called `Result::unwrap()` on an `Err` value: InvalidHeaderValue
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace