feat: add Firefox Sync module and update DNS settings for sync.cloonar.com

2025-06-01 17:01:12 +02:00
parent 4969520222
commit 365d15767b
5 changed files with 32 additions and 35 deletions
--- a/hosts/fw/modules/firefox-sync.nix
+++ b/hosts/fw/modules/firefox-sync.nix
@@ -1,6 +1,7 @@
 { config, pkgs, ... }:
 let
  domain = "sync.cloonar.com";
+  networkPrefix = config.networkPrefix;
 in {
  sops.secrets.firefox-sync = { };

@@ -14,45 +15,22 @@ in {
    privateNetwork = true;
    hostBridge = "server";
    hostAddress = "${config.networkPrefix}.97.1";
-    localAddress = "${config.networkPrefix}.97.51/24";
+    localAddress = "${config.networkPrefix}.97.6/24";
    bindMounts = {
      "/run/secrets/firefox-sync" = {
        hostPath = "/run/secrets/firefox-sync";
        isReadOnly = true;
      };
-      "/var/lib/acme/${domain}/" = {
-        hostPath = "${config.security.acme.certs.${domain}.directory}";
-        isReadOnly = true;
-      };
    };
    config = { lib, config, pkgs, ... }: {
      networking = {
        hostName = "firefox-sync";
        useHostResolvConf = false;
        defaultGateway = {
-          address = "${config.networkPrefix}.97.1";
+          address = "${networkPrefix}.97.1";
          interface = "eth0";
        };
-        firewall.enable = false;
-        nameservers = [ "${config.networkPrefix}.97.1" ];
-      };
-
-      services.nginx.enable = true;
-      services.nginx.virtualHosts."${domain}" = {
-        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
-        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
-        sslTrustedCertificate = "/var/lib/acme/${domain}/chain.pem";
-        listen = [
-          {
-            addr = "0.0.0.0";
-            ssl = true;
-            port = 5000;
-          }
-        ];
-        locations."/" = {
-          proxyPass = "http://localhost:5001/";
-          recommendedProxySettings = true;
-        };
+        nameservers = [ "${networkPrefix}.97.1" ];
      };

      services.mysql.package = pkgs.mariadb;
@@ -60,22 +38,31 @@ in {
        enable = true;
        singleNode = {
          enable = true;
-          enableNginx = false;
          hostname = domain;
+          url = "https://${domain}";
        };
        settings = {
-          port = 5001;
          tokenserver.enable = true;
        };
        secrets = "/run/secrets/firefox-sync";
        logLevel = "trace";
      };

-      services.openssh.enable = true;
-      users.users.root.openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
-      ];
+      services.nginx = {
+        enable = true;
+        virtualHosts."${domain}" = {
+          forceSSL = false;
+          enableACME = false;
+          locations."/" = {
+            proxyPass = "http://localhost:5000/";
+          };
+        };
+      };
+
+      networking.firewall = {
+        enable = true;
+        allowedTCPPorts = [ 80 443 ];
+      };

      system.stateVersion = "23.05";
    };