nixos/hosts/vm/belenios/belenios.nix

{ ... }:

let
  domain = "belenios.crans.org";
  email.from = "root@crans.org";
  email.contact = "contact@crans.org";
  cas.name = "CAS Cr@ns";
  cas.server = "https://cas.crans.org/";
in
{
  services.belenios = {
    enable = true;
    config = ''
      <!-- -*- Mode: Xml -*- -->
      <ocsigen>

        <server>

          <port>8001</port>

          <logdir>/var/log/belenios</logdir>
          <datadir>/var/lib/belenios/data</datadir>

          <uploaddir>/var/lib/belenios/upload</uploaddir>

          <!--
            The following limits are there to avoid flooding the server.
            <maxuploadfilesize> might need to be increased for handling large
            elections.
            <maxconnected> is related to the number of simultaneous voters
            visiting the server.
          -->
          <maxuploadfilesize>1024kB</maxuploadfilesize>
          <maxconnected>500</maxconnected>

          <commandpipe>/var/run/ocsigenserver_command</commandpipe>

          <charset>utf-8</charset>

          <findlib path="/usr/lib/ocaml"/>

          <extension findlib-package="ocsigenserver.ext.staticmod"/>
          <extension findlib-package="ocsigenserver.ext.redirectmod"/>

          <extension findlib-package="ocsigenserver.ext.ocsipersist-sqlite">
            <database file="/var/lib/belenios/data/ocsidb"/>
          </extension>

          <extension findlib-package="eliom.server"/>
          <extension findlib-package="belenios-platform-native"/>

          <host charset="utf-8" hostfilter="*" defaulthostname="${domain}">
            <!-- <redirect suburl="^$" dest="http://www.example.org"/> -->
            <site path="static" charset="utf-8">
              <static dir="/usr/share/belenios-server" cache="0"/>
            </site>
            <site path="monitor">
              <eliom findlib-package="eliom.server.monitor.start"/>
            </site>
            <eliom findlib-package="belenios-server">
              <!-- Domain name used in Message-ID -->
              <domain name="https://${domain}/"/>
              <!--
                The following can be adjusted to the capacity of your system.
                If <maxrequestbodysizeinmemory> is too small, large elections
                might fail, in particular with so-called alternative questions
                with many voters.
                <maxmailsatonce> depends heavily on how sending emails is
                handled by your system.
              -->
              <maxrequestbodysizeinmemory value="1048576"/>
              <maxmailsatonce value="1000"/>
              <uuid length="14"/>
              <gdpr uri="https://www.belenios.org/rgpd.html"/>
              <contact uri="mailto:${email.contact}"/>
              <server mail="${email.from}" return-path="${email.contact}"/>
              <auth-export name="builtin-cas"/>
              <auth-export name="builtin-password"/>
              <auth name="${cas.name}"><cas server="${cas.server}"/></auth>
              <source file="/usr/share/belenios-server/belenios.tar.gz"/>
              <default-group file="/usr/share/belenios-server/groups/default.json"/>
              <nh-group file="/usr/share/belenios-server/groups/rfc3526-2048.json"/>
              <log file="/var/log/belenios/security.log"/>
              <locales dir="/usr/share/belenios-server/locales"/>
              <spool dir="/var/lib/belenios/spool"/>
              <!-- <warning file="/var/local/belenios/belenios/_run/warning.html"/> -->
            </eliom>
          </host>

        </server>

      </ocsigen>
    '';
  };
}