Various schleuder fixes

roles/schleuder/defaults/main.yml

@@ -23,6 +23,7 @@ schleuder_api_port: 4443
 schleuder_api_tls_cert_file: /etc/schleuder/schleuder-certificate.pem
 schleuder_api_tls_key_file: /etc/schleuder/schleuder-private-key.pem
 schleuder_valid_api_keys: []
+schleuder_cli_users: {}
 
 
 

roles/schleuder/tasks/cli_apitokens.yml

@@ -0,0 +1,25 @@
+---
+
+- name: get schleuder api tls fingerprint
+  community.crypto.x509_certificate_info:
+    path: /etc/schleuder/schleuder-certificate.pem
+  register: schleuder_register_apicert_info
+
+- name: create the ~/.schleuder-cli/ directory
+  file:
+    path: "{{ item.value.home }}/.schleuder-cli"
+    state: directory
+    owner: "{{ item.key }}"
+    mode: 0700
+  loop: "{{ schleuder_cli_users | dict2items }}"
+
+- name: render ~/.schleuder-cli/schleuder-cli.yml
+  template:
+    src: root/.schleuder-cli/schleuder-cli.yml.j2
+    dest: "{{ item.value.home }}/.schleuder-cli/schleuder-cli.yml"
+    owner: "{{ item.key }}"
+    mode: 0600
+  vars:
+    fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
+    token: "{{ item.value.token }}"
+  loop: "{{ schleuder_cli_users | dict2items }}"

roles/schleuder/tasks/main.yml

@@ -14,3 +14,8 @@
   tags:
     - "role::schleuder"
     - "role::schleuder:install_web"
+
+- import_tasks: cli_apitokens.yml
+  tags:
+    - "role::schleuder"
+    - "role::schleuder:cli_apitokens"

roles/schleuder/templates/etc/schleuder/schleuder.yml.j2

@@ -66,8 +66,14 @@ api:
   tls_key_file: {{ schleuder_api_tls_key_file }}
   valid_api_keys:
 {% if schleuder_web_api_key is defined %}
+    # Schleuder Web
     - {{ schleuder_web_api_key }}
 {% endif %}
+{% for user, data in schleuder_cli_users.items() %}
+    # {{ user }}
+    - {{ data.token }}
+{% endfor %}
+    # Additional keys
 {% for key in schleuder_valid_api_keys %}
     - {{ key }}
 {% endfor %}

roles/schleuder/templates/root/.schleuder-cli/schleuder-cli.yml.j2

@@ -0,0 +1,6 @@
+---
+{{ ansible_managed | comment }}
+host: {{ schleuder_api_host }}
+port: {{ schleuder_api_port }}
+tls_fingerprint: {{ fingerprint }}
+api_key: {{ token }}

roles/schleuder/templates/var/lib/schleuder-web/schleuder-web/config/database.yml.j2

@@ -9,15 +9,18 @@ default: &default
   adapter: sqlite3
   pool: 5
   timeout: 5000
+
 development:
   <<: *default
   database: db/development.sqlite3
+
 # Warning: The database defined as "test" will be erased and
 # re-generated from your development database when you run "rake".
 # Do not set this db to the same as development or production.
 test:
   <<: *default
   database: db/test.sqlite3
+
 production:
   <<: *default
   database: /var/lib/schleuder-web/schleuder-web.sqlite3

roles/schleuder/templates/var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml.j2

@@ -1,19 +1,17 @@
 ---
 {{ ansible_managed | comment }}
 
-production:
+defaults: &defaults
   web_hostname: {{ schleuder_web_hostname }}
   mailer_from: {{ schleuder_web_mailfrom }}
   # For delivery_method, sendmail_settings and smtp_settings see
   # <http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration>.
   delivery_method: {{ schleuder_web_delivery_method }}
-{% if schleuder_web_delivery_method == 'sendmail' %}
   sendmail_settings:
     arguments: '{{ schleuder_web_sendmail_arguments }}'
-{% elif schleuder_web_delivery_method == 'smtp' %}
   smtp_settings:
-    address: {{schleuder_web_smtp_host}}
-    port: {{schleuder_web_smtp_port}}
+    address: {{ schleuder_web_smtp_host }}
+    port: {{schleuder_web_smtp_port }}
     enable_starttls_auto: {{ schleuder_web_smtp_auto_starttls }}
     openssl_verify_mode: {{ schleuder_web_smtp_openssl_verify_mode }}
     {% if schleuder_web_smtp_username is defined %}
@@ -21,8 +19,7 @@ production:
     user_name: {{ schleuder_web_smtp_username }}
     password: {{ schleuder_web_smtp_password }}
     {% endif %}
-{% endif %}
-
+ 
   api:
     host: <%= ENV["SCHLEUDER_API_HOST"] || 'localhost' %>
     port: <%= ENV["SCHLEUDER_API_PORT"] || 4443 %>
@@ -33,7 +30,16 @@ production:
     - {{ admin }}
 {% endfor %}
 
-  lists_on_which_subscribers_may_delete_keys:
-{% for list in schleuder_web_lists_on_which_subscribers_may_delete_keys %}
-    - "{{ list }}"
-{% endfor %}
+test:
+  <<: *defaults
+  api:
+    tls_fingerprint: <%= ENV["SCHLEUDER_TLS_FINGERPRINT"] || "6062f05f89384e5f2cda7ab3fc4f5af971d1c524187d90d8e3304e5e0ca6f853" %>
+  api_key: <%= ENV["SCHLEUDER_API_KEY"] || "ii123456789ii" %>
+  superadmins:
+    - admin@localhost
+    - someoneelse@example.net
+development:
+  <<: *defaults
+  web_hostname: localhost:3000
+production:
+  <<: *defaults