Implement version 2.0.0

* Convert to a proper flake following the example of ngi-nix/weblate (see https://github.com/ngi-nix/weblate)
* Add an integration test
* Update README
* Rename 'config' option to 'settings' to better follow RFC0042 (see https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md)

Author: michaelshmitty

Diff for: README.md

@@ -4,7 +4,7 @@ This Nix flake packages [Cryptpad](https://cryptpad.org/), a collaborative offic
 
 # Usage
 
-The primary use of this flake is deploying Cryptpad on NixOS. For that you would use the NixOS module available in `.#nixosModule`.
+With this flake you can deploy Cryptpad on NixOS. You can use the `cryptpad` module available in `.#nixosModules`.
 
 ## Using flakes
 1. Add this flake as an input
@@ -18,8 +18,6 @@ The primary use of this flake is deploying Cryptpad on NixOS. For that you would
       url = "github:nixos/nixpkgs/nixos-23.11";
     };
 
-    # Other inputs ...
-
     cryptpad = {
       url = "github:michaelshmitty/cryptpad-flake";
       inputs = {
@@ -28,42 +26,50 @@ The primary use of this flake is deploying Cryptpad on NixOS. For that you would
     };
   };
 
-  outputs = { self, nixpkgs, ... }@inputs: {
+  outputs = { self, nixpkgs, cryptpad }@inputs: {
     nixosConfigurations.myhostname = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
-      specialArgs = { inherit inputs; };
-      modules = [ ./configuration.nix ];
+      modules = [
+        ({ pkgs, ... }: {
+          nixpkgs.overlays = [ inputs.cryptpad.overlays.default ];
+        })
+        inputs.cryptpad.nixosModules.cryptpad
+        ./configuration.nix
+      ];
     };
   };
 }
 ```
 
-
-2. Now that you have the module available as an input, configuration is straightforward. See example:
+2. Now that you have the module available, configuration is straightforward. See example `configuration.nix`:
 
 ```nix
-{ inputs, ... }: {
-
-  imports = [ inputs.cryptpad.nixosModules.cryptpad ];
+{ pkgs, lib, config, ... }:
 
+{
   services.cryptpad = {
     enable = true;
     configureNginx = true;
-    config = {
+    settings = {
       httpUnsafeOrigin = "https://cryptpad.example.com";
       httpSafeOrigin = "https://cryptpad-ui.example.com";
 
       # Add this after you've signed up in your Cryptpad instance and copy your public key:
       adminKeys = [ "[[email protected]/Jil1apEPZ40j5M8nsjO1-deadbeefHkt+QExscMzKhs=]" ];
     };
   };
-
 }
 ```
 
 3. Deploy and check your Cryptpad setup at `https://<domain>/checkup`
 
-# Putting Cryptpad into Nixpkgs
+# Run tests
+This flake contains a simple integration test that will spin up a server NixOS container that will build and
+run Cryptpad and Nginx. And a client NixOS container that will test connectivity to the Cryptpad instance.
+
+Execute `nix flake check` in this repository to run the integration test.
+
+# Adding Cryptpad to nixpkgs
 
-There is [an active, open PR](https://github.com/NixOS/nixpkgs/pull/251687) to add Cryptpad back into nixpkgs. I am
-contributing to that PR as well, but I found it hard to test and iterate quickly using my NixOS flake configuration.
+There is [an active, open PR](https://github.com/NixOS/nixpkgs/pull/251687) to add Cryptpad back to nixpkgs. I am
+contributing my work on this flake into that PR.

Diff for: flake.lock

@@ -1,31 +1,87 @@
 {
   description = ''
-    CryptPad is a collaborative office suite that is end-to-end encrypted and open-source.
+    Package and module for CryptPad, a collaborative office suite that is end-to-end encrypted and open-source.
   '';
 
-  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
 
-  outputs = inputs@{ self, nixpkgs, ... }:
-    let
-      lib = nixpkgs.lib;
-
-      darwin = [ "x86_64-darwin" "aarch64-darwin" ];
-      linux = [ "x86_64-linux" "aarch64-linux" ];
-
-      forEachSystem = systems: f: lib.genAttrs systems (system: f system);
-      forAllSystems = forEachSystem (darwin ++ linux);
-    in
-    {
-      nixosModules.cryptpad = import ./modules/cryptpad self;
-      packages = forAllSystems (system:
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem
+      (system:
         let
-          pkgs = import nixpkgs {
-            inherit system;
-          };
+          pkgs = nixpkgs.legacyPackages.${system};
         in
         {
-          cryptpad = pkgs.callPackage ./pkgs/cryptpad { };
-          default = self.packages.${system}.cryptpad;
-        });
+          packages = {
+            default = self.packages.${system}.cryptpad;
+
+            cryptpad = pkgs.buildNpmPackage rec {
+              pname = "cryptpad";
+              version = "5.6.0";
+
+              src = pkgs.fetchFromGitHub {
+                owner = "cryptpad";
+                repo = "cryptpad";
+                rev = version;
+                hash = "sha256-A3tkXt4eAeg1lobCliGd2PghpkFG5CNYWnquGESx/zo=";
+              };
+
+              npmDepsHash = "sha256-tQUsI5Oz3rkAlxJ1LpolJNqZfKUGKUYSgtuCTzHRcW4=";
+
+              makeCacheWritable = true;
+
+              dontNpmInstall = true;
+
+              installPhase = ''
+                out_cryptpad="$out/lib/node_modules/cryptpad"
+
+                mkdir -p "$out_cryptpad"
+                cp -r . "$out_cryptpad"
+
+                # Cryptpad runs in its source directory. This wrappers enables keeping the Cryptpad source code
+                # in the nix store while still having writeable paths for storing state.
+                # The 'customize' directory maintains customizations, so don't link it if it is a directory.
+                makeWrapper ${pkgs.nodejs}/bin/node $out/bin/cryptpad \
+                  --add-flags "$out_cryptpad/server.js" \
+                  --run "for d in customize.dist lib www; do ln -sf $out_cryptpad/\$d .; done" \
+                  --run "if ! [ -e customize ] || [ -L customize ]; then ln -sf $out_cryptpad/customize .; fi"
+
+                # Cryptpad also expects www/components to link to node_modules
+                ln -s ../node_modules "$out_cryptpad/www/components"
+              '';
+
+              meta = with pkgs.lib; {
+                description = "A collaborative office suite that is end-to-end encrypted and open-source";
+                homepage = "https://cryptpad.org/";
+                license = licenses.agpl3Only;
+                maintainers = with maintainers; [ michaelshmitty ];
+              };
+            };
+          };
+
+          checks = {
+            integrationTest =
+              let
+                # Evaluate nixpkgs again because pkgs doesn't contain the cryptpad package and module.
+                pkgsCryptpad = import nixpkgs {
+                  inherit system;
+                  overlays = [ self.overlays.default ];
+                };
+              in
+              pkgsCryptpad.nixosTest (import ./integration-test.nix {
+                inherit nixpkgs;
+                cryptpadModule = self.nixosModules.cryptpad;
+              });
+            package = self.packages.${system}.cryptpad;
+          };
+        }) // {
+      nixosModules.cryptpad = import ./module.nix;
+
+      overlays.default = final: prev: {
+        inherit (self.packages.${prev.system}) cryptpad;
+      };
     };
 }

Diff for: flake.nix

@@ -0,0 +1,62 @@
+{ nixpkgs, cryptpadModule }:
+{ pkgs, ... }:
+let
+  certs = import "${nixpkgs}/nixos/tests/common/acme/server/snakeoil-certs.nix";
+  serverDomain = certs.domain;
+in
+{
+  name = "cryptpad";
+  meta.maintainers = with pkgs.lib.maintainers; [ michaelshmitty ];
+
+  nodes.server = { config, pkgs, lib, ... }: {
+    virtualisation.memorySize = 4096;
+
+    imports = [ cryptpadModule ];
+
+    services.cryptpad = {
+      enable = true;
+      configureNginx = false;
+      settings = {
+        httpUnsafeOrigin = "https://${serverDomain}";
+        httpSafeOrigin = "https://${serverDomain}";
+      };
+    };
+
+    services.nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+
+      virtualHosts."${serverDomain}" = {
+        enableACME = false;
+        forceSSL = true;
+        sslCertificate = certs."${serverDomain}".cert;
+        sslCertificateKey = certs."${serverDomain}".key;
+
+        locations."/" = {
+          proxyPass = "http://localhost:3000";
+          proxyWebsockets = true;
+          extraConfig = ''
+            client_max_body_size 150m;
+            add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+          '';
+        };
+      };
+    };
+
+    security.pki.certificateFiles = [ certs.ca.cert ];
+
+    networking.hosts."::1" = [ "${serverDomain}" ];
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+  };
+
+  nodes.client = { pkgs, nodes, ... }: {
+    networking.hosts."${nodes.server.networking.primaryIPAddress}" = [ "${serverDomain}" ];
+    security.pki.certificateFiles = [ certs.ca.cert ];
+  };
+
+  testScript = ''
+    server.wait_for_unit("cryptpad.service")
+    client.wait_for_unit("multi-user.target")
+    client.wait_until_succeeds("curl --fail https://${serverDomain}/")
+  '';
+}