71 lines
1.7 KiB
Nix
71 lines
1.7 KiB
Nix
{ config, pkgs, ... }:
|
|
let
|
|
domain = "sync.cloonar.com";
|
|
networkPrefix = config.networkPrefix;
|
|
in {
|
|
sops.secrets.firefox-sync = { };
|
|
|
|
security.acme.certs."${domain}" = {
|
|
group = "nginx";
|
|
};
|
|
|
|
containers."firefox-sync" = {
|
|
autoStart = true;
|
|
ephemeral = false; # because of ssh key
|
|
privateNetwork = true;
|
|
hostBridge = "server";
|
|
hostAddress = "${config.networkPrefix}.97.1";
|
|
localAddress = "${config.networkPrefix}.97.6/24";
|
|
bindMounts = {
|
|
"/run/secrets/firefox-sync" = {
|
|
hostPath = "/run/secrets/firefox-sync";
|
|
isReadOnly = true;
|
|
};
|
|
};
|
|
config = { lib, config, pkgs, ... }: {
|
|
networking = {
|
|
hostName = "firefox-sync";
|
|
useHostResolvConf = false;
|
|
defaultGateway = {
|
|
address = "${networkPrefix}.97.1";
|
|
interface = "eth0";
|
|
};
|
|
nameservers = [ "${networkPrefix}.97.1" ];
|
|
};
|
|
|
|
services.mysql.package = pkgs.mariadb;
|
|
services.firefox-syncserver = {
|
|
enable = true;
|
|
singleNode = {
|
|
enable = true;
|
|
hostname = domain;
|
|
url = "https://${domain}";
|
|
};
|
|
settings = {
|
|
tokenserver.enable = true;
|
|
};
|
|
secrets = "/run/secrets/firefox-sync";
|
|
logLevel = "trace";
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."${domain}" = {
|
|
forceSSL = false;
|
|
enableACME = false;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:5000/";
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
};
|
|
};
|
|
}
|