pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / firefox-syncserver.md
at 25.11-pre 2.3 kB view raw view rendered
1# Firefox Sync server {#module-services-firefox-syncserver} 2 3A storage server for Firefox Sync that you can easily host yourself. 4 5## Quickstart {#module-services-firefox-syncserver-quickstart} 6 7The absolute minimal configuration for the sync server looks like this: 8 9```nix 10{ 11 services.mysql.package = pkgs.mariadb; 12 13 services.firefox-syncserver = { 14 enable = true; 15 secrets = builtins.toFile "sync-secrets" '' 16 SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store 17 ''; 18 singleNode = { 19 enable = true; 20 hostname = "localhost"; 21 url = "http://localhost:5000"; 22 }; 23 }; 24} 25``` 26 27This will start a sync server that is only accessible locally. Once the services is 28running you can navigate to `about:config` in your Firefox profile and set 29`identity.sync.tokenserver.uri` to `http://localhost:5000/1.0/sync/1.5`. Your browser 30will now use your local sync server for data storage. 31 32::: {.warning} 33This configuration should never be used in production. It is not encrypted and 34stores its secrets in a world-readable location. 35::: 36 37## More detailed setup {#module-services-firefox-syncserver-configuration} 38 39The `firefox-syncserver` service provides a number of options to make setting up 40small deployment easier. These are grouped under the `singleNode` element of the 41option tree and allow simple configuration of the most important parameters. 42 43Single node setup is split into two kinds of options: those that affect the sync 44server itself, and those that affect its surroundings. Options that affect the 45sync server are `capacity`, which configures how many accounts may be active on 46this instance, and `url`, which holds the URL under which the sync server can be 47accessed. The `url` can be configured automatically when using nginx. 48 49Options that affect the surroundings of the sync server are `enableNginx`, 50`enableTLS` and `hostname`. If `enableNginx` is set the sync server module will 51automatically add an nginx virtual host to the system using `hostname` as the 52domain and set `url` accordingly. If `enableTLS` is set the module will also 53enable ACME certificates on the new virtual host and force all connections to 54be made via TLS. 55 56For actual deployment it is also recommended to store the `secrets` file in a 57secure location.