Add sentry

kosyachniy · kosyachniy · commit c239e4f76fef · 2026-02-08T20:59:59.000+03:00
diff --git a/.env.example b/.env.example
@@ -24,3 +24,18 @@ ALLOY_PORT=12345
 GRAFANA_PORT=3000
 GRAFANA_USER=admin
 GRAFANA_PASS=
+
+# Sentry
+SENTRY_PORT=9002
+SENTRY_SECRET_KEY=
+SENTRY_SINGLE_ORGANIZATION=1
+SENTRY_EVENT_RETENTION_DAYS=30
+SENTRY_DB_NAME=sentry
+SENTRY_DB_USER=sentry
+SENTRY_DB_PASS=
+SENTRY_SERVER_EMAIL=sentry@chill.services
+SENTRY_SMTP_HOST=
+SENTRY_SMTP_PORT=587
+SENTRY_SMTP_USER=
+SENTRY_SMTP_PASS=
+SENTRY_SMTP_USE_TLS=true
diff --git a/AGENTS.md b/AGENTS.md
@@ -3,7 +3,7 @@
 ## Project Structure & Module Organization
 This repository manages the infrastructure stack for the `chill` ecosystem.
 
-- `compose.yml`: main Docker Compose definition for MinIO, MongoDB, Prometheus, Loki, Alloy, and Grafana.
+- `compose.yml`: main Docker Compose definition for MinIO, MongoDB, Prometheus, Loki, Alloy, Grafana, and Sentry.
 - `infra/`: service-level configuration (`nginx/`, `mongo/`, `prometheus/`, `loki/`, `alloy/`, `grafana/`).
 - `scripts/`: helper scripts (`scripts/main.py`, `scripts/lib/s3.py`).
 - `.github/workflows/deploy.yml`: deploy pipeline for `main`.
@@ -20,15 +20,15 @@ This repository manages the infrastructure stack for the `chill` ecosystem.
 ## Coding Style & Naming Conventions
 - Python: PEP 8 style, 4-space indentation, `snake_case` for functions/variables, short module-level docstrings.
 - YAML/Compose: 2-space indentation, lowercase service names (`base-mongo`, `base-grafana`).
-- Environment variables: uppercase with clear prefixes (`MONGO_*`, `GRAFANA_*`, ...) with entity suffix (`USER` for admin/user login, `PASS` for admin/user password/key, `ID` for account/user/application ID, `TOKEN` for account/user/application secret token, `PORT` for container port exporting, ...).
+- Environment variables: uppercase with clear prefixes (`MONGO_*`, `GRAFANA_*`, `SENTRY_*`, ...) with entity suffix (`USER` for admin/user login, `PASS` for admin/user password/key, `ID` for account/user/application ID, `TOKEN` for account/user/application secret token, `PORT` for container port exporting, ...).
 - Keep config files service-scoped under `infra/<service>/` and avoid cross-service coupling in a single file.
 
 ## Testing Guidelines
 There is no formal automated test suite yet. Validate changes with infrastructure smoke checks:
 
 1. `docker compose -p base config` (sanity-check Compose syntax).
 2. `make up` then `make status` (container health and ports).
-3. Verify affected service endpoints/UI paths (for example, `/grafana/` or `/prometheus/`).
+3. Verify affected service endpoints/UI paths (for example, `/grafana/`, `/prometheus/`, or Sentry on `${SENTRY_PORT}`).
 
 ## Commit & Pull Request Guidelines
 - Follow existing history style: short, imperative commit subjects (for example, `Fix mongodb on`, `Update routes`).
@@ -42,4 +42,5 @@ There is no formal automated test suite yet. Validate changes with infrastructur
 ## Security & Configuration Tips
 - Never commit real secrets; copy `.env.example` to `.env` and keep credentials local.
 - Ensure `DATA_PATH` directories exist and are writable before `make up`.
+- Set strong local values for `SENTRY_SECRET_KEY` and `SENTRY_DB_PASS` before enabling Sentry.
 - Treat `make set` and TLS changes as production-impacting operations; review host/domain variables first.
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@ A base of file storages and databases to support projects ecosystem
 ## Run
 1. Create `.secrets/base.env` from `.env.example`
 
-2. Create folders `data/s3`, `data/mongo`, `data/prometheus`, `data/loki`, `data/alloy`, `data/grafana`, `data/redis`
+2. Create folders `data/s3`, `data/mongo`, `data/prometheus`, `data/loki`, `data/alloy`, `data/grafana`, `data/redis`, `data/sentry/redis`, `data/sentry/postgres`, `data/sentry/files`
 
 3. Change configuration for MongoDB:
 ```
@@ -20,3 +20,6 @@ sudo sysctl -w vm.max_map_count=262144
 7. Set up S3 buckets on `https://console.chill.services/`
 
 8. Connect to MongoDB on `mongo mongo.chill.services -u <user> -p <pass> --authenticationDatabase admin`
+
+9. Create Sentry admin user after stack startup:
+`docker exec -it base-sentry-web sentry createuser --superuser --email <email>`
diff --git a/compose.yml b/compose.yml
@@ -1,4 +1,21 @@
 version: "3.11"
+x-sentry-env: &sentry_env
+  SENTRY_SECRET_KEY: ${SENTRY_SECRET_KEY:-change-me}
+  SENTRY_SINGLE_ORGANIZATION: ${SENTRY_SINGLE_ORGANIZATION:-1}
+  SENTRY_EVENT_RETENTION_DAYS: ${SENTRY_EVENT_RETENTION_DAYS:-30}
+  SENTRY_POSTGRES_HOST: sentry-postgres
+  SENTRY_DB_NAME: ${SENTRY_DB_NAME:-sentry}
+  SENTRY_DB_USER: ${SENTRY_DB_USER:-sentry}
+  SENTRY_DB_PASSWORD: ${SENTRY_DB_PASS:-sentry}
+  SENTRY_REDIS_HOST: sentry-redis
+  SENTRY_REDIS_PORT: 6379
+  SENTRY_SERVER_EMAIL: ${SENTRY_SERVER_EMAIL:-sentry@localhost}
+  SENTRY_EMAIL_HOST: ${SENTRY_SMTP_HOST:-}
+  SENTRY_EMAIL_PORT: ${SENTRY_SMTP_PORT:-587}
+  SENTRY_EMAIL_USER: ${SENTRY_SMTP_USER:-}
+  SENTRY_EMAIL_PASSWORD: ${SENTRY_SMTP_PASS:-}
+  SENTRY_EMAIL_USE_TLS: ${SENTRY_SMTP_USE_TLS:-true}
+
 services:
   s3:
     image: minio/minio:latest
@@ -172,3 +189,75 @@ services:
     depends_on:
       - prometheus
       - loki
+
+  # ==========================================================================
+  # SENTRY - Error aggregation, triage UI and alerting
+  # ==========================================================================
+  sentry-redis:
+    image: redis:7.4-alpine
+    container_name: base-sentry-redis
+    restart: unless-stopped
+    volumes:
+      - ${DATA_PATH}/sentry/redis:/data
+    command: redis-server --save 60 1 --loglevel warning
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 15s
+      timeout: 5s
+      retries: 10
+
+  sentry-postgres:
+    image: postgres:16-alpine
+    container_name: base-sentry-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${SENTRY_DB_NAME:-sentry}
+      POSTGRES_USER: ${SENTRY_DB_USER:-sentry}
+      POSTGRES_PASSWORD: ${SENTRY_DB_PASS:-sentry}
+    volumes:
+      - ${DATA_PATH}/sentry/postgres:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${SENTRY_DB_USER:-sentry} -d ${SENTRY_DB_NAME:-sentry}"]
+      interval: 15s
+      timeout: 5s
+      retries: 10
+
+  sentry-web:
+    image: getsentry/sentry:latest
+    container_name: base-sentry-web
+    restart: unless-stopped
+    environment: *sentry_env
+    volumes:
+      - ${DATA_PATH}/sentry/files:/var/lib/sentry/files
+    command: sh -c "sentry upgrade --noinput && sentry run web"
+    ports:
+      - "${SENTRY_PORT:-9002}:9000"
+    depends_on:
+      sentry-postgres:
+        condition: service_healthy
+      sentry-redis:
+        condition: service_healthy
+
+  sentry-worker:
+    image: getsentry/sentry:latest
+    container_name: base-sentry-worker
+    restart: unless-stopped
+    environment: *sentry_env
+    volumes:
+      - ${DATA_PATH}/sentry/files:/var/lib/sentry/files
+    command: run worker
+    depends_on:
+      sentry-web:
+        condition: service_started
+
+  sentry-scheduler:
+    image: getsentry/sentry:latest
+    container_name: base-sentry-scheduler
+    restart: unless-stopped
+    environment: *sentry_env
+    volumes:
+      - ${DATA_PATH}/sentry/files:/var/lib/sentry/files
+    command: run cron
+    depends_on:
+      sentry-web:
+        condition: service_started
