diff options
Diffstat (limited to 'nixos/modules/services/networking/firefox-syncserver.xml')
| -rw-r--r-- | nixos/modules/services/networking/firefox-syncserver.xml | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/firefox-syncserver.xml b/nixos/modules/services/networking/firefox-syncserver.xml new file mode 100644 index 000000000000..66c812266951 --- /dev/null +++ b/nixos/modules/services/networking/firefox-syncserver.xml @@ -0,0 +1,77 @@ +<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-firefox-syncserver"> + <title>Firefox Sync server</title> + <para> + A storage server for Firefox Sync that you can easily host yourself. + </para> + <section xml:id="module-services-firefox-syncserver-quickstart"> + <title>Quickstart</title> + <para> + The absolute minimal configuration for the sync server looks like + this: + </para> + <programlisting language="nix"> +services.mysql.package = pkgs.mariadb; + +services.firefox-syncserver = { + enable = true; + secrets = builtins.toFile "sync-secrets" '' + SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store + ''; + singleNode = { + enable = true; + hostname = "localhost"; + url = "http://localhost:5000"; + }; +}; +</programlisting> + <para> + This will start a sync server that is only accessible locally. + Once the services is running you can navigate to + <literal>about:config</literal> in your Firefox profile and set + <literal>identity.sync.tokenserver.uri</literal> to + <literal>http://localhost:5000/1.0/sync/1.5</literal>. Your + browser will now use your local sync server for data storage. + </para> + <warning> + <para> + This configuration should never be used in production. It is not + encrypted and stores its secrets in a world-readable location. + </para> + </warning> + </section> + <section xml:id="module-services-firefox-syncserver-configuration"> + <title>More detailed setup</title> + <para> + The <literal>firefox-syncserver</literal> service provides a + number of options to make setting up small deployment easier. + These are grouped under the <literal>singleNode</literal> element + of the option tree and allow simple configuration of the most + important parameters. + </para> + <para> + Single node setup is split into two kinds of options: those that + affect the sync server itself, and those that affect its + surroundings. Options that affect the sync server are + <literal>capacity</literal>, which configures how many accounts + may be active on this instance, and <literal>url</literal>, which + holds the URL under which the sync server can be accessed. The + <literal>url</literal> can be configured automatically when using + nginx. + </para> + <para> + Options that affect the surroundings of the sync server are + <literal>enableNginx</literal>, <literal>enableTLS</literal> and + <literal>hostnam</literal>. If <literal>enableNginx</literal> is + set the sync server module will automatically add an nginx virtual + host to the system using <literal>hostname</literal> as the domain + and set <literal>url</literal> accordingly. If + <literal>enableTLS</literal> is set the module will also enable + ACME certificates on the new virtual host and force all + connections to be made via TLS. + </para> + <para> + For actual deployment it is also recommended to store the + <literal>secrets</literal> file in a secure location. + </para> + </section> +</chapter> |