let
  common = import ./common.nix;
  pkgs = import common.pkgsSrc {};
  nodejs = pkgs.${common.nodejs};

  bower = (pkgs.buildBowerComponents {
    name = "cryptpad-${common.cryptpadVersion}-bower";
    generated = ./nix.lock/bower.nix;
    src = common.cryptpadSrc;
  }).overrideAttrs (old: {
    bowerPackages = old.bowerPackages.override (old_: {
      # add missing dependencies:
      # Those dependencies are EOL and they are not installed by buildBowerComponents,
      # but they are required, otherwise the resolver crashes.
      # * add the second jquery ~2.1.0 entry
      # * add the second bootstrap ~3.1.1 entry
      paths = old_.paths ++ [
        (pkgs.fetchbower "jquery" "2.1.0" "~2.1.0" "02kwvz93vzpv10qnp7s0dz3al0jh77awwrizb6wadsvgifxssnlr")
        (pkgs.fetchbower "bootstrap" "3.1.1" "~3.1.1" "06bhjwa8p7mzbpr3jkgydd804z1nwrkdql66h7jkfml99psv9811")
      ];
    });
  });

  npm = import ./nix.lock/npm.nix {
    inherit pkgs;
  };
   
in
  pkgs.stdenv.mkDerivation {
    name = "cryptpad-${common.cryptpadVersion}";
    src = common.cryptpadSrc;

    buildPhase = ''
      cp -r ${npm.nodeDependencies}/lib/node_modules node_modules
      chmod +w -R node_modules

      # clear executable files inside the node_modules folder to reduce dependencies
      # and attack surface
      find node_modules -type f ! -path 'node_modules/gar/*' -executable -print | tee >(xargs -n 20 rm)

      # Remove only office that IS BIG
      # COMMENTED as it is not as easy as planned.
      # rm -rf www/common/onlyoffice
    '';

    installPhase = ''
      mkdir -p $out/{bin,opt}

      out_cryptpad=$out/opt/

      # copy the source code
      cp -r .bowerrc bower.json package.json package-lock.json customize.dist lib server.js www $out_cryptpad

      # mount node_modules
      cp -r node_modules $out_cryptpad/node_modules

      # patch
      substituteInPlace $out_cryptpad/lib/workers/index.js --replace "lib/workers/db-worker" "$out_cryptpad/lib/workers/db-worker"

      # mount bower, based on the .bowerrc file at the git repo root
      cp -r ${bower}/bower_components $out_cryptpad/www/

      # cryptpad is bugged with absolute path, this is a workaround to use absolute path as relative path
      ln -s / $out_cryptpad/root

      # start script, cryptpad is lost if its working directory is not its source directory
      cat > $out/bin/cryptpad <<EOF
      #!${pkgs.stdenv.shell}
      cd $out_cryptpad
      exec ${nodejs}/bin/node server.js
      EOF

      chmod +x $out/bin/cryptpad
    '';

    dontFixup = true;
  }