Add vcdrender app

nginx.conf

@@ -344,6 +344,46 @@ http {
         }
     }
 
+    server {
+        listen       443 ssl http2;
+        listen       [::]:443 ssl http2;
+        server_name  vcdrender.jaseg.net;
+        root         /usr/share/nginx/html;
+
+        ssl_certificate "/etc/letsencrypt/live/vcdrender.jaseg.net/fullchain.pem";
+        ssl_certificate_key "/etc/letsencrypt/live/vcdrender.jaseg.net/privkey.pem";
+        ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+
+        ssl_stapling on;
+        ssl_stapling_verify on;
+
+        resolver 67.207.67.2 67.207.67.3 valid=300s;
+        resolver_timeout 10s;
+        client_max_body_size 10M;
+
+        add_header Strict-Transport-Security "max-age=86400";
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+
+        location / {
+              include uwsgi_params;
+              uwsgi_pass unix:/run/uwsgi/vcdrender.socket;
+        }
+
+        error_page 404 /404.html;
+        location = /40x.html {
+            root         /usr/share/nginx/html;
+        }
+
+        error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+            root         /usr/share/nginx/html;
+        }
+    }
+
     server {
         listen       443 ssl http2;
         listen       [::]:443 ssl http2;

setup_vcd_render.yml

@@ -0,0 +1,64 @@
+---
+- name: Set local facts
+  set_fact:
+    vcdrender_cache: /var/cache/vcd-render
+
+- name: Copy webapp sources
+  synchronize:
+      src: checkouts/vcd-render/
+      dest: /var/lib/vcd-render
+      delete: true
+      group: no
+      owner: no
+
+- name: Create uwsgi worker user and group
+  user:
+      name: uwsgi-vcdrender
+      create_home: no
+      group: uwsgi
+      password: '!'
+      shell: /sbin/nologin
+      system: yes
+
+- name: Template webapp config
+  template:
+    src: vcdrender.cfg.j2
+    dest: /var/lib/pogojig/pogojig_prod.cfg
+    owner: uwsgi-pogojig
+    group: root
+    mode: 0660
+
+- name: Copy uwsgi config
+  copy:
+      src: uwsgi-vcdrender.ini
+      dest: /etc/uwsgi.d/vcdrender.ini
+      owner: uwsgi-vcdrender
+      group: uwsgi
+      mode: 440
+
+- name: Enable uwsgi systemd socket
+  systemd:
+      daemon-reload: yes
+      name: uwsgi-app@vcdrender.socket
+      enabled: yes
+
+# FIXME the socket doesn't seem to work properly
+- name: Enable uwsgi systemd service
+  systemd:
+      daemon-reload: yes
+      name: uwsgi-app@vcdrender.service
+      enabled: yes
+
+- name: Copy pogojig cache dir tmpfiles.d config
+  template:
+      src: tmpfiles-vcdrender.conf.j2
+      dest: /etc/tmpfiles.d/vcdrender.conf
+      owner: root
+      group: root
+      mode: 0644
+  register: vcdrender_tmpfiles_config
+
+- name: Kick systemd tmpfiles service to create cache dir
+  command: systemd-tmpfiles --create
+  when: vcdrender_tmpfiles_config is changed
+

setup_webserver.yml

@@ -62,12 +62,14 @@
       - blog.jaseg.net
       - blog.jaseg.de
       - kochbuch.jaseg.net
+      - kochbuch.jaseg.de
       - gerbolyze.jaseg.net
       - tracespace.jaseg.net
       - openjscad.jaseg.net
       - pogojig.jaseg.net
       - automation.jaseg.de
       - dyndns.jaseg.de
+      - vcdrender.jaseg.de
 
 - name: Copy final nginx config
   copy:

tmpfiles-vcdrender.conf.j2

@@ -0,0 +1 @@
+d {{vcdrender_cache}} 770 uwsgi-vcdrender uwsgi 2d

uwsgi-vcdrender.ini

@@ -0,0 +1,10 @@
+[uwsgi]
+master = True
+cheap = True
+die-on-idle = False
+manage-script-name = True
+plugins = python3
+chdir = /var/lib/vcd-render
+mount = /=pogojig:app
+env = VCD8SEG_SETTINGS=vcdrender_prod.cfg
+

vcdrender.cfg.j2

@@ -0,0 +1,2 @@
+SECRET_KEY="{{lookup('password', 'vcdrender_flask_secret.txt length=32')}}"
+UPLOAD_PATH="{{pogojig_cache}}/upload"