Install firefox syncserver
This commit is contained in:
parent
7e84299d2b
commit
78d783e061
|
@ -55,18 +55,6 @@
|
|||
"rev": "4a9c484292e412980eb1a3f5da855b4df502d3b5",
|
||||
"type": "git"
|
||||
},
|
||||
"nixos-19.09": {
|
||||
"branch": "nixos-19.09",
|
||||
"description": "Nix Packages collection",
|
||||
"homepage": "",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1",
|
||||
"sha256": "157c64220lf825ll4c0cxsdwg7cxqdx4z559fdp7kpz0g6p8fhhr",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"branch": "master",
|
||||
"description": "A collection of NixOS modules covering hardware quirks.",
|
||||
|
|
|
@ -79,6 +79,7 @@ in {
|
|||
set -x
|
||||
set +e
|
||||
${start} pg_backup
|
||||
${start} mysql-backup
|
||||
${container} chor-cloud -- ${start} nextcloud-pg-backup
|
||||
${lib.concatMapStringsSep "\n" (name: "${start} ${name}") backupJobNames}
|
||||
${pkgs.coreutils}/bin/rm -rf /var/lib/db-backup-dumps/*
|
||||
|
|
|
@ -1,208 +1,42 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
pkgs = import (import ../../nix/sources.nix)."nixos-19.09" {};
|
||||
|
||||
cfg = config.services.firefox-syncserver;
|
||||
|
||||
defaultDbLocation = "/var/db/firefox-sync-server/firefox-sync-server.db";
|
||||
defaultSqlUri = "sqlite:///${defaultDbLocation}";
|
||||
|
||||
syncServerIni = pkgs.writeText "syncserver.ini" ''
|
||||
[DEFAULT]
|
||||
overrides = ${cfg.privateConfig}
|
||||
|
||||
[server:main]
|
||||
use = egg:gunicorn
|
||||
host = ${cfg.listen.address}
|
||||
port = ${toString cfg.listen.port}
|
||||
|
||||
[app:main]
|
||||
use = egg:syncserver
|
||||
|
||||
[syncserver]
|
||||
public_url = ${cfg.publicUrl}
|
||||
${optionalString (cfg.sqlUri != "") "sqluri = ${cfg.sqlUri}"}
|
||||
allow_new_users = ${boolToString cfg.allowNewUsers}
|
||||
force_wsgi_environ = true
|
||||
|
||||
[browserid]
|
||||
backend = tokenserver.verifiers.LocalVerifier
|
||||
audiences = ${removeSuffix "/" cfg.publicUrl}
|
||||
'';
|
||||
|
||||
user = "syncserver";
|
||||
group = "syncserver";
|
||||
in {
|
||||
disabledModules = ["services/networking/firefox-syncserver.nix"];
|
||||
|
||||
meta.maintainers = with lib.maintainers; [nadrieril];
|
||||
|
||||
options = {
|
||||
services.firefox-syncserver = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable a Firefox Sync Server, this give the opportunity to
|
||||
Firefox users to store all synchronized data on their own server. To use this
|
||||
server, Firefox users should visit the <option>about:config</option>, and
|
||||
replicate the following change
|
||||
|
||||
<screen>
|
||||
services.sync.tokenServerURI: http://localhost:5000/token/1.0/sync/1.5
|
||||
</screen>
|
||||
|
||||
where <option>http://localhost:5000/</option> corresponds to the
|
||||
public url of the server.
|
||||
'';
|
||||
};
|
||||
|
||||
listen.address = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
example = "0.0.0.0";
|
||||
description = ''
|
||||
Address on which the sync server listen to.
|
||||
'';
|
||||
};
|
||||
|
||||
listen.port = mkOption {
|
||||
type = types.int;
|
||||
default = 5000;
|
||||
description = ''
|
||||
Port on which the sync server listen to.
|
||||
'';
|
||||
};
|
||||
|
||||
publicUrl = mkOption {
|
||||
type = types.str;
|
||||
default = "http://localhost:5000/";
|
||||
example = "http://sync.example.com/";
|
||||
description = ''
|
||||
Public URL with which firefox users can use to access the sync server.
|
||||
'';
|
||||
};
|
||||
|
||||
allowNewUsers = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to allow new-user signups on the server. Only request by
|
||||
existing accounts will be honored.
|
||||
'';
|
||||
};
|
||||
|
||||
sqlUri = mkOption {
|
||||
type = types.str;
|
||||
default = defaultSqlUri;
|
||||
example = "postgresql://scott:tiger@localhost/test";
|
||||
description = ''
|
||||
The location of the database. This URL is composed of
|
||||
<option>dialect[+driver]://user:password@host/dbname[?key=value..]</option>,
|
||||
where <option>dialect</option> is a database name such as
|
||||
<option>mysql</option>, <option>oracle</option>, <option>postgresql</option>,
|
||||
etc., and <option>driver</option> the name of a DBAPI, such as
|
||||
<option>psycopg2</option>, <option>pyodbc</option>, <option>cx_oracle</option>,
|
||||
etc. The <link
|
||||
xlink:href="http://docs.sqlalchemy.org/en/rel_0_9/core/engines.html#database-urls">
|
||||
SQLAlchemy documentation</link> provides more examples and describe the syntax of
|
||||
the expected URL.
|
||||
'';
|
||||
};
|
||||
|
||||
privateConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "/etc/firefox/syncserver-secret.ini";
|
||||
description = ''
|
||||
The private config file is used to extend the generated config with confidential
|
||||
information, such as the <option>syncserver.sqlUri</option> setting if it contains a
|
||||
password, and the <option>syncserver.secret</option> setting is used by the server to
|
||||
generate cryptographically-signed authentication tokens.
|
||||
|
||||
If this file does not exists, then it is created with a generated
|
||||
<option>syncserver.secret</option> settings.
|
||||
'';
|
||||
};
|
||||
};
|
||||
}: {
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
};
|
||||
|
||||
config = {
|
||||
systemd.services.syncserver = {
|
||||
after = ["network.target"];
|
||||
description = "Firefox Sync Server";
|
||||
wantedBy = ["multi-user.target"];
|
||||
path = [
|
||||
pkgs.coreutils
|
||||
(pkgs.python.withPackages (ps: [pkgs.syncserver ps.gunicorn]))
|
||||
];
|
||||
services.mysqlBackup = {
|
||||
enable = true;
|
||||
databases = ["firefox_syncserver"];
|
||||
calendar = "";
|
||||
singleTransaction = true;
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
User = user;
|
||||
Group = group;
|
||||
PermissionsStartOnly = true;
|
||||
services = {
|
||||
firefox-syncserver = {
|
||||
enable = true;
|
||||
secrets = pkgs.privatePath "firefox-syncserver-secrets";
|
||||
logLevel = "trace";
|
||||
database = {
|
||||
name = "firefox_syncserver";
|
||||
createLocally = true;
|
||||
};
|
||||
|
||||
preStart =
|
||||
''
|
||||
if ! test -e ${cfg.privateConfig}; then
|
||||
mkdir -p $(dirname ${cfg.privateConfig})
|
||||
echo > ${cfg.privateConfig} '[syncserver]'
|
||||
chmod 600 ${cfg.privateConfig}
|
||||
echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"
|
||||
fi
|
||||
chmod 600 ${cfg.privateConfig}
|
||||
chmod 755 $(dirname ${cfg.privateConfig})
|
||||
chown ${user}:${group} ${cfg.privateConfig}
|
||||
|
||||
''
|
||||
+ optionalString (cfg.sqlUri == defaultSqlUri) ''
|
||||
if ! test -e $(dirname ${defaultDbLocation}); then
|
||||
mkdir -m 700 -p $(dirname ${defaultDbLocation})
|
||||
chown ${user}:${group} $(dirname ${defaultDbLocation})
|
||||
fi
|
||||
|
||||
# Move previous database file if it exists
|
||||
oldDb="/var/db/firefox-sync-server.db"
|
||||
if test -f $oldDb; then
|
||||
mv $oldDb ${defaultDbLocation}
|
||||
chown ${user}:${group} ${defaultDbLocation}
|
||||
fi
|
||||
'';
|
||||
|
||||
script = ''
|
||||
gunicorn --paste ${syncServerIni}
|
||||
'';
|
||||
};
|
||||
|
||||
users.users."${user}" = {
|
||||
inherit group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
users.groups."${group}" = {};
|
||||
|
||||
services = {
|
||||
firefox-syncserver = {
|
||||
allowNewUsers = false;
|
||||
listen.address = "[::1]";
|
||||
publicUrl = "https://firefox-sync.maralorn.de";
|
||||
};
|
||||
nginx = {
|
||||
singleNode = {
|
||||
enable = true;
|
||||
virtualHosts."firefox-sync.maralorn.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:5000";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto https;'';
|
||||
};
|
||||
};
|
||||
hostname = "firefox-sync.maralorn.de";
|
||||
capacity = 1;
|
||||
enableNginx = true;
|
||||
enableTLS = true;
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."firefox-sync.maralorn.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
2
private
2
private
|
@ -1 +1 @@
|
|||
Subproject commit e4ac74b20f4578d4b82cfcdd3cc3a9717d7c268a
|
||||
Subproject commit 2ec8a40f43daebadaa99fbcab52892465a9bcb4e
|
Loading…
Reference in a new issue