---
- name: install schleuder-web dependencies
ansible.builtin.apt:
name:
- bundler
- libxml2-dev
- zlib1g-dev
- libsqlite3-dev
- git
- acl # only needed so ansible can become_user=schleuder-web
- name: create schleuder-web user
ansible.builtin.user:
name: schleuder-web
group: nogroup
home: /var/lib/schleuder-web
system: yes
shell: /usr/sbin/nologin
- name: gather service facts
ansible.builtin.service_facts:
- name: stop schleuder-web service
ansible.builtin.service:
name: schleuder-web
state: stopped
when: "'schleuder-web.service' in ansible_facts.services"
- name: clone schleuder-web git repo
become: yes
become_user: schleuder-web
ansible.builtin.command:
# git module would reset working directory
cmd: git clone https://0xacab.org/schleuder/schleuder-web /var/lib/schleuder-web/schleuder-web # noqa command-instead-of-module
creates: /var/lib/schleuder-web/schleuder-web
- name: fetch schleuder-web upstream
become: yes
become_user: schleuder-web
ansible.builtin.command:
cmd: git fetch origin # noqa command-instead-of-module
chdir: /var/lib/schleuder-web/schleuder-web
changed_when: yes
- name: checkout requested schleuder-web version
become: yes
become_user: schleuder-web
ansible.builtin.command:
cmd: git checkout "{{ schleuder_web_commitish }}" # noqa command-instead-of-module
chdir: /var/lib/schleuder-web/schleuder-web
changed_when: yes
- name: render /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
ansible.builtin.template:
src: var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml.j2
dest: /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
owner: schleuder-web
group: root
mode: 0600
notify: systemctl restart schleuder-web
- name: render /var/lib/schleuder-web/schleuder-web/config/database.yml
ansible.builtin.template:
src: var/lib/schleuder-web/schleuder-web/config/database.yml.j2
dest: /var/lib/schleuder-web/schleuder-web/config/database.yml
owner: schleuder-web
group: nogroup
mode: 0644
- name: get schleuder api tls fingerprint
community.crypto.x509_certificate_info:
path: /etc/schleuder/schleuder-certificate.pem
register: schleuder_register_apicert_info
- name: render /etc/default/schleuder-web
ansible.builtin.template:
src: etc/default/schleuder-web.j2
dest: /etc/default/schleuder-web
owner: root
group: root
mode: 0600
vars:
tls_fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
notify: systemctl restart schleuder-web
- name: render systemd service unit
ansible.builtin.template:
src: etc/systemd/system/schleuder-web.service.j2
dest: /etc/systemd/system/schleuder-web.service
owner: root
group: root
mode: 0644
notify: systemctl daemon-reload
- name: run bundle install ... this may take a few minutes
become: yes
become_user: schleuder-web
ansible.builtin.command:
cmd: /usr/bin/bundle install --path /var/lib/schleuder-web/.gem --without deployment
chdir: /var/lib/schleuder-web/schleuder-web
changed_when: yes
- name: run bundle db setup
become: yes
become_user: schleuder-web
ansible.builtin.command:
cmd: /usr/bin/bundle exec rake db:setup
chdir: /var/lib/schleuder-web/schleuder-web
creates: /var/lib/schleuder-web/schleuder-web.sqlite3
environment:
RAILS_ENV: production
- name: flush systemd daemon-reload
ansible.builtin.meta: flush_handlers
- name: start and enable schleuder-web
ansible.builtin.service:
name: schleuder-web
state: started
enabled: true