Working cryptpad

app/cryptpad/build/common.nix

@@ -1,6 +1,6 @@
 rec {
-  cryptpadVersion = "4.14.1";
-  cryptpadCommit = "5979aafdee90aab232658374b11aca8331fd0421";
+  cryptpadVersion = "4.14.1+2";
+  cryptpadCommit = "18c371bb5bda068a5d962dd7c4f0726320eea5e9";
 
   pkgsSrc = fetchTarball {
     # Latest commit on https://github.com/NixOS/nixpkgs/tree/nixos-21.11
@@ -9,7 +9,7 @@ rec {
     sha256 = "sha256:1d7zg96xw4qsqh7c89pgha9wkq3rbi9as3k3d88jlxy2z0ns0cy2";
   };
   cryptpadSrc = builtins.fetchGit {
-    url = "https://github.com/xwiki-labs/cryptpad";
+    url = "https://github.com/superboum/cryptpad";
     ref = "refs/tags/${cryptpadVersion}";
     rev = cryptpadCommit;
   };

app/cryptpad/build/default.nix

@@ -39,30 +39,35 @@ in
       find node_modules -type f ! -path 'node_modules/gar/*' -executable -print | tee >(xargs -n 20 rm)
 
       # Remove only office that IS BIG
-      rm -rf www/common/onlyoffice
+      # COMMENTED as it is not as easy as planned.
+      # rm -rf www/common/onlyoffice
     '';
 
     installPhase = ''
       mkdir -p $out/{bin,opt}
 
+      out_cryptpad=$out/opt/
+
       # copy the source code
-      cp -r .bowerrc bower.json package.json package-lock.json customize.dist lib server.js www $out/opt/
+      cp -r .bowerrc bower.json package.json package-lock.json customize.dist lib server.js www $out_cryptpad
 
       # mount node_modules
-      cp -r node_modules $out/opt/node_modules
+      cp -r node_modules $out_cryptpad/node_modules
 
+      # patch
+      substituteInPlace $out_cryptpad/lib/workers/index.js --replace "lib/workers/db-worker" "$out_cryptpad/lib/workers/db-worker"
 
       # mount bower, based on the .bowerrc file at the git repo root
-      cp -r ${bower}/bower_components $out/opt/www/
+      cp -r ${bower}/bower_components $out_cryptpad/www/
 
       # cryptpad is bugged with absolute path, this is a workaround to use absolute path as relative path
-      ln -s / $out/opt/root
+      ln -s / $out_cryptpad/root
 
-      # start script
+      # start script, cryptpad is lost if its working directory is not its source directory
       cat > $out/bin/cryptpad <<EOF
       #!${pkgs.stdenv.shell}
-      cd $out/opt/
-      ${nodejs}/bin/node server.js
+      cd $out_cryptpad
+      exec ${nodejs}/bin/node server.js
       EOF
 
       chmod +x $out/bin/cryptpad

app/cryptpad/build/docker.nix

@@ -3,7 +3,7 @@ let
   pkgs = import common.pkgsSrc {};
   app = import ./default.nix;
 in
-  pkgs.dockerTools.buildImage {
+  pkgs.dockerTools.buildLayeredImage {
     name = "superboum/cryptpad";
     config = {
       Cmd = [ "${app}/bin/cryptpad" ];

app/cryptpad/config/application_config.js

@@ -0,0 +1,40 @@
+/*
+ * You can override the configurable values from this file.
+ * The recommended method is to make a copy of this file (/customize.dist/application_config.js)
+   in a 'customize' directory (/customize/application_config.js).
+ * If you want to check all the configurable values, you can open the internal configuration file
+   but you should not change it directly (/common/application_config_internal.js)
+*/
+define(['/common/application_config_internal.js'], function (AppConfig) {
+    // To inform users of the support ticket panel which languages your admins speak:
+    AppConfig.supportLanguages = [ 'en', 'fr' ];
+
+    /* Select the buttons displayed on the main page to create new collaborative sessions.
+     * Removing apps from the list will prevent users from accessing them. They will instead be
+     * redirected to the drive.
+     * You should never remove the drive from this list.
+     */
+    AppConfig.availablePadTypes = ['drive', 'teams', 'doc', 'presentation', 'pad', 'kanban', 'code', 'form', 'poll', 'whiteboard',
+                                'file', 'contacts', 'slide', 'convert'];
+    // disabled: sheet
+
+    /* You can display a link to your own privacy policy in the static pages footer.
+     * Since this is different for each individual or organization there is no default value.
+     * See the comments above for a description of possible configurations.
+     */
+    AppConfig.privacy = {
+      "default": "https://deuxfleurs.fr/CGU.html",
+    };
+
+    /* You can display a link to your instances's terms of service in the static pages footer.
+     * A default is included for backwards compatibility, but we recommend replacing this
+     * with your own terms.
+     *
+     * See the comments above for a description of possible configurations.
+     */
+    AppConfig.terms = {
+      "default": "https://deuxfleurs.fr/CGU.html",
+    };
+
+    return AppConfig;
+});

app/cryptpad/config/config.js

@@ -90,7 +90,7 @@ module.exports = {
  *  that of your httpPort + 1. You probably don't need to change this.
  *
  */
-    httpSafePort: 3001,
+    // httpSafePort: 3001,
 
 /*  CryptPad will launch a child process for every core available
  *  in order to perform CPU-intensive tasks in parallel.
@@ -111,11 +111,9 @@ module.exports = {
      *  key, which can be found on the settings page for registered users.
      *  Entries should be strings separated by a comma.
      */
-/*
     adminKeys: [
-        //"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
+	"[quentin@pad.deuxfleurs.fr/EWtzm-CiqJnM9RZL9mj-YyTgAtX-Zh76sru1K5bFpN8=]",
     ],
-*/
 
     /* =====================
      *        STORAGE
@@ -253,7 +251,7 @@ module.exports = {
      *
      * This will affect both logging to the console and the disk.
      */
-    logLevel: 'debug',
+    logLevel: 'silly',
 
     /*  clients can use the /settings/ app to opt out of usage feedback
      *  which informs the server of things like how much each app is being

app/cryptpad/deploy/cryptpad.hcl

@@ -6,12 +6,9 @@ job "cryptpad" {
     count = 1
 
     network {
-      port "unsafe" {
+      port "http" {
         to = 3000
       }
-      port "sandbox" {
-        to = 3001
-      }
     }
 
     restart {
@@ -21,9 +18,16 @@ job "cryptpad" {
 
     task "main" {
       driver = "docker"
+
+      constraint {
+        attribute = "${attr.unique.hostname}"
+        operator = "="
+        value = "courgette"
+      }
+
       config {
-        image = "superboum/cryptpad:7l2fgdl9bfvf8s87rparamm9cvhb5ind"
-        ports = [ "unsafe", "sandbox" ]
+        image = "superboum/cryptpad:0p3s44hjh4s1x55kbwkmywmwmx4wfyb8"
+        ports = [ "http" ]
 
         volumes = [
           "/mnt/storage/cryptpad:/mnt",
@@ -39,29 +43,22 @@ job "cryptpad" {
         destination = "secrets/config.js"
       }
 
+      /* Disabled because it requires modifications to the docker image and I do not want to invest the time yet
+      template {
+        data = file("../config/application_config.js")
+        destination = "secrets/config.js"
+      }
+      */
+
       resources {
         memory = 1000
         cpu = 500
       }
 
       service {
-        port = "unsafe"
+        port = "http"
         tags = [
           "tricot pad.deuxfleurs.fr",
-          "tricot-add-header Cross-Origin-Resource-Policy cross-origin",
-          "tricot-add-header Cross-Origin-Embedder-Policy require-corp",
-        ]
-        check {
-          type = "http"
-          path = "/"
-          interval = "10s"
-          timeout = "2s"
-        }
-      }
-
-      service {
-        port = "sandbox"
-        tags = [
           "tricot pad-sandbox.deuxfleurs.fr",
           "tricot-add-header Cross-Origin-Resource-Policy cross-origin",
           "tricot-add-header Cross-Origin-Embedder-Policy require-corp",