Cryptpad
Collaborative office suite that is end-to-end encrypted and open-source.
This project is funded by NLnet through these subgrants:
- Cryptpad
- CryptPad-Auth
- Cryptpad-Directory
- CryptPad-Blueprints
- Cryptpad-Communities
- CryptPad-QA
- CryptPad-WCAG
- CryptPadForms
Options
- services.cryptpad.configureNginx
-
Configure Nginx as a reverse proxy for Cryptpad. Note that this makes some assumptions on your setup, and sets settings that will affect other virtualHosts running on your Nginx instance, if any. Alternatively you can configure a reverse-proxy of your choice.
- Type:
boolean- Default:
false
- services.cryptpad.enable
-
Whether to enable cryptpad.
- Type:
boolean- Default:
false
- services.cryptpad.package
-
The cryptpad package to use.
- Type:
package- Default:
pkgs.cryptpad
- services.cryptpad.settings
-
Cryptpad configuration settings. See https://github.com/cryptpad/cryptpad/blob/main/config/config.example.js for a more extensive reference documentation. Test your deployed instance through
https://<domain>/checkup/.- Type:
JSON value
- services.cryptpad.settings.adminKeys
-
List of public signing keys of users that can access the admin panel
- Type:
list of string- Default:
[ ]
- services.cryptpad.settings.blockDailyCheck
-
Disable telemetry. This setting is only effective if the 'Disable server telemetry' setting in the admin menu has been untouched, and will be ignored by cryptpad once that option is set either way. Note that due to the service confinement, just enabling the option in the admin menu will not be able to resolve DNS and fail; this setting must be set as well.
- Type:
boolean- Default:
true
- services.cryptpad.settings.httpAddress
-
Address on which the Node.js server should listen
- Type:
string- Default:
"127.0.0.1"
- services.cryptpad.settings.httpPort
-
Port on which the Node.js server should listen
- Type:
signed integer- Default:
3000
- services.cryptpad.settings.httpSafeOrigin
-
Cryptpad sandbox URL
- Type:
null or string
- services.cryptpad.settings.httpUnsafeOrigin
-
This is the URL that users will enter to load your instance
- Type:
string- Default:
""
- services.cryptpad.settings.installMethod
-
Install method is listed in telemetry if you agree to it through the consentToContact setting in the admin panel.
- Type:
string- Default:
"nixos"
- services.cryptpad.settings.logLevel
-
Controls log level
- Type:
string- Default:
"info"
- services.cryptpad.settings.logToStdout
-
Controls whether log output should go to stdout of the systemd service
- Type:
boolean- Default:
true
- services.cryptpad.settings.maxWorkers
-
Number of child processes, defaults to number of cores available
- Type:
null or signed integer- Default:
null
- services.cryptpad.settings.websocketPort
-
Port for the websocket that needs to be separate
- Type:
signed integer- Default:
3003
Examples
-
Run a basic Cryptpad instance
{ ... }: let servicePort = 9000; domainName = "localhost:${toString servicePort}"; in { services.cryptpad = { enable = true; settings = { httpPort = servicePort; httpUnsafeOrigin = "http://${domainName}"; httpSafeOrigin = "http://${domainName}"; }; }; networking.firewall.allowedTCPPorts = [ servicePort ]; networking.firewall.allowedUDPPorts = [ servicePort ]; }