From bf3ffc29a9aee03a160612032fd78f31226732bb Mon Sep 17 00:00:00 2001
From: Fabian Koller <anokfireball@posteo.de>
Date: Tue, 29 Dec 2020 20:59:49 +0100
Subject: [PATCH] Make role compatible with ansible 2.7

Recursive remote copy is supported starting with 2.8 only
Indentation behaviour in literal yaml strings seems to have changed
Regex logic for ImageMagic was flawed (no idea why this worked before)
---
 ansible/tasks/main.yml | 69 +++++++++++++++++++++---------------------
 1 file changed, 34 insertions(+), 35 deletions(-)

diff --git a/ansible/tasks/main.yml b/ansible/tasks/main.yml
index c94534895..b1932a33c 100644
--- a/ansible/tasks/main.yml
+++ b/ansible/tasks/main.yml
@@ -28,6 +28,7 @@
       - pngquant
       - zlib1g
       # dev
+      - sudo
       - build-essential
       - python3-setuptools
       - python3-wheel
@@ -122,23 +123,19 @@
     dest: "{{ tempdir.path }}"
   when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string'
 
-- name: change permissions of paperless-ng
+- name: change owner and permissions of paperless-ng
   command:
     cmd: "{{ item }}"
+    warn: false
   with_items:
+  - "chown -R {{ paperlessng_system_user }}:{{ paperlessng_system_group }} {{ tempdir.path }}"
   - "find {{ tempdir.path }} -type d -exec chmod 0750 {} ;"
   - "find {{ tempdir.path }} -type f -exec chmod 0640 {} ;"
   when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string'
 
 - name: move paperless-ng
-  copy:
-    src: "{{ tempdir.path }}/paperless-ng/"
-    remote_src: yes
-    dest: "{{ paperlessng_directory }}"
-    owner: "{{ paperlessng_system_user }}"
-    group: "{{ paperlessng_system_group }}"
-    mode: preserve
-    directory_mode: preserve
+  command:
+    cmd: "cp -a {{ tempdir.path }}/paperless-ng/ {{ paperlessng_directory }}"
   when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string'
 
 - name: remove temporary directory
@@ -256,30 +253,31 @@
   become: yes
   become_user: "{{ paperlessng_system_user }}"
   # "manage.py createsuperuser" only works on interactive TTYs
+  vars:
+    creation_script: |
+      from django.contrib.auth.models import User
+      from django.contrib.auth.hashers import get_hasher
+
+      if User.objects.filter(username='{{ paperlessng_superuser_name }}').exists():
+          user = User.objects.get(username='{{ paperlessng_superuser_name }}')
+          old = user.__dict__.copy()
+
+          user.is_superuser = True
+          user.email = '{{ paperlessng_superuser_email }}'
+          user.set_password('{{ paperlessng_superuser_password }}')
+          user.save()
+          new = user.__dict__
+
+          algorithm, iterations, old_salt, old_hash = old['password'].split('$')
+          new_password_old_salt = get_hasher(algorithm).encode(password='{{ paperlessng_superuser_password }}', salt=old_salt, iterations=int(iterations))
+          _, _, _, new_hash = new_password_old_salt.split('$')
+          if not (old_hash == new_hash and old['is_superuser'] == new['is_superuser'] and old['email'] == new['email']):
+              print('changed')
+      else:
+          User.objects.create_superuser('{{ paperlessng_superuser_name }}', '{{ paperlessng_superuser_email }}', '{{ paperlessng_superuser_password }}')
+          print('changed')
   command: |
-    {{ paperlessng_virtualenv }}/bin/python3 manage.py shell -c "
-    from django.contrib.auth.models import User
-    from django.contrib.auth.hashers import get_hasher
-
-    if User.objects.filter(username='{{ paperlessng_superuser_name }}').exists():
-        user = User.objects.get(username='{{ paperlessng_superuser_name }}')
-        old = user.__dict__.copy()
-
-        user.is_superuser = True
-        user.email = '{{ paperlessng_superuser_email }}'
-        user.set_password('{{ paperlessng_superuser_password }}')
-        user.save()
-        new = user.__dict__
-
-        algorithm, iterations, old_salt, old_hash = old['password'].split('$')
-        new_password_old_salt = get_hasher(algorithm).encode(password='{{ paperlessng_superuser_password }}', salt=old_salt, iterations=int(iterations))
-        _, _, _, new_hash = new_password_old_salt.split('$')
-        if not (old_hash == new_hash and old['is_superuser'] == new['is_superuser'] and old['email'] == new['email']):
-            print('changed')
-    else:
-        User.objects.create_superuser('{{ paperlessng_superuser_name }}', '{{ paperlessng_superuser_email }}', '{{ paperlessng_superuser_password }}')
-        print('changed')
-    "
+    {{ paperlessng_virtualenv }}/bin/python3 manage.py shell -c "{{ creation_script }}"
   args:
     chdir: "{{ paperlessng_directory }}/src"
   register: superuser
@@ -298,9 +296,10 @@
 
 - name: configure ghostscript for PDF
   lineinfile:
-    path: "/etc/ImageMagick-6/policy.xml"
-    regexp: '<policy domain="coder" rights="none" pattern="PDF" />'
-    line: '<policy domain="coder" rights="read|write" pattern="PDF" />'
+    path: /etc/ImageMagick-6/policy.xml
+    regexp: '(\s+)<policy domain="coder" rights=".*" pattern="PDF" />'
+    line: '\1<policy domain="coder" rights="read|write" pattern="PDF" />'
+    backrefs: yes
 
 - name: configure systemd services
   ini_file: