From 7d2176d3e1bfec2dd98a2e0348ee0c204cacaf9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Mon, 24 Apr 2023 18:34:45 +0200
Subject: Add mu4web.

---
 manifests/mu4web.pp | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 manifests/mu4web.pp

(limited to 'manifests/mu4web.pp')

diff --git a/manifests/mu4web.pp b/manifests/mu4web.pp
new file mode 100644
index 0000000..8ffa2fb
--- /dev/null
+++ b/manifests/mu4web.pp
@@ -0,0 +1,79 @@
+# @summary Sets up mu4web
+#
+# Instanciates an nginx server, and a gunicorn instance.
+#
+# @param server_name
+#   Where mu4web should be made available
+#   TODO Will currently CNAME that domain to gandalf.adrift.space
+# @param wsgi_server
+#   Address to use for wsgi (gunicorn) instance
+# @param wsgi_port
+#   Port to use for wsgi (gunicorn) instance
+# @param wsgi_address
+#   *Actuall* address used by wsgi instance. Should be possible to
+#   change this to a unix socket.
+# @param secret_key
+#   Secret key for flask instance.
+class profiles::mu4web (
+  String $server_name = 'mail.adrift.space',
+  String $wsgi_server = 'localhost',
+  Stdlib::Port $wsgi_port = 8095,
+  String $wsgi_address = "${wsgi_server}:${wsgi_port}",
+  Sensitive[String] $secret_key = Sensitive(extlib::cache_data('mu4web', 'mu4web_secret_key', extlib::random_password(24))),
+) {
+  include ::nginx
+  include ::profiles::certificate
+
+  letsencrypt::domain { $server_name:
+    cert_name => $profiles::certificate::cert_name,
+  }
+
+  ensure_packages(['mu4web'])
+
+  gunicorn::instance { 'mu4web':
+    app     => 'mu4web.main:app',
+    # TODO generalize this.
+    user    => 'hugo',
+    group   => 'nobody',
+    address => $wsgi_address,
+  }
+
+  # https://flask.palletsprojects.com/en/2.2.x/config/#instance-folders
+  file { '/usr/var/mu4web.main-instance/settings.py':
+    content => epp("${module_name}/mu4web.py.epp"),
+  }
+
+  nginx::resource::server { $server_name:
+    ipv6_enable          => true,
+    ipv6_listen_options  => '',
+    www_root             => '/',
+    use_default_location => false,
+    access_log           => absent,
+    error_log            => absent,
+    *                    => letsencrypt::conf::nginx($server_name),
+  }
+
+  # TODO generalize this
+  @@dns_record { $server_name:
+    key   => $server_name,
+    value => 'gandalf.adrift.space',
+    type  => 'CNAME',
+    zone  => $facts['domain'],
+  }
+
+  if $facts['letsencrypt_directory'][$server_name] {
+    nginx::resource::location { "${server_name} - mu4web /":
+      location  => '/',
+      server    => $server_name,
+      try_files => ['$uri', '@gunicorn',],
+    }
+
+    nginx::resource::location { "${server_name} - mu4web @gunicorn":
+      location => '@gunicorn',
+      uwsgi    => $wsgi_address,
+      # uwsgi_param => {
+      #   'APP_ENV' => 'local',
+      # }
+    }
+  }
+}
-- 
cgit v1.2.3