feat: wip

defaults/main.yml

@@ -3,13 +3,15 @@
 sentry_enabled: true                                        # Enable the role
 sentry_version: 9
 sentry_secret_key: replaceme                                # Setup secret key for Sentry installation
+sentry_env: {}
 
 sentry_home: /opt/sentry
 sentry_hostname: "{{inventory_hostname}}"
 sentry_single_organization: true
 
 sentry_plugins: []                                          # Setup plugins
-sentry_config_additional: []                                # List of additional options
+sentry_config_py: []                                        # List of additional options
+sentry_config_yaml: []                                      # List of additional options
 
 # Postgresql
 sentry_postgres_host: postgres
@@ -44,7 +46,7 @@ sentry_filestore_bucket_name: ""
 sentry_use_ssl: false
 sentry_nginx: true
 sentry_nginx_port: 80
-sentry_nginx_ssl_redirect: "{{sentry_use_ssl}}"                 # 80 -> 443
+sentry_nginx_ssl_redirect: "{{sentry_use_ssl and sentry_nginx_ssl_certificate}}"                 # 80 -> 443
 sentry_nginx_ssl_certificate:                                   # SSL certificate file - also turns on HTTPS on Nginx
 sentry_nginx_ssl_certificate_key:                               # Key file for SSL cert
 sentry_nginx_timeout: 15s

tasks/sentry.yml

@@ -84,6 +84,7 @@
     links: "{{sentry_links|default(omit)}}"
     ports:
     - "{{sentry_web_host}}:{{sentry_web_port}}:9000"
+    env: "{{ sentry_env }}"
 
 - name: Start Sentry-Worker
   docker_container:
@@ -93,6 +94,7 @@
     restart_policy: always
     networks:
     - name: sentry
+    env: "{{ sentry_env }}"
 
 - name: Start Sentry-Cron
   docker_container:
@@ -102,6 +104,7 @@
     restart_policy: always
     networks:
     - name: sentry
+    env: "{{ sentry_env }}"
 
 - name: Setup superusers
   command: "docker exec sentry sentry createuser --email={{item.email}} --password={{item.password}} --no-input --superuser"

templates/config.yml

@@ -1,6 +1,11 @@
 # This file was generated by Ansible for {{ ansible_fqdn }}
 # Do NOT modify this file by hand!
 
+# Additional settings
+{% for option in sentry_config_yaml or [] %}
+{{option}}
+{% endfor %}
+
 ###############
 # Mail Server #
 ###############
@@ -32,10 +37,10 @@ mail.mailgun-api-key: '{{sentry_mail_mailgun_api_key}}'
 # Changing this value will result in all current sessions being invalidated.
 # A new key can be generated with `$ sentry config generate-secret-key`
 system.secret-key: "{{sentry_secret_key}}"
-system.url-prefix: "{{ sentry_use_ssl and 'https' or 'http'}}://{{sentry_hostname}}"
-{% if sentry_admins %}
-system.admin-email: "{{sentry_admins[0].email}}"
-{% endif %}
+# system.url-prefix: "{{ sentry_use_ssl and 'https' or 'http'}}://{{sentry_hostname}}"
+# {% if sentry_admins %}
+# system.admin-email: "{{sentry_admins[0].email}}"
+# {% endif %}
 
 # The ``redis.clusters`` setting is used, unsurprisingly, to configure Redis
 # clusters. These clusters can be then referred to by name when configuring

templates/nginx.conf

@@ -21,7 +21,7 @@ server {
     listen      {{ sentry_nginx_port|default(80) }};
     server_name {{sentry_hostname}};
 
-    {% if sentry_use_ssl %}
+    {% if sentry_use_ssl and sentry_nginx_ssl_certificate %}
         ssl on;
         ssl_certificate {{ sentry_nginx_ssl_certificate }};
         ssl_certificate_key {{ sentry_nginx_ssl_certificate_key }};
@@ -42,7 +42,7 @@ server {
     proxy_set_header   Host                 $http_host;
     proxy_set_header   X-Real-IP            $remote_addr;
     proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
-    proxy_set_header   X-Forwarded-Proto    $scheme;
+    proxy_set_header	X-Forwarded-Proto {{ sentry_use_ssl and 'https' or 'http' }};
     proxy_redirect     off;
 
     keepalive_timeout 0;
@@ -59,24 +59,14 @@ server {
     rewrite ^/_static/[^/]*/(.*)$  /_static/$1 last;
 
     location / {
-      proxy_pass        http://{{sentry_web_host}}:{{sentry_web_port}};
-      proxy_set_header	Host	$host;
-      proxy_set_header	X-Real-IP $remote_addr;
-      proxy_set_header	X-Forwarded-For	$proxy_add_x_forwarded_for;
-      proxy_set_header	X-Forwarded-Proto $scheme;
+        proxy_pass        http://{{sentry_web_host}}:{{sentry_web_port}};
     }
 
     location ~* /api/(?P<projectid>\d+/)?store/ {
-      proxy_pass        http://{{sentry_web_host}}:{{sentry_web_port}};
-      proxy_redirect	off;
+        proxy_pass        http://{{sentry_web_host}}:{{sentry_web_port}};
 
-      proxy_set_header	Host	$host;
-      proxy_set_header	X-Real-IP $remote_addr;
-      proxy_set_header	X-Forwarded-For	$proxy_add_x_forwarded_for;
-      proxy_set_header	X-Forwarded-Proto $scheme;
-
-      limit_req   zone=one  burst=3  nodelay;
-      limit_req   zone=two  burst=10  nodelay;
+        limit_req   zone=one  burst=3  nodelay;
+        limit_req   zone=two  burst=10  nodelay;
     }
 
     location ~* /_static/ {

templates/sentry.conf.py

@@ -120,9 +120,9 @@
 
 {% if sentry_use_ssl %}
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
-USE_X_FORWARDED_HOST = True
 SESSION_COOKIE_SECURE = True
 CSRF_COOKIE_SECURE = True
+SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
 {% endif %}
 
 SENTRY_WEB_HOST = '0.0.0.0'
@@ -152,8 +152,16 @@
 SENTRY_BEACON = True
 {% endif %}
 
+#####################
+# SLACK INTEGRATION #
+#####################
+slack = env('SLACK_CLIENT_ID') and env('SLACK_CLIENT_SECRET')
+if slack:
+    SENTRY_OPTIONS['slack.client-id'] = env('SLACK_CLIENT_ID')
+    SENTRY_OPTIONS['slack.client-secret'] = env('SLACK_CLIENT_SECRET')
+    SENTRY_OPTIONS['slack.verification-token'] = env('SLACK_VERIFICATION_TOKEN') or ''
 
 # Additional settings
-{% for option in sentry_config_additional or [] %}
+{% for option in sentry_config_py or [] %}
 {{option}}
 {% endfor %}