Merge pull request #1737 from GoMatrixHosting/remove-awx-section

Remove matrix-awx sections
3 years ago · 285a50e930
--- a/docs/configuring-awx-system.md
+++ b/docs/configuring-awx-system.md
@@ -1,39 +0,0 @@
 # Configuring AWX System (optional)

 An AWX setup for managing multiple Matrix servers.

 This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers.

 Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. These playbooks are free to use in a commercial context with the 'MemberPress Plus' plugin. They can also be run in a non-commercial context.

 The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server.

 This system can manage the updates, configuration, import and export, backups and monitoring on its own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy).

 Warning: This system is about to undergo heavy revision, **we do not recommend using it at this time.**

 ## Other Required Playbooks

 The following repositories allow you to copy and use this setup:

 [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you.

 [Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. Also includes other administrative playbooks for updates, backups and restoring servers.

 [Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server.

 [GMHosting External Tools](https://gitlab.com/GoMatrixHosting/gmhosting-external-tools) - Extra tools we run outside of AWX, some of which are experimental.


 ## Does I need an AWX setup to use this? How do I configure it? 

 Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation_AWX.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_AWX.md). 

 For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal_AWX.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal_AWX.md).


 ## Does I need a front-end WordPress site? And a DigitalOcean account? 

 You do not need a front-end WordPress site or the MemberPress plugin to use this setup. It can be run on it's own in a non-commercial context.

 You also don't need a DigitalOcean account, although this will limit you to only being able to connect 'On-Premises' servers.
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -45,27 +45,6 @@ matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if m
 ######################################################################


 ######################################################################
 #
 # matrix-awx
 #
 ######################################################################

 # We don't enable AWX support by default.
 matrix_awx_enabled: false

 matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}"
 matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}"
 matrix_nginx_proxy_data_path_extension: "{{ '' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/matrix-domain' }}"
 matrix_nginx_proxy_base_domain_create_directory: "{{ not matrix_awx_enabled }}"

 ######################################################################
 #
 # /matrix-awx
 #
 ######################################################################


 ######################################################################
 #
 # matrix-bridge-appservice-discord
--- a/roles/matrix-awx/defaults/main.yml
+++ b/roles/matrix-awx/defaults/main.yml
@@ -1,8 +0,0 @@
 ---

 matrix_awx_enabled: true

 # Defaults for 'Customise Website + Access Export' template
 awx_sftp_auth_method: 'Disabled'
 awx_sftp_password: ''
 awx_sftp_public_key: ''
--- a/roles/matrix-awx/scripts/matrix_build_room_list.py
+++ b/roles/matrix-awx/scripts/matrix_build_room_list.py
@@ -1,29 +0,0 @@

 import sys
 import requests
 import json

 janitor_token = sys.argv[1]
 synapse_container_ip = sys.argv[2]
 synapse_container_port = sys.argv[3]

 # collect total amount of rooms

 rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms'
 rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token}
 rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header)
 rooms_raw_python = json.loads(rooms_raw.text)
 total_rooms = rooms_raw_python["total_rooms"]

 # build complete room list file

 room_list_file = open("/tmp/room_list_complete.json", "w")

 for i in range(0, total_rooms, 100):
  rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i)
  rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header)
  room_list_file.write(rooms_inc.text)

 room_list_file.close()

 print(total_rooms)
--- a/roles/matrix-awx/surveys/access_export.json.j2
+++ b/roles/matrix-awx/surveys/access_export.json.j2
@@ -1,42 +0,0 @@
 {
  "name": "Access Export",
  "description": "Access the services export.",
  "spec": [
    {
      "question_name": "SFTP Authorisation Method",
      "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
      "required": true,
      "min": null,
      "max": null,
      "default": "{{ awx_sftp_auth_method | string }}",
      "choices": "Disabled\nPassword\nSSH Key",
      "new_question": true,
      "variable": "awx_sftp_auth_method",
      "type": "multiplechoice"
    },
    {
      "question_name": "SFTP Password",
      "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
      "required": false,
      "min": 0,
      "max": 64,
      "default": "{{ awx_sftp_password }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_sftp_password",
      "type": "password"
    },
    {
      "question_name": "SFTP Public SSH Key (More Secure)",
      "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
      "required": false,
      "min": 0,
      "max": 16384,
      "default": "{{ awx_sftp_public_key }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_sftp_public_key",
      "type": "text"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/backup_server.json.j2
+++ b/roles/matrix-awx/surveys/backup_server.json.j2
@@ -1,18 +0,0 @@
 {
  "name": "Backup Server",
  "description": "Performs a backup of the entire service to a remote location.",
  "spec": [
    {
      "question_name": "Enable Backup",
      "question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ awx_backup_enabled | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "awx_backup_enabled",
      "type": "multiplechoice"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2
+++ b/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2
@@ -1,66 +0,0 @@
 {
  "name": "Bridge Discord Appservice",
  "description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
  "spec": [
    {
      "question_name": "Enable Discord AppService Bridge",
      "question_description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
      "required": true,
      "min": null,
      "max": null,
      "default": "{{ matrix_appservice_discord_enabled | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_appservice_discord_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "Discord OAuth2 Client ID",
      "question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications",
      "required": true,
      "min": 0,
      "max": 128,
      "default": "{{ matrix_appservice_discord_client_id | trim }}",
      "choices": "",
      "new_question": true,
      "variable": "matrix_appservice_discord_client_id",
      "type": "text"
    },
    {
      "question_name": "Discord Bot Token",
      "question_description": "The Bot 'TOKEN' which can be found in the 'Bot' tab of your new discord application: https://discord.com/developers/applications",
      "required": true,
      "min": 0,
      "max": 256,
      "default": "{{ matrix_appservice_discord_bot_token | trim }}",
      "choices": "",
      "new_question": true,
      "variable": "matrix_appservice_discord_bot_token",
      "type": "password"
    },
    {
      "question_name": "Auto-Admin Matrix User",
      "question_description": "The username you would like to be automatically joined and promoted to administrator (PL100) in bridged rooms. Exclude the '@' and server name postfix. So to create @stevo:example.org just enter 'stevo'.",
      "required": false,
      "min": 0,
      "max": 1024,
      "default": "",
      "choices": "",
      "new_question": true,
      "variable": "awx_appservice_discord_admin_user",
      "type": "text"
    },
    {
      "question_name": "Auto-Admin Rooms",
      "question_description": "A list of rooms you want the user to be automatically joined and promoted to administrator (PL100) in. These should be the internal IDs (for example '!axfBUsKhfAjSMBdjKX:example.org') separated by newlines.",
      "required": false,
      "min": 0,
      "max": 4096,
      "default": "",
      "choices": "",
      "new_question": true,
      "variable": "awx_appservice_discord_admin_rooms",
      "type": "textarea"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/configure_corporal.json.j2
+++ b/roles/matrix-awx/surveys/configure_corporal.json.j2
@@ -1,88 +0,0 @@
 {
  "name": "Configure Matrix Corporal",
  "description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.",
  "spec": [
    {
      "question_name": "Enable Corporal",
      "question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.",
      "required": true,
      "min": null,
      "max": null,
      "default": "{{ matrix_corporal_enabled|string|lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_corporal_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "Corporal Policy Provider",
      "question_description": "Controls what provider policy is used with Matrix Corporal.",
      "required": true,
      "min": null,
      "max": null,
      "default": "{{ awx_corporal_policy_provider_mode }}",
      "choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)",
      "new_question": true,
      "variable": "awx_corporal_policy_provider_mode",
      "type": "multiplechoice"
    },
    {
      "question_name": "Simple Static File Configuration",
      "question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.",
      "required": false,
      "min": 0,
      "max": 65536,
      "default": "",
      "new_question": true,
      "variable": "awx_corporal_simple_static_config",
      "type": "textarea"
    },
    {
      "question_name": "HTTP Pull Mode URI",
      "question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.",
      "required": false,
      "min": 0,
      "max": 4096,
      "default": "{{ awx_corporal_pull_mode_uri }}",
      "new_question": true,
      "variable": "awx_corporal_pull_mode_uri",
      "type": "text"
    },
    {
      "question_name": "HTTP Pull Mode Authentication Token",
      "question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
      "required": false,
      "min": 0,
      "max": 256,
      "default": "{{ awx_corporal_pull_mode_token }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_corporal_pull_mode_token",
      "type": "password"
    },
    {
      "question_name": "Corporal API Authentication Token",
      "question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
      "required": false,
      "min": 0,
      "max": 256,
      "default": "{{ matrix_corporal_http_api_auth_token }}",
      "choices": "",
      "new_question": true,
      "variable": "matrix_corporal_http_api_auth_token",
      "type": "password"
    },
    {
      "question_name": "Raise Synapse Ratelimits",
      "question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ awx_corporal_raise_ratelimits }}",
      "choices": "Normal\nRaised",
      "new_question": true,
      "variable": "awx_corporal_raise_ratelimits",
      "type": "multiplechoice"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/configure_dimension.json.j2
+++ b/roles/matrix-awx/surveys/configure_dimension.json.j2
@@ -1,30 +0,0 @@
 {
  "name": "Configure Dimension",
  "description": "Configure Dimension, the self-hosted integrations server.",
  "spec": [
    {
      "question_name": "Enable Dimension",
      "question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_dimension_enabled | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_dimension_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "Dimension Users",
      "question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'",
      "required": false,
      "min": 0,
      "max": 65536,
      "default": {{ awx_dimension_users_final | to_json }},
      "choices": "",
      "new_question": true,
      "variable": "awx_dimension_users",
      "type": "textarea"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/configure_element.json.j2
+++ b/roles/matrix-awx/surveys/configure_element.json.j2
@@ -1,114 +0,0 @@
 {
  "name": "Configure Element",
  "description": "Configure Element web client, Element is the most developed Matrix client software.",
  "spec": [
    {
      "question_name": "Enable Element-Web",
      "question_description": "Set if Element web client is enabled or not.",
      "required": true,
      "min": null,
      "max": null,
      "default": "{{ matrix_client_element_enabled }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_client_element_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "Set Theme for Web Client",
      "question_description": "Sets the default theme for the web client, can be changed later by individual users.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_client_element_default_theme }}",
      "choices": "light\ndark",
      "new_question": true,
      "variable": "matrix_client_element_default_theme",
      "type": "multiplechoice"
    },
    {
      "question_name": "Set Branding for Web Client",
      "question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.Leaving this field blank will cause the default branding will be used: 'Element'",
      "required": false,
      "min": 0,
      "max": 256,
      "default": "{{ matrix_client_element_brand | trim }}",
      "choices": "",
      "new_question": true,
      "variable": "matrix_client_element_brand",
      "type": "text"
    },
    {
      "question_name": "Set Welcome Page Background",
      "question_description": "Sets the background image on the welcome page, you should enter a URL to the image you want to use. Must be a 'https' link, otherwise it won't be set. Leaving this field blank will cause the default background to be used.",
      "required": false,
      "min": 0,
      "max": 1024,
      "default": "{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}",
      "choices": "",
      "new_question": true,
      "variable": "matrix_client_element_branding_welcomeBackgroundUrl",
      "type": "text"
    },
    {
      "question_name": "Set Welcome Page Logo",
      "question_description": "Sets the logo found on the welcome and login page, must be a valid https link to your logo, the logo itself should be a square vector image (SVG). Leaving this field blank will cause the default Element logo to be used.",
      "required": false,
      "min": 0,
      "max": 1024,
      "default": "{{ matrix_client_element_welcome_logo | trim }}",
      "choices": "",
      "new_question": true,
      "variable": "matrix_client_element_welcome_logo",
      "type": "text"
    },
    {
      "question_name": "Set Welcome Page Logo URL",
      "question_description": "Sets the URL link the welcome page logo leads to, must be a valid https link. Leaving this field blank will cause this default link to be used: 'https://element.io'",
      "required": false,
      "min": 0,
      "max": 1024,
      "default": "{{ matrix_client_element_welcome_logo_link | trim }}",
      "choices": "",
      "new_question": true,
      "variable": "matrix_client_element_welcome_logo_link",
      "type": "text"
    },
    {
      "question_name": "Set Welcome Page Headline",
      "question_description": "Sets the headline seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Welcome to Element!'",
      "required": false,
      "min": 0,
      "max": 512,
      "default": "{{ awx_matrix_client_element_welcome_headline | trim }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_matrix_client_element_welcome_headline",
      "type": "text"
    },
    {
      "question_name": "Set Welcome Page Text",
      "question_description": "Sets the text seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Decentralised, encrypted chat & collaboration powered by [Matrix]'",
      "required": false,
      "min": 0,
      "max": 2048,
      "default": "{{ awx_matrix_client_element_welcome_text | trim }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_matrix_client_element_welcome_text",
      "type": "text"
    },
    {
      "question_name": "Show Registration Button",
      "question_description": "If you show the registration button on the welcome page.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_client_element_registration_enabled }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_client_element_registration_enabled",
      "type": "multiplechoice"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/configure_element_subdomain.json.j2
+++ b/roles/matrix-awx/surveys/configure_element_subdomain.json.j2
@@ -1,18 +0,0 @@
 {
  "name": "Configure Element Subdomain",
  "description": "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)",
  "spec": [
    {
      "question_name": "Set Element Subdomain",
      "question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.",
      "required": false,
      "min": 0,
      "max": 2048,
      "default": "{{ awx_element_subdomain }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_element_subdomain",
      "type": "text"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/configure_email_relay.json.j2
+++ b/roles/matrix-awx/surveys/configure_email_relay.json.j2
@@ -1,19 +0,0 @@
 {
  "name": "Configure Email Relay",
  "description": "Enable MailGun relay to increase verification email reliability.",
  "spec": [
    {
      "question_name": "Enable Email Relay",
      "question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_mailer_relay_use | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_mailer_relay_use",
      "type": "multiplechoice"
    }
  ]
 }

--- a/roles/matrix-awx/surveys/configure_jitsi.json.j2
+++ b/roles/matrix-awx/surveys/configure_jitsi.json.j2
@@ -1,31 +0,0 @@
 {
  "name": "Configure Jitsi",
  "description": "Configure Jitsi conferencing settings.",
  "spec": [
    {
      "question_name": "Enable Jitsi",
      "question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_jitsi_enabled }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_jitsi_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "Set Default Language",
      "question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes",
      "required": false,
      "min": 0,
      "max": 2,
      "default": "{{ matrix_jitsi_web_config_defaultLanguage }}",
      "choices": "",
      "new_question": true,
      "variable": "matrix_jitsi_web_config_defaultLanguage",
      "type": "text"
    }
  ]
 }

--- a/roles/matrix-awx/surveys/configure_ma1sd.json.j2
+++ b/roles/matrix-awx/surveys/configure_ma1sd.json.j2
@@ -1,41 +0,0 @@
 {
  "name": "Configure ma1sd",
  "description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.",
  "spec": [
    {
      "question_name": "Enable ma1sd",
      "question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_ma1sd_enabled | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_ma1sd_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "ma1sd Authentication Mode",
      "question_description": "Set the source of user account authentication credentials with the ma1sd.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ awx_matrix_ma1sd_auth_store }}",
      "choices": "Synapse Internal\nLDAP/AD",
      "new_question": true,
      "variable": "awx_matrix_ma1sd_auth_store",
      "type": "multiplechoice"
    },
    {
      "question_name": "LDAP/AD Configuration",
      "question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )",
      "required": false,
      "min": 0,
      "max": 65536,
      "default": {{ awx_matrix_ma1sd_configuration_extension_yaml | to_json }},
      "new_question": true,
      "variable": "awx_matrix_ma1sd_configuration_extension_yaml",
      "type": "textarea"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/configure_mjolnir.json.j2
+++ b/roles/matrix-awx/surveys/configure_mjolnir.json.j2
@@ -1,29 +0,0 @@
 {
  "name": "Configure Mjolnir",
  "description": "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix.",
  "spec": [
    {
      "question_name": "Enable Mjolnir",
      "question_description": "Set if Mjolnir is enabled or not. Mjolnir is a moderation bot for Matrix.",
      "required": true,
      "min": null,
      "max": null,
      "default": "{{ matrix_bot_mjolnir_enabled | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_bot_mjolnir_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "Mjolnir Management Room",
      "question_description": "Sets the internal ID of the management room for Mjolnir. Example: '!wAeZaPCKvaCHcSqxAW:matrix.org'",
      "required": true,
      "min": null,
      "max": null,
      "default": "{{ matrix_bot_mjolnir_management_room }}",
      "new_question": true,
      "variable": "matrix_bot_mjolnir_management_room",
      "type": "text"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/configure_synapse.json.j2
+++ b/roles/matrix-awx/surveys/configure_synapse.json.j2
@@ -1,198 +0,0 @@
 {
  "name": "Configure Synapse",
  "description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.",
  "spec": [
    {
      "question_name": "Enable Public Registration",
      "question_description": "Controls whether people with access to the homeserver can register by themselves.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_synapse_enable_registration | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_synapse_enable_registration",
      "type": "multiplechoice"
    },
    {
      "question_name": "Enable Federation",
      "question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_synapse_federation_enabled | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_synapse_federation_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "Allow Public Rooms Over Federation",
      "question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_synapse_allow_public_rooms_over_federation",
      "type": "multiplechoice"
    },
    {
      "question_name": "Enable Community Creation",
      "question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_synapse_enable_group_creation | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_synapse_enable_group_creation",
      "type": "multiplechoice"
    },
    {
      "question_name": "Enable Synapse Presence",
      "question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_synapse_presence_enabled | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_synapse_presence_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "Enable URL Previews",
      "question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_synapse_url_preview_enabled | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_synapse_url_preview_enabled",
      "type": "multiplechoice"
    },
    {
      "question_name": "Enable Guest Access",
      "question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_synapse_allow_guest_access | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_synapse_allow_guest_access",
      "type": "multiplechoice"
    },
    {
      "question_name": "Registration Requires Email",
      "question_description": "Controls whether an email address is required to register on the server.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ awx_registrations_require_3pid | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "awx_registrations_require_3pid",
      "type": "multiplechoice"
    },
    {
      "question_name": "Registration Shared Secret",
      "question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.",
      "required": false,
      "min": 0,
      "max": 256,
      "default": "",
      "choices": "",
      "new_question": true,
      "variable": "awx_matrix_synapse_registration_shared_secret",
      "type": "password"
    },
    {
      "question_name": "Synapse Max Upload Size",
      "question_description": "Sets the maximum size for uploaded files in MB.",
      "required": false,
      "min": 0,
      "max": 3,
      "default": "{{ matrix_synapse_max_upload_size_mb }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_synapse_max_upload_size_mb",
      "type": "text"
    },
    {
      "question_name": "URL Preview Languages",
      "question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag",
      "required": false,
      "min": 0,
      "max": 65536,
      "default": {{ awx_url_preview_accept_language_default | to_json }},
      "choices": "",
      "new_question": true,
      "variable": "awx_url_preview_accept_language",
      "type": "textarea"
    },  
    {
      "question_name": "Federation Whitelist",
      "question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'",
      "required": false,
      "min": 0,
      "max": 65536,
      "default": {{ awx_federation_whitelist | to_json }},
      "choices": "",
      "new_question": true,
      "variable": "awx_federation_whitelist",
      "type": "textarea"
    },  
    {
      "question_name": "Synapse Auto-Join Rooms",
      "question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'",
      "required": false,
      "min": 0,
      "max": 65536,
      "default": {{ awx_synapse_auto_join_rooms | to_json }},
      "choices": "",
      "new_question": true,
      "variable": "awx_synapse_auto_join_rooms",
      "type": "textarea"
    },
    {
      "question_name": "Enable ReCaptcha on Registration",
      "question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ awx_enable_registration_captcha | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "awx_enable_registration_captcha",
      "type": "multiplechoice"
    },
    {
      "question_name": "Recaptcha Public Key",
      "question_description": "Sets the Google ReCaptcha public key for this website.",
      "required": false,
      "min": 0,
      "max": 40,
      "default": "{{ awx_recaptcha_public_key }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_recaptcha_public_key",
      "type": "text"
    },
    {
      "question_name": "Recaptcha Private Key",
      "question_description": "Sets the Google ReCaptcha private key for this website.",
      "required": false,
      "min": 0,
      "max": 40,
      "default": "{{ awx_recaptcha_private_key }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_recaptcha_private_key",
      "type": "text"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2
+++ b/roles/matrix-awx/surveys/configure_synapse_admin.json.j2
@@ -1,18 +0,0 @@
 {
  "name": "Configure Synapse Admin",
  "description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.",
  "spec": [
    {
      "question_name": "Enable Synapse Admin",
      "question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://{{ matrix_server_fqn_matrix }}/synapse-admin.",
      "required": false,
      "min": null,
      "max": null,
      "default": "{{ matrix_synapse_admin_enabled | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "matrix_synapse_admin_enabled",
      "type": "multiplechoice"
    }
  ]
 }
--- a/roles/matrix-awx/surveys/configure_website_access_export.json.j2
+++ b/roles/matrix-awx/surveys/configure_website_access_export.json.j2
@@ -1,54 +0,0 @@
 {
  "name": "Configure Website Access Backup",
  "description": "Configure base domain website settings and access the services backup.",
  "spec": [
    {
      "question_name": "Customise Base Domain Website",
      "question_description": "Set if you want to adjust the base domain website using SFTP.",
      "required": true,
      "min": null,
      "max": null,
      "default": "{{ awx_customise_base_domain_website | string | lower }}",
      "choices": "true\nfalse",
      "new_question": true,
      "variable": "awx_customise_base_domain_website",
      "type": "multiplechoice"
    },
    {
      "question_name": "SFTP Authorisation Method",
      "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
      "required": true,
      "min": null,
      "max": null,
      "default": "{{ awx_sftp_auth_method | string }}",
      "choices": "Disabled\nPassword\nSSH Key",
      "new_question": true,
      "variable": "awx_sftp_auth_method",
      "type": "multiplechoice"
    },
    {
      "question_name": "SFTP Password",
      "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
      "required": false,
      "min": 0,
      "max": 64,
      "default": "{{ awx_sftp_password }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_sftp_password",
      "type": "password"
    },
    {
      "question_name": "SFTP Public SSH Key (More Secure)",
      "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
      "required": false,
      "min": 0,
      "max": 16384,
      "default": "{{ awx_sftp_public_key }}",
      "choices": "",
      "new_question": true,
      "variable": "awx_sftp_public_key",
      "type": "text"
    }
  ]
 }
--- a/roles/matrix-awx/tasks/backup_server.yml
+++ b/roles/matrix-awx/tasks/backup_server.yml
@@ -1,101 +0,0 @@
 ---

 - name: Record Backup Server variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# AWX Settings Start'
  with_dict:
    'awx_backup_enabled': '{{ awx_backup_enabled }}'
  tags: use-survey

 - name: Save new 'Backup Server' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/backup_server.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
  tags: use-survey

 - name: Copy new 'Backup Server' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
    dest: '/matrix/awx/backup_server.json'
    mode: '0660'
  tags: use-survey

 - name: Recreate 'Backup Server' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 0 - Backup Server"
    description: "Performs a backup of the entire service to a remote location."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "backup-server,use-survey"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
  tags: use-survey

 - name: Include vars in matrix_vars.yml
  include_vars:
    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
  no_log: true

 - name: Copy new 'matrix_vars.yml' to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    dest: '/matrix/awx/matrix_vars.yml'
    mode: '0660'
  tags: use-survey

 - name: Run initial backup of /matrix/ and snapshot the database simultaneously
  command: "{{ item }}"
  with_items:
    - borgmatic -c /root/.config/borgmatic/config_1.yaml
    - /bin/sh /usr/local/bin/awx-export-service.sh 1 0
  register: _create_instances
  async: 3600  # Maximum runtime in seconds.
  poll: 0  # Fire and continue (never poll)
  when: awx_backup_enabled|bool

 - name: Wait for both of these jobs to finish
  async_status:
    jid: "{{ item.ansible_job_id }}"
  register: _jobs
  until: _jobs.finished
  delay: 5  # Check every 5 seconds.
  retries: 720  # Retry for a full hour.
  with_items: "{{ _create_instances.results }}"
  when: awx_backup_enabled|bool

 - name: Perform borg backup of postgres dump
  command: borgmatic -c /root/.config/borgmatic/config_2.yaml
  when: awx_backup_enabled|bool

 - name: Delete the AWX session token for executing modules
  awx.awx.tower_token:
    description: 'AWX Session Token'
    scope: "write"
    state: absent
    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"

 - name: Set boolean value to exit playbook
  set_fact:
    awx_end_playbook: true

 - name: End playbook if this task list is called.
  meta: end_play
  when: awx_end_playbook is defined and awx_end_playbook|bool
--- a/roles/matrix-awx/tasks/bridge_discord_appservice.yml
+++ b/roles/matrix-awx/tasks/bridge_discord_appservice.yml
@@ -1,58 +0,0 @@
 ---

 - name: Record Bridge Discord AppService variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Bridge Discord AppService Start'
  with_dict:
    'matrix_appservice_discord_enabled': '{{ matrix_appservice_discord_enabled }}'
    'matrix_appservice_discord_client_id': '{{ matrix_appservice_discord_client_id }}'
    'matrix_appservice_discord_bot_token': '{{ matrix_appservice_discord_bot_token }}'

 - name: If the raw inputs is not empty start constructing parsed awx_appservice_discord_admin_rooms list
  set_fact:
    awx_appservice_discord_admin_rooms_array: |-
      {{ awx_appservice_discord_admin_rooms.splitlines() | to_json }}
  when: awx_appservice_discord_admin_rooms | trim | length > 0

 - name: Promote user to administer (PL100) of each room
  command: |
    docker exec -i matrix-appservice-discord /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "{{ item.1 }}" -u "@{{ awx_appservice_discord_admin_user }}:{{ matrix_domain }}" -p 100'
  with_indexed_items:
    - "{{ awx_appservice_discord_admin_rooms_array }}"
  when: ( awx_appservice_discord_admin_rooms | trim | length > 0 ) and ( awx_appservice_discord_admin_user is defined )

 - name: Save new 'Bridge Discord Appservice' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/bridge_discord_appservice.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//bridge_discord_appservice.json'

 - name: Copy new 'Bridge Discord Appservice' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json'
    dest: '/matrix/awx/bridge_discord_appservice.json'
    mode: '0660'

 - name: Recreate 'Bridge Discord Appservice' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 3 - Bridge Discord AppService"
    description: "Enables a private bridge you can use to connect Matrix rooms to Discord."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-all,bridge-discord-appservice"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json') }}"
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/cache_matrix_variables.yml
+++ b/roles/matrix-awx/tasks/cache_matrix_variables.yml
@@ -1,13 +0,0 @@
 ---

 - name: Collect current datetime
  set_fact:
    awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}"

 - name: Create cached matrix_vars.yml file location
  set_fact:
    awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml'

 - name: Create cached matrix_vars.yml
  delegate_to: 127.0.0.1
  shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}"
--- a/roles/matrix-awx/tasks/create_session_token.yml
+++ b/roles/matrix-awx/tasks/create_session_token.yml
@@ -1,11 +0,0 @@
 ---

 - name: Create a AWX session token for executing modules
  awx.awx.tower_token:
    description: 'AWX Session Token'
    scope: "write"
    state: present
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_master_token }}"
  register: awx_session_token
  no_log: true
--- a/roles/matrix-awx/tasks/create_user.yml
+++ b/roles/matrix-awx/tasks/create_user.yml
@@ -1,41 +0,0 @@
 ---
 #
 # Create user and define if they are admin
 #
 # /usr/local/bin/matrix-synapse-register-user <your_username> <your_password> <admin access: 0 or 1>
 #

 - name: Set admin bool to zero
  set_fact:
    awx_admin_bool: 0
  when: awx_admin_access == 'false'

 - name: Examine if server admin set
  set_fact:
    awx_admin_bool: 1
  when: awx_admin_access == 'true'

 - name: Create user account
  command: |
    /usr/local/bin/matrix-synapse-register-user {{ awx_new_username | quote }} {{ awx_new_password | quote }} {{ awx_admin_bool }}
  register: awx_cmd_output

 - name: Delete the AWX session token for executing modules
  awx.awx.tower_token:
    description: 'AWX Session Token'
    scope: "write"
    state: absent
    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"

 - name: Set boolean value to exit playbook
  set_fact:
    awx_end_playbook: true

 - name: Result
  debug: msg="{{ awx_cmd_output.stdout }}"

 - name: End playbook if this task list is called.
  meta: end_play
  when: awx_end_playbook is defined and awx_end_playbook|bool
--- a/roles/matrix-awx/tasks/customise_website_access_export.yml
+++ b/roles/matrix-awx/tasks/customise_website_access_export.yml
@@ -1,267 +0,0 @@
 ---

 - name: Enable index.html creation if user doesn't wish to customise base domain
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Base Domain Settings Start'
  with_dict:
    'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
  when: (awx_customise_base_domain_website is defined) and not awx_customise_base_domain_website|bool

 - name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Base Domain Settings Start'
  with_dict:
    'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
  when: (awx_customise_base_domain_website is defined) and awx_customise_base_domain_website|bool

 - name: Record custom 'Customise Website + Access Export' variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Custom Settings Start'
  with_dict:
    'awx_sftp_auth_method': '"{{ awx_sftp_auth_method }}"'
    'awx_sftp_password': '"{{ awx_sftp_password }}"'
    'awx_sftp_public_key': '"{{ awx_sftp_public_key }}"'

 - name: Record custom 'Customise Website + Access Export' variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Custom Settings Start'
  with_dict:
    'awx_customise_base_domain_website': '{{ awx_customise_base_domain_website }}'
  when: awx_customise_base_domain_website is defined

 - name: Reload vars in matrix_vars.yml
  include_vars:
    file: '{{ awx_cached_matrix_vars }}'
  no_log: true

 - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
  when: awx_customise_base_domain_website is defined

 - name: Copy new 'Customise Website + Access Export' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
    dest: '/matrix/awx/configure_website_access_export.json'
    mode: '0660'
  when: awx_customise_base_domain_website is defined

 - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: './roles/matrix-awx/surveys/access_export.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
  when: awx_customise_base_domain_website is undefined

 - name: Copy new 'Customise Website + Access Export' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
    dest: '/matrix/awx/access_export.json'
    mode: '0660'
  when: awx_customise_base_domain_website is undefined

 - name: Recreate 'Configure Website + Access Export' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Website + Access Export"
    description: "Configure base domain website settings and access the servers export."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-nginx-proxy"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
  when: awx_customise_base_domain_website is defined

 - name: Recreate 'Access Export' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Access Export"
    description: "Access the services export."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-nginx-proxy"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
  when: awx_customise_base_domain_website is undefined

 - name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account
  user:
    name: sftp
    comment: SFTP user to set custom web files and access servers export
    shell: /bin/false
    home: /home/sftp
    group: matrix
    password: '*'
    update_password: always
  when: awx_sftp_password|length == 0

 - name: If user defines awx_sftp_password, enable account and set password on 'stfp' account
  user:
    name: sftp
    comment: SFTP user to set custom web files and access servers export
    shell: /bin/false
    home: /home/sftp
    group: matrix
    password: "{{ awx_sftp_password | password_hash('sha512') }}"
    update_password: always
  when: awx_sftp_password|length > 0

 - name: Ensure group "sftp" exists
  group:
    name: sftp
    state: present

 - name: adding existing user 'sftp' to group matrix
  user:
    name: sftp
    groups: sftp
    append: true
  when: awx_customise_base_domain_website is defined

 - name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
  file:
    path: /chroot
    state: directory
    owner: root
    group: root
    mode: '1755'

 - name: Ensure /chroot/website location exists.
  file:
    path: /chroot/website
    state: directory
    owner: matrix
    group: matrix
    mode: '0770'
  when: awx_customise_base_domain_website is defined

 - name: Ensure /chroot/export location exists
  file:
    path: /chroot/export
    state: directory
    owner: sftp
    group: sftp
    mode: '0700'

 - name: Ensure /home/sftp/.ssh location exists
  file:
    path: /home/sftp/.ssh
    state: directory
    owner: sftp
    group: sftp
    mode: '0700'

 - name: Ensure /home/sftp/authorized_keys exists
  file:
    path: /home/sftp/.ssh/authorized_keys
    state: touch
    owner: sftp
    group: sftp
    mode: '0644'

 - name: Clear authorized_keys file
  shell: echo "" > /home/sftp/.ssh/authorized_keys

 - name: Insert public SSH key into authorized_keys file
  lineinfile:
    path: /home/sftp/.ssh/authorized_keys
    line: "{{ awx_sftp_public_key }}"
    owner: sftp
    group: sftp
    mode: '0644'
  when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key")

 - name: Remove any existing Subsystem lines
  lineinfile:
    path: /etc/ssh/sshd_config
    state: absent
    regexp: '^Subsystem'

 - name: Set SSH Subsystem State
  lineinfile:
    path: /etc/ssh/sshd_config
    insertafter: "^# override default of no subsystems"
    line: "Subsystem sftp internal-sftp"

 - name: Add SSH Match User section for disabled auth
  blockinfile:
    path: /etc/ssh/sshd_config
    state: absent
    block: |
      Match User sftp
          ChrootDirectory /chroot
          PermitTunnel no
          X11Forwarding no
          AllowTcpForwarding no
          PasswordAuthentication yes
          AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
  when: awx_sftp_auth_method == "Disabled"

 - name: Add SSH Match User section for password auth
  blockinfile:
    path: /etc/ssh/sshd_config
    state: present
    block: |
      Match User sftp
          ChrootDirectory /chroot
          PermitTunnel no
          X11Forwarding no
          AllowTcpForwarding no
          PasswordAuthentication yes
  when: awx_sftp_auth_method == "Password"

 - name: Add SSH Match User section for publickey auth
  blockinfile:
    path: /etc/ssh/sshd_config
    state: present
    block: |
      Match User sftp
          ChrootDirectory /chroot
          PermitTunnel no
          X11Forwarding no
          AllowTcpForwarding no
          AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
  when: awx_sftp_auth_method == "SSH Key"

 - name: Restart service ssh.service
  service:
    name: ssh.service
    state: restarted
--- a/roles/matrix-awx/tasks/delete_session_token.yml
+++ b/roles/matrix-awx/tasks/delete_session_token.yml
@@ -1,10 +0,0 @@
 ---

 - name: Delete the AWX session token for executing modules
  awx.awx.tower_token:
    description: 'AWX Session Token'
    scope: "write"
    state: absent
    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
--- a/roles/matrix-awx/tasks/export_server.yml
+++ b/roles/matrix-awx/tasks/export_server.yml
@@ -1,43 +0,0 @@
 ---

 - name: Run export of /matrix/ and snapshot the database simultaneously
  command: "{{ item }}"
  with_items:
    - /bin/sh /usr/local/bin/awx-export-service.sh 1 0
    - /bin/sh /usr/local/bin/awx-export-service.sh 0 1
  register: awx_create_instances
  async: 3600  # Maximum runtime in seconds.
  poll: 0  # Fire and continue (never poll)

 - name: Wait for both of these jobs to finish
  async_status:
    jid: "{{ item.ansible_job_id }}"
  register: awx_jobs
  until: awx_jobs.finished
  delay: 5  # Check every 5 seconds.
  retries: 720  # Retry for a full hour.
  with_items: "{{ awx_create_instances.results }}"

 - name: Schedule deletion of the export in 24 hours
  at:
    command: rm /chroot/export/matrix*
    count: 1
    units: days
    unique: true

 - name: Delete the AWX session token for executing modules
  awx.awx.tower_token:
    description: 'AWX Session Token'
    scope: "write"
    state: absent
    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"

 - name: Set boolean value to exit playbook
  set_fact:
    awx_end_playbook: true

 - name: End playbook if this task list is called.
  meta: end_play
  when: awx_end_playbook is defined and awx_end_playbook|bool
--- a/roles/matrix-awx/tasks/import_awx.yml
+++ b/roles/matrix-awx/tasks/import_awx.yml
@@ -1,7 +0,0 @@
 ---

 - name: Ensure correct ownership of /matrix/awx
  shell: chown -R matrix:matrix /matrix/awx

 - name: Ensure correct ownership of /matrix/synapse
  shell: chown -R matrix:matrix /matrix/synapse
--- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
+++ b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
@@ -1,16 +0,0 @@
 ---

 - name: Include vars in organisation.yml
  include_vars:
    file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
  no_log: true

 - name: Include vars in hosting_vars.yml
  include_vars:
    file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
  no_log: true

 - name: Include AWX master token from awx_tokens.yml
  include_vars:
    file: /var/lib/awx/projects/hosting/awx_tokens.yml
  no_log: true
--- a/roles/matrix-awx/tasks/load_matrix_variables.yml
+++ b/roles/matrix-awx/tasks/load_matrix_variables.yml
@@ -1,16 +0,0 @@
 ---

 - name: Include new vars in matrix_vars.yml
  include_vars:
    file: '{{ awx_cached_matrix_vars }}'
  no_log: true

 - name: If include_vars succeeds overwrite the old matrix_vars.yml
  delegate_to: 127.0.0.1
  shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}"

 - name: Copy new 'matrix_vars.yml' to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    dest: '/matrix/awx/matrix_vars.yml'
    mode: '0660'
--- a/roles/matrix-awx/tasks/main.yml
+++ b/roles/matrix-awx/tasks/main.yml
@@ -1,234 +0,0 @@
 ---
 # Load initial hosting and organisation variables from AWX volume
 - include_tasks:
    file: "load_hosting_and_org_variables.yml"
    apply:
      tags: always
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - always

 # Renames or updates the vars.yml if needed
 - include_tasks:
    file: "update_variables.yml"
    apply:
      tags: always
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - always

 # Create AWX session token
 - include_tasks:
    file: "create_session_token.yml"
    apply:
      tags: always
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - always

 # Perform a backup of the server
 - include_tasks:
    file: "backup_server.yml"
    apply:
      tags: backup-server
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - backup-server

 # Perform a export of the server
 - include_tasks:
    file: "export_server.yml"
    apply:
      tags: export-server
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - export-server

 # Create a user account if called
 - include_tasks:
    file: "create_user.yml"
    apply:
      tags: create-user
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - create-user

 # Purge local/remote media if called
 - include_tasks:
    file: "purge_media_main.yml"
    apply:
      tags: purge-media
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - purge-media

 # Purge Synapse database if called
 - include_tasks:
    file: "purge_database_main.yml"
    apply:
      tags: purge-database
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - purge-database

 # Rotate SSH key if called
 - include_tasks:
    file: "rotate_ssh.yml"
    apply:
      tags: rotate-ssh
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - rotate-ssh

 # Import configs, media repo from /chroot/backup import
 - include_tasks:
    file: "import_awx.yml"
    apply:
      tags: import-awx
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - import-awx

 # Perform extra self-check functions
 - include_tasks:
    file: "self_check.yml"
    apply:
      tags: self-check
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - self-check

 # Create cached matrix_vars.yml file
 - include_tasks:
    file: "cache_matrix_variables.yml"
    apply:
      tags: always
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - always

 # Configure SFTP so user can upload a static website or access the servers export
 - include_tasks:
    file: "customise_website_access_export.yml"
    apply:
      tags: setup-nginx-proxy
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-nginx-proxy

 # Additional playbook to set the variable file during Element configuration
 - include_tasks:
    file: "set_variables_element.yml"
    apply:
      tags: setup-client-element
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-client-element

 # Additional playbook to set the variable file during Mailer configuration
 - include_tasks:
    file: "set_variables_mailer.yml"
    apply:
      tags: setup-mailer
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-mailer

 # Additional playbook to set the variable file during Element configuration
 - include_tasks:
    file: "set_variables_element_subdomain.yml"
    apply:
      tags: setup-client-element-subdomain
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-client-element-subdomain

 # Additional playbook to set the variable file during Synapse configuration
 - include_tasks:
    file: "set_variables_synapse.yml"
    apply:
      tags: setup-synapse
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-synapse

 # Additional playbook to set the variable file during Jitsi configuration
 - include_tasks:
    file: "set_variables_jitsi.yml"
    apply:
      tags: setup-jitsi
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-jitsi

 # Additional playbook to set the variable file during Ma1sd configuration
 - include_tasks:
    file: "set_variables_ma1sd.yml"
    apply:
      tags: setup-ma1sd
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-ma1sd

 # Additional playbook to set the variable file during Mjolnir Bot configuration
 - include_tasks:
    file: "set_variables_mjolnir.yml"
    apply:
      tags: setup-bot-mjolnir
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-bot-mjolnir

 # Additional playbook to set the variable file during Corporal configuration
 - include_tasks:
    file: "set_variables_corporal.yml"
    apply:
      tags: setup-corporal
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-corporal

 # Additional playbook to set the variable file during Dimension configuration
 - include_tasks:
    file: "set_variables_dimension.yml"
    apply:
      tags: setup-dimension
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-dimension

 # Additional playbook to set the variable file during Synapse Admin configuration
 - include_tasks:
    file: "set_variables_synapse_admin.yml"
    apply:
      tags: setup-synapse-admin
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - setup-synapse-admin

 # Additional playbook to set the variable file during Discord Appservice Bridge configuration
 - include_tasks:
    file: "bridge_discord_appservice.yml"
    apply:
      tags: bridge-discord-appservice
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - bridge-discord-appservice

 # Delete AWX session token
 - include_tasks:
    file: "delete_session_token.yml"
    apply:
      tags: always
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - always

 # Load newly formed matrix variables from AWX volume
 - include_tasks:
    file: "load_matrix_variables.yml"
    apply:
      tags: always
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - always
--- a/roles/matrix-awx/tasks/purge_database_events.yml
+++ b/roles/matrix-awx/tasks/purge_database_events.yml
@@ -1,14 +0,0 @@
 ---

 - name: Purge all rooms with more then N events
  shell: |
    curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
  register: awx_purge_command

 - name: Print output of purge command
  debug:
    msg: "{{ awx_purge_command.stdout }}"

 - name: Pause for 5 seconds to let Synapse breathe
  pause:
    seconds: 5
--- a/roles/matrix-awx/tasks/purge_database_main.yml
+++ b/roles/matrix-awx/tasks/purge_database_main.yml
@@ -1,320 +0,0 @@
 ---

 - name: Ensure dateutils and curl is installed in AWX
  delegate_to: 127.0.0.1
  yum:
    name: dateutils
    state: latest

 - name: Include vars in matrix_vars.yml
  include_vars:
    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
  no_log: true

 - name: Ensure curl and jq intalled on target machine
  apt:
    pkg:
      - curl
      - jq
    state: present

 - name: Collect before shrink size of Synapse database
  shell: du -sh /matrix/postgres/data
  register: awx_db_size_before_stat
  when: (awx_purge_mode.find("Perform final shrink") != -1)
  no_log: true

 - name: Collect the internal IP of the matrix-synapse container
  shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
  register: awx_synapse_container_ip

 - name: Collect access token for @admin-janitor user
  shell: |
    curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
  register: awx_janitors_token
  no_log: true

 - name: Copy build_room_list.py script to target machine
  copy:
    src: ./roles/matrix-awx/scripts/matrix_build_room_list.py
    dest: /usr/local/bin/matrix_build_room_list.py
    owner: matrix
    group: matrix
    mode: '0755'
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Run build_room_list.py script
  shell: |
    runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }}
  register: awx_rooms_total
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Fetch complete room list from target machine
  fetch:
    src: /tmp/room_list_complete.json
    dest: "/tmp/{{ subscription_id }}_room_list_complete.json"
    flat: true
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Remove complete room list from target machine
  file:
    path: /tmp/room_list_complete.json
    state: absent
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Generate list of rooms with no local users
  delegate_to: 127.0.0.1
  shell: |
    jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Count number of rooms with no local users
  delegate_to: 127.0.0.1
  shell: |
    wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }'
  register: awx_rooms_no_local_total
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Setting host fact awx_room_list_no_local_users
  set_fact:
    awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
  no_log: true
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Purge all rooms with no local users
  include_tasks: purge_database_no_local.yml
  loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}"
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Collect epoche time from date
  delegate_to: 127.0.0.1
  shell: |
    date -d '{{ awx_purge_date }}' +"%s"
  when: (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
  register: awx_purge_epoche_time

 - name: Generate list of rooms with more then N users
  delegate_to: 127.0.0.1
  shell: |
    jq 'try .rooms[] | select(.joined_members > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt
  when: awx_purge_mode.find("Number of users [slower]") != -1

 - name: Count number of rooms with more then N users
  delegate_to: 127.0.0.1
  shell: |
    wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }'
  register: awx_rooms_join_members_total
  when: awx_purge_mode.find("Number of users [slower]") != -1

 - name: Setting host fact awx_room_list_joined_members
  delegate_to: 127.0.0.1
  set_fact:
    awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
  when: awx_purge_mode.find("Number of users [slower]") != -1
  no_log: true

 - name: Purge all rooms with more then N users
  include_tasks: purge_database_users.yml
  loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}"
  when: awx_purge_mode.find("Number of users [slower]") != -1

 - name: Generate list of rooms with more then N events
  delegate_to: 127.0.0.1
  shell: |
    jq 'try .rooms[] | select(.state_events > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt
  when: awx_purge_mode.find("Number of events [slower]") != -1

 - name: Count number of rooms with more then N events
  delegate_to: 127.0.0.1
  shell: |
    wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }'
  register: awx_rooms_state_events_total
  when: awx_purge_mode.find("Number of events [slower]") != -1

 - name: Setting host fact awx_room_list_state_events
  delegate_to: 127.0.0.1
  set_fact:
    awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
  when: awx_purge_mode.find("Number of events [slower]") != -1
  no_log: true

 - name: Purge all rooms with more then N events
  include_tasks: purge_database_events.yml
  loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}"
  when: awx_purge_mode.find("Number of events [slower]") != -1

 - name: Adjust 'Deploy/Update a Server' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
    description: "Creates a new matrix service with Spantaleev's playbooks"
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "rust-synapse-compress-state"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)

 - name: Execute rust-synapse-compress-state job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_launch:
    job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
    wait: true
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)

 - name: Revert 'Deploy/Update a Server' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
    description: "Creates a new matrix service with Spantaleev's playbooks"
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "setup-all,start"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)

 - name: Ensure matrix-synapse is stopped
  service:
    name: matrix-synapse
    state: stopped
    daemon_reload: true
  when: (awx_purge_mode.find("Perform final shrink") != -1)

 - name: Re-index Synapse database
  shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse'
  when: (awx_purge_mode.find("Perform final shrink") != -1)

 - name: Ensure matrix-synapse is started
  service:
    name: matrix-synapse
    state: started
    daemon_reload: true
  when: (awx_purge_mode.find("Perform final shrink") != -1)

 - name: Adjust 'Deploy/Update a Server' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
    description: "Creates a new matrix service with Spantaleev's playbooks"
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "run-postgres-vacuum,start"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
  when: (awx_purge_mode.find("Perform final shrink") != -1)

 - name: Execute run-postgres-vacuum job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_launch:
    job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
    wait: true
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
  when: (awx_purge_mode.find("Perform final shrink") != -1)

 - name: Revert 'Deploy/Update a Server' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
    description: "Creates a new matrix service with Spantaleev's playbooks"
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "setup-all,start"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
  when: (awx_purge_mode.find("Perform final shrink") != -1)

 - name: Cleanup room_list files
  delegate_to: 127.0.0.1
  shell: |
    rm /tmp/{{ subscription_id }}_room_list*
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
  ignore_errors: true

 - name: Collect after shrink size of Synapse database
  shell: du -sh /matrix/postgres/data
  register: awx_db_size_after_stat
  when: (awx_purge_mode.find("Perform final shrink") != -1)
  no_log: true

 - name: Print total number of rooms processed
  debug:
    msg: '{{ awx_rooms_total.stdout }}'
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Print the number of rooms purged with no local users
  debug:
    msg: '{{ awx_rooms_no_local_total.stdout }}'
  when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)

 - name: Print the number of rooms purged with more then N users
  debug:
    msg: '{{ awx_rooms_join_members_total.stdout }}'
  when: awx_purge_mode.find("Number of users") != -1

 - name: Print the number of rooms purged with more then N events
  debug:
    msg: '{{ awx_rooms_state_events_total.stdout }}'
  when: awx_purge_mode.find("Number of events") != -1

 - name: Print before purge size of Synapse database
  debug:
    msg: "{{ awx_db_size_before_stat.stdout.split('\n') }}"
  when: ( awx_db_size_before_stat is defined ) and ( awx_purge_mode.find("Perform final shrink" ) != -1 )

 - name: Print after purge size of Synapse database
  debug:
    msg: "{{ awx_db_size_after_stat.stdout.split('\n') }}"
  when: (awx_db_size_after_stat is defined) and (awx_purge_mode.find("Perform final shrink") != -1)

 - name: Delete the AWX session token for executing modules
  awx.awx.tower_token:
    description: 'AWX Session Token'
    scope: "write"
    state: absent
    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"

 - name: Set boolean value to exit playbook
  set_fact:
    awx_end_playbook: true

 - name: End playbook early if this task is called.
  meta: end_play
  when: awx_end_playbook is defined and awx_end_playbook|bool
--- a/roles/matrix-awx/tasks/purge_database_no_local.yml
+++ b/roles/matrix-awx/tasks/purge_database_no_local.yml
@@ -1,14 +0,0 @@
 ---

 - name: Purge all rooms with no local users
  shell: |
    curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room'
  register: awx_purge_command

 - name: Print output of purge command
  debug:
    msg: "{{ awx_purge_command.stdout }}"

 - name: Pause for 5 seconds to let Synapse breathe
  pause:
    seconds: 5
--- a/roles/matrix-awx/tasks/purge_database_users.yml
+++ b/roles/matrix-awx/tasks/purge_database_users.yml
@@ -1,14 +0,0 @@
 ---

 - name: Purge all rooms with more then N users
  shell: |
    curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
  register: awx_purge_command

 - name: Print output of purge command
  debug:
    msg: "{{ awx_purge_command.stdout }}"

 - name: Pause for 5 seconds to let Synapse breathe
  pause:
    seconds: 5
--- a/roles/matrix-awx/tasks/purge_media_local.yml
+++ b/roles/matrix-awx/tasks/purge_media_local.yml
@@ -1,19 +0,0 @@
 ---

 - name: Collect epoche time from date
  shell: |
    date -d '{{ item }}' +"%s"
  register: awx_epoche_time

 - name: Purge local media to specific date
  shell: |
    curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000'
  register: awx_purge_command

 - name: Print output of purge command
  debug:
    msg: "{{ awx_purge_command.stdout }}"

 - name: Pause for 5 seconds to let Synapse breathe
  pause:
    seconds: 5
--- a/roles/matrix-awx/tasks/purge_media_main.yml
+++ b/roles/matrix-awx/tasks/purge_media_main.yml
@@ -1,111 +0,0 @@
 ---

 - name: Ensure dateutils is installed in AWX
  delegate_to: 127.0.0.1
  yum:
    name: dateutils
    state: latest

 - name: Include vars in matrix_vars.yml
  include_vars:
    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
  no_log: true

 - name: Ensure curl and jq intalled on target machine
  apt:
    pkg:
      - curl
      - jq
    state: present

 - name: Collect the internal IP of the matrix-synapse container
  shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
  register: awx_synapse_container_ip

 - name: Collect access token for @admin-janitor user
  shell: |
    curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
  register: awx_janitors_token
  no_log: true

 - name: Generate list of dates to purge to
  delegate_to: 127.0.0.1
  shell: "dateseq {{ awx_purge_from_date }} {{ awx_purge_to_date }}"
  register: awx_purge_dates

 - name: Calculate initial size of local media repository
  shell: du -sh /matrix/synapse/storage/media-store/local*
  register: awx_local_media_size_before
  when: awx_purge_media_type == "Local Media"
  async: 600
  ignore_errors: true
  no_log: true

 - name: Calculate initial size of remote media repository
  shell: du -sh /matrix/synapse/storage/media-store/remote*
  register: awx_remote_media_size_before
  when: awx_purge_media_type == "Remote Media"
  async: 600
  ignore_errors: true
  no_log: true

 - name: Purge local media with loop
  include_tasks: purge_media_local.yml
  loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
  when: awx_purge_media_type == "Local Media"

 - name: Purge remote media with loop
  include_tasks: purge_media_remote.yml
  loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
  when: awx_purge_media_type == "Remote Media"

 - name: Calculate final size of local media repository
  shell: du -sh /matrix/synapse/storage/media-store/local*
  register: awx_local_media_size_after
  when: awx_purge_media_type == "Local Media"
  ignore_errors: true
  no_log: true

 - name: Calculate final size of remote media repository
  shell: du -sh /matrix/synapse/storage/media-store/remote*
  register: awx_remote_media_size_after
  when: awx_purge_media_type == "Remote Media"
  ignore_errors: true
  no_log: true

 - name: Print size of local media repository before purge
  debug:
    msg: "{{ awx_local_media_size_before.stdout.split('\n') }}"
  when: awx_purge_media_type == "Local Media"

 - name: Print size of local media repository after purge
  debug:
    msg: "{{ awx_local_media_size_after.stdout.split('\n') }}"
  when: awx_purge_media_type == "Local Media"

 - name: Print size of remote media repository before purge
  debug:
    msg: "{{ awx_remote_media_size_before.stdout.split('\n') }}"
  when: awx_purge_media_type == "Remote Media"

 - name: Print size of remote media repository after purge
  debug:
    msg: "{{ awx_remote_media_size_after.stdout.split('\n') }}"
  when: awx_purge_media_type == "Remote Media"

 - name: Delete the AWX session token for executing modules
  awx.awx.tower_token:
    description: 'AWX Session Token'
    scope: "write"
    state: absent
    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"

 - name: Set boolean value to exit playbook
  set_fact:
    awx_end_playbook: true

 - name: End playbook early if this task is called.
  meta: end_play
  when: awx_end_playbook is defined and awx_end_playbook|bool
--- a/roles/matrix-awx/tasks/purge_media_remote.yml
+++ b/roles/matrix-awx/tasks/purge_media_remote.yml
@@ -1,19 +0,0 @@
 ---

 - name: Collect epoche time from date
  shell: |
    date -d '{{ item }}' +"%s"
  register: awx_epoche_time

 - name: Purge remote media to specific date
  shell: |
    curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000'
  register: awx_purge_command

 - name: Print output of purge command
  debug:
    msg: "{{ awx_purge_command.stdout }}"

 - name: Pause for 5 seconds to let Synapse breathe
  pause:
    seconds: 5
--- a/roles/matrix-awx/tasks/rotate_ssh.yml
+++ b/roles/matrix-awx/tasks/rotate_ssh.yml
@@ -1,25 +0,0 @@
 ---

 - name: Set the new authorized key taken from file
  authorized_key:
    user: root
    state: present
    exclusive: true
    key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}"

 - name: Delete the AWX session token for executing modules
  awx.awx.tower_token:
    description: 'AWX Session Token'
    scope: "write"
    state: absent
    existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"

 - name: Set boolean value to exit playbook
  set_fact:
    end_playbook: true

 - name: End playbook if this task list is called.
  meta: end_play
  when: end_playbook is defined and end_playbook|bool
--- a/roles/matrix-awx/tasks/self_check.yml
+++ b/roles/matrix-awx/tasks/self_check.yml
@@ -1,108 +0,0 @@
 ---

 - name: Install prerequisite apt packages on target
  apt:
    name:
      - sysstat
      - curl
    state: present

 - name: Install prerequisite yum packages on AWX
  delegate_to: 127.0.0.1
  yum:
    name:
      - bind-utils
    state: present

 - name: Install prerequisite pip packages on AWX
  delegate_to: 127.0.0.1
  pip:
    name:
      - dnspython
    state: present

 - name: Calculate MAU value
  shell: |
    curl -s localhost:9000 | grep "^synapse_admin_mau_current "
  register: awx_mau_stat
  no_log: true

 - name: Calculate CPU usage statistics
  shell: iostat -c
  register: awx_cpu_usage_stat
  no_log: true

 - name: Calculate RAM usage statistics
  shell: free -mh
  register: awx_ram_usage_stat
  no_log: true

 - name: Calculate free disk space
  shell: df -h
  register: awx_disk_space_stat
  no_log: true

 - name: Calculate size of Synapse database
  shell: du -sh /matrix/postgres/data
  register: awx_db_size_stat
  no_log: true

 - name: Calculate size of local media repository
  shell: du -sh /matrix/synapse/storage/media-store/local*
  register: awx_local_media_size_stat
  async: 600
  ignore_errors: true
  no_log: true

 - name: Calculate size of remote media repository
  shell: du -sh /matrix/synapse/storage/media-store/remote*
  register: awx_remote_media_size_stat
  async: 600
  ignore_errors: true
  no_log: true

 - name: Calculate docker container statistics
  shell: docker stats --all --no-stream
  register: awx_docker_stats
  ignore_errors: true
  no_log: true

 - name: Print size of remote media repository
  debug:
    msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}"
  when: awx_remote_media_size_stat is defined

 - name: Print size of local media repository
  debug:
    msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}"
  when: awx_local_media_size_stat is defined

 - name: Print size of Synapse database
  debug:
    msg: "{{ awx_db_size_stat.stdout.split('\n') }}"
  when: awx_db_size_stat is defined

 - name: Print free disk space
  debug:
    msg: "{{ awx_disk_space_stat.stdout.split('\n') }}"
  when: awx_disk_space_stat is defined

 - name: Print RAM usage statistics
  debug:
    msg: "{{ awx_ram_usage_stat.stdout.split('\n') }}"
  when: awx_ram_usage_stat is defined

 - name: Print CPU usage statistics
  debug:
    msg: "{{ awx_cpu_usage_stat.stdout.split('\n') }}"
  when: awx_cpu_usage_stat is defined

 - name: Print MAU value
  debug:
    msg: "{{ awx_mau_stat.stdout.split('\n') }}"
  when: awx_mau_stat is defined

 - name: Print docker container statistics
  debug:
    msg: "{{ awx_docker_stats.stdout.split('\n') }}"
  when: awx_docker_stats is defined
--- a/roles/matrix-awx/tasks/set_variables_corporal.yml
+++ b/roles/matrix-awx/tasks/set_variables_corporal.yml
@@ -1,243 +0,0 @@
 ---

 - name: Record Corporal Enabled/Disabled variable
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Corporal Settings Start'
  with_dict:
    'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'

 - name: Enable Shared Secret Auth if Corporal enabled
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Shared Secret Auth Settings Start'
  with_dict:
    'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
  when: matrix_corporal_enabled|bool

 - name: Disable Shared Secret Auth if Corporal disabled
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Shared Secret Auth Settings Start'
  with_dict:
    'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
  when: not matrix_corporal_enabled|bool

 - name: Enable Rest Auth Endpoint if Corporal enabled
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Extension Start'
  with_dict:
    'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
  when: matrix_corporal_enabled|bool

 - name: Disable Rest Auth Endpoint if Corporal disabled
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Extension Start'
  with_dict:
    'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
  when: not matrix_corporal_enabled|bool

 - name: Disable Corporal API if Simple Static File mode selected
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Corporal Settings Start'
  with_dict:
    'matrix_corporal_http_api_enabled': 'false'
  when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)

 - name: Enable Corporal API if Push/Pull mode delected
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Corporal Settings Start'
  with_dict:
    'matrix_corporal_http_api_enabled': 'true'
  when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)

 - name: Record Corporal API Access Token if it's defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Corporal Settings Start'
  with_dict:
    'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
  when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" )

 - name: Record 'Simple Static File' configuration variables in matrix_vars.yml
  delegate_to: 127.0.0.1
  blockinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertbefore: "# Corporal Policy Provider Settings End"
    marker_begin: "Corporal"
    marker_end: "Corporal"
    block: |
      matrix_corporal_policy_provider_config: |
        {
          "Type": "static_file",
          "Path": "/etc/matrix-corporal/corporal-policy.json"
        }
  when: awx_corporal_policy_provider_mode == "Simple Static File"

 - name: Touch the /matrix/corporal/ directory
  file:
    path: "/matrix/corporal/"
    state: directory
    owner: matrix
    group: matrix
    mode: '750'

 - name: Touch the /matrix/corporal/config/ directory
  file:
    path: "/matrix/corporal/config/"
    state: directory
    owner: matrix
    group: matrix
    mode: '750'

 - name: Touch the /matrix/corporal/cache/ directory
  file:
    path: "/matrix/corporal/cache/"
    state: directory
    owner: matrix
    group: matrix
    mode: '750'

 - name: Touch the corporal-policy.json file to ensure it exists
  file:
    path: "/matrix/corporal/config/corporal-policy.json"
    state: touch
    owner: matrix
    group: matrix
    mode: '660'

 - name: Touch the last-policy.json file to ensure it exists
  file:
    path: "/matrix/corporal/config/last-policy.json"
    state: touch
    owner: matrix
    group: matrix
    mode: '660'

 - name: Record 'Simple Static File' configuration content in corporal-policy.json
  copy:
    content: "{{ awx_corporal_simple_static_config | string  }}"
    dest: "/matrix/corporal/config/corporal-policy.json"
    owner: matrix
    group: matrix
    mode: '660'
  when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0)

 - name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
  delegate_to: 127.0.0.1
  blockinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertafter: "# Corporal Policy Provider Settings Start"
    block: |
      matrix_corporal_policy_provider_config: |
        {
          "Type": "http",
          "Uri": "{{ awx_corporal_pull_mode_uri }}",
          "AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}",
          "CachePath": "/var/cache/matrix-corporal/last-policy.json",
          "ReloadIntervalSeconds": 1800,
          "TimeoutMilliseconds": 30000
        }
  when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0)

 - name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
  delegate_to: 127.0.0.1
  blockinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertafter: "# Corporal Policy Provider Settings Start"
    block: |
      matrix_corporal_policy_provider_config: |
        {
          "Type": "last_seen_store_policy",
          "CachePath": "/var/cache/matrix-corporal/last-policy.json"
        }
  when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")

 - name: Lower RateLimit if set to 'Normal'
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: '    address:\n        per_second: 50\n        burst_count: 300\n    account:\n        per_second: 0.17\n        burst_count: 300'
    replace: '    address:\n        per_second: 0.17\n        burst_count: 3\n    account:\n        per_second: 0.17\n        burst_count: 3'
  when: awx_corporal_raise_ratelimits == "Normal"

 - name: Raise RateLimit if set to 'Raised'
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: '    address:\n        per_second: 0.17\n        burst_count: 3\n    account:\n        per_second: 0.17\n        burst_count: 3'
    replace: '    address:\n        per_second: 50\n        burst_count: 300\n    account:\n        per_second: 0.17\n        burst_count: 300'
  when: awx_corporal_raise_ratelimits == "Raised"

 - name: Save new 'Configure Corporal' survey.json to the AWX tower
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'

 - name: Copy new 'Configure Corporal' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
    dest: '/matrix/awx/configure_corporal.json'
    mode: '0660'

 - debug:
    msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"

 - debug:
    msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"

 - debug:
    msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"

 - debug:
    msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"

 - name: Recreate 'Configure Corporal (Advanced)' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
    description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-corporal"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/set_variables_dimension.yml
+++ b/roles/matrix-awx/tasks/set_variables_dimension.yml
@@ -1,105 +0,0 @@
 ---

 - name: Include vars in matrix_vars.yml
  include_vars:
    file: '{{ awx_cached_matrix_vars }}'
  no_log: true

 - name: Install jq and curl on remote machine
  apt:
    name:
      - jq
      - curl
    state: present

 - name: Collect access token of @admin-dimension user
  shell: |
    curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq '.access_token'
  register: awx_dimension_user_access_token

 - name: Record Synapse variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Dimension Settings Start'
  with_dict:
    'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}'
    'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout[1:-1] }}"'

 - name: Set final users list if users are defined
  set_fact:
    awx_dimension_users_final: "{{ awx_dimension_users }}"
  when: awx_dimension_users | length > 0

 - name: Set final users list if no users are defined
  set_fact:
    awx_dimension_users_final: '@dimension:{{ matrix_domain }}'
  when: awx_dimension_users | length == 0

 - name: Remove Dimension Users
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: '^  - .*\n'
    after: 'matrix_dimension_admins:'
    before: '# Dimension Settings End'

 - name: Set Dimension Users Header
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertbefore: '# Dimension Settings End'
    line: "matrix_dimension_admins:"

 - name: Set Dimension Users
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertafter: '^matrix_dimension_admins:'
    line: '  - "{{ item }}"'
  with_items: "{{ awx_dimension_users_final.splitlines() }}"

 - name: Record Dimension Custom variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertbefore: '# Dimension Settings End'
  with_dict:
    'awx_dimension_users': '{{ awx_dimension_users.splitlines() | to_json }}'

 - name: Save new 'Configure Dimension' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_dimension.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json'

 - name: Copy new 'Configure Dimension' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json'
    dest: '/matrix/awx/configure_dimension.json'
    mode: '0660'

 - name: Recreate 'Configure Dimension' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Dimension"
    description: "Configure Dimension, the self-hosted integrations server."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-all,setup-dimension"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/set_variables_element.yml
+++ b/roles/matrix-awx/tasks/set_variables_element.yml
@@ -1,180 +0,0 @@
 ---

 - name: Record Element-Web variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Element Settings Start'
  with_dict:
    'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
    'matrix_client_element_jitsi_preferredDomain': 'jitsi.{{ matrix_domain }}'
    'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}'
    'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}'
    'matrix_client_element_brand': '{{ matrix_client_element_brand | trim }}'
    'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}'
    'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo | trim }}'
    'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link | trim }}'

 - name: Record Element-Web custom variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: '{{ item.value }}'"
    insertbefore: '# Element Settings End'
  with_dict:
    'awx_matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline | trim }}'
    'awx_matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text | trim }}'

 - name: Set Element-Web custom branding locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: '{{ item.value }}'"
    insertafter: '# Element Settings Start'
  with_dict:
    'matrix_client_element_brand': "{{ matrix_client_element_brand }}"
  when: matrix_client_element_brand | trim | length > 0

 - name: Remove Element-Web custom branding locally on AWX if not defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^matrix_client_element_brand: "
    state: absent
  when: matrix_client_element_brand | trim | length == 0

 - name: Set fact for 'https' string
  set_fact:
    awx_https_string: "https"

 - name: Set Element-Web custom logo locally on AWX if defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: '{{ item.value }}'"
    insertafter: '# Element Settings Start'
  with_dict:
    'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo }}'
  when: ( awx_https_string in matrix_client_element_welcome_logo ) and ( matrix_client_element_welcome_logo | trim | length > 0 )

 - name: Remove Element-Web custom logo locally on AWX if not defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^matrix_client_element_welcome_logo: "
    state: absent
  when: matrix_client_element_welcome_logo | trim | length == 0

 - name: Set Element-Web custom logo link locally on AWX if defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: '{{ item.value }}'"
    insertafter: '# Element Settings Start'
  with_dict:
    'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link }}'
  when: ( awx_https_string in matrix_client_element_welcome_logo_link ) and ( matrix_client_element_welcome_logo_link | trim | length > 0 )

 - name: Remove Element-Web custom logo link locally on AWX if not defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^matrix_client_element_welcome_logo_link: "
    state: absent
  when: matrix_client_element_welcome_logo_link | trim | length == 0

 - name: Set Element-Web custom headline locally on AWX if defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: '{{ item.value }}'"
    insertafter: '# Element Settings Start'
  with_dict:
    'matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline }}'
  when: awx_matrix_client_element_welcome_headline | trim | length > 0

 - name: Remove Element-Web custom headline locally on AWX if not defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^matrix_client_element_welcome_headline: "
    state: absent
  when: awx_matrix_client_element_welcome_headline | trim | length == 0

 - name: Set Element-Web custom text locally on AWX if defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: '{{ item.value }}'"
    insertafter: '# Element Settings Start'
  with_dict:
    'matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text }}'
  when: awx_matrix_client_element_welcome_text | trim | length > 0

 - name: Remove Element-Web custom text locally on AWX if not defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^matrix_client_element_welcome_text: "
    state: absent
  when: awx_matrix_client_element_welcome_text | trim | length == 0

 - name: Set Element-Web background locally on AWX if defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: '{{ item.value }}'"
    insertafter: '# Element Settings Start'
  with_dict:
    'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
  when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length > 0

 - name: Remove Element-Web background locally on AWX if not defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^matrix_client_element_branding_welcomeBackgroundUrl: "
    state: absent
  when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length == 0

 - name: Save new 'Configure Element' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_element.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'

 - name: Copy new 'Configure Element' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
    dest: '/matrix/awx/configure_element.json'
    mode: '0660'

 - name: Recreate 'Configure Element' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Element"
    description: "Configure Element client via survey."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-client-element"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml
+++ b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml
@@ -1,43 +0,0 @@
 ---

 - name: Record Element-Web variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Element Settings Start'
  with_dict:
    'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}"

 - name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_element_subdomain.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json'

 - name: Copy new 'Configure Element Subdomain' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json'
    dest: '/matrix/awx/configure_element_subdomain.json'
    mode: '0660'

 - name: Recreate 'Configure Element Subdomain' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Element Subdomain"
    description: "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)"
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-all,setup-client-element-subdomain"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}"
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/set_variables_jitsi.yml
+++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml
@@ -1,45 +0,0 @@
 ---

 - name: Record Jitsi variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Jitsi Settings Start'
  with_dict:
    'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
    'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage | trim }}'

 - name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'

 - name: Copy new 'Configure Jitsi' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
    dest: '/matrix/awx/configure_jitsi.json'
    mode: '0660'

 - name: Recreate 'Configure Jitsi' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Jitsi"
    description: "Configure Jitsi conferencing settings."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-jitsi"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml
+++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml
@@ -1,102 +0,0 @@
 ---

 - name: Record ma1sd variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# ma1sd Settings Start'
  with_dict:
    'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}'

 - name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Extension Start'
  with_dict:
    'matrix_synapse_awx_password_provider_rest_auth_enabled': 'false'
  when: awx_matrix_ma1sd_auth_store == 'Synapse Internal'

 - name: Enable REST auth if using external LDAP/AD with ma1sd
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Extension Start'
  with_dict:
    'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true'
    'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_container_port }}"'
  when: awx_matrix_ma1sd_auth_store == 'LDAP/AD'

 - name: Remove entire ma1sd configuration extension
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: '^.*\n'
    after: '# ma1sd Extension Start'
    before: '# ma1sd Extension End'

 - name: Replace conjoined ma1sd configuration extension limiters
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: '^# ma1sd Extension Start# ma1sd Extension End'
    replace: '# ma1sd Extension Start\n# ma1sd Extension End'

 - name: Insert/Update ma1sd configuration extension variables
  delegate_to: 127.0.0.1
  blockinfile:
    path: '{{ awx_cached_matrix_vars }}'
    marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK"
    insertafter: '# ma1sd Extension Start'
    block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}'

 - name: Record ma1sd Custom variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertbefore: '# ma1sd Settings End'
  with_dict:
    'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}'
    'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
  no_log: true

 - name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'

 - name: Copy new 'Configure ma1sd' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
    dest: '/matrix/awx/configure_ma1sd.json'
    mode: '0660'

 - name: Recreate 'Configure ma1sd (Advanced)' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)"
    description: "Configure Jitsi conferencing settings."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-ma1sd"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/set_variables_mailer.yml
+++ b/roles/matrix-awx/tasks/set_variables_mailer.yml
@@ -1,44 +0,0 @@
 ---

 - name: Record Mailer variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Email Settings Start'
  with_dict:
    'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}'

 - name: Save new 'Configure Email Relay' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'

 - name: Copy new 'Configure Email Relay' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'
    dest: '/matrix/awx/configure_email_relay.json'
    mode: '0660'

 - name: Recreate 'Configure Email Relay' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Email Relay"
    description: "Enable MailGun relay to increase verification email reliability."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-mailer"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/set_variables_mjolnir.yml
+++ b/roles/matrix-awx/tasks/set_variables_mjolnir.yml
@@ -1,68 +0,0 @@
 ---

 - name: Include vars in matrix_vars.yml
  include_vars:
    file: '{{ awx_cached_matrix_vars }}'
  no_log: true

 - name: Collect the internal IP of the matrix-synapse container
  shell: |
    /usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse
  register: matrix_synapse_ip

 - name: Collect access token of @admin-mjolnir user
  shell: |
    curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-mjolnir"}, "password": "{{ awx_mjolnir_user_password }}", "type": "m.login.password"}' 'http://{{ matrix_synapse_ip.stdout }}:8008/_matrix/client/r0/login' | jq '.access_token'
  register: awx_mjolnir_user_access_token
  no_log: true

 - name: Record Mjolnir Bot variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Mjolnir Settings Start'
  with_dict:
    'matrix_bot_mjolnir_enabled': '{{ matrix_bot_mjolnir_enabled }}'
    'matrix_bot_mjolnir_access_token': '{{ awx_mjolnir_user_access_token.stdout[1:-1] }}'
    'matrix_bot_mjolnir_management_room': '"{{ matrix_bot_mjolnir_management_room }}"'
  no_log: true

 - name: Remove Synapse rate-limiting for admin-mjolnir user
  shell: |
    /usr/local/bin/matrix-postgres-cli-non-interactive --dbname=synapse --command="INSERT INTO ratelimit_override VALUES ('@admin-mjolnir:{{ matrix_domain }}', 0, 0);"
  ignore_errors: true

 - name: Save new 'Configure Mjolnir' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_mjolnir.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json'

 - name: Copy new 'Configure Mjolnir' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json'
    dest: '/matrix/awx/configure_mjolnir.json'
    mode: '0660'

 - name: Recreate 'Configure Mjolnir Bot' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Mjolnir Bot"
    description: "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-bot-mjolnir"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/set_variables_synapse.yml
+++ b/roles/matrix-awx/tasks/set_variables_synapse.yml
@@ -1,223 +0,0 @@
 ---

 - name: Limit max upload size to 200MB part 1
  set_fact:
    matrix_synapse_max_upload_size_mb: "200"
  when: awx_synapse_max_upload_size_mb | int >= 200

 - name: Limit max upload size to 200MB part 2
  set_fact:
    matrix_synapse_max_upload_size_mb: "{{ awx_synapse_max_upload_size_mb }}"
  when: awx_synapse_max_upload_size_mb | int < 200

 - name: Record Synapse variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Settings Start'
  with_dict:
    'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}'
    'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}'
    'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}'
    'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}'
    'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}'
    'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}'
    'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}'
    'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}'

 - name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^matrix_synapse_auto_join_rooms: .*$"
    replace: "matrix_synapse_auto_join_rooms: []"
  when: awx_synapse_auto_join_rooms | length == 0

 - name: If the raw inputs is not empty start constructing parsed auto_join_rooms list
  set_fact:
    awx_synapse_auto_join_rooms_array: |-
      {{ awx_synapse_auto_join_rooms.splitlines() | to_json }}
  when: awx_synapse_auto_join_rooms | length > 0

 - name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Settings Start'
  with_dict:
    "matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}"
  when: awx_synapse_auto_join_rooms | length > 0

 - name: Record Synapse Shared Secret if it's defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Settings Start'
  with_dict:
    'matrix_synapse_registration_shared_secret': '{{ awx_matrix_synapse_registration_shared_secret }}'
  when: awx_matrix_synapse_registration_shared_secret | length > 0

 - name: Record registations_require_3pid extra variable if true
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "{{ item }}"
    line: "{{ item }}"
    insertbefore: '# Synapse Extension End'
  with_items:
    - "  registrations_require_3pid:"
    - "    - email"
  when: awx_registrations_require_3pid | bool

 - name: Remove registrations_require_3pid extra variable if false
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "{{ item }}"
    line: "{{ item }}"
    insertbefore: '# Synapse Extension End'
    state: absent
  with_items:
    - "  registrations_require_3pid:"
    - "    - email"
  when: not awx_registrations_require_3pid | bool

 - name: Remove URL Languages
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: '^(?!.*\bemail\b)    - [a-zA-Z\-]{2,5}\n'
    after: '  url_preview_accept_language:'
    before: '# Synapse Extension End'

 - name: Set URL languages default if raw inputs empty
  set_fact:
    awx_url_preview_accept_language_default: 'en'
  when: awx_url_preview_accept_language | length == 0

 - name: Set URL languages default if raw inputs not empty
  set_fact:
    awx_url_preview_accept_language_default: "{{ awx_url_preview_accept_language }}"
  when: awx_url_preview_accept_language|length > 0

 - name: Set URL languages if raw inputs empty
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertafter: '^  url_preview_accept_language:'
    line: "    - {{ awx_url_preview_accept_language_default }}"
  when: awx_url_preview_accept_language|length == 0

 - name: Set URL languages if raw inputs not empty
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertafter: '^  url_preview_accept_language:'
    line: "    - {{ item }}"
  with_items: "{{ awx_url_preview_accept_language.splitlines() }}"
  when: awx_url_preview_accept_language | length > 0

 - name: Remove Federation Whitelisting 1
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: '^    - [a-z0-9]+\.[a-z0-9.]+\n'
    after: '  federation_domain_whitelist:'
    before: '# Synapse Extension End'

 - name: Remove Federation Whitelisting 2
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    line: "  federation_domain_whitelist:"
    state: absent

 - name: Set Federation Whitelisting 1
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
    line: "  federation_domain_whitelist:"
  when: awx_federation_whitelist | length > 0

 - name: Set Federation Whitelisting 2
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertafter: '^  federation_domain_whitelist:'
    line: "    - {{ item }}"
  with_items: "{{ awx_federation_whitelist.splitlines() }}"
  when: awx_federation_whitelist | length > 0

 - name: Set awx_recaptcha_public_key to a 'public-key' if undefined
  set_fact: awx_recaptcha_public_key="public-key"
  when: (awx_recaptcha_public_key is not defined) or (awx_recaptcha_public_key|length == 0)

 - name: Set awx_recaptcha_private_key to a 'private-key' if undefined
  set_fact: awx_recaptcha_private_key="private-key"
  when: (awx_recaptcha_private_key is not defined) or (awx_recaptcha_private_key|length == 0)

 - name: Record Synapse Extension variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertbefore: '# Synapse Extension End'
  with_dict:
    '  enable_registration_captcha': '{{ awx_enable_registration_captcha }}'
    '  recaptcha_public_key': '{{ awx_recaptcha_public_key }}'
    '  recaptcha_private_key': '{{ awx_recaptcha_private_key }}'

 - name: Record Synapse Custom variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertbefore: '# Synapse Settings End'
  with_dict:
    'awx_federation_whitelist': '{{ awx_federation_whitelist.splitlines() | to_json }}'
    'awx_url_preview_accept_language_default': '{{ awx_url_preview_accept_language_default.splitlines() | to_json }}'
    'awx_enable_registration_captcha': '{{ awx_enable_registration_captcha }}'
    'awx_recaptcha_public_key': '"{{ awx_recaptcha_public_key }}"'
    'awx_recaptcha_private_key': '"{{ awx_recaptcha_private_key }}"'

 - name: Save new 'Configure Synapse' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_synapse.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json'

 - name: Copy new 'Configure Synapse' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json'
    dest: '/matrix/awx/configure_synapse.json'
    mode: '0660'

 - name: Recreate 'Configure Synapse' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Synapse"
    description: "Configure Synapse (homeserver) settings."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-synapse"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml
+++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml
@@ -1,44 +0,0 @@
 ---

 - name: Record Synapse Admin variables locally on AWX
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Admin Settings Start'
  with_dict:
    'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}'

 - name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'

 - name: Copy new 'Configure Synapse Admin' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
    dest: '/matrix/awx/configure_synapse_admin.json'
    mode: '0660'

 - name: Recreate 'Configure Synapse Admin' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Synapse Admin"
    description: "Configure 'Synapse Admin', a moderation tool to help you manage your server."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-all"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true
--- a/roles/matrix-awx/tasks/update_variables.yml
+++ b/roles/matrix-awx/tasks/update_variables.yml
@@ -1,32 +0,0 @@
 ---

 - name: Rename synapse presence variable
  delegate_to: 127.0.0.1
  replace:
    path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
    regexp: 'matrix_synapse_use_presence'
    replace: 'matrix_synapse_presence_enabled'

 - name: Search for matrix_homeserver_generic_secret_key variable in matrix_vars.yml
  delegate_to: 127.0.0.1
  register: presence
  shell: "grep -i 'matrix_homeserver_generic_secret_key' /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
  no_log: true

 - name: Generate matrix_homeserver_generic_secret_key variable if not present
  delegate_to: 127.0.0.1
  command: |
      openssl rand -hex 16
  register: generic_secret
  no_log: true
  when: presence is not changed

 - name: Add new matrix_homeserver_generic_secret_key variable if not present
  delegate_to: 127.0.0.1
  lineinfile:
    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}"
    insertbefore: '# Basic Settings End'
    mode: '0600'
    state: present
  when: presence is not changed
--- a/roles/matrix-common-after/tasks/awx_post.yml
+++ b/roles/matrix-common-after/tasks/awx_post.yml
@@ -1,77 +0,0 @@
 ---

 - name: Create user account @admin-janitor
  command: |
    /usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1
  register: cmd
  when: not awx_janitor_user_created|bool
  no_log: false

 - name: Update AWX janitor user created variable
  delegate_to: 127.0.0.1
  lineinfile:
    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: 'AWX Settings'
  with_dict:
    'awx_janitor_user_created': 'true'
  when: not awx_janitor_user_created|bool

 - name: Create user account @admin-dimension
  command: |
    /usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0
  register: cmd
  when: not awx_dimension_user_created|bool
  no_log: false

 - name: Update AWX dimension user created variable
  delegate_to: 127.0.0.1
  lineinfile:
    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: 'AWX Settings'
  with_dict:
    'awx_dimension_user_created': 'true'
  when: not awx_dimension_user_created|bool

 - name: Create user account @admin-mjolnir
  command: |
    /usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0
  register: cmd
  when: not awx_mjolnir_user_created|bool
  no_log: false

 - name: Update AWX dimension user created variable
  delegate_to: 127.0.0.1
  lineinfile:
    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: 'AWX Settings'
  with_dict:
    'awx_mjolnir_user_created': 'true'
  when: not awx_mjolnir_user_created|bool

 - name: Ensure /chroot/website location has correct permissions
  file:
    path: /chroot/website
    state: directory
    owner: matrix
    group: matrix
    mode: '0770'
  when: awx_customise_base_domain_website is defined

 - name: Collect Discord AppService bot invite link if file exists
  command:
    cat /matrix/appservice-discord/config/invite_link
  register: awx_discord_appservice_link
  when: awx_appservice_discord_admin_user is defined
  args:
    removes: /matrix/appservice-discord/config/invite_link

 - name: Print Discord AppService bot link for user
  debug:
    msg: "{{ awx_discord_appservice_link.stdout }}"
  when: awx_discord_appservice_link.stdout is defined
--- a/roles/matrix-common-after/tasks/main.yml
+++ b/roles/matrix-common-after/tasks/main.yml
@@ -14,11 +14,6 @@
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/awx_post.yml"
  when: run_setup|bool and matrix_awx_enabled|bool
  tags:
    - always

 - import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
  tags:
    - run-docker-prune
--- a/setup.yml
+++ b/setup.yml
@@ -7,7 +7,6 @@
    - roles/matrix-synapse/vars/workers.yml

  roles:
    - matrix-awx
    - matrix-base
    - matrix-dynamic-dns
    - matrix-mailer