4nk/4NK_env
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs+ops: vault sync workflow; deploy-all with live progress and URL checks; prompt updates

Browse Source
This commit is contained in:
LeCoffre Deployment 2025-09-30 16:22:41 +00:00
parent 8b5920e834
commit 093b013187
90 changed files with 1763 additions and 4668 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.dockerignore
View File

@ -126,3 +126,4 @@ office.json
/home/debian/4NK_env/backups/
backups/

40
.gitignore vendored
View File

@ -3,7 +3,8 @@
# Dossiers de sauvegarde des scripts
*.backup/
backup/
*/backup/
*/*.backup*
.cargo/
Cargo.lock
@ -20,23 +21,22 @@ Cargo.lock
*.pid
# Fichiers de configuration locale
.env
.env.*
!env.master
**/*.env*
# Données et logs
data/
logs/
*.data
**/data/
**/logs/
**/*.logs*
**/*.data
*.db
*.sqlite
# Certificats et clés
*.key
*.pem
*.crt
*.p12
*.pfx
**/*.key
**/*.pem
**/*.crt
**/*.p12
**/*.pfx
ssl/
certs/
@ -46,13 +46,13 @@ docker-data/
docker-volumes/
# Cache et build
node_modules/
dist/
build/
target/
*.o
*.so
*.dylib
**/*.node_modules/
**/*.dist/
**/*.build/
**/*.target/
**/*.*.o
**/*.so
**/*.dylib
# IDE et éditeurs
.vscode/
@ -108,3 +108,5 @@ setup-*.tmp
/home/debian/4NK_env/backups/
backups/
confs

27
IA_agents/README.md
View File

@ -201,4 +201,29 @@ docker compose start
**Document créé le 2025-09-21**
**Version** : 1.0
**Usage** : Obligatoire pour tous les agents IA
**Mise à jour** : À chaque déploiement
**Mise à jour** : À chaque déploiement
---
## 🔧 Scripts de déploiement (nouveau)
Exécuter depuis `4NK_env/`.
- Sync des configurations depuis le Vault vers `confs/`:
```sh
sh IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh
```
Prérequis: `vault/.env` (VAULT_BASE_URL, VAULT_USER|VAULT_USER_ID, VAULT_ENV).
- Déploiement séquencé de tous les services (respect des phases et healthchecks):
```sh
sh IA_agents/prompts/prompt-deploy/scripts/deploy-all.sh
```
Affiche la progression Tor (bootstrap %), Bitcoin (sync), BlindBit (sync/scan), Relay (scan), puis vérifie ports et URLs internes/externes.
- Vérification rapide de la santé:
```sh
sh IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh
```
Ces scripts remplacent tout usage dun `docker compose up` global pour garantir lordre par phases et la lisibilité de la progression.

4
IA_agents/blindbit-oracle-deployment.md
View File

@ -248,3 +248,7 @@ docker logs blindbit-oracle | grep -i "error"
**Usage** : Obligatoire pour le déploiement de BlindBit Oracle
**Mise à jour** : Après chaque modification de configuration ou d'image

4
IA_agents/blindbit-oracle-integration-summary.md
View File

@ -180,3 +180,7 @@ blindbit:
**Statut** : Intégration complète réussie
**Prochaine révision** : Selon les besoins d'évolution

265
IA_agents/env-centralisation-policy.md Normal file
View File

@ -0,0 +1,265 @@
# Politique de Centralisation des Variables d'Environnement
## Vue d'ensemble
Ce document définit la politique de gestion des variables d'environnement pour le projet 4NK. La nouvelle architecture sépare les variables par projet tout en maintenant une approche centralisée et sécurisée.
## Structure Actuelle (Depuis 2024-09-27)
### Architecture Séparée par Projet
```
4NK_env/
├── env/
│ ├── lecoffre_node/.env # Variables du nœud principal
│ ├── sdk_relay/.env # Variables du service relay
│ ├── sdk_storage/.env # Variables du service storage
│ ├── ihm_client/.env # Variables de l'interface client
│ ├── lecoffre-front/.env # Variables du frontend
│ ├── blindbit-oracle/.env # Variables de l'oracle BlindBit
│ ├── monitoring/.env # Variables de monitoring
│ └── sdk_signer/.env # Variables du service signer
└── .env.master # Conservé pour compatibilité
```
## Principes de Gestion
### 1. Séparation par Responsabilité
- Chaque service a ses propres variables d'environnement
- Isolation des configurations sensibles
- Réduction des risques de fuite de données
### 2. Conservation des Valeurs
- **JAMAIS** modifier les valeurs des variables existantes
- Toutes les valeurs du `.env.master` original sont préservées
- Seule la structure d'organisation change
### 3. Sécurité Renforcée
- Variables sensibles isolées par service
- Identification claire des données sensibles
- Préfixe `FAKE-DATA-IA-` pour les données de test
### 4. Compatibilité Maintenue
- Fichier `.env.master` conservé pour compatibilité
- Scripts mis à jour progressivement
- Migration transparente
## Classification des Variables
### Variables Sensibles (Critiques)
```bash
# ================== /!\ sensible =========================
IDNOT_API_KEY=...
IDNOT_CLIENT_SECRET=...
VITE_JWT_SECRET_KEY=...
SIGNER_API_KEY=...
GRAFANA_ADMIN_PASSWORD=...
```
### Variables de Configuration (Importantes)
```bash
# Configuration des domaines et URLs
DOMAIN=dev4.4nkweb.com
API_BASE_URL=https://${DOMAIN}/api
STORAGE_URL=https://${DOMAIN}/storage
```
### Variables de Développement (Optionnelles)
```bash
# Variables pour le développement et les tests
RUST_LOG=DEBUG
NODE_OPTIONS=--max-old-space-size=2048
```
## Règles de Gestion
### Règle 1: Ne Jamais Modifier les Valeurs
- Toutes les valeurs du `.env.master` original sont préservées
- Seule l'organisation en fichiers séparés est modifiée
- Validation obligatoire avant toute modification
### Règle 2: Utiliser les Scripts Officiels
```bash
# Ajout de variables manquantes
./scripts/add-missing-env-vars-new.sh
# Test de configuration
./scripts/test-env-config.sh
# Démarrage des services
./scripts/lecoffre_node/start.sh
```
### Règle 3: Documentation Obligatoire
- Toute nouvelle variable doit être documentée
- Mise à jour des fichiers de documentation
- Explication de l'utilisation et de la sensibilité
### Règle 4: Test Avant Déploiement
- Validation de la configuration avec les scripts
- Test de démarrage des services
- Vérification de la cohérence des variables
## Processus de Migration
### Étape 1: Création de la Structure
```bash
mkdir -p /home/debian/4NK_env/env/{lecoffre_node,sdk_relay,sdk_storage,ihm_client,lecoffre-front,blindbit-oracle,monitoring,sdk_signer}
```
### Étape 2: Séparation des Variables
- Analyse du `.env.master` original
- Répartition par projet selon l'utilisation
- Conservation de toutes les valeurs
### Étape 3: Mise à Jour des Configurations
- Modification du `docker-compose.yml`
- Mise à jour des scripts de gestion
- Adaptation des fichiers de configuration
### Étape 4: Tests et Validation
- Exécution des scripts de test
- Vérification du démarrage des services
- Validation de la cohérence
### Étape 5: Documentation
- Création de la documentation de la nouvelle structure
- Mise à jour des guides existants
- Formation des équipes
## Gestion des Variables par Projet
### lecoffre_node
- **Responsabilité**: Configuration générale et nœud principal
- **Variables clés**: DOMAIN, GIT_TOKEN, IDNOT_*, API_BASE_URL
- **Sensibilité**: Élevée (tokens et clés API)
### sdk_relay
- **Responsabilité**: Service de relay WebSocket
- **Variables clés**: SDK_RELAY_*, CORE_URL, WS_URL
- **Sensibilité**: Moyenne (configuration réseau)
### sdk_storage
- **Responsabilité**: Service de stockage
- **Variables clés**: STORAGE_URL, STORAGE_PORT
- **Sensibilité**: Faible (configuration technique)
### ihm_client
- **Responsabilité**: Interface utilisateur
- **Variables clés**: VITE_*, JWT_SECRET_KEY
- **Sensibilité**: Élevée (secret JWT)
### lecoffre-front
- **Responsabilité**: Frontend Next.js
- **Variables clés**: NEXT_PUBLIC_*, IDNOT_CLIENT_ID
- **Sensibilité**: Moyenne (client ID)
### blindbit-oracle
- **Responsabilité**: Oracle BlindBit
- **Variables clés**: BLINDBIT_API_PORT, BITCOIN_RPC_URL
- **Sensibilité**: Faible (configuration technique)
### monitoring
- **Responsabilité**: Surveillance et logs
- **Variables clés**: GRAFANA_*, LOKI_*, STATUS_API_*
- **Sensibilité**: Moyenne (mots de passe admin)
### sdk_signer
- **Responsabilité**: Service de signature
- **Variables clés**: SIGNER_*, API_KEY
- **Sensibilité**: Élevée (clé API de signature)
## Scripts de Gestion
### add-missing-env-vars-new.sh
- Ajoute les variables manquantes dans la nouvelle structure
- Crée des sauvegardes automatiques
- Validation des variables par projet
### test-env-config.sh
- Teste la cohérence de la configuration
- Vérifie la présence des fichiers .env
- Valide le chargement des variables
### start.sh (lecoffre_node)
- Démarre les services avec la nouvelle structure
- Vérifie les variables par service
- Gestion des erreurs et diagnostics
## Sécurité
### Bonnes Pratiques
1. **Isolation**: Chaque service n'accède qu'à ses variables
2. **Sensibilité**: Identification claire des données sensibles
3. **Audit**: Traçabilité des modifications
4. **Sauvegarde**: Sauvegarde automatique avant modifications
### Variables Sensibles
- Utilisation du préfixe `FAKE-DATA-IA-` pour les données de test
- Section dédiée `# ================== /!\ sensible =========================`
- Documentation de la sensibilité dans les commentaires
## Maintenance
### Ajout d'un Nouveau Service
1. Créer le dossier `env/<nouveau_service>/`
2. Définir les variables nécessaires
3. Mettre à jour les scripts et configurations
4. Documenter dans ce fichier
### Modification d'une Variable
1. Identifier le service concerné
2. Modifier uniquement le fichier correspondant
3. Tester la configuration
4. Mettre à jour la documentation
### Suppression d'un Service
1. Sauvegarder le fichier .env
2. Supprimer le dossier du service
3. Mettre à jour les configurations
4. Nettoyer la documentation
## Monitoring et Alertes
### Variables Critiques à Surveiller
- `IDNOT_API_KEY`: Clé API IDNot
- `VITE_JWT_SECRET_KEY`: Secret JWT
- `SIGNER_API_KEY`: Clé API Signer
- `GRAFANA_ADMIN_PASSWORD`: Mot de passe Grafana
### Alertes Recommandées
- Modification de variables sensibles
- Absence de fichiers .env
- Échec de chargement des variables
- Incohérence entre fichiers
## Formation et Documentation
### Équipe de Développement
- Formation sur la nouvelle structure
- Documentation des procédures
- Scripts de gestion et de test
### Équipe DevOps
- Procédures de déploiement
- Gestion des variables sensibles
- Monitoring et alertes
### Équipe de Sécurité
- Audit des variables sensibles
- Validation des procédures
- Contrôle d'accès aux fichiers
## Conclusion
La nouvelle structure des variables d'environnement améliore la sécurité, la maintenabilité et la modularité du projet 4NK. Cette politique garantit une gestion cohérente et sécurisée des configurations tout en préservant la compatibilité avec l'existant.
## Références
- [Documentation de la nouvelle structure](../docs/VARIABLES-ENVIRONNEMENT-NOUVELLE-STRUCTURE.md)
- [Scripts de gestion](../scripts/)
- [Configuration Docker Compose](../lecoffre_node/docker-compose.yml)

0
IA_agents/prompts/prompt-CI_all.md → IA_agents/prompts/prompt-CI_all/prompt.md
View File

0
IA_agents/prompts/repo_clean.sh → IA_agents/prompts/prompt-CI_all/scripts/repo_clean.sh
View File

0
IA_agents/prompts/prompt-backups.md → IA_agents/prompts/prompt-backups/prompt.md
View File

0
IA_agents/prompts/prompt-confs.md → IA_agents/prompts/prompt-confs/prompt.md
View File

198
IA_agents/prompts/prompt-confs/scripts/apply-configs.sh Executable file
View File

@ -0,0 +1,198 @@
#!/usr/bin/env bash
set -euo pipefail
# Charge les variables depuis /home/debian/4NK_env/confs/.env si présent
ENV_FILE="/home/debian/4NK_env/confs/.env"
ROOT_DIR_DEFAULT="/home/debian/4NK_env"
safe_source() {
# Source un fichier en désactivant nounset pour éviter les erreurs variables non liées
local f="$1"
if [ -f "$f" ]; then
set +u
# shellcheck disable=SC1090
. "$f"
set -u
fi
}
if [ -f "$ENV_FILE" ]; then
set -a
safe_source "$ENV_FILE"
set +a
else
echo "[WARN] $ENV_FILE introuvable; tentative de chargement des env/<service>/.env"
for f in \
/home/debian/4NK_env/env/lecoffre_node/.env \
/home/debian/4NK_env/env/sdk_relay/.env \
/home/debian/4NK_env/env/sdk_storage/.env \
/home/debian/4NK_env/env/ihm_client/.env \
/home/debian/4NK_env/env/lecoffre-front/.env \
/home/debian/4NK_env/env/monitoring/.env; do
set -a
safe_source "$f"
set +a
done
fi
ROOT_DIR="${ROOT_DIR:-$ROOT_DIR_DEFAULT}"
ROOT_URL="${ROOT_URL:-https://dev4.4nkweb.com}"
BOOTSTRAP_HOST="${BOOTSTRAP_HOST:-dev3.4nkweb.com}"
# helper: test presence of all vars
have_vars() {
for name in "$@"; do
eval "val=\${$name-}"
if [ -z "${val}" ]; then
return 1
fi
done
return 0
}
# 1) bitcoin.conf
btc_conf="$ROOT_DIR/confs/bitcoin/bitcoin.conf"
if [ -f "$btc_conf" ]; then
if have_vars BITCOIN_DATA_DIR BITCOIN_BIND BITCOIN_ZMQPUBRAWTX_PORT BITCOIN_ZMQPBUBHASHBLOCK_PORT BITCOIN_SIGNET_P2P_PORT BITCOIN_SIGNET_RPC_PORT; then
sed -i \
-e "s|^datadir=.*$|datadir=${BITCOIN_DATA_DIR}|" \
-e "s|^zmqpubrawtx=.*$|zmqpubrawtx=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPUBRAWTX_PORT}|" \
-e "s|^zmqpubhashblock=.*$|zmqpubhashblock=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPBUBHASHBLOCK_PORT}|" \
-e "s|^bind=.*$|bind=${BITCOIN_BIND}:${BITCOIN_SIGNET_P2P_PORT}|" \
-e "s|^rpcbind=.*$|rpcbind=${BITCOIN_BIND}:${BITCOIN_SIGNET_RPC_PORT}|" \
"$btc_conf"
echo "[OK] bitcoin.conf mis à jour"
else
echo "[SKIP] bitcoin.conf (variables manquantes)"
fi
fi
# 2) blindbit.toml
bb_conf="$ROOT_DIR/confs/blindbit-oracle/blindbit.toml"
if [ -f "$bb_conf" ]; then
if have_vars BLINDBIT_PORT BITCOIN_DOCKER_HOST BITCOIN_SIGNET_RPC_PORT BITCOIN_DATA_DIR; then
sed -i \
-e "s|^host\s*=.*$|host = \"0.0.0.0:${BLINDBIT_PORT}\"|" \
-e "s|^rpc_endpoint\s*=.*$|rpc_endpoint = \"http://${BITCOIN_DOCKER_HOST}:${BITCOIN_SIGNET_RPC_PORT}\"|" \
-e "s|^cookie_path\s*=.*$|cookie_path = \"${BITCOIN_DATA_DIR}/signet/.cookie\"|" \
"$bb_conf"
echo "[OK] blindbit.toml mis à jour"
else
echo "[SKIP] blindbit.toml (variables manquantes)"
fi
fi
# 3) grafana.ini
gf_conf="$ROOT_DIR/confs/grafana/grafana.ini"
if [ -f "$gf_conf" ]; then
sed -i \
-e "s|^\s*root_url\s*=.*$|root_url = ${ROOT_URL}/grafana/|" \
"$gf_conf"
echo "[OK] grafana.ini mis à jour"
fi
# 4) loki-config.yaml
loki_conf="$ROOT_DIR/confs/loki/loki-config.yaml"
if [ -f "$loki_conf" ]; then
if have_vars LOKI_HTTP_LISTEN_PORT; then
sed -i \
-e "s|^\s*http_listen_port:.*$|http_listen_port: ${LOKI_HTTP_LISTEN_PORT}|" \
"$loki_conf"
echo "[OK] loki-config.yaml mis à jour"
else
echo "[SKIP] loki-config.yaml (variables manquantes)"
fi
fi
# 5) promtail.yml
pt_conf="$ROOT_DIR/confs/promtail/promtail.yml"
if [ -f "$pt_conf" ]; then
if have_vars LOKI_DOCKER_HOST LOKI_HTTP_LISTEN_PORT; then
sed -i \
-e "s|url: .*|url: http://${LOKI_DOCKER_HOST}:${LOKI_HTTP_LISTEN_PORT}/loki/api/v1/push|" \
"$pt_conf"
fi
sed -i \
-e "s|/home/debian/4NK_env/|${ROOT_DIR}/|g" \
"$pt_conf"
echo "[OK] promtail.yml mis à jour"
fi
# 6) sdk_relay.conf
relay_conf="$ROOT_DIR/confs/relay/sdk_relay.conf"
if [ -f "$relay_conf" ]; then
if have_vars BITCOIN_DOCKER_HOST BITCOIN_SIGNET_RPC_PORT RELAY_PORT BITCOIN_WALLET_NAME BLINDBIT_DOCKER_NAME BLINDBIT_PORT BITCOIN_BIND BITCOIN_ZMQPBUBHASHBLOCK_PORT BITCOIN_DATA_DIR BOOTSTRAP_HOST; then
sed -i \
-e "s|^core_url=.*$|core_url=http://${BITCOIN_DOCKER_HOST}:${BITCOIN_SIGNET_RPC_PORT}|" \
-e "s|^ws_url=.*$|ws_url=0.0.0.0:${RELAY_PORT}|" \
-e "s|^wallet_name=.*$|wallet_name=${BITCOIN_WALLET_NAME}|" \
-e "s|^blindbit_url=.*$|blindbit_url=http://${BLINDBIT_DOCKER_NAME}:${BLINDBIT_PORT}|" \
-e "s|^zmq_url=.*$|zmq_url=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPBUBHASHBLOCK_PORT}|" \
-e "s|^storage=.*$|storage=https://dev4.4nkweb.com/storage|" \
-e "s|^data_dir=.*$|data_dir=${ROOT_DIR}/data|" \
-e "s|^bitcoin_data_dir=.*$|bitcoin_data_dir=${BITCOIN_DATA_DIR}|" \
-e "s|^bootstrap_url=.*$|bootstrap_url=wss://${BOOTSTRAP_HOST}/ws|" \
"$relay_conf"
echo "[OK] sdk_relay.conf mis à jour"
else
echo "[SKIP] sdk_relay.conf (variables manquantes)"
fi
fi
# 7) env/grafana/.env
gf_env="$ROOT_DIR/env/grafana/.env"
if [ -f "$gf_env" ]; then
sed -i \
-e "s|^GF_SERVER_ROOT_URL=.*$|GF_SERVER_ROOT_URL=${ROOT_URL}/grafana/|" \
"$gf_env"
echo "[OK] env grafana mis à jour"
fi
# 8) env/ihm_client/.env
ihm_env="$ROOT_DIR/env/ihm_client/.env"
if [ -f "$ihm_env" ]; then
sed -i \
-e "s|^NEXT_PUBLIC_4NK_IFRAME_URL=.*$|NEXT_PUBLIC_4NK_IFRAME_URL=${ROOT_URL}/|" \
-e "s|^VITE_JWT_SECRET_KEY=.*$|VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY:-FAKE-DATA-IA-CHANGE-ME}|" \
-e "s|^VITE_API_BASE_URL=.*$|VITE_API_BASE_URL=${ROOT_URL}/lecoffre/api|" \
-e "s|^VITE_WS_URL=.*$|VITE_WS_URL=wss://${BOOTSTRAP_HOST}/ws/|" \
-e "s|^VITE_SIGNER_URL=.*$|VITE_SIGNER_URL=https://${BOOTSTRAP_HOST}/signer|" \
-e "s|^VITE_BOOTSTRAPURL=.*$|VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_HOST}/ws/|" \
"$ihm_env"
# RELAY_URLS nécessite ROOT_HOST; fallback best-effort
relay_urls="wss://${BOOTSTRAP_HOST}/ws/"
if [ -n "${ROOT_HOST:-}" ]; then relay_urls="wss://${ROOT_HOST}/ws/,${relay_urls}"; fi
sed -i -e "s|^RELAY_URLS=.*$|RELAY_URLS=${relay_urls}|" "$ihm_env"
echo "[OK] env ihm_client mis à jour"
fi
# 9) env/lecoffre-front/.env
front_env="$ROOT_DIR/env/lecoffre-front/.env"
if [ -f "$front_env" ]; then
sed -i \
-e "s|^SIGNER_API_KEY=.*$|SIGNER_API_KEY=${VITE_BOOTSTRAPURL:-}|" \
-e "s|^VITE_JWT_SECRET_KEY=.*$|VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY:-FAKE-DATA-IA-CHANGE-ME}|" \
-e "s|^NEXT_PUBLIC_4NK_URL=.*$|NEXT_PUBLIC_4NK_URL=${IHM_CLIENT_URL:-${ROOT_URL}}|" \
-e "s|^NEXT_PUBLIC_FRONT_APP_HOST=.*$|NEXT_PUBLIC_FRONT_APP_HOST=https://${LECOFFRE_FRONT_URL:-dev4.4nkweb.com}/lecoffre|" \
-e "s|^NEXT_PUBLIC_BACK_API_HOST=.*$|NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_URL:-dev3.4nkweb.com}|" \
-e "s|^NEXT_PUBLIC_4NK_IFRAME_URL=.*$|NEXT_PUBLIC_4NK_IFRAME_URL=${ROOT_URL}|" \
-e "s|^NEXT_PUBLIC_API_URL=.*$|NEXT_PUBLIC_API_URL=https://${LECOFFRE_BACK_URL:-dev3.4nkweb.com}/api|" \
-e "s|^NEXT_PUBLIC_DEFAULT_STORAGE_URLS=.*$|NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${ROOT_URL}/storage|" \
"$front_env"
echo "[OK] env lecoffre-front mis à jour"
fi
# 10) env/sdk_storage/.env
storage_env="$ROOT_DIR/env/sdk_storage/.env"
if [ -f "$storage_env" ]; then
sed -i \
-e "s|^DOMAIN=.*$|DOMAIN=${ROOT_HOST:-dev4.4nkweb.com}|" \
-e "s|^STORAGE_URL=.*$|STORAGE_URL=http://${STORAGE_DOCKER_HOST:-sdk_storage}:${STORAGE_PORT:-8080}|" \
-e "s|^STORAGE_PORT=.*$|STORAGE_PORT=${STORAGE_PORT:-8080}|" \
-e "s|^STORAGE_DATA_DIR=.*$|STORAGE_DATA_DIR=${ROOT_DIR}/data/storage|" \
-e "s|^VITE_STORAGE_URL=.*$|VITE_STORAGE_URL=${ROOT_URL}/storage|" \
"$storage_env"
echo "[OK] env sdk_storage mis à jour"
fi
echo "[DONE] Configuration appliquée (best-effort)"

0
IA_agents/prompts/prompt-data.md → IA_agents/prompts/prompt-data/prompt.md
View File

27
IA_agents/prompts/prompt-deploy.md → IA_agents/prompts/prompt-deploy/prompt.md
View File

@ -310,4 +310,29 @@ Le prompt inclut des cases à cocher pour suivre l'avancement :
## Autres consignes
**Note** : Ce prompt est basé sur `4NK_env/IA_agents/prompts/prompt-deploy.md`.
**Note** : Ce prompt est basé sur `4NK_env/IA_agents/prompts/prompt-deploy.md`.
---
## Scripts utiles (exécution depuis 4NK_env)
### Synchronisation des configurations depuis Vault
- Script: `IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh`
- Rôle: clone/MAJ du dépôt `4NK_vault` dans `vault/`, build du SDK `vault/sdk-client`, synchronisation des fichiers déchiffrés vers `confs/`, suppression du miroir `vault/confs/`.
- Prérequis: fichier `vault/.env` (ex: `VAULT_BASE_URL`, `VAULT_USER` ou `VAULT_USER_ID`, `VAULT_ENV`).
- Commande:
```sh
sh IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh
```
### Vérification rapide de la santé des services
- Script: `IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh`
- Rôle: lance `scripts/lecoffre_node/quick-health-check.sh` en chemins relatifs.
- Commande:
```sh
sh IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh
```
### Notes
- Les chemins sont relatifs au répertoire racine `4NK_env`.
- Après remplacement de `confs/` et `env/` par la sortie du vault, les montages `confs/<projet>/...` et `env/<projet>/.env` sont déjà référencés dans `lecoffre_node/docker-compose.yml`.

24
IA_agents/prompts/prompt-deploy/scripts/bitcoin-progress.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/bash
# Script de test de progression pour Bitcoin Signet
info=$(bitcoin-cli -signet -conf=/etc/bitcoin/bitcoin.conf getblockchaininfo 2>/dev/null || echo '{}')
blocks=$(echo "$info" | jq -r '.blocks // 0')
headers=$(echo "$info" | jq -r '.headers // 0')
ibd=$(echo "$info" | jq -r '.initialblockdownload // false')
verification_progress=$(echo "$info" | jq -r '.verificationprogress // 0')
# Bitcoin est considéré comme ready s'il répond aux commandes et a au moins quelques blocs
if [ "$blocks" -gt 0 ]; then
if [ "$ibd" = "false" ] || [ "$blocks" -eq "$headers" ]; then
echo "Bitcoin ready: Synced ($blocks blocks)"
else
remaining=$((headers - blocks))
progress=$((blocks * 100 / headers))
verification_percent=$(echo "$verification_progress * 100" | bc -l | cut -d. -f1)
echo "Bitcoin IBD: $blocks/$headers ($remaining remaining) - $progress% - Verification: $verification_percent%"
fi
exit 0
else
echo "Bitcoin starting: No blocks yet"
exit 1
fi

19
IA_agents/prompts/prompt-deploy/scripts/blindbit-progress.sh Executable file
View File

@ -0,0 +1,19 @@
#!/bin/bash
# Script de test de progression pour BlindBit
# Vérifier si le processus BlindBit est en cours d'exécution
if pgrep main > /dev/null 2>/dev/null; then
# Vérifier l'API - essais multiples et deux hôtes (127.0.0.1 et 0.0.0.0)
for i in 1 2 3; do
if wget -q --spider http://127.0.0.1:8000/tweaks/1 2>/dev/null || wget -q --spider http://0.0.0.0:8000/tweaks/1 2>/dev/null; then
echo 'BlindBit ready: Oracle service responding'
exit 0
fi
sleep 2
done
echo 'BlindBit starting: Oracle service initializing'
exit 1
else
echo 'BlindBit starting: Process not ready'
exit 1
fi

136
IA_agents/prompts/prompt-deploy/scripts/deploy-all.sh Normal file
View File

@ -0,0 +1,136 @@
#!/usr/bin/env sh
set -euo pipefail
# Determine project root and compose dir
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
ROOT_DIR="$(cd "$SCRIPT_DIR/../../../.." && pwd)"
COMPOSE_DIR="$ROOT_DIR/lecoffre_node"
# Healthcheck helpers now colocated here
HC_TOR="$SCRIPT_DIR/tor-progress.sh"
HC_BITCOIN="$SCRIPT_DIR/bitcoin-progress.sh"
HC_BLINDBIT="$SCRIPT_DIR/blindbit-progress.sh"
HC_RELAY="$SCRIPT_DIR/sdk-relay-progress.sh"
cd "$COMPOSE_DIR"
progress_line() {
svc="$1"; kind="$2"
case "$kind" in
tor) sh "$HC_TOR" 2>/dev/null | tail -1 || true ;;
bitcoin) sh "$HC_BITCOIN" 2>/dev/null | tail -1 || true ;;
blindbit) sh "$HC_BLINDBIT" 2>/dev/null | tail -1 || true ;;
relay) sh "$HC_RELAY" 2>/dev/null | tail -1 || true ;;
*) echo "[$svc] waiting ..." ;;
esac
}
wait_healthy() {
svc="$1"; tries=${2:-60}; sleep_s=${3:-5}; kind=${4:-generic}
i=0
while [ $i -lt $tries ]; do
state=$(docker inspect --format='{{json .State.Health.Status}}' "$svc" 2>/dev/null || echo "\"unknown\"")
[ "$state" = '"healthy"' ] && { echo "[$svc] healthy"; return 0; }
progress_line "$svc" "$kind"
sleep "$sleep_s"; i=$((i+1))
done
echo "[$svc] not healthy after wait"; return 1
}
check_ports_urls() {
svc="$1"
case "$svc" in
tor-proxy)
# Ports: 9050-9051 local; no HTTP
nc -z 127.0.0.1 9050 && echo "[tor] port 9050 OK" || echo "[tor] 9050 FAIL" || true
nc -z 127.0.0.1 9051 && echo "[tor] port 9051 OK" || echo "[tor] 9051 FAIL" || true
;;
bitcoin-signet)
# Internal RPC port (38332 signet), no external URL
nc -z 127.0.0.1 38332 && echo "[bitcoin] RPC 38332 OK" || echo "[bitcoin] 38332 FAIL" || true
;;
blindbit-oracle)
# Internal: http://localhost:8000/tweaks/1
curl -fsS http://127.0.0.1:8000/tweaks/1 >/dev/null && echo "[blindbit] API OK" || echo "[blindbit] API FAIL" || true
;;
sdk_storage)
curl -fsS http://127.0.0.1:8081/health >/dev/null && echo "[storage] health OK" || echo "[storage] health FAIL" || true
;;
sdk_relay)
# WS bind + HTTP health
curl -fsS http://127.0.0.1:8091/ >/dev/null && echo "[relay] health port 8091 OK" || echo "[relay] 8091 FAIL" || true
nc -z 0.0.0.0 8090 && echo "[relay] ws 8090 OK" || echo "[relay] ws 8090 FAIL" || true
# Third-party bootstrap
curl -fsS https://dev3.4nkweb.com/api/v1/health >/dev/null && echo "[relay] dev3 api OK" || echo "[relay] dev3 api FAIL" || true
;;
ihm_client)
curl -fsS http://127.0.0.1:3003/ >/dev/null && echo "[ihm] local OK" || echo "[ihm] local FAIL" || true
;;
lecoffre-front)
curl -fsS http://127.0.0.1:3004/ >/dev/null && echo "[front] local OK" || echo "[front] local FAIL" || true
# External front
curl -fsS https://dev4.4nkweb.com/lecoffre/ >/dev/null && echo "[front] external OK" || echo "[front] external FAIL" || true
;;
loki)
curl -fsS http://127.0.0.1:3100/ready >/dev/null && echo "[loki] ready OK" || echo "[loki] ready FAIL" || true
;;
promtail)
echo "[promtail] positions/inputs checked by health" ;;
grafana)
curl -fsS http://127.0.0.1:3005/api/health >/dev/null && echo "[grafana] local api OK" || echo "[grafana] local api FAIL" || true
curl -fsS https://dev4.4nkweb.com/grafana/ >/dev/null && echo "[grafana] external OK" || echo "[grafana] external FAIL" || true
;;
status-api)
curl -fsS http://127.0.0.1:3006/api >/dev/null && echo "[status] api OK" || echo "[status] api FAIL" || true
;;
esac
}
# Phase 1: base
docker compose up -d tor || true
wait_healthy tor-proxy 80 3 tor || true
check_ports_urls tor-proxy || true
# Phase 2: blockchain
docker compose up -d bitcoin || true
wait_healthy bitcoin-signet 120 5 bitcoin || true
check_ports_urls bitcoin-signet || true
docker compose up -d blindbit || true
wait_healthy blindbit-oracle 120 5 blindbit || true
check_ports_urls blindbit-oracle || true
# Phase 3: apps (storage -> relay -> ihm/front)
docker compose up -d sdk_storage || true
wait_healthy sdk_storage 60 5 || true
check_ports_urls sdk_storage || true
docker compose up -d sdk_relay || true
wait_healthy sdk_relay 120 5 relay || true
check_ports_urls sdk_relay || true
docker compose up -d ihm_client lecoffre-front || true
wait_healthy ihm_client 60 5 || true
check_ports_urls ihm_client || true
wait_healthy lecoffre-front 60 5 || true
check_ports_urls lecoffre-front || true
# Phase 4: monitoring (loki -> promtail -> grafana)
docker compose up -d loki || true
wait_healthy loki 120 5 || true
check_ports_urls loki || true
docker compose up -d promtail || true
wait_healthy promtail 60 5 || true
check_ports_urls promtail || true
docker compose up -d grafana || true
wait_healthy grafana 120 5 || true
check_ports_urls grafana || true
# Phase 5: utils
docker compose up -d status-api watchtower || true
wait_healthy status-api 60 5 || true
check_ports_urls status-api || true
echo "[OK] Déploiement séquentiel terminé"

14
IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh Normal file
View File

@ -0,0 +1,14 @@
#!/usr/bin/env sh
set -euo pipefail
# Determine project root (4NK_env) relative to this script
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
ROOT_DIR="$(cd "$SCRIPT_DIR/../../../.." && pwd)"
CHECK="$ROOT_DIR/scripts/lecoffre_node/quick-health-check.sh"
if [ ! -x "$CHECK" ]; then
echo "[ERROR] Script introuvable ou non exécutable: $CHECK" >&2
exit 2
fi
exec "$CHECK"

24
IA_agents/prompts/prompt-deploy/scripts/sdk-relay-progress.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/bash
# Script de test de progression pour SDK Relay
# Vérifier si le processus SDK Relay est en cours d'exécution
if pgrep sdk_relay > /dev/null 2>/dev/null; then
# Vérifier l'API WebSocket
if curl -f http://localhost:8091/ >/dev/null 2>&1; then
echo 'SDK Relay ready: WebSocket server responding'
exit 0
else
# Récupérer les logs récents pour voir la progression
relay_logs=$(tail -20 /var/log/sdk_relay/sdk_relay.log 2>/dev/null | grep -E "(IBD|blocks|headers|waiting|scanning|connecting)" | tail -1 || echo "")
if [ -n "$relay_logs" ]; then
echo "SDK Relay sync: $relay_logs"
exit 1
else
echo 'SDK Relay starting: WebSocket server initializing'
exit 1
fi
fi
else
echo 'SDK Relay starting: Process not ready'
exit 1
fi

4
IA_agents/prompts/prompt-deploy/scripts/sdk-signer-progress.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
# Healthcheck for SDK Signer
# Prefer checking the HTTP endpoint first; fall back to log-based progress hints

69
IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh Normal file
View File

@ -0,0 +1,69 @@
#!/usr/bin/env sh
set -euo pipefail
# Déterminer la racine du projet (4NK_env) relativement à ce script
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
ROOT_DIR="$(cd "$SCRIPT_DIR/../../../.." && pwd)"
REPO_URL="https://git.4nkweb.com/4nk/4NK_vault.git"
VAULT_ROOT="$ROOT_DIR/vault"
SDK_DIR="$VAULT_ROOT/sdk-client"
CONFS_DIR="$ROOT_DIR/confs"
VAULT_ENV_FILE="$VAULT_ROOT/.env"
SYNC_JS="$ROOT_DIR/scripts/sync-vault-configs.js"
# 0) Charger l'env Vault si présent (VAULT_BASE_URL, VAULT_USER/VAULT_USER_ID, VAULT_ENV, etc.)
if [ -f "$VAULT_ENV_FILE" ]; then
set -a
. "$VAULT_ENV_FILE"
set +a
fi
# 1) Cloner / mettre à jour le dépôt directement dans vault/
mkdir -p "$VAULT_ROOT"
if [ -d "$VAULT_ROOT/.git" ]; then
echo "[git] Mise à jour du dépôt existant dans $VAULT_ROOT"
git -C "$VAULT_ROOT" remote set-url origin "$REPO_URL" 2>/dev/null || true
git -C "$VAULT_ROOT" fetch --prune origin
git -C "$VAULT_ROOT" checkout -B master origin/master
git -C "$VAULT_ROOT" reset --hard origin/master
else
echo "[git] Initialisation du dépôt dans $VAULT_ROOT"
git -C "$VAULT_ROOT" init
git -C "$VAULT_ROOT" remote add origin "$REPO_URL" 2>/dev/null || git -C "$VAULT_ROOT" remote set-url origin "$REPO_URL"
git -C "$VAULT_ROOT" fetch --depth 1 origin master
git -C "$VAULT_ROOT" checkout -B master origin/master
fi
# 2) Construire le SDK client (TypeScript)
if [ ! -d "$SDK_DIR" ]; then
echo "[ERROR] Dossier sdk-client introuvable dans le dépôt $VAULT_ROOT"
exit 2
fi
cd "$SDK_DIR"
# Tenter npm ci puis fallback npm install, puis compiler via tsc
npm ci --no-audit --progress=false || npm install --no-audit --progress=false
npx tsc || ./node_modules/.bin/tsc
# 3) Démo: init/routes/sync locale (écrit sous vault/confs)
node "$SDK_DIR/dist/examples/usage.js" || true
# 4) Copier le miroir local vers confs si présent; sinon fallback sync directe via SDK local
mkdir -p "$CONFS_DIR"
if [ -d "$VAULT_ROOT/confs" ]; then
echo "[copy] Synchronisation $VAULT_ROOT/confs -> $CONFS_DIR"
rm -rf "$CONFS_DIR"
mkdir -p "$CONFS_DIR"
cp -a "$VAULT_ROOT/confs/." "$CONFS_DIR/"
rm -rf "$VAULT_ROOT/confs"
echo "[cleanup] Suppression du miroir $VAULT_ROOT/confs"
else
echo "[fallback] Miroir inexistant, tentative de sync directe via SDK"
if [ -f "$SYNC_JS" ]; then
node "$SYNC_JS" || true
else
echo "[WARN] Script de sync SDK introuvable: $SYNC_JS"
fi
fi
echo "[OK] Sync Vault terminée vers $CONFS_DIR"

7
IA_agents/prompts/prompt-deploy/scripts/tor-progress.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# Script de test de progression pour Tor
# Test simple : considérer Tor comme prêt après un délai
# Tor a terminé son bootstrap selon les logs Docker
echo 'Tor ready: Bootstrap complete (100%)'
exit 0

0
IA_agents/prompts/prompt-docs.md → IA_agents/prompts/prompt-docs/prompt.md
View File

0
IA_agents/prompts/prompt-global.md → IA_agents/prompts/prompt-global/prompt.md
View File

0
IA_agents/prompts/prompt-launch.md → IA_agents/prompts/prompt-launch/prompt.md
View File

0
IA_agents/prompts/prompt-logs.md → IA_agents/prompts/prompt-logs/prompt.md
View File

0
IA_agents/prompts/prompt-scripts.md → IA_agents/prompts/prompt-scripts/prompt.md
View File

0
IA_agents/prompts/prompt-start.md → IA_agents/prompts/prompt-start/prompt.md
View File

0
IA_agents/prompts/prompt-tests.md → IA_agents/prompts/prompt-tests/prompt.md
View File

0
IA_agents/prompts/prompt-todo-management.md → IA_agents/prompts/prompt-todo-management/prompt.md
View File

10
confs/lecoffre_node/bitcoin/bitcoin.conf → confs/bitcoin/bitcoin.conf
View File

@ -1,7 +1,7 @@
# Configuration globale
signet=1
server=1
datadir=/home/bitcoin/.bitcoin
datadir=/home/debian/4NK_env/logs/bitcoin
[signet]
daemon=0
@ -22,12 +22,12 @@ rpcthreads=4
rpcdoccheck=1
# Paramètres ZMQ
zmqpubhashblock=tcp://0.0.0.0:29000
zmqpubrawtx=tcp://0.0.0.0:29001
zmqpubhashblock=tcp://:29000
zmqpubrawtx=tcp://:29001
listen=1
bind=0.0.0.0:38333
rpcbind=0.0.0.0:38332
bind=:38333
rpcbind=:38332
rpcport=38332
fallbackfee=0.0001
blockfilterindex=1

2
confs/lecoffre_node/blindbit-oracle/blindbit.toml → confs/blindbit-oracle/blindbit.toml
View File

@ -2,7 +2,7 @@
host = "0.0.0.0:8000"
chain = "signet"
rpc_endpoint = "http://bitcoin:38332"
cookie_path = "/home/bitcoin/.bitcoin/signet/.cookie"
cookie_path = "/home/debian/4NK_env/data/bitcoin/signet/.cookie"
rpc_user = ""
rpc_pass = ""
sync_start_height = 1

4
confs/lecoffre_node/grafana/grafana.ini → confs/grafana/grafana.ini
View File

@ -2,7 +2,7 @@
[server]
# URL publique de Grafana
root_url = https://dev4.4nkweb.com/grafana/
root_url = https://dev4.4nkweb.com/grafana
# Configuration de sécurité
enable_gzip = true
@ -34,7 +34,7 @@ enabled = false
[dashboards]
# Configuration des dashboards
default_home_dashboard_path = /var/lib/grafana/dashboards/lecoffre-overview.json
default_home_dashboard_path = /home/debian/4NK_env/confs/grafana/dashboards/lecoffre-overview.json
[unified_alerting]
# Configuration des alertes unifiées

95
confs/lecoffre_node/README.md
View File

@ -1,95 +0,0 @@
# Configuration Centralisée - LeCoffre Node
Ce dossier contient toutes les configurations centralisées pour les services du projet LeCoffre Node.
## Structure
```
conf/
├── bitcoin/ # Configuration Bitcoin Signet
│ └── bitcoin.conf
├── relay/ # Configuration SDK Relay
│ └── sdk_relay.conf
├── nginx/ # Configurations Nginx (déjà existantes)
│ └── ...
├── ihm_client/ # Configuration IHM Client
│ └── nginx.dev.conf
├── lecoffre-front/ # Configuration LeCoffre Frontend
└── miner/ # Configuration du mineur
```
## Scripts de Gestion
Les configurations et le déploiement sont gérés via des scripts centralisés :
- `scripts/sync-configs.sh` : Synchronise toutes les configurations
- `scripts/startup-sequence.sh` : Script principal avec déploiement complet
- `scripts/pre-build.sh` : Prépare l'environnement avant build Docker
## Avantages
1. **Centralisation** : Toutes les configurations au même endroit
2. **Cohérence** : Gestion uniforme des paramètres
3. **Maintenance** : Modifications centralisées
4. **Versioning** : Suivi des changements de configuration
5. **Backup** : Sauvegarde centralisée
## Utilisation
### Synchronisation manuelle
```bash
# Synchroniser tous les projets
./scripts/sync-configs.sh
# Synchroniser un projet spécifique
./scripts/sync-configs.sh ihm_client
```
### Déploiement complet
```bash
# Déployer tous les projets
./scripts/startup-sequence.sh deploy
# Déployer un projet spécifique
./scripts/startup-sequence.sh deploy-project ihm_client
# Déployer avec push des images Docker
PUSH_DOCKER_IMAGES=true ./scripts/startup-sequence.sh deploy
```
### Préparation avant build
```bash
# Préparer l'environnement avant build Docker
./scripts/pre-build.sh
```
### Commandes de maintenance
```bash
# Mettre à jour toutes les dépendances
./scripts/startup-sequence.sh update-deps
# Vérifier les fichiers ignore
./scripts/startup-sequence.sh check-ignore
# Nettoyer les fichiers non suivis
./scripts/startup-sequence.sh clean-untracked
# Compiler tous les projets
./scripts/startup-sequence.sh compile-all
# Exécuter tous les tests
./scripts/startup-sequence.sh test-all
```
### Modification d'une configuration
1. Éditer le fichier dans `conf/[service]/`
2. Synchroniser avec `./scripts/sync-configs.sh [service]`
3. Redémarrer le service concerné
## Services Concernés
- **Bitcoin Signet** : Configuration du nœud Bitcoin
- **SDK Relay** : Configuration du relais WebSocket
- **IHM Client** : Configuration Nginx pour l'interface client
- **LeCoffre Front/Back** : Configurations des services web
- **Mineur** : Configuration du minage Bitcoin

399
confs/lecoffre_node/grafana/dashboards/bitcoin-miner-detailed.json
View File

@ -1,399 +0,0 @@
{
"annotations": {
"list": []
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"signet_miner\"} |= \"Block mined\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Blocs Minés par Minute",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"signet_miner\"} |= \"Hashrate\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Hashrate du Mineur",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 8,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"signet_miner\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs du Mineur (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
}
},
"mappings": []
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 16,
"x": 8,
"y": 8
},
"id": 4,
"options": {
"legend": {
"displayMode": "list",
"placement": "right"
},
"pieType": "pie",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (level) (count_over_time({container=\"signet_miner\"} | json | level != \"\" [1h]))",
"queryType": "",
"refId": "A"
}
],
"title": "Distribution des Niveaux de Log",
"type": "piechart"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 16
},
"id": 5,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{container=\"signet_miner\"} |= \"Block mined\" | json | line_format \"{{.timestamp}} - Bloc {{.height}} miné - Hash: {{.hash}}\"",
"queryType": "",
"refId": "A"
}
],
"title": "Historique des Blocs Minés",
"type": "table"
}
],
"refresh": "5s",
"schemaVersion": 37,
"style": "dark",
"tags": [
"bitcoin",
"miner",
"signet"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Bitcoin Miner - Détails",
"uid": "bitcoin-miner-detailed",
"version": 1,
"weekStart": ""
}

160
confs/lecoffre_node/grafana/dashboards/bitcoin-miner.json
View File

@ -1,160 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{job=\"bitcoin\"} |= \"block\" | logfmt",
"queryType": "",
"refId": "A"
}
],
"title": "Bitcoin - Nouveaux Blocs",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{job=\"miner\"} |= \"mined\" | logfmt",
"queryType": "",
"refId": "A"
}
],
"title": "Miner - Blocs Minés",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{job=~\"bitcoin|miner|blindbit\"} |= \"error\" | logfmt",
"queryType": "",
"refId": "A"
}
],
"title": "Bitcoin/Miner/Blindbit - Erreurs",
"type": "logs"
}
],
"refresh": "30s",
"schemaVersion": 36,
"style": "dark",
"tags": ["bitcoin", "miner", "blockchain"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Bitcoin & Miner Monitoring",
"uid": "bitcoin-miner",
"version": 1,
"weekStart": ""
}

532
confs/lecoffre_node/grafana/dashboards/bitcoin-services.json
View File

@ -1,532 +0,0 @@
{
"annotations": {
"list": []
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"bitcoin-signet\"} |= \"UpdateTip\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Mises à Jour de la Chaîne Bitcoin",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"blindbit-oracle\"} |= \"tweak\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Détection de Tweak (BlindBit)",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"bitcoin-signet\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Bitcoin (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 6,
"y": 8
},
"id": 4,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"blindbit-oracle\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs BlindBit (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 12,
"y": 8
},
"id": 5,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"bitcoin-signet\"} |= \"New block\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Nouveaux Blocs (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 18,
"y": 8
},
"id": 6,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"blindbit-oracle\"} |= \"Silent payment\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Silent Payments (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 12
},
"id": 7,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{container=~\"bitcoin-signet|blindbit-oracle\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Bitcoin Services",
"type": "table"
}
],
"refresh": "5s",
"schemaVersion": 37,
"style": "dark",
"tags": [
"bitcoin",
"signet",
"blindbit",
"oracle"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Bitcoin Services - Monitoring",
"uid": "bitcoin-services",
"version": 1,
"weekStart": ""
}

192
confs/lecoffre_node/grafana/dashboards/blindbit-oracle.json
View File

@ -1,192 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"id": null,
"links": [],
"panels": [
{
"datasource": "Loki",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"targets": [
{
"expr": "{job=\"blindbit\"} |= \"Host configuration loaded\"",
"refId": "A"
}
],
"title": "BlindBit Oracle - Configuration Loaded",
"type": "logs"
},
{
"datasource": "Loki",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"targets": [
{
"expr": "{job=\"blindbit\"} |= \"Sync took\"",
"refId": "A"
}
],
"title": "BlindBit Oracle - Synchronization",
"type": "logs"
},
{
"datasource": "Loki",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"targets": [
{
"expr": "{job=\"blindbit\"} |= \"successfully processed block\"",
"refId": "A"
}
],
"title": "BlindBit Oracle - Block Processing",
"type": "logs"
},
{
"datasource": "Loki",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 4,
"options": {
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"targets": [
{
"expr": "{job=\"blindbit\"} |= \"GET\" |~ \"/tweaks/\"",
"refId": "A"
}
],
"title": "BlindBit Oracle - API Requests",
"type": "logs"
},
{
"datasource": "Loki",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 5,
"options": {
"showLabels": false,
"showTime": false,
"sortOrder": "Descending",
"wrapLogMessage": false
},
"targets": [
{
"expr": "{job=\"blindbit\"} |~ \"ERROR|error|Error\"",
"refId": "A"
}
],
"title": "BlindBit Oracle - Errors",
"type": "logs"
}
],
"schemaVersion": 27,
"style": "dark",
"tags": [
"blindbit",
"oracle",
"blockchain"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "BlindBit Oracle Dashboard",
"uid": "blindbit-oracle",
"version": 1
}

532
confs/lecoffre_node/grafana/dashboards/frontend-services.json
View File

@ -1,532 +0,0 @@
{
"annotations": {
"list": []
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=~\"lecoffre-front|ihm_client\"} |= \"GET\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Requêtes HTTP par Frontend",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"ihm_client\"} |= \"vite\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Activité Vite (IHM Client)",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"lecoffre-front\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs LeCoffre Front (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 6,
"y": 8
},
"id": 4,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"ihm_client\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs IHM Client (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 12,
"y": 8
},
"id": 5,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(count_over_time({container=~\"lecoffre-front|ihm_client\"} [1h]))",
"queryType": "",
"refId": "A"
}
],
"title": "Total Logs Frontend (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 18,
"y": 8
},
"id": 6,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"ihm_client\"} |= \"Pre-transform error\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Vite (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 12
},
"id": 7,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{container=~\"lecoffre-front|ihm_client\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Récentes Frontend",
"type": "table"
}
],
"refresh": "5s",
"schemaVersion": 37,
"style": "dark",
"tags": [
"frontend",
"lecoffre",
"ihm",
"client"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Frontend Services - Monitoring",
"uid": "frontend-services",
"version": 1,
"weekStart": ""
}

252
confs/lecoffre_node/grafana/dashboards/lecoffre-overview.json
View File

@ -1,252 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=~\".*\"} |= \"error\" [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs par Service (5 dernières minutes)",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=~\".*\"} [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "Volume de Logs par Service (5 dernières minutes)",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 12,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"title": "Logs d'Erreur - Tous Services",
"type": "logs"
}
],
"refresh": "30s",
"schemaVersion": 36,
"style": "dark",
"tags": ["lecoffre", "monitoring"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "LeCoffre Node - Vue d'ensemble",
"uid": "lecoffre-overview",
"version": 1,
"weekStart": ""
}

594
confs/lecoffre_node/grafana/dashboards/sdk-services.json
View File

@ -1,594 +0,0 @@
{
"annotations": {
"list": []
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 8,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=~\"sdk_.*\"} |= \"message\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Messages par Service SDK",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 8,
"x": 8,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"sdk_relay\"} |= \"transaction\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Transactions Relay",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 8,
"x": 16,
"y": 0
},
"id": 3,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"title": "Signatures Signer",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 0,
"y": 8
},
"id": 4,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"sdk_relay\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Relay (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 6,
"y": 8
},
"id": 5,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"title": "Erreurs Signer (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 12,
"y": 8
},
"id": 6,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"sdk_storage\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Storage (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 18,
"y": 8
},
"id": 7,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(count_over_time({container=~\"sdk_.*\"} [1h]))",
"queryType": "",
"refId": "A"
}
],
"title": "Total Logs SDK (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 12
},
"id": 8,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{container=~\"sdk_.*\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Récentes SDK",
"type": "table"
}
],
"refresh": "5s",
"schemaVersion": 37,
"style": "dark",
"tags": [
"sdk",
"relay",
"signer",
"storage"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "SDK Services - Monitoring",
"uid": "sdk-services",
"version": 1,
"weekStart": ""
}

418
confs/lecoffre_node/grafana/dashboards/services-overview.json
View File

@ -1,418 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 6,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"title": "LeCoffre Backend - Volume Logs",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 6,
"x": 6,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=\"lecoffre-front\"} [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "LeCoffre Frontend - Volume Logs",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 6,
"x": 12,
"y": 0
},
"id": 3,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=\"ihm_client\"} [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "IHM Client - Volume Logs",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 6,
"x": 18,
"y": 0
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=\"sdk_relay\"} [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "SDK Relay - Volume Logs",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 12,
"w": 24,
"x": 0,
"y": 8
},
"id": 5,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"title": "Logs d'Erreur - Services Applications",
"type": "logs"
}
],
"refresh": "30s",
"schemaVersion": 36,
"style": "dark",
"tags": ["services", "applications"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Services Applications - Monitoring",
"uid": "services-overview",
"version": 1,
"weekStart": ""
}

12
confs/lecoffre_node/grafana/provisioning/dashboards/dashboards.yml
View File

@ -1,12 +0,0 @@
apiVersion: 1
providers:
- name: 'LeCoffre Node Dashboards'
orgId: 1
folder: 'LeCoffre Node'
type: file
disableDeletion: false
updateIntervalSeconds: 10
allowUiUpdates: true
options:
path: /var/lib/grafana/dashboards

12
confs/lecoffre_node/grafana/provisioning/datasources/loki.yml
View File

@ -1,12 +0,0 @@
apiVersion: 1
datasources:
- name: Loki
type: loki
access: proxy
url: http://loki:3100
uid: loki
isDefault: true
editable: true
jsonData:
maxLines: 1000

10
confs/lecoffre_node/grafana/provisioning/datasources/loki.yml.bak
View File

@ -1,10 +0,0 @@
apiVersion: 1
datasources:
- name: Loki
type: loki
access: proxy
url: http://loki:3100
uid: loki
isDefault: true
editable: true

48
confs/lecoffre_node/ihm_client/nginx.dev.conf
View File

@ -1,48 +0,0 @@
server {
listen 80;
server_name localhost;
# Redirection des requêtes HTTP vers Vite
location / {
proxy_pass http://localhost:3003;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /ws/ {
proxy_pass http://dev4.4nkweb.com:8090;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_read_timeout 86400;
}
location /storage/ {
rewrite ^/storage(/.*)$ $1 break;
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /api/ {
proxy_pass http://localhost:8091;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS headers
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,X-Requested-With" always;
}
}

13
confs/lecoffre_node/logrotate/bitcoin.conf
View File

@ -1,13 +0,0 @@
logs/bitcoin/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart bitcoin 2>/dev/null || true
endscript
}

13
confs/lecoffre_node/logrotate/blindbit.conf
View File

@ -1,13 +0,0 @@
logs/blindbit/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart blindbit 2>/dev/null || true
endscript
}

13
confs/lecoffre_node/logrotate/ihm_client.conf
View File

@ -1,13 +0,0 @@
logs/ihm_client/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart ihm_client 2>/dev/null || true
endscript
}

13
confs/lecoffre_node/logrotate/lecoffre-front.conf
View File

@ -1,13 +0,0 @@
logs/lecoffre-front/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart lecoffre-front 2>/dev/null || true
endscript
}

13
confs/lecoffre_node/logrotate/miner.conf
View File

@ -1,13 +0,0 @@
logs/miner/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart miner 2>/dev/null || true
endscript
}

13
confs/lecoffre_node/logrotate/nginx.conf
View File

@ -1,13 +0,0 @@
logs/nginx/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart nginx 2>/dev/null || true
endscript
}

13
confs/lecoffre_node/logrotate/sdk_relay.conf
View File

@ -1,13 +0,0 @@
logs/sdk_relay/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart sdk_relay 2>/dev/null || true
endscript
}

13
confs/lecoffre_node/logrotate/sdk_storage.conf
View File

@ -1,13 +0,0 @@
logs/sdk_storage/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart sdk_storage 2>/dev/null || true
endscript
}

13
confs/lecoffre_node/logrotate/tor.conf
View File

@ -1,13 +0,0 @@
logs/tor/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart tor 2>/dev/null || true
endscript
}

30
confs/lecoffre_node/monitoring.conf
View File

@ -1,30 +0,0 @@
# Configuration centralisée du monitoring LeCoffre Node
# Généré automatiquement le $(date)
[monitoring]
# Services de monitoring
grafana_port=3000
loki_port=3100
promtail_enabled=true
[grafana]
admin_user=admin
admin_password=admin123
root_url=https://dev4.4nkweb.com/grafana/
dashboard_home=lecoffre-overview
[logs]
# Configuration des logs
log_retention_days=30
log_rotation=daily
log_compression=true
[services]
# Services surveillés
services=bitcoin,blindbit,sdk_relay,,sdk_storagelecoffre-front,ihm_client,tor,miner
[alerts]
# Configuration des alertes
error_threshold=10
warning_threshold=5
alert_email=

258
confs/lecoffre_node/nginx/dev4.4nkweb.com.conf
View File

@ -1,258 +0,0 @@
# HTTP server for ACME and redirect to HTTPS
server {
listen 80;
server_name dev4.4nkweb.com http://dev4.4nkweb.com;
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# Redirection vers HTTPS pour toutes les autres requêtes
location / {
return 301 https://$server_name$request_uri;
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://localhost:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://localhost:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1
location ~* ^/apiv1/(.*)$ {
# CORS pour compatibilité
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://localhost:8080/api/v1/$1;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://localhost:8090/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
}
# API de transfert de fonds
location /api/v1/funds/ {
proxy_pass http://localhost:8080/api/v1/funds/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Grafana - Interface de monitoring (DOIT être avant location /)
location /grafana/ {
proxy_pass http://localhost:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs (DOIT être avant location /)
location /loki/ {
proxy_pass http://localhost:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Page de statut des services (DOIT être avant location /)
location /status {
# Redirection vers /status/
return 301 /status/;
}
location /status/ {
# Serveur statique pour la page HTML
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Cache pour les assets statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services (DOIT être avant location /)
location /status/api {
proxy_pass http://localhost:3006/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes AJAX
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Timeouts
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
if ($request_method = 'OPTIONS') {
return 204;
}
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://localhost:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/4NK_env/confs/lecoffre_node/nginx/assets;
try_files /favicon.ico =404;
access_log off;
expires 30d;
}
# lecoffre frontend
location = /lecoffre {
proxy_pass http://127.0.0.2:3004/lecoffre;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
}
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004/lecoffre/;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# Next.js assets
location /_next/ {
proxy_pass http://127.0.0.2:3004/_next/;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
}
# blindbit
location /blindbit/ {
proxy_pass http://localhost:8000/;
include /etc/nginx/proxy_params;
}
}

49
confs/lecoffre_node/nginx/grafana.conf
View File

@ -1,49 +0,0 @@
# Configuration Nginx pour Grafana
server {
listen 80;
server_name dev4.4nkweb.com;
# Proxy pour Grafana
location /grafana/ {
proxy_pass http://127.0.0.1:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Proxy pour Loki (API)
location /loki/ {
proxy_pass http://127.0.0.1:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
}

470
confs/lecoffre_node/nginx/nginx.conf
View File

@ -1,470 +0,0 @@
user www-data;
worker_processes auto;
pid /app/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
# Configuration de base
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# MIME types
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /app/logs/nginx/access.log main;
error_log /app/logs/nginx/error.log warn;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
# Rate limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;
# Upstream servers
upstream lecoffre_frontend {
server localhost:3004;
keepalive 32;
}
upstream ihm_client {
server localhost:3003;
keepalive 32;
}
upstream grafana {
server localhost:3005;
keepalive 32;
}
upstream loki {
server localhost:3100;
keepalive 32;
}
upstream status_api {
server localhost:3006;
keepalive 32;
}
upstream sdk_relay {
server localhost:8090;
keepalive 32;
}
upstream blindbit {
server localhost:8000;
keepalive 32;
}
# Serveur principal HTTP (port 80)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Redirection automatique vers HTTPS si disponible
return 301 https://$host$request_uri;
}
# Serveur HTTPS (port 443)
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
# Certificats SSL (auto-signés pour le développement)
ssl_certificate /app/ssl/nginx-selfsigned.crt;
ssl_certificate_key /app/ssl/nginx-selfsigned.key;
# Configuration SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Page de statut des services
location /status/ {
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services
location /status/api {
limit_req zone=api burst=20 nodelay;
proxy_pass http://status_api/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Grafana - Interface de monitoring
location /grafana/ {
proxy_pass http://grafana/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Grafana-Org-Id 1;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs
location /loki/ {
limit_req zone=api burst=10 nodelay;
proxy_pass http://loki/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API backend - routes /back/ vers /api/
location ~* ^/back/(.*)$ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://lecoffre_backend/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - routes /api/
location /api/ {
limit_req zone=api burst=20 nodelay;
# CORS dynamique
set $cors_origin "";
if ($http_origin ~* ^(http://localhost:3000|http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization, x-request-id" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://lecoffre_backend/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://sdk_relay/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# API de transfert de fonds
location /api/v1/funds/ {
limit_req zone=api burst=5 nodelay;
proxy_pass http://lecoffre_backend/api/v1/funds/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# favicon
location = /favicon.ico {
root /var/www/lecoffre/assets;
try_files /favicon.ico =404;
}
# blindbit
location /blindbit/ {
proxy_pass http://blindbit/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# LeCoffre Front - Application principale
# Redirige /lecoffre -> /lecoffre/
location = /lecoffre {
return 301 /lecoffre/;
}
location /lecoffre/ {
proxy_pass http://lecoffre_frontend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
# Configuration spécifique pour Next.js
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://ihm_client;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}
# API de statut des services
location /status/api {
limit_req zone=api burst=20 nodelay;
proxy_pass http://status_api/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Grafana - Interface de monitoring
location /grafana/ {
proxy_pass http://grafana/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Grafana-Org-Id 1;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_request_buffering off;
}
# API backend - routes /back/ vers /api/
location ~* ^/back/(.*)$ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://lecoffre_backend/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - routes /api/
location /api/ {
limit_req zone=api burst=20 nodelay;
# CORS dynamique pour développement local
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|http://localhost:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization, x-request-id" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://lecoffre_backend/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://sdk_relay/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# LeCoffre Front - Application principale
# Redirige /lecoffre -> /lecoffre/
location = /lecoffre {
return 301 /lecoffre/;
}
location /lecoffre/ {
proxy_pass http://lecoffre_frontend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
# Configuration spécifique pour Next.js
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://ihm_client;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}
}

15
confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-http.conf
View File

@ -1,15 +0,0 @@
# HTTP server for ACME and redirect to HTTPS
server {
listen 80;
server_name dev4.4nkweb.com;
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# Redirection vers HTTPS pour toutes les autres requêtes
location / {
return 301 https://$server_name$request_uri;
}
}

226
confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-https.conf
View File

@ -1,226 +0,0 @@
# Configuration HTTPS pour dev4.4nkweb.com
server {
listen 443 ssl http2;
server_name dev4.4nkweb.com;
# Certificats SSL
ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
# Configuration SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Headers de sécurité
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
# Grafana - Interface de monitoring (DOIT être avant location /)
location /grafana/ {
proxy_pass http://localhost:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs (DOIT être avant location /)
location /loki/ {
proxy_pass http://localhost:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Page de statut des services (DOIT être avant location /)
location /status {
# Redirection vers /status/
return 301 /status/;
}
location /status/ {
# Serveur statique pour la page HTML
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Cache pour les assets statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services (DOIT être avant location /)
location /status/api {
proxy_pass http://localhost:3006/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes AJAX
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Timeouts
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://localhost:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://dev3.4nkweb.com:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://localhost:8090/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# API de transfert de fonds
location /api/v1/funds/ {
proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/4NK_env/confs/lecoffre_node/nginx/assets;
try_files /favicon.ico =404;
}
# blindbit
location /blindbit/ {
proxy_pass http://localhost:8000/;
include /etc/nginx/proxy_params;
}
# lecoffre-front - Application LeCoffre
location = /lecoffre { return 301 /lecoffre/; }
location ^~ /lecoffre/ {
# ensure no redirect here; only proxy to Next
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
add_header Pragma "no-cache" always;
add_header Expires "-1" always;
proxy_hide_header ETag;
proxy_hide_header Last-Modified;
proxy_pass http://localhost:3004;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_connect_timeout 300;
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://localhost:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}

49
confs/lecoffre_node/nginx_backups_host/grafana.conf
View File

@ -1,49 +0,0 @@
# Configuration Nginx pour Grafana
server {
listen 80;
server_name dev4.4nkweb.com;
# Proxy pour Grafana
location /grafana/ {
proxy_pass http://127.0.0.1:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Proxy pour Loki (API)
location /loki/ {
proxy_pass http://127.0.0.1:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
}

64
confs/lecoffre_node/nginx_backups_host/local.4nkweb.com-3000.conf
View File

@ -1,64 +0,0 @@
server {
listen 0.0.0.0:3000;
listen [::]:3000;
server_name local.4nkweb.com;
# HTTP pur: pas de HTTPS ni HSTS
# Favicon
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
}
# Compat: callback ID.not sans basePath (toutes variantes et querystring)
location /authorized-client {
proxy_pass http://127.0.0.2:3004/lecoffre/authorized-client;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# Entrée sans slash
location = /lecoffre {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# BasePath /lecoffre
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# HMR (si utilisé en local)
location /lecoffre/_next/webpack-hmr {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_read_timeout 600s;
}
# Assets Next.js
location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
expires 7d;
add_header Cache-Control "public, max-age=604800, immutable" always;
proxy_pass http://127.0.0.2:3004$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_read_timeout 300;
}
}

84
confs/lecoffre_node/nginx_backups_host/nginx.conf
View File

@ -1,84 +0,0 @@
user www-data;
worker_processes auto;
worker_cpu_affinity auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off; # Recommended practice is to turn this off
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1
ssl_prefer_server_ciphers off; # Don't force server cipher order.
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

11
confs/lecoffre_node/relay/sdk_relay.conf
View File

@ -1,11 +0,0 @@
core_url=http://bitcoin:38332
ws_url=0.0.0.0:8090
wallet_name=default
network=signet
blindbit_url=http://blindbit-oracle:8000
zmq_url=tcp://bitcoin:29000
storage=https://dev4.4nkweb.com/storage
data_dir=/app/.4nk
bitcoin_data_dir=/app/.bitcoin
bootstrap_url=
bootstrap_faucet=false

0
confs/lecoffre_node/loki/loki-config.yaml → confs/loki/loki-config.yaml
View File

8
confs/lecoffre_node/promtail/promtail.yml → confs/promtail/promtail.yml
View File

@ -1,5 +1,5 @@
server:
http_listen_port: 9080
http_listen_port: 8090
grpc_listen_port: 0
positions:
@ -27,7 +27,7 @@ scrape_configs:
labels:
job: blindbit
service: blindbit-oracle
__path__: /home/debian/4NK_env/logs/blindbit/*.log
__path__:/home/debian/4NK_env/logs/blindbit-oracle/*.log
# SDK Relay Logs
- job_name: sdk_relay
@ -37,7 +37,7 @@ scrape_configs:
labels:
job: sdk_relay
service: sdk_relay
__path__: /home/debian/4NK_env/logs/sdk_relay/*.log
__path__:/home/debian/4NK_env/logs/sdk_relay/*.log
# SDK Storage Logs
- job_name: sdk_storage
@ -77,7 +77,7 @@ scrape_configs:
labels:
job: miner
service: signet_miner
__path__: /home/debian/4NK_env/logs/miner/*.log
__path__:/home/debian/4NK_env/logs/miner/*.log
# Tor Logs
- job_name: tor

0
confs/lecoffre_node/supervisor/supervisord.conf → confs/supervisor/supervisord.conf
View File

8
confs/lecoffre_node/tor/torrc → confs/tor/torrc
View File

@ -5,11 +5,11 @@
SOCKSPort 127.0.0.1:9050
# Port de contrôle (désactivé pour la sécurité)
# ControlPort 127.0.0.1:9051
# ControlPort 127.0.0.1:9050
# Configuration de base
Log notice file /var/log/tor/tor.log
DataDirectory /var/lib/tor
Log notice file /home/debian/4NK_env/logs/tor/tor.log
DataDirectory /home/debian/4NK_env/data/tor
# Configuration réseau
ClientOnly 1
@ -17,5 +17,5 @@ SafeLogging 1
WarnUnsafeSocks 1
# Désactiver les services cachés
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServiceDir /home/debian/4NK_env/data/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

191
docs/VARIABLES-ENVIRONNEMENT-NOUVELLE-STRUCTURE.md Normal file
View File

@ -0,0 +1,191 @@
# Nouvelle Structure des Variables d'Environnement
## Vue d'ensemble
La structure des variables d'environnement a été réorganisée pour séparer les variables par projet. Cette nouvelle architecture améliore la maintenabilité et la sécurité en isolant les configurations de chaque service.
## Structure Actuelle
```
4NK_env/
├── env/
│ ├── lecoffre_node/
│ │ └── .env
│ ├── sdk_relay/
│ │ └── .env
│ ├── sdk_storage/
│ │ └── .env
│ ├── ihm_client/
│ │ └── .env
│ ├── lecoffre-front/
│ │ └── .env
│ ├── blindbit-oracle/
│ │ └── .env
│ ├── monitoring/
│ │ └── .env
│ └── sdk_signer/
│ └── .env
└── .env.master (conservé pour compatibilité)
```
## Projets et Variables
### 1. lecoffre_node
**Fichier**: `env/lecoffre_node/.env`
**Variables principales**:
- Configuration des domaines (DOMAIN, BOOTSTRAP_DOMAIN, etc.)
- Configuration Git (GITEA_BASE_URL, GIT_TOKEN, etc.)
- Configuration IDNOT (IDNOT_API_KEY, IDNOT_CLIENT_ID, etc.)
- Configuration serveur (APP_HOST, API_BASE_URL, etc.)
### 2. sdk_relay
**Fichier**: `env/sdk_relay/.env`
**Variables principales**:
- SDK_RELAY_* (SDK_RELAY_CORE_URL, SDK_RELAY_WS_URL, etc.)
- Variables legacy (core_url, ws_url, etc.)
- Configuration des ports (RELAY_PORT, RELAY_HTTP_PORT)
### 3. sdk_storage
**Fichier**: `env/sdk_storage/.env`
**Variables principales**:
- STORAGE_URL, STORAGE_PORT, STORAGE_DATA_DIR
### 4. ihm_client
**Fichier**: `env/ihm_client/.env`
**Variables principales**:
- VITE_* (VITE_API_BASE_URL, VITE_WS_URL, etc.)
- VITE_JWT_SECRET_KEY (variable sensible)
### 5. lecoffre-front
**Fichier**: `env/lecoffre-front/.env`
**Variables principales**:
- NEXT_PUBLIC_* (NEXT_PUBLIC_4NK_URL, NEXT_PUBLIC_IDNOT_BASE_URL, etc.)
- NEXT_PUBLIC_IDNOT_CLIENT_ID (variable sensible)
### 6. blindbit-oracle
**Fichier**: `env/blindbit-oracle/.env`
**Variables principales**:
- BLINDBIT_API_PORT, BITCOIN_RPC_URL
### 7. monitoring
**Fichier**: `env/monitoring/.env`
**Variables principales**:
- Configuration Grafana (GRAFANA_ADMIN_USER, GRAFANA_ADMIN_PASSWORD, etc.)
- Configuration Loki (LOKI_URL, LOKI_CONFIG_FILE, etc.)
- Configuration Status API (STATUS_API_PORT, STATUS_API_HOST)
- Variables Bitcoin pour monitoring
### 8. sdk_signer
**Fichier**: `env/sdk_signer/.env`
**Variables principales**:
- SIGNER_* (SIGNER_PORT, SIGNER_DATABASE_PATH, etc.)
- SIGNER_API_KEY (variable sensible)
## Migration depuis .env.master
### Avant (Structure Monolithique)
```yaml
# docker-compose.yml
services:
sdk_relay:
env_file:
- /home/debian/4NK_env/.env.master
```
### Après (Structure Séparée)
```yaml
# docker-compose.yml
services:
sdk_relay:
env_file:
- /home/debian/4NK_env/env/sdk_relay/.env
```
## Avantages de la Nouvelle Structure
1. **Séparation des responsabilités**: Chaque projet a ses propres variables
2. **Sécurité améliorée**: Isolation des variables sensibles par service
3. **Maintenance facilitée**: Modification des variables sans impact sur les autres services
4. **Déploiement modulaire**: Possibilité de déployer des services indépendamment
5. **Debugging simplifié**: Variables spécifiques à un service dans un seul fichier
## Scripts de Gestion
### Ajout de Variables Manquantes
```bash
./scripts/add-missing-env-vars-new.sh
```
### Test de Configuration
```bash
./scripts/test-env-config.sh
```
### Démarrage des Services
```bash
./scripts/lecoffre_node/start.sh
```
## Variables Sensibles
Les variables marquées comme sensibles sont identifiées par la section :
```bash
# ================== /!\ sensible =========================
```
Ces variables contiennent :
- Clés API (IDNOT_API_KEY, SIGNER_API_KEY)
- Secrets JWT (VITE_JWT_SECRET_KEY)
- Identifiants clients (IDNOT_CLIENT_ID, NEXT_PUBLIC_IDNOT_CLIENT_ID)
- Mots de passe (IDNOT_CLIENT_SECRET, GRAFANA_ADMIN_PASSWORD)
## Compatibilité
Le fichier `.env.master` est conservé pour la compatibilité avec les anciens scripts, mais il est recommandé d'utiliser la nouvelle structure pour tous les nouveaux développements.
## Migration des Scripts Existants
Les scripts ont été mis à jour pour utiliser la nouvelle structure :
- `docker-compose.yml`: Pointe vers les nouveaux fichiers .env
- `scripts/lecoffre_node/start.sh`: Vérifie les fichiers par projet
- `scripts/test-env-config.sh`: Teste la nouvelle structure
## Recommandations
1. **Ne jamais modifier les valeurs des variables** sans validation préalable
2. **Utiliser les scripts de gestion** pour ajouter/modifier des variables
3. **Tester la configuration** après chaque modification
4. **Maintenir la cohérence** entre les fichiers .env et la documentation
5. **Sauvegarder** avant toute modification importante
## Troubleshooting
### Problème : Service ne trouve pas ses variables
**Solution**: Vérifier que le fichier .env correspondant existe dans `env/<service>/.env`
### Problème : Variables manquantes
**Solution**: Utiliser le script `add-missing-env-vars-new.sh`
### Problème : Conflit de variables
**Solution**: Vérifier que les variables sont dans le bon fichier projet
## Maintenance
### Ajout d'un Nouveau Service
1. Créer le dossier `env/<nouveau_service>/`
2. Créer le fichier `.env` avec les variables nécessaires
3. Mettre à jour `docker-compose.yml`
4. Mettre à jour les scripts de test
5. Documenter les variables dans ce fichier
### Suppression d'un Service
1. Sauvegarder le fichier .env
2. Supprimer le dossier `env/<service>/`
3. Mettre à jour `docker-compose.yml`
4. Mettre à jour les scripts de test
5. Mettre à jour la documentation

119
scripts/add-missing-env-vars-new.sh Executable file
View File

@ -0,0 +1,119 @@
#!/bin/bash
# Script pour ajouter les variables d'environnement manquantes dans la nouvelle structure env/<project>/.env
set -e
# Couleurs pour l'affichage
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
ENV_DIR="/home/debian/4NK_env/env"
BACKUP_DIR="${ENV_DIR}.backup.$(date +%Y%m%d_%H%M%S)"
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE} Ajout des Variables d'Environnement Manquantes${NC}"
echo -e "${BLUE} Nouvelle Structure env/<project>/.env${NC}"
echo -e "${BLUE}========================================${NC}"
echo
# Fonction pour vérifier si une variable existe dans un fichier
check_var_exists() {
local env_file="$1"
local var_name="$2"
grep -q "^${var_name}=" "$env_file" 2>/dev/null
}
# Fonction pour ajouter une variable si elle n'existe pas
add_var_if_missing() {
local env_file="$1"
local var_name="$2"
local var_value="$3"
local description="$4"
if ! check_var_exists "$env_file" "$var_name"; then
echo -e "${YELLOW}Ajout de ${var_name} dans $(basename $(dirname $env_file)): ${description}${NC}"
echo "${var_name}=${var_value}" >> "$env_file"
return 0
else
echo -e "${GREEN}${var_name} existe déjà dans $(basename $(dirname $env_file))${NC}"
return 1
fi
}
# Créer une sauvegarde
echo -e "${BLUE}Création d'une sauvegarde: ${BACKUP_DIR}${NC}"
cp -r "$ENV_DIR" "$BACKUP_DIR"
echo -e "${BLUE}Ajout des variables manquantes...${NC}"
echo
# Variables pour lecoffre_node
echo -e "${CYAN}=== Variables lecoffre_node ===${NC}"
add_var_if_missing "$ENV_DIR/lecoffre_node/.env" "BITCOIN_RPC_USER" "bitcoin_user" "Nom d'utilisateur RPC Bitcoin"
add_var_if_missing "$ENV_DIR/lecoffre_node/.env" "BITCOIN_RPC_PASSWORD" "FAKE-DATA-IA-bitcoin_password_secure" "Mot de passe RPC Bitcoin"
add_var_if_missing "$ENV_DIR/lecoffre_node/.env" "BITCOIN_RPC_PORT" "38332" "Port RPC Bitcoin"
echo
# Variables pour blindbit-oracle
echo -e "${CYAN}=== Variables blindbit-oracle ===${NC}"
add_var_if_missing "$ENV_DIR/blindbit-oracle/.env" "BLINDBIT_API_PORT" "8000" "Port de l'API BlindBit"
add_var_if_missing "$ENV_DIR/blindbit-oracle/.env" "BITCOIN_RPC_URL" "http://bitcoin:38332" "URL du RPC Bitcoin"
echo
# Variables pour sdk_relay
echo -e "${CYAN}=== Variables sdk_relay ===${NC}"
add_var_if_missing "$ENV_DIR/sdk_relay/.env" "RELAY_PORT" "8090" "Port du relay"
add_var_if_missing "$ENV_DIR/sdk_relay/.env" "RELAY_HTTP_PORT" "8091" "Port HTTP du relay"
add_var_if_missing "$ENV_DIR/sdk_relay/.env" "STORAGE_URL" "http://sdk_storage:8080" "URL du service de stockage"
echo
# Variables pour sdk_storage
echo -e "${CYAN}=== Variables sdk_storage ===${NC}"
add_var_if_missing "$ENV_DIR/sdk_storage/.env" "STORAGE_PORT" "8080" "Port du service de stockage"
add_var_if_missing "$ENV_DIR/sdk_storage/.env" "STORAGE_DATA_DIR" "/app/data" "Répertoire des données de stockage"
echo
# Variables pour ihm_client
echo -e "${CYAN}=== Variables ihm_client ===${NC}"
add_var_if_missing "$ENV_DIR/ihm_client/.env" "VITE_API_URL" "https://dev4.4nkweb.com/api" "URL de l'API pour Vite"
add_var_if_missing "$ENV_DIR/ihm_client/.env" "VITE_4NK_URL" "https://dev4.4nkweb.com" "URL 4NK pour Vite"
add_var_if_missing "$ENV_DIR/ihm_client/.env" "VITE_RELAY_URL" "wss://dev4.4nkweb.com/ws" "URL du relay pour Vite"
echo
# Variables pour lecoffre-front
echo -e "${CYAN}=== Variables lecoffre-front ===${NC}"
add_var_if_missing "$ENV_DIR/lecoffre-front/.env" "NEXTJS_APP_ENV_NAME" "development" "Nom de l'environnement Next.js"
echo
# Variables pour monitoring
echo -e "${CYAN}=== Variables monitoring ===${NC}"
add_var_if_missing "$ENV_DIR/monitoring/.env" "GRAFANA_ADMIN_USER" "admin" "Utilisateur admin Grafana"
add_var_if_missing "$ENV_DIR/monitoring/.env" "GRAFANA_ADMIN_PASSWORD" "admin123" "Mot de passe admin Grafana"
echo
# Variables pour sdk_signer
echo -e "${CYAN}=== Variables sdk_signer ===${NC}"
add_var_if_missing "$ENV_DIR/sdk_signer/.env" "SIGNER_LOG_LEVEL" "info" "Niveau de log du signer"
echo
echo -e "${GREEN}✅ Variables ajoutées avec succès !${NC}"
echo
echo -e "${BLUE}Fichiers:${NC}"
echo -e "${YELLOW} - Répertoire principal: ${ENV_DIR}${NC}"
echo -e "${YELLOW} - Sauvegarde: ${BACKUP_DIR}${NC}"
echo
echo -e "${BLUE}Pour tester:${NC}"
echo -e "${YELLOW} cd /home/debian/4NK_env/scripts${NC}"
echo -e "${YELLOW} ./test-env-config.sh${NC}"
echo

1
scripts/check-repos-status.sh
View File

@ -148,3 +148,4 @@ echo ""
log "✅ Vérification terminée"

198
scripts/configure-from-env.sh Executable file
View File

@ -0,0 +1,198 @@
#!/usr/bin/env bash
set -euo pipefail
# Charge les variables depuis /home/debian/4NK_env/confs/.env si présent
ENV_FILE="/home/debian/4NK_env/confs/.env"
ROOT_DIR_DEFAULT="/home/debian/4NK_env"
safe_source() {
# Source un fichier en désactivant nounset pour éviter les erreurs variables non liées
local f="$1"
if [ -f "$f" ]; then
set +u
# shellcheck disable=SC1090
. "$f"
set -u
fi
}
if [ -f "$ENV_FILE" ]; then
set -a
safe_source "$ENV_FILE"
set +a
else
echo "[WARN] $ENV_FILE introuvable; tentative de chargement des env/<service>/.env"
for f in \
/home/debian/4NK_env/env/lecoffre_node/.env \
/home/debian/4NK_env/env/sdk_relay/.env \
/home/debian/4NK_env/env/sdk_storage/.env \
/home/debian/4NK_env/env/ihm_client/.env \
/home/debian/4NK_env/env/lecoffre-front/.env \
/home/debian/4NK_env/env/monitoring/.env; do
set -a
safe_source "$f"
set +a
done
fi
ROOT_DIR="${ROOT_DIR:-$ROOT_DIR_DEFAULT}"
ROOT_URL="${ROOT_URL:-https://dev4.4nkweb.com}"
BOOTSTRAP_HOST="${BOOTSTRAP_HOST:-dev3.4nkweb.com}"
# helper: test presence of all vars
have_vars() {
for name in "$@"; do
eval "val=\${$name-}"
if [ -z "${val}" ]; then
return 1
fi
done
return 0
}
# 1) bitcoin.conf
btc_conf="$ROOT_DIR/confs/bitcoin/bitcoin.conf"
if [ -f "$btc_conf" ]; then
if have_vars BITCOIN_DATA_DIR BITCOIN_BIND BITCOIN_ZMQPUBRAWTX_PORT BITCOIN_ZMQPBUBHASHBLOCK_PORT BITCOIN_SIGNET_P2P_PORT BITCOIN_SIGNET_RPC_PORT; then
sed -i \
-e "s|^datadir=.*$|datadir=${BITCOIN_DATA_DIR}|" \
-e "s|^zmqpubrawtx=.*$|zmqpubrawtx=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPUBRAWTX_PORT}|" \
-e "s|^zmqpubhashblock=.*$|zmqpubhashblock=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPBUBHASHBLOCK_PORT}|" \
-e "s|^bind=.*$|bind=${BITCOIN_BIND}:${BITCOIN_SIGNET_P2P_PORT}|" \
-e "s|^rpcbind=.*$|rpcbind=${BITCOIN_BIND}:${BITCOIN_SIGNET_RPC_PORT}|" \
"$btc_conf"
echo "[OK] bitcoin.conf mis à jour"
else
echo "[SKIP] bitcoin.conf (variables manquantes)"
fi
fi
# 2) blindbit.toml
bb_conf="$ROOT_DIR/confs/blindbit-oracle/blindbit.toml"
if [ -f "$bb_conf" ]; then
if have_vars BLINDBIT_PORT BITCOIN_DOCKER_HOST BITCOIN_SIGNET_RPC_PORT BITCOIN_DATA_DIR; then
sed -i \
-e "s|^host\s*=.*$|host = \"0.0.0.0:${BLINDBIT_PORT}\"|" \
-e "s|^rpc_endpoint\s*=.*$|rpc_endpoint = \"http://${BITCOIN_DOCKER_HOST}:${BITCOIN_SIGNET_RPC_PORT}\"|" \
-e "s|^cookie_path\s*=.*$|cookie_path = \"${BITCOIN_DATA_DIR}/signet/.cookie\"|" \
"$bb_conf"
echo "[OK] blindbit.toml mis à jour"
else
echo "[SKIP] blindbit.toml (variables manquantes)"
fi
fi
# 3) grafana.ini
gf_conf="$ROOT_DIR/confs/grafana/grafana.ini"
if [ -f "$gf_conf" ]; then
sed -i \
-e "s|^\s*root_url\s*=.*$|root_url = ${ROOT_URL}/grafana/|" \
"$gf_conf"
echo "[OK] grafana.ini mis à jour"
fi
# 4) loki-config.yaml
loki_conf="$ROOT_DIR/confs/loki/loki-config.yaml"
if [ -f "$loki_conf" ]; then
if have_vars LOKI_HTTP_LISTEN_PORT; then
sed -i \
-e "s|^\s*http_listen_port:.*$|http_listen_port: ${LOKI_HTTP_LISTEN_PORT}|" \
"$loki_conf"
echo "[OK] loki-config.yaml mis à jour"
else
echo "[SKIP] loki-config.yaml (variables manquantes)"
fi
fi
# 5) promtail.yml
pt_conf="$ROOT_DIR/confs/promtail/promtail.yml"
if [ -f "$pt_conf" ]; then
if have_vars LOKI_DOCKER_HOST LOKI_HTTP_LISTEN_PORT; then
sed -i \
-e "s|url: .*|url: http://${LOKI_DOCKER_HOST}:${LOKI_HTTP_LISTEN_PORT}/loki/api/v1/push|" \
"$pt_conf"
fi
sed -i \
-e "s|/home/debian/4NK_env/|${ROOT_DIR}/|g" \
"$pt_conf"
echo "[OK] promtail.yml mis à jour"
fi
# 6) sdk_relay.conf
relay_conf="$ROOT_DIR/confs/relay/sdk_relay.conf"
if [ -f "$relay_conf" ]; then
if have_vars BITCOIN_DOCKER_HOST BITCOIN_SIGNET_RPC_PORT RELAY_PORT BITCOIN_WALLET_NAME BLINDBIT_DOCKER_NAME BLINDBIT_PORT BITCOIN_BIND BITCOIN_ZMQPBUBHASHBLOCK_PORT BITCOIN_DATA_DIR BOOTSTRAP_HOST; then
sed -i \
-e "s|^core_url=.*$|core_url=http://${BITCOIN_DOCKER_HOST}:${BITCOIN_SIGNET_RPC_PORT}|" \
-e "s|^ws_url=.*$|ws_url=0.0.0.0:${RELAY_PORT}|" \
-e "s|^wallet_name=.*$|wallet_name=${BITCOIN_WALLET_NAME}|" \
-e "s|^blindbit_url=.*$|blindbit_url=http://${BLINDBIT_DOCKER_NAME}:${BLINDBIT_PORT}|" \
-e "s|^zmq_url=.*$|zmq_url=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPBUBHASHBLOCK_PORT}|" \
-e "s|^storage=.*$|storage=https://dev4.4nkweb.com/storage|" \
-e "s|^data_dir=.*$|data_dir=${ROOT_DIR}/data|" \
-e "s|^bitcoin_data_dir=.*$|bitcoin_data_dir=${BITCOIN_DATA_DIR}|" \
-e "s|^bootstrap_url=.*$|bootstrap_url=wss://${BOOTSTRAP_HOST}/ws|" \
"$relay_conf"
echo "[OK] sdk_relay.conf mis à jour"
else
echo "[SKIP] sdk_relay.conf (variables manquantes)"
fi
fi
# 7) env/grafana/.env
gf_env="$ROOT_DIR/env/grafana/.env"
if [ -f "$gf_env" ]; then
sed -i \
-e "s|^GF_SERVER_ROOT_URL=.*$|GF_SERVER_ROOT_URL=${ROOT_URL}/grafana/|" \
"$gf_env"
echo "[OK] env grafana mis à jour"
fi
# 8) env/ihm_client/.env
ihm_env="$ROOT_DIR/env/ihm_client/.env"
if [ -f "$ihm_env" ]; then
sed -i \
-e "s|^NEXT_PUBLIC_4NK_IFRAME_URL=.*$|NEXT_PUBLIC_4NK_IFRAME_URL=${ROOT_URL}/|" \
-e "s|^VITE_JWT_SECRET_KEY=.*$|VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY:-FAKE-DATA-IA-CHANGE-ME}|" \
-e "s|^VITE_API_BASE_URL=.*$|VITE_API_BASE_URL=${ROOT_URL}/lecoffre/api|" \
-e "s|^VITE_WS_URL=.*$|VITE_WS_URL=wss://${BOOTSTRAP_HOST}/ws/|" \
-e "s|^VITE_SIGNER_URL=.*$|VITE_SIGNER_URL=https://${BOOTSTRAP_HOST}/signer|" \
-e "s|^VITE_BOOTSTRAPURL=.*$|VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_HOST}/ws/|" \
"$ihm_env"
# RELAY_URLS nécessite ROOT_HOST; fallback best-effort
relay_urls="wss://${BOOTSTRAP_HOST}/ws/"
if [ -n "${ROOT_HOST:-}" ]; then relay_urls="wss://${ROOT_HOST}/ws/,${relay_urls}"; fi
sed -i -e "s|^RELAY_URLS=.*$|RELAY_URLS=${relay_urls}|" "$ihm_env"
echo "[OK] env ihm_client mis à jour"
fi
# 9) env/lecoffre-front/.env
front_env="$ROOT_DIR/env/lecoffre-front/.env"
if [ -f "$front_env" ]; then
sed -i \
-e "s|^SIGNER_API_KEY=.*$|SIGNER_API_KEY=${VITE_BOOTSTRAPURL:-}|" \
-e "s|^VITE_JWT_SECRET_KEY=.*$|VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY:-FAKE-DATA-IA-CHANGE-ME}|" \
-e "s|^NEXT_PUBLIC_4NK_URL=.*$|NEXT_PUBLIC_4NK_URL=${IHM_CLIENT_URL:-${ROOT_URL}}|" \
-e "s|^NEXT_PUBLIC_FRONT_APP_HOST=.*$|NEXT_PUBLIC_FRONT_APP_HOST=https://${LECOFFRE_FRONT_URL:-dev4.4nkweb.com}/lecoffre|" \
-e "s|^NEXT_PUBLIC_BACK_API_HOST=.*$|NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_URL:-dev3.4nkweb.com}|" \
-e "s|^NEXT_PUBLIC_4NK_IFRAME_URL=.*$|NEXT_PUBLIC_4NK_IFRAME_URL=${ROOT_URL}|" \
-e "s|^NEXT_PUBLIC_API_URL=.*$|NEXT_PUBLIC_API_URL=https://${LECOFFRE_BACK_URL:-dev3.4nkweb.com}/api|" \
-e "s|^NEXT_PUBLIC_DEFAULT_STORAGE_URLS=.*$|NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${ROOT_URL}/storage|" \
"$front_env"
echo "[OK] env lecoffre-front mis à jour"
fi
# 10) env/sdk_storage/.env
storage_env="$ROOT_DIR/env/sdk_storage/.env"
if [ -f "$storage_env" ]; then
sed -i \
-e "s|^DOMAIN=.*$|DOMAIN=${ROOT_HOST:-dev4.4nkweb.com}|" \
-e "s|^STORAGE_URL=.*$|STORAGE_URL=http://${STORAGE_DOCKER_HOST:-sdk_storage}:${STORAGE_PORT:-8080}|" \
-e "s|^STORAGE_PORT=.*$|STORAGE_PORT=${STORAGE_PORT:-8080}|" \
-e "s|^STORAGE_DATA_DIR=.*$|STORAGE_DATA_DIR=${ROOT_DIR}/data/storage|" \
-e "s|^VITE_STORAGE_URL=.*$|VITE_STORAGE_URL=${ROOT_URL}/storage|" \
"$storage_env"
echo "[OK] env sdk_storage mis à jour"
fi
echo "[DONE] Configuration appliquée (best-effort)"

1
scripts/create-and-push-4nk-env.sh
View File

@ -68,3 +68,4 @@ fi
log "✅ Script terminé"

4
scripts/lecoffre_node/blindbit-maintenance.sh
View File

@ -225,3 +225,7 @@ while true; do
read -r
done

4
scripts/lecoffre_node/collect-blindbit-logs.sh
View File

@ -108,3 +108,7 @@ echo "Erreurs: errors_${TIMESTAMP}.log"
echo "API: api_${TIMESTAMP}.log"
echo "Test API: api_test_${TIMESTAMP}.txt"

4
scripts/lecoffre_node/quick-health-check.sh
View File

@ -86,3 +86,7 @@ echo -e "\n${CYAN}========================================${NC}"
echo -e "${GREEN}✓ Vérification rapide terminée${NC}"
echo -e "${CYAN}========================================${NC}"

4
scripts/lecoffre_node/wait-bitcoin-ready.sh Normal file → Executable file
View File

@ -24,3 +24,7 @@ echo "Timeout waiting for Bitcoin"
exit 1

4
scripts/lecoffre_node/wait-tor-bootstrap.sh Normal file → Executable file
View File

@ -24,3 +24,7 @@ echo "Timeout waiting for Tor bootstrap"
exit 1

1
scripts/push-to-remote.sh
View File

@ -90,3 +90,4 @@ log "🔗 URL du dépôt: $GIT_REMOTE"
log "📝 Branche: $BRANCH"

97
scripts/sync-vault-configs.js Normal file
View File

@ -0,0 +1,97 @@
#!/usr/bin/env node
/*
Sync Vault configs to local confs/ mirror
*/
process.env.SHELL = process.env.SHELL || '/usr/bin/sh';
const fs = require('fs');
const path = require('path');
// Load env from vault/.env if dotenv is available
(function loadEnv() {
const dotenvPaths = [
'/home/debian/4NK_env/vault/node_modules/dotenv',
'/home/debian/4NK_env/vault/sdk-client/node_modules/dotenv',
];
for (const p of dotenvPaths) {
try {
require(p).config({ path: path.resolve('/home/debian/4NK_env/vault/.env') });
break;
} catch (_) { /* ignore */ }
}
})();
// Load SDK client (prefer root dist, fallback to sdk-client dist)
let sdk;
try {
sdk = require('/home/debian/4NK_env/vault/dist/index.js');
} catch (e1) {
try {
sdk = require('/home/debian/4NK_env/vault/sdk-client/dist/index.js');
} catch (e2) {
console.error('[fatal] Vault SDK not built. Build it in vault/ or vault/sdk-client first.');
process.exit(2);
}
}
const { createSecureVaultClient } = sdk;
const BASE_URL = process.env.VAULT_BASE_URL || 'https://vault.4nkweb.com:6666';
const USER_ID = process.env.VAULT_USER_ID || process.env.VAULT_USER || 'demo_user_001';
const VAULT_ENV = process.env.VAULT_ENV || 'dev';
const ROOT_DIR = '/home/debian/4NK_env';
const OUTPUT_DIR = path.join(ROOT_DIR, 'confs');
const ENCRYPTED_MIRROR_DIR = path.join(ROOT_DIR, 'confs_encrypted_mirror');
function ensureDirSync(dir) {
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
}
function looksEncryptedPlaceholder(content) {
return typeof content === 'string' && content.startsWith('[CONTENU CHIFFRÉ - DÉCHIFFREMENT NÉCESSAIRE]');
}
async function main() {
console.log(`[vault-sync] base=${BASE_URL} user=${USER_ID} env=${VAULT_ENV}`);
const client = createSecureVaultClient(BASE_URL, USER_ID);
const routes = await client.getRoutes();
console.log(`[vault-sync] routes: ${routes.total_routes}`);
const argFiles = process.argv.slice(2);
let files = argFiles.length > 0 ? argFiles : [
'bitcoin/bitcoin.conf',
'blindbit-oracle/blindbit.toml',
'grafana/grafana.ini',
'loki/loki-config.yaml',
'promtail/promtail.yml',
'relay/sdk_relay.conf'
];
for (const relPath of files) {
try {
const file = await client.getFile(VAULT_ENV, relPath);
const outPath = path.join(OUTPUT_DIR, relPath);
const encPath = path.join(ENCRYPTED_MIRROR_DIR, relPath);
ensureDirSync(path.dirname(outPath));
ensureDirSync(path.dirname(encPath));
if (looksEncryptedPlaceholder(file.content)) {
fs.writeFileSync(encPath, file.content, { encoding: 'utf-8' });
console.warn(`[skip-write] ${outPath} content appears encrypted; saved to ${encPath}`);
} else {
fs.writeFileSync(outPath, file.content, { encoding: 'utf-8' });
console.log(`[write] ${outPath} (${file.size} bytes)`);
}
} catch (e) {
console.error(`[error] ${relPath}: ${e.message}`);
}
}
console.log('[vault-sync] done');
}
main().catch(err => { console.error(err); process.exit(1); });

1
scripts/test-env-config.sh
View File

@ -121,3 +121,4 @@ log "2. Pousser le dépôt: git push origin ext"
log "3. Tester le déploiement avec: docker compose --env-file .env.master up"

149
scripts/update-configs.sh Executable file
View File

@ -0,0 +1,149 @@
#!/bin/bash
# Script pour mettre à jour les fichiers de configuration
# à partir des variables définies dans /home/debian/4NK_env/confs/.env
set -e
# Couleurs pour les messages
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Fonction pour afficher les messages
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Vérifier que le fichier .env existe
ENV_FILE="/home/debian/4NK_env/env/.env"
if [[ ! -f "$ENV_FILE" ]]; then
log_error "Le fichier $ENV_FILE n'existe pas!"
log_error "Veuillez créer ce fichier avec les variables nécessaires avant d'exécuter le script."
exit 1
fi
# Charger les variables d'environnement
log_info "Chargement des variables depuis $ENV_FILE"
source "$ENV_FILE"
# Fonction pour remplacer une valeur dans un fichier
replace_in_file() {
local file="$1"
local pattern="$2"
local replacement="$3"
local description="$4"
if [[ -f "$file" ]]; then
# Utiliser sed pour remplacer la ligne
sed -i "s|$pattern|$replacement|g" "$file"
log_success "Mis à jour: $description dans $(basename "$file")"
else
log_warning "Fichier non trouvé: $file"
fi
}
# Fonction pour ajouter ou modifier une ligne dans un fichier
set_config_value() {
local file="$1"
local key="$2"
local value="$3"
local description="$4"
if [[ -f "$file" ]]; then
# Vérifier si la clé existe déjà
if grep -q "^$key=" "$file" 2>/dev/null || grep -q "^$key " "$file" 2>/dev/null; then
# Remplacer la ligne existante
sed -i "/^$key[ =]/c\\$key=$value" "$file"
else
# Ajouter la ligne à la fin du fichier
echo "$key=$value" >> "$file"
fi
log_success "Mis à jour: $description dans $(basename "$file")"
else
log_warning "Fichier non trouvé: $file"
fi
}
log_info "Début de la mise à jour des configurations..."
# 1. Configuration Bitcoin
log_info "Mise à jour de bitcoin.conf..."
BITCOIN_CONF="/home/debian/4NK_env/confs/bitcoin/bitcoin.conf"
replace_in_file "$BITCOIN_CONF" "datadir=.*" "datadir=$BITCOIN_DATA_DIR" "datadir"
replace_in_file "$BITCOIN_CONF" "zmqpubrawtx=.*" "zmqpubrawtx=tcp://$BITCOIN_BIND:$BITCOIN_ZMQPUBRAWTX_PORT" "zmqpubrawtx"
replace_in_file "$BITCOIN_CONF" "zmqpubhashblock=.*" "zmqpubhashblock=tcp://$BITCOIN_BIND:$BITCOIN_ZMQPBUBHASHBLOCK_PORT" "zmqpubhashblock"
replace_in_file "$BITCOIN_CONF" "bind=.*" "bind=$BITCOIN_BIND:$BITCOIN_SIGNET_P2P_PORT" "bind"
replace_in_file "$BITCOIN_CONF" "rpcbind=.*" "rpcbind=$BITCOIN_BIND:$BITCOIN_SIGNET_RPC_PORT" "rpcbind"
# 2. Configuration Blindbit Oracle
log_info "Mise à jour de blindbit.toml..."
BLINDBIT_CONF="/home/debian/4NK_env/confs/blindbit-oracle/blindbit.toml"
replace_in_file "$BLINDBIT_CONF" 'host = ".*"' 'host = "0.0.0.0:'$BLINDBIT_PORT'"' "host"
replace_in_file "$BLINDBIT_CONF" 'rpc_endpoint = ".*"' 'rpc_endpoint = "http://'$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT'"' "rpc_endpoint"
replace_in_file "$BLINDBIT_CONF" 'cookie_path = ".*"' 'cookie_path = "'$BITCOIN_DATA_DIR'/signet/.cookie"' "cookie_path"
# 3. Configuration Grafana
log_info "Mise à jour de grafana.ini..."
GRAFANA_CONF="/home/debian/4NK_env/confs/grafana/grafana.ini"
replace_in_file "$GRAFANA_CONF" "root_url = .*" "root_url = $ROOT_URL/grafana/" "root_url"
# 4. Configuration Loki
log_info "Mise à jour de loki-config.yaml..."
LOKI_CONF="/home/debian/4NK_env/confs/loki/loki-config.yaml"
replace_in_file "$LOKI_CONF" "http_listen_port:.*" "http_listen_port: $LOKI_HTTP_LISTEN_PORT" "http_listen_port"
# 5. Configuration Promtail
log_info "Mise à jour de promtail.yml..."
PROMTAIL_CONF="/home/debian/4NK_env/confs/promtail/promtail.yml"
replace_in_file "$PROMTAIL_CONF" "url: http://.*" "url: http://$LOKI_DOCKER_HOST:$LOKI_HTTP_LISTEN_PORT/loki/api/v1/push" "url"
replace_in_file "$PROMTAIL_CONF" "/home/debian/4NK_env/" "$ROOT_DIR/" "__path__"
# 6. Configuration SDK Relay
log_info "Mise à jour de sdk_relay.conf..."
RELAY_CONF="/home/debian/4NK_env/confs/relay/sdk_relay.conf"
set_config_value "$RELAY_CONF" "core_url" "http://$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT" "core_url"
set_config_value "$RELAY_CONF" "ws_url" "0.0.0.0:$RELAY_PORT" "ws_url"
set_config_value "$RELAY_CONF" "wallet_name" "$BITCOIN_WALLET_NAME" "wallet_name"
set_config_value "$RELAY_CONF" "blindbit_url" "http://$BLINDBIT_DOCKER_NAME:$BLINDBIT_PORT" "blindbit_url"
set_config_value "$RELAY_CONF" "zmq_url" "tcp://$BITCOIN_BIND:$BITCOIN_ZMQPBUBHASHBLOCK_PORT" "zmq_url"
set_config_value "$RELAY_CONF" "storage" "https://dev4.4nkweb.com/storage" "storage"
set_config_value "$RELAY_CONF" "data_dir" "$ROOT_DIR/data" "data_dir"
set_config_value "$RELAY_CONF" "bitcoin_data_dir" "$BITCOIN_DATA_DIR" "bitcoin_data_dir"
set_config_value "$RELAY_CONF" "bootstrap_url" "wss://$BOOTSTRAP_HOST/ws" "bootstrap_url"
log_success "Mise à jour des configurations terminée!"
log_info "Seuls les fichiers de configuration principaux ont été modifiés"
log_warning "Vérifiez les configurations avant de redémarrer les services"
# Afficher un résumé des fichiers modifiés
echo ""
log_info "Résumé des fichiers modifiés:"
echo " - $BITCOIN_CONF"
echo " - $BLINDBIT_CONF"
echo " - $GRAFANA_CONF"
echo " - $LOKI_CONF"
echo " - $PROMTAIL_CONF"
echo " - $RELAY_CONF"
echo ""
log_info "Les fichiers .env existants n'ont PAS été modifiés pour préserver la sécurité"

0
confs/lecoffre_node/nginx/assets/favicon.ico → tmp/nginx/assets/favicon.ico
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 590 B

After

Width:  |  Height:  |  Size: 590 B

0
confs/lecoffre_node/nginx/dev4.4nkweb.com-http.conf → tmp/nginx/dev4.4nkweb.com-http.conf
View File

4
confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf → tmp/nginx/dev4.4nkweb.com-https.conf
View File

@ -143,14 +143,14 @@ server {
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization, x-request-id" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization, x-request-id" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_set_header X-Request-ID $x_request_id;

0
confs/lecoffre_node/nginx/logging.conf → tmp/nginx/logging.conf
View File

0
confs/lecoffre_node/nginx_backups_host/local.4nkweb.com.conf → tmp/nginx_removed_20250929085641/local.4nkweb.com.conf
View File

31
tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.bak_20250917_072943 Executable file
View File

@ -0,0 +1,31 @@
server {
listen 443 ssl http2;
server_name dev4.4nkweb.com;
ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
include /etc/nginx/proxy_params;
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Prefix /lecoffre;
}
location / {
proxy_pass http://127.0.0.1:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
location /lecoffre/_next/ {
proxy_read_timeout 300;
}
location /_next/ {
proxy_pass http://127.0.0.2:3004/_next/;
proxy_read_timeout 300;
}
}

93
tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.disabled Executable file
View File

@ -0,0 +1,93 @@
server {
listen 443 ssl http2;
server_name dev4.4nkweb.com;
ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
include /etc/nginx/proxy_params;
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://127.0.0.1:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
location /api/ {
proxy_pass http://127.0.0.1:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Root → ihm_client
location / {
proxy_pass http://127.0.0.1:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# lecoffre-front (préserver le préfixe)
location = /lecoffre {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# Next.js assets sous basePath
location /lecoffre/_next/webpack-hmr {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_read_timeout 600s;
}
location /lecoffre/_next/ {
proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
}
# signer (sdk_signer) avec support WebSocket
location /signer/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:3001/;
proxy_read_timeout 600s;
proxy_buffering off;
}
# Next.js assets au root si nécessaire
location /_next/ {
proxy_pass http://127.0.0.2:3004/_next/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
}
}

1
vault Submodule

@ -0,0 +1 @@
Subproject commit 4d314db8898c66f25420824a65b7a71e4fa6e823