Add Firefox Sync server module.

10 years ago · 01886aef22
parent 0a0678cf5a
commit 01886aef22
2 changed files with 136 additions and 0 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -232,6 +232,7 @@
  ./services/networking/dnscrypt-proxy.nix
  ./services/networking/dnsmasq.nix
  ./services/networking/ejabberd.nix
+  ./services/networking/firefox/sync-server.nix
  ./services/networking/firewall.nix
  ./services/networking/flashpolicyd.nix
  ./services/networking/freenet.nix
--- a/nixos/modules/services/networking/firefox/sync-server.nix
+++ b/nixos/modules/services/networking/firefox/sync-server.nix
@ -0,0 +1,135 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.firefox.syncserver;
+  syncServerSecretFile = "/etc/firefox/syncserver-secret.ini";
+  syncServerIni = pkgs.writeText "syncserver.ini" ''
+    [DEFAULT]
+    overrides = ${cfg.privateConfig} ${syncServerSecretFile}
+
+    [server:main]
+    use = egg:Paste#http
+    host = ${cfg.listen.address}
+    port = ${toString cfg.listen.port}
+
+    [app:main]
+    use = egg:syncserver
+
+    [syncserver]
+    public_url = ${cfg.publicUrl}
+    ${optionalString (cfg.sqlUri != "") "sqluri = ${cfg.sqlUri}"}
+    allow_new_users = ${if cfg.allowNewUsers then "true" else "false"}
+
+    [browserid]
+    backend = tokenserver.verifiers.LocalVerifier
+    audiences = ${removeSuffix "/" cfg.publicUrl}
+  '';
+in
+
+{
+  options = {
+    services.firefox.syncserver = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        example = true;
+        description = ''
+          Whether to enable a Firefox Sync Server, this give the opportunity to
+          Firefox users to store all synchronized data on their own server. To use this
+          server, Firefox users should visit the <option>about:config</option>, and
+          replicate the following change
+
+          <screen>
+          services.sync.tokenServerURI: http://localhost:5000/token/1.0/sync/1.5</screen>
+
+          where <option>http://localhost:5000/</option> corresponds to the
+          public url of the server.
+        '';
+      };
+
+      listen.address = mkOption {
+        type = types.str;
+        default = "0.0.0.0";
+        description = ''
+          Address on which the sync server listen to.
+        '';
+      };
+
+      listen.port = mkOption {
+        type = types.int;
+        default = 5000;
+        description = ''
+          Port on which the sync server listen to.
+        '';
+      };
+
+      publicUrl = mkOption {
+        type = types.str;
+        default = "http://localhost:5000/";
+        example = "http://sync.example.com/";
+        description = ''
+          Public URL with which firefox users can use to access the sync server.
+        '';
+      };
+
+      allowNewUsers = mkOption {
+        type = types.bool;
+        default = true;
+        example = false;
+        description = ''
+          Whether to allow new-user signups on the server. Only request by
+          existing accounts will be honored.
+        '';
+      };
+
+      sqlUri = mkOption {
+        type = types.str;
+        default = "sqlite:////var/db/firefox-sync-server.db";
+        example = "postgresql://scott:tiger@localhost/test";
+        description = ''
+          The location of the database. This URL is composed of
+          <option>dialect[+driver]://user:password@host/dbname[?key=value..]</option>,
+          where <option>dialect</option> is a database name such as
+          <option>mysql</option>, <option>oracle</option>, <option>postgresql</option>,
+          etc., and <option>driver</option> the name of a DBAPI, such as
+          <option>psycopg2</option>, <option>pyodbc</option>, <option>cx_oracle</option>,
+          etc.
+        '';
+      };
+
+      privateConfig = mkOption {
+        type = types.separatedString " ";
+        default = "";
+        description = ''
+          If defined, this file would be used to set all fields which were omitted in the
+          generated ini files used for configuring the syncserver.  This file is useful
+          for storing secrets, such as the syncserver.secret or the syncserver.sqluri
+        '';
+      };
+    };
+  };
+
+  config = {
+
+    systemd.services.syncserver = {
+      after = [ "network.target" ];
+      description = "Firefox Sync Server";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.pythonPackages.pasteScript pkgs.coreutils ];
+      environment.PYTHONPATH = "${pkgs.pythonPackages.syncserver}/lib/${pkgs.pythonPackages.python.libPrefix}/site-packages";
+      preStart = ''
+        if ! test -e ${syncServerSecretFile}; then
+          mkdir -p $(dirname ${syncServerSecretFile})
+          echo  > ${syncServerSecretFile} '[syncserver]'
+          echo >> ${syncServerSecretFile} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"
+        fi
+      '';
+      serviceConfig.ExecStart = "paster serve ${syncServerIni}";
+      serviceConfig.User = "deluge";
+      serviceConfig.Group = "deluge";
+    };
+
+  };
+}