2023-01-10 11:34:37 +00:00
|
|
|
<!-- Do not edit this file directly, edit its companion .md instead
|
|
|
|
and regenerate this file using nixos/doc/manual/md-to-db.sh -->
|
2022-06-08 02:26:34 +00:00
|
|
|
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-firefox-syncserver">
|
|
|
|
<title>Firefox Sync server</title>
|
|
|
|
<para>
|
|
|
|
A storage server for Firefox Sync that you can easily host yourself.
|
|
|
|
</para>
|
|
|
|
<section xml:id="module-services-firefox-syncserver-quickstart">
|
|
|
|
<title>Quickstart</title>
|
|
|
|
<para>
|
|
|
|
The absolute minimal configuration for the sync server looks like
|
|
|
|
this:
|
|
|
|
</para>
|
|
|
|
<programlisting language="nix">
|
|
|
|
services.mysql.package = pkgs.mariadb;
|
|
|
|
|
|
|
|
services.firefox-syncserver = {
|
|
|
|
enable = true;
|
|
|
|
secrets = builtins.toFile "sync-secrets" ''
|
|
|
|
SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store
|
|
|
|
'';
|
|
|
|
singleNode = {
|
|
|
|
enable = true;
|
|
|
|
hostname = "localhost";
|
|
|
|
url = "http://localhost:5000";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
</programlisting>
|
|
|
|
<para>
|
|
|
|
This will start a sync server that is only accessible locally.
|
|
|
|
Once the services is running you can navigate to
|
|
|
|
<literal>about:config</literal> in your Firefox profile and set
|
|
|
|
<literal>identity.sync.tokenserver.uri</literal> to
|
|
|
|
<literal>http://localhost:5000/1.0/sync/1.5</literal>. Your
|
|
|
|
browser will now use your local sync server for data storage.
|
|
|
|
</para>
|
|
|
|
<warning>
|
|
|
|
<para>
|
|
|
|
This configuration should never be used in production. It is not
|
|
|
|
encrypted and stores its secrets in a world-readable location.
|
|
|
|
</para>
|
|
|
|
</warning>
|
|
|
|
</section>
|
|
|
|
<section xml:id="module-services-firefox-syncserver-configuration">
|
|
|
|
<title>More detailed setup</title>
|
|
|
|
<para>
|
|
|
|
The <literal>firefox-syncserver</literal> service provides a
|
|
|
|
number of options to make setting up small deployment easier.
|
|
|
|
These are grouped under the <literal>singleNode</literal> element
|
|
|
|
of the option tree and allow simple configuration of the most
|
|
|
|
important parameters.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Single node setup is split into two kinds of options: those that
|
|
|
|
affect the sync server itself, and those that affect its
|
|
|
|
surroundings. Options that affect the sync server are
|
|
|
|
<literal>capacity</literal>, which configures how many accounts
|
|
|
|
may be active on this instance, and <literal>url</literal>, which
|
|
|
|
holds the URL under which the sync server can be accessed. The
|
|
|
|
<literal>url</literal> can be configured automatically when using
|
|
|
|
nginx.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Options that affect the surroundings of the sync server are
|
|
|
|
<literal>enableNginx</literal>, <literal>enableTLS</literal> and
|
|
|
|
<literal>hostnam</literal>. If <literal>enableNginx</literal> is
|
|
|
|
set the sync server module will automatically add an nginx virtual
|
|
|
|
host to the system using <literal>hostname</literal> as the domain
|
|
|
|
and set <literal>url</literal> accordingly. If
|
|
|
|
<literal>enableTLS</literal> is set the module will also enable
|
|
|
|
ACME certificates on the new virtual host and force all
|
|
|
|
connections to be made via TLS.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
For actual deployment it is also recommended to store the
|
|
|
|
<literal>secrets</literal> file in a secure location.
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
</chapter>
|