vps-arm-2024-12-03-17-29-19

machine/vps-arm/configuration.nix

@@ -14,6 +14,7 @@
 
     ../../services/adguardhome.nix
     ../../services/atuin.nix
+    ../../services/firefox-syncserver.nix
     ../../services/frigate.nix
     ../../services/gitea.nix
     ../../services/goaccess.nix
@@ -34,11 +35,17 @@
       goaccess-htpasswd = {
         owner = config.services.nginx.user;
         group = config.services.nginx.group;
+        mode = "0440"
       };
 
       frigate-htpasswd = {
         owner = config.services.nginx.user;
         group = config.services.nginx.group;
+        mode = "0440";
+      };
+
+      syncserver-secrets = {
+        owner = config.users.users.firefox-syncserver.name;
       };
 
       nextcloud-password = {
@@ -49,6 +56,7 @@
       gitea-password = {
         owner = config.services.gitea.user;
         group = config.services.gitea.group;
+        mode = "0440"
       };
     };
   };

secrets/secrets-vps-arm.yaml

@@ -3,6 +3,7 @@ goaccess-htpasswd: ENC[AES256_GCM,data:aR4yM878GXnwjpYy42OIXFSj854XQDC+bmq0wr5Er
 frigate-htpasswd: ENC[AES256_GCM,data:qMpBRu/UsmlEtiWLvG7ZO8RpTMrPxJLTtGhV7BxDZ6qldQ0FcR9HEtSTGA==,iv:BaSg8Paga5JJf7pnQjNWuYX5kYVvMhDXQ2VLli0wIPw=,tag:goYZfCSVufbMwTg2JecEaA==,type:str]
 nextcloud-password: ENC[AES256_GCM,data:bVx/LZshIO0YYGNLJIhN7UjsJRxKH+zG8iUUbffK7nRIpPIp,iv:+fgbWU/O8fHt/7u8pP2L3ufh7MG4MKJtIbrcwi86oW8=,tag:gT+Du9U+NWHqvs2S5Jli3Q==,type:str]
 gitea-password: ENC[AES256_GCM,data:mGoPWtLdjaHG62c63OExPCgYmCiByPmocXwptllzXfzfuoQB,iv:Midv6cX6xqBztZx7gKetzfrqEGR+pRm/c8L9amJ2+RE=,tag:N1eELsDGsI6yHqjO5YdY3A==,type:str]
+syncserver-secrets: ENC[AES256_GCM,data:1KtTO+EmK+xYOwGCh8YFxFldK783dEMm5e0Pj9Y6WzN+jV7J9cxDshsVq4iG75eO3Be1U8QQM6Q0nao=,iv:FXHR32uoj9+pf+yIrYH8QdAkBENfii+PkEkPQFjvgPg=,tag:P/CJIfHiAIVwMC9MwFbNXQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -27,8 +28,8 @@ sops:
             Z3BiOUl4c0VyYXFNRDQyaEpwemlJckUKWAFIJdb24C/bQ3ajeipjWlDsKYdxtWTA
             Vrn4OTcTdYArcSq6f0huoh57oJ44LQSc6T8lBpUS6gGCQSgATPfKXw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-31T17:37:21Z"
+    lastmodified: "2024-12-03T16:21:14Z"
-    mac: ENC[AES256_GCM,data:/EAmz3WVow4/2DwBTZmqwmOAzVg66wlW3/JQLRavqqV3I+VYM6U2CV4bCeY6dkWFPgkdyCrtgLh6r8yOTbTH8gP97ezLMrf5fOmGPBPgyz2GDnl88mGp2v/NNnqcaIZnXio2OL7/opOXSzG8MvHSsiWVOUC6UGbVx8oIe6Ri0nQ=,iv:og6U9IHfRHt5+VpaJk7fFi9kC+Fntj68RCuNaKLgtFA=,tag:wP2fa4CVmRUrVKwlI3VwQQ==,type:str]
+    mac: ENC[AES256_GCM,data:fwo2DWzJCfvXuJI1dsWIl9KIwdYhy2QeirzrZM4EHoQ64snphL6XZzQeyith2rR1aGqM0mI71f+lv8xR+5/jrwGg0hqrvhtCTMJqGamn894ErdtHoN34nH5BnVnOzlncWPBXXsR5oHEd9G3bk/E+xVRTiot2Nh0Iw40X9/diwUc=,iv:baEwnwIxO7c8eO+lvRIcQc2ee1Vsiv2ZIoPdxBcmTes=,tag:AzoHAVHuLfbxj9t3n7chMQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

services/firefox-syncserver.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  # environment = {
+  #   persistence."/persist" = {
+  #     directories = [
+  #       "/var/lib/immich"
+  #       "/var/lib/redis-immich"
+  #     ];
+  #   };
+  # };
+
+  services = {
+    # nginx = {
+    #   virtualHosts = {
+    #     "firefox.szczepan.ski" = {
+    #       forceSSL = true;
+    #       enableACME = true;
+    #       locations = {"/" = {proxyPass = "http://[::1]:2283/";};};
+    #     };
+    #   };
+    # };
+
+    # postgresql = {
+    #   enable = true;
+    #   ensureDatabases = [
+    #     config.services.nextcloud.config.dbname
+    #   ];
+    #   ensureUsers = [
+    #     {
+    #       name = config.services..config.dbuser;
+    #       ensureDBOwnership = true;
+    #       # ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGEnS";
+    #     }
+    #   ];
+    # };
+
+    firefox-syncserver = {
+      enable = true;
+      secrets = config.sops.secrets."syncserver-secrets".path;
+      singleNode = {
+        enable = true;
+        hostname = "firefox-sync.szczepan.ski";
+        enableTLS = true;
+        enableNginx = true;
+      };
+    };
+  };
+}