config/profiles/web/services/cryptpad.nix

58 lines
2.2 KiB
Nix

{ config, pkgs, lib, mkDomain, ... }:
{
# Cryptpad
# A collaborative office suite that is end-to-end encrypted and open-source.
# TODO: https://github.com/NixOS/nixpkgs/pull/180066
/**/
services.cryptpad = {
#enable = true; # current node version used is marked insecure
# reference: https://github.com/xwiki-labs/cryptpad/blob/main/config/config.example.js
configFile = toFile "cryptpad-config.js" ''
module.exports = {
httpUnsafeOrigin: 'http://localhost:3457',
httpSafeOrigin: 'https://${mkDomain "cryptpad"}',
httpAddress: '127.0.0.1',
httpPort: 3457,
//adminKeys: [ // can be found on the settings page for registered users
// "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
//],
// storage
//inactiveTime: 90, // days
//archiveRetentionTime: 15, // days
//accountRetentionTime: 365, // days, default is never
//maxUploadSize: 20 * 1024 * 1024, // bytes
//premiumUploadSize: 100 * 1024 * 1024, // bytes, (users with a plan in their customLimit)
filePath: './datastore/',
archivePath: './data/archive', // recovery in the event of accidental deletion
pinPath: './data/pins', // content stored indefinetly
taskPath: './data/tasks', // scheduled tasks
blockPath: './block', // users' authenticated blocks
blobPath: './blob', // uploaded encrypted blobs
blobStagingPath: './data/blobstage', // incomplete blobs
decreePath: './data/decrees', // undocumented
logPath: false, // logging of events, may be set to false
logToStdout: true,
logLevel: 'info', // silly, verbose, debug, feedback, info, warn, error
logFeedback: false, // data collection
verbose: false, // logging
installMethod: 'nixpkgs', // telemetry for devs
};
'';
};
services.nginx.virtualHosts.${mkDomain "cryptpad"} = lib.mkIf config.services.cryptpad.enable {
forceSSL = true; # addSSL = true;
enableACME = true; #useACMEHost = acmeDomain;
locations."/" = {
proxyPass = "http://127.0.0.1:3457";
proxyWebsockets = true;
};
};
/**/
}