matrix-docker-ansible-deploy/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml

---

- name: Ensure Appservice IRC image is pulled
  docker_image:
    name: "{{ matrix_appservice_irc_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"

- name: Ensure Appservice IRC paths exist
  file:
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"
  with_items:
    - "{{ matrix_appservice_irc_base_path }}"
    - "{{ matrix_appservice_irc_config_path }}"
    - "{{ matrix_appservice_irc_data_path }}"

- name: Check if an old passkey file already exists
  stat:
    path: "{{ matrix_appservice_irc_base_path }}/passkey.pem"
  register: matrix_appservice_irc_stat_passkey

- name: (Data relocation) Ensure matrix-appservice-irc.service is stopped
  service:
    name: matrix-appservice-irc
    state: stopped
    daemon_reload: yes
  failed_when: false
  when: "matrix_appservice_irc_stat_passkey.stat.exists"

- name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory
  command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem"
  when: "matrix_appservice_irc_stat_passkey.stat.exists"

- name: (Data relocation) Move AppService IRC database files to ./data directory
  command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}"
  with_items:
    - rooms.db
    - users.db
  failed_when: false
  when: "matrix_appservice_irc_stat_passkey.stat.exists"

- name: Ensure Matrix Appservice IRC config installed
  copy:
    content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}"
    dest: "{{ matrix_appservice_irc_config_path }}/config.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"

- name: Check if Appservice IRC passkey exists
  stat:
    path: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
  register: irc_passkey_file

- name: Generate Appservice IRC passkey if it doesn't exist
  shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
  become: true
  become_user: "{{ matrix_user_username }}"
  when: "not irc_passkey_file.stat.exists"

# In the past, we used to generate the passkey.pem file with root, so permissions may not be okay.
# Fix it.
- name: (Migration) Ensure Appservice IRC passkey permissions are okay
  file:
    path: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"

# Ideally, we'd like to generate the final registration.yaml file by ourselves.
#
# However, the IRC bridge supports multiple servers, which leads to multiple
# users/aliases/rooms rules in the registration file.
#
# Generating a proper file by ourselves is complicated and may lead to deviation
# from what the bridge is doing.
#
# Instead, we do another hacky thing - asking the bridge to generate a template,
# and then we parse it and fix it up with our own AS/HS token.
# We need to do this, because:
# - we'd like to have an up-to-date registration file
# - we can achieve this by asking the bridge to rebuild it each time
# - however, the bridge insists on regenerating all tokens each time
# - .. which is not friendly for integrating with the homeserver
#
# So we have a hybrid approach. We ask the bridge to always generate
# an up-to-date file, and we fix it up with some static values later on,
# to produce a final registration.yaml file, as we desire.
- name: Generate Appservice IRC registration-template.yaml
  shell: >-
    /usr/bin/docker run --rm --name matrix-appservice-irc-gen
    --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
    --cap-drop=ALL
    -v {{ matrix_appservice_irc_config_path }}:/config:z
    -v {{ matrix_appservice_irc_data_path }}:/data:z
    {{ matrix_appservice_irc_docker_image }}
    node app.js
    -r
    -f /config/registration-template.yaml
    -u "http://matrix-appservice-irc:9999"
    -c /config/config.yaml
    -l irc_bot
  changed_when: false

- name: Read Appservice IRC registration-template.yaml
  slurp:
    src: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
  register: matrix_appservice_irc_registration_template_slurp

- name: Remove unnecessary Appservice IRC registration-template.yaml
  file:
    path: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
    state: absent
  changed_when: false

- name: Parse registration-template.yaml
  set_fact:
    matrix_appservice_irc_registration_template: "{{ matrix_appservice_irc_registration_template_slurp['content'] | b64decode | from_yaml }}"

- name: Combine registration-template.yaml and own registration override config
  set_fact:
    matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template|combine(matrix_appservice_irc_registration_override, recursive=True) }}"

- name: Ensure Appservice IRC registration.yaml installed
  copy:
    content: "{{ matrix_appservice_irc_registration|to_nice_yaml }}"
    dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml"
    mode: 0644
    owner: "{{ matrix_user_username }}"
    group: "{{ matrix_user_username }}"

- name: Ensure matrix-appservice-irc.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2"
    dest: "/etc/systemd/system/matrix-appservice-irc.service"
    mode: 0644
  register: matrix_appservice_irc_systemd_service_result

- name: Ensure systemd reloaded after matrix-appservice-irc.service installation
  service:
    daemon_reload: yes
  when: "matrix_appservice_irc_systemd_service_result.changed"