Modularise config. Add sops-nix for secrets management.

2025-07-08 14:09:35 +08:00 · 2025-07-08 14:09:35 +08:00 · a348413d83
commit a348413d83
parent 02fdb4707d
15 changed files with 211 additions and 119 deletions
--- a/configuration/server/containers/firefox-syncserver.nix
+++ b/configuration/server/containers/firefox-syncserver.nix
@ -0,0 +1,26 @@
+{ config, pkgs, secrets, ... }:
+{
+  # Secrets.
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = "${secrets}/sops.yaml";
+    secrets."firefox_syncserver/sync_master_secret" = {};
+  };
+
+  # syncserver-rs service.
+  services.mysql.package = pkgs.mariadb;
+
+  services.firefox-syncserver = {
+    enable = true;
+    secrets = config.sops.secrets."firefox_syncserver/sync_master_secret".path;
+    settings.host = "0.0.0.0";
+    singleNode = {
+      enable = true;
+      hostname = "0.0.0.0";
+      url = "https://fxsync.fern.garden";
+      capacity = 1;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 5000 ];
+}