diff --git a/_posts/2021-09-23-quick-tour-of-garage.md b/_posts/2021-09-23-quick-tour-of-garage.md
new file mode 100644
index 0000000..8ce068b
--- /dev/null
+++ b/_posts/2021-09-23-quick-tour-of-garage.md
@@ -0,0 +1,496 @@
+---
+layout: post
+slug: a-quick-tour-of-garage
+status: published
+sitemap: true
+title: A quick tour of Garage
+description: Garage is a new lightweight and versatile object storage platform implementing the S3 API, let's quickly deploy it.
+category: operation
+tags:
+---
+
+
+[Garage](https://garagehq.deuxfleurs.fr) is an object storage platform that can be used as a drop-in replacement for AWS S3.
+It is designed to run on bare metal hardware and has no dependency on any cloud provider.
+In this article, I quickly deploy a geo-distributed Garage cluster and use it as a backend for Nextcloud.
+
+I chose to use a cloud platform (Scaleway) to easily and quickly spawn geo-distributed machines.
+To abstract our machines deployment, I wrote a small tool named [nuage](https://git.deuxfleurs.fr/quentin/nuage).
+
+You will need a working account on [Scaleway](https://console.scaleway.com).
+Then, we will need to install some tools on our machine (be sure to have [go](https://golang.org) installed).
+
+Let's install Scaleway's CLI tool:
+
+```bash
+sudo curl -o /usr/local/bin/scw -L "https://github.com/scaleway/scaleway-cli/releases/download/v2.3.1/scw-2.3.1-linux-x86_64"
+sudo chmod +x /usr/local/bin/scw
+scw init # enter your scaleway credentials
+```
+
+And my helper to easily deploy instances on Scaleway:
+
+```bash
+go install git.deuxfleurs.fr/quentin/nuage@latest
+export PATH="$PATH:$HOME/go/bin"
+nuage # display how to use the tool
+```
+
+Now, we are ready to spawn some machines!
+
+## Spawn machines
+
+We start by creating our `nuage` inventory in a file named `garage_inventory.txt`:
+
+```
+fr-par-1 dev1-s debian_bullseye garage-fr-1
+fr-par-1 dev1-s debian_bullseye garage-fr-2
+pl-waw-1 dev1-s debian_bullseye garage-pl-1
+pl-waw-1 dev1-s debian_bullseye garage-pl-2
+nl-ams-1 dev1-s debian_bullseye garage-nl-1
+nl-ams-1 dev1-s debian_bullseye garage-nl-2
+```
+
+Then let's pass it to `nuage`:
+
+```bash
+nuage spawn < ./garage_inventory.txt
+```
+
+`nuage` will spawn 6 machines:
+  - 2 machines in Paris, France
+  - 2 machines in Warsaw, Poland
+  - 2 machines in Amsterdam, Netherlands
+
+All instances will run debian on Scaleway's cheap [dev1-s](https://www.scaleway.com/en/pricing/#development-instances) instances.
+For the naming of our instances, we built it following this pattern: `garage-<zone>-<id>`.
+
+Now, we suppose that the instances are started and your able to login on them, for example:
+
+```
+ssh root@51.15.227.63
+```
+
+## Some crypto
+
+Our garage instances will communicate together securely through TLS.
+We need to generate some certificates locally that we will deploy on the remote instances later.
+To ease the operation, we provide a small handler named `genkeys.sh` to generate all the needed keys:
+
+```
+wget https://git.deuxfleurs.fr/Deuxfleurs/garage/raw/tag/v0.3.0/genkeys.sh
+chmod +x ./genkeys.sh
+./genkeys.sh
+```
+
+Now you should have a folder named `pki` containing both the key and the certificate for your CA and your end-entity.
+Ideally, each node would have its own end-entity certificate but to simplify the configuration, we will use only once in this tour.
+
+Let's create a script to deploy our pki:
+
+```bash
+cat > deploy_pki.sh <<EOF
+#!/bin/bash
+mkdir -p /etc/garage/pki
+cat > /etc/garage/pki/garage-ca.crt <<EOG
+$(cat pki/garage-ca.crt)
+EOG
+cat > /etc/garage/pki/garage.crt <<EOG
+$(cat pki/garage.crt)
+EOG
+cat > /etc/garage/pki/garage.key <<EOG
+$(cat pki/garage.key)
+EOG
+EOF
+```
+
+Then send and execute our generated script on each of our machine.
+
+```
+nuage run ./deploy_pki.sh < ./garage-inventory.txt
+```
+
+## Configuration
+
+Garage needs a small configuration file to work.
+
+Again, we will write a deployment script.
+You must adapt the `bootstrap_peers` section to your instances, you can run again `nuage spawn < ./garage-inventory.txt` to get their addresses.
+Not all IP addresses are needed, after a discovery phase, garage maintains its own list and exchange it regulargy with its peers
+
+Save the following file as `deploy_conf.sh` once you edited it (we arbitrarily chose to put 3 IPs here):
+
+```bash
+#!/bin/bash
+cat > /etc/garage/config.toml <<EOF
+metadata_dir = "/var/lib/garage/meta"
+data_dir = "/var/lib/garage/data"
+replication_mode = "3"
+rpc_bind_addr = "[::]:3901"
+bootstrap_peers = [
+  "51.15.59.148:3901",
+  "51.15.227.63:3901",
+  "51.15.206.116:3901",
+]
+[rpc_tls]
+ca_cert = "/etc/garage/pki/garage-ca.crt"
+node_cert = "/etc/garage/pki/garage.crt"
+node_key = "/etc/garage/pki/garage.key"
+[s3_api]
+s3_region = "garage"
+api_bind_addr = "[::]:3900"
+[s3_web]
+bind_addr = "[::]:3902"
+root_domain = ".web.garage"
+index = "index.html"
+EOF
+```
+
+And now, the deployment:
+
+```bash
+nuage run ./deploy_conf.sh < ./garage-inventory.txt
+```
+
+## Binary and service
+
+And this is already the last step of our deployment, installing the binary and the systemd service.
+Again, we write a deployment script, named `deploy_bin.sh` this time:
+
+```bash
+#!/bin/bash
+# Downloading Garage
+wget https://garagehq.deuxfleurs.fr/_releases/v0.3.0/x86_64-unknown-linux-musl/garage -O /usr/local/bin/garage
+chmod +x /usr/local/bin/garage
+# Creating a control command
+cat > /usr/local/bin/garagectl <<EOF
+#!/bin/bash
+/usr/local/bin/garage \
+  --ca-cert /etc/garage/pki/garage-ca.crt \
+  --client-cert /etc/garage/pki/garage.crt \
+  --client-key /etc/garage/pki/garage.key \
+  \$@
+EOF
+chmod +x /usr/local/bin/garagectl
+# Creating a systemd service
+cat > /etc/systemd/system/garage.service <<EOF
+[Unit]
+Description=Garage Data Store
+After=network-online.target
+Wants=network-online.target
+[Service]
+Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1'
+ExecStart=/usr/local/bin/garage server -c /etc/garage/config.toml
+DynamicUser=true
+StateDirectory=garage
+[Install]
+WantedBy=multi-user.target
+EOF
+# Activating it
+systemctl daemon-reload
+systemctl enable garage
+systemctl start garage
+```
+
+And we execute it:
+
+```
+nuage run ./deploy_bin.sh < ./garage-inventory.txt
+```
+
+## garagectl
+
+Now that we have built a cluster, we can connect on a machine and use garagectl to configure cluster-wide parameters.
+So, first connect on any server (you can run `nuage spawn < garage-inventory.txt` to get your nodes IP addresses).
+For example:
+
+```bash
+ssh root@51.158.182.206
+```
+
+You can see the current cluster status with:
+
+```bash
+garagectl status
+```
+
+We will then configure each node, assigning them:
+  - a relative size, because all our nodes have the same storage space, we will put a size of 1 everywhere.
+  - a zone, that will match the country where our instances are hosted
+
+
+```bash
+garagectl status
+garagectl node configure -c 1 -z pl ??
+garagectl node configure -c 1 -z pl ??
+garagectl node configure -c 1 -z fr ??
+# etc.
+```
+
+Now, we can create a key, a bucket, and allow the key to access the bucket:
+
+```bash
+garagectl key new --name quentin
+garagectl bucket create my_files
+garagectl bucket allow my_files --read --write --key GKfd49e3906e5d2e3e23ee07f9
+```
+
+Back to our local machine, we can already interact with our cluster through `awscli`.
+
+You can install `awscli` as follow:
+
+```
+curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+unzip awscliv2.zip
+sudo ./aws/install
+```
+
+And quickly setup it by creating a file `~/.awsrc` (edit with your access key, secret key and endpoint):
+
+```bash
+export AWS_ACCESS_KEY_ID=GKfd49e3906e5d2e3e23ee07f9
+export AWS_SECRET_ACCESS_KEY=xxxxxx
+export AWS_DEFAULT_REGION='garage'
+function aws { command aws --endpoint-url http://51.158.182.206:3900 $@ ; }
+aws --version
+```
+
+And then, each time you want to use it, run:
+
+```bash
+source ~/.awsrc
+```
+
+Now, you should be able to use the awscli command freely:
+
+```bash
+aws s3 ls # list buckets
+aws s3 cp garage-inventory.txt s3://my_files/inventory.txt # send a file
+aws s3 ls my_files # list files in the bucket
+```
+
+## Nextcloud
+
+We will provision another machine specifically for Nextcloud.
+We start by creating a file named `nextcloud-inventory.txt` containing:
+
+```
+fr-par-1 dev1-s debian_bullseye nextcloud-fr-1
+```
+
+And spawn it:
+
+```
+nuage spawn < ./nextcloud-inventory.txt
+```
+
+Then we create an install script for Nextcloud named `deploy_nextcloud.sh`:
+
+```bash
+#!/bin/bash
+apt-get update
+apt-get install -y apache2 mariadb-server libapache2-mod-php7.4 php7.4-gd \
+php7.4-mysql php7.4-curl php7.4-mbstring php7.4-intl php7.4-gmp \
+php7.4-bcmath php-imagick php7.4-xml php7.4-zip unzip
+systemctl start mysql
+mysql -u root --password="" <<EOF
+CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
+CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'nextcloud';
+GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
+FLUSH PRIVILEGES;
+EOF
+rm -fr nextcloud.zip nextcloud/
+wget https://download.nextcloud.com/server/releases/nextcloud-22.1.1.zip -O nextcloud.zip
+unzip nextcloud.zip
+rm -fr /var/www/nextcloud
+mv nextcloud /var/www
+cat > /etc/apache2/sites-available/nextcloud.conf <<EOF
+Alias /nextcloud "/var/www/nextcloud/"
+
+<Directory /var/www/nextcloud/>
+  Require all granted
+  AllowOverride All
+  Options FollowSymLinks MultiViews
+
+  <IfModule mod_dav.c>
+    Dav off
+  </IfModule>
+</Directory>
+EOF
+a2ensite nextcloud.conf
+a2enmod rewrite
+a2enmod headers
+a2enmod env
+a2enmod dir
+a2enmod mime
+systemctl restart apache2
+chown -R www-data:www-data /var/www/nextcloud/
+```
+
+Then deploy it:
+
+```
+nuage run ./deploy_nextcloud.sh < ./nextcloud-inventory.txt
+```
+
+Then open in your browser Nextcloud, for me http://212.47.230.180/nextcloud.
+Finish the installation by providing requested information.
+
+Now we will configure Nextcloud to use Garage as its primary object storage.
+You can also [read its documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html).
+
+First, we need to create the bucket and the key (and will also allow our own key):
+
+```bash
+garagectl bucket create nextcloud
+garagectl key new --name nextcloud
+garagectl bucket allow nextcloud --read --write GK872ebec80feae4ad663e82ec
+garagectl bucket allow nextcloud --read GKfd49e3906e5d2e3e23ee07f9
+```
+
+We will SSH on the server and edit `config.php`
+
+```bash
+ssh root@212.47.230.180
+vim /var/www/nextcloud/config/config.php
+```
+
+and add:
+
+```php
+<?php
+$CONFIG = array(
+/* some other config */
+'objectstore' => [
+        'class' => '\\OC\\Files\\ObjectStore\\S3',
+        'arguments' => [
+                'bucket' => 'nextcloud',
+                'autocreate' => false,
+                'key'    => 'GK872ebec80feae4ad663e82ec',
+                'secret' => 'xxxxxxxxxxxxx',
+                'hostname' => '51.158.182.206',
+                'port' => 3900,
+                'use_ssl' => false,
+                'region' => 'garage',
+                // required for some non Amazon S3 implementations
+                'use_path_style' => true
+        ],
+],
+```
+
+*If you have some errors after reloading the page, run `tail -f /var/www/nextcloud/media/nextcloud.log`*
+
+Primary storage is only one way to integrate Garage in Nextcloud, it is also possible to integrate it through the "External storage" plugin.
+This method is not covered here but you can refer to [Nextcloud's documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/external_storage_configuration_gui.html).
+
+After uploading a file, you can see how nextcloud store them internally through awscli:
+
+```
+aws s3 ls nextcloud
+```
+
+Our current deployment has some drawbacks: we have a single point of failure with only one server and data are not sent encrypted.
+One solution is to deploy garage on our server, locally, as a gateway.
+First, we install it normally:
+
+```bash
+nuage run ./deploy_pki.sh < ./nextcloud-inventory.txt
+nuage run ./deploy_conf.sh < ./nextcloud-inventory.txt
+nuage run ./deploy_bin.sh < ./nextcloud-inventory.txt
+```
+
+Then, we configure our new node as a gateway because we do not want to store data on it, we just want to use it to route data:
+
+```bash
+garagectl status
+garagectl node configure -z fr -g 2b145f7b4c15c2a4
+```
+
+Then we edit Nextcloud's configuration `/var/www/nextcloud/config/config.php` to just change the hostname:
+
+```php
+<?php
+$CONFIG = array(
+/* some other config */
+'objectstore' => [
+        'class' => '\\OC\\Files\\ObjectStore\\S3',
+        'arguments' => [
+                /* other arguments */
+                'hostname' => '127.0.0.1',
+                /* other arguments */
+        ],
+]
+```
+
+Now we have a high availability backend as our local gateway will try to route our request to available servers.
+
+## Handle crashes
+
+Start by choosing a node you want to crash:
+
+```bash
+nuage spawn < ./garage-inventory.txt
+```
+
+SSH on it, we will simulate its failure by just stopping it (there is no difference between graceful shutdown and crashes):
+
+```bash
+ssh root@151.115.34.19
+systemctl stop garage
+```
+
+Connect on another node and note that the node is unavailable:
+
+```bash
+ssh root@51.15.59.148
+garagectl status
+```
+
+For now, no re-balancing has been triggered.
+Garage allows for transient failures.
+If you want to re-balance, you have to explicitly remove the node from Garage.
+
+Now, let's assume this is only a transient failure, and let's restart it:
+
+```bash
+ssh root@151.115.34.19
+systemctl start garage
+journalctl -fu garage
+```
+
+Note how the repair is automatically triggered.
+You can still manually trigger a repair if you want:
+
+```bash
+garagectl repair --yes
+```
+
+Now let's assume that the machine burnt and all its disks are losts:
+
+```bash
+systemctl stop garage
+rm -r /var/lib/garage/
+systemctl start garage
+garagectl status
+```
+
+Now our node is seen as a new one and its old ID is seen as failed.
+We will replace the old node with this new one with a simple command:
+
+```
+garagectl node configure --replace 212027752f40c4d4 -c 1 -z pl 375690c499627ea8
+garagectl status
+```
+
+We do not cover this part, but you can also add or remove nodes at any time and trigger a re-balance.
+
+## Destroy our VM
+
+When you're done with this tour, just destroy the resources you created:
+
+```bash
+nuage destroy < ./garage-inventory.txt
+nuage destroy < ./nextcloud-inventory.txt
+```
+
+Thanks a lot, this is the end of my tour of Garage, see you next time :)