#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Set up Matrix
  block:
    - name: Set up repos
      block:
        - name: Add repo keys
          apt_key:
            url: "{{ item }}"
          loop:
            - "https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg"
        - name: Add repos
          apt_repository:
            repo: "{{ item }}"
          loop:
            - "deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main"
        - name: Install packages
          apt:
            name:
              - matrix-synapse-py3
              - python3-psycopg2
    - name: Set up PostgreSQL
      block:
        - name: Create DB user
          postgresql_user:
            name: matrix
            password: "{{ matrix.db_password }}"
            login_host: "{{ matrix_db_hostname }}"
            login_user: "{{ psql.ansible.user }}"
            login_password: "{{ psql.ansible.pass }}"
        - name: Create DB
          postgresql_db:
            name: matrix
            owner: matrix
            lc_collate: C
            lc_ctype: C
            login_host: "{{ matrix_db_hostname }}"
            login_user: "{{ psql.ansible.user }}"
            login_password: "{{ psql.ansible.pass }}"
      when: matrix_db_hostname is defined
    - name: Set up Apache
      block:
        - name: Template out config
          template:
            src: "apache2-matrix.conf"
            dest: "/etc/apache2/conf-available/matrix.conf"
          notify: restart apache
        - name: Enable configs
          command:
            cmd: a2enconf "{{ item }}"
            creates: "/etc/apache2/conf-enabled/{{ item }}.conf"
          loop:
            - matrix
          notify: restart apache
        - name: Enable modules
          command:
            cmd: a2enmod "{{ item }}"
            creates: "/etc/apache2/mods-enabled/{{ item }}.load"
          loop:
            - proxy
            - proxy_http
          notify: restart apache
        - name: Template out vhost
          template:
            src: "apache2-vhost-ssl.conf"
            dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf"
          notify: restart apache
        - name: Create webroot
          file:
            state: directory
            path: "{{ matrix_webroot }}"
        - name: Enable site
          command:
            cmd: "a2ensite {{ matrix.url }}.conf"
            creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf"
          notify: restart apache
        - name: Generate certificate
          include_role:
            name: https
          vars:
            website_url: "{{ matrix.url }}"
    - name: Configure Synapse
      template:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        mode: "{{ item.mode }}"
      loop:
        - { src: "homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml", mode: "0644" }
        - { src: "server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml", mode: "0644" }
      notify: restart synapse
    - name: Check for secrets
      stat: path="/etc/matrix-synapse/conf.d/shared_secrets.yaml"
      register: p
    - name: Generate secrets
      block:
        - name: Generate registration_shared_secret
          command: pwgen 32 1
          register: matrix_reg_secret
        - name: Generate turn_shared_secret
          command: pwgen 32 1
          register: matrix_turn_secret
        - name: Template out shared_secrets.yaml
          template:
            src: "shared_secrets.yaml"
            dest: "/etc/matrix-synapse/conf.d/shared_secrets.yaml"
            mode: "0640"
            owner: "matrix-synapse"
            group: "root"
          notify: restart synapse
      when: not p.stat.exists
    - name: Template out backup module
      template:
        src: "backup.sh"
        dest: "/opt/backups/modules/{{ matrix.url }}.sh"
        mode: "0600"
  become: yes