finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
3462196eb37b8663b95f016186841d5f66c4cb5e
matrix-docker-ansible-deploy/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml

224 lines
9.8 KiB
YAML
Raw Blame History

# SPDX-FileCopyrightText: 2019 - 2022 MDAD project contributors
# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
# SPDX-FileCopyrightText: 2019 Dan Arnfield
# SPDX-FileCopyrightText: 2020 Chris van Dijk
# SPDX-FileCopyrightText: 2021 Panagiotis Georgiadis
# SPDX-FileCopyrightText: 2022 Jim Myhrberg
# SPDX-FileCopyrightText: 2022 Marko Weltzer
# SPDX-FileCopyrightText: 2022 Nikita Chernyi
# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
# SPDX-FileCopyrightText: 2024 David Mehren
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
- ansible.builtin.include_role:
name: custom/matrix-base
tasks_from: ensure_openssl_installed
- name: Ensure Appservice IRC paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
with_items:
- {path: "{{ matrix_appservice_irc_base_path }}", when: true}
- {path: "{{ matrix_appservice_irc_config_path }}", when: true}
- {path: "{{ matrix_appservice_irc_data_path }}", when: true}
- {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"}
when: item.when | bool
- name: Check if an old passkey file already exists
ansible.builtin.stat:
path: "{{ matrix_appservice_irc_base_path }}/passkey.pem"
register: matrix_appservice_irc_stat_passkey
- when: "matrix_appservice_irc_stat_passkey.stat.exists"
block:
- name: (Data relocation) Ensure matrix-appservice-irc.service is stopped
ansible.builtin.service:
name: matrix-appservice-irc
state: stopped
daemon_reload: true
failed_when: false
- name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory
ansible.builtin.command:
cmd: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem"
register: matrix_appservice_irc_move_passkey_result
changed_when: matrix_appservice_irc_move_passkey_result.rc == 0
- name: (Data relocation) Move AppService IRC database files to ./data directory
ansible.builtin.command:
cmd: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}"
register: matrix_appservice_irc_move_dbs_result
changed_when: matrix_appservice_irc_move_dbs_result.rc == 0
with_items:
- rooms.db
- users.db
failed_when: false
- ansible.builtin.set_fact:
matrix_appservice_irc_requires_restart: false
- when: "matrix_appservice_irc_database_engine == 'postgres'"
block:
- name: Check if a nedb database already exists
ansible.builtin.stat:
path: "{{ matrix_appservice_irc_data_path }}/users.db"
register: matrix_appservice_irc_nedb_database_path_local_stat_result
- when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
- ansible.builtin.set_fact:
matrix_appservice_irc_requires_restart: true
- name: Ensure Appservice IRC image is pulled
community.docker.docker_image:
name: "{{ matrix_appservice_irc_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
when: "matrix_appservice_irc_enabled | bool and not matrix_appservice_irc_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure matrix-appservice-irc repository is present when self-building
ansible.builtin.git:
repo: "{{ matrix_appservice_irc_docker_repo }}"
version: "{{ matrix_appservice_irc_docker_repo_version }}"
dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_name }}"
register: matrix_appservice_irc_git_pull_results
when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool"
- name: Ensure matrix-appservice-irc Docker image is built
community.docker.docker_image:
name: "{{ matrix_appservice_irc_docker_image }}"
source: build
force_source: "{{ matrix_appservice_irc_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_appservice_irc_docker_src_files_path }}"
pull: true
when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool and matrix_appservice_irc_git_pull_results.changed"
- name: Ensure Matrix Appservice IRC config installed
ansible.builtin.copy:
content: "{{ matrix_appservice_irc_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_appservice_irc_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
- name: Generate Appservice IRC passkey if it doesn't exist
ansible.builtin.shell:
cmd: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048"
creates: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
become: true
become_user: "{{ matrix_user_name }}"
# In the past, we used to generate the passkey.pem file with root, so permissions may not be okay.
# Fix it.
- name: (Migration) Ensure Appservice IRC passkey permissions are okay
ansible.builtin.file:
path: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
mode: 0644
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
# Ideally, we'd like to generate the final registration.yaml file by ourselves.
#
# However, the IRC bridge supports multiple servers, which leads to multiple
# users/aliases/rooms rules in the registration file.
#
# Generating a proper file by ourselves is complicated and may lead to deviation
# from what the bridge is doing.
#
# Instead, we do another hacky thing - asking the bridge to generate a template,
# and then we parse it and fix it up with our own AS/HS token.
# We need to do this, because:
# - we'd like to have an up-to-date registration file
# - we can achieve this by asking the bridge to rebuild it each time
# - however, the bridge insists on regenerating all tokens each time
# - .. which is not friendly for integrating with the homeserver
#
# So we have a hybrid approach. We ask the bridge to always generate
# an up-to-date file, and we fix it up with some static values later on,
# to produce a final registration.yaml file, as we desire.
- name: Generate Appservice IRC registration-template.yaml
ansible.builtin.shell: >-
{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-appservice-irc-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--mount type=bind,src={{ matrix_appservice_irc_config_path }},dst=/config
--mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data
--entrypoint=/bin/bash
{{ matrix_appservice_irc_docker_image }}
-c
'node app.js
-r
-f /config/registration-template.yaml
-u "http://matrix-appservice-irc:9999"
-c /config/config.yaml
-l irc_bot'
changed_when: false
- name: Read Appservice IRC registration-template.yaml
ansible.builtin.slurp:
src: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
register: matrix_appservice_irc_registration_template_slurp
- name: Remove unnecessary Appservice IRC registration-template.yaml
ansible.builtin.file:
path: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
state: absent
changed_when: false
- name: Parse registration-template.yaml
ansible.builtin.set_fact:
matrix_appservice_irc_registration_template: "{{ matrix_appservice_irc_registration_template_slurp['content'] | b64decode | from_yaml }}"
- name: Combine registration-template.yaml and own registration override config
ansible.builtin.set_fact:
matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template | combine(matrix_appservice_irc_registration_override, recursive=True) }}"
- name: Ensure Appservice IRC registration.yaml installed
ansible.builtin.copy:
content: "{{ matrix_appservice_irc_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
- name: Ensure matrix-appservice-irc container network is created
community.general.docker_network:
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_irc_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-irc.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service"
mode: 0644
register: matrix_appservice_irc_systemd_service_result
- name: Ensure matrix-appservice-irc.service restarted, if necessary
ansible.builtin.service:
name: "matrix-appservice-irc.service"
state: restarted
daemon_reload: true
when: "matrix_appservice_irc_requires_restart | bool"
Reference in New Issue View Git Blame Copy Permalink