nixos/firefox-syncserver: set default for oauth verifier threads

the 0.12.1 update introduced a static thread pool for verifying oauth tokens. set a reasonable default for self-hosted setups (10 threads).
author: pennae <github@quasiparticle.net> 2022-08-26 19:53:09 +0200
committer: pennae <82953136+pennae@users.noreply.github.com> 2022-10-06 14:48:53 +0200
commit: 8dc30e9e986eb195db842ff750482891e21179e5 (patch)
tree: 54ed41ad3803ba5b76fda5090d41412633937244 /nixos
parent: 609a1e8038745b008ec02528f98a2669bec538c2 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/firefox-syncserver.nix b/nixos/modules/services/networking/firefox-syncserver.nix
index fa8e4fcaed2f..52ed1c361537 100644
--- a/nixos/modules/services/networking/firefox-syncserver.nix
+++ b/nixos/modules/services/networking/firefox-syncserver.nix
@@ -19,6 +19,9 @@ let
       fxa_email_domain = "api.accounts.firefox.com";
       fxa_oauth_server_url = "https://oauth.accounts.firefox.com/v1";
       run_migrations = true;
+      # if JWK caching is not enabled the token server must verify tokens
+      # using the fxa api, on a thread pool with a static size.
+      additional_blocking_threads_for_fxa_requests = 10;
     } // lib.optionalAttrs cfg.singleNode.enable {
       # Single-node mode is likely to be used on small instances with little
       # capacity. The default value (0.1) can only ever release capacity when
author	pennae <github@quasiparticle.net>	2022-08-26 19:53:09 +0200
committer	pennae <82953136+pennae@users.noreply.github.com>	2022-10-06 14:48:53 +0200
commit	8dc30e9e986eb195db842ff750482891e21179e5 (patch)
tree	54ed41ad3803ba5b76fda5090d41412633937244 /nixos
parent	609a1e8038745b008ec02528f98a2669bec538c2 (diff)