- name: Create ssl cert
  include_role:
    name: certificate
  vars:
    domains: ["{{ matrix_domain }}"]
  when: 'matrix_domain is defined'

- name: Install packages
  pacman:
    name:
      - coturn
      - freetype2
      - gcc
      - git
      - jemalloc
      - libffi
      - libjpeg-turbo
      - libolm
      - libtiff
      - libwebp
      - libxslt
      - libzip
      - make
      - npm
      - openssl
      - pkgconf
      - postgresql-libs
      - python
      - redis
      - tcl
      - tk
      - yarn
      - zlib

- name: Add synapse group
  group: name=synapse system=yes gid=198

- name: Add synapse user
  user: name=synapse system=yes uid=198 group=synapse home=/var/lib/synapse shell=/bin/false createhome=no

- name: Create synapse home
  file: path={{ item }} state=directory owner=synapse group=synapse mode=0700
  with_items:
    - /var/lib/synapse
    - /var/lib/synapse/media_store
    - /var/lib/synapse/mjolnir-data
    - /var/lib/synapse/pantalaimon-data

- name: Make virtualenvs
  command: 'python -m venv {{ item }}'
  args:
    creates: '{{ item }}/bin/python'
  become: true
  become_user: synapse
  become_method: sudo
  with_items:
    - /var/lib/synapse/venv
    - /var/lib/synapse/venv-pantalaimon

- name: Update virtualenvs
  pip:
    name:
      - pip
      - wheel
    state: latest
    extra_args: '--upgrade-strategy=eager'
    virtualenv: '{{ item }}'
  become: true
  become_user: synapse
  become_method: sudo
  with_items:
    - /var/lib/synapse/venv
    - /var/lib/synapse/venv-pantalaimon

- name: Install synapse
  pip:
    name:
      - 'matrix-synapse[postgres,systemd,url_preview,redis,oidc]==1.66.0'
    state: latest
    extra_args: '--upgrade-strategy=eager'
    virtualenv: /var/lib/synapse/venv
  become: true
  become_user: synapse
  become_method: sudo
  register: synapse_pip
  notify:
    - Restart synapse

- name: Install pantalaimon
  pip:
    name:
      - 'pantalaimon==0.10.4'
    state: latest
    extra_args: '--upgrade-strategy=eager'
    virtualenv: /var/lib/synapse/venv-pantalaimon
  become: true
  become_user: synapse
  become_method: sudo
  notify:
    - Restart pantalaimon

- name: Download mjolnir
  git:
    repo: https://github.com/matrix-org/mjolnir
    dest: /var/lib/synapse/mjolnir
    version: v1.5.0
    force: true
  become: true
  become_user: synapse
  become_method: sudo
  register: mjolnir_git
  notify:
    - Restart mjolnir

- name: Install mjolnir
  community.general.yarn:
    path: /var/lib/synapse/mjolnir
  become: true
  become_user: synapse
  become_method: sudo
  when: mjolnir_git.changed

- name: Build mjolnir
  command: yarn build
  args:
    chdir: /var/lib/synapse/mjolnir
  become: true
  become_user: synapse
  become_method: sudo
  when: mjolnir_git.changed

- name: Install mjolnir antispam module
  pip:
    name:
      - /var/lib/synapse/mjolnir/synapse_antispam
    state: latest
    virtualenv: /var/lib/synapse/venv
  become: true
  become_user: synapse
  become_method: sudo
  when: synapse_pip.changed or mjolnir_git.changed
  notify:
    - Restart synapse

- name: Download matrix-appservice-irc
  git:
    repo: https://github.com/matrix-org/matrix-appservice-irc
    dest: /var/lib/synapse/matrix-appservice-irc
    version: 0.34.0
    force: true
  become: true
  become_user: synapse
  become_method: sudo
  register: irc_git
  notify:
    - Restart matrix-appservice-irc

- name: Install matrix-appservice-irc
  community.general.npm:
    path: /var/lib/synapse/matrix-appservice-irc
    ci: true
  become: true
  become_user: synapse
  become_method: sudo
  when: irc_git.changed

- name: Install pg_hba.conf
  copy: src=pg_hba.conf dest=/var/lib/postgres/data/pg_hba.conf owner=postgres group=postgres mode=0600
  notify:
    - Restart postgres

- name: Add synapse postgres db
  postgresql_db: db=synapse lc_collate=C lc_ctype=C template=template0
  become: true
  become_user: postgres
  become_method: su

- name: Add synapse postgres user
  postgresql_user: db=synapse user=synapse password={{ vault_postgres_users.synapse }}
  become: true
  become_user: postgres
  become_method: su

- name: Add irc postgres db
  postgresql_db: db=irc
  become: true
  become_user: postgres
  become_method: su

- name: Create synapse config dir
  file: path={{ item }} state=directory owner=root group=synapse mode=0750
  with_items:
    - /etc/synapse
    - /etc/synapse/mjolnir

- name: Install homeserver config
  template: src=homeserver.yaml.j2 dest=/etc/synapse/homeserver.yaml owner=root group=synapse mode=0640
  notify:
    - Restart synapse

- name: Install static config
  copy: src={{ item }} dest=/etc/synapse/{{ item }} owner=root group=root mode=0644
  with_items:
    - log_config.yaml
    - worker-appservice.yaml
    - worker-federation_reader.yaml
    - worker-federation_sender.yaml
    - worker-media_repository.yaml
  notify:
    - Restart synapse

- name: Install pantalaimon config
  template: src=pantalaimon.conf.j2 dest=/etc/synapse/pantalaimon.conf owner=root group=synapse mode=0644
  notify:
    - Restart pantalaimon

- name: Install mjolnir config
  template: src=mjolnir.yaml.j2 dest=/etc/synapse/mjolnir/production.yaml owner=root group=synapse mode=0640
  notify:
    - Restart mjolnir

- name: Install irc-bridge config
  template: src=irc-bridge.yaml.j2 dest=/etc/synapse/irc-bridge.yaml owner=root group=synapse mode=0640
  notify:
    - Restart matrix-appservice-irc

- name: Install irc-bridge registration
  template: src=appservice-registration-irc.yaml.j2 dest=/etc/synapse/appservice-registration-irc.yaml owner=root group=synapse mode=0640
  notify:
    - Restart synapse

- name: Install signing key
  copy:
    content: '{{ vault_matrix_secrets.signing_key }}'
    dest: /etc/synapse/{{ matrix_server_name }}.signing.key
    owner: root
    group: synapse
    mode: 0640

- name: Install ircpass key
  copy:
    content: '{{ vault_matrix_secrets.ircpass_key }}'
    dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key
    owner: root
    group: synapse
    mode: 0640

- name: Make nginx log dir
  file: path=/var/log/nginx/{{ matrix_domain }} state=directory owner=root group=root mode=0755

- name: Set up nginx
  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/matrix.conf owner=root group=root mode=0640
  notify:
    - Reload nginx
  when: 'matrix_domain is defined'
  tags: ['nginx']

- name: Install turnserver.conf
  template: src=turnserver.conf.j2 dest=/etc/turnserver/turnserver.conf owner=turnserver group=turnserver mode=0600
  notify:
    - Restart turnserver

- name: Install turnserver cert renewal hook
  copy: src=letsencrypt.hook.d dest=/etc/letsencrypt/hook.d/turnserver owner=root group=root mode=0755

- name: Install synapse units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - synapse.service
    - synapse-worker@.service
  notify:
    - Restart synapse

- name: Install pantalaimon units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - pantalaimon.service
  notify:
    - Restart pantalaimon

- name: Install mjolnir units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - mjolnir.service
  notify:
    - Restart mjolnir

- name: Install matrix-appservice-irc units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - matrix-appservice-irc.service
  notify:
    - Restart matrix-appservice-irc

- name: Enable synapse units
  service: name={{ item }} enabled=yes
  with_items:
    - synapse.service
    - synapse-worker@appservice.service
    - synapse-worker@federation_reader.service
    - synapse-worker@federation_sender.service
    - synapse-worker@media_repository.service
  notify:
    - Restart synapse

- name: Enable pantalaimon units
  service: name={{ item }} enabled=yes
  with_items:
    - pantalaimon.service
  notify:
    - Restart pantalaimon

- name: Enable mjolnir units
  service: name={{ item }} enabled=yes
  with_items:
    - mjolnir.service
  notify:
    - Restart mjolnir

- name: Enable matrix-appservice-irc units
  service: name={{ item }} enabled=yes
  with_items:
    - matrix-appservice-irc.service
  notify:
    - Restart matrix-appservice-irc

- name: Enable turnserver units
  service: name={{ item }} enabled=yes
  with_items:
    - turnserver.service
  notify:
    - Restart turnserver

- name: Open firewall holes
  ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
  with_items:
    # synapse's identd
    - 113/tcp
    # turnserver
    - 2410-2411/tcp
    - 2410-2411/udp
    - 2420-2421/tcp
    - 2420-2421/udp
    - 33000-33999/udp
  when: configure_firewall
  tags:
    - firewall