- name: copy firewall templates template: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: root mode: '0600' loop: - { src: 'templates/nftables.j2', dest: '/etc/nftables.conf' } notify: restart nftables - name: create sites directory file: path: '/srv/sites' state: directory owner: root group: root mode: 0755 - name: create sentry dir file: path: '{{ app_dir }}' state: directory owner: '{{ app_user }}' group: '{{ app_user }}' mode: 0755 - name: clone project become_user: '{{ app_user }}' become: true git: repo: '{{ app_repository }}' dest: '{{ app_dir }}' version: '{{ app_branch }}' update: true - name: copy over sentry configurations template: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: '{{ app_user }}' group: '{{ app_user }}' mode: '0644' loop: - { src: 'templates/sentry.conf.j2', dest: '{{ app_dir }}/sentry/sentry.conf.py' } - { src: 'templates/sentry.config.j2', dest: '{{ app_dir }}/sentry/config.yml' } - name: ensure sentry is stopped systemd: name: sentry state: stopped # can be ran multiple times to upgrade sentry - name: run sentry installer command: './install.sh' # noqa 301 args: chdir: '{{ app_dir }}' environment: SENTRY_IMAGE: 'getsentry/sentry:{{ app_branch }}' - name: copy sentry systemd service template: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: '{{ app_user }}' group: '{{ app_user }}' mode: '0644' loop: - { src: 'templates/sentry.systemd.j2', dest: '/etc/systemd/system/sentry.service' } notify: restart sentry - name: copy nginx sentry config template: src: 'templates/nginx.j2' dest: '/etc/nginx/sites-available/{{ app_name }}' owner: root group: root mode: '0644' - name: link nginx config file: src: '/etc/nginx/sites-available/{{ app_name }}' dest: '/etc/nginx/sites-enabled/{{ app_name }}' owner: root group: root mode: '0777' state: link - name: ensure nginx is restarted systemd: name: nginx state: restarted enabled: true