aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nginx.conf40
-rw-r--r--setup_vcd_render.yml64
-rw-r--r--setup_webserver.yml2
-rw-r--r--tmpfiles-vcdrender.conf.j21
-rw-r--r--uwsgi-vcdrender.ini10
-rw-r--r--vcdrender.cfg.j22
6 files changed, 119 insertions, 0 deletions
diff --git a/nginx.conf b/nginx.conf
index f14f370..cbae89b 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -347,6 +347,46 @@ http {
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
+ server_name vcdrender.jaseg.net;
+ root /usr/share/nginx/html;
+
+ ssl_certificate "/etc/letsencrypt/live/vcdrender.jaseg.net/fullchain.pem";
+ ssl_certificate_key "/etc/letsencrypt/live/vcdrender.jaseg.net/privkey.pem";
+ ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
+ include /etc/letsencrypt/options-ssl-nginx.conf;
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ resolver 67.207.67.2 67.207.67.3 valid=300s;
+ resolver_timeout 10s;
+ client_max_body_size 10M;
+
+ add_header Strict-Transport-Security "max-age=86400";
+
+ # Load configuration files for the default server block.
+ include /etc/nginx/default.d/*.conf;
+
+
+ location / {
+ include uwsgi_params;
+ uwsgi_pass unix:/run/uwsgi/vcdrender.socket;
+ }
+
+ error_page 404 /404.html;
+ location = /40x.html {
+ root /usr/share/nginx/html;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+ }
+
+ server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
server_name git.jaseg.net;
ssl_certificate "/etc/letsencrypt/live/git.jaseg.net/fullchain.pem";
diff --git a/setup_vcd_render.yml b/setup_vcd_render.yml
new file mode 100644
index 0000000..0a8ed5d
--- /dev/null
+++ b/setup_vcd_render.yml
@@ -0,0 +1,64 @@
+---
+- name: Set local facts
+ set_fact:
+ vcdrender_cache: /var/cache/vcd-render
+
+- name: Copy webapp sources
+ synchronize:
+ src: checkouts/vcd-render/
+ dest: /var/lib/vcd-render
+ delete: true
+ group: no
+ owner: no
+
+- name: Create uwsgi worker user and group
+ user:
+ name: uwsgi-vcdrender
+ create_home: no
+ group: uwsgi
+ password: '!'
+ shell: /sbin/nologin
+ system: yes
+
+- name: Template webapp config
+ template:
+ src: vcdrender.cfg.j2
+ dest: /var/lib/pogojig/pogojig_prod.cfg
+ owner: uwsgi-pogojig
+ group: root
+ mode: 0660
+
+- name: Copy uwsgi config
+ copy:
+ src: uwsgi-vcdrender.ini
+ dest: /etc/uwsgi.d/vcdrender.ini
+ owner: uwsgi-vcdrender
+ group: uwsgi
+ mode: 440
+
+- name: Enable uwsgi systemd socket
+ systemd:
+ daemon-reload: yes
+ name: uwsgi-app@vcdrender.socket
+ enabled: yes
+
+# FIXME the socket doesn't seem to work properly
+- name: Enable uwsgi systemd service
+ systemd:
+ daemon-reload: yes
+ name: uwsgi-app@vcdrender.service
+ enabled: yes
+
+- name: Copy pogojig cache dir tmpfiles.d config
+ template:
+ src: tmpfiles-vcdrender.conf.j2
+ dest: /etc/tmpfiles.d/vcdrender.conf
+ owner: root
+ group: root
+ mode: 0644
+ register: vcdrender_tmpfiles_config
+
+- name: Kick systemd tmpfiles service to create cache dir
+ command: systemd-tmpfiles --create
+ when: vcdrender_tmpfiles_config is changed
+
diff --git a/setup_webserver.yml b/setup_webserver.yml
index 552711f..3c6c868 100644
--- a/setup_webserver.yml
+++ b/setup_webserver.yml
@@ -62,12 +62,14 @@
- blog.jaseg.net
- blog.jaseg.de
- kochbuch.jaseg.net
+ - kochbuch.jaseg.de
- gerbolyze.jaseg.net
- tracespace.jaseg.net
- openjscad.jaseg.net
- pogojig.jaseg.net
- automation.jaseg.de
- dyndns.jaseg.de
+ - vcdrender.jaseg.de
- name: Copy final nginx config
copy:
diff --git a/tmpfiles-vcdrender.conf.j2 b/tmpfiles-vcdrender.conf.j2
new file mode 100644
index 0000000..3f27dda
--- /dev/null
+++ b/tmpfiles-vcdrender.conf.j2
@@ -0,0 +1 @@
+d {{vcdrender_cache}} 770 uwsgi-vcdrender uwsgi 2d
diff --git a/uwsgi-vcdrender.ini b/uwsgi-vcdrender.ini
new file mode 100644
index 0000000..c4df516
--- /dev/null
+++ b/uwsgi-vcdrender.ini
@@ -0,0 +1,10 @@
+[uwsgi]
+master = True
+cheap = True
+die-on-idle = False
+manage-script-name = True
+plugins = python3
+chdir = /var/lib/vcd-render
+mount = /=pogojig:app
+env = VCD8SEG_SETTINGS=vcdrender_prod.cfg
+
diff --git a/vcdrender.cfg.j2 b/vcdrender.cfg.j2
new file mode 100644
index 0000000..2026606
--- /dev/null
+++ b/vcdrender.cfg.j2
@@ -0,0 +1,2 @@
+SECRET_KEY="{{lookup('password', 'vcdrender_flask_secret.txt length=32')}}"
+UPLOAD_PATH="{{pogojig_cache}}/upload"