pyrox.dev
1<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-firefox-syncserver">
2 <title>Firefox Sync server</title>
3 <para>
4 A storage server for Firefox Sync that you can easily host yourself.
5 </para>
6 <section xml:id="module-services-firefox-syncserver-quickstart">
7 <title>Quickstart</title>
8 <para>
9 The absolute minimal configuration for the sync server looks like
10 this:
11 </para>
12 <programlisting language="nix">
13services.mysql.package = pkgs.mariadb;
14
15services.firefox-syncserver = {
16 enable = true;
17 secrets = builtins.toFile "sync-secrets" ''
18 SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store
19 '';
20 singleNode = {
21 enable = true;
22 hostname = "localhost";
23 url = "http://localhost:5000";
24 };
25};
26</programlisting>
27 <para>
28 This will start a sync server that is only accessible locally.
29 Once the services is running you can navigate to
30 <literal>about:config</literal> in your Firefox profile and set
31 <literal>identity.sync.tokenserver.uri</literal> to
32 <literal>http://localhost:5000/1.0/sync/1.5</literal>. Your
33 browser will now use your local sync server for data storage.
34 </para>
35 <warning>
36 <para>
37 This configuration should never be used in production. It is not
38 encrypted and stores its secrets in a world-readable location.
39 </para>
40 </warning>
41 </section>
42 <section xml:id="module-services-firefox-syncserver-configuration">
43 <title>More detailed setup</title>
44 <para>
45 The <literal>firefox-syncserver</literal> service provides a
46 number of options to make setting up small deployment easier.
47 These are grouped under the <literal>singleNode</literal> element
48 of the option tree and allow simple configuration of the most
49 important parameters.
50 </para>
51 <para>
52 Single node setup is split into two kinds of options: those that
53 affect the sync server itself, and those that affect its
54 surroundings. Options that affect the sync server are
55 <literal>capacity</literal>, which configures how many accounts
56 may be active on this instance, and <literal>url</literal>, which
57 holds the URL under which the sync server can be accessed. The
58 <literal>url</literal> can be configured automatically when using
59 nginx.
60 </para>
61 <para>
62 Options that affect the surroundings of the sync server are
63 <literal>enableNginx</literal>, <literal>enableTLS</literal> and
64 <literal>hostnam</literal>. If <literal>enableNginx</literal> is
65 set the sync server module will automatically add an nginx virtual
66 host to the system using <literal>hostname</literal> as the domain
67 and set <literal>url</literal> accordingly. If
68 <literal>enableTLS</literal> is set the module will also enable
69 ACME certificates on the new virtual host and force all
70 connections to be made via TLS.
71 </para>
72 <para>
73 For actual deployment it is also recommended to store the
74 <literal>secrets</literal> file in a secure location.
75 </para>
76 </section>
77</chapter>