diff options
Diffstat (limited to 'manifests/mu4web.pp')
| -rw-r--r-- | manifests/mu4web.pp | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/manifests/mu4web.pp b/manifests/mu4web.pp new file mode 100644 index 0000000..8ffa2fb --- /dev/null +++ b/manifests/mu4web.pp @@ -0,0 +1,79 @@ +# @summary Sets up mu4web +# +# Instanciates an nginx server, and a gunicorn instance. +# +# @param server_name +# Where mu4web should be made available +# TODO Will currently CNAME that domain to gandalf.adrift.space +# @param wsgi_server +# Address to use for wsgi (gunicorn) instance +# @param wsgi_port +# Port to use for wsgi (gunicorn) instance +# @param wsgi_address +# *Actuall* address used by wsgi instance. Should be possible to +# change this to a unix socket. +# @param secret_key +# Secret key for flask instance. +class profiles::mu4web ( + String $server_name = 'mail.adrift.space', + String $wsgi_server = 'localhost', + Stdlib::Port $wsgi_port = 8095, + String $wsgi_address = "${wsgi_server}:${wsgi_port}", + Sensitive[String] $secret_key = Sensitive(extlib::cache_data('mu4web', 'mu4web_secret_key', extlib::random_password(24))), +) { + include ::nginx + include ::profiles::certificate + + letsencrypt::domain { $server_name: + cert_name => $profiles::certificate::cert_name, + } + + ensure_packages(['mu4web']) + + gunicorn::instance { 'mu4web': + app => 'mu4web.main:app', + # TODO generalize this. + user => 'hugo', + group => 'nobody', + address => $wsgi_address, + } + + # https://flask.palletsprojects.com/en/2.2.x/config/#instance-folders + file { '/usr/var/mu4web.main-instance/settings.py': + content => epp("${module_name}/mu4web.py.epp"), + } + + nginx::resource::server { $server_name: + ipv6_enable => true, + ipv6_listen_options => '', + www_root => '/', + use_default_location => false, + access_log => absent, + error_log => absent, + * => letsencrypt::conf::nginx($server_name), + } + + # TODO generalize this + @@dns_record { $server_name: + key => $server_name, + value => 'gandalf.adrift.space', + type => 'CNAME', + zone => $facts['domain'], + } + + if $facts['letsencrypt_directory'][$server_name] { + nginx::resource::location { "${server_name} - mu4web /": + location => '/', + server => $server_name, + try_files => ['$uri', '@gunicorn',], + } + + nginx::resource::location { "${server_name} - mu4web @gunicorn": + location => '@gunicorn', + uwsgi => $wsgi_address, + # uwsgi_param => { + # 'APP_ENV' => 'local', + # } + } + } +} |