firefox sync

desktop/software/default.nix

@@ -49,6 +49,7 @@ in
         enable = true;
         settings = {
           "identity.fxaccounts.enabled" = true;
+          "identity.sync.tokenserver.uri" = "http://fx-sync.lan/1.0/sync/1.5";
           "webgl.disabled" = false;
           "privacy.resistFingerprinting" = false;
           "privacy.clearOnShutdown.history" = false;

host/roam/default.nix

@@ -1,5 +1,4 @@
-{ lib', ... }:
-{
+_: {
   networking.hostName = "roam";
 
   age.identityPaths = [
@@ -8,6 +7,7 @@
 
   imports = [
     ./backup.nix
+    ./firefox-sync.nix
     ./git.nix
     ./hardware-configuration.nix
     ./networking.nix

host/roam/firefox-sync.nix

@@ -0,0 +1,32 @@
+{
+  pkgs,
+  config,
+  secrets,
+  ...
+}:
+{
+  services.mysql.package = pkgs.mariadb;
+
+  age.secrets.roam-firefox-sync-secret = {
+    file = secrets.roam."firefox-sync-secret.age";
+    mode = "440";
+    owner = "root";
+    group = "root";
+  };
+
+  services.firefox-syncserver = {
+    enable = true;
+    secrets = config.age.secrets.roam-firefox-sync-secret.path;
+    singleNode = {
+      enable = true;
+      hostname = "fx-sync.lan";
+      enableTLS = false;
+    };
+  };
+  services.nginx.virtualHostsPriv."fx-sync.lan" = {
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.firefox-syncserver.settings.port}";
+      recommendedProxySettings = true;
+    };
+  };
+}

host/roam/services.nix

@@ -6,16 +6,16 @@
   services = {
     nginx = {
       enable = true;
-      defaultListen = [
-        {
-          addr = var.wg.ips.roam;
-          ssl = true;
-        }
-      ];
-      virtualHosts."roam.lan" = {
+      virtualHosts.default = {
+        serverName = "_";
+        default = true;
+        rejectSSL = true;
+        locations."/".return = "444";
+      };
+      virtualHostsPriv."roam.lan" = {
         locations."/" = { };
       };
-      virtualHostsPub."roam.hdohmen.de" = {
+      virtualHosts."roam.hdohmen.de" = {
         enableACME = true;
         locations."/" = { };
       };

mod/nginx.nix

@@ -2,14 +2,15 @@
   lib,
   options,
   config,
+  var,
   ...
 }:
 with lib;
 {
-  options.services.nginx.virtualHostsPub = mkOption {
+  options.services.nginx.virtualHostsPriv = mkOption {
     type = options.services.nginx.virtualHosts.type;
     default = { };
-    description = "Declarative vhost config listening to ::0 and 0.0.0.0";
+    description = "Declarative vhost config listening on onet";
   };
 
   config = {
@@ -17,28 +18,13 @@ with lib;
       _: v:
       v
       // {
-        addSSL = true;
         listen = [
           {
-            addr = "0.0.0.0";
-            port = 443;
-            ssl = true;
-          }
-          {
-            addr = "0.0.0.0";
-            port = 80;
-          }
-          {
-            addr = "[::0]";
-            port = 443;
-            ssl = true;
-          }
-          {
-            addr = "[::0]";
+            addr = var.wg.ips.roam;
             port = 80;
           }
         ];
       }
-    ) config.services.nginx.virtualHostsPub;
+    ) config.services.nginx.virtualHostsPriv;
   };
 }

secrets.nix

@@ -4,6 +4,7 @@ let
   keys = (import ./var { inherit lib; }).ssh-keys.root;
   secrets = [
     "roam/rclone-conf"
+    "roam/firefox-sync-secret"
     "hd-password"
   ];
 in

var/lan-dns.nix

@@ -1,18 +1,14 @@
 { lib, var, ... }:
 let
-  lan-tld = ".lan";
-  lan-base-domain = ".hdohmen.de";
   lan-hosts = lib.mapAttrs' (name: value: {
-    name = "${name}${lan-tld}";
+    name = "${name}.lan";
     inherit value;
   }) var.wg.ips;
+  custom-hosts = {
+    "fx-sync.lan" = var.wg.ips.roam;
+  };
 in
 rec {
   hostsFile = lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${v}\t${n}") hosts);
-  hosts =
-    lan-hosts
-    // lib.mapAttrs' (name: value: {
-      name = "${name}${lan-base-domain}";
-      inherit value;
-    }) lan-hosts;
+  hosts = lan-hosts // custom-hosts;
 }