diff --git a/modules/server/default.nix b/modules/server/default.nix
index f127175..8cb863b 100644
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -8,6 +8,7 @@ with lib; {
   options.elss.server = {
     acme.staging = mkEnableOption "Whether to use the staging or the default server for acme";
     enable = mkEnableOption "Enable Mail, Web, and DB";
+    firefox.enable = mkEnableOption "Enable firefox sync server";
     nginx.enable = mkEnableOption "Set up nginx";
     sql.enable = mkEnableOption "Set up sql (postresql)";
     nextcloud.enable = mkEnableOption "Set up nextcloud";
@@ -19,6 +20,7 @@ with lib; {
 
   imports = [
     ./acme.nix
+    ./firefox.nix
     ./gitea.nix
     ./grocy.nix
     ./nextcloud.nix
@@ -40,6 +42,7 @@ with lib; {
         unbound.enable = mkDefault true;
         grocy.enable = mkDefault true;
         gitea.enable = mkDefault true;
+        firefox.enable = mkDefault true;
       };
     };
 }
diff --git a/modules/server/firefox.nix b/modules/server/firefox.nix
new file mode 100644
index 0000000..a5d8eae
--- /dev/null
+++ b/modules/server/firefox.nix
@@ -0,0 +1,37 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  config = let
+    cfg = config.elss.server.firefox;
+    port = 5000;
+  in
+    mkIf cfg.enable {
+      elss.server.sql.enable = mkDefault true;
+      services.firefox-syncserver = {
+        enable = true;
+        secrets = config.sops.secrets.firefox_sync.path;
+        singleNode = {
+          enable = true;
+          hostname = "firefox.ellmauthaler.net";
+          enableTLS = true;
+          capacity = 1;
+          enableNginx = true;
+        };
+        settings.port = port;
+      };
+
+      networking.firewall.allowedTCPPorts = [port];
+      services.mysql.package = pkgs.mariadb;
+
+      sops.secrets = {
+        firefox_sync = {
+          owner = "firefox-syncserver";
+          sopsFile = ../../secrets/server.yaml;
+        };
+      };
+    };
+}
diff --git a/secrets/server.yaml b/secrets/server.yaml
index da0075f..a73a3a5 100644
--- a/secrets/server.yaml
+++ b/secrets/server.yaml
@@ -2,14 +2,15 @@ storemin: ENC[AES256_GCM,data:oCFpGrb+fLkVuHPgUkVi5MFbnCJiJyT4Vac6keNU,iv:5HS/xl
 cloudstore_user: ENC[AES256_GCM,data:Ist58mJGxnvQA8xQ9s4SBC+3cGnQKqAm/g7nbmv5,iv:2DG0iR6trxoDmc2dxAVo0DAauzAaQc4MLmifii4MuXQ=,tag:jkpcZtX7gwr6fG0qd1+Y9w==,type:str]
 ellmauMail: ENC[AES256_GCM,data:xDLWpqkcsMEnG4CLbxLXJw4C0FdSevTWVhgLR9zm/C+ZMasvcGhaoVLSp1JKBOev1jhAYWL9f5wotF1u,iv:UV4XSZodySDgV4cNDP414WJBAFSgobovqFp72VGIT94=,tag:UMnv1G9OSju+/ZeRz4W2lw==,type:str]
 printerMail: ENC[AES256_GCM,data:5g6gUeU4TQu9EV6L7vYRUWACOW58f9CNz/cnaisGYX0Swfo9tkKhBm+6Sds4H7woFvVxHR+dJfoefYZc,iv:1OivNWwFAO7VMvvJGxi5+nSWyStVPSQBn9f0XwN7KO0=,tag:HNh8b+83wraQIIiq97GVGQ==,type:str]
+firefox_sync: ENC[AES256_GCM,data:ZvjJrftXwxqcYGD1tyPqOcjs+S8AxqJbEDBuge/rLDyG2ib72MnU/BO5gOnqYH7dXIoVSWuS3xk0v+7APnKHCfQdeZnkliS+lCUxiLWNJsty,iv:rRHoCMJ7YAdrsQBTZ0aRUAHTC1CUbAJl3Fa+g2HIYHY=,tag:WSktMbCQ9OLkzLeAAMLWsw==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-08-13T09:38:54Z"
-    mac: ENC[AES256_GCM,data:cfFKA+laXhnlrDkQAus9fUQesR27UDflL3U9OFOE4MMXv6dWn2mANX0PyvWqJa3YigAkmpxhaaazusEedz+fl5y0k27pI1P284sELM7Tnb20OcnkWEH79v94qek2xrWLXNiTj5l6k4y+SVPeNoFeelGCVEApp/tQl2fKmtlWIdc=,iv:TtbBU6CwFPuyq25qcYq5aXBqCx8nJ85qh+dmgm3kNOI=,tag:NyNsSpNCLzRJqTajmbrkeQ==,type:str]
+    lastmodified: "2023-02-17T08:31:32Z"
+    mac: ENC[AES256_GCM,data:15GjMfGID8QNATtZS3Oy866fAZQNcne2z9BmV4pY10Iy8RyQ0mLrBnwKOeNHfP9v7Rf7C8RRw4rfUo/i3LJgQQnHrzGCp8RHVbQD43YO64vZR7tDzLYwttAdq/rRJp95GCuL79qiqIMf0I/85isINByPDa2UgfgEJykifQEDJ5o=,iv:EHSCBNirQuBdDToZYE3foVMYiAS33cvJIYRK0n+clhY=,tag:m/m+zAZo/svRVIMWFr8RmQ==,type:str]
     pgp:
         - created_at: "2022-07-31T12:48:30Z"
           enc: |