Make schleuder-web installation optional and non-default

roles/schleuder/defaults/main.yml

@@ -68,6 +68,7 @@ schleuder_defaults_forward_all_incoming_to_admins: false
 
 
 # This is the last commit before schleuder 3.5 was required
+schleuder_web_install: no
 schleuder_web_commitish: main
 schleuder_web_hostname: schleuder.example.org
 schleuder_web_mailfrom: noreply@schleuder.example.org

roles/schleuder/tasks/install_schleuder.yml

@@ -0,0 +1,122 @@
+---
+
+- name: install schleuder-web dependencies
+  apt:
+    name:
+      - ruby
+      - ruby-dev
+      - sqlite3
+      - haveged
+      - libssl-dev
+      - acl  # only needed so ansible can become_user=schleuder
+
+- name: create schleuder group
+  group:
+    name: schleuder
+    system: yes
+  
+- name: create schleuder user
+  user:
+    name: schleuder
+    group: schleuder
+    home: /var/lib/schleuder
+    system: yes
+    shell: /usr/sbin/nologin
+  
+- name: gather service facts
+  service_facts:
+
+- name: stop schleuder service
+  service:
+    name: schleuder
+    state: stopped
+  when: "'schleuder.service' in ansible_facts.services"
+  
+- name: install schleuder gem
+  become: yes
+  become_user: schleuder
+  command:
+    cmd: gem install schleuder
+    creates: /var/lib/schleuder-web/schleuder-web
+    
+- name: fetch schleuder-webupstream
+  become: yes
+  become_user: schleuder-web
+  command:
+    cmd: git fetch origin
+    chdir: /var/lib/schleuder-web/schleuder-web
+
+- name: checkout requested schleuder-web version
+  become: yes
+  become_user: schleuder-web
+  command:
+    cmd: git checkout "{{ schleuder_web_commitish }}"
+    chdir: /var/lib/schleuder-web/schleuder-web
+
+- name: render /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
+  template:
+    src: var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml.j2
+    dest: /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
+    owner: schleuder-web
+    group: root
+    mode: 0600
+  notify: systemctl restart schleuder-web
+
+- name: render /var/lib/schleuder-web/schleuder-web/config/database.yml
+  template:
+    src: var/lib/schleuder-web/schleuder-web/config/database.yml.j2
+    dest: /var/lib/schleuder-web/schleuder-web/config/database.yml
+    owner: schleuder-web
+    group: nogroup
+    mode: 0644
+
+- name: get schleuder api tls fingerprint
+  community.crypto.x509_certificate_info:
+    path: /etc/schleuder/schleuder-certificate.pem
+  register: schleuder_register_apicert_info
+
+- name: render /etc/default/schleuder-web
+  template:
+    src: etc/default/schleuder-web.j2
+    dest: /etc/default/schleuder-web
+    owner: root
+    group: root
+    mode: 0600
+  vars:
+    tls_fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
+  notify: systemctl restart schleuder-web
+
+- name: render systemd service unit
+  template:
+    src: etc/systemd/system/schleuder-web.service.j2
+    dest: /etc/systemd/system/schleuder-web.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: systemctl daemon-reload
+
+- name: run bundle install ... this may take a few minutes
+  become: yes
+  become_user: schleuder-web
+  command:
+    cmd: /usr/bin/bundle install --path /var/lib/schleuder-web/.gem --without deployment
+    chdir: /var/lib/schleuder-web/schleuder-web
+
+- name: run bundle db setup
+  become: yes
+  become_user: schleuder-web
+  command:
+    cmd: /usr/bin/bundle exec rake db:setup
+    chdir: /var/lib/schleuder-web/schleuder-web
+    creates: /var/lib/schleuder-web/schleuder-web.sqlite3
+  environment:
+    RAILS_ENV: production
+
+- name: flush systemd daemon-reload
+  meta: flush_handlers
+
+- name: start and enable schleuder-web
+  service:
+    name: schleuder-web
+    state: started
+    enabled: true

roles/schleuder/tasks/install_web.yml

@@ -8,7 +8,7 @@
       - zlib1g-dev
       - libsqlite3-dev
       - git
-      - acl  # only needed so ansible can become_user=cryptpad
+      - acl  # only needed so ansible can become_user=schleuder-web
 
 - name: create schleuder-web user
   user:

roles/schleuder/tasks/main.yml

@@ -11,6 +11,7 @@
     - "role::schleuder:config"
 
 - import_tasks: install_web.yml
+  when: schleuder_web_install
   tags:
     - "role::schleuder"
     - "role::schleuder:install_web"