bots.yaml

---
- name: Set up Discord bots
  hosts: bots
  vars:
    bots:
    - { name: missionbot,   description: Mission bot,   module: null, file: config.py }
    - { name: operationbot, description: Operation bot, module: null, file: secret.py,
        branch: main, install_deps: no, create_svc: no }
    - { name: tarkovbot,    description: Tarkov bot,    module: null, file: secret.py }
    - { name: zeusopsbot,   description: Zeusops bot,   module: bot,  file: config_local.yaml }
    tokens:
      missionbot: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        63643663323136386139353239656366326536383962666237333438316665366333656162346533
        6161633839633132363363343230373237643130366438330a666264623339326537393064306334
        34376464643331633337363163313937356239366335623832616162366263373730633735393030
        3230343432653565640a363632626436633232313565376265663137356236633638366333333435
        65663032636436373165336134346166376530336333626536363262343430613162633233646263
        61373462346662666139623462383034343966356461373735366466303233393739616430643164
        623938633665366134373434633832386566
      operationbot: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        65343635613035653733396332326130376136333730613963323761323233633135393637303764
        3337663233663530656461653161363966373637633865330a363665613033333836666532396133
        63373461323637623431633133303435303635336164663830343333376137353433373331666639
        3265323061636230630a323062613737653066653338373035356564643331613733646565383136
        62373734356639386633633061376539663332623430396363323437623730303234373538623133
        32306666356535396362636565646462666235636265343866333136343037373137623761623330
        396239633138386361393737663261663131
      tarkovbot: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        36666562356461303535613337373539666236333730333264326634646530386239666430303064
        3237666162626630303533316661343061383838666137370a656132326235336334383235323231
        36326537346137353534626162363961373134343935323930383761663363363737386638333061
        6537373866666537300a306637316364636665353437666466343161643833383339366534366534
        36653035316535363138383062346233363361313337313039323731613664386437653864333534
        36393265336266396239663866363935643739373863663039646431303061303865323436646565
        653936353261376361393133626266323966
      zeusopsbot: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        65616533326535396466383634613665643839656134336634656166396131386131316133333465
        6166363330616462356133376566363537376135663239380a613163356666356234663961333262
        33653239313364646333326663343438353266353834346637353361316464376533636463343863
        3233663539363131390a666364326132613966326363613665383764376632376462373330613139
        38653064643634326636626530336662626634636536633530343833383661303536373831316239
        62366134613566313063333031626136356532353334633163666535646330623562383939346438
        383031333561363431373138353838313336
      github: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        39316632656335646435396631383263633738313736303063643863363038366331633237316137
        6437656235383637613665643339326131356239366161330a366236303735373739663232393034
        39663733643961363733373831303265396631616565383934393130383933333930636635623037
        3738373066313330310a303061386639376635633033653935323336306565373734353061396663
        33373361336439313862383232663162373232393231626164376436383837656433366233306631
        3830363562333035616534353434376362366334656336306531
      hackmd: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        63336630363266326337393431316230376666666362656461643563363330386332333836393861
        3930336463316362396530346638643031623833613661620a633037336130366137633230396262
        36333135383165393664363461353632343837623033666361656439333963393830393837666462
        6266313066336663650a656565386565656631656666636631333631663561386232313536623266
        31373266346261373039393063376264306163663930363135306361313832613162383036626161
        38316437383430656164333261663530326239303833613930626637393065306631666565323531
        666130323834656562373261336333363133
  #roles:
  #- role: systemd_service

  tasks:
  - name: Install virtualenv
    ansible.builtin.apt:
      name:
        - virtualenv
  - name: Create bot users
    ansible.builtin.user:
      name: "{{ item.name }}"
      system: yes
      home: "/srv/{{ item.name }}"
    loop: "{{ bots }}"
  - name: Clone bot repos
    become: yes
    become_user: "{{ item.name }}"
    ansible.builtin.git:
      version: "{{ item.branch | d('HEAD') }}"
      repo: 'https://github.com/zeusops/{{ item.name }}.git'
      dest: "/srv/{{ item.name }}/{{ item.name }}"
    loop: "{{ bots }}"
    # FIXME: This might crash the run if operationbot changes and the service
    # doesn't exist
    register: bot_services
    notify: Restart bot services
  - name: Install bot dependencies
    # TODO: make bots directly installable with pip
    become: yes
    become_user: "{{ item.name }}"
    ansible.builtin.pip:
      requirements: "/srv/{{ item.name }}/{{ item.name }}/requirements.txt"
      virtualenv: "/srv/{{ item.name }}/venv"
    loop: "{{ bots }}"
    when: item.install_deps | d(false)
    register: bot_services
    notify: Restart bot services
  - name: Create bot configs
    # TODO: Reload bot automatically when config changes
    become: yes
    become_user: "{{ item.name }}"
    ansible.builtin.template:
      src: "files/bots/config/{{ item.name }}.{{ item.file }}"
      dest: "/srv/{{ item.name }}/{{ item.name }}/{{ item.file }}"
      mode: '0600'
    loop: "{{ bots }}"
    register: bot_services
    notify: Restart bot services
  - name: Create bot systemd services
    ansible.builtin.template:
      src: files/bots/systemd.service.j2
      dest: /etc/systemd/system/{{ item.name }}.service
    vars:
      name: "{{ item.name }}"
      description: "{{ item.description }}"
      module: "{{ item.module }}"
    loop: "{{ bots }}"
    when: item.create_svc | d(false)
    notify:
    - Reload systemd
  - name: Zeusopsbot dependencies
    block:
    - name: Clone zeusopsbot dependencies
      become: yes
      become_user: zeusopsbot
      ansible.builtin.git:
        repo: "https://github.com/Gehock/python-HackMD.git"
        dest: "/srv/zeusopsbot/zeusopsbot/python-HackMD"
        update: yes
    - name: Install zeusopsbot dependencies
      become: yes
      become_user: zeusopsbot
      command: /srv/zeusopsbot/venv/bin/pip install -e .
      args:
        chdir: /srv/zeusopsbot/zeusopsbot/python-HackMD
        creates: /srv/zeusopsbot/venv/lib/python3.10/site-packages/python-HackMD.egg-link
  - name: Run bots
    ansible.builtin.service:
      state: started
      enabled: yes
      name: "{{ item.name }}"
    loop: "{{ bots }}"
    when: item.create_svc | d(false)

  - name: Install extractpbo dependencies
    ansible.builtin.apt:
      name:
      - liblzo2-2
      - libvorbis0a
      - libvorbisfile3
      - libvorbisenc2
      - libogg0
      - libuchardet0
      update_cache: true
  - name: Check if extractpbo exists
    ansible.builtin.stat:
      path: /usr/local/bin/extractpbo
    register: extractpbo
  - ansible.builtin.tempfile:
      state: file
      suffix: .tgz
    register: downloaded_file
    when: not extractpbo.stat.exists
  - name: Download depbotools
    ansible.builtin.get_url:
      url: "https://mikero.bytex.digital/api/download?filename=depbo-tools-0.8.91-linux-amd64.tgz"
      dest: "{{ downloaded_file.path }}"
      checksum: sha256:256698f38acf561e3ee3871542cd34740652275b681bfc13b8cd7e12112c858d
    when: downloaded_file is changed
  - name: Extract depbotools
    ansible.builtin.unarchive:
      src: "{{ downloaded_file.path }}"
      remote_src: yes
      dest: /usr/local
      extra_opts:
      - --strip-components=1
      - --exclude=readme-linux.txt
    when: downloaded_file is changed
  - ansible.builtin.file:
      state: absent
      path: "{{ downloaded_file.path }}"
    when: downloaded_file is changed
  - name: Add libdepbo to ldconfig
    ansible.builtin.copy:
      dest: /etc/ld.so.conf.d/libdepbo.conf
      content: /usr/local/lib
    when: downloaded_file is changed
    notify: Run ldconfig

  # TODO: Make this portable across hosts (mount?)
  - name: Create mission upload group
    ansible.builtin.group:
      name: mission_upload
  - name: Add missionbot to upload group
    ansible.builtin.user:
      name: missionbot
      groups: mission_upload
      append: yes

  - name: Create operationbot backup crontab
    ansible.builtin.cron:
      name: Back up operationbot events
      cron_file: backup-operationbot
      minute: "*/15"
      user: operationbot
      job: /srv/operationbot/operationbot/scripts/backup-events.sh > /dev/null

  - name: Install gh for zeusopsbot
    block:
    - name: Add githubcli key
      ansible.builtin.get_url:
        url: https://cli.github.com/packages/githubcli-archive-keyring.gpg
        dest: /etc/apt/trusted.gpg.d/githubcli-archive-keyring.gpg

    - name: Add githubcli repo
      ansible.builtin.apt_repository:
        repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main"
        state: present

    - name: Install gh
      ansible.builtin.apt:
        name:
        - gh
        update_cache: true


  handlers:
  - name: Reload systemd
    ansible.builtin.systemd:
      daemon_reload: yes
  - name: Run ldconfig
    ansible.builtin.command: ldconfig
  - name: Restart bot services
    # https://rolflekang.com/ansible-handlers-in-loops
    ansible.builtin.service:
      name: "{{ item }}"
      state: restarted
    loop: "{{ bot_services.results | selectattr('changed', 'equalto', true) | map(attribute='item') | map(attribute='name') | list }}"