merge with upstream and testing branch

docs/configuring-awx-system.md

@@ -19,7 +19,7 @@ The following repositories allow you to copy and use this setup:
 
 [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you.
 
-[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions.
+[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. Also includes other administrative playbooks for updates, backups and restoring servers.
 
 [Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server.
 

roles/matrix-awx/surveys/backup_server.json.j2

@@ -5,7 +5,7 @@
     {
       "question_name": "Enable Backup",
       "question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.",
-      "required": true,
+      "required": false,
       "min": null,
       "max": null,
       "default": "{{ matrix_awx_backup_enabled | string | lower }}",

roles/matrix-awx/surveys/configure_dimension.json.j2

@@ -0,0 +1,30 @@
+{
+  "name": "Configure Dimension",
+  "description": "",
+  "spec": [
+    {
+      "question_name": "Enable Dimension",
+      "question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.",
+      "required": false,
+      "min": null,
+      "max": null,
+      "default": "{{ matrix_dimension_enabled | string | lower }}",
+      "choices": "true\nfalse",
+      "new_question": true,
+      "variable": "matrix_dimension_enabled",
+      "type": "multiplechoice"
+    },
+    {
+      "question_name": "Dimension Users",
+      "question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'",
+      "required": false,
+      "min": 0,
+      "max": 65536,
+      "default": {{ ext_dimension_users_raw_final | to_json }},
+      "choices": "",
+      "new_question": true,
+      "variable": "ext_dimension_users_raw",
+      "type": "textarea"
+    }
+  ]
+}

roles/matrix-awx/surveys/configure_synapse.json.j2

@@ -8,7 +8,7 @@
       "required": false,
       "min": null,
       "max": null,
-      "default": "{{ matrix_synapse_enable_registration|string|lower }}",
+      "default": "{{ matrix_synapse_enable_registration | string | lower }}",
       "choices": "true\nfalse",
       "new_question": true,
       "variable": "matrix_synapse_enable_registration",
@@ -20,7 +20,7 @@
       "required": false,
       "min": null,
       "max": null,
-      "default": "{{ matrix_synapse_federation_enabled|string|lower }}",
+      "default": "{{ matrix_synapse_federation_enabled | string | lower }}",
       "choices": "true\nfalse",
       "new_question": true,
       "variable": "matrix_synapse_federation_enabled",
@@ -32,7 +32,7 @@
       "required": false,
       "min": null,
       "max": null,
-      "default": "{{ matrix_synapse_allow_public_rooms_over_federation|string|lower }}",
+      "default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}",
       "choices": "true\nfalse",
       "new_question": true,
       "variable": "matrix_synapse_allow_public_rooms_over_federation",
@@ -44,7 +44,7 @@
       "required": false,
       "min": null,
       "max": null,
-      "default": "{{ matrix_synapse_enable_group_creation|string|lower }}",
+      "default": "{{ matrix_synapse_enable_group_creation | string | lower }}",
       "choices": "true\nfalse",
       "new_question": true,
       "variable": "matrix_synapse_enable_group_creation",
@@ -56,7 +56,7 @@
       "required": false,
       "min": null,
       "max": null,
-      "default": "{{ matrix_synapse_use_presence|string|lower }}",
+      "default": "{{ matrix_synapse_use_presence | string | lower }}",
       "choices": "true\nfalse",
       "new_question": true,
       "variable": "matrix_synapse_use_presence",
@@ -68,7 +68,7 @@
       "required": false,
       "min": null,
       "max": null,
-      "default": "{{ matrix_synapse_url_preview_enabled|string|lower }}",
+      "default": "{{ matrix_synapse_url_preview_enabled | string | lower }}",
       "choices": "true\nfalse",
       "new_question": true,
       "variable": "matrix_synapse_url_preview_enabled",
@@ -80,7 +80,7 @@
       "required": false,
       "min": null,
       "max": null,
-      "default": "{{ matrix_synapse_allow_guest_access|string|lower }}",
+      "default": "{{ matrix_synapse_allow_guest_access | string | lower }}",
       "choices": "true\nfalse",
       "new_question": true,
       "variable": "matrix_synapse_allow_guest_access",
@@ -92,7 +92,7 @@
       "required": false,
       "min": null,
       "max": null,
-      "default": "{{ ext_registrations_require_3pid|string|lower }}",
+      "default": "{{ ext_registrations_require_3pid | string | lower }}",
       "choices": "true\nfalse",
       "new_question": true,
       "variable": "ext_registrations_require_3pid",
@@ -128,7 +128,7 @@
       "required": false,
       "min": 0,
       "max": 65536,
-      "default": {{ ext_url_preview_accept_language_default|to_json }},
+      "default": {{ ext_url_preview_accept_language_default | to_json }},
       "choices": "",
       "new_question": true,
       "variable": "ext_url_preview_accept_language_raw",
@@ -140,7 +140,7 @@
       "required": false,
       "min": 0,
       "max": 65536,
-      "default": {{ ext_federation_whitelist_raw|to_json }},
+      "default": {{ ext_federation_whitelist_raw | to_json }},
       "choices": "",
       "new_question": true,
       "variable": "ext_federation_whitelist_raw",
@@ -152,7 +152,7 @@
       "required": false,
       "min": 0,
       "max": 65536,
-      "default": {{ matrix_synapse_auto_join_rooms_raw|to_json }},
+      "default": {{ matrix_synapse_auto_join_rooms_raw | to_json }},
       "choices": "",
       "new_question": true,
       "variable": "matrix_synapse_auto_join_rooms_raw",
@@ -164,7 +164,7 @@
       "required": false,
       "min": null,
       "max": null,
-      "default": "{{ ext_enable_registration_captcha|string|lower }}",
+      "default": "{{ ext_enable_registration_captcha | string | lower }}",
       "choices": "true\nfalse",
       "new_question": true,
       "variable": "ext_enable_registration_captcha",

roles/matrix-awx/tasks/backup_server.yml

@@ -5,27 +5,24 @@
     path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# AWX Settings'
+    insertafter: '# AWX Settings Start'
   with_dict:
     'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}'
-
-- name: Copy new 'matrix_vars.yml' to target machine
-  copy:
-    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    dest: '/matrix/awx/matrix_vars.yml'
-    mode: '0660'
+  tags: use-survey
 
 - name: Save new 'Backup Server' survey.json to the AWX tower, template
   delegate_to: 127.0.0.1
   template:
     src: 'roles/matrix-awx/surveys/backup_server.json.j2'
     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
+  tags: use-survey
 
 - name: Copy new 'Backup Server' survey.json to target machine
   copy:
     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
     dest: '/matrix/awx/backup_server.json'
     mode: '0660'
+  tags: use-survey
 
 - name: Collect AWX admin token the hard way!
   delegate_to: 127.0.0.1
@@ -33,6 +30,7 @@
       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
   register: tower_token
   no_log: True
+  tags: use-survey
 
 - name: Recreate 'Backup Server' job template
   delegate_to: 127.0.0.1
@@ -41,7 +39,7 @@
     description: "Performs a backup of the entire service to a remote location."
     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
     job_type: run
-    job_tags: "backup-server"
+    job_tags: "backup-server,use-survey"
     inventory: "{{ member_id }}"
     project: "{{ member_id }} - Matrix Docker Ansible Deploy"
     playbook: setup.yml
@@ -54,6 +52,23 @@
     tower_host: "https://{{ tower_host }}"
     tower_oauthtoken: "{{ tower_token.stdout }}"
     validate_certs: yes
+  tags: use-survey
+
+- name: Run export.sh if this job template is run by the client
+  command: /bin/sh /root/export.sh
+  tags: use-survey
+
+- name: Include vars in matrix_vars.yml
+  include_vars:
+    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+  no_log: True
+
+- name: Copy new 'matrix_vars.yml' to target machine
+  copy:
+    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    dest: '/matrix/awx/matrix_vars.yml'
+    mode: '0660'
+  tags: use-survey
 
 - name: Perform the borg backup
   command: borgmatic

roles/matrix-awx/tasks/cache_matrix_variables.yml

@@ -0,0 +1,12 @@
+
+- name: Collect current datetime
+  set_fact:
+    awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}"
+
+- name: Create cached matrix_vars.yml file location
+  set_fact:
+    awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml'
+
+- name: Create cached matrix_vars.yml
+  delegate_to: 127.0.0.1
+  shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}"

roles/matrix-awx/tasks/customise_website_access_export.yml

@@ -1,12 +1,11 @@
 
-
 - name: Enable index.html creation if user doesn't wish to customise base domain
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Base Domain Settings'
+    insertafter: '# Base Domain Settings Start'
   with_dict:
     'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
   when: customise_base_domain_website|bool == false
@@ -14,10 +13,10 @@
 - name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Base Domain Settings'
+    insertafter: '# Base Domain Settings Start'
   with_dict:
     'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
   when: customise_base_domain_website|bool == true
@@ -25,27 +24,23 @@
 - name: Record custom 'Customise Website + Access Export' variables locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Custom Settings'
+    insertafter: '# Custom Settings Start'
   with_dict:
     'customise_base_domain_website': '{{ customise_base_domain_website }}'
     'sftp_auth_method': '"{{ sftp_auth_method }}"'
     'sftp_password': '"{{ sftp_password }}"'
     'sftp_public_key': '"{{ sftp_public_key }}"'
 
-- name: Copy new 'matrix_vars.yml' to target machine
-  copy:
-    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    dest: '/matrix/awx/matrix_vars.yml'
-    mode: '0660'
-
 - name: Reload vars in matrix_vars.yml
   include_vars:
-    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    file: '{{ awx_cached_matrix_vars }}'
   no_log: True
 
+# ^ Is this even needed?
+
 - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
   delegate_to: 127.0.0.1
   template:

roles/matrix-awx/tasks/load_hosting_and_org_variables.yml

@@ -8,3 +8,4 @@
   include_vars:
     file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
   no_log: True
+

roles/matrix-awx/tasks/load_matrix_variables.yml

@@ -1,5 +1,15 @@
 
-- name: Include vars in matrix_vars.yml
+- name: Include new vars in matrix_vars.yml
   include_vars:
-    file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    file: '{{ awx_cached_matrix_vars }}'
   no_log: True
+
+- name: If include_vars succeeds overwrite the old matrix_vars.yml 
+  delegate_to: 127.0.0.1
+  shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}"
+
+- name: Copy new 'matrix_vars.yml' to target machine
+  copy:
+    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    dest: '/matrix/awx/matrix_vars.yml'
+    mode: '0660'

roles/matrix-awx/tasks/main.yml

@@ -26,6 +26,15 @@
   tags:
     - create-user
 
+# Import configs, media repo from /chroot/backup import
+- include_tasks: 
+    file: "import_awx.yml"
+    apply:
+      tags: import-awx
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - import-awx
+    
 # Perform extra self-check functions
 - include_tasks: 
     file: "self_check.yml"
@@ -35,14 +44,14 @@
   tags:
     - self-check
 
-# Import configs, media repo from /chroot/backup import
+# Create caches matrix_vars.yml file
 - include_tasks: 
-    file: "import_awx.yml"
+    file: "cache_matrix_variables.yml"
     apply:
-      tags: import-awx
+      tags: always
   when: run_setup|bool and matrix_awx_enabled|bool
   tags:
-    - import-awx
+    - always
 
 # Configure SFTP so user can upload a static website or access the servers export
 - include_tasks: 
@@ -98,6 +107,15 @@
   tags:
     - setup-corporal
 
+# Additional playbook to set the variable file during Dimension configuration
+- include_tasks: 
+    file: "set_variables_dimension.yml"
+    apply:
+      tags: setup-dimension
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - setup-dimension
+
 # Additional playbook to set the variable file during Synapse Admin configuration
 - include_tasks: 
     file: "set_variables_synapse_admin.yml"
@@ -107,7 +125,7 @@
   tags:
     - setup-synapse-admin
 
-# Load newly formed matrix variables from tower volume
+# Load newly formed matrix variables from AWX volume
 - include_tasks: 
     file: "load_matrix_variables.yml"
     apply:

roles/matrix-awx/tasks/self_check.yml

@@ -3,6 +3,7 @@
   apt:
     name:
       - sysstat
+      - curl
     state: present
 
 - name: Install prerequisite yum packages on AWX
@@ -19,6 +20,17 @@
       - dnspython
     state: present
 
+- name: Calculate MAU value
+  shell: |
+    curl -s localhost:9000 | grep "^synapse_admin_mau_current "
+  register: mau_stat
+  no_log: True
+
+- name: Print MAU value
+  debug:
+    msg: "{{ mau_stat.stdout.split('\n') }}"
+  when: mau_stat is defined
+
 - name: Calculate CPU usage statistics
   shell: iostat -c
   register: cpu_usage_stat

roles/matrix-awx/tasks/set_variables_corporal.yml

@@ -2,20 +2,20 @@
 - name: Record Corporal Enabled/Disabled variable
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Corporal Settings'
+    insertafter: '# Corporal Settings Start'
   with_dict:
     'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'
 
 - name: Enable Shared Secret Auth if Corporal enabled
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Shared Secret Auth Settings'
+    insertafter: '# Shared Secret Auth Settings Start'
   with_dict:
     'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
   when: matrix_corporal_enabled|bool
@@ -23,10 +23,10 @@
 - name: Disable Shared Secret Auth if Corporal disabled
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Shared Secret Auth Settings'
+    insertafter: '# Shared Secret Auth Settings Start'
   with_dict:
     'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
   when: not matrix_corporal_enabled|bool
@@ -34,10 +34,10 @@
 - name: Enable Rest Auth Endpoint if Corporal enabled
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Synapse Extension'
+    insertafter: '# Synapse Extension Start'
   with_dict:
     'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
   when: matrix_corporal_enabled|bool
@@ -45,10 +45,10 @@
 - name: Disable Rest Auth Endpoint if Corporal disabled
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Synapse Extension'
+    insertafter: '# Synapse Extension Start'
   with_dict:
     'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
   when: not matrix_corporal_enabled|bool
@@ -56,10 +56,10 @@
 - name: Disable Corporal API if Simple Static File mode selected
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Corporal Settings'
+    insertafter: '# Corporal Settings Start'
   with_dict:
     'matrix_corporal_http_api_enabled': 'false'
   when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
@@ -67,10 +67,10 @@
 - name: Enable Corporal API if Push/Pull mode delected
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Corporal Settings'
+    insertafter: '# Corporal Settings Start'
   with_dict:
     'matrix_corporal_http_api_enabled': 'true'
   when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
@@ -78,10 +78,10 @@
 - name: Record Corporal API Access Token if it's defined
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Corporal Settings'
+    insertafter: '# Corporal Settings Start'
   with_dict:
     'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
   when: matrix_corporal_http_api_auth_token|length > 0
@@ -89,8 +89,8 @@
 - name: Record 'Simple Static File' configuration variables in matrix_vars.yml
   delegate_to: 127.0.0.1
   blockinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    insertafter: "# Corporal Policy Provider Settings"
+    path: '{{ awx_cached_matrix_vars }}'
+    insertafter: "# Corporal Policy Provider Settings Start"
     block: |
       matrix_corporal_policy_provider_config: |
         {
@@ -151,8 +151,8 @@
 - name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
   delegate_to: 127.0.0.1
   blockinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    insertafter: "# Corporal Policy Provider Settings"
+    path: '{{ awx_cached_matrix_vars }}'
+    insertafter: "# Corporal Policy Provider Settings Start"
     block: |
       matrix_corporal_policy_provider_config: |
         {
@@ -168,8 +168,8 @@
 - name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
   delegate_to: 127.0.0.1
   blockinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    insertafter: "# Corporal Policy Provider Settings"
+    path: '{{ awx_cached_matrix_vars }}'
+    insertafter: "# Corporal Policy Provider Settings Start"
     block: |
       matrix_corporal_policy_provider_config: |
         {
@@ -181,7 +181,7 @@
 - name: Lower RateLimit if set to 'Normal'
   delegate_to: 127.0.0.1
   replace:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: '    address:\n        per_second: 50\n        burst_count: 300\n    account:\n        per_second: 0.17\n        burst_count: 300'
     replace: '    address:\n        per_second: 0.17\n        burst_count: 3\n    account:\n        per_second: 0.17\n        burst_count: 3'
   when: matrix_corporal_raise_ratelimits == "Normal"
@@ -189,17 +189,11 @@
 - name: Raise RateLimit if set to 'Raised'
   delegate_to: 127.0.0.1
   replace:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: '    address:\n        per_second: 0.17\n        burst_count: 3\n    account:\n        per_second: 0.17\n        burst_count: 3'
     replace: '    address:\n        per_second: 50\n        burst_count: 300\n    account:\n        per_second: 0.17\n        burst_count: 300'
   when: matrix_corporal_raise_ratelimits == "Raised"
 
-- name: Copy new 'matrix_vars.yml' to target machine
-  copy:
-    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    dest: '/matrix/awx/matrix_vars.yml'
-    mode: '0664'
-
 - name: Save new 'Configure Corporal' survey.json to the AWX tower
   delegate_to: 127.0.0.1
   template:

roles/matrix-awx/tasks/set_variables_dimension.yml

@@ -0,0 +1,109 @@
+
+- name: Include vars in matrix_vars.yml
+  include_vars:
+    file: '{{ awx_cached_matrix_vars }}'
+  no_log: True
+
+- name: Install jq on remote machine
+  apt:
+    name: jq
+    state: present
+
+- name: Collect access token of Dimension user
+  shell: |
+    curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ matrix_awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
+  register: dimension_user_access_token
+
+- name: Record Synapse variables locally on AWX
+  delegate_to: 127.0.0.1
+  lineinfile:
+    path: '{{ awx_cached_matrix_vars }}'
+    regexp: "^#? *{{ item.key | regex_escape() }}:"
+    line: "{{ item.key }}: {{ item.value }}"
+    insertafter: '# Dimension Settings Start'
+  with_dict:
+    'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}'
+    'matrix_dimension_access_token': '"{{ dimension_user_access_token.stdout }}"'
+  
+- name: Set final users list if users are defined
+  set_fact:
+    ext_dimension_users_raw_final: "{{ ext_dimension_users_raw }}"
+  when: ext_dimension_users_raw|length > 0
+
+- name: Set final users list if no users are defined
+  set_fact:
+    ext_dimension_users_raw_final: '@dimension:{{ matrix_domain }}'
+  when: ext_dimension_users_raw|length == 0
+
+- name: Remove Dimension Users
+  delegate_to: 127.0.0.1
+  replace:
+    path: '{{ awx_cached_matrix_vars }}'
+    regexp: '^  - .*\n'
+    after: 'matrix_dimension_admins:'
+    before: '# Dimension Settings End'
+
+- name: Set Dimension Users Header
+  delegate_to: 127.0.0.1
+  lineinfile:
+    path: '{{ awx_cached_matrix_vars }}'
+    insertbefore: '# Dimension Settings End'
+    line: "matrix_dimension_admins:"
+
+- name: Set Dimension Users
+  delegate_to: 127.0.0.1
+  lineinfile:
+    path: '{{ awx_cached_matrix_vars }}'
+    insertafter: '^matrix_dimension_admins:'
+    line: '  - "{{ item }}"'
+  with_items: "{{ ext_dimension_users_raw_final.splitlines() }}"
+
+- name: Record Dimension Custom variables locally on AWX
+  delegate_to: 127.0.0.1
+  lineinfile:
+    path: '{{ awx_cached_matrix_vars }}'
+    regexp: "^#? *{{ item.key | regex_escape() }}:"
+    line: "{{ item.key }}: {{ item.value }}"
+    insertafter: '# Custom Settings Start'
+  with_dict:
+    'ext_dimension_users_raw': '{{ ext_dimension_users_raw.splitlines() | to_json }}'
+
+- name: Save new 'Configure Dimension' survey.json to the AWX tower, template
+  delegate_to: 127.0.0.1
+  template:
+    src: 'roles/matrix-awx/surveys/configure_dimension.json.j2'
+    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json'
+
+- name: Copy new 'Configure Dimension' survey.json to target machine
+  copy:
+    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json'
+    dest:  '/matrix/awx/configure_dimension.json'
+    mode: '0660'
+
+- name: Collect AWX admin token the hard way!
+  delegate_to: 127.0.0.1
+  shell: |
+      curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
+  register: tower_token
+  no_log: True
+
+- name: Recreate 'Configure Dimension' job template
+  delegate_to: 127.0.0.1
+  awx.awx.tower_job_template:
+    name: "{{ matrix_domain }} - 1 - Configure Dimension"
+    description: "Configure Dimension, the self-hosted integrations server."
+    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
+    job_type: run
+    job_tags: "start,setup-all,setup-dimension"
+    inventory: "{{ member_id }}"
+    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
+    playbook: setup.yml
+    credential: "{{ member_id }} - AWX SSH Key"
+    survey_enabled: true
+    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}"
+    become_enabled: yes
+    state: present
+    verbosity: 1
+    tower_host: "https://{{ tower_host }}"
+    tower_oauthtoken: "{{ tower_token.stdout }}"
+    validate_certs: yes

roles/matrix-awx/tasks/set_variables_element.yml

@@ -2,10 +2,10 @@
 - name: Record Element-Web variables locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Element Settings'
+    insertafter: '# Element Settings Start'
   with_dict:
     'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
     'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}'
@@ -16,24 +16,18 @@
 
 - name: Set fact for 'https' string
   set_fact:
-    https_string: "https"
+    awx_https_string: "https"
 
 - name: Record Element-Web Background variable locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Element Settings'
+    insertafter: '# Element Settings Start'
   with_dict:
     'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
-  when: (https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 )
-
-- name: Copy new 'matrix_vars.yml' to target machine
-  copy:
-    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    dest: '/matrix/awx/matrix_vars.yml'
-    mode: '0660'
+  when: (awx_https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 )
 
 - name: Save new 'Configure Element' survey.json to the AWX tower, template
   delegate_to: 127.0.0.1

roles/matrix-awx/tasks/set_variables_jitsi.yml

@@ -2,20 +2,14 @@
 - name: Record Jitsi variables locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Jitsi Settings'
+    insertafter: '# Jitsi Settings Start'
   with_dict:
     'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
     'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}'
 
-- name: Copy new 'matrix_vars.yml' to target machine
-  copy:
-    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    dest: '/matrix/awx/matrix_vars.yml'
-    mode: '0660'
-
 - name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
   delegate_to: 127.0.0.1
   template:

roles/matrix-awx/tasks/set_variables_ma1sd.yml

@@ -2,20 +2,20 @@
 - name: Record ma1sd variables locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# ma1sd Settings'
+    insertafter: '# ma1sd Settings Start'
   with_dict:
     'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}'
 
 - name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Synapse Extension'
+    insertafter: '# Synapse Extension Start'
   with_dict:
     'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
   when: ext_matrix_ma1sd_auth_store == 'Synapse Internal'
@@ -23,10 +23,10 @@
 - name: Enable REST auth if using external LDAP/AD with ma1sd
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Synapse Extension'
+    insertafter: '# Synapse Extension Start'
   with_dict:
     'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
     'matrix_synapse_ext_password_provider_rest_auth_endpoint': 'http://matrix-ma1sd:8090'
@@ -40,7 +40,7 @@
 - name: Remove entire ma1sd configuration extension
   delegate_to: 127.0.0.1
   replace:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: '^.*\n'
     after: '# Start ma1sd Extension'
     before: '# End ma1sd Extension'
@@ -48,14 +48,14 @@
 - name: Replace conjoined ma1sd configuration extension limiters
   delegate_to: 127.0.0.1
   replace:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: '^# Start ma1sd Extension# End ma1sd Extension'
     replace: '# Start ma1sd Extension\n# End ma1sd Extension'
 
 - name: Insert ma1sd configuration extension header if using external LDAP/AD with ma1sd
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     line: "matrix_ma1sd_configuration_extension_yaml: |"
     insertafter: '# Start ma1sd Extension'
   when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
@@ -63,7 +63,7 @@
 - name: Set ma1sd configuration extension if using external LDAP/AD with ma1sd
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     insertbefore: '# End ma1sd Extension'
     line: '{{ item }}'
   with_items: "{{ ext_matrix_ma1sd_configuration_extension_yaml_parsed }}"
@@ -72,20 +72,14 @@
 - name: Record ma1sd Custom variables locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertbefore: '# Custom Settings'
+    insertbefore: '# Custom Settings Start'
   with_dict:
     'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}'
     'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
 
-- name: Copy new 'matrix_vars.yml' to target machine
-  copy:
-    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    dest: '/matrix/awx/matrix_vars.yml'
-    mode: '0660'
-
 - name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
   delegate_to: 127.0.0.1
   template:
@@ -126,4 +120,3 @@
     tower_oauthtoken: "{{ tower_token.stdout }}"
     validate_certs: yes
 
-# ^ This playbook isn't executing so the survey isn't being updated! :P

roles/matrix-awx/tasks/set_variables_synapse.yml

@@ -12,10 +12,10 @@
 - name: Record Synapse variables locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Synapse Settings'
+    insertafter: '# Synapse Settings Start'
   with_dict:
     'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}'
     'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}'
@@ -29,7 +29,7 @@
 - name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty
   delegate_to: 127.0.0.1
   replace:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^matrix_synapse_auto_join_rooms: .*$"
     replace: "matrix_synapse_auto_join_rooms: []"
   when: matrix_synapse_auto_join_rooms_raw|length == 0
@@ -43,10 +43,10 @@
 - name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Synapse Settings'
+    insertafter: '# Synapse Settings Start'
   with_dict:
     "matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}"
   when: matrix_synapse_auto_join_rooms_raw|length > 0
@@ -54,10 +54,10 @@
 - name: Record Synapse Shared Secret if it's defined
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Synapse Settings'
+    insertafter: '# Synapse Settings Start'
   with_dict:
     'matrix_synapse_registration_shared_secret': '{{ matrix_synapse_registration_shared_secret }}'
   when: matrix_synapse_registration_shared_secret|length > 0
@@ -65,10 +65,10 @@
 - name: Record registations_require_3pid extra variable if true
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "{{ item }}:"
     line: "{{ item }}"
-    insertbefore: '# End Synapse Extension'
+    insertbefore: '# Synapse Extension End'
   with_items:
     - "  registrations_require_3pid:"
     - "    - email"
@@ -77,10 +77,10 @@
 - name: Remove registrations_require_3pid extra variable if false
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "{{ item }}:"
     line: "{{ item }}"
-    insertbefore: '# End Synapse Extension'
+    insertbefore: '# Synapse Extension End'
     state: absent
   with_items:
     - "  registrations_require_3pid:"
@@ -90,10 +90,10 @@
 - name: Remove URL Languages
   delegate_to: 127.0.0.1
   replace:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: '^(?!.*\bemail\b)    - [a-zA-Z\-]{2,5}\n'
     after: '  url_preview_accept_language:'
-    before: '# End Synapse Extension'
+    before: '# Synapse Extension End'
 
 - name: Set URL languages default if raw inputs empty
   set_fact:
@@ -108,7 +108,7 @@
 - name: Set URL languages if raw inputs empty
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     insertafter: '^  url_preview_accept_language:'
     line: "    - {{ ext_url_preview_accept_language_default }}"
   when: ext_url_preview_accept_language_raw|length == 0
@@ -116,7 +116,7 @@
 - name: Set URL languages if raw inputs not empty
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     insertafter: '^  url_preview_accept_language:'
     line: "    - {{ item }}"
   with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}"
@@ -125,22 +125,22 @@
 - name: Remove Federation Whitelisting 1
   delegate_to: 127.0.0.1
   replace:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: '^    - [a-z0-9]+\.[a-z0-9.]+\n'
     after: '  federation_domain_whitelist:'
-    before: '# End Synapse Extension'
+    before: '# Synapse Extension End'
 
 - name: Remove Federation Whitelisting 2
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     line: "  federation_domain_whitelist:"
     state: absent
 
 - name: Set Federation Whitelisting 1
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
     line: "  federation_domain_whitelist:"
   when: ext_federation_whitelist_raw|length > 0
@@ -148,7 +148,7 @@
 - name: Set Federation Whitelisting 2
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     insertafter: '^  federation_domain_whitelist:'
     line: "    - {{ item }}"
   with_items: "{{ ext_federation_whitelist_raw.splitlines() }}"
@@ -157,10 +157,10 @@
 - name: Record Synapse Custom variables locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertbefore: '# Custom Settings'
+    insertafter: '# Custom Settings Start'
   with_dict:
     'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}'
     'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}'
@@ -176,21 +176,15 @@
 - name: Record Synapse Extension variables locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertbefore: '# End Synapse Extension'
+    insertbefore: '# Synapse Extension End'
   with_dict:
     '  enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
     '  recaptcha_public_key': '{{ ext_recaptcha_public_key }}'
     '  recaptcha_private_key': '{{ ext_recaptcha_private_key }}'
 
-- name: Copy new 'matrix_vars.yml' to target machine
-  copy:
-    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    dest: '/matrix/awx/matrix_vars.yml'
-    mode: '0660'
-
 - name: Save new 'Configure Synapse' survey.json to the AWX tower, template
   delegate_to: 127.0.0.1
   template:

roles/matrix-awx/tasks/set_variables_synapse_admin.yml

@@ -2,19 +2,13 @@
 - name: Record Synapse Admin variables locally on AWX
   delegate_to: 127.0.0.1
   lineinfile:
-    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    path: '{{ awx_cached_matrix_vars }}'
     regexp: "^#? *{{ item.key | regex_escape() }}:"
     line: "{{ item.key }}: {{ item.value }}"
-    insertafter: '# Synapse Admin Settings'
+    insertafter: '# Synapse Admin Settings Start'
   with_dict:
     'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}'
 
-- name: Copy new 'matrix_vars.yml' to target machine
-  copy:
-    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
-    dest: '/matrix/awx/matrix_vars.yml'
-    mode: '0660'
-
 - name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template
   delegate_to: 127.0.0.1
   template:

roles/matrix-common-after/tasks/awx_post.yml

@@ -1,6 +1,6 @@
 ---
 
-- name: Create user account
+- name: Create user account @janitor
   command: |
     /usr/local/bin/matrix-synapse-register-user janitor {{ matrix_awx_janitor_user_password | quote }} 1
   register: cmd
@@ -18,3 +18,20 @@
     'matrix_awx_janitor_user_created': 'true'
   when: not matrix_awx_janitor_user_created|bool
 
+- name: Create user account @dimension
+  command: |
+    /usr/local/bin/matrix-synapse-register-user dimension {{ matrix_awx_dimension_user_password | quote }} 0
+  register: cmd
+  when: not matrix_awx_dimension_user_created|bool
+  no_log: True
+  
+- name: Update AWX dimension user created variable
+  delegate_to: 127.0.0.1
+  lineinfile:
+    path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
+    regexp: "^#? *{{ item.key | regex_escape() }}:"
+    line: "{{ item.key }}: {{ item.value }}"
+    insertafter: 'AWX Settings'
+  with_dict:
+    'matrix_awx_dimension_user_created': 'true'
+  when: not matrix_awx_dimension_user_created|bool