diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-04-24 18:34:45 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-04-24 18:48:56 +0200 |
| commit | 7d2176d3e1bfec2dd98a2e0348ee0c204cacaf9d (patch) | |
| tree | e563bada72782fc2cff3bc32c8ac6e5c1db4f5e3 | |
| parent | Change jenkins CNAME record. (diff) | |
| download | profiles-7d2176d3e1bfec2dd98a2e0348ee0c204cacaf9d.tar.gz profiles-7d2176d3e1bfec2dd98a2e0348ee0c204cacaf9d.tar.xz | |
Add mu4web.
| -rw-r--r-- | manifests/mu4web.pp | 79 | ||||
| -rw-r--r-- | templates/mu4web.py.epp | 17 |
2 files changed, 96 insertions, 0 deletions
diff --git a/manifests/mu4web.pp b/manifests/mu4web.pp new file mode 100644 index 0000000..8ffa2fb --- /dev/null +++ b/manifests/mu4web.pp @@ -0,0 +1,79 @@ +# @summary Sets up mu4web +# +# Instanciates an nginx server, and a gunicorn instance. +# +# @param server_name +# Where mu4web should be made available +# TODO Will currently CNAME that domain to gandalf.adrift.space +# @param wsgi_server +# Address to use for wsgi (gunicorn) instance +# @param wsgi_port +# Port to use for wsgi (gunicorn) instance +# @param wsgi_address +# *Actuall* address used by wsgi instance. Should be possible to +# change this to a unix socket. +# @param secret_key +# Secret key for flask instance. +class profiles::mu4web ( + String $server_name = 'mail.adrift.space', + String $wsgi_server = 'localhost', + Stdlib::Port $wsgi_port = 8095, + String $wsgi_address = "${wsgi_server}:${wsgi_port}", + Sensitive[String] $secret_key = Sensitive(extlib::cache_data('mu4web', 'mu4web_secret_key', extlib::random_password(24))), +) { + include ::nginx + include ::profiles::certificate + + letsencrypt::domain { $server_name: + cert_name => $profiles::certificate::cert_name, + } + + ensure_packages(['mu4web']) + + gunicorn::instance { 'mu4web': + app => 'mu4web.main:app', + # TODO generalize this. + user => 'hugo', + group => 'nobody', + address => $wsgi_address, + } + + # https://flask.palletsprojects.com/en/2.2.x/config/#instance-folders + file { '/usr/var/mu4web.main-instance/settings.py': + content => epp("${module_name}/mu4web.py.epp"), + } + + nginx::resource::server { $server_name: + ipv6_enable => true, + ipv6_listen_options => '', + www_root => '/', + use_default_location => false, + access_log => absent, + error_log => absent, + * => letsencrypt::conf::nginx($server_name), + } + + # TODO generalize this + @@dns_record { $server_name: + key => $server_name, + value => 'gandalf.adrift.space', + type => 'CNAME', + zone => $facts['domain'], + } + + if $facts['letsencrypt_directory'][$server_name] { + nginx::resource::location { "${server_name} - mu4web /": + location => '/', + server => $server_name, + try_files => ['$uri', '@gunicorn',], + } + + nginx::resource::location { "${server_name} - mu4web @gunicorn": + location => '@gunicorn', + uwsgi => $wsgi_address, + # uwsgi_param => { + # 'APP_ENV' => 'local', + # } + } + } +} diff --git a/templates/mu4web.py.epp b/templates/mu4web.py.epp new file mode 100644 index 0000000..026ce00 --- /dev/null +++ b/templates/mu4web.py.epp @@ -0,0 +1,17 @@ +DEFAULT_SORT_COLUMN = 'date' +DEFAULT_DIRECTION = 'falling' +MESSAGE_HEADERS = [ + 'from', + 'subject', + 'to', + 'cc', + 'date', + 'x-url', + 'user-agent', + 'x-spam-score', + 'x-original-to', + 'in-reply-to', + 'delivered-to', + 'message-id', +] +SECRET_KEY = "<%= $profiles::mu4web::secret_key.unwrap() %>" |