From 54c3dc0bff5e3ed2c4cae460377e4abab3fe158d Mon Sep 17 00:00:00 2001
From: Alexander Wallau <alexander.wallau@gmx.net>
Date: Sun, 28 Jul 2024 11:32:26 +0200
Subject: [PATCH] Cryptpad module

---
 machines/mayer/configuration.nix |  8 +++++
 modules/cryptpad/default.nix     | 55 ++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 modules/cryptpad/default.nix

diff --git a/machines/mayer/configuration.nix b/machines/mayer/configuration.nix
index aeaa6ef..2a4a569 100644
--- a/machines/mayer/configuration.nix
+++ b/machines/mayer/configuration.nix
@@ -32,6 +32,14 @@
           port = "3134";
         };
       };
+      cryptpad = {
+        enable = true;
+        domain = "cryptpad.alexanderwallau.de";
+        httpSafeOrigin = "cryptpad-sb.alexanderwallau.de";
+        Port = 3001;
+        websocketPort = 3002;
+        #adminKeys = [ "[
+      };
     docker.enable = true;
     # enable freshrss
     freshrss = {
diff --git a/modules/cryptpad/default.nix b/modules/cryptpad/default.nix
new file mode 100644
index 0000000..a3dab82
--- /dev/null
+++ b/modules/cryptpad/default.nix
@@ -0,0 +1,55 @@
+# RSS aggregator and reader
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.awallau.cryptpad;
+in
+{
+  options.awallau.cryptpad = with lib; {
+    enable = lib.mkEnableOption "Cryptpad - a collaboration suite that is end-to-end-encrypted and open-source ";
+
+    domain = mkOption {
+      type = types.str;
+      example = "https://cryptpad.example.com";
+      default = "";
+      description = "This is the URL that users will enter to load your instance";
+          };
+    httpSafeOrigin = mkOption {
+      type = types.nullOr types.str;
+      example = "https://cryptpad-ui.example.com. Apparently optional but recommended.";
+      description = "Cryptpad sandbox URL";
+          };
+    Port = mkOption {
+      type = types.int;
+      default = 3001;
+      description = "Port on which the Node.js server should listen";
+      };
+      websocketPort = mkOption {
+      type = types.int;
+      default = 3002;
+      description = "Port for the websocket that needs to be separate";
+      };
+      adminKeys = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        description = "List of public signing keys of users that can access the admin panel";
+        example = [ "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]" ];
+        };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services = {
+      cryptpad.settings = {
+        httpUnsafeOrigin  = "${cfg.domain}";
+        httpsSafeOrigin = "${cfg.httpSafeOrigin}";
+        httpPort = "${cfg.Port}";
+        websocketPort = "${cfg.websocketPort}";
+        adminKeys = "${cfg.adminKeys}";
+      };
+
+
+    nginx.virtualHosts."${cfg.domain}" = {
+      locations."/".proxyPass = "http://127.0.0.1:3001";
+    };
+  };
+};
+}