From ab91420bb64c8b0edde838cc3073ef8f361162ae Mon Sep 17 00:00:00 2001
From: jaseg <code@jaseg.net>
Date: Mon, 6 Dec 2021 19:10:15 +0100
Subject: Add vcdrender app

---
 nginx.conf                 | 40 +++++++++++++++++++++++++++++
 setup_vcd_render.yml       | 64 ++++++++++++++++++++++++++++++++++++++++++++++
 setup_webserver.yml        |  2 ++
 tmpfiles-vcdrender.conf.j2 |  1 +
 uwsgi-vcdrender.ini        | 10 ++++++++
 vcdrender.cfg.j2           |  2 ++
 6 files changed, 119 insertions(+)
 create mode 100644 setup_vcd_render.yml
 create mode 100644 tmpfiles-vcdrender.conf.j2
 create mode 100644 uwsgi-vcdrender.ini
 create mode 100644 vcdrender.cfg.j2

diff --git a/nginx.conf b/nginx.conf
index f14f370..cbae89b 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -344,6 +344,46 @@ http {
         }
     }
 
+    server {
+        listen       443 ssl http2;
+        listen       [::]:443 ssl http2;
+        server_name  vcdrender.jaseg.net;
+        root         /usr/share/nginx/html;
+
+        ssl_certificate "/etc/letsencrypt/live/vcdrender.jaseg.net/fullchain.pem";
+        ssl_certificate_key "/etc/letsencrypt/live/vcdrender.jaseg.net/privkey.pem";
+        ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+
+        ssl_stapling on;
+        ssl_stapling_verify on;
+
+        resolver 67.207.67.2 67.207.67.3 valid=300s;
+        resolver_timeout 10s;
+        client_max_body_size 10M;
+
+        add_header Strict-Transport-Security "max-age=86400";
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+
+        location / {
+              include uwsgi_params;
+              uwsgi_pass unix:/run/uwsgi/vcdrender.socket;
+        }
+
+        error_page 404 /404.html;
+        location = /40x.html {
+            root         /usr/share/nginx/html;
+        }
+
+        error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+            root         /usr/share/nginx/html;
+        }
+    }
+
     server {
         listen       443 ssl http2;
         listen       [::]:443 ssl http2;
diff --git a/setup_vcd_render.yml b/setup_vcd_render.yml
new file mode 100644
index 0000000..0a8ed5d
--- /dev/null
+++ b/setup_vcd_render.yml
@@ -0,0 +1,64 @@
+---
+- name: Set local facts
+  set_fact:
+    vcdrender_cache: /var/cache/vcd-render
+
+- name: Copy webapp sources
+  synchronize:
+      src: checkouts/vcd-render/
+      dest: /var/lib/vcd-render
+      delete: true
+      group: no
+      owner: no
+
+- name: Create uwsgi worker user and group
+  user:
+      name: uwsgi-vcdrender
+      create_home: no
+      group: uwsgi
+      password: '!'
+      shell: /sbin/nologin
+      system: yes
+
+- name: Template webapp config
+  template:
+    src: vcdrender.cfg.j2
+    dest: /var/lib/pogojig/pogojig_prod.cfg
+    owner: uwsgi-pogojig
+    group: root
+    mode: 0660
+
+- name: Copy uwsgi config
+  copy:
+      src: uwsgi-vcdrender.ini
+      dest: /etc/uwsgi.d/vcdrender.ini
+      owner: uwsgi-vcdrender
+      group: uwsgi
+      mode: 440
+
+- name: Enable uwsgi systemd socket
+  systemd:
+      daemon-reload: yes
+      name: uwsgi-app@vcdrender.socket
+      enabled: yes
+
+# FIXME the socket doesn't seem to work properly
+- name: Enable uwsgi systemd service
+  systemd:
+      daemon-reload: yes
+      name: uwsgi-app@vcdrender.service
+      enabled: yes
+
+- name: Copy pogojig cache dir tmpfiles.d config
+  template:
+      src: tmpfiles-vcdrender.conf.j2
+      dest: /etc/tmpfiles.d/vcdrender.conf
+      owner: root
+      group: root
+      mode: 0644
+  register: vcdrender_tmpfiles_config
+
+- name: Kick systemd tmpfiles service to create cache dir
+  command: systemd-tmpfiles --create
+  when: vcdrender_tmpfiles_config is changed
+
diff --git a/setup_webserver.yml b/setup_webserver.yml
index 552711f..3c6c868 100644
--- a/setup_webserver.yml
+++ b/setup_webserver.yml
@@ -62,12 +62,14 @@
       - blog.jaseg.net
       - blog.jaseg.de
       - kochbuch.jaseg.net
+      - kochbuch.jaseg.de
       - gerbolyze.jaseg.net
       - tracespace.jaseg.net
       - openjscad.jaseg.net
       - pogojig.jaseg.net
       - automation.jaseg.de
       - dyndns.jaseg.de
+      - vcdrender.jaseg.de
 
 - name: Copy final nginx config
   copy:
diff --git a/tmpfiles-vcdrender.conf.j2 b/tmpfiles-vcdrender.conf.j2
new file mode 100644
index 0000000..3f27dda
--- /dev/null
+++ b/tmpfiles-vcdrender.conf.j2
@@ -0,0 +1 @@
+d {{vcdrender_cache}} 770 uwsgi-vcdrender uwsgi 2d
diff --git a/uwsgi-vcdrender.ini b/uwsgi-vcdrender.ini
new file mode 100644
index 0000000..c4df516
--- /dev/null
+++ b/uwsgi-vcdrender.ini
@@ -0,0 +1,10 @@
+[uwsgi]
+master = True
+cheap = True
+die-on-idle = False
+manage-script-name = True
+plugins = python3
+chdir = /var/lib/vcd-render
+mount = /=pogojig:app
+env = VCD8SEG_SETTINGS=vcdrender_prod.cfg
+
diff --git a/vcdrender.cfg.j2 b/vcdrender.cfg.j2
new file mode 100644
index 0000000..2026606
--- /dev/null
+++ b/vcdrender.cfg.j2
@@ -0,0 +1,2 @@
+SECRET_KEY="{{lookup('password', 'vcdrender_flask_secret.txt length=32')}}"
+UPLOAD_PATH="{{pogojig_cache}}/upload"
-- 
cgit