Cryptpad
Collaborative office suite that is end-to-end encrypted and open-source.
Try the service in a VM
-
Install Nix
- Arch Linux
-
- Bash
-
$ pacman --sync --refresh --noconfirm curl git jq nix
- Debian
-
- Bash
-
$ apt install --yes curl git jq nix
- Ubuntu
-
- Bash
-
$ apt install --yes curl git jq nix
-
Download a configuration file
# default.nix { ngipkgs ? import (fetchTarball "https://github.com/ngi-nix/ngipkgs/tarball/main") { }, }: ngipkgs.demo-vm ( { config, ... }: { services.cryptpad = { enable = true; openPorts = true; settings = { httpPort = 9000; httpAddress = "0.0.0.0"; httpUnsafeOrigin = "http://localhost:${toString config.services.cryptpad.settings.httpPort}"; httpSafeOrigin = "http://localhost:${toString config.services.cryptpad.settings.httpPort}"; }; }; } )
-
Enable binary substituters
- Bash
-
$ export NIX_CONFIG='substituters = https://cache.nixos.org/ https://ngi.cachix.org/ trusted-public-keys = cache.nixos.org-1:6nchdd59x431o0gwypbmraurkbj16zpmqfgspcdshjy= ngi.cachix.org-1:n+cal72roc3qqulxihpv+tw5t42whxmmhpragkrsrow='
-
Build and run a virtual machine
- Arch Linux, Debian Sid/Trixie and Ubuntu 25.04
-
- Bash
-
$ nix-build ./default.nix && ./result
- Ubuntu 24.04/24.10
-
- Bash
-
$ rev=$(nix-instantiate --eval --attr sources.nixpkgs.rev https://github.com/ngi-nix/ngipkgs/archive/master.tar.gz | jq --raw-output)$ nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz --packages nix --run "nix-build ./default.nix && ./result"
- Usage Instructions Deployment for demo purposes
Options
services.cryptpad
-
Configure Nginx as a reverse proxy for Cryptpad. Note that this makes some assumptions on your setup, and sets settings that will affect other virtualHosts running on your Nginx instance, if any. Alternatively you can configure a reverse-proxy of your choice.
- Type:
boolean- Default:
false
-
Whether to enable cryptpad.
- Type:
boolean- Default:
false
-
Whether to open the port specified in
settings.httpPortin the firewall.- Type:
boolean- Default:
false
-
The cryptpad package to use.
- Type:
package- Default:
pkgs.cryptpad- Notes:
- Missing update script An update script is required for automatically tracking the latest release.
-
Cryptpad configuration settings. See https://github.com/cryptpad/cryptpad/blob/main/config/config.example.js for a more extensive reference documentation. Test your deployed instance through
https://<domain>/checkup/.- Type:
JSON value
-
List of public signing keys of users that can access the admin panel
- Type:
list of string- Default:
[ ]
-
Disable telemetry. This setting is only effective if the 'Disable server telemetry' setting in the admin menu has been untouched, and will be ignored by cryptpad once that option is set either way. Note that due to the service confinement, just enabling the option in the admin menu will not be able to resolve DNS and fail; this setting must be set as well.
- Type:
boolean- Default:
true
-
Address on which the Node.js server should listen
- Type:
string- Default:
"127.0.0.1"
-
Port on which the Node.js server should listen
- Type:
signed integer- Default:
3000
-
Cryptpad sandbox URL
- Type:
null or string
-
This is the URL that users will enter to load your instance
- Type:
string- Default:
""
-
Install method is listed in telemetry if you agree to it through the consentToContact setting in the admin panel.
- Type:
string- Default:
"nixos"
-
Controls log level
- Type:
string- Default:
"info"
-
Controls whether log output should go to stdout of the systemd service
- Type:
boolean- Default:
true
-
Number of child processes, defaults to number of cores available
- Type:
null or signed integer- Default:
null
-
Port for the websocket that needs to be separate
- Type:
signed integer- Default:
3003
services.cryptpad.configureNginx
services.cryptpad.enable
services.cryptpad.openPorts
services.cryptpad.package
services.cryptpad.settings
services.cryptpad.settings.adminKeys
services.cryptpad.settings.blockDailyCheck
services.cryptpad.settings.httpAddress
services.cryptpad.settings.httpPort
services.cryptpad.settings.httpSafeOrigin
services.cryptpad.settings.httpUnsafeOrigin
services.cryptpad.settings.installMethod
services.cryptpad.settings.logLevel
services.cryptpad.settings.logToStdout
services.cryptpad.settings.maxWorkers
services.cryptpad.settings.websocketPort
Examples
Enable Cryptpad
{ config, ... }: { services.cryptpad = { enable = true; openPorts = true; settings = { httpPort = 9000; httpAddress = "0.0.0.0"; httpUnsafeOrigin = "http://localhost:${toString config.services.cryptpad.settings.httpPort}"; httpSafeOrigin = "http://localhost:${toString config.services.cryptpad.settings.httpPort}"; }; }; }
This project is funded by NLnet through these subgrants: