flake.lock: Update

Flake lock file updates:

• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/8e8c7ab6874c97b4d1c23a5a204b6743b40cee78' (2023-02-16)
  → 'github:nix-community/emacs-overlay/cd34501a9bcec341533c7131af77572456c100d8' (2023-02-17)
• Updated input 'home-manager':
    'github:nix-community/home-manager/65c47ced082e3353113614f77b1bc18822dc731f' (2023-01-23)
  → 'github:nix-community/home-manager/2cb27c79117a2a75ff3416c3199a2dc57af6a527' (2023-02-13)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/545c7a31e5dedea4a6d372712a18e00ce097d462' (2023-02-13)
  → 'github:NixOS/nixpkgs/28319deb5ab05458d9cd5c7d99e1a24ec2e8fc4b' (2023-02-15)

flake.lock

@@ -71,11 +71,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1676516909,
-        "narHash": "sha256-wcOs073lEtXZ0uXssoopIzjdFOPSyEvePz2vBjElNeE=",
+        "lastModified": 1676628719,
+        "narHash": "sha256-yZM1hLxPS3OuKNduQSWmiYLAjIZeJ7ExWbCL3A3bi0U=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "8e8c7ab6874c97b4d1c23a5a204b6743b40cee78",
+        "rev": "cd34501a9bcec341533c7131af77572456c100d8",
         "type": "github"
       },
       "original": {
@@ -156,11 +156,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1674440933,
-        "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=",
+        "lastModified": 1676257154,
+        "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "65c47ced082e3353113614f77b1bc18822dc731f",
+        "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527",
         "type": "github"
       },
       "original": {
@@ -308,11 +308,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1676300157,
-        "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=",
+        "lastModified": 1676481215,
+        "narHash": "sha256-afma/1RU0EePRyrBPcjBdOt+dV8z1bJH9dtpTN/WXmY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462",
+        "rev": "28319deb5ab05458d9cd5c7d99e1a24ec2e8fc4b",
         "type": "github"
       },
       "original": {

modules/server/default.nix

@@ -8,6 +8,7 @@ with lib; {
   options.elss.server = {
     acme.staging = mkEnableOption "Whether to use the staging or the default server for acme";
     enable = mkEnableOption "Enable Mail, Web, and DB";
+    firefox.enable = mkEnableOption "Enable firefox sync server";
     nginx.enable = mkEnableOption "Set up nginx";
     sql.enable = mkEnableOption "Set up sql (postresql)";
     nextcloud.enable = mkEnableOption "Set up nextcloud";
@@ -19,6 +20,7 @@ with lib; {
 
   imports = [
     ./acme.nix
+    ./firefox.nix
     ./gitea.nix
     ./grocy.nix
     ./nextcloud.nix

modules/server/firefox.nix

@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  config = let
+    cfg = config.elss.server.firefox;
+    port = 5000;
+  in
+    mkIf cfg.enable {
+      elss.server.sql.enable = mkDefault true;
+      services.firefox-syncserver = {
+        enable = true;
+        secrets = config.sops.secrets.firefox_sync.path;
+        singleNode = {
+          enable = true;
+          hostname = "firefox.ellmauthaler.net";
+          enableTLS = true;
+          capacity = 1;
+          enableNginx = true;
+        };
+        settings.port = port;
+      };
+
+      # user is not created by firefox syncserver
+      users.users.firefox-syncserver = {
+        group = "firefox-syncserver";
+        isSystemUser = true;
+      };
+
+      users.groups.firefox-syncserver.members = ["firefox-syncserver" config.services.nginx.user];
+
+      networking.firewall.allowedTCPPorts = [port];
+      services.mysql.package = pkgs.mariadb;
+
+      sops.secrets = {
+        firefox_sync = {
+          owner = "firefox-syncserver";
+          group = "firefox-syncserver";
+          sopsFile = ../../secrets/server.yaml;
+        };
+      };
+    };
+}

secrets/server.yaml

@@ -2,14 +2,15 @@ storemin: ENC[AES256_GCM,data:oCFpGrb+fLkVuHPgUkVi5MFbnCJiJyT4Vac6keNU,iv:5HS/xl
 cloudstore_user: ENC[AES256_GCM,data:Ist58mJGxnvQA8xQ9s4SBC+3cGnQKqAm/g7nbmv5,iv:2DG0iR6trxoDmc2dxAVo0DAauzAaQc4MLmifii4MuXQ=,tag:jkpcZtX7gwr6fG0qd1+Y9w==,type:str]
 ellmauMail: ENC[AES256_GCM,data:xDLWpqkcsMEnG4CLbxLXJw4C0FdSevTWVhgLR9zm/C+ZMasvcGhaoVLSp1JKBOev1jhAYWL9f5wotF1u,iv:UV4XSZodySDgV4cNDP414WJBAFSgobovqFp72VGIT94=,tag:UMnv1G9OSju+/ZeRz4W2lw==,type:str]
 printerMail: ENC[AES256_GCM,data:5g6gUeU4TQu9EV6L7vYRUWACOW58f9CNz/cnaisGYX0Swfo9tkKhBm+6Sds4H7woFvVxHR+dJfoefYZc,iv:1OivNWwFAO7VMvvJGxi5+nSWyStVPSQBn9f0XwN7KO0=,tag:HNh8b+83wraQIIiq97GVGQ==,type:str]
+firefox_sync: ENC[AES256_GCM,data:ZvjJrftXwxqcYGD1tyPqOcjs+S8AxqJbEDBuge/rLDyG2ib72MnU/BO5gOnqYH7dXIoVSWuS3xk0v+7APnKHCfQdeZnkliS+lCUxiLWNJsty,iv:rRHoCMJ7YAdrsQBTZ0aRUAHTC1CUbAJl3Fa+g2HIYHY=,tag:WSktMbCQ9OLkzLeAAMLWsw==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-08-13T09:38:54Z"
-    mac: ENC[AES256_GCM,data:cfFKA+laXhnlrDkQAus9fUQesR27UDflL3U9OFOE4MMXv6dWn2mANX0PyvWqJa3YigAkmpxhaaazusEedz+fl5y0k27pI1P284sELM7Tnb20OcnkWEH79v94qek2xrWLXNiTj5l6k4y+SVPeNoFeelGCVEApp/tQl2fKmtlWIdc=,iv:TtbBU6CwFPuyq25qcYq5aXBqCx8nJ85qh+dmgm3kNOI=,tag:NyNsSpNCLzRJqTajmbrkeQ==,type:str]
+    lastmodified: "2023-02-17T08:31:32Z"
+    mac: ENC[AES256_GCM,data:15GjMfGID8QNATtZS3Oy866fAZQNcne2z9BmV4pY10Iy8RyQ0mLrBnwKOeNHfP9v7Rf7C8RRw4rfUo/i3LJgQQnHrzGCp8RHVbQD43YO64vZR7tDzLYwttAdq/rRJp95GCuL79qiqIMf0I/85isINByPDa2UgfgEJykifQEDJ5o=,iv:EHSCBNirQuBdDToZYE3foVMYiAS33cvJIYRK0n+clhY=,tag:m/m+zAZo/svRVIMWFr8RmQ==,type:str]
     pgp:
         - created_at: "2022-07-31T12:48:30Z"
           enc: |