---

- name: Record Corporal Enabled/Disabled variable
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Corporal Settings Start'
  with_dict:
    'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'

- name: Enable Shared Secret Auth if Corporal enabled
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Shared Secret Auth Settings Start'
  with_dict:
    'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
  when: matrix_corporal_enabled|bool

- name: Disable Shared Secret Auth if Corporal disabled
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Shared Secret Auth Settings Start'
  with_dict:
    'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
  when: not matrix_corporal_enabled|bool

- name: Enable Rest Auth Endpoint if Corporal enabled
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Extension Start'
  with_dict:
    'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
  when: matrix_corporal_enabled|bool

- name: Disable Rest Auth Endpoint if Corporal disabled
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Synapse Extension Start'
  with_dict:
    'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
  when: not matrix_corporal_enabled|bool

- name: Disable Corporal API if Simple Static File mode selected
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Corporal Settings Start'
  with_dict:
    'matrix_corporal_http_api_enabled': 'false'
  when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)

- name: Enable Corporal API if Push/Pull mode delected
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Corporal Settings Start'
  with_dict:
    'matrix_corporal_http_api_enabled': 'true'
  when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)

- name: Record Corporal API Access Token if it's defined
  delegate_to: 127.0.0.1
  lineinfile:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: "^#? *{{ item.key | regex_escape() }}:"
    line: "{{ item.key }}: {{ item.value }}"
    insertafter: '# Corporal Settings Start'
  with_dict:
    'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
  when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" )

- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
  delegate_to: 127.0.0.1
  blockinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertbefore: "# Corporal Policy Provider Settings End"
    marker_begin: "Corporal"
    marker_end: "Corporal"
    block: |
      matrix_corporal_policy_provider_config: |
        {
          "Type": "static_file",
          "Path": "/etc/matrix-corporal/corporal-policy.json"
        }
  when: awx_corporal_policy_provider_mode == "Simple Static File"

- name: Touch the /matrix/corporal/ directory
  file:
    path: "/matrix/corporal/"
    state: directory
    owner: matrix
    group: matrix
    mode: '750'

- name: Touch the /matrix/corporal/config/ directory
  file:
    path: "/matrix/corporal/config/"
    state: directory
    owner: matrix
    group: matrix
    mode: '750'

- name: Touch the /matrix/corporal/cache/ directory
  file:
    path: "/matrix/corporal/cache/"
    state: directory
    owner: matrix
    group: matrix
    mode: '750'

- name: Touch the corporal-policy.json file to ensure it exists
  file:
    path: "/matrix/corporal/config/corporal-policy.json"
    state: touch
    owner: matrix
    group: matrix
    mode: '660'

- name: Touch the last-policy.json file to ensure it exists
  file:
    path: "/matrix/corporal/config/last-policy.json"
    state: touch
    owner: matrix
    group: matrix
    mode: '660'

- name: Record 'Simple Static File' configuration content in corporal-policy.json
  copy:
    content: "{{ awx_corporal_simple_static_config | string  }}"
    dest: "/matrix/corporal/config/corporal-policy.json"
    owner: matrix
    group: matrix
    mode: '660'
  when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0)

- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
  delegate_to: 127.0.0.1
  blockinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertafter: "# Corporal Policy Provider Settings Start"
    block: |
      matrix_corporal_policy_provider_config: |
        {
          "Type": "http",
          "Uri": "{{ awx_corporal_pull_mode_uri }}",
          "AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}",
          "CachePath": "/var/cache/matrix-corporal/last-policy.json",
          "ReloadIntervalSeconds": 1800,
          "TimeoutMilliseconds": 30000
        }
  when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0)

- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
  delegate_to: 127.0.0.1
  blockinfile:
    path: '{{ awx_cached_matrix_vars }}'
    insertafter: "# Corporal Policy Provider Settings Start"
    block: |
      matrix_corporal_policy_provider_config: |
        {
          "Type": "last_seen_store_policy",
          "CachePath": "/var/cache/matrix-corporal/last-policy.json"
        }
  when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")

- name: Lower RateLimit if set to 'Normal'
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: '    address:\n        per_second: 50\n        burst_count: 300\n    account:\n        per_second: 0.17\n        burst_count: 300'
    replace: '    address:\n        per_second: 0.17\n        burst_count: 3\n    account:\n        per_second: 0.17\n        burst_count: 3'
  when: awx_corporal_raise_ratelimits == "Normal"

- name: Raise RateLimit if set to 'Raised'
  delegate_to: 127.0.0.1
  replace:
    path: '{{ awx_cached_matrix_vars }}'
    regexp: '    address:\n        per_second: 0.17\n        burst_count: 3\n    account:\n        per_second: 0.17\n        burst_count: 3'
    replace: '    address:\n        per_second: 50\n        burst_count: 300\n    account:\n        per_second: 0.17\n        burst_count: 300'
  when: awx_corporal_raise_ratelimits == "Raised"

- name: Save new 'Configure Corporal' survey.json to the AWX tower
  delegate_to: 127.0.0.1
  template:
    src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
    dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'

- name: Copy new 'Configure Corporal' survey.json to target machine
  copy:
    src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
    dest: '/matrix/awx/configure_corporal.json'
    mode: '0660'

- debug:
    msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"

- debug:
    msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"

- debug:
    msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"

- debug:
    msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"

- name: Recreate 'Configure Corporal (Advanced)' job template
  delegate_to: 127.0.0.1
  awx.awx.tower_job_template:
    name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
    description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
    extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
    job_type: run
    job_tags: "start,setup-corporal"
    inventory: "{{ member_id }}"
    project: "{{ member_id }} - Matrix Docker Ansible Deploy"
    playbook: setup.yml
    credential: "{{ member_id }} - AWX SSH Key"
    survey_enabled: true
    survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
    become_enabled: true
    state: present
    verbosity: 1
    tower_host: "https://{{ awx_host }}"
    tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
    validate_certs: true