nixpkgs/nixos/modules/services/networking/firefox-syncserver.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-firefox-syncserver">
  <title>Firefox Sync server</title>
  <para>
    A storage server for Firefox Sync that you can easily host yourself.
  </para>
  <section xml:id="module-services-firefox-syncserver-quickstart">
    <title>Quickstart</title>
    <para>
      The absolute minimal configuration for the sync server looks like
      this:
    </para>
    <programlisting language="nix">
services.mysql.package = pkgs.mariadb;

services.firefox-syncserver = {
  enable = true;
  secrets = builtins.toFile &quot;sync-secrets&quot; ''
    SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store
  '';
  singleNode = {
    enable = true;
    hostname = &quot;localhost&quot;;
    url = &quot;http://localhost:5000&quot;;
  };
};
</programlisting>
    <para>
      This will start a sync server that is only accessible locally.
      Once the services is running you can navigate to
      <literal>about:config</literal> in your Firefox profile and set
      <literal>identity.sync.tokenserver.uri</literal> to
      <literal>http://localhost:5000/1.0/sync/1.5</literal>. Your
      browser will now use your local sync server for data storage.
    </para>
    <warning>
      <para>
        This configuration should never be used in production. It is not
        encrypted and stores its secrets in a world-readable location.
      </para>
    </warning>
  </section>
  <section xml:id="module-services-firefox-syncserver-configuration">
    <title>More detailed setup</title>
    <para>
      The <literal>firefox-syncserver</literal> service provides a
      number of options to make setting up small deployment easier.
      These are grouped under the <literal>singleNode</literal> element
      of the option tree and allow simple configuration of the most
      important parameters.
    </para>
    <para>
      Single node setup is split into two kinds of options: those that
      affect the sync server itself, and those that affect its
      surroundings. Options that affect the sync server are
      <literal>capacity</literal>, which configures how many accounts
      may be active on this instance, and <literal>url</literal>, which
      holds the URL under which the sync server can be accessed. The
      <literal>url</literal> can be configured automatically when using
      nginx.
    </para>
    <para>
      Options that affect the surroundings of the sync server are
      <literal>enableNginx</literal>, <literal>enableTLS</literal> and
      <literal>hostnam</literal>. If <literal>enableNginx</literal> is
      set the sync server module will automatically add an nginx virtual
      host to the system using <literal>hostname</literal> as the domain
      and set <literal>url</literal> accordingly. If
      <literal>enableTLS</literal> is set the module will also enable
      ACME certificates on the new virtual host and force all
      connections to be made via TLS.
    </para>
    <para>
      For actual deployment it is also recommended to store the
      <literal>secrets</literal> file in a secure location.
    </para>
  </section>
</chapter>