move cryptpad to cupsnet

This commit is contained in:
Cyryl Płotnicki 2024-01-15 14:15:15 +00:00
parent 50222fd780
commit d2074dcdd9
7 changed files with 90 additions and 228 deletions

View file

@ -44,6 +44,27 @@
"type": "github"
}
},
"cryptpad": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1703245373,
"narHash": "sha256-diJVcEb5RzMQqrXl2hXUUY1SvSSJEg4ttpzij6skyew=",
"owner": "michaelshmitty",
"repo": "cryptpad-flake",
"rev": "369a95c89e1448a1bc26ad8d0e57618fc0a5dc90",
"type": "github"
},
"original": {
"owner": "michaelshmitty",
"repo": "cryptpad-flake",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -151,6 +172,24 @@
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
@ -366,11 +405,12 @@
"root": {
"inputs": {
"alejandra": "alejandra",
"cryptpad": "cryptpad",
"darwin": "darwin",
"disko": "disko",
"endless-sky": "endless-sky",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"helix": "helix",
"home-manager": "home-manager",
"nil": "nil",
@ -491,6 +531,21 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"veracrypt": {
"locked": {
"lastModified": 1696681798,

View file

@ -2,6 +2,7 @@
description = "NixOS configuration with flakes";
outputs = {
alejandra,
cryptpad,
darwin,
disko,
endless-sky,
@ -29,6 +30,10 @@
(import ./nixos/server-common.nix)
sops.nixosModules.sops
disko.nixosModules.disko
({pkgs, ...}: {
nixpkgs.overlays = [inputs.cryptpad.overlays.default];
})
inputs.cryptpad.nixosModules.cryptpad
];
specialArgs = {inherit inputs system;};
};
@ -322,6 +327,12 @@
ref = "main";
inputs.nixpkgs.follows = "nixpkgs-nixos-unstable";
};
cryptpad = {
url = "github:michaelshmitty/cryptpad-flake";
inputs = {
nixpkgs.follows = "nixpkgs-stable";
};
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs-stable";

View file

@ -0,0 +1,22 @@
{
config,
pkgs,
inputs,
lib,
...
}: let
baseDomain = "peninsula.industries";
domain = "https://notes.${baseDomain}";
sandboxDomain = "https://notes-sandbox.${baseDomain}";
in {
imports = [../nginx.nix];
services.cryptpad = {
enable = true;
configureNginx = true;
settings = {
httpUnsafeOrigin = domain;
httpSafeOrigin = sandboxDomain;
adminKeys = ["[cyplo@notes.peninsula.industries/I6JogBXmOeSxP0QSMltqs24QR4qgnpo70eRbDDLAFwA=]"];
};
};
}

View file

@ -10,6 +10,7 @@
../cli.nix
../send-logs.nix
./boot.nix
./cryptpad.nix
./disks.nix
./gitea.nix
./ssh.nix

View file

@ -1,178 +0,0 @@
/* globals module */
module.exports = {
httpUnsafeOrigin: 'https://notes.peninsula.industries',
httpSafeOrigin: "https://notes-sandbox.peninsula.industries",
httpAddress: '::',
httpPort: 3000,
httpSafePort: 3001,
adminKeys: [
"[cyplo@notes.peninsula.industries/Ii+Y2Z5ZDAN2fFpAEQu93SDjQcWkSfY7eaSvhCJedX8=]",
],
/* =====================
* STORAGE
* ===================== */
/* Pads that are not 'pinned' by any registered user can be set to expire
* after a configurable number of days of inactivity (default 90 days).
* The value can be changed or set to false to remove expiration.
* Expired pads can then be removed using a cron job calling the
* `evict-inactive.js` script with node
*
* defaults to 90 days if nothing is provided
*/
//inactiveTime: 90, // days
/* CryptPad archives some data instead of deleting it outright.
* This archived data still takes up space and so you'll probably still want to
* remove these files after a brief period.
*
* cryptpad/scripts/evict-inactive.js is intended to be run daily
* from a crontab or similar scheduling service.
*
* The intent with this feature is to provide a safety net in case of accidental
* deletion. Set this value to the number of days you'd like to retain
* archived data before it's removed permanently.
*
* defaults to 15 days if nothing is provided
*/
//archiveRetentionTime: 15,
/* It's possible to configure your instance to remove data
* stored on behalf of inactive accounts. Set 'accountRetentionTime'
* to the number of days an account can remain idle before its
* documents and other account data is removed.
*
* Leave this value commented out to preserve all data stored
* by user accounts regardless of inactivity.
*/
//accountRetentionTime: 365,
/* Starting with CryptPad 3.23.0, the server automatically runs
* the script responsible for removing inactive data according to
* your configured definition of inactivity. Set this value to `true`
* if you prefer not to remove inactive data, or if you prefer to
* do so manually using `scripts/evict-inactive.js`.
*/
//disableIntegratedEviction: true,
/* Max Upload Size (bytes)
* this sets the maximum size of any one file uploaded to the server.
* anything larger than this size will be rejected
* defaults to 20MB if no value is provided
*/
//maxUploadSize: 20 * 1024 * 1024,
/* Users with premium accounts (those with a plan included in their customLimit)
* can benefit from an increased upload size limit. By default they are restricted to the same
* upload size as any other registered user.
*
*/
//premiumUploadSize: 100 * 1024 * 1024,
/* =====================
* DATABASE VOLUMES
* ===================== */
/*
* CryptPad stores each document in an individual file on your hard drive.
* Specify a directory where files should be stored.
* It will be created automatically if it does not already exist.
*/
filePath: './datastore/',
/* CryptPad offers the ability to archive data for a configurable period
* before deleting it, allowing a means of recovering data in the event
* that it was deleted accidentally.
*
* To set the location of this archive directory to a custom value, change
* the path below:
*/
archivePath: './data/archive',
/* CryptPad allows logged in users to request that particular documents be
* stored by the server indefinitely. This is called 'pinning'.
* Pin requests are stored in a pin-store. The location of this store is
* defined here.
*/
pinPath: './data/pins',
/* if you would like the list of scheduled tasks to be stored in
a custom location, change the path below:
*/
taskPath: './data/tasks',
/* if you would like users' authenticated blocks to be stored in
a custom location, change the path below:
*/
blockPath: './block',
/* CryptPad allows logged in users to upload encrypted files. Files/blobs
* are stored in a 'blob-store'. Set its location here.
*/
blobPath: './blob',
/* CryptPad stores incomplete blobs in a 'staging' area until they are
* fully uploaded. Set its location here.
*/
blobStagingPath: './data/blobstage',
decreePath: './data/decrees',
/* CryptPad supports logging events directly to the disk in a 'logs' directory
* Set its location here, or set it to false (or nothing) if you'd rather not log
*/
logPath: './data/logs',
/* =====================
* Debugging
* ===================== */
/* CryptPad can log activity to stdout
* This may be useful for debugging
*/
logToStdout: false,
/* CryptPad can be configured to log more or less
* the various settings are listed below by order of importance
*
* silly, verbose, debug, feedback, info, warn, error
*
* Choose the least important level of logging you wish to see.
* For example, a 'silly' logLevel will display everything,
* while 'info' will display 'info', 'warn', and 'error' logs
*
* This will affect both logging to the console and the disk.
*/
logLevel: 'debug',
/* clients can use the /settings/ app to opt out of usage feedback
* which informs the server of things like how much each app is being
* used, and whether certain clientside features are supported by
* the client's browser. The intent is to provide feedback to the admin
* such that the service can be improved. Enable this with `true`
* and ignore feedback with `false` or by commenting the attribute
*
* You will need to set your logLevel to include 'feedback'. Set this
* to false if you'd like to exclude feedback from your logs.
*/
logFeedback: false,
/* CryptPad supports verbose logging
* (false by default)
*/
verbose: false,
/* Surplus information:
*
* 'installMethod' is included in server telemetry to voluntarily
* indicate how many instances are using unofficial installation methods
* such as Docker.
*
*/
installMethod: 'unspecified',
};

View file

@ -1,48 +0,0 @@
{
config,
pkgs,
inputs,
lib,
...
}: let
baseDomain = "peninsula.industries";
domain = "notes.${baseDomain}";
sandboxDomain = "notes-sandbox.${baseDomain}";
in {
imports = [../nginx.nix];
services.nginx = {
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
serverAliases = ["${sandboxDomain}"];
locations."/" = {
proxyPass = "http://127.0.0.1:9005";
proxyWebsockets = true;
};
};
};
};
virtualisation.oci-containers.containers.cryptpad = {
image = "promasu/cryptpad@sha256:29c61f69e41173188c0592e72f2273cf23a83f48e7d143337e2cd7fea441ed87";
volumes = [
"${./cryptpad.config.js}:/cryptpad/config/config.js"
"cryptpad_blob:/cryptpad/blob"
"cryptpad_block:/cryptpad/block"
"cryptpad_customize:/cryptpad/customize"
"cryptpad_data:/cryptpad/data"
"cryptpad_data_files:/cryptpad/datastore"
];
environment = {
CPAD_MAIN_DOMAIN = domain;
CPAD_SANDBOX_DOMAIN = sandboxDomain;
CPAD_REALIP_HEADER = "X-Forwarded-For";
CPAD_REALIP_RECURSIVE = "on";
CPAD_TRUSTED_PROXY = "0.0.0.0/0";
CPAD_HTTP2_DISABLE = "true";
};
ports = ["9005:80"];
};
}

View file

@ -7,7 +7,6 @@
../nginx.nix
../send-logs.nix
./backups.nix
./cryptpad.nix
./foundryvtt.nix
./mastodon.nix
./rss.nix