diff --git a/manifests/swh/deploy/webapp.pp b/manifests/swh/deploy/webapp.pp
index a8c4166..12ed794 100644
--- a/manifests/swh/deploy/webapp.pp
+++ b/manifests/swh/deploy/webapp.pp
@@ -1,3 +1,70 @@
 # WebApp deployment
 class profile::swh::deploy::webapp {
+  $conf_directory = hiera('swh::deploy::webapp::conf_directory')
+  $conf_file = hiera('swh::deploy::webapp::conf_file')
+  $user = hiera('swh::deploy::webapp::user')
+  $group = hiera('swh::deploy::webapp::group')
+
+  $conf_storage_class = hiera('swh::deploy::webapp::conf::storage_class')
+  $conf_storage_args = hiera('swh::deploy::webapp::conf::storage_args')
+  $conf_log_dir = hiera('swh::deploy::webapp::conf::log_dir')
+  $conf_secret_key = hiera('swh::deploy::webapp::conf::secret_key')
+
+  $uwsgi_listen_address = hiera('swh::deploy::webapp::uwsgi::listen')
+  $uwsgi_protocol = hiera('swh::deploy::webapp::uwsgi::protocol')
+  $uwsgi_workers = hiera('swh::deploy::webapp::uwsgi::workers')
+  $uwsgi_max_requests = hiera('swh::deploy::webapp::uwsgi::max_requests')
+  $uwsgi_max_requests_delta = hiera('swh::deploy::webapp::uwsgi::max_requests_delta')
+  $uwsgi_reload_mercy = hiera('swh::deploy::webapp::uwsgi::reload_mercy')
+
+  $swh_packages = ['python3-swh.web.ui']
+
+  $vhost_name = hiera('swh::deploy::webapp::vhost::name')
+  $vhost_docroot = hiera('swh::deploy::webapp::vhost::docroot')
+  $vhost_ssl_protocol = hiera('swh::deploy::webapp::vhost::ssl_protocol')
+  $vhost_ssl_honorcipherorder = hiera('swh::deploy::webapp::vhost::ssl_honorcipherorder')
+  $vhost_ssl_cipher = hiera('swh::deploy::webapp::vhost::ssl_cipher')
+
+  include ::uwsgi
+
+  package {$swh_packages:
+    ensure  => latest,
+    require => Apt::Source['softwareheritage'],
+    notify  => Service['uwsgi'],
+  }
+
+  file {[$conf_directory, $conf_log_dir]:
+    ensure => directory,
+    owner  => 'root',
+    group  => $group,
+    mode   => '0750',
+  }
+
+  file {$conf_file:
+    ensure  => present,
+    owner   => 'root',
+    group   => $group,
+    mode    => '0640',
+    content => template('profile/swh/deploy/webapp/webapp.ini.erb'),
+    notify  => Service['uwsgi'],
+  }
+
+  ::uwsgi::site {'swh-webapp':
+    ensure   => enabled,
+    settings => {
+      plugin              => 'python3',
+      protocol            => $uwsgi_protocol,
+      socket              => $uwsgi_listen_address,
+      workers             => $uwsgi_workers,
+      max_requests        => $uwsgi_max_requests,
+      max_requests_delta  => $uwsgi_max_requests_delta,
+      worker_reload_mercy => $uwsgi_reload_mercy,
+      reload_mercy        => $uwsgi_reload_mercy,
+      uid                 => $user,
+      gid                 => $user,
+      umask               => '022',
+      module              => 'swh.web.ui.main',
+      callable            => 'run_from_webserver',
+    }
+  }
 }
diff --git a/templates/swh/deploy/webapp/webapp.ini.erb b/templates/swh/deploy/webapp/webapp.ini.erb
new file mode 100644
index 0000000..2018cf4
--- /dev/null
+++ b/templates/swh/deploy/webapp/webapp.ini.erb
@@ -0,0 +1,8 @@
+# Software Heritage Web App configuration file
+# File managed by puppet - modifications will be overwritten
+
+[main]
+storage_class = <%= @conf_storage_class %>
+storage_args = <%= @conf_storage_args %>
+log_dir = <%= @conf_log_dir %>
+secret_key = <%= @conf_secret_key %>