NixOS-Config/nixos/server/package-configs/firefox-sync/default.nix

{
  config,
  pkgs,
  ...
}: let
  port = 5126;
in {
  # sops.secrets."sync-secrets".mode = "0440";
  # sops.secrets."sync-secrets".owner = config.users.users."firefox-syncserver".name;

  services.mysql.package = pkgs.mariadb;
  services.firefox-syncserver = {
    enable = true;
    # secrets = config.sops.secrets."sync-secrets".path;
    # FIXME: change secret to sops correctly
    secrets = builtins.toFile "sync-secrets" ''
      SYNC_MASTER_SECRET=InsecureSecretToTest
    '';
    singleNode = {
      enable = true;
      hostname = "sync.gladtherescake.eu";
      url = "http://localhost:${toString port}";
      enableNginx = true;
      enableTLS = true;
    };
  };
}