diff --git a/data/hostname/webapp.internal.staging.swh.network.yaml b/data/hostname/webapp.internal.staging.swh.network.yaml
index 1845a413..e2e8bda8 100644
--- a/data/hostname/webapp.internal.staging.swh.network.yaml
+++ b/data/hostname/webapp.internal.staging.swh.network.yaml
@@ -1,23 +1,57 @@
 networks:
   default:
     interface: eth0
     address: 192.168.128.8
     netmask: 255.255.255.0
     gateway: 192.168.128.1
 
 hitch::frontend: "[*]:443"
 hitch::proxy_support: true
 
 varnish::http_port: 80
 apache::http_port: 9080
 
 # Disable default vhost on port 80
 apache::default_vhost: false
 
 swh::deploy::webapp::vhost::name: webapp.staging.swh.network
 swh::deploy::webapp::vhost::aliases:
   - webapp.staging.softwareheritage.org
 
 swh::deploy::webapp::config::allowed_hosts:
   - webapp.staging.swh.network
   - webapp.staging.softwareheritage.org
+
+
+swh::deploy::webapp::backend::workers: 16
+swh::deploy::webapp::backend::http_keepalive: 5
+swh::deploy::webapp::backend::http_timeout: 3600
+swh::deploy::webapp::backend::reload_mercy: 3600
+
+# in private data:
+# deposit_basic_auth_swhworker_username
+# deposit_basic_auth_swhworker_password
+swh::deploy::webapp::config:
+  storage: "%{alias('swh::remote_service::storage::config')}"
+  vault: "%{alias('swh::remote_service::vault::config::writable')}"
+  indexer_storage: "%{alias('swh::remote_service::indexer::config')}"
+  scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}"
+  log_dir: "%{hiera('swh::deploy::webapp::conf::log_dir')}"
+  secret_key: "%{hiera('swh::deploy::webapp::conf::secret_key')}"
+  content_display_max_size: 1048576
+  throttling:
+    cache_uri: "%{hiera('memcached::server::bind')}:%{hiera('memcached::server::port')}"
+    scopes:
+      swh_api:
+        limiter_rate:
+          default: 120/h
+        exempted_networks:
+          - 127.0.0.0/8
+          - 192.168.100.0/23
+          - 129.168.128.0/24
+  allowed_hosts: "%{alias('swh::deploy::webapp::config::allowed_hosts')}"
+  production_db: "%{hiera('swh::deploy::webapp::production_db')}"
+  deposit:
+    private_api_url: https://deposit.internal.swh.staging/1/private/
+    private_api_user: "%{hiera('deposit_basic_auth_swhworker_username')}"
+    private_api_password: "%{hiera('deposit_basic_auth_swhworker_password')}"
diff --git a/data/location/sesi_rocquencourt_staging.yaml b/data/location/sesi_rocquencourt_staging.yaml
index e3ac1951..88135bc7 100644
--- a/data/location/sesi_rocquencourt_staging.yaml
+++ b/data/location/sesi_rocquencourt_staging.yaml
@@ -1,77 +1,98 @@
 ---
 dns::local_cache: false
 dns::nameservers:
   - 192.168.100.29
 dns::search_domains:
   - internal.staging.swh.network
 
 dns::forward_zones:
   'internal.softwareheritage.org.':
     - 192.168.100.29
   '100.168.192.in-addr.arpa.':
     - 192.168.100.29
   '101.168.192.in-addr.arpa.':
     - 192.168.100.29
   'internal.staging.swh.network':
     - 192.168.100.29
   '128.168.192.in-addr.arpa.':
     - 192.168.100.29
 
 dns::forwarders:
   - 193.51.196.130
   - 193.51.196.131
 dns::forwarder_insecure: true
 
 ntp::servers:
   - sesi-ntp1.inria.fr
   - sesi-ntp2.inria.fr
 
 internal_network: 192.168.128.0/24
 
 smtp::relayhost: '[smtp.inria.fr]'
 
 swh::deploy::storage::db::host: db0.internal.staging.swh.network
 swh::deploy::storage::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}"
 swh::deploy::storage::db::user: swh
 swh::deploy::storage::db::dbname: swh
 
 swh::deploy::indexer::storage::db::host: db0.internal.staging.swh.network
 swh::deploy::indexer::storage::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}"
 swh::deploy::indexer::storage::db::user: swh-indexer
 swh::deploy::indexer::storage::db::dbname: swh-indexer
 
 swh::deploy::scheduler::db::host: db0.internal.staging.swh.network
 swh::deploy::scheduler::db::port: "%{alias('swh::deploy::db::pgbouncer::port')}"
 swh::deploy::scheduler::db::dbname: swh-scheduler
 swh::deploy::scheduler::db::user: swh-scheduler
 
 swh::deploy::worker::instances:
   - loader_git
 
 #### Rabbitmq instance to use
 # swh::deploy::worker::task_broker::password in private data
 swh::deploy::worker::task_broker: "amqp://swhconsumer:%{hiera('swh::deploy::worker::task_broker::password')}@scheduler0.internal.staging.swh.network:5672//"
 
-#### Storage service to use
+#### Storage/Indexer/Vault/Scheduler services to use in staging area
 
 swh::remote_service::storage::config::storage0:
   cls: remote
   args:
     url: "http://storage0.internal.staging.swh.network:%{hiera('swh::remote_service::storage::port')}/"
-
 swh::remote_service::storage::config: "%{alias('swh::remote_service::storage::config::storage0')}"
 swh::remote_service::storage::config::writable: "%{alias('swh::remote_service::storage::config::storage0')}"
 
+swh::remote_service::vault::config::vault0:
+  cls: remote
+  args:
+    url: "http://vault0.internal.staging.swh.network:%{hiera('swh::remote_service::vault::port')}/"
+swh::remote_service::vault::config: "%{alias('swh::remote_service::vault::config::azure')}"
+swh::remote_service::vault::config::writable: "%{alias('swh::remote_service::vault::config::azure')}"
+
+swh::remote_service::indexer::config::storage0:
+  cls: remote
+  args:
+    url: "http://storage0.internal.staging.swh.network:%{hiera('swh::remote_service::indexer::port')}/"
+swh::remote_service::indexer::config: "%{alias('swh::remote_service::indexer::config::storage0')}"
+swh::remote_service::indexer::config::writable: "%{alias('swh::remote_service::indexer::config::storage0')}"
+
+swh::remote_service::scheduler::config::scheduler0:
+  cls: remote
+  args:
+    url: "http://scheduler0.internal.staging.swh.network:%{hiera('swh::remote_service::scheduler::port')}/"
+
+swh::remote_service::scheduler::config: "%{alias('swh::remote_service::scheduler::config::scheduler0')}"
+swh::remote_service::scheduler::config::writable: "%{alias('swh::remote_service::scheduler::config::scheduler0')}"
+
 swh::deploy::worker::loader_git::config:
   storage: "%{alias('swh::remote_service::storage::config::writable')}"
   save_data: false
   directory_packet_size: 100
   celery:
     task_broker: "%{alias('swh::deploy::worker::task_broker')}"
     task_modules:
       - swh.loader.git.tasks
     task_queues:
       - swh.loader.git.tasks.UpdateGitRepository
       - swh.loader.git.tasks.LoadDiskGitRepository
       - swh.loader.git.tasks.UncompressAndLoadDiskGitRepository
 
diff --git a/manifests/site.pp b/manifests/site.pp
index 05400753..7c0425a1 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,146 +1,150 @@
 node 'louvre.internal.softwareheritage.org' {
   include role::swh_server
 }
 
 node /^(orsay|beaubourg|hypervisor\d+)\.(internal\.)?softwareheritage\.org$/
 {
   include role::swh_hypervisor
 }
 
 node 'pergamon.softwareheritage.org' {
   include role::swh_sysadmin
   include profile::export_archive_counters
 }
 
 node 'tate.softwareheritage.org' {
   include role::swh_forge
 }
 
 node 'moma.softwareheritage.org' {
   include role::swh_api
 }
 
 node 'webapp0.softwareheritage.org' {
   include role::swh_base_api
 }
 
 node 'saatchi.internal.softwareheritage.org' {
   include role::swh_scheduler
 }
 
 node /^(belvedere|somerset).(internal.)?softwareheritage.org$/ {
   include role::swh_database
   include profile::pgbouncer
 }
 
 node 'banco.softwareheritage.org' {
   include role::swh_backup
   include role::postgresql_backup
 }
 
 node /^esnode\d+.(internal.)?softwareheritage.org$/ {
   include role::swh_elasticsearch
 }
 
 node /^(unibo-test).(internal.)?softwareheritage.org$/ {
   include role::swh_vault_test
 }
 
 node /^(unibo-prod|vangogh).(euwest.azure.)?(internal.)?softwareheritage.org$/ {
   include role::swh_vault
 }
 
 node /^uffizi\.(internal\.)?softwareheritage\.org$/ {
   include role::swh_storage_baremetal
 }
 
 node /^storage\d+\.[^.]+\.azure\.internal\.softwareheritage\.org$/ {
   include role::swh_storage
 }
 
 node /^getty.(internal.)?softwareheritage.org$/ {
   include role::swh_eventlog
 }
 
 node /^worker\d+\.(internal\.)?softwareheritage\.org$/ {
   include role::swh_worker_inria
 }
 
 node /^worker\d+\..*\.azure\.internal\.softwareheritage\.org$/ {
   include role::swh_worker_azure
 }
 
 node /^dbreplica(0|1)\.euwest\.azure\.internal\.softwareheritage\.org$/ {
   include role::swh_database
 }
 
 node /^ceph-osd\d+\.internal\.softwareheritage\.org$/ {
   include role::swh_ceph_osd
 }
 
 node /^ceph-mon\d+\.internal\.softwareheritage\.org$/ {
   include role::swh_ceph_mon
 }
 
 node /^ns\d+\.(.*\.azure\.)?internal\.softwareheritage\.org/ {
   include role::swh_nameserver_secondary
 }
 
 node 'thyssen.internal.softwareheritage.org' {
   include role::swh_ci_server
 }
 
 node /^jenkins-debian\d+\.internal\.softwareheritage\.org$/ {
   include role::swh_ci_agent_debian
 }
 
 node 'logstash0.internal.softwareheritage.org' {
   include role::swh_logstash_instance
 }
 
 node 'kibana0.internal.softwareheritage.org' {
   include role::swh_kibana_instance
 }
 
 node 'munin0.internal.softwareheritage.org' {
   include role::swh_munin_master
 }
 
 node 'giverny.softwareheritage.org' {
   include role::swh_desktop
 }
 
 node 'db0.internal.staging.swh.network' {
   include role::swh_base_database
   include profile::postgresql::server
   include profile::pgbouncer
   include ::profile::devel::postgres
 }
 
 node 'scheduler0.internal.staging.swh.network' {
   include role::swh_scheduler
   include ::profile::devel::postgres
 }
 
 node 'gateway.internal.staging.swh.network' {
   include role::swh_gateway
 }
 
 node 'storage0.internal.staging.swh.network' {
   include role::swh_base_storage
   include ::profile::devel::postgres
 }
 
 node /^worker\d\.internal\.staging\.swh\.network$/ {
   include role::swh_worker_inria
 }
 
 node 'webapp.internal.staging.swh.network' {
   include role::swh_base_api
   include profile::network
 }
 
+node 'deposit.internal.staging.swh.network' {
+  include role::swh_deposit
+}
+
 node default {
   include role::swh_base
   include profile::puppet::agent
 }