{
  config,
  pkgs,
  ...
}: let
  port = 5126;
in {
  sops.secrets."sync-secrets".mode = "0440";
  sops.secrets."sync-secrets".owner = config.users.users.firefox-syncserver.name;

  users.groups.firefox-syncserver = {};
  users.users.firefox-syncserver = {
    isSystemUser = true;
    group = "firefox-syncserver";
    extraGroups = [config.users.groups.keys.name];
  };

  services.mysql.package = pkgs.mariadb;
  services.firefox-syncserver = {
    enable = true;
    secrets = config.sops.secrets."sync-secrets".path;
    singleNode = {
      enable = true;
      hostname = "sync.gladtherescake.eu";
      url = "http://localhost:${toString port}";
      enableNginx = true;
      enableTLS = true;
    };
  };
}