Starting belenios configuration

flake.nix

@@ -45,6 +45,11 @@
               modules = [ ./hosts/vm/apprentix ] ++ baseModules;
             };
             
+            belenios = nixosSystem {
+              specialArgs = inputs;
+              modules = [ ./hosts/vm/belenios ] ++ baseModules;
+            };
+            
             collabora = nixosSystem {
               specialArgs = inputs;
               modules = [ ./hosts/vm/collabora ] ++ baseModules;
@@ -99,6 +104,7 @@
               specialArgs = inputs;
               modules = [ ./hosts/vm/vaultwarden ] ++ baseModules;
             };
+
             cransIso = nixosSystem {
               system = "x86_64-linux";
               specialArgs = inputs;

hosts/vm/belenios/belenios.nix

@@ -0,0 +1,4 @@
+{ ... }:
+
+{
+}

hosts/vm/belenios/default.nix

@@ -0,0 +1,24 @@
+{ ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./belenios.nix
+  ];
+
+  networking.hostName = "belenios";
+  boot.loader.grub.devices = [ "/dev/sda" ];
+
+  crans = {
+    enable = true;
+
+    networking = {
+      id = 111;
+      srvNat.enable = true;
+    };
+
+    resticClient.when = "03:27";
+  };
+
+  system.stateVersion = "25.11";
+}

hosts/vm/belenios/hardware-configuration.nix

@@ -0,0 +1,45 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/9fed1492-e7b2-4ec2-a5f4-8825bf8e89a0";
+    fsType = "ext4";
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens19.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

pkgs/belenios/COPYING

@@ -0,0 +1,20 @@
+Copyright (c) 2003-2026 Eelco Dolstra and the Nixpkgs/NixOS contributors
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

pkgs/belenios/default.nix

@@ -0,0 +1,110 @@
+{
+  buildNpmPackage,
+  fetchFromGitLab,
+  importNpmLock,
+  lib,
+  libsodium,
+  makeWrapper,
+  nodePackages,
+  ocaml-ng,
+}:
+
+let
+  ocamlPackages = ocaml-ng.ocamlPackages_4_14;
+in
+
+ocamlPackages.buildDunePackage rec {
+  pname = "belenios";
+  version = "3.0";
+
+  # solves warnings 'patchelf: wrong ELF type'
+  dontFixup = true;
+
+  src = fetchFromGitLab {
+    domain = "gitlab.inria.fr";
+    owner = "belenios";
+    repo = "belenios";
+    rev = version;
+    hash = "sha256-paTkzWB2QiBfFnGfiMkTIHdKeg37PTGbMu25JLJc38U=";
+  };
+
+  nativeBuildInputs =
+    [
+      libsodium
+      nodePackages.nodejs
+    ]
+    ++ (with ocamlPackages; [
+      atdgen
+      js_of_ocaml
+      menhir
+      ocaml_gettext
+    ]);
+
+  buildInputs =
+    [ makeWrapper ]
+    ++ (with ocamlPackages; [
+      atdgen
+      calendar
+      cmdliner
+      csv
+      cohttp-lwt-unix
+      cryptokit
+      eliom
+      gettext-camomile
+      hex
+      js_of_ocaml
+      js_of_ocaml-lwt
+      js_of_ocaml-ppx
+      js_of_ocaml-tyxml
+      ocamlnet
+      ocsipersist-sqlite-config
+      sodium
+      xml-light
+      yojson
+    ]);
+
+  frontend = buildNpmPackage {
+    pname = "belenios-frontend";
+    inherit version;
+    src = "${src}/frontend";
+    npmFlags = [ "--include=dev" ];
+    npmDeps = importNpmLock {
+      npmRoot = "${src}/frontend";
+      packageLock = lib.importJSON ./package-lock.json;
+    };
+    inherit (importNpmLock) npmConfigHook;
+    dontBuild = true;
+  };
+
+  buildPhase = ''
+    dune build --release
+    pushd frontend
+    ln -s ${frontend}/lib/node_modules/belenios-responsive-booth/node_modules .
+    (cd booth && npx webpack --config webpack.config.js --mode production)
+    export NODE_PATH="$PWD/node_modules"
+    node ./bundle-css.js ../src/web/static/responsive_site.css > site.bundle.css
+    node ./bundle-css.js booth/app.css > booth/app.bundle.css
+    popd
+  '';
+
+  installPhase = ''
+    dune install --prefix $out
+    pushd frontend
+    DEST=$out/share/belenios-server
+    mkdir -p $DEST/static/frontend/{booth,translations}
+    cp *.bundle.css "$DEST/static"
+    cp -r booth/dist/bundle.js booth/app.bundle.css "$DEST/static/frontend/booth/"
+    cp -r booth/vote.html "$DEST/apps/"
+    cp -r translations/* "$DEST/static/frontend/translations/"
+    popd
+  '';
+
+  meta = {
+    description = "Verifiable online voting system";
+    homepage = "https://www.belenios.org/";
+    changelog = "https://gitlab.inria.fr/belenios/belenios/-/blob/${src.rev}/CHANGES.md";
+    license = lib.licenses.agpl3Plus;
+    # maintainers = with lib.maintainers; [ kiara ];
+    mainProgram = "belenios";
+  };
+}

pkgs/belenios/services.nix

@@ -0,0 +1,12 @@
+{ lib, config, ... }:
+
+let
+  cfg = config.belenios;
+
+  inherit (lib) mkEnableOption mkIf;
+in
+{
+  options.belenios = {
+    enable = mkEnableOption "Whether to enable Belenios Web server";
+  };
+}

pkgs/default.nix

@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  imports =
+    [
+      ./services.nix
+    ];
+
+  # Import local packages
+  nixpkgs.overlays = [
+    (final: prev: {
+      local = import ./pkgs.nix { pkgs = final; };
+    })
+  ];
+}

pkgs/packages.nix

@@ -0,0 +1,5 @@
+{ pkgs ? import <nixpkgs> { } }:
+
+{
+  belenios = pkgs.callPackage ./belenios {};
+}

pkgs/services.nix

@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  imports =
+    [
+      ./belenios/services.nix
+    ];
+}