depot/third_party/nixpkgs/nixos/modules/services/networking/firefox-syncserver.md
Default email b5f92a349c Project import generated by Copybara.
GitOrigin-RevId: 7c9cc5a6e5d38010801741ac830a3f8fd667a7a0
2023-10-19 15:55:26 +02:00

2.2 KiB

Firefox Sync server

A storage server for Firefox Sync that you can easily host yourself.

Quickstart

The absolute minimal configuration for the sync server looks like this:

services.mysql.package = pkgs.mariadb;

services.firefox-syncserver = {
  enable = true;
  secrets = builtins.toFile "sync-secrets" ''
    SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store
  '';
  singleNode = {
    enable = true;
    hostname = "localhost";
    url = "http://localhost:5000";
  };
};

This will start a sync server that is only accessible locally. Once the services is running you can navigate to about:config in your Firefox profile and set identity.sync.tokenserver.uri to http://localhost:5000/1.0/sync/1.5. Your browser will now use your local sync server for data storage.

::: {.warning} This configuration should never be used in production. It is not encrypted and stores its secrets in a world-readable location. :::

More detailed setup

The firefox-syncserver service provides a number of options to make setting up small deployment easier. These are grouped under the singleNode element of the option tree and allow simple configuration of the most important parameters.

Single node setup is split into two kinds of options: those that affect the sync server itself, and those that affect its surroundings. Options that affect the sync server are capacity, which configures how many accounts may be active on this instance, and url, which holds the URL under which the sync server can be accessed. The url can be configured automatically when using nginx.

Options that affect the surroundings of the sync server are enableNginx, enableTLS and hostname. If enableNginx is set the sync server module will automatically add an nginx virtual host to the system using hostname as the domain and set url accordingly. If enableTLS is set the module will also enable ACME certificates on the new virtual host and force all connections to be made via TLS.

For actual deployment it is also recommended to store the secrets file in a secure location.