move cryptpad to cupsnet

flake.lock

@@ -44,6 +44,27 @@
         "type": "github"
       }
     },
+    "cryptpad": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703245373,
+        "narHash": "sha256-diJVcEb5RzMQqrXl2hXUUY1SvSSJEg4ttpzij6skyew=",
+        "owner": "michaelshmitty",
+        "repo": "cryptpad-flake",
+        "rev": "369a95c89e1448a1bc26ad8d0e57618fc0a5dc90",
+        "type": "github"
+      },
+      "original": {
+        "owner": "michaelshmitty",
+        "repo": "cryptpad-flake",
+        "type": "github"
+      }
+    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -151,6 +172,24 @@
         "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
         "type": "github"
       },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
       "original": {
         "owner": "numtide",
         "ref": "main",
@@ -366,11 +405,12 @@
     "root": {
       "inputs": {
         "alejandra": "alejandra",
+        "cryptpad": "cryptpad",
         "darwin": "darwin",
         "disko": "disko",
         "endless-sky": "endless-sky",
         "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
         "helix": "helix",
         "home-manager": "home-manager",
         "nil": "nil",
@@ -491,6 +531,21 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "veracrypt": {
       "locked": {
         "lastModified": 1696681798,

flake.nix

@@ -2,6 +2,7 @@
   description = "NixOS configuration with flakes";
   outputs = {
     alejandra,
+    cryptpad,
     darwin,
     disko,
     endless-sky,
@@ -29,6 +30,10 @@
           (import ./nixos/server-common.nix)
           sops.nixosModules.sops
           disko.nixosModules.disko
+          ({pkgs, ...}: {
+            nixpkgs.overlays = [inputs.cryptpad.overlays.default];
+          })
+          inputs.cryptpad.nixosModules.cryptpad
         ];
         specialArgs = {inherit inputs system;};
       };
@@ -322,6 +327,12 @@
       ref = "main";
       inputs.nixpkgs.follows = "nixpkgs-nixos-unstable";
     };
+    cryptpad = {
+      url = "github:michaelshmitty/cryptpad-flake";
+      inputs = {
+        nixpkgs.follows = "nixpkgs-stable";
+      };
+    };
     disko = {
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs-stable";

nixos/boxes/cupsnet/cryptpad.nix

@@ -0,0 +1,22 @@
+{
+  config,
+  pkgs,
+  inputs,
+  lib,
+  ...
+}: let
+  baseDomain = "peninsula.industries";
+  domain = "https://notes.${baseDomain}";
+  sandboxDomain = "https://notes-sandbox.${baseDomain}";
+in {
+  imports = [../nginx.nix];
+  services.cryptpad = {
+    enable = true;
+    configureNginx = true;
+    settings = {
+      httpUnsafeOrigin = domain;
+      httpSafeOrigin = sandboxDomain;
+      adminKeys = ["[cyplo@notes.peninsula.industries/I6JogBXmOeSxP0QSMltqs24QR4qgnpo70eRbDDLAFwA=]"];
+    };
+  };
+}

nixos/boxes/cupsnet/default.nix

@@ -10,6 +10,7 @@
     ../cli.nix
     ../send-logs.nix
     ./boot.nix
+    ./cryptpad.nix
     ./disks.nix
     ./gitea.nix
     ./ssh.nix

nixos/boxes/vpsfree1/cryptpad.config.js

@@ -1,178 +0,0 @@
-/* globals module */
-
-module.exports = {
-    httpUnsafeOrigin: 'https://notes.peninsula.industries',
-    httpSafeOrigin: "https://notes-sandbox.peninsula.industries",
-    httpAddress: '::',
-    httpPort: 3000,
-    httpSafePort: 3001,
-
-    adminKeys: [
-        "[cyplo@notes.peninsula.industries/Ii+Y2Z5ZDAN2fFpAEQu93SDjQcWkSfY7eaSvhCJedX8=]",
-    ],
-
-    /* =====================
-     *        STORAGE
-     * ===================== */
-
-    /*  Pads that are not 'pinned' by any registered user can be set to expire
-     *  after a configurable number of days of inactivity (default 90 days).
-     *  The value can be changed or set to false to remove expiration.
-     *  Expired pads can then be removed using a cron job calling the
-     *  `evict-inactive.js` script with node
-     *
-     *  defaults to 90 days if nothing is provided
-     */
-    //inactiveTime: 90, // days
-
-    /*  CryptPad archives some data instead of deleting it outright.
-     *  This archived data still takes up space and so you'll probably still want to
-     *  remove these files after a brief period.
-     *
-     *  cryptpad/scripts/evict-inactive.js is intended to be run daily
-     *  from a crontab or similar scheduling service.
-     *
-     *  The intent with this feature is to provide a safety net in case of accidental
-     *  deletion. Set this value to the number of days you'd like to retain
-     *  archived data before it's removed permanently.
-     *
-     *  defaults to 15 days if nothing is provided
-     */
-    //archiveRetentionTime: 15,
-
-    /*  It's possible to configure your instance to remove data
-     *  stored on behalf of inactive accounts. Set 'accountRetentionTime'
-     *  to the number of days an account can remain idle before its
-     *  documents and other account data is removed.
-     *
-     *  Leave this value commented out to preserve all data stored
-     *  by user accounts regardless of inactivity.
-     */
-    //accountRetentionTime: 365,
-
-    /*  Starting with CryptPad 3.23.0, the server automatically runs
-     *  the script responsible for removing inactive data according to
-     *  your configured definition of inactivity. Set this value to `true`
-     *  if you prefer not to remove inactive data, or if you prefer to
-     *  do so manually using `scripts/evict-inactive.js`.
-     */
-    //disableIntegratedEviction: true,
-
-
-    /*  Max Upload Size (bytes)
-     *  this sets the maximum size of any one file uploaded to the server.
-     *  anything larger than this size will be rejected
-     *  defaults to 20MB if no value is provided
-     */
-    //maxUploadSize: 20 * 1024 * 1024,
-
-    /*  Users with premium accounts (those with a plan included in their customLimit)
-     *  can benefit from an increased upload size limit. By default they are restricted to the same
-     *  upload size as any other registered user.
-     *
-     */
-    //premiumUploadSize: 100 * 1024 * 1024,
-
-    /* =====================
-     *   DATABASE VOLUMES
-     * ===================== */
-
-    /*
-     *  CryptPad stores each document in an individual file on your hard drive.
-     *  Specify a directory where files should be stored.
-     *  It will be created automatically if it does not already exist.
-     */
-    filePath: './datastore/',
-
-    /*  CryptPad offers the ability to archive data for a configurable period
-     *  before deleting it, allowing a means of recovering data in the event
-     *  that it was deleted accidentally.
-     *
-     *  To set the location of this archive directory to a custom value, change
-     *  the path below:
-     */
-    archivePath: './data/archive',
-
-    /*  CryptPad allows logged in users to request that particular documents be
-     *  stored by the server indefinitely. This is called 'pinning'.
-     *  Pin requests are stored in a pin-store. The location of this store is
-     *  defined here.
-     */
-    pinPath: './data/pins',
-
-    /*  if you would like the list of scheduled tasks to be stored in
-                      a custom location, change the path below:
-                      */
-    taskPath: './data/tasks',
-
-    /*  if you would like users' authenticated blocks to be stored in
-                      a custom location, change the path below:
-                      */
-    blockPath: './block',
-
-    /*  CryptPad allows logged in users to upload encrypted files. Files/blobs
-     *  are stored in a 'blob-store'. Set its location here.
-     */
-    blobPath: './blob',
-
-    /*  CryptPad stores incomplete blobs in a 'staging' area until they are
-     *  fully uploaded. Set its location here.
-     */
-    blobStagingPath: './data/blobstage',
-
-    decreePath: './data/decrees',
-
-    /* CryptPad supports logging events directly to the disk in a 'logs' directory
-     * Set its location here, or set it to false (or nothing) if you'd rather not log
-     */
-    logPath: './data/logs',
-
-    /* =====================
-     *       Debugging
-     * ===================== */
-
-    /*  CryptPad can log activity to stdout
-     *  This may be useful for debugging
-     */
-    logToStdout: false,
-
-    /* CryptPad can be configured to log more or less
-     * the various settings are listed below by order of importance
-     *
-     * silly, verbose, debug, feedback, info, warn, error
-     *
-     * Choose the least important level of logging you wish to see.
-     * For example, a 'silly' logLevel will display everything,
-     * while 'info' will display 'info', 'warn', and 'error' logs
-     *
-     * This will affect both logging to the console and the disk.
-     */
-    logLevel: 'debug',
-
-    /*  clients can use the /settings/ app to opt out of usage feedback
-     *  which informs the server of things like how much each app is being
-     *  used, and whether certain clientside features are supported by
-     *  the client's browser. The intent is to provide feedback to the admin
-     *  such that the service can be improved. Enable this with `true`
-     *  and ignore feedback with `false` or by commenting the attribute
-     *
-     *  You will need to set your logLevel to include 'feedback'. Set this
-     *  to false if you'd like to exclude feedback from your logs.
-     */
-    logFeedback: false,
-
-    /*  CryptPad supports verbose logging
-     *  (false by default)
-     */
-    verbose: false,
-
-    /*  Surplus information:
-     *
-     *  'installMethod' is included in server telemetry to voluntarily
-     *  indicate how many instances are using unofficial installation methods
-     *  such as Docker.
-     *
-     */
-    installMethod: 'unspecified',
-};
-

nixos/boxes/vpsfree1/cryptpad.nix

@@ -1,48 +0,0 @@
-{
-  config,
-  pkgs,
-  inputs,
-  lib,
-  ...
-}: let
-  baseDomain = "peninsula.industries";
-  domain = "notes.${baseDomain}";
-  sandboxDomain = "notes-sandbox.${baseDomain}";
-in {
-  imports = [../nginx.nix];
-
-  services.nginx = {
-    virtualHosts = {
-      "${domain}" = {
-        forceSSL = true;
-        enableACME = true;
-        serverAliases = ["${sandboxDomain}"];
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:9005";
-          proxyWebsockets = true;
-        };
-      };
-    };
-  };
-  virtualisation.oci-containers.containers.cryptpad = {
-    image = "promasu/cryptpad@sha256:29c61f69e41173188c0592e72f2273cf23a83f48e7d143337e2cd7fea441ed87";
-    volumes = [
-      "${./cryptpad.config.js}:/cryptpad/config/config.js"
-
-      "cryptpad_blob:/cryptpad/blob"
-      "cryptpad_block:/cryptpad/block"
-      "cryptpad_customize:/cryptpad/customize"
-      "cryptpad_data:/cryptpad/data"
-      "cryptpad_data_files:/cryptpad/datastore"
-    ];
-    environment = {
-      CPAD_MAIN_DOMAIN = domain;
-      CPAD_SANDBOX_DOMAIN = sandboxDomain;
-      CPAD_REALIP_HEADER = "X-Forwarded-For";
-      CPAD_REALIP_RECURSIVE = "on";
-      CPAD_TRUSTED_PROXY = "0.0.0.0/0";
-      CPAD_HTTP2_DISABLE = "true";
-    };
-    ports = ["9005:80"];
-  };
-}

nixos/boxes/vpsfree1/default.nix

@@ -7,7 +7,6 @@
     ../nginx.nix
     ../send-logs.nix
     ./backups.nix
-    ./cryptpad.nix
     ./foundryvtt.nix
     ./mastodon.nix
     ./rss.nix