mirror of https://gitlab.crans.org/nounous/nixos
152 lines
5.8 KiB
Nix
152 lines
5.8 KiB
Nix
{ lib, config, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.services.belenios;
|
|
|
|
configFile = lib.writeText "beleniosserver.conf" cfg.config;
|
|
|
|
inherit (lib) mkEnableOption mkPackageOption mkOption mkIf;
|
|
in
|
|
{
|
|
options.services.belenios = {
|
|
enable = mkEnableOption "Whether to enable the Belenios Web server.";
|
|
|
|
package = mkPackageOption pkgs "belenios";
|
|
|
|
config = mkOption {
|
|
types = lib.types.str;
|
|
description = ''
|
|
The Belenios Web server configuration.
|
|
See
|
|
<https://gitlab.inria.fr/belenios/belenios/-/blob/stable/doc/web.md>
|
|
for documentation.
|
|
'';
|
|
example = ''
|
|
<!-- -*- Mode: Xml -*- -->
|
|
<ocsigen>
|
|
|
|
<server>
|
|
|
|
<port>127.0.0.1:8001</port>
|
|
|
|
<mimefile>_SHAREDIR_/mime.types</mimefile>
|
|
|
|
<logdir>_VARDIR_/log</logdir>
|
|
<datadir>_VARDIR_/lib</datadir>
|
|
|
|
<uploaddir>_VARDIR_/upload</uploaddir>
|
|
|
|
<!--
|
|
The following limits are there to avoid flooding the server.
|
|
<maxuploadfilesize> might need to be increased for handling large
|
|
elections.
|
|
<maxconnected> is related to the number of simultaneous voters
|
|
visiting the server.
|
|
-->
|
|
<maxuploadfilesize>5120kB</maxuploadfilesize>
|
|
<maxconnected>500</maxconnected>
|
|
|
|
<commandpipe>_RUNDIR_/ocsigenserver_command</commandpipe>
|
|
|
|
<charset>utf-8</charset>
|
|
|
|
<extension name="staticmod"/>
|
|
<extension name="redirectmod"/>
|
|
|
|
<extension name="ocsipersist">
|
|
<database file="_VARDIR_/lib/ocsidb"/>
|
|
</extension>
|
|
|
|
<extension name="eliom"/>
|
|
|
|
<host charset="utf-8" hostfilter="*" defaulthostname="localhost">
|
|
<!-- <redirect suburl="^$" dest="http://www.example.org"/> -->
|
|
<site path="static" charset="utf-8">
|
|
<static dir="_SHAREDIR_/static" cache="0"/>
|
|
</site>
|
|
<eliom name="belenios">
|
|
<public-url prefix="http://127.0.0.1:8001"/>
|
|
<!-- Domain name used in Message-ID -->
|
|
<domain name="belenios.example.org"/>
|
|
<!--
|
|
The following can be adjusted to the capacity of your system.
|
|
If <maxrequestbodysizeinmemory> is too small, large elections
|
|
might fail, in particular with so-called alternative questions
|
|
with many voters.
|
|
<maxmailsatonce> depends heavily on how sending emails is
|
|
handled by your system.
|
|
-->
|
|
<maxrequestbodysizeinmemory value="1048576"/>
|
|
<maxmailsatonce value="1000"/>
|
|
<tos uri="http://www.example.org/terms-of-service.html"/>
|
|
<!-- <contact uri="mailto:contact@example.org"/> -->
|
|
<server mail="noreply@example.org" return-path="bounces@example.org" name="Belenios public server"/>
|
|
<auth-export name="builtin-password"/>
|
|
<auth-export name="builtin-cas"/>
|
|
<auth-export name="demo"><dummy/></auth-export> <!-- DEMO -->
|
|
<auth-export name="email"><email/></auth-export> <!-- DEMO -->
|
|
<auth name="demo"><dummy allowlist="demo_allowlist"/></auth> <!-- DEMO -->
|
|
<auth name="local"><password db="local_passwords"/></auth> <!-- DEMO -->
|
|
<auth name="public"><password db="public_passwords" allowsignups="true"/></auth>
|
|
<auth name="email"><email/></auth> <!-- DEMO -->
|
|
<auth name="captcha"><email use_captcha="true"/></auth> <!-- DEMO -->
|
|
<!-- <auth name="google"><oidc server="https://accounts.google.com" client_id="client-id" client_secret="client-secret"/></auth> -->
|
|
<source file="_SHAREDIR_/belenios.tar.gz"/>
|
|
<logo file="_SHAREDIR_/static/placeholder.png" mime-type="image/png"/>
|
|
<favicon file="_VARDIR_/favicon.ico" mime-type="image/png"/>
|
|
<sealing file="demo/sealing.txt" mime-type="text/plain"/>
|
|
<default-group group="Ed25519"/>
|
|
<nh-group group="Ed25519"/>
|
|
<share dir="_SHAREDIR_"/>
|
|
<storage backend="filesystem">
|
|
<uuid length="14"/>
|
|
<spool dir="_VARDIR_/spool"/>
|
|
<accounts dir="_VARDIR_/accounts"/>
|
|
<map from="demo_allowlist" to="demo/dummy_logins.txt"/>
|
|
<map from="local_passwords" to="demo/password_db.csv"/>
|
|
<map from="public_passwords" to="_VARDIR_/password_db.csv"/>
|
|
</storage>
|
|
<admin-home file="_VARDIR_/admin-home.html"/>
|
|
<success-snippet file="_VARDIR_/success-snippet.html"/>
|
|
<warning file="_VARDIR_/warning.html"/>
|
|
<footer file="_VARDIR_/footer.html"/>
|
|
<!-- <deny-newelection/> -->
|
|
<!--
|
|
Uncomment the following line to disable revoting. Note that
|
|
the ability to revote is important as a (light) measure
|
|
against coercion.
|
|
-->
|
|
<!-- <deny-revote/> -->
|
|
</eliom>
|
|
</host>
|
|
|
|
</server>
|
|
|
|
</ocsigen>
|
|
'';
|
|
#
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
users.users.belenios = {
|
|
description = "Belenios Web server service user";
|
|
isSystemUser = true;
|
|
group = "belenios";
|
|
};
|
|
users.groups.belenios = { };
|
|
|
|
systemd.services.belenios = {
|
|
description = "Belenios Web server service";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
|
|
serviceConfig = {
|
|
ExecStart = "${cfg.package}/bin/belenios-server -c ${configFile}";
|
|
Restart = "always";
|
|
User = "belenios";
|
|
};
|
|
};
|
|
};
|
|
}
|