config/profiles/http/services/cryptpad.nix

{ config, pkgs, lib, mkDomain, ... }:
{

  # Cryptpad
  # A collaborative office suite that is end-to-end encrypted and open-source.
  # TODO: https://github.com/NixOS/nixpkgs/pull/180066

  /**/
  services.cryptpad = {
    #enable = true; # current node version used is marked insecure
    # reference: https://github.com/xwiki-labs/cryptpad/blob/main/config/config.example.js
    configFile = toFile "cryptpad-config.js" ''
      module.exports = {
        httpUnsafeOrigin: 'http://localhost:3457',
        httpSafeOrigin: 'https://${mkDomain "cryptpad"}',
        httpAddress: '127.0.0.1',
        httpPort: 3457,

        //adminKeys: [ // can be found on the settings page for registered users
        //  "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
        //],

        // storage
        //inactiveTime: 90, // days
        //archiveRetentionTime: 15, // days
        //accountRetentionTime: 365, // days, default is never
        //maxUploadSize: 20 * 1024 * 1024, // bytes
        //premiumUploadSize: 100 * 1024 * 1024, // bytes, (users with a plan in their customLimit)

        filePath: './datastore/',
        archivePath: './data/archive', // recovery in the event of accidental deletion
        pinPath: './data/pins', // content stored indefinetly
        taskPath: './data/tasks', // scheduled tasks
        blockPath: './block', // users' authenticated blocks
        blobPath: './blob', // uploaded encrypted blobs
        blobStagingPath: './data/blobstage', // incomplete blobs
        decreePath: './data/decrees', // undocumented
        logPath: false, // logging of events, may be set to false
        logToStdout: true,
        logLevel: 'info', // silly, verbose, debug, feedback, info, warn, error
        logFeedback: false, // data collection
        verbose: false, // logging
        installMethod: 'nixpkgs', // telemetry for devs
      };
    '';
  };
  services.nginx.virtualHosts.${mkDomain "cryptpad"} = lib.mkIf config.services.cryptpad.enable {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    locations."/" = {
      proxyPass = "http://127.0.0.1:3457";
      proxyWebsockets = true;
    };
  };
  /**/

}