diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/firefox-syncserver.md')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/firefox-syncserver.md | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/firefox-syncserver.md b/nixpkgs/nixos/modules/services/networking/firefox-syncserver.md new file mode 100644 index 000000000000..3ee863343ece --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/firefox-syncserver.md @@ -0,0 +1,55 @@ +# Firefox Sync server {#module-services-firefox-syncserver} + +A storage server for Firefox Sync that you can easily host yourself. + +## Quickstart {#module-services-firefox-syncserver-quickstart} + +The absolute minimal configuration for the sync server looks like this: + +```nix +services.mysql.package = pkgs.mariadb; + +services.firefox-syncserver = { + enable = true; + secrets = builtins.toFile "sync-secrets" '' + SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store + ''; + singleNode = { + enable = true; + hostname = "localhost"; + url = "http://localhost:5000"; + }; +}; +``` + +This will start a sync server that is only accessible locally. Once the services is +running you can navigate to `about:config` in your Firefox profile and set +`identity.sync.tokenserver.uri` to `http://localhost:5000/1.0/sync/1.5`. Your browser +will now use your local sync server for data storage. + +::: {.warning} +This configuration should never be used in production. It is not encrypted and +stores its secrets in a world-readable location. +::: + +## More detailed setup {#module-services-firefox-syncserver-configuration} + +The `firefox-syncserver` service provides a number of options to make setting up +small deployment easier. These are grouped under the `singleNode` element of the +option tree and allow simple configuration of the most important parameters. + +Single node setup is split into two kinds of options: those that affect the sync +server itself, and those that affect its surroundings. Options that affect the +sync server are `capacity`, which configures how many accounts may be active on +this instance, and `url`, which holds the URL under which the sync server can be +accessed. The `url` can be configured automatically when using nginx. + +Options that affect the surroundings of the sync server are `enableNginx`, +`enableTLS` and `hostnam`. If `enableNginx` is set the sync server module will +automatically add an nginx virtual host to the system using `hostname` as the +domain and set `url` accordingly. If `enableTLS` is set the module will also +enable ACME certificates on the new virtual host and force all connections to +be made via TLS. + +For actual deployment it is also recommended to store the `secrets` file in a +secure location. |