path: root/docs/cca.scfg.example

# Which URL are we accessible at? This is used to determine the redirect URL
# and some user-accessible URLs.
url http://localhost:5555

# Should we run in production mode? This causes the Secure flag to be set on
# cookies and may come with other production-related changes in the future.
prod false

listen {
	# Which protocol are we listening for? Currently only "http" is
	# supported because it is difficult to configure FastCGI to work with
	# WebSockets.
	proto http

	# Which network backend should we use? This is usually set to "tcp"
	# for plain TCP, and "unix" for UNIX domain sockets.
	net tcp

	# What is the address we should listen at? This is usually set to
	# something like ":5555" for TCP on all interfaces, and a file path for
	# UNIX domain sockets.
	addr 127.0.0.1:5555

	# Which transport should we use? Currently only "plain" and "tls" are
	# supported.
	trans plain

	# If "trans" is set to "tls", this block must be configured:
	tls {
		# Where is the file containing the TLS certificate? You should
		# use a certificate that includes the entire CA chain, which
		# should usually be called "fullchain.pem" for certificates
		# obtained from LE.
		cert /etc/letsencrypt/live/cca.runxiyu.org/fullchain.pem

		# Where is the file containing the TLS private key?
		key /etc/letsencrypt/live/cca.runxiyu.org/privkey.pem
	}
}

db {
	# What type of database should we use? Currently, only "postgres" is
	# supported.
	type postgres

	# What is the connection string to database?
	# Example: postgresql:///cca?host=/var/run/postgresql
	conn postgresql:///cca?host=/var/run/postgresql
}

auth {
	# What is our OAUTH2 client ID?
	client e8101cb5-84a3-49d7-860b-e5a75e63219a

	# What is the OAUTH 2.0 authorize endpoint?
	authorize https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/authorize

	# What is the OAUTH 2.0 token endpoint?
	token https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/token

	# What is the URL to the JSON Web Key Set?
	jwks https://login.microsoftonline.com/common/discovery/keys
	
	# How long, in seconds, should cookies last?
	expr 604800

	# Which group IDs mean which departments?
	depts {
		dc3ab000-6352-4596-9f15-771e0b17f6f1 Y12
		b006d3b8-2ab7-4038-9887-a8276f7ba8e6 Y11
		a51fb4ab-704e-4c7a-b639-b84de0516e57 Y10
		4bae8dbe-ce80-4b5e-994f-d42f0307bd13 Y9
	}

	# User department overrides
	udepts {
		fa1f6b2b-0424-41db-bda0-13962abdadf4 Staff
		a1a735c0-1ba8-4f08-b4d0-4c6f85552ac7 Staff
		34d4ee3c-6515-4e13-9679-57ccb9ca2835 Staff
	}
}

# The following block contains some tweaks for performance.
perf {
	# How many arguments' space should we initially allocate for each
	# message?
	msg_args_cap 4

	# How many bytes should we initially allocate for each argument in a
	# message?
	msg_bytes_cap 5

	# How long should we wait to complete reading HTTP headers, before we
	# time out? Note that a large value may cause the server to be
	# vulnerable to Slow Loris attacks.
	read_header_timeout 5

	# The number propagation interval per course per connection is
	# ((course count * connection count) >> usem_delay_shift_bits)
	# milliseconds. You may configure it here. A smaller value (i.e. longer
	# delay) could cause more latency in how the numbers update, but a
	# larger value (i.e. shorter delay) could cause too much lock
	# contention and degrade the system usability overall.
	usem_delay_shift_bits 5

	# Should we send a course's member count to a user as soon as they 
	# choose the course? Setting this to true may provide a better
	# user experience but would have a major performance impact.
	propagate_immediate true

	# How long should the send queue be, for messages sequentially
	# propagated through a queue, rather than usems?
	senq 10
}

# Minimum course requirements for each year group
req {
	y9 {
		sport 2
		non_sport 1
	}
	y10 {
		sport 2
		non_sport 1
	}
	y11 {
		sport 1
		non_sport 1
	}
	y12 {
		sport 1
		non_sport 1
	}
}