- name: copy sentry systemd service
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: '{{ app_user }}'
    group: '{{ app_user }}'
    mode: '0644'
  loop:
    - { src: 'templates/sentry.systemd.j2', dest: '/etc/systemd/system/sentry.service' }
  notify: restart sentry

- name: copy firewall templates
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: root
    mode: '0600'
  loop:
    - { src: 'templates/nftables.j2', dest: '/etc/nftables.conf' }

- name: restart nftables
  systemd:
    name: nftables
    state: restarted
    enabled: true

- name: ensure sentry is stopped
  systemd:
    name: sentry
    state: stopped

# restart docker after nftables changes so that it applies docker related rules
- name: restart docker
  systemd:
    name: docker
    state: restarted
    enabled: true

- name: create sites directory
  file:
    path: '/srv/sites'
    state: directory
    owner: root
    group: root
    mode: 0755

- name: create sentry dir
  file:
    path: '{{ app_dir }}'
    state: directory
    owner: '{{ app_user }}'
    group: '{{ app_user }}'
    mode: 0755

- name: clone project
  become_user: '{{ app_user }}'
  become: true
  git:
    repo: '{{ app_repository }}'
    dest: '{{ app_dir }}'
    version: '{{ app_branch }}'
    update: true

- name: copy over sentry configurations
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: '{{ app_user }}'
    group: '{{ app_user }}'
    mode: '0644'
  loop:
    - { src: 'templates/sentry.conf.j2', dest: '{{ app_dir }}/sentry/sentry.conf.py' }
    - { src: 'templates/sentry.config.j2', dest: '{{ app_dir }}/sentry/config.yml' }

# can be ran multiple times to upgrade sentry
- name: run sentry installer
  command: './install.sh'
  args:
    chdir: '{{ app_dir }}'
  environment:
    SENTRY_IMAGE: 'getsentry/sentry:{{ app_branch }}'
  ignore_errors: true

- name: copy nginx sentry config
  template:
    src: 'templates/nginx.j2'
    dest: '/etc/nginx/sites-available/{{ app_name }}'
    owner: root
    group: root
    mode: '0644'

- name: link nginx config
  file:
    src: '/etc/nginx/sites-available/{{ app_name }}'
    dest: '/etc/nginx/sites-enabled/{{ app_name }}'
    owner: root
    group: root
    mode: '0777'
    state: link

- name: ensure nginx is restarted
  systemd:
    name: nginx
    state: restarted
    enabled: true