From 365d15767b65caedd321793812799219ac1500f8 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Jun 2025 17:01:12 +0200 Subject: [PATCH 1/2] feat: add Firefox Sync module and update DNS settings for sync.cloonar.com --- hosts/fw/configuration.nix | 2 +- hosts/fw/modules/dnsmasq.nix | 1 + hosts/fw/modules/firefox-sync.nix | 53 ++++++++++++------------------- hosts/fw/modules/web/proxies.nix | 9 ++++++ hosts/nb/users/dominik.nix | 2 +- 5 files changed, 32 insertions(+), 35 deletions(-) diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index 8a00734..fc86cd6 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -47,7 +47,7 @@ # ha customers ./modules/ha-customers - # ./modules/firefox-sync.nix + ./modules/firefox-sync.nix # home assistant ./modules/home-assistant diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index 8be86a7..f41f098 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -125,6 +125,7 @@ "/web.hilgenberg-gmbh.de/91.107.197.169" # gaming "/foundry-vtt.cloonar.com/${config.networkPrefix}.97.5" + "/sync.cloonar.com/${config.networkPrefix}.97.5" "/deconz.cloonar.multimedia/${config.networkPrefix}.97.22" diff --git a/hosts/fw/modules/firefox-sync.nix b/hosts/fw/modules/firefox-sync.nix index 76b57c6..ed663d1 100644 --- a/hosts/fw/modules/firefox-sync.nix +++ b/hosts/fw/modules/firefox-sync.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let domain = "sync.cloonar.com"; + networkPrefix = config.networkPrefix; in { sops.secrets.firefox-sync = { }; @@ -14,45 +15,22 @@ in { privateNetwork = true; hostBridge = "server"; hostAddress = "${config.networkPrefix}.97.1"; - localAddress = "${config.networkPrefix}.97.51/24"; + localAddress = "${config.networkPrefix}.97.6/24"; bindMounts = { "/run/secrets/firefox-sync" = { hostPath = "/run/secrets/firefox-sync"; isReadOnly = true; }; - "/var/lib/acme/${domain}/" = { - hostPath = "${config.security.acme.certs.${domain}.directory}"; - isReadOnly = true; - }; }; config = { lib, config, pkgs, ... }: { networking = { hostName = "firefox-sync"; useHostResolvConf = false; defaultGateway = { - address = "${config.networkPrefix}.97.1"; + address = "${networkPrefix}.97.1"; interface = "eth0"; }; - firewall.enable = false; - nameservers = [ "${config.networkPrefix}.97.1" ]; - }; - - services.nginx.enable = true; - services.nginx.virtualHosts."${domain}" = { - sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; - sslTrustedCertificate = "/var/lib/acme/${domain}/chain.pem"; - listen = [ - { - addr = "0.0.0.0"; - ssl = true; - port = 5000; - } - ]; - locations."/" = { - proxyPass = "http://localhost:5001/"; - recommendedProxySettings = true; - }; + nameservers = [ "${networkPrefix}.97.1" ]; }; services.mysql.package = pkgs.mariadb; @@ -60,22 +38,31 @@ in { enable = true; singleNode = { enable = true; - enableNginx = false; hostname = domain; + url = "https://${domain}"; }; settings = { - port = 5001; tokenserver.enable = true; }; secrets = "/run/secrets/firefox-sync"; logLevel = "trace"; }; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" - ]; + services.nginx = { + enable = true; + virtualHosts."${domain}" = { + forceSSL = false; + enableACME = false; + locations."/" = { + proxyPass = "http://localhost:5000/"; + }; + }; + }; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; system.stateVersion = "23.05"; }; diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix index 8043803..e235b7c 100644 --- a/hosts/fw/modules/web/proxies.nix +++ b/hosts/fw/modules/web/proxies.nix @@ -16,4 +16,13 @@ proxyWebsockets = true; }; }; + services.nginx.virtualHosts."sync.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://${config.networkPrefix}.97.6:80"; + proxyWebsockets = true; + }; + }; } diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index 8cf7864..104abff 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -72,7 +72,7 @@ let "devtools.toolbox.host" = "right"; "browser.uiCustomization.state" = "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"downloads-button\",\"screenshot-button\",\"ublock0_raymondhill_net-browser-action\",\"jid1-mnnxcxisbpnsxq_jetpack-browser-action\",\"_d634138d-c276-4fc8-924b-40a0ea21d284_-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"_testpilot-containers-browser-action\",\"unified-extensions-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"firefox-view-button\",\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"import-button\",\"personal-bookmarks\"]},\"seen\":[\"save-to-pocket-button\",\"_d634138d-c276-4fc8-924b-40a0ea21d284_-browser-action\",\"_testpilot-containers-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"ublock0_raymondhill_net-browser-action\",\"jid1-mnnxcxisbpnsxq_jetpack-browser-action\",\"developer-button\"],\"dirtyAreaCache\":[\"unified-extensions-area\",\"nav-bar\",\"PersonalToolbar\"],\"currentVersion\":20,\"newElementCount\":3}"; "signon.rememberSignons" = false; - "identity.sync.tokenserver.uri" = "https://sync.cloonar.com:5000/token/1.0/sync/1.5"; + "identity.sync.tokenserver.uri" = "https://sync.cloonar.com/token/1.0/sync/1.5"; # "toolkit.legacyUserProfileCustomizations.stylesheets" = true; "layout.css.devPixelsPerPx" = "1.5"; "media.ffmpeg.vaapi.enabled" = true; From 0df4a4c1ec6f5188fa1b8b4e41eb8bc9a38f4549 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 1 Jun 2025 22:10:04 +0200 Subject: [PATCH 2/2] fix: update Firefox Sync configuration and proxy settings for improved functionality --- hosts/fw/modules/firefox-sync.nix | 25 +++++++------------------ hosts/fw/modules/web/proxies.nix | 4 ++-- hosts/nb/users/dominik.nix | 2 +- 3 files changed, 10 insertions(+), 21 deletions(-) diff --git a/hosts/fw/modules/firefox-sync.nix b/hosts/fw/modules/firefox-sync.nix index ed663d1..745f0d3 100644 --- a/hosts/fw/modules/firefox-sync.nix +++ b/hosts/fw/modules/firefox-sync.nix @@ -3,7 +3,9 @@ let domain = "sync.cloonar.com"; networkPrefix = config.networkPrefix; in { - sops.secrets.firefox-sync = { }; + sops.secrets.firefox-sync = { + mode = "0777"; + }; security.acme.certs."${domain}" = { group = "nginx"; @@ -36,32 +38,19 @@ in { services.mysql.package = pkgs.mariadb; services.firefox-syncserver = { enable = true; + settings.host = "0.0.0.0"; singleNode = { enable = true; - hostname = domain; + hostname = "0.0.0.0"; url = "https://${domain}"; }; - settings = { - tokenserver.enable = true; - }; secrets = "/run/secrets/firefox-sync"; - logLevel = "trace"; - }; - - services.nginx = { - enable = true; - virtualHosts."${domain}" = { - forceSSL = false; - enableACME = false; - locations."/" = { - proxyPass = "http://localhost:5000/"; - }; - }; + logLevel = "debug"; }; networking.firewall = { enable = true; - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ 5000 ]; }; system.stateVersion = "23.05"; diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix index e235b7c..44f1b99 100644 --- a/hosts/fw/modules/web/proxies.nix +++ b/hosts/fw/modules/web/proxies.nix @@ -21,8 +21,8 @@ enableACME = true; acmeRoot = null; locations."/" = { - proxyPass = "http://${config.networkPrefix}.97.6:80"; - proxyWebsockets = true; + proxyPass = "http://${config.networkPrefix}.97.6:5000"; + recommendedProxySettings = true; }; }; } diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index 104abff..bafb34d 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -72,7 +72,7 @@ let "devtools.toolbox.host" = "right"; "browser.uiCustomization.state" = "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"downloads-button\",\"screenshot-button\",\"ublock0_raymondhill_net-browser-action\",\"jid1-mnnxcxisbpnsxq_jetpack-browser-action\",\"_d634138d-c276-4fc8-924b-40a0ea21d284_-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"_testpilot-containers-browser-action\",\"unified-extensions-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"firefox-view-button\",\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"import-button\",\"personal-bookmarks\"]},\"seen\":[\"save-to-pocket-button\",\"_d634138d-c276-4fc8-924b-40a0ea21d284_-browser-action\",\"_testpilot-containers-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"ublock0_raymondhill_net-browser-action\",\"jid1-mnnxcxisbpnsxq_jetpack-browser-action\",\"developer-button\"],\"dirtyAreaCache\":[\"unified-extensions-area\",\"nav-bar\",\"PersonalToolbar\"],\"currentVersion\":20,\"newElementCount\":3}"; "signon.rememberSignons" = false; - "identity.sync.tokenserver.uri" = "https://sync.cloonar.com/token/1.0/sync/1.5"; + "identity.sync.tokenserver.uri" = "https://sync.cloonar.com/1.0/sync/1.5"; # "toolkit.legacyUserProfileCustomizations.stylesheets" = true; "layout.css.devPixelsPerPx" = "1.5"; "media.ffmpeg.vaapi.enabled" = true;