No description
Find a file
JMARyA f51cb9614e
All checks were successful
moira/publish moira/publish — succeeded
test(nix): fix stale tests, add backup-push and branch-rollback
two-node.nix: add tokenFile to nodeA — the loopback-or-token module
assertion (added in 19eeaf3) now rejects a non-loopback bind without a
token at eval time, mirroring the daemon's own runtime check. Update
the pull command to pass --token.

two-node-push.nix: replace ?token= query params with Authorization:
Bearer headers — query-param token support was removed in 1fd03b4 to
prevent tokens leaking into logs and URLs.

backup-push.nix: new two-node test for services.ore.backups with a push
sink. A token-less client snapshots /tmp/data and pushes to a
token-guarded hub; verifies initial and incremental backups materialize
correctly and appear in the hub log.

branch-rollback.nix: new single-node test for ore reset and the reflog.
Creates two snapshots, rolls main back to the first, confirms content
reverts, verifies the superseded snapshot is still reachable by object
id, and checks the reflog records the reset entry.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-04 01:51:59 +02:00
.moira/envs feat(nix): add moira publish pipeline for the ore container image 2026-07-01 19:27:48 +02:00
crates feat(cli): pull progress bar, snapshot push progress, --all-branches 2026-07-04 00:33:13 +02:00
docs docs(backups): requirements, best practices, and tool comparison 2026-07-04 00:37:50 +02:00
nix test(nix): fix stale tests, add backup-push and branch-rollback 2026-07-04 01:51:59 +02:00
todo feat(sync): encrypted states in daemon-mode snapshot 2026-07-02 13:13:05 +02:00
.envrc WIP: init 2026-06-30 00:41:59 +02:00
.gitignore Initial commit: .gitignore 2026-06-30 00:27:40 +02:00
Cargo.lock fix(sync): stream whole content pipeline, O(chunk) memory 2026-07-03 10:49:58 +02:00
Cargo.toml fix(sync): stream whole content pipeline, O(chunk) memory 2026-07-03 10:49:58 +02:00
flake.lock feat(nix): add moira publish pipeline for the ore container image 2026-07-01 19:27:48 +02:00
flake.nix test(nix): fix stale tests, add backup-push and branch-rollback 2026-07-04 01:51:59 +02:00
shell.nix WIP: init 2026-06-30 00:41:59 +02:00

Ore ⛏️ — docs

One abstraction — state — and backups, archives, distribution, sync, and
filesystems all fall out of it.

Ore stores your data as versioned, content-addressed state instead of as
files-in-a-filesystem or blobs-in-a-bucket. You snapshot data into a state, the
history is immutable and deduplicated, and every other behaviour — backing up,
archiving, serving, syncing, mounting — is just a view of that one model.

This directory is the user-facing documentation: what Ore is for and how
it feels to use. For the design rationale and on-disk format, see
../todo/architecture/.


The mental model (the whole thing)

Node                a sovereign machine: an identity (ed25519 key) + an object store
 └─ State           a versioned thing with a stable UUID (photos, postgres, dataset…)
     └─ Branch      a mutable named pointer → a snapshot   (the ONLY mutable thing)
         └─ Tree    the snapshot's content: files + dirs
             └─ entry   each file/dir carries tags (mode, owner, mtime, xattrs)

The one rule everything follows:

data        = immutable, content-addressed (id = BLAKE3 of the stored bytes)
references  = mutable, named               (branches)

Integrity, dedup, cheap snapshots, rollback, and replication are consequences
of that rule, not features bolted on.

Three things worth internalising:

  • A node holds many states. There is no separate "repo" — the .ore/
    directory is a node. A node can hold a public docs state and an encrypted
    secrets state side by side, each with its own key.
  • Directories are decoupled from states. A state owns no directory. You
    snapshot a directory into a state and materialize a state out to a
    directory. The same history can be projected to many directories, or none.
  • Encryption is per-state, the store is always opaque. The object store only
    ever holds hash-addressed bytes; a private state's bytes are ciphertext and its
    id is the hash of that ciphertext — so a machine can hold and replicate an
    encrypted state without ever holding the key (a blind replica).

Use cases

Start here — each one is the same model wearing a different hat:

Use case One line Status
Backups The bk/restic successor: snapshot + replicate, encrypted core works
Archive & big data Frozen, browsable, deduplicated history of huge trees core works
Synchronization The same state on many machines, authenticated core works
Artifacts Immutable, content-addressed build outputs / releases 🟡 usable, no registry UX
CDN / content distribution Serve state to many readers from edge replicas 🟡 read API exists
Filesystem (FUSE) Mount a state and live in it 🧪 designed, not built
Containers / CSI State as a Kubernetes volume 🧪 designed, not built

Status legend: works today · 🟡 partially works / rough edges · 🧪 designed,
stubbed, or not yet built. Docs for 🧪 features describe the intended UX so the
shape is committed before the code exists.


Also here

  • Concepts — the architecture model: nodes, states, squads,
    policies, sharing, replication, and how they interact.
  • CLI reference — every ore command that exists today.
  • Storage architecture — the durability invariants,
    write protocol, fsck model, and real-node test gate.
  • Running with Nix — dev shell, the ore package, and the
    services.ore NixOS module (the declarative-backups story).
  • Monitoring — the /metrics Prometheus endpoint and an
    importable Grafana dashboard.