From d2074dcdd9d3e05968de5fb9e7faa1b44a1a8eec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Mon, 15 Jan 2024 14:15:15 +0000 Subject: [PATCH] move cryptpad to cupsnet --- flake.lock | 57 +++++++- flake.nix | 11 ++ nixos/boxes/cupsnet/cryptpad.nix | 22 +++ nixos/boxes/cupsnet/default.nix | 1 + nixos/boxes/vpsfree1/cryptpad.config.js | 178 ------------------------ nixos/boxes/vpsfree1/cryptpad.nix | 48 ------- nixos/boxes/vpsfree1/default.nix | 1 - 7 files changed, 90 insertions(+), 228 deletions(-) create mode 100644 nixos/boxes/cupsnet/cryptpad.nix delete mode 100644 nixos/boxes/vpsfree1/cryptpad.config.js delete mode 100644 nixos/boxes/vpsfree1/cryptpad.nix diff --git a/flake.lock b/flake.lock index 0642ae87..5c5053b9 100644 --- a/flake.lock +++ b/flake.lock @@ -44,6 +44,27 @@ "type": "github" } }, + "cryptpad": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1703245373, + "narHash": "sha256-diJVcEb5RzMQqrXl2hXUUY1SvSSJEg4ttpzij6skyew=", + "owner": "michaelshmitty", + "repo": "cryptpad-flake", + "rev": "369a95c89e1448a1bc26ad8d0e57618fc0a5dc90", + "type": "github" + }, + "original": { + "owner": "michaelshmitty", + "repo": "cryptpad-flake", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -151,6 +172,24 @@ "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, "original": { "owner": "numtide", "ref": "main", @@ -366,11 +405,12 @@ "root": { "inputs": { "alejandra": "alejandra", + "cryptpad": "cryptpad", "darwin": "darwin", "disko": "disko", "endless-sky": "endless-sky", "flake-compat": "flake-compat", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "helix": "helix", "home-manager": "home-manager", "nil": "nil", @@ -491,6 +531,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "veracrypt": { "locked": { "lastModified": 1696681798, diff --git a/flake.nix b/flake.nix index d75e03f0..4a02a8c5 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ description = "NixOS configuration with flakes"; outputs = { alejandra, + cryptpad, darwin, disko, endless-sky, @@ -29,6 +30,10 @@ (import ./nixos/server-common.nix) sops.nixosModules.sops disko.nixosModules.disko + ({pkgs, ...}: { + nixpkgs.overlays = [inputs.cryptpad.overlays.default]; + }) + inputs.cryptpad.nixosModules.cryptpad ]; specialArgs = {inherit inputs system;}; }; @@ -322,6 +327,12 @@ ref = "main"; inputs.nixpkgs.follows = "nixpkgs-nixos-unstable"; }; + cryptpad = { + url = "github:michaelshmitty/cryptpad-flake"; + inputs = { + nixpkgs.follows = "nixpkgs-stable"; + }; + }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs-stable"; diff --git a/nixos/boxes/cupsnet/cryptpad.nix b/nixos/boxes/cupsnet/cryptpad.nix new file mode 100644 index 00000000..7e54061a --- /dev/null +++ b/nixos/boxes/cupsnet/cryptpad.nix @@ -0,0 +1,22 @@ +{ + config, + pkgs, + inputs, + lib, + ... +}: let + baseDomain = "peninsula.industries"; + domain = "https://notes.${baseDomain}"; + sandboxDomain = "https://notes-sandbox.${baseDomain}"; +in { + imports = [../nginx.nix]; + services.cryptpad = { + enable = true; + configureNginx = true; + settings = { + httpUnsafeOrigin = domain; + httpSafeOrigin = sandboxDomain; + adminKeys = ["[cyplo@notes.peninsula.industries/I6JogBXmOeSxP0QSMltqs24QR4qgnpo70eRbDDLAFwA=]"]; + }; + }; +} diff --git a/nixos/boxes/cupsnet/default.nix b/nixos/boxes/cupsnet/default.nix index 25b0aa48..8dd89d3f 100644 --- a/nixos/boxes/cupsnet/default.nix +++ b/nixos/boxes/cupsnet/default.nix @@ -10,6 +10,7 @@ ../cli.nix ../send-logs.nix ./boot.nix + ./cryptpad.nix ./disks.nix ./gitea.nix ./ssh.nix diff --git a/nixos/boxes/vpsfree1/cryptpad.config.js b/nixos/boxes/vpsfree1/cryptpad.config.js deleted file mode 100644 index cff89f4f..00000000 --- a/nixos/boxes/vpsfree1/cryptpad.config.js +++ /dev/null @@ -1,178 +0,0 @@ -/* globals module */ - -module.exports = { - httpUnsafeOrigin: 'https://notes.peninsula.industries', - httpSafeOrigin: "https://notes-sandbox.peninsula.industries", - httpAddress: '::', - httpPort: 3000, - httpSafePort: 3001, - - adminKeys: [ - "[cyplo@notes.peninsula.industries/Ii+Y2Z5ZDAN2fFpAEQu93SDjQcWkSfY7eaSvhCJedX8=]", - ], - - /* ===================== - * STORAGE - * ===================== */ - - /* Pads that are not 'pinned' by any registered user can be set to expire - * after a configurable number of days of inactivity (default 90 days). - * The value can be changed or set to false to remove expiration. - * Expired pads can then be removed using a cron job calling the - * `evict-inactive.js` script with node - * - * defaults to 90 days if nothing is provided - */ - //inactiveTime: 90, // days - - /* CryptPad archives some data instead of deleting it outright. - * This archived data still takes up space and so you'll probably still want to - * remove these files after a brief period. - * - * cryptpad/scripts/evict-inactive.js is intended to be run daily - * from a crontab or similar scheduling service. - * - * The intent with this feature is to provide a safety net in case of accidental - * deletion. Set this value to the number of days you'd like to retain - * archived data before it's removed permanently. - * - * defaults to 15 days if nothing is provided - */ - //archiveRetentionTime: 15, - - /* It's possible to configure your instance to remove data - * stored on behalf of inactive accounts. Set 'accountRetentionTime' - * to the number of days an account can remain idle before its - * documents and other account data is removed. - * - * Leave this value commented out to preserve all data stored - * by user accounts regardless of inactivity. - */ - //accountRetentionTime: 365, - - /* Starting with CryptPad 3.23.0, the server automatically runs - * the script responsible for removing inactive data according to - * your configured definition of inactivity. Set this value to `true` - * if you prefer not to remove inactive data, or if you prefer to - * do so manually using `scripts/evict-inactive.js`. - */ - //disableIntegratedEviction: true, - - - /* Max Upload Size (bytes) - * this sets the maximum size of any one file uploaded to the server. - * anything larger than this size will be rejected - * defaults to 20MB if no value is provided - */ - //maxUploadSize: 20 * 1024 * 1024, - - /* Users with premium accounts (those with a plan included in their customLimit) - * can benefit from an increased upload size limit. By default they are restricted to the same - * upload size as any other registered user. - * - */ - //premiumUploadSize: 100 * 1024 * 1024, - - /* ===================== - * DATABASE VOLUMES - * ===================== */ - - /* - * CryptPad stores each document in an individual file on your hard drive. - * Specify a directory where files should be stored. - * It will be created automatically if it does not already exist. - */ - filePath: './datastore/', - - /* CryptPad offers the ability to archive data for a configurable period - * before deleting it, allowing a means of recovering data in the event - * that it was deleted accidentally. - * - * To set the location of this archive directory to a custom value, change - * the path below: - */ - archivePath: './data/archive', - - /* CryptPad allows logged in users to request that particular documents be - * stored by the server indefinitely. This is called 'pinning'. - * Pin requests are stored in a pin-store. The location of this store is - * defined here. - */ - pinPath: './data/pins', - - /* if you would like the list of scheduled tasks to be stored in - a custom location, change the path below: - */ - taskPath: './data/tasks', - - /* if you would like users' authenticated blocks to be stored in - a custom location, change the path below: - */ - blockPath: './block', - - /* CryptPad allows logged in users to upload encrypted files. Files/blobs - * are stored in a 'blob-store'. Set its location here. - */ - blobPath: './blob', - - /* CryptPad stores incomplete blobs in a 'staging' area until they are - * fully uploaded. Set its location here. - */ - blobStagingPath: './data/blobstage', - - decreePath: './data/decrees', - - /* CryptPad supports logging events directly to the disk in a 'logs' directory - * Set its location here, or set it to false (or nothing) if you'd rather not log - */ - logPath: './data/logs', - - /* ===================== - * Debugging - * ===================== */ - - /* CryptPad can log activity to stdout - * This may be useful for debugging - */ - logToStdout: false, - - /* CryptPad can be configured to log more or less - * the various settings are listed below by order of importance - * - * silly, verbose, debug, feedback, info, warn, error - * - * Choose the least important level of logging you wish to see. - * For example, a 'silly' logLevel will display everything, - * while 'info' will display 'info', 'warn', and 'error' logs - * - * This will affect both logging to the console and the disk. - */ - logLevel: 'debug', - - /* clients can use the /settings/ app to opt out of usage feedback - * which informs the server of things like how much each app is being - * used, and whether certain clientside features are supported by - * the client's browser. The intent is to provide feedback to the admin - * such that the service can be improved. Enable this with `true` - * and ignore feedback with `false` or by commenting the attribute - * - * You will need to set your logLevel to include 'feedback'. Set this - * to false if you'd like to exclude feedback from your logs. - */ - logFeedback: false, - - /* CryptPad supports verbose logging - * (false by default) - */ - verbose: false, - - /* Surplus information: - * - * 'installMethod' is included in server telemetry to voluntarily - * indicate how many instances are using unofficial installation methods - * such as Docker. - * - */ - installMethod: 'unspecified', -}; - diff --git a/nixos/boxes/vpsfree1/cryptpad.nix b/nixos/boxes/vpsfree1/cryptpad.nix deleted file mode 100644 index 544bd94e..00000000 --- a/nixos/boxes/vpsfree1/cryptpad.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - config, - pkgs, - inputs, - lib, - ... -}: let - baseDomain = "peninsula.industries"; - domain = "notes.${baseDomain}"; - sandboxDomain = "notes-sandbox.${baseDomain}"; -in { - imports = [../nginx.nix]; - - services.nginx = { - virtualHosts = { - "${domain}" = { - forceSSL = true; - enableACME = true; - serverAliases = ["${sandboxDomain}"]; - locations."/" = { - proxyPass = "http://127.0.0.1:9005"; - proxyWebsockets = true; - }; - }; - }; - }; - virtualisation.oci-containers.containers.cryptpad = { - image = "promasu/cryptpad@sha256:29c61f69e41173188c0592e72f2273cf23a83f48e7d143337e2cd7fea441ed87"; - volumes = [ - "${./cryptpad.config.js}:/cryptpad/config/config.js" - - "cryptpad_blob:/cryptpad/blob" - "cryptpad_block:/cryptpad/block" - "cryptpad_customize:/cryptpad/customize" - "cryptpad_data:/cryptpad/data" - "cryptpad_data_files:/cryptpad/datastore" - ]; - environment = { - CPAD_MAIN_DOMAIN = domain; - CPAD_SANDBOX_DOMAIN = sandboxDomain; - CPAD_REALIP_HEADER = "X-Forwarded-For"; - CPAD_REALIP_RECURSIVE = "on"; - CPAD_TRUSTED_PROXY = "0.0.0.0/0"; - CPAD_HTTP2_DISABLE = "true"; - }; - ports = ["9005:80"]; - }; -} diff --git a/nixos/boxes/vpsfree1/default.nix b/nixos/boxes/vpsfree1/default.nix index 541ef209..646a39c0 100644 --- a/nixos/boxes/vpsfree1/default.nix +++ b/nixos/boxes/vpsfree1/default.nix @@ -7,7 +7,6 @@ ../nginx.nix ../send-logs.nix ./backups.nix - ./cryptpad.nix ./foundryvtt.nix ./mastodon.nix ./rss.nix