1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
# @summary Sets up mu4web
#
# Instanciates an nginx server, and a gunicorn instance.
#
# @param package_name
# Name of system package for mu4web
# @param server_name
# Where mu4web should be made available
# TODO Will currently CNAME that domain to gandalf.adrift.space
# @param wsgi_server
# Address to use for wsgi (gunicorn) instance
# @param wsgi_port
# Port to use for wsgi (gunicorn) instance
# @param wsgi_address
# *Actuall* address used by wsgi instance. Should be possible to
# change this to a unix socket.
# @param secret_key
# Secret key for flask instance.
class profiles::mu4web (
String $package_name = 'mu4web',
String $server_name = 'mail.adrift.space',
String $wsgi_server = 'localhost',
Stdlib::Port $wsgi_port = 8095,
String $wsgi_address = "${wsgi_server}:${wsgi_port}",
Sensitive[String] $secret_key = Sensitive(extlib::cache_data('mu4web', 'mu4web_secret_key', extlib::random_password(24))),
) {
include ::nginx
include ::profiles::certificate
letsencrypt::domain { $server_name:
cert_name => $profiles::certificate::cert_name,
}
ensure_packages([$package_name])
gunicorn::instance { 'mu4web':
app => 'mu4web.main:app',
# TODO generalize this.
user => 'hugo',
group => 'nobody',
address => $wsgi_address,
}
# https://flask.palletsprojects.com/en/2.2.x/config/#instance-folders
# TODO directories
file { '/usr/var/mu4web.main-instance/settings.py':
content => epp("${module_name}/mu4web.py.epp"),
}
nginx::resource::server { $server_name:
ipv6_enable => true,
ipv6_listen_options => '',
www_root => '/',
use_default_location => false,
access_log => absent,
error_log => absent,
* => letsencrypt::conf::nginx($server_name),
}
# TODO generalize this
@@dns_record { $server_name:
key => 'mail',
value => 'gandalf',
type => 'CNAME',
zone => $facts['domain'],
}
if $facts['letsencrypt_directory'][$server_name] {
nginx::resource::location {
default:
server => $server_name,
ssl => true,
ssl_only => true,
index_files => [],
;
"${server_name} - mu4web /":
location => '/',
try_files => ['$uri', '@gunicorn',],
;
"${server_name} - mu4web @gunicorn":
location => '@gunicorn',
proxy => "http://${wsgi_address}",
}
}
}
|