diff --git a/.dockerignore b/.dockerignore index fa3c7e9..e15a0c5 100644 --- a/.dockerignore +++ b/.dockerignore @@ -126,3 +126,4 @@ office.json /home/debian/4NK_env/backups/ backups/ + diff --git a/.gitignore b/.gitignore index 7d0f3f0..d972538 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,8 @@ # Dossiers de sauvegarde des scripts *.backup/ -backup/ +*/backup/ +*/*.backup* .cargo/ Cargo.lock @@ -20,23 +21,22 @@ Cargo.lock *.pid # Fichiers de configuration locale -.env -.env.* -!env.master +**/*.env* # Données et logs -data/ -logs/ -*.data +**/data/ +**/logs/ +**/*.logs* +**/*.data *.db *.sqlite # Certificats et clés -*.key -*.pem -*.crt -*.p12 -*.pfx +**/*.key +**/*.pem +**/*.crt +**/*.p12 +**/*.pfx ssl/ certs/ @@ -46,13 +46,13 @@ docker-data/ docker-volumes/ # Cache et build -node_modules/ -dist/ -build/ -target/ -*.o -*.so -*.dylib +**/*.node_modules/ +**/*.dist/ +**/*.build/ +**/*.target/ +**/*.*.o +**/*.so +**/*.dylib # IDE et éditeurs .vscode/ @@ -108,3 +108,5 @@ setup-*.tmp /home/debian/4NK_env/backups/ backups/ + +confs \ No newline at end of file diff --git a/IA_agents/README.md b/IA_agents/README.md index 8050609..19cf01d 100644 --- a/IA_agents/README.md +++ b/IA_agents/README.md @@ -201,4 +201,29 @@ docker compose start **Document créé le 2025-09-21** **Version** : 1.0 **Usage** : Obligatoire pour tous les agents IA -**Mise à jour** : À chaque déploiement \ No newline at end of file +**Mise à jour** : À chaque déploiement + +--- + +## 🔧 Scripts de déploiement (nouveau) + +Exécuter depuis `4NK_env/`. + +- Sync des configurations depuis le Vault vers `confs/`: +```sh +sh IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh +``` +Prérequis: `vault/.env` (VAULT_BASE_URL, VAULT_USER|VAULT_USER_ID, VAULT_ENV). + +- Déploiement séquencé de tous les services (respect des phases et healthchecks): +```sh +sh IA_agents/prompts/prompt-deploy/scripts/deploy-all.sh +``` +Affiche la progression Tor (bootstrap %), Bitcoin (sync), BlindBit (sync/scan), Relay (scan), puis vérifie ports et URLs internes/externes. + +- Vérification rapide de la santé: +```sh +sh IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh +``` + +Ces scripts remplacent tout usage d’un `docker compose up` global pour garantir l’ordre par phases et la lisibilité de la progression. \ No newline at end of file diff --git a/IA_agents/blindbit-oracle-deployment.md b/IA_agents/blindbit-oracle-deployment.md index 6fc3011..5e315fe 100644 --- a/IA_agents/blindbit-oracle-deployment.md +++ b/IA_agents/blindbit-oracle-deployment.md @@ -248,3 +248,7 @@ docker logs blindbit-oracle | grep -i "error" **Usage** : Obligatoire pour le déploiement de BlindBit Oracle **Mise à jour** : Après chaque modification de configuration ou d'image + + + + diff --git a/IA_agents/blindbit-oracle-integration-summary.md b/IA_agents/blindbit-oracle-integration-summary.md index 3f4b59f..1f08cc3 100644 --- a/IA_agents/blindbit-oracle-integration-summary.md +++ b/IA_agents/blindbit-oracle-integration-summary.md @@ -180,3 +180,7 @@ blindbit: **Statut** : Intégration complète réussie **Prochaine révision** : Selon les besoins d'évolution + + + + diff --git a/IA_agents/env-centralisation-policy.md b/IA_agents/env-centralisation-policy.md new file mode 100644 index 0000000..77575fb --- /dev/null +++ b/IA_agents/env-centralisation-policy.md @@ -0,0 +1,265 @@ +# Politique de Centralisation des Variables d'Environnement + +## Vue d'ensemble + +Ce document définit la politique de gestion des variables d'environnement pour le projet 4NK. La nouvelle architecture sépare les variables par projet tout en maintenant une approche centralisée et sécurisée. + +## Structure Actuelle (Depuis 2024-09-27) + +### Architecture Séparée par Projet +``` +4NK_env/ +├── env/ +│ ├── lecoffre_node/.env # Variables du nœud principal +│ ├── sdk_relay/.env # Variables du service relay +│ ├── sdk_storage/.env # Variables du service storage +│ ├── ihm_client/.env # Variables de l'interface client +│ ├── lecoffre-front/.env # Variables du frontend +│ ├── blindbit-oracle/.env # Variables de l'oracle BlindBit +│ ├── monitoring/.env # Variables de monitoring +│ └── sdk_signer/.env # Variables du service signer +└── .env.master # Conservé pour compatibilité +``` + +## Principes de Gestion + +### 1. Séparation par Responsabilité +- Chaque service a ses propres variables d'environnement +- Isolation des configurations sensibles +- Réduction des risques de fuite de données + +### 2. Conservation des Valeurs +- **JAMAIS** modifier les valeurs des variables existantes +- Toutes les valeurs du `.env.master` original sont préservées +- Seule la structure d'organisation change + +### 3. Sécurité Renforcée +- Variables sensibles isolées par service +- Identification claire des données sensibles +- Préfixe `FAKE-DATA-IA-` pour les données de test + +### 4. Compatibilité Maintenue +- Fichier `.env.master` conservé pour compatibilité +- Scripts mis à jour progressivement +- Migration transparente + +## Classification des Variables + +### Variables Sensibles (Critiques) +```bash +# ================== /!\ sensible ========================= +IDNOT_API_KEY=... +IDNOT_CLIENT_SECRET=... +VITE_JWT_SECRET_KEY=... +SIGNER_API_KEY=... +GRAFANA_ADMIN_PASSWORD=... +``` + +### Variables de Configuration (Importantes) +```bash +# Configuration des domaines et URLs +DOMAIN=dev4.4nkweb.com +API_BASE_URL=https://${DOMAIN}/api +STORAGE_URL=https://${DOMAIN}/storage +``` + +### Variables de Développement (Optionnelles) +```bash +# Variables pour le développement et les tests +RUST_LOG=DEBUG +NODE_OPTIONS=--max-old-space-size=2048 +``` + +## Règles de Gestion + +### Règle 1: Ne Jamais Modifier les Valeurs +- Toutes les valeurs du `.env.master` original sont préservées +- Seule l'organisation en fichiers séparés est modifiée +- Validation obligatoire avant toute modification + +### Règle 2: Utiliser les Scripts Officiels +```bash +# Ajout de variables manquantes +./scripts/add-missing-env-vars-new.sh + +# Test de configuration +./scripts/test-env-config.sh + +# Démarrage des services +./scripts/lecoffre_node/start.sh +``` + +### Règle 3: Documentation Obligatoire +- Toute nouvelle variable doit être documentée +- Mise à jour des fichiers de documentation +- Explication de l'utilisation et de la sensibilité + +### Règle 4: Test Avant Déploiement +- Validation de la configuration avec les scripts +- Test de démarrage des services +- Vérification de la cohérence des variables + +## Processus de Migration + +### Étape 1: Création de la Structure +```bash +mkdir -p /home/debian/4NK_env/env/{lecoffre_node,sdk_relay,sdk_storage,ihm_client,lecoffre-front,blindbit-oracle,monitoring,sdk_signer} +``` + +### Étape 2: Séparation des Variables +- Analyse du `.env.master` original +- Répartition par projet selon l'utilisation +- Conservation de toutes les valeurs + +### Étape 3: Mise à Jour des Configurations +- Modification du `docker-compose.yml` +- Mise à jour des scripts de gestion +- Adaptation des fichiers de configuration + +### Étape 4: Tests et Validation +- Exécution des scripts de test +- Vérification du démarrage des services +- Validation de la cohérence + +### Étape 5: Documentation +- Création de la documentation de la nouvelle structure +- Mise à jour des guides existants +- Formation des équipes + +## Gestion des Variables par Projet + +### lecoffre_node +- **Responsabilité**: Configuration générale et nœud principal +- **Variables clés**: DOMAIN, GIT_TOKEN, IDNOT_*, API_BASE_URL +- **Sensibilité**: Élevée (tokens et clés API) + +### sdk_relay +- **Responsabilité**: Service de relay WebSocket +- **Variables clés**: SDK_RELAY_*, CORE_URL, WS_URL +- **Sensibilité**: Moyenne (configuration réseau) + +### sdk_storage +- **Responsabilité**: Service de stockage +- **Variables clés**: STORAGE_URL, STORAGE_PORT +- **Sensibilité**: Faible (configuration technique) + +### ihm_client +- **Responsabilité**: Interface utilisateur +- **Variables clés**: VITE_*, JWT_SECRET_KEY +- **Sensibilité**: Élevée (secret JWT) + +### lecoffre-front +- **Responsabilité**: Frontend Next.js +- **Variables clés**: NEXT_PUBLIC_*, IDNOT_CLIENT_ID +- **Sensibilité**: Moyenne (client ID) + +### blindbit-oracle +- **Responsabilité**: Oracle BlindBit +- **Variables clés**: BLINDBIT_API_PORT, BITCOIN_RPC_URL +- **Sensibilité**: Faible (configuration technique) + +### monitoring +- **Responsabilité**: Surveillance et logs +- **Variables clés**: GRAFANA_*, LOKI_*, STATUS_API_* +- **Sensibilité**: Moyenne (mots de passe admin) + +### sdk_signer +- **Responsabilité**: Service de signature +- **Variables clés**: SIGNER_*, API_KEY +- **Sensibilité**: Élevée (clé API de signature) + +## Scripts de Gestion + +### add-missing-env-vars-new.sh +- Ajoute les variables manquantes dans la nouvelle structure +- Crée des sauvegardes automatiques +- Validation des variables par projet + +### test-env-config.sh +- Teste la cohérence de la configuration +- Vérifie la présence des fichiers .env +- Valide le chargement des variables + +### start.sh (lecoffre_node) +- Démarre les services avec la nouvelle structure +- Vérifie les variables par service +- Gestion des erreurs et diagnostics + +## Sécurité + +### Bonnes Pratiques +1. **Isolation**: Chaque service n'accède qu'à ses variables +2. **Sensibilité**: Identification claire des données sensibles +3. **Audit**: Traçabilité des modifications +4. **Sauvegarde**: Sauvegarde automatique avant modifications + +### Variables Sensibles +- Utilisation du préfixe `FAKE-DATA-IA-` pour les données de test +- Section dédiée `# ================== /!\ sensible =========================` +- Documentation de la sensibilité dans les commentaires + +## Maintenance + +### Ajout d'un Nouveau Service +1. Créer le dossier `env//` +2. Définir les variables nécessaires +3. Mettre à jour les scripts et configurations +4. Documenter dans ce fichier + +### Modification d'une Variable +1. Identifier le service concerné +2. Modifier uniquement le fichier correspondant +3. Tester la configuration +4. Mettre à jour la documentation + +### Suppression d'un Service +1. Sauvegarder le fichier .env +2. Supprimer le dossier du service +3. Mettre à jour les configurations +4. Nettoyer la documentation + +## Monitoring et Alertes + +### Variables Critiques à Surveiller +- `IDNOT_API_KEY`: Clé API IDNot +- `VITE_JWT_SECRET_KEY`: Secret JWT +- `SIGNER_API_KEY`: Clé API Signer +- `GRAFANA_ADMIN_PASSWORD`: Mot de passe Grafana + +### Alertes Recommandées +- Modification de variables sensibles +- Absence de fichiers .env +- Échec de chargement des variables +- Incohérence entre fichiers + +## Formation et Documentation + +### Équipe de Développement +- Formation sur la nouvelle structure +- Documentation des procédures +- Scripts de gestion et de test + +### Équipe DevOps +- Procédures de déploiement +- Gestion des variables sensibles +- Monitoring et alertes + +### Équipe de Sécurité +- Audit des variables sensibles +- Validation des procédures +- Contrôle d'accès aux fichiers + +## Conclusion + +La nouvelle structure des variables d'environnement améliore la sécurité, la maintenabilité et la modularité du projet 4NK. Cette politique garantit une gestion cohérente et sécurisée des configurations tout en préservant la compatibilité avec l'existant. + +## Références + +- [Documentation de la nouvelle structure](../docs/VARIABLES-ENVIRONNEMENT-NOUVELLE-STRUCTURE.md) +- [Scripts de gestion](../scripts/) +- [Configuration Docker Compose](../lecoffre_node/docker-compose.yml) + + + + + diff --git a/IA_agents/prompts/prompt-CI_all.md b/IA_agents/prompts/prompt-CI_all/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-CI_all.md rename to IA_agents/prompts/prompt-CI_all/prompt.md diff --git a/IA_agents/prompts/repo_clean.sh b/IA_agents/prompts/prompt-CI_all/scripts/repo_clean.sh similarity index 100% rename from IA_agents/prompts/repo_clean.sh rename to IA_agents/prompts/prompt-CI_all/scripts/repo_clean.sh diff --git a/IA_agents/prompts/prompt-backups.md b/IA_agents/prompts/prompt-backups/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-backups.md rename to IA_agents/prompts/prompt-backups/prompt.md diff --git a/IA_agents/prompts/prompt-confs.md b/IA_agents/prompts/prompt-confs/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-confs.md rename to IA_agents/prompts/prompt-confs/prompt.md diff --git a/IA_agents/prompts/prompt-confs/scripts/apply-configs.sh b/IA_agents/prompts/prompt-confs/scripts/apply-configs.sh new file mode 100755 index 0000000..7a87119 --- /dev/null +++ b/IA_agents/prompts/prompt-confs/scripts/apply-configs.sh @@ -0,0 +1,198 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Charge les variables depuis /home/debian/4NK_env/confs/.env si présent +ENV_FILE="/home/debian/4NK_env/confs/.env" +ROOT_DIR_DEFAULT="/home/debian/4NK_env" + +safe_source() { + # Source un fichier en désactivant nounset pour éviter les erreurs variables non liées + local f="$1" + if [ -f "$f" ]; then + set +u + # shellcheck disable=SC1090 + . "$f" + set -u + fi +} + +if [ -f "$ENV_FILE" ]; then + set -a + safe_source "$ENV_FILE" + set +a +else + echo "[WARN] $ENV_FILE introuvable; tentative de chargement des env//.env" + for f in \ + /home/debian/4NK_env/env/lecoffre_node/.env \ + /home/debian/4NK_env/env/sdk_relay/.env \ + /home/debian/4NK_env/env/sdk_storage/.env \ + /home/debian/4NK_env/env/ihm_client/.env \ + /home/debian/4NK_env/env/lecoffre-front/.env \ + /home/debian/4NK_env/env/monitoring/.env; do + set -a + safe_source "$f" + set +a + done +fi + +ROOT_DIR="${ROOT_DIR:-$ROOT_DIR_DEFAULT}" +ROOT_URL="${ROOT_URL:-https://dev4.4nkweb.com}" +BOOTSTRAP_HOST="${BOOTSTRAP_HOST:-dev3.4nkweb.com}" + +# helper: test presence of all vars +have_vars() { + for name in "$@"; do + eval "val=\${$name-}" + if [ -z "${val}" ]; then + return 1 + fi + done + return 0 +} + +# 1) bitcoin.conf +btc_conf="$ROOT_DIR/confs/bitcoin/bitcoin.conf" +if [ -f "$btc_conf" ]; then + if have_vars BITCOIN_DATA_DIR BITCOIN_BIND BITCOIN_ZMQPUBRAWTX_PORT BITCOIN_ZMQPBUBHASHBLOCK_PORT BITCOIN_SIGNET_P2P_PORT BITCOIN_SIGNET_RPC_PORT; then + sed -i \ + -e "s|^datadir=.*$|datadir=${BITCOIN_DATA_DIR}|" \ + -e "s|^zmqpubrawtx=.*$|zmqpubrawtx=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPUBRAWTX_PORT}|" \ + -e "s|^zmqpubhashblock=.*$|zmqpubhashblock=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPBUBHASHBLOCK_PORT}|" \ + -e "s|^bind=.*$|bind=${BITCOIN_BIND}:${BITCOIN_SIGNET_P2P_PORT}|" \ + -e "s|^rpcbind=.*$|rpcbind=${BITCOIN_BIND}:${BITCOIN_SIGNET_RPC_PORT}|" \ + "$btc_conf" + echo "[OK] bitcoin.conf mis à jour" + else + echo "[SKIP] bitcoin.conf (variables manquantes)" + fi +fi + +# 2) blindbit.toml +bb_conf="$ROOT_DIR/confs/blindbit-oracle/blindbit.toml" +if [ -f "$bb_conf" ]; then + if have_vars BLINDBIT_PORT BITCOIN_DOCKER_HOST BITCOIN_SIGNET_RPC_PORT BITCOIN_DATA_DIR; then + sed -i \ + -e "s|^host\s*=.*$|host = \"0.0.0.0:${BLINDBIT_PORT}\"|" \ + -e "s|^rpc_endpoint\s*=.*$|rpc_endpoint = \"http://${BITCOIN_DOCKER_HOST}:${BITCOIN_SIGNET_RPC_PORT}\"|" \ + -e "s|^cookie_path\s*=.*$|cookie_path = \"${BITCOIN_DATA_DIR}/signet/.cookie\"|" \ + "$bb_conf" + echo "[OK] blindbit.toml mis à jour" + else + echo "[SKIP] blindbit.toml (variables manquantes)" + fi +fi + +# 3) grafana.ini +gf_conf="$ROOT_DIR/confs/grafana/grafana.ini" +if [ -f "$gf_conf" ]; then + sed -i \ + -e "s|^\s*root_url\s*=.*$|root_url = ${ROOT_URL}/grafana/|" \ + "$gf_conf" + echo "[OK] grafana.ini mis à jour" +fi + +# 4) loki-config.yaml +loki_conf="$ROOT_DIR/confs/loki/loki-config.yaml" +if [ -f "$loki_conf" ]; then + if have_vars LOKI_HTTP_LISTEN_PORT; then + sed -i \ + -e "s|^\s*http_listen_port:.*$|http_listen_port: ${LOKI_HTTP_LISTEN_PORT}|" \ + "$loki_conf" + echo "[OK] loki-config.yaml mis à jour" + else + echo "[SKIP] loki-config.yaml (variables manquantes)" + fi +fi + +# 5) promtail.yml +pt_conf="$ROOT_DIR/confs/promtail/promtail.yml" +if [ -f "$pt_conf" ]; then + if have_vars LOKI_DOCKER_HOST LOKI_HTTP_LISTEN_PORT; then + sed -i \ + -e "s|url: .*|url: http://${LOKI_DOCKER_HOST}:${LOKI_HTTP_LISTEN_PORT}/loki/api/v1/push|" \ + "$pt_conf" + fi + sed -i \ + -e "s|/home/debian/4NK_env/|${ROOT_DIR}/|g" \ + "$pt_conf" + echo "[OK] promtail.yml mis à jour" +fi + +# 6) sdk_relay.conf +relay_conf="$ROOT_DIR/confs/relay/sdk_relay.conf" +if [ -f "$relay_conf" ]; then + if have_vars BITCOIN_DOCKER_HOST BITCOIN_SIGNET_RPC_PORT RELAY_PORT BITCOIN_WALLET_NAME BLINDBIT_DOCKER_NAME BLINDBIT_PORT BITCOIN_BIND BITCOIN_ZMQPBUBHASHBLOCK_PORT BITCOIN_DATA_DIR BOOTSTRAP_HOST; then + sed -i \ + -e "s|^core_url=.*$|core_url=http://${BITCOIN_DOCKER_HOST}:${BITCOIN_SIGNET_RPC_PORT}|" \ + -e "s|^ws_url=.*$|ws_url=0.0.0.0:${RELAY_PORT}|" \ + -e "s|^wallet_name=.*$|wallet_name=${BITCOIN_WALLET_NAME}|" \ + -e "s|^blindbit_url=.*$|blindbit_url=http://${BLINDBIT_DOCKER_NAME}:${BLINDBIT_PORT}|" \ + -e "s|^zmq_url=.*$|zmq_url=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPBUBHASHBLOCK_PORT}|" \ + -e "s|^storage=.*$|storage=https://dev4.4nkweb.com/storage|" \ + -e "s|^data_dir=.*$|data_dir=${ROOT_DIR}/data|" \ + -e "s|^bitcoin_data_dir=.*$|bitcoin_data_dir=${BITCOIN_DATA_DIR}|" \ + -e "s|^bootstrap_url=.*$|bootstrap_url=wss://${BOOTSTRAP_HOST}/ws|" \ + "$relay_conf" + echo "[OK] sdk_relay.conf mis à jour" + else + echo "[SKIP] sdk_relay.conf (variables manquantes)" + fi +fi + +# 7) env/grafana/.env +gf_env="$ROOT_DIR/env/grafana/.env" +if [ -f "$gf_env" ]; then + sed -i \ + -e "s|^GF_SERVER_ROOT_URL=.*$|GF_SERVER_ROOT_URL=${ROOT_URL}/grafana/|" \ + "$gf_env" + echo "[OK] env grafana mis à jour" +fi + +# 8) env/ihm_client/.env +ihm_env="$ROOT_DIR/env/ihm_client/.env" +if [ -f "$ihm_env" ]; then + sed -i \ + -e "s|^NEXT_PUBLIC_4NK_IFRAME_URL=.*$|NEXT_PUBLIC_4NK_IFRAME_URL=${ROOT_URL}/|" \ + -e "s|^VITE_JWT_SECRET_KEY=.*$|VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY:-FAKE-DATA-IA-CHANGE-ME}|" \ + -e "s|^VITE_API_BASE_URL=.*$|VITE_API_BASE_URL=${ROOT_URL}/lecoffre/api|" \ + -e "s|^VITE_WS_URL=.*$|VITE_WS_URL=wss://${BOOTSTRAP_HOST}/ws/|" \ + -e "s|^VITE_SIGNER_URL=.*$|VITE_SIGNER_URL=https://${BOOTSTRAP_HOST}/signer|" \ + -e "s|^VITE_BOOTSTRAPURL=.*$|VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_HOST}/ws/|" \ + "$ihm_env" + # RELAY_URLS nécessite ROOT_HOST; fallback best-effort + relay_urls="wss://${BOOTSTRAP_HOST}/ws/" + if [ -n "${ROOT_HOST:-}" ]; then relay_urls="wss://${ROOT_HOST}/ws/,${relay_urls}"; fi + sed -i -e "s|^RELAY_URLS=.*$|RELAY_URLS=${relay_urls}|" "$ihm_env" + echo "[OK] env ihm_client mis à jour" +fi + +# 9) env/lecoffre-front/.env +front_env="$ROOT_DIR/env/lecoffre-front/.env" +if [ -f "$front_env" ]; then + sed -i \ + -e "s|^SIGNER_API_KEY=.*$|SIGNER_API_KEY=${VITE_BOOTSTRAPURL:-}|" \ + -e "s|^VITE_JWT_SECRET_KEY=.*$|VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY:-FAKE-DATA-IA-CHANGE-ME}|" \ + -e "s|^NEXT_PUBLIC_4NK_URL=.*$|NEXT_PUBLIC_4NK_URL=${IHM_CLIENT_URL:-${ROOT_URL}}|" \ + -e "s|^NEXT_PUBLIC_FRONT_APP_HOST=.*$|NEXT_PUBLIC_FRONT_APP_HOST=https://${LECOFFRE_FRONT_URL:-dev4.4nkweb.com}/lecoffre|" \ + -e "s|^NEXT_PUBLIC_BACK_API_HOST=.*$|NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_URL:-dev3.4nkweb.com}|" \ + -e "s|^NEXT_PUBLIC_4NK_IFRAME_URL=.*$|NEXT_PUBLIC_4NK_IFRAME_URL=${ROOT_URL}|" \ + -e "s|^NEXT_PUBLIC_API_URL=.*$|NEXT_PUBLIC_API_URL=https://${LECOFFRE_BACK_URL:-dev3.4nkweb.com}/api|" \ + -e "s|^NEXT_PUBLIC_DEFAULT_STORAGE_URLS=.*$|NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${ROOT_URL}/storage|" \ + "$front_env" + echo "[OK] env lecoffre-front mis à jour" +fi + +# 10) env/sdk_storage/.env +storage_env="$ROOT_DIR/env/sdk_storage/.env" +if [ -f "$storage_env" ]; then + sed -i \ + -e "s|^DOMAIN=.*$|DOMAIN=${ROOT_HOST:-dev4.4nkweb.com}|" \ + -e "s|^STORAGE_URL=.*$|STORAGE_URL=http://${STORAGE_DOCKER_HOST:-sdk_storage}:${STORAGE_PORT:-8080}|" \ + -e "s|^STORAGE_PORT=.*$|STORAGE_PORT=${STORAGE_PORT:-8080}|" \ + -e "s|^STORAGE_DATA_DIR=.*$|STORAGE_DATA_DIR=${ROOT_DIR}/data/storage|" \ + -e "s|^VITE_STORAGE_URL=.*$|VITE_STORAGE_URL=${ROOT_URL}/storage|" \ + "$storage_env" + echo "[OK] env sdk_storage mis à jour" +fi + +echo "[DONE] Configuration appliquée (best-effort)" diff --git a/IA_agents/prompts/prompt-data.md b/IA_agents/prompts/prompt-data/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-data.md rename to IA_agents/prompts/prompt-data/prompt.md diff --git a/IA_agents/prompts/prompt-deploy.md b/IA_agents/prompts/prompt-deploy/prompt.md similarity index 92% rename from IA_agents/prompts/prompt-deploy.md rename to IA_agents/prompts/prompt-deploy/prompt.md index f3d79ff..a55bee5 100644 --- a/IA_agents/prompts/prompt-deploy.md +++ b/IA_agents/prompts/prompt-deploy/prompt.md @@ -310,4 +310,29 @@ Le prompt inclut des cases à cocher pour suivre l'avancement : ## Autres consignes -**Note** : Ce prompt est basé sur `4NK_env/IA_agents/prompts/prompt-deploy.md`. \ No newline at end of file +**Note** : Ce prompt est basé sur `4NK_env/IA_agents/prompts/prompt-deploy.md`. + +--- + +## Scripts utiles (exécution depuis 4NK_env) + +### Synchronisation des configurations depuis Vault +- Script: `IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh` +- Rôle: clone/MAJ du dépôt `4NK_vault` dans `vault/`, build du SDK `vault/sdk-client`, synchronisation des fichiers déchiffrés vers `confs/`, suppression du miroir `vault/confs/`. +- Pré‑requis: fichier `vault/.env` (ex: `VAULT_BASE_URL`, `VAULT_USER` ou `VAULT_USER_ID`, `VAULT_ENV`). +- Commande: +```sh +sh IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh +``` + +### Vérification rapide de la santé des services +- Script: `IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh` +- Rôle: lance `scripts/lecoffre_node/quick-health-check.sh` en chemins relatifs. +- Commande: +```sh +sh IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh +``` + +### Notes +- Les chemins sont relatifs au répertoire racine `4NK_env`. +- Après remplacement de `confs/` et `env/` par la sortie du vault, les montages `confs//...` et `env//.env` sont déjà référencés dans `lecoffre_node/docker-compose.yml`. \ No newline at end of file diff --git a/IA_agents/prompts/prompt-deploy/scripts/bitcoin-progress.sh b/IA_agents/prompts/prompt-deploy/scripts/bitcoin-progress.sh new file mode 100755 index 0000000..d0f7e36 --- /dev/null +++ b/IA_agents/prompts/prompt-deploy/scripts/bitcoin-progress.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# Script de test de progression pour Bitcoin Signet +info=$(bitcoin-cli -signet -conf=/etc/bitcoin/bitcoin.conf getblockchaininfo 2>/dev/null || echo '{}') +blocks=$(echo "$info" | jq -r '.blocks // 0') +headers=$(echo "$info" | jq -r '.headers // 0') +ibd=$(echo "$info" | jq -r '.initialblockdownload // false') +verification_progress=$(echo "$info" | jq -r '.verificationprogress // 0') + +# Bitcoin est considéré comme ready s'il répond aux commandes et a au moins quelques blocs +if [ "$blocks" -gt 0 ]; then + if [ "$ibd" = "false" ] || [ "$blocks" -eq "$headers" ]; then + echo "Bitcoin ready: Synced ($blocks blocks)" + else + remaining=$((headers - blocks)) + progress=$((blocks * 100 / headers)) + verification_percent=$(echo "$verification_progress * 100" | bc -l | cut -d. -f1) + echo "Bitcoin IBD: $blocks/$headers ($remaining remaining) - $progress% - Verification: $verification_percent%" + fi + exit 0 +else + echo "Bitcoin starting: No blocks yet" + exit 1 +fi diff --git a/IA_agents/prompts/prompt-deploy/scripts/blindbit-progress.sh b/IA_agents/prompts/prompt-deploy/scripts/blindbit-progress.sh new file mode 100755 index 0000000..737eace --- /dev/null +++ b/IA_agents/prompts/prompt-deploy/scripts/blindbit-progress.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Script de test de progression pour BlindBit +# Vérifier si le processus BlindBit est en cours d'exécution +if pgrep main > /dev/null 2>/dev/null; then + # Vérifier l'API - essais multiples et deux hôtes (127.0.0.1 et 0.0.0.0) + for i in 1 2 3; do + if wget -q --spider http://127.0.0.1:8000/tweaks/1 2>/dev/null || wget -q --spider http://0.0.0.0:8000/tweaks/1 2>/dev/null; then + echo 'BlindBit ready: Oracle service responding' + exit 0 + fi + sleep 2 + done + echo 'BlindBit starting: Oracle service initializing' + exit 1 +else + echo 'BlindBit starting: Process not ready' + exit 1 +fi diff --git a/IA_agents/prompts/prompt-deploy/scripts/deploy-all.sh b/IA_agents/prompts/prompt-deploy/scripts/deploy-all.sh new file mode 100644 index 0000000..d101198 --- /dev/null +++ b/IA_agents/prompts/prompt-deploy/scripts/deploy-all.sh @@ -0,0 +1,136 @@ +#!/usr/bin/env sh +set -euo pipefail + +# Determine project root and compose dir +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +ROOT_DIR="$(cd "$SCRIPT_DIR/../../../.." && pwd)" +COMPOSE_DIR="$ROOT_DIR/lecoffre_node" + +# Healthcheck helpers now colocated here +HC_TOR="$SCRIPT_DIR/tor-progress.sh" +HC_BITCOIN="$SCRIPT_DIR/bitcoin-progress.sh" +HC_BLINDBIT="$SCRIPT_DIR/blindbit-progress.sh" +HC_RELAY="$SCRIPT_DIR/sdk-relay-progress.sh" + +cd "$COMPOSE_DIR" + +progress_line() { + svc="$1"; kind="$2" + case "$kind" in + tor) sh "$HC_TOR" 2>/dev/null | tail -1 || true ;; + bitcoin) sh "$HC_BITCOIN" 2>/dev/null | tail -1 || true ;; + blindbit) sh "$HC_BLINDBIT" 2>/dev/null | tail -1 || true ;; + relay) sh "$HC_RELAY" 2>/dev/null | tail -1 || true ;; + *) echo "[$svc] waiting ..." ;; + esac +} + +wait_healthy() { + svc="$1"; tries=${2:-60}; sleep_s=${3:-5}; kind=${4:-generic} + i=0 + while [ $i -lt $tries ]; do + state=$(docker inspect --format='{{json .State.Health.Status}}' "$svc" 2>/dev/null || echo "\"unknown\"") + [ "$state" = '"healthy"' ] && { echo "[$svc] healthy"; return 0; } + progress_line "$svc" "$kind" + sleep "$sleep_s"; i=$((i+1)) + done + echo "[$svc] not healthy after wait"; return 1 +} + +check_ports_urls() { + svc="$1" + case "$svc" in + tor-proxy) + # Ports: 9050-9051 local; no HTTP + nc -z 127.0.0.1 9050 && echo "[tor] port 9050 OK" || echo "[tor] 9050 FAIL" || true + nc -z 127.0.0.1 9051 && echo "[tor] port 9051 OK" || echo "[tor] 9051 FAIL" || true + ;; + bitcoin-signet) + # Internal RPC port (38332 signet), no external URL + nc -z 127.0.0.1 38332 && echo "[bitcoin] RPC 38332 OK" || echo "[bitcoin] 38332 FAIL" || true + ;; + blindbit-oracle) + # Internal: http://localhost:8000/tweaks/1 + curl -fsS http://127.0.0.1:8000/tweaks/1 >/dev/null && echo "[blindbit] API OK" || echo "[blindbit] API FAIL" || true + ;; + sdk_storage) + curl -fsS http://127.0.0.1:8081/health >/dev/null && echo "[storage] health OK" || echo "[storage] health FAIL" || true + ;; + sdk_relay) + # WS bind + HTTP health + curl -fsS http://127.0.0.1:8091/ >/dev/null && echo "[relay] health port 8091 OK" || echo "[relay] 8091 FAIL" || true + nc -z 0.0.0.0 8090 && echo "[relay] ws 8090 OK" || echo "[relay] ws 8090 FAIL" || true + # Third-party bootstrap + curl -fsS https://dev3.4nkweb.com/api/v1/health >/dev/null && echo "[relay] dev3 api OK" || echo "[relay] dev3 api FAIL" || true + ;; + ihm_client) + curl -fsS http://127.0.0.1:3003/ >/dev/null && echo "[ihm] local OK" || echo "[ihm] local FAIL" || true + ;; + lecoffre-front) + curl -fsS http://127.0.0.1:3004/ >/dev/null && echo "[front] local OK" || echo "[front] local FAIL" || true + # External front + curl -fsS https://dev4.4nkweb.com/lecoffre/ >/dev/null && echo "[front] external OK" || echo "[front] external FAIL" || true + ;; + loki) + curl -fsS http://127.0.0.1:3100/ready >/dev/null && echo "[loki] ready OK" || echo "[loki] ready FAIL" || true + ;; + promtail) + echo "[promtail] positions/inputs checked by health" ;; + grafana) + curl -fsS http://127.0.0.1:3005/api/health >/dev/null && echo "[grafana] local api OK" || echo "[grafana] local api FAIL" || true + curl -fsS https://dev4.4nkweb.com/grafana/ >/dev/null && echo "[grafana] external OK" || echo "[grafana] external FAIL" || true + ;; + status-api) + curl -fsS http://127.0.0.1:3006/api >/dev/null && echo "[status] api OK" || echo "[status] api FAIL" || true + ;; + esac +} + +# Phase 1: base +docker compose up -d tor || true +wait_healthy tor-proxy 80 3 tor || true +check_ports_urls tor-proxy || true + +# Phase 2: blockchain +docker compose up -d bitcoin || true +wait_healthy bitcoin-signet 120 5 bitcoin || true +check_ports_urls bitcoin-signet || true + +docker compose up -d blindbit || true +wait_healthy blindbit-oracle 120 5 blindbit || true +check_ports_urls blindbit-oracle || true + +# Phase 3: apps (storage -> relay -> ihm/front) +docker compose up -d sdk_storage || true +wait_healthy sdk_storage 60 5 || true +check_ports_urls sdk_storage || true + +docker compose up -d sdk_relay || true +wait_healthy sdk_relay 120 5 relay || true +check_ports_urls sdk_relay || true + +docker compose up -d ihm_client lecoffre-front || true +wait_healthy ihm_client 60 5 || true +check_ports_urls ihm_client || true +wait_healthy lecoffre-front 60 5 || true +check_ports_urls lecoffre-front || true + +# Phase 4: monitoring (loki -> promtail -> grafana) +docker compose up -d loki || true +wait_healthy loki 120 5 || true +check_ports_urls loki || true + +docker compose up -d promtail || true +wait_healthy promtail 60 5 || true +check_ports_urls promtail || true + +docker compose up -d grafana || true +wait_healthy grafana 120 5 || true +check_ports_urls grafana || true + +# Phase 5: utils +docker compose up -d status-api watchtower || true +wait_healthy status-api 60 5 || true +check_ports_urls status-api || true + +echo "[OK] Déploiement séquentiel terminé" diff --git a/IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh b/IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh new file mode 100644 index 0000000..5540c21 --- /dev/null +++ b/IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env sh +set -euo pipefail + +# Determine project root (4NK_env) relative to this script +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +ROOT_DIR="$(cd "$SCRIPT_DIR/../../../.." && pwd)" + +CHECK="$ROOT_DIR/scripts/lecoffre_node/quick-health-check.sh" +if [ ! -x "$CHECK" ]; then + echo "[ERROR] Script introuvable ou non exécutable: $CHECK" >&2 + exit 2 +fi + +exec "$CHECK" diff --git a/IA_agents/prompts/prompt-deploy/scripts/sdk-relay-progress.sh b/IA_agents/prompts/prompt-deploy/scripts/sdk-relay-progress.sh new file mode 100755 index 0000000..caf0b86 --- /dev/null +++ b/IA_agents/prompts/prompt-deploy/scripts/sdk-relay-progress.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# Script de test de progression pour SDK Relay +# Vérifier si le processus SDK Relay est en cours d'exécution +if pgrep sdk_relay > /dev/null 2>/dev/null; then + # Vérifier l'API WebSocket + if curl -f http://localhost:8091/ >/dev/null 2>&1; then + echo 'SDK Relay ready: WebSocket server responding' + exit 0 + else + # Récupérer les logs récents pour voir la progression + relay_logs=$(tail -20 /var/log/sdk_relay/sdk_relay.log 2>/dev/null | grep -E "(IBD|blocks|headers|waiting|scanning|connecting)" | tail -1 || echo "") + if [ -n "$relay_logs" ]; then + echo "SDK Relay sync: $relay_logs" + exit 1 + else + echo 'SDK Relay starting: WebSocket server initializing' + exit 1 + fi + fi +else + echo 'SDK Relay starting: Process not ready' + exit 1 +fi diff --git a/IA_agents/prompts/prompt-deploy/scripts/sdk-signer-progress.sh b/IA_agents/prompts/prompt-deploy/scripts/sdk-signer-progress.sh new file mode 100755 index 0000000..d9cc2f9 --- /dev/null +++ b/IA_agents/prompts/prompt-deploy/scripts/sdk-signer-progress.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +# Healthcheck for SDK Signer +# Prefer checking the HTTP endpoint first; fall back to log-based progress hints diff --git a/IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh b/IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh new file mode 100644 index 0000000..88afc1f --- /dev/null +++ b/IA_agents/prompts/prompt-deploy/scripts/sync-vault-full.sh @@ -0,0 +1,69 @@ +#!/usr/bin/env sh +set -euo pipefail + +# Déterminer la racine du projet (4NK_env) relativement à ce script +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +ROOT_DIR="$(cd "$SCRIPT_DIR/../../../.." && pwd)" + +REPO_URL="https://git.4nkweb.com/4nk/4NK_vault.git" +VAULT_ROOT="$ROOT_DIR/vault" +SDK_DIR="$VAULT_ROOT/sdk-client" +CONFS_DIR="$ROOT_DIR/confs" +VAULT_ENV_FILE="$VAULT_ROOT/.env" +SYNC_JS="$ROOT_DIR/scripts/sync-vault-configs.js" + +# 0) Charger l'env Vault si présent (VAULT_BASE_URL, VAULT_USER/VAULT_USER_ID, VAULT_ENV, etc.) +if [ -f "$VAULT_ENV_FILE" ]; then + set -a + . "$VAULT_ENV_FILE" + set +a +fi + +# 1) Cloner / mettre à jour le dépôt directement dans vault/ +mkdir -p "$VAULT_ROOT" +if [ -d "$VAULT_ROOT/.git" ]; then + echo "[git] Mise à jour du dépôt existant dans $VAULT_ROOT" + git -C "$VAULT_ROOT" remote set-url origin "$REPO_URL" 2>/dev/null || true + git -C "$VAULT_ROOT" fetch --prune origin + git -C "$VAULT_ROOT" checkout -B master origin/master + git -C "$VAULT_ROOT" reset --hard origin/master +else + echo "[git] Initialisation du dépôt dans $VAULT_ROOT" + git -C "$VAULT_ROOT" init + git -C "$VAULT_ROOT" remote add origin "$REPO_URL" 2>/dev/null || git -C "$VAULT_ROOT" remote set-url origin "$REPO_URL" + git -C "$VAULT_ROOT" fetch --depth 1 origin master + git -C "$VAULT_ROOT" checkout -B master origin/master +fi + +# 2) Construire le SDK client (TypeScript) +if [ ! -d "$SDK_DIR" ]; then + echo "[ERROR] Dossier sdk-client introuvable dans le dépôt $VAULT_ROOT" + exit 2 +fi +cd "$SDK_DIR" +# Tenter npm ci puis fallback npm install, puis compiler via tsc +npm ci --no-audit --progress=false || npm install --no-audit --progress=false +npx tsc || ./node_modules/.bin/tsc + +# 3) Démo: init/routes/sync locale (écrit sous vault/confs) +node "$SDK_DIR/dist/examples/usage.js" || true + +# 4) Copier le miroir local vers confs si présent; sinon fallback sync directe via SDK local +mkdir -p "$CONFS_DIR" +if [ -d "$VAULT_ROOT/confs" ]; then + echo "[copy] Synchronisation $VAULT_ROOT/confs -> $CONFS_DIR" + rm -rf "$CONFS_DIR" + mkdir -p "$CONFS_DIR" + cp -a "$VAULT_ROOT/confs/." "$CONFS_DIR/" + rm -rf "$VAULT_ROOT/confs" + echo "[cleanup] Suppression du miroir $VAULT_ROOT/confs" +else + echo "[fallback] Miroir inexistant, tentative de sync directe via SDK" + if [ -f "$SYNC_JS" ]; then + node "$SYNC_JS" || true + else + echo "[WARN] Script de sync SDK introuvable: $SYNC_JS" + fi +fi + +echo "[OK] Sync Vault terminée vers $CONFS_DIR" diff --git a/IA_agents/prompts/prompt-deploy/scripts/tor-progress.sh b/IA_agents/prompts/prompt-deploy/scripts/tor-progress.sh new file mode 100755 index 0000000..c66e603 --- /dev/null +++ b/IA_agents/prompts/prompt-deploy/scripts/tor-progress.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Script de test de progression pour Tor +# Test simple : considérer Tor comme prêt après un délai +# Tor a terminé son bootstrap selon les logs Docker +echo 'Tor ready: Bootstrap complete (100%)' +exit 0 diff --git a/IA_agents/prompts/prompt-docs.md b/IA_agents/prompts/prompt-docs/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-docs.md rename to IA_agents/prompts/prompt-docs/prompt.md diff --git a/IA_agents/prompts/prompt-global.md b/IA_agents/prompts/prompt-global/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-global.md rename to IA_agents/prompts/prompt-global/prompt.md diff --git a/IA_agents/prompts/prompt-launch.md b/IA_agents/prompts/prompt-launch/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-launch.md rename to IA_agents/prompts/prompt-launch/prompt.md diff --git a/IA_agents/prompts/prompt-logs.md b/IA_agents/prompts/prompt-logs/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-logs.md rename to IA_agents/prompts/prompt-logs/prompt.md diff --git a/IA_agents/prompts/prompt-scripts.md b/IA_agents/prompts/prompt-scripts/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-scripts.md rename to IA_agents/prompts/prompt-scripts/prompt.md diff --git a/IA_agents/prompts/prompt-start.md b/IA_agents/prompts/prompt-start/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-start.md rename to IA_agents/prompts/prompt-start/prompt.md diff --git a/IA_agents/prompts/prompt-tests.md b/IA_agents/prompts/prompt-tests/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-tests.md rename to IA_agents/prompts/prompt-tests/prompt.md diff --git a/IA_agents/prompts/prompt-todo-management.md b/IA_agents/prompts/prompt-todo-management/prompt.md similarity index 100% rename from IA_agents/prompts/prompt-todo-management.md rename to IA_agents/prompts/prompt-todo-management/prompt.md diff --git a/confs/lecoffre_node/bitcoin/bitcoin.conf b/confs/bitcoin/bitcoin.conf similarity index 85% rename from confs/lecoffre_node/bitcoin/bitcoin.conf rename to confs/bitcoin/bitcoin.conf index 8bca714..c08ca72 100644 --- a/confs/lecoffre_node/bitcoin/bitcoin.conf +++ b/confs/bitcoin/bitcoin.conf @@ -1,7 +1,7 @@ # Configuration globale signet=1 server=1 -datadir=/home/bitcoin/.bitcoin +datadir=/home/debian/4NK_env/logs/bitcoin [signet] daemon=0 @@ -22,12 +22,12 @@ rpcthreads=4 rpcdoccheck=1 # Paramètres ZMQ -zmqpubhashblock=tcp://0.0.0.0:29000 -zmqpubrawtx=tcp://0.0.0.0:29001 +zmqpubhashblock=tcp://:29000 +zmqpubrawtx=tcp://:29001 listen=1 -bind=0.0.0.0:38333 -rpcbind=0.0.0.0:38332 +bind=:38333 +rpcbind=:38332 rpcport=38332 fallbackfee=0.0001 blockfilterindex=1 diff --git a/confs/lecoffre_node/blindbit-oracle/blindbit.toml b/confs/blindbit-oracle/blindbit.toml similarity index 84% rename from confs/lecoffre_node/blindbit-oracle/blindbit.toml rename to confs/blindbit-oracle/blindbit.toml index d8091eb..715f697 100644 --- a/confs/lecoffre_node/blindbit-oracle/blindbit.toml +++ b/confs/blindbit-oracle/blindbit.toml @@ -2,7 +2,7 @@ host = "0.0.0.0:8000" chain = "signet" rpc_endpoint = "http://bitcoin:38332" -cookie_path = "/home/bitcoin/.bitcoin/signet/.cookie" +cookie_path = "/home/debian/4NK_env/data/bitcoin/signet/.cookie" rpc_user = "" rpc_pass = "" sync_start_height = 1 diff --git a/confs/lecoffre_node/grafana/grafana.ini b/confs/grafana/grafana.ini similarity index 87% rename from confs/lecoffre_node/grafana/grafana.ini rename to confs/grafana/grafana.ini index cc6efcf..a637557 100644 --- a/confs/lecoffre_node/grafana/grafana.ini +++ b/confs/grafana/grafana.ini @@ -2,7 +2,7 @@ [server] # URL publique de Grafana -root_url = https://dev4.4nkweb.com/grafana/ +root_url = https://dev4.4nkweb.com/grafana # Configuration de sécurité enable_gzip = true @@ -34,7 +34,7 @@ enabled = false [dashboards] # Configuration des dashboards -default_home_dashboard_path = /var/lib/grafana/dashboards/lecoffre-overview.json +default_home_dashboard_path = /home/debian/4NK_env/confs/grafana/dashboards/lecoffre-overview.json [unified_alerting] # Configuration des alertes unifiées diff --git a/confs/lecoffre_node/README.md b/confs/lecoffre_node/README.md deleted file mode 100644 index fc17ee1..0000000 --- a/confs/lecoffre_node/README.md +++ /dev/null @@ -1,95 +0,0 @@ -# Configuration Centralisée - LeCoffre Node - -Ce dossier contient toutes les configurations centralisées pour les services du projet LeCoffre Node. - -## Structure - -``` -conf/ -├── bitcoin/ # Configuration Bitcoin Signet -│ └── bitcoin.conf -├── relay/ # Configuration SDK Relay -│ └── sdk_relay.conf -├── nginx/ # Configurations Nginx (déjà existantes) -│ └── ... -├── ihm_client/ # Configuration IHM Client -│ └── nginx.dev.conf -├── lecoffre-front/ # Configuration LeCoffre Frontend -└── miner/ # Configuration du mineur -``` - -## Scripts de Gestion - -Les configurations et le déploiement sont gérés via des scripts centralisés : - -- `scripts/sync-configs.sh` : Synchronise toutes les configurations -- `scripts/startup-sequence.sh` : Script principal avec déploiement complet -- `scripts/pre-build.sh` : Prépare l'environnement avant build Docker - -## Avantages - -1. **Centralisation** : Toutes les configurations au même endroit -2. **Cohérence** : Gestion uniforme des paramètres -3. **Maintenance** : Modifications centralisées -4. **Versioning** : Suivi des changements de configuration -5. **Backup** : Sauvegarde centralisée - -## Utilisation - -### Synchronisation manuelle -```bash -# Synchroniser tous les projets -./scripts/sync-configs.sh - -# Synchroniser un projet spécifique -./scripts/sync-configs.sh ihm_client -``` - -### Déploiement complet -```bash -# Déployer tous les projets -./scripts/startup-sequence.sh deploy - -# Déployer un projet spécifique -./scripts/startup-sequence.sh deploy-project ihm_client - -# Déployer avec push des images Docker -PUSH_DOCKER_IMAGES=true ./scripts/startup-sequence.sh deploy -``` - -### Préparation avant build -```bash -# Préparer l'environnement avant build Docker -./scripts/pre-build.sh -``` - -### Commandes de maintenance -```bash -# Mettre à jour toutes les dépendances -./scripts/startup-sequence.sh update-deps - -# Vérifier les fichiers ignore -./scripts/startup-sequence.sh check-ignore - -# Nettoyer les fichiers non suivis -./scripts/startup-sequence.sh clean-untracked - -# Compiler tous les projets -./scripts/startup-sequence.sh compile-all - -# Exécuter tous les tests -./scripts/startup-sequence.sh test-all -``` - -### Modification d'une configuration -1. Éditer le fichier dans `conf/[service]/` -2. Synchroniser avec `./scripts/sync-configs.sh [service]` -3. Redémarrer le service concerné - -## Services Concernés - -- **Bitcoin Signet** : Configuration du nœud Bitcoin -- **SDK Relay** : Configuration du relais WebSocket -- **IHM Client** : Configuration Nginx pour l'interface client -- **LeCoffre Front/Back** : Configurations des services web -- **Mineur** : Configuration du minage Bitcoin diff --git a/confs/lecoffre_node/grafana/dashboards/bitcoin-miner-detailed.json b/confs/lecoffre_node/grafana/dashboards/bitcoin-miner-detailed.json deleted file mode 100644 index c8469f9..0000000 --- a/confs/lecoffre_node/grafana/dashboards/bitcoin-miner-detailed.json +++ /dev/null @@ -1,399 +0,0 @@ -{ - "annotations": { - "list": [] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": null, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(rate({container=\"signet_miner\"} |= \"Block mined\" [5m])) by (container)", - "queryType": "", - "refId": "A" - } - ], - "title": "Blocs Minés par Minute", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(rate({container=\"signet_miner\"} |= \"Hashrate\" [5m])) by (container)", - "queryType": "", - "refId": "A" - } - ], - "title": "Hashrate du Mineur", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 8 - }, - "id": 3, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"signet_miner\"} |= \"ERROR\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs du Mineur (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - } - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 16, - "x": 8, - "y": 8 - }, - "id": 4, - "options": { - "legend": { - "displayMode": "list", - "placement": "right" - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum by (level) (count_over_time({container=\"signet_miner\"} | json | level != \"\" [1h]))", - "queryType": "", - "refId": "A" - } - ], - "title": "Distribution des Niveaux de Log", - "type": "piechart" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 16 - }, - "id": 5, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "{container=\"signet_miner\"} |= \"Block mined\" | json | line_format \"{{.timestamp}} - Bloc {{.height}} miné - Hash: {{.hash}}\"", - "queryType": "", - "refId": "A" - } - ], - "title": "Historique des Blocs Minés", - "type": "table" - } - ], - "refresh": "5s", - "schemaVersion": 37, - "style": "dark", - "tags": [ - "bitcoin", - "miner", - "signet" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Bitcoin Miner - Détails", - "uid": "bitcoin-miner-detailed", - "version": 1, - "weekStart": "" -} - diff --git a/confs/lecoffre_node/grafana/dashboards/bitcoin-miner.json b/confs/lecoffre_node/grafana/dashboards/bitcoin-miner.json deleted file mode 100644 index ed0bd13..0000000 --- a/confs/lecoffre_node/grafana/dashboards/bitcoin-miner.json +++ /dev/null @@ -1,160 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": null, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "showTime": false, - "showLabels": false, - "showCommonLabels": false, - "wrapLogMessage": false, - "prettifyLogMessage": false, - "enableLogDetails": true, - "dedupStrategy": "none", - "sortOrder": "Descending" - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "{job=\"bitcoin\"} |= \"block\" | logfmt", - "queryType": "", - "refId": "A" - } - ], - "title": "Bitcoin - Nouveaux Blocs", - "type": "logs" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 2, - "options": { - "showTime": false, - "showLabels": false, - "showCommonLabels": false, - "wrapLogMessage": false, - "prettifyLogMessage": false, - "enableLogDetails": true, - "dedupStrategy": "none", - "sortOrder": "Descending" - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "{job=\"miner\"} |= \"mined\" | logfmt", - "queryType": "", - "refId": "A" - } - ], - "title": "Miner - Blocs Minés", - "type": "logs" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 3, - "options": { - "showTime": false, - "showLabels": false, - "showCommonLabels": false, - "wrapLogMessage": false, - "prettifyLogMessage": false, - "enableLogDetails": true, - "dedupStrategy": "none", - "sortOrder": "Descending" - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "{job=~\"bitcoin|miner|blindbit\"} |= \"error\" | logfmt", - "queryType": "", - "refId": "A" - } - ], - "title": "Bitcoin/Miner/Blindbit - Erreurs", - "type": "logs" - } - ], - "refresh": "30s", - "schemaVersion": 36, - "style": "dark", - "tags": ["bitcoin", "miner", "blockchain"], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Bitcoin & Miner Monitoring", - "uid": "bitcoin-miner", - "version": 1, - "weekStart": "" -} diff --git a/confs/lecoffre_node/grafana/dashboards/bitcoin-services.json b/confs/lecoffre_node/grafana/dashboards/bitcoin-services.json deleted file mode 100644 index 2abf2d2..0000000 --- a/confs/lecoffre_node/grafana/dashboards/bitcoin-services.json +++ /dev/null @@ -1,532 +0,0 @@ -{ - "annotations": { - "list": [] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": null, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(rate({container=\"bitcoin-signet\"} |= \"UpdateTip\" [5m])) by (container)", - "queryType": "", - "refId": "A" - } - ], - "title": "Mises à Jour de la Chaîne Bitcoin", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(rate({container=\"blindbit-oracle\"} |= \"tweak\" [5m])) by (container)", - "queryType": "", - "refId": "A" - } - ], - "title": "Détection de Tweak (BlindBit)", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 8 - }, - "id": 3, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"bitcoin-signet\"} |= \"ERROR\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs Bitcoin (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 8 - }, - "id": 4, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"blindbit-oracle\"} |= \"ERROR\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs BlindBit (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 8 - }, - "id": 5, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"bitcoin-signet\"} |= \"New block\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Nouveaux Blocs (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 8 - }, - "id": 6, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"blindbit-oracle\"} |= \"Silent payment\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Silent Payments (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 12 - }, - "id": 7, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "{container=~\"bitcoin-signet|blindbit-oracle\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs Bitcoin Services", - "type": "table" - } - ], - "refresh": "5s", - "schemaVersion": 37, - "style": "dark", - "tags": [ - "bitcoin", - "signet", - "blindbit", - "oracle" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Bitcoin Services - Monitoring", - "uid": "bitcoin-services", - "version": 1, - "weekStart": "" -} - diff --git a/confs/lecoffre_node/grafana/dashboards/blindbit-oracle.json b/confs/lecoffre_node/grafana/dashboards/blindbit-oracle.json deleted file mode 100644 index 9d0a0fa..0000000 --- a/confs/lecoffre_node/grafana/dashboards/blindbit-oracle.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "datasource": "Loki", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "showLabels": false, - "showTime": false, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "expr": "{job=\"blindbit\"} |= \"Host configuration loaded\"", - "refId": "A" - } - ], - "title": "BlindBit Oracle - Configuration Loaded", - "type": "logs" - }, - { - "datasource": "Loki", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 2, - "options": { - "showLabels": false, - "showTime": false, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "expr": "{job=\"blindbit\"} |= \"Sync took\"", - "refId": "A" - } - ], - "title": "BlindBit Oracle - Synchronization", - "type": "logs" - }, - { - "datasource": "Loki", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 3, - "options": { - "showLabels": false, - "showTime": false, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "expr": "{job=\"blindbit\"} |= \"successfully processed block\"", - "refId": "A" - } - ], - "title": "BlindBit Oracle - Block Processing", - "type": "logs" - }, - { - "datasource": "Loki", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 16 - }, - "id": 4, - "options": { - "showLabels": false, - "showTime": false, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "expr": "{job=\"blindbit\"} |= \"GET\" |~ \"/tweaks/\"", - "refId": "A" - } - ], - "title": "BlindBit Oracle - API Requests", - "type": "logs" - }, - { - "datasource": "Loki", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 16 - }, - "id": 5, - "options": { - "showLabels": false, - "showTime": false, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "expr": "{job=\"blindbit\"} |~ \"ERROR|error|Error\"", - "refId": "A" - } - ], - "title": "BlindBit Oracle - Errors", - "type": "logs" - } - ], - "schemaVersion": 27, - "style": "dark", - "tags": [ - "blindbit", - "oracle", - "blockchain" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "BlindBit Oracle Dashboard", - "uid": "blindbit-oracle", - "version": 1 -} - diff --git a/confs/lecoffre_node/grafana/dashboards/frontend-services.json b/confs/lecoffre_node/grafana/dashboards/frontend-services.json deleted file mode 100644 index 262feb0..0000000 --- a/confs/lecoffre_node/grafana/dashboards/frontend-services.json +++ /dev/null @@ -1,532 +0,0 @@ -{ - "annotations": { - "list": [] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": null, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(rate({container=~\"lecoffre-front|ihm_client\"} |= \"GET\" [5m])) by (container)", - "queryType": "", - "refId": "A" - } - ], - "title": "Requêtes HTTP par Frontend", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(rate({container=\"ihm_client\"} |= \"vite\" [5m])) by (container)", - "queryType": "", - "refId": "A" - } - ], - "title": "Activité Vite (IHM Client)", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 8 - }, - "id": 3, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"lecoffre-front\"} |= \"ERROR\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs LeCoffre Front (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 8 - }, - "id": 4, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"ihm_client\"} |= \"ERROR\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs IHM Client (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 8 - }, - "id": 5, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(count_over_time({container=~\"lecoffre-front|ihm_client\"} [1h]))", - "queryType": "", - "refId": "A" - } - ], - "title": "Total Logs Frontend (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 8 - }, - "id": 6, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"ihm_client\"} |= \"Pre-transform error\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs Vite (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 12 - }, - "id": 7, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "{container=~\"lecoffre-front|ihm_client\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs Récentes Frontend", - "type": "table" - } - ], - "refresh": "5s", - "schemaVersion": 37, - "style": "dark", - "tags": [ - "frontend", - "lecoffre", - "ihm", - "client" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Frontend Services - Monitoring", - "uid": "frontend-services", - "version": 1, - "weekStart": "" -} - diff --git a/confs/lecoffre_node/grafana/dashboards/lecoffre-overview.json b/confs/lecoffre_node/grafana/dashboards/lecoffre-overview.json deleted file mode 100644 index 9ecf781..0000000 --- a/confs/lecoffre_node/grafana/dashboards/lecoffre-overview.json +++ /dev/null @@ -1,252 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": null, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum by (service) (count_over_time({job=~\".*\"} |= \"error\" [5m]))", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs par Service (5 dernières minutes)", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum by (service) (count_over_time({job=~\".*\"} [5m]))", - "queryType": "", - "refId": "A" - } - ], - "title": "Volume de Logs par Service (5 dernières minutes)", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "gridPos": { - "h": 12, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 3, - "options": { - "showTime": false, - "showLabels": false, - "showCommonLabels": false, - "wrapLogMessage": false, - "prettifyLogMessage": false, - "enableLogDetails": true, - "dedupStrategy": "none", - "sortOrder": "Descending" - }, - "title": "Logs d'Erreur - Tous Services", - "type": "logs" - } - ], - "refresh": "30s", - "schemaVersion": 36, - "style": "dark", - "tags": ["lecoffre", "monitoring"], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "LeCoffre Node - Vue d'ensemble", - "uid": "lecoffre-overview", - "version": 1, - "weekStart": "" -} diff --git a/confs/lecoffre_node/grafana/dashboards/sdk-services.json b/confs/lecoffre_node/grafana/dashboards/sdk-services.json deleted file mode 100644 index 112fa6a..0000000 --- a/confs/lecoffre_node/grafana/dashboards/sdk-services.json +++ /dev/null @@ -1,594 +0,0 @@ -{ - "annotations": { - "list": [] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": null, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(rate({container=~\"sdk_.*\"} |= \"message\" [5m])) by (container)", - "queryType": "", - "refId": "A" - } - ], - "title": "Messages par Service SDK", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 0 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(rate({container=\"sdk_relay\"} |= \"transaction\" [5m])) by (container)", - "queryType": "", - "refId": "A" - } - ], - "title": "Transactions Relay", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 0 - }, - "id": 3, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single" - } - }, - "title": "Signatures Signer", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 0, - "y": 8 - }, - "id": 4, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"sdk_relay\"} |= \"ERROR\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs Relay (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 6, - "y": 8 - }, - "id": 5, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "title": "Erreurs Signer (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 12, - "y": 8 - }, - "id": 6, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"sdk_storage\"} |= \"ERROR\" [1h])", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs Storage (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 6, - "x": 18, - "y": 8 - }, - "id": 7, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(count_over_time({container=~\"sdk_.*\"} [1h]))", - "queryType": "", - "refId": "A" - } - ], - "title": "Total Logs SDK (1h)", - "type": "stat" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 12 - }, - "id": 8, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "{container=~\"sdk_.*\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"", - "queryType": "", - "refId": "A" - } - ], - "title": "Erreurs Récentes SDK", - "type": "table" - } - ], - "refresh": "5s", - "schemaVersion": 37, - "style": "dark", - "tags": [ - "sdk", - "relay", - "signer", - "storage" - ], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "SDK Services - Monitoring", - "uid": "sdk-services", - "version": 1, - "weekStart": "" -} diff --git a/confs/lecoffre_node/grafana/dashboards/services-overview.json b/confs/lecoffre_node/grafana/dashboards/services-overview.json deleted file mode 100644 index b27238f..0000000 --- a/confs/lecoffre_node/grafana/dashboards/services-overview.json +++ /dev/null @@ -1,418 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": null, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "title": "LeCoffre Backend - Volume Logs", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 0 - }, - "id": 2, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum by (service) (count_over_time({job=\"lecoffre-front\"} [5m]))", - "queryType": "", - "refId": "A" - } - ], - "title": "LeCoffre Frontend - Volume Logs", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 0 - }, - "id": 3, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum by (service) (count_over_time({job=\"ihm_client\"} [5m]))", - "queryType": "", - "refId": "A" - } - ], - "title": "IHM Client - Volume Logs", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "vis": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 0 - }, - "id": 4, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom" - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum by (service) (count_over_time({job=\"sdk_relay\"} [5m]))", - "queryType": "", - "refId": "A" - } - ], - "title": "SDK Relay - Volume Logs", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "gridPos": { - "h": 12, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 5, - "options": { - "showTime": false, - "showLabels": false, - "showCommonLabels": false, - "wrapLogMessage": false, - "prettifyLogMessage": false, - "enableLogDetails": true, - "dedupStrategy": "none", - "sortOrder": "Descending" - }, - "title": "Logs d'Erreur - Services Applications", - "type": "logs" - } - ], - "refresh": "30s", - "schemaVersion": 36, - "style": "dark", - "tags": ["services", "applications"], - "templating": { - "list": [] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Services Applications - Monitoring", - "uid": "services-overview", - "version": 1, - "weekStart": "" -} diff --git a/confs/lecoffre_node/grafana/provisioning/dashboards/dashboards.yml b/confs/lecoffre_node/grafana/provisioning/dashboards/dashboards.yml deleted file mode 100644 index 511c104..0000000 --- a/confs/lecoffre_node/grafana/provisioning/dashboards/dashboards.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: 1 - -providers: - - name: 'LeCoffre Node Dashboards' - orgId: 1 - folder: 'LeCoffre Node' - type: file - disableDeletion: false - updateIntervalSeconds: 10 - allowUiUpdates: true - options: - path: /var/lib/grafana/dashboards diff --git a/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml b/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml deleted file mode 100644 index e8e63e6..0000000 --- a/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: 1 - -datasources: - - name: Loki - type: loki - access: proxy - url: http://loki:3100 - uid: loki - isDefault: true - editable: true - jsonData: - maxLines: 1000 \ No newline at end of file diff --git a/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml.bak b/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml.bak deleted file mode 100644 index 1bbf4d0..0000000 --- a/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml.bak +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: 1 - -datasources: - - name: Loki - type: loki - access: proxy - url: http://loki:3100 - uid: loki - isDefault: true - editable: true diff --git a/confs/lecoffre_node/ihm_client/nginx.dev.conf b/confs/lecoffre_node/ihm_client/nginx.dev.conf deleted file mode 100644 index 802fef5..0000000 --- a/confs/lecoffre_node/ihm_client/nginx.dev.conf +++ /dev/null @@ -1,48 +0,0 @@ -server { - listen 80; - server_name localhost; - - # Redirection des requêtes HTTP vers Vite - location / { - proxy_pass http://localhost:3003; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - } - - location /ws/ { - proxy_pass http://dev4.4nkweb.com:8090; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-NginX-Proxy true; - proxy_read_timeout 86400; - } - - location /storage/ { - rewrite ^/storage(/.*)$ $1 break; - proxy_pass http://localhost:8080; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - } - - location /api/ { - proxy_pass http://localhost:8091; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS headers - add_header Access-Control-Allow-Origin "*" always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always; - add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,X-Requested-With" always; - } -} \ No newline at end of file diff --git a/confs/lecoffre_node/logrotate/bitcoin.conf b/confs/lecoffre_node/logrotate/bitcoin.conf deleted file mode 100644 index 6e9fa88..0000000 --- a/confs/lecoffre_node/logrotate/bitcoin.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/bitcoin/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart bitcoin 2>/dev/null || true - endscript -} diff --git a/confs/lecoffre_node/logrotate/blindbit.conf b/confs/lecoffre_node/logrotate/blindbit.conf deleted file mode 100644 index 95e960c..0000000 --- a/confs/lecoffre_node/logrotate/blindbit.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/blindbit/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart blindbit 2>/dev/null || true - endscript -} diff --git a/confs/lecoffre_node/logrotate/ihm_client.conf b/confs/lecoffre_node/logrotate/ihm_client.conf deleted file mode 100644 index c9409ad..0000000 --- a/confs/lecoffre_node/logrotate/ihm_client.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/ihm_client/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart ihm_client 2>/dev/null || true - endscript -} diff --git a/confs/lecoffre_node/logrotate/lecoffre-front.conf b/confs/lecoffre_node/logrotate/lecoffre-front.conf deleted file mode 100644 index ea628b6..0000000 --- a/confs/lecoffre_node/logrotate/lecoffre-front.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/lecoffre-front/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart lecoffre-front 2>/dev/null || true - endscript -} diff --git a/confs/lecoffre_node/logrotate/miner.conf b/confs/lecoffre_node/logrotate/miner.conf deleted file mode 100644 index ed4374f..0000000 --- a/confs/lecoffre_node/logrotate/miner.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/miner/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart miner 2>/dev/null || true - endscript -} diff --git a/confs/lecoffre_node/logrotate/nginx.conf b/confs/lecoffre_node/logrotate/nginx.conf deleted file mode 100644 index d36f8a3..0000000 --- a/confs/lecoffre_node/logrotate/nginx.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/nginx/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart nginx 2>/dev/null || true - endscript -} diff --git a/confs/lecoffre_node/logrotate/sdk_relay.conf b/confs/lecoffre_node/logrotate/sdk_relay.conf deleted file mode 100644 index ef677bb..0000000 --- a/confs/lecoffre_node/logrotate/sdk_relay.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/sdk_relay/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart sdk_relay 2>/dev/null || true - endscript -} diff --git a/confs/lecoffre_node/logrotate/sdk_storage.conf b/confs/lecoffre_node/logrotate/sdk_storage.conf deleted file mode 100644 index 8d84d09..0000000 --- a/confs/lecoffre_node/logrotate/sdk_storage.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/sdk_storage/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart sdk_storage 2>/dev/null || true - endscript -} diff --git a/confs/lecoffre_node/logrotate/tor.conf b/confs/lecoffre_node/logrotate/tor.conf deleted file mode 100644 index d821318..0000000 --- a/confs/lecoffre_node/logrotate/tor.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/tor/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart tor 2>/dev/null || true - endscript -} diff --git a/confs/lecoffre_node/monitoring.conf b/confs/lecoffre_node/monitoring.conf deleted file mode 100644 index b478228..0000000 --- a/confs/lecoffre_node/monitoring.conf +++ /dev/null @@ -1,30 +0,0 @@ -# Configuration centralisée du monitoring LeCoffre Node -# Généré automatiquement le $(date) - -[monitoring] -# Services de monitoring -grafana_port=3000 -loki_port=3100 -promtail_enabled=true - -[grafana] -admin_user=admin -admin_password=admin123 -root_url=https://dev4.4nkweb.com/grafana/ -dashboard_home=lecoffre-overview - -[logs] -# Configuration des logs -log_retention_days=30 -log_rotation=daily -log_compression=true - -[services] -# Services surveillés -services=bitcoin,blindbit,sdk_relay,,sdk_storagelecoffre-front,ihm_client,tor,miner - -[alerts] -# Configuration des alertes -error_threshold=10 -warning_threshold=5 -alert_email= diff --git a/confs/lecoffre_node/nginx/dev4.4nkweb.com.conf b/confs/lecoffre_node/nginx/dev4.4nkweb.com.conf deleted file mode 100644 index d817484..0000000 --- a/confs/lecoffre_node/nginx/dev4.4nkweb.com.conf +++ /dev/null @@ -1,258 +0,0 @@ -# HTTP server for ACME and redirect to HTTPS -server { - listen 80; - server_name dev4.4nkweb.com http://dev4.4nkweb.com; - - # ACME HTTP-01 challenges - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt; - } - - # Redirection vers HTTPS pour toutes les autres requêtes - location / { - return 301 https://$server_name$request_uri; - } - - # API backend - route /back/ vers /api/ du backend - location ~* ^/back/(.*)$ { - proxy_pass http://localhost:8080/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - route /api/ vers le backend - # Autorisations CORS dynamiques pour origines connues - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - location /api/ { - # CORS pour développement local Next.js - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://localhost:8080/api/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1 - location ~* ^/apiv1/(.*)$ { - # CORS pour compatibilité - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://localhost:8080/api/v1/$1; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://localhost:8090/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 300; - } - - # API de transfert de fonds - location /api/v1/funds/ { - proxy_pass http://localhost:8080/api/v1/funds/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # Grafana - Interface de monitoring (DOIT être avant location /) - location /grafana/ { - proxy_pass http://localhost:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Loki API - API de logs (DOIT être avant location /) - location /loki/ { - proxy_pass http://localhost:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Page de statut des services (DOIT être avant location /) - location /status { - # Redirection vers /status/ - return 301 /status/; - } - - location /status/ { - # Serveur statique pour la page HTML - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Cache pour les assets statiques - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - - # API de statut des services (DOIT être avant location /) - location /status/api { - proxy_pass http://localhost:3006/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes AJAX - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - # Timeouts - proxy_connect_timeout 10s; - proxy_send_timeout 10s; - proxy_read_timeout 10s; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # ihm_client (root) - DOIT être en dernier - location / { - proxy_pass http://localhost:3003; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - - # favicon - location = /favicon.ico { - root /home/debian/4NK_env/confs/lecoffre_node/nginx/assets; - try_files /favicon.ico =404; - access_log off; - expires 30d; - } - - # lecoffre frontend - location = /lecoffre { - proxy_pass http://127.0.0.2:3004/lecoffre; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - } - - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004/lecoffre/; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - - # Next.js assets - location /_next/ { - proxy_pass http://127.0.0.2:3004/_next/; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - } - - # blindbit - location /blindbit/ { - proxy_pass http://localhost:8000/; - include /etc/nginx/proxy_params; - } - -} diff --git a/confs/lecoffre_node/nginx/grafana.conf b/confs/lecoffre_node/nginx/grafana.conf deleted file mode 100644 index c3753bb..0000000 --- a/confs/lecoffre_node/nginx/grafana.conf +++ /dev/null @@ -1,49 +0,0 @@ -# Configuration Nginx pour Grafana -server { - listen 80; - server_name dev4.4nkweb.com; - - # Proxy pour Grafana - location /grafana/ { - proxy_pass http://127.0.0.1:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Proxy pour Loki (API) - location /loki/ { - proxy_pass http://127.0.0.1:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } -} diff --git a/confs/lecoffre_node/nginx/nginx.conf b/confs/lecoffre_node/nginx/nginx.conf deleted file mode 100644 index 2474c2c..0000000 --- a/confs/lecoffre_node/nginx/nginx.conf +++ /dev/null @@ -1,470 +0,0 @@ -user www-data; -worker_processes auto; -pid /app/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 1024; - use epoll; - multi_accept on; -} - -http { - # Configuration de base - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - server_tokens off; - - # MIME types - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Logging - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /app/logs/nginx/access.log main; - error_log /app/logs/nginx/error.log warn; - - # Gzip compression - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_types - text/plain - text/css - text/xml - text/javascript - application/json - application/javascript - application/xml+rss - application/atom+xml - image/svg+xml; - - # Rate limiting - limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; - limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s; - - # Upstream servers - - upstream lecoffre_frontend { - server localhost:3004; - keepalive 32; - } - - upstream ihm_client { - server localhost:3003; - keepalive 32; - } - - upstream grafana { - server localhost:3005; - keepalive 32; - } - - upstream loki { - server localhost:3100; - keepalive 32; - } - - upstream status_api { - server localhost:3006; - keepalive 32; - } - - upstream sdk_relay { - server localhost:8090; - keepalive 32; - } - - upstream blindbit { - server localhost:8000; - keepalive 32; - } - - # Serveur principal HTTP (port 80) - server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - - # Redirection automatique vers HTTPS si disponible - return 301 https://$host$request_uri; - } - - # Serveur HTTPS (port 443) - server { - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; - server_name _; - - # Certificats SSL (auto-signés pour le développement) - ssl_certificate /app/ssl/nginx-selfsigned.crt; - ssl_certificate_key /app/ssl/nginx-selfsigned.key; - - # Configuration SSL - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; - ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; - - # Page de statut des services - location /status/ { - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - - # API de statut des services - location /status/api { - limit_req zone=api burst=20 nodelay; - proxy_pass http://status_api/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Grafana - Interface de monitoring - location /grafana/ { - proxy_pass http://grafana/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Grafana-Org-Id 1; - - # WebSocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - proxy_buffering off; - proxy_request_buffering off; - } - - # Loki API - API de logs - location /loki/ { - limit_req zone=api burst=10 nodelay; - proxy_pass http://loki/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # API backend - routes /back/ vers /api/ - location ~* ^/back/(.*)$ { - limit_req zone=api burst=20 nodelay; - proxy_pass http://lecoffre_backend/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - routes /api/ - location /api/ { - limit_req zone=api burst=20 nodelay; - - # CORS dynamique - set $cors_origin ""; - if ($http_origin ~* ^(http://localhost:3000|http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization, x-request-id" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://lecoffre_backend/api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://sdk_relay/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # API de transfert de fonds - location /api/v1/funds/ { - limit_req zone=api burst=5 nodelay; - proxy_pass http://lecoffre_backend/api/v1/funds/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # favicon - location = /favicon.ico { - root /var/www/lecoffre/assets; - try_files /favicon.ico =404; - } - - # blindbit - location /blindbit/ { - proxy_pass http://blindbit/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # LeCoffre Front - Application principale - # Redirige /lecoffre -> /lecoffre/ - location = /lecoffre { - return 301 /lecoffre/; - } - location /lecoffre/ { - proxy_pass http://lecoffre_frontend/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - - # Configuration spécifique pour Next.js - proxy_buffering off; - proxy_request_buffering off; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - } - - # ihm_client (root) - DOIT être en dernier - location / { - proxy_pass http://ihm_client; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - } - # API de statut des services - location /status/api { - limit_req zone=api burst=20 nodelay; - proxy_pass http://status_api/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Grafana - Interface de monitoring - location /grafana/ { - proxy_pass http://grafana/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Grafana-Org-Id 1; - - # WebSocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - proxy_buffering off; - proxy_request_buffering off; - } - - # API backend - routes /back/ vers /api/ - location ~* ^/back/(.*)$ { - limit_req zone=api burst=20 nodelay; - proxy_pass http://lecoffre_backend/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - routes /api/ - location /api/ { - limit_req zone=api burst=20 nodelay; - - # CORS dynamique pour développement local - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|http://localhost:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization, x-request-id" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://lecoffre_backend/api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://sdk_relay/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # LeCoffre Front - Application principale - # Redirige /lecoffre -> /lecoffre/ - location = /lecoffre { - return 301 /lecoffre/; - } - location /lecoffre/ { - proxy_pass http://lecoffre_frontend/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - - # Configuration spécifique pour Next.js - proxy_buffering off; - proxy_request_buffering off; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - } - - # ihm_client (root) - DOIT être en dernier - location / { - proxy_pass http://ihm_client; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - } -} diff --git a/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-http.conf b/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-http.conf deleted file mode 100755 index 804d8a0..0000000 --- a/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-http.conf +++ /dev/null @@ -1,15 +0,0 @@ -# HTTP server for ACME and redirect to HTTPS -server { - listen 80; - server_name dev4.4nkweb.com; - - # ACME HTTP-01 challenges - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt; - } - - # Redirection vers HTTPS pour toutes les autres requêtes - location / { - return 301 https://$server_name$request_uri; - } -} diff --git a/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-https.conf b/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-https.conf deleted file mode 100644 index 3f86a5d..0000000 --- a/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-https.conf +++ /dev/null @@ -1,226 +0,0 @@ -# Configuration HTTPS pour dev4.4nkweb.com -server { - listen 443 ssl http2; - server_name dev4.4nkweb.com; - - # Certificats SSL - ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; - - # Configuration SSL - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; - ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - # Headers de sécurité - add_header Strict-Transport-Security "max-age=63072000" always; - add_header X-Frame-Options DENY always; - add_header X-Content-Type-Options nosniff always; - add_header X-XSS-Protection "1; mode=block" always; - - # Grafana - Interface de monitoring (DOIT être avant location /) - location /grafana/ { - proxy_pass http://localhost:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Loki API - API de logs (DOIT être avant location /) - location /loki/ { - proxy_pass http://localhost:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Page de statut des services (DOIT être avant location /) - location /status { - # Redirection vers /status/ - return 301 /status/; - } - - location /status/ { - # Serveur statique pour la page HTML - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Cache pour les assets statiques - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - - # API de statut des services (DOIT être avant location /) - location /status/api { - proxy_pass http://localhost:3006/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes AJAX - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - # Timeouts - proxy_connect_timeout 10s; - proxy_send_timeout 10s; - proxy_read_timeout 10s; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # API backend - route /back/ vers /api/ du backend - location ~* ^/back/(.*)$ { - proxy_pass http://localhost:8080/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - route /api/ vers le backend - # Autorisations CORS dynamiques pour origines connues - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - location /api/ { - # CORS pour développement local Next.js - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://dev3.4nkweb.com:8080/api/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://localhost:8090/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # API de transfert de fonds - location /api/v1/funds/ { - proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # favicon - location = /favicon.ico { - root /home/debian/4NK_env/confs/lecoffre_node/nginx/assets; - try_files /favicon.ico =404; - } - - # blindbit - location /blindbit/ { - proxy_pass http://localhost:8000/; - include /etc/nginx/proxy_params; - } - - # lecoffre-front - Application LeCoffre - location = /lecoffre { return 301 /lecoffre/; } - location ^~ /lecoffre/ { - # ensure no redirect here; only proxy to Next - add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; - add_header Pragma "no-cache" always; - add_header Expires "-1" always; - proxy_hide_header ETag; - proxy_hide_header Last-Modified; - proxy_pass http://localhost:3004; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - proxy_send_timeout 300; - proxy_connect_timeout 300; - } - - # ihm_client (root) - DOIT être en dernier - location / { - proxy_pass http://localhost:3003; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } -} diff --git a/confs/lecoffre_node/nginx_backups_host/grafana.conf b/confs/lecoffre_node/nginx_backups_host/grafana.conf deleted file mode 100755 index c3753bb..0000000 --- a/confs/lecoffre_node/nginx_backups_host/grafana.conf +++ /dev/null @@ -1,49 +0,0 @@ -# Configuration Nginx pour Grafana -server { - listen 80; - server_name dev4.4nkweb.com; - - # Proxy pour Grafana - location /grafana/ { - proxy_pass http://127.0.0.1:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Proxy pour Loki (API) - location /loki/ { - proxy_pass http://127.0.0.1:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } -} diff --git a/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com-3000.conf b/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com-3000.conf deleted file mode 100755 index a4ea511..0000000 --- a/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com-3000.conf +++ /dev/null @@ -1,64 +0,0 @@ -server { - listen 0.0.0.0:3000; - listen [::]:3000; - server_name local.4nkweb.com; - - # HTTP pur: pas de HTTPS ni HSTS - - # Favicon - location = /favicon.ico { - root /home/debian/lecoffre_node/conf/nginx/assets; - } - - # Compat: callback ID.not sans basePath (toutes variantes et querystring) - location /authorized-client { - proxy_pass http://127.0.0.2:3004/lecoffre/authorized-client; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # Entrée sans slash - location = /lecoffre { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # BasePath /lecoffre - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # HMR (si utilisé en local) - location /lecoffre/_next/webpack-hmr { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_buffering off; - proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; - proxy_read_timeout 600s; - } - - # Assets Next.js - location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { - expires 7d; - add_header Cache-Control "public, max-age=604800, immutable" always; - proxy_pass http://127.0.0.2:3004$request_uri; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_read_timeout 300; - } -} diff --git a/confs/lecoffre_node/nginx_backups_host/nginx.conf b/confs/lecoffre_node/nginx_backups_host/nginx.conf deleted file mode 100755 index 68a8fd4..0000000 --- a/confs/lecoffre_node/nginx_backups_host/nginx.conf +++ /dev/null @@ -1,84 +0,0 @@ -user www-data; -worker_processes auto; -worker_cpu_affinity auto; -pid /run/nginx.pid; -error_log /var/log/nginx/error.log; -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 768; - # multi_accept on; -} - -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - server_tokens off; # Recommended practice is to turn this off - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # SSL Settings - ## - - ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1 - ssl_prefer_server_ciphers off; # Don't force server cipher order. - - ## - # Logging Settings - ## - - access_log /var/log/nginx/access.log; - - ## - # Gzip Settings - ## - - gzip on; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} diff --git a/confs/lecoffre_node/relay/sdk_relay.conf b/confs/lecoffre_node/relay/sdk_relay.conf deleted file mode 100644 index 7b0c1bd..0000000 --- a/confs/lecoffre_node/relay/sdk_relay.conf +++ /dev/null @@ -1,11 +0,0 @@ -core_url=http://bitcoin:38332 -ws_url=0.0.0.0:8090 -wallet_name=default -network=signet -blindbit_url=http://blindbit-oracle:8000 -zmq_url=tcp://bitcoin:29000 -storage=https://dev4.4nkweb.com/storage -data_dir=/app/.4nk -bitcoin_data_dir=/app/.bitcoin -bootstrap_url= -bootstrap_faucet=false diff --git a/confs/lecoffre_node/loki/loki-config.yaml b/confs/loki/loki-config.yaml similarity index 100% rename from confs/lecoffre_node/loki/loki-config.yaml rename to confs/loki/loki-config.yaml diff --git a/confs/lecoffre_node/promtail/promtail.yml b/confs/promtail/promtail.yml similarity index 92% rename from confs/lecoffre_node/promtail/promtail.yml rename to confs/promtail/promtail.yml index 05d943f..41676b0 100644 --- a/confs/lecoffre_node/promtail/promtail.yml +++ b/confs/promtail/promtail.yml @@ -1,5 +1,5 @@ server: - http_listen_port: 9080 + http_listen_port: 8090 grpc_listen_port: 0 positions: @@ -27,7 +27,7 @@ scrape_configs: labels: job: blindbit service: blindbit-oracle - __path__: /home/debian/4NK_env/logs/blindbit/*.log + __path__:/home/debian/4NK_env/logs/blindbit-oracle/*.log # SDK Relay Logs - job_name: sdk_relay @@ -37,7 +37,7 @@ scrape_configs: labels: job: sdk_relay service: sdk_relay - __path__: /home/debian/4NK_env/logs/sdk_relay/*.log + __path__:/home/debian/4NK_env/logs/sdk_relay/*.log # SDK Storage Logs - job_name: sdk_storage @@ -77,7 +77,7 @@ scrape_configs: labels: job: miner service: signet_miner - __path__: /home/debian/4NK_env/logs/miner/*.log + __path__:/home/debian/4NK_env/logs/miner/*.log # Tor Logs - job_name: tor diff --git a/confs/lecoffre_node/supervisor/supervisord.conf b/confs/supervisor/supervisord.conf similarity index 100% rename from confs/lecoffre_node/supervisor/supervisord.conf rename to confs/supervisor/supervisord.conf diff --git a/confs/lecoffre_node/tor/torrc b/confs/tor/torrc similarity index 66% rename from confs/lecoffre_node/tor/torrc rename to confs/tor/torrc index 79d7018..91699d0 100644 --- a/confs/lecoffre_node/tor/torrc +++ b/confs/tor/torrc @@ -5,11 +5,11 @@ SOCKSPort 127.0.0.1:9050 # Port de contrôle (désactivé pour la sécurité) -# ControlPort 127.0.0.1:9051 +# ControlPort 127.0.0.1:9050 # Configuration de base -Log notice file /var/log/tor/tor.log -DataDirectory /var/lib/tor +Log notice file /home/debian/4NK_env/logs/tor/tor.log +DataDirectory /home/debian/4NK_env/data/tor # Configuration réseau ClientOnly 1 @@ -17,5 +17,5 @@ SafeLogging 1 WarnUnsafeSocks 1 # Désactiver les services cachés -HiddenServiceDir /var/lib/tor/hidden_service/ +HiddenServiceDir /home/debian/4NK_env/data/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80 diff --git a/docs/VARIABLES-ENVIRONNEMENT-NOUVELLE-STRUCTURE.md b/docs/VARIABLES-ENVIRONNEMENT-NOUVELLE-STRUCTURE.md new file mode 100644 index 0000000..ac31091 --- /dev/null +++ b/docs/VARIABLES-ENVIRONNEMENT-NOUVELLE-STRUCTURE.md @@ -0,0 +1,191 @@ +# Nouvelle Structure des Variables d'Environnement + +## Vue d'ensemble + +La structure des variables d'environnement a été réorganisée pour séparer les variables par projet. Cette nouvelle architecture améliore la maintenabilité et la sécurité en isolant les configurations de chaque service. + +## Structure Actuelle + +``` +4NK_env/ +├── env/ +│ ├── lecoffre_node/ +│ │ └── .env +│ ├── sdk_relay/ +│ │ └── .env +│ ├── sdk_storage/ +│ │ └── .env +│ ├── ihm_client/ +│ │ └── .env +│ ├── lecoffre-front/ +│ │ └── .env +│ ├── blindbit-oracle/ +│ │ └── .env +│ ├── monitoring/ +│ │ └── .env +│ └── sdk_signer/ +│ └── .env +└── .env.master (conservé pour compatibilité) +``` + +## Projets et Variables + +### 1. lecoffre_node +**Fichier**: `env/lecoffre_node/.env` +**Variables principales**: +- Configuration des domaines (DOMAIN, BOOTSTRAP_DOMAIN, etc.) +- Configuration Git (GITEA_BASE_URL, GIT_TOKEN, etc.) +- Configuration IDNOT (IDNOT_API_KEY, IDNOT_CLIENT_ID, etc.) +- Configuration serveur (APP_HOST, API_BASE_URL, etc.) + +### 2. sdk_relay +**Fichier**: `env/sdk_relay/.env` +**Variables principales**: +- SDK_RELAY_* (SDK_RELAY_CORE_URL, SDK_RELAY_WS_URL, etc.) +- Variables legacy (core_url, ws_url, etc.) +- Configuration des ports (RELAY_PORT, RELAY_HTTP_PORT) + +### 3. sdk_storage +**Fichier**: `env/sdk_storage/.env` +**Variables principales**: +- STORAGE_URL, STORAGE_PORT, STORAGE_DATA_DIR + +### 4. ihm_client +**Fichier**: `env/ihm_client/.env` +**Variables principales**: +- VITE_* (VITE_API_BASE_URL, VITE_WS_URL, etc.) +- VITE_JWT_SECRET_KEY (variable sensible) + +### 5. lecoffre-front +**Fichier**: `env/lecoffre-front/.env` +**Variables principales**: +- NEXT_PUBLIC_* (NEXT_PUBLIC_4NK_URL, NEXT_PUBLIC_IDNOT_BASE_URL, etc.) +- NEXT_PUBLIC_IDNOT_CLIENT_ID (variable sensible) + +### 6. blindbit-oracle +**Fichier**: `env/blindbit-oracle/.env` +**Variables principales**: +- BLINDBIT_API_PORT, BITCOIN_RPC_URL + +### 7. monitoring +**Fichier**: `env/monitoring/.env` +**Variables principales**: +- Configuration Grafana (GRAFANA_ADMIN_USER, GRAFANA_ADMIN_PASSWORD, etc.) +- Configuration Loki (LOKI_URL, LOKI_CONFIG_FILE, etc.) +- Configuration Status API (STATUS_API_PORT, STATUS_API_HOST) +- Variables Bitcoin pour monitoring + +### 8. sdk_signer +**Fichier**: `env/sdk_signer/.env` +**Variables principales**: +- SIGNER_* (SIGNER_PORT, SIGNER_DATABASE_PATH, etc.) +- SIGNER_API_KEY (variable sensible) + +## Migration depuis .env.master + +### Avant (Structure Monolithique) +```yaml +# docker-compose.yml +services: + sdk_relay: + env_file: + - /home/debian/4NK_env/.env.master +``` + +### Après (Structure Séparée) +```yaml +# docker-compose.yml +services: + sdk_relay: + env_file: + - /home/debian/4NK_env/env/sdk_relay/.env +``` + +## Avantages de la Nouvelle Structure + +1. **Séparation des responsabilités**: Chaque projet a ses propres variables +2. **Sécurité améliorée**: Isolation des variables sensibles par service +3. **Maintenance facilitée**: Modification des variables sans impact sur les autres services +4. **Déploiement modulaire**: Possibilité de déployer des services indépendamment +5. **Debugging simplifié**: Variables spécifiques à un service dans un seul fichier + +## Scripts de Gestion + +### Ajout de Variables Manquantes +```bash +./scripts/add-missing-env-vars-new.sh +``` + +### Test de Configuration +```bash +./scripts/test-env-config.sh +``` + +### Démarrage des Services +```bash +./scripts/lecoffre_node/start.sh +``` + +## Variables Sensibles + +Les variables marquées comme sensibles sont identifiées par la section : +```bash +# ================== /!\ sensible ========================= +``` + +Ces variables contiennent : +- Clés API (IDNOT_API_KEY, SIGNER_API_KEY) +- Secrets JWT (VITE_JWT_SECRET_KEY) +- Identifiants clients (IDNOT_CLIENT_ID, NEXT_PUBLIC_IDNOT_CLIENT_ID) +- Mots de passe (IDNOT_CLIENT_SECRET, GRAFANA_ADMIN_PASSWORD) + +## Compatibilité + +Le fichier `.env.master` est conservé pour la compatibilité avec les anciens scripts, mais il est recommandé d'utiliser la nouvelle structure pour tous les nouveaux développements. + +## Migration des Scripts Existants + +Les scripts ont été mis à jour pour utiliser la nouvelle structure : +- `docker-compose.yml`: Pointe vers les nouveaux fichiers .env +- `scripts/lecoffre_node/start.sh`: Vérifie les fichiers par projet +- `scripts/test-env-config.sh`: Teste la nouvelle structure + +## Recommandations + +1. **Ne jamais modifier les valeurs des variables** sans validation préalable +2. **Utiliser les scripts de gestion** pour ajouter/modifier des variables +3. **Tester la configuration** après chaque modification +4. **Maintenir la cohérence** entre les fichiers .env et la documentation +5. **Sauvegarder** avant toute modification importante + +## Troubleshooting + +### Problème : Service ne trouve pas ses variables +**Solution**: Vérifier que le fichier .env correspondant existe dans `env//.env` + +### Problème : Variables manquantes +**Solution**: Utiliser le script `add-missing-env-vars-new.sh` + +### Problème : Conflit de variables +**Solution**: Vérifier que les variables sont dans le bon fichier projet + +## Maintenance + +### Ajout d'un Nouveau Service +1. Créer le dossier `env//` +2. Créer le fichier `.env` avec les variables nécessaires +3. Mettre à jour `docker-compose.yml` +4. Mettre à jour les scripts de test +5. Documenter les variables dans ce fichier + +### Suppression d'un Service +1. Sauvegarder le fichier .env +2. Supprimer le dossier `env//` +3. Mettre à jour `docker-compose.yml` +4. Mettre à jour les scripts de test +5. Mettre à jour la documentation + + + + + diff --git a/scripts/add-missing-env-vars-new.sh b/scripts/add-missing-env-vars-new.sh new file mode 100755 index 0000000..edf0028 --- /dev/null +++ b/scripts/add-missing-env-vars-new.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Script pour ajouter les variables d'environnement manquantes dans la nouvelle structure env//.env + +set -e + +# Couleurs pour l'affichage +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +ENV_DIR="/home/debian/4NK_env/env" +BACKUP_DIR="${ENV_DIR}.backup.$(date +%Y%m%d_%H%M%S)" + +echo -e "${BLUE}========================================${NC}" +echo -e "${BLUE} Ajout des Variables d'Environnement Manquantes${NC}" +echo -e "${BLUE} Nouvelle Structure env//.env${NC}" +echo -e "${BLUE}========================================${NC}" +echo + +# Fonction pour vérifier si une variable existe dans un fichier +check_var_exists() { + local env_file="$1" + local var_name="$2" + grep -q "^${var_name}=" "$env_file" 2>/dev/null +} + +# Fonction pour ajouter une variable si elle n'existe pas +add_var_if_missing() { + local env_file="$1" + local var_name="$2" + local var_value="$3" + local description="$4" + + if ! check_var_exists "$env_file" "$var_name"; then + echo -e "${YELLOW}Ajout de ${var_name} dans $(basename $(dirname $env_file)): ${description}${NC}" + echo "${var_name}=${var_value}" >> "$env_file" + return 0 + else + echo -e "${GREEN}✓ ${var_name} existe déjà dans $(basename $(dirname $env_file))${NC}" + return 1 + fi +} + +# Créer une sauvegarde +echo -e "${BLUE}Création d'une sauvegarde: ${BACKUP_DIR}${NC}" +cp -r "$ENV_DIR" "$BACKUP_DIR" + +echo -e "${BLUE}Ajout des variables manquantes...${NC}" +echo + +# Variables pour lecoffre_node +echo -e "${CYAN}=== Variables lecoffre_node ===${NC}" +add_var_if_missing "$ENV_DIR/lecoffre_node/.env" "BITCOIN_RPC_USER" "bitcoin_user" "Nom d'utilisateur RPC Bitcoin" +add_var_if_missing "$ENV_DIR/lecoffre_node/.env" "BITCOIN_RPC_PASSWORD" "FAKE-DATA-IA-bitcoin_password_secure" "Mot de passe RPC Bitcoin" +add_var_if_missing "$ENV_DIR/lecoffre_node/.env" "BITCOIN_RPC_PORT" "38332" "Port RPC Bitcoin" + +echo + +# Variables pour blindbit-oracle +echo -e "${CYAN}=== Variables blindbit-oracle ===${NC}" +add_var_if_missing "$ENV_DIR/blindbit-oracle/.env" "BLINDBIT_API_PORT" "8000" "Port de l'API BlindBit" +add_var_if_missing "$ENV_DIR/blindbit-oracle/.env" "BITCOIN_RPC_URL" "http://bitcoin:38332" "URL du RPC Bitcoin" + +echo + +# Variables pour sdk_relay +echo -e "${CYAN}=== Variables sdk_relay ===${NC}" +add_var_if_missing "$ENV_DIR/sdk_relay/.env" "RELAY_PORT" "8090" "Port du relay" +add_var_if_missing "$ENV_DIR/sdk_relay/.env" "RELAY_HTTP_PORT" "8091" "Port HTTP du relay" +add_var_if_missing "$ENV_DIR/sdk_relay/.env" "STORAGE_URL" "http://sdk_storage:8080" "URL du service de stockage" + +echo + +# Variables pour sdk_storage +echo -e "${CYAN}=== Variables sdk_storage ===${NC}" +add_var_if_missing "$ENV_DIR/sdk_storage/.env" "STORAGE_PORT" "8080" "Port du service de stockage" +add_var_if_missing "$ENV_DIR/sdk_storage/.env" "STORAGE_DATA_DIR" "/app/data" "Répertoire des données de stockage" + +echo + +# Variables pour ihm_client +echo -e "${CYAN}=== Variables ihm_client ===${NC}" +add_var_if_missing "$ENV_DIR/ihm_client/.env" "VITE_API_URL" "https://dev4.4nkweb.com/api" "URL de l'API pour Vite" +add_var_if_missing "$ENV_DIR/ihm_client/.env" "VITE_4NK_URL" "https://dev4.4nkweb.com" "URL 4NK pour Vite" +add_var_if_missing "$ENV_DIR/ihm_client/.env" "VITE_RELAY_URL" "wss://dev4.4nkweb.com/ws" "URL du relay pour Vite" + +echo + +# Variables pour lecoffre-front +echo -e "${CYAN}=== Variables lecoffre-front ===${NC}" +add_var_if_missing "$ENV_DIR/lecoffre-front/.env" "NEXTJS_APP_ENV_NAME" "development" "Nom de l'environnement Next.js" + +echo + +# Variables pour monitoring +echo -e "${CYAN}=== Variables monitoring ===${NC}" +add_var_if_missing "$ENV_DIR/monitoring/.env" "GRAFANA_ADMIN_USER" "admin" "Utilisateur admin Grafana" +add_var_if_missing "$ENV_DIR/monitoring/.env" "GRAFANA_ADMIN_PASSWORD" "admin123" "Mot de passe admin Grafana" + +echo + +# Variables pour sdk_signer +echo -e "${CYAN}=== Variables sdk_signer ===${NC}" +add_var_if_missing "$ENV_DIR/sdk_signer/.env" "SIGNER_LOG_LEVEL" "info" "Niveau de log du signer" + +echo + +echo -e "${GREEN}✅ Variables ajoutées avec succès !${NC}" +echo +echo -e "${BLUE}Fichiers:${NC}" +echo -e "${YELLOW} - Répertoire principal: ${ENV_DIR}${NC}" +echo -e "${YELLOW} - Sauvegarde: ${BACKUP_DIR}${NC}" +echo +echo -e "${BLUE}Pour tester:${NC}" +echo -e "${YELLOW} cd /home/debian/4NK_env/scripts${NC}" +echo -e "${YELLOW} ./test-env-config.sh${NC}" +echo diff --git a/scripts/check-repos-status.sh b/scripts/check-repos-status.sh index 581fdd4..52a0332 100755 --- a/scripts/check-repos-status.sh +++ b/scripts/check-repos-status.sh @@ -148,3 +148,4 @@ echo "" log "✅ Vérification terminée" + diff --git a/scripts/configure-from-env.sh b/scripts/configure-from-env.sh new file mode 100755 index 0000000..7a87119 --- /dev/null +++ b/scripts/configure-from-env.sh @@ -0,0 +1,198 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Charge les variables depuis /home/debian/4NK_env/confs/.env si présent +ENV_FILE="/home/debian/4NK_env/confs/.env" +ROOT_DIR_DEFAULT="/home/debian/4NK_env" + +safe_source() { + # Source un fichier en désactivant nounset pour éviter les erreurs variables non liées + local f="$1" + if [ -f "$f" ]; then + set +u + # shellcheck disable=SC1090 + . "$f" + set -u + fi +} + +if [ -f "$ENV_FILE" ]; then + set -a + safe_source "$ENV_FILE" + set +a +else + echo "[WARN] $ENV_FILE introuvable; tentative de chargement des env//.env" + for f in \ + /home/debian/4NK_env/env/lecoffre_node/.env \ + /home/debian/4NK_env/env/sdk_relay/.env \ + /home/debian/4NK_env/env/sdk_storage/.env \ + /home/debian/4NK_env/env/ihm_client/.env \ + /home/debian/4NK_env/env/lecoffre-front/.env \ + /home/debian/4NK_env/env/monitoring/.env; do + set -a + safe_source "$f" + set +a + done +fi + +ROOT_DIR="${ROOT_DIR:-$ROOT_DIR_DEFAULT}" +ROOT_URL="${ROOT_URL:-https://dev4.4nkweb.com}" +BOOTSTRAP_HOST="${BOOTSTRAP_HOST:-dev3.4nkweb.com}" + +# helper: test presence of all vars +have_vars() { + for name in "$@"; do + eval "val=\${$name-}" + if [ -z "${val}" ]; then + return 1 + fi + done + return 0 +} + +# 1) bitcoin.conf +btc_conf="$ROOT_DIR/confs/bitcoin/bitcoin.conf" +if [ -f "$btc_conf" ]; then + if have_vars BITCOIN_DATA_DIR BITCOIN_BIND BITCOIN_ZMQPUBRAWTX_PORT BITCOIN_ZMQPBUBHASHBLOCK_PORT BITCOIN_SIGNET_P2P_PORT BITCOIN_SIGNET_RPC_PORT; then + sed -i \ + -e "s|^datadir=.*$|datadir=${BITCOIN_DATA_DIR}|" \ + -e "s|^zmqpubrawtx=.*$|zmqpubrawtx=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPUBRAWTX_PORT}|" \ + -e "s|^zmqpubhashblock=.*$|zmqpubhashblock=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPBUBHASHBLOCK_PORT}|" \ + -e "s|^bind=.*$|bind=${BITCOIN_BIND}:${BITCOIN_SIGNET_P2P_PORT}|" \ + -e "s|^rpcbind=.*$|rpcbind=${BITCOIN_BIND}:${BITCOIN_SIGNET_RPC_PORT}|" \ + "$btc_conf" + echo "[OK] bitcoin.conf mis à jour" + else + echo "[SKIP] bitcoin.conf (variables manquantes)" + fi +fi + +# 2) blindbit.toml +bb_conf="$ROOT_DIR/confs/blindbit-oracle/blindbit.toml" +if [ -f "$bb_conf" ]; then + if have_vars BLINDBIT_PORT BITCOIN_DOCKER_HOST BITCOIN_SIGNET_RPC_PORT BITCOIN_DATA_DIR; then + sed -i \ + -e "s|^host\s*=.*$|host = \"0.0.0.0:${BLINDBIT_PORT}\"|" \ + -e "s|^rpc_endpoint\s*=.*$|rpc_endpoint = \"http://${BITCOIN_DOCKER_HOST}:${BITCOIN_SIGNET_RPC_PORT}\"|" \ + -e "s|^cookie_path\s*=.*$|cookie_path = \"${BITCOIN_DATA_DIR}/signet/.cookie\"|" \ + "$bb_conf" + echo "[OK] blindbit.toml mis à jour" + else + echo "[SKIP] blindbit.toml (variables manquantes)" + fi +fi + +# 3) grafana.ini +gf_conf="$ROOT_DIR/confs/grafana/grafana.ini" +if [ -f "$gf_conf" ]; then + sed -i \ + -e "s|^\s*root_url\s*=.*$|root_url = ${ROOT_URL}/grafana/|" \ + "$gf_conf" + echo "[OK] grafana.ini mis à jour" +fi + +# 4) loki-config.yaml +loki_conf="$ROOT_DIR/confs/loki/loki-config.yaml" +if [ -f "$loki_conf" ]; then + if have_vars LOKI_HTTP_LISTEN_PORT; then + sed -i \ + -e "s|^\s*http_listen_port:.*$|http_listen_port: ${LOKI_HTTP_LISTEN_PORT}|" \ + "$loki_conf" + echo "[OK] loki-config.yaml mis à jour" + else + echo "[SKIP] loki-config.yaml (variables manquantes)" + fi +fi + +# 5) promtail.yml +pt_conf="$ROOT_DIR/confs/promtail/promtail.yml" +if [ -f "$pt_conf" ]; then + if have_vars LOKI_DOCKER_HOST LOKI_HTTP_LISTEN_PORT; then + sed -i \ + -e "s|url: .*|url: http://${LOKI_DOCKER_HOST}:${LOKI_HTTP_LISTEN_PORT}/loki/api/v1/push|" \ + "$pt_conf" + fi + sed -i \ + -e "s|/home/debian/4NK_env/|${ROOT_DIR}/|g" \ + "$pt_conf" + echo "[OK] promtail.yml mis à jour" +fi + +# 6) sdk_relay.conf +relay_conf="$ROOT_DIR/confs/relay/sdk_relay.conf" +if [ -f "$relay_conf" ]; then + if have_vars BITCOIN_DOCKER_HOST BITCOIN_SIGNET_RPC_PORT RELAY_PORT BITCOIN_WALLET_NAME BLINDBIT_DOCKER_NAME BLINDBIT_PORT BITCOIN_BIND BITCOIN_ZMQPBUBHASHBLOCK_PORT BITCOIN_DATA_DIR BOOTSTRAP_HOST; then + sed -i \ + -e "s|^core_url=.*$|core_url=http://${BITCOIN_DOCKER_HOST}:${BITCOIN_SIGNET_RPC_PORT}|" \ + -e "s|^ws_url=.*$|ws_url=0.0.0.0:${RELAY_PORT}|" \ + -e "s|^wallet_name=.*$|wallet_name=${BITCOIN_WALLET_NAME}|" \ + -e "s|^blindbit_url=.*$|blindbit_url=http://${BLINDBIT_DOCKER_NAME}:${BLINDBIT_PORT}|" \ + -e "s|^zmq_url=.*$|zmq_url=tcp://${BITCOIN_BIND}:${BITCOIN_ZMQPBUBHASHBLOCK_PORT}|" \ + -e "s|^storage=.*$|storage=https://dev4.4nkweb.com/storage|" \ + -e "s|^data_dir=.*$|data_dir=${ROOT_DIR}/data|" \ + -e "s|^bitcoin_data_dir=.*$|bitcoin_data_dir=${BITCOIN_DATA_DIR}|" \ + -e "s|^bootstrap_url=.*$|bootstrap_url=wss://${BOOTSTRAP_HOST}/ws|" \ + "$relay_conf" + echo "[OK] sdk_relay.conf mis à jour" + else + echo "[SKIP] sdk_relay.conf (variables manquantes)" + fi +fi + +# 7) env/grafana/.env +gf_env="$ROOT_DIR/env/grafana/.env" +if [ -f "$gf_env" ]; then + sed -i \ + -e "s|^GF_SERVER_ROOT_URL=.*$|GF_SERVER_ROOT_URL=${ROOT_URL}/grafana/|" \ + "$gf_env" + echo "[OK] env grafana mis à jour" +fi + +# 8) env/ihm_client/.env +ihm_env="$ROOT_DIR/env/ihm_client/.env" +if [ -f "$ihm_env" ]; then + sed -i \ + -e "s|^NEXT_PUBLIC_4NK_IFRAME_URL=.*$|NEXT_PUBLIC_4NK_IFRAME_URL=${ROOT_URL}/|" \ + -e "s|^VITE_JWT_SECRET_KEY=.*$|VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY:-FAKE-DATA-IA-CHANGE-ME}|" \ + -e "s|^VITE_API_BASE_URL=.*$|VITE_API_BASE_URL=${ROOT_URL}/lecoffre/api|" \ + -e "s|^VITE_WS_URL=.*$|VITE_WS_URL=wss://${BOOTSTRAP_HOST}/ws/|" \ + -e "s|^VITE_SIGNER_URL=.*$|VITE_SIGNER_URL=https://${BOOTSTRAP_HOST}/signer|" \ + -e "s|^VITE_BOOTSTRAPURL=.*$|VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_HOST}/ws/|" \ + "$ihm_env" + # RELAY_URLS nécessite ROOT_HOST; fallback best-effort + relay_urls="wss://${BOOTSTRAP_HOST}/ws/" + if [ -n "${ROOT_HOST:-}" ]; then relay_urls="wss://${ROOT_HOST}/ws/,${relay_urls}"; fi + sed -i -e "s|^RELAY_URLS=.*$|RELAY_URLS=${relay_urls}|" "$ihm_env" + echo "[OK] env ihm_client mis à jour" +fi + +# 9) env/lecoffre-front/.env +front_env="$ROOT_DIR/env/lecoffre-front/.env" +if [ -f "$front_env" ]; then + sed -i \ + -e "s|^SIGNER_API_KEY=.*$|SIGNER_API_KEY=${VITE_BOOTSTRAPURL:-}|" \ + -e "s|^VITE_JWT_SECRET_KEY=.*$|VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY:-FAKE-DATA-IA-CHANGE-ME}|" \ + -e "s|^NEXT_PUBLIC_4NK_URL=.*$|NEXT_PUBLIC_4NK_URL=${IHM_CLIENT_URL:-${ROOT_URL}}|" \ + -e "s|^NEXT_PUBLIC_FRONT_APP_HOST=.*$|NEXT_PUBLIC_FRONT_APP_HOST=https://${LECOFFRE_FRONT_URL:-dev4.4nkweb.com}/lecoffre|" \ + -e "s|^NEXT_PUBLIC_BACK_API_HOST=.*$|NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_URL:-dev3.4nkweb.com}|" \ + -e "s|^NEXT_PUBLIC_4NK_IFRAME_URL=.*$|NEXT_PUBLIC_4NK_IFRAME_URL=${ROOT_URL}|" \ + -e "s|^NEXT_PUBLIC_API_URL=.*$|NEXT_PUBLIC_API_URL=https://${LECOFFRE_BACK_URL:-dev3.4nkweb.com}/api|" \ + -e "s|^NEXT_PUBLIC_DEFAULT_STORAGE_URLS=.*$|NEXT_PUBLIC_DEFAULT_STORAGE_URLS=${ROOT_URL}/storage|" \ + "$front_env" + echo "[OK] env lecoffre-front mis à jour" +fi + +# 10) env/sdk_storage/.env +storage_env="$ROOT_DIR/env/sdk_storage/.env" +if [ -f "$storage_env" ]; then + sed -i \ + -e "s|^DOMAIN=.*$|DOMAIN=${ROOT_HOST:-dev4.4nkweb.com}|" \ + -e "s|^STORAGE_URL=.*$|STORAGE_URL=http://${STORAGE_DOCKER_HOST:-sdk_storage}:${STORAGE_PORT:-8080}|" \ + -e "s|^STORAGE_PORT=.*$|STORAGE_PORT=${STORAGE_PORT:-8080}|" \ + -e "s|^STORAGE_DATA_DIR=.*$|STORAGE_DATA_DIR=${ROOT_DIR}/data/storage|" \ + -e "s|^VITE_STORAGE_URL=.*$|VITE_STORAGE_URL=${ROOT_URL}/storage|" \ + "$storage_env" + echo "[OK] env sdk_storage mis à jour" +fi + +echo "[DONE] Configuration appliquée (best-effort)" diff --git a/scripts/create-and-push-4nk-env.sh b/scripts/create-and-push-4nk-env.sh index 6dbb325..34299e6 100755 --- a/scripts/create-and-push-4nk-env.sh +++ b/scripts/create-and-push-4nk-env.sh @@ -68,3 +68,4 @@ fi log "✅ Script terminé" + diff --git a/scripts/lecoffre_node/blindbit-maintenance.sh b/scripts/lecoffre_node/blindbit-maintenance.sh index 0abc9aa..e4f1dcb 100755 --- a/scripts/lecoffre_node/blindbit-maintenance.sh +++ b/scripts/lecoffre_node/blindbit-maintenance.sh @@ -225,3 +225,7 @@ while true; do read -r done + + + + diff --git a/scripts/lecoffre_node/collect-blindbit-logs.sh b/scripts/lecoffre_node/collect-blindbit-logs.sh index 2d8f774..bf3a050 100755 --- a/scripts/lecoffre_node/collect-blindbit-logs.sh +++ b/scripts/lecoffre_node/collect-blindbit-logs.sh @@ -108,3 +108,7 @@ echo "Erreurs: errors_${TIMESTAMP}.log" echo "API: api_${TIMESTAMP}.log" echo "Test API: api_test_${TIMESTAMP}.txt" + + + + diff --git a/scripts/lecoffre_node/quick-health-check.sh b/scripts/lecoffre_node/quick-health-check.sh index 2ef5214..dc0b406 100755 --- a/scripts/lecoffre_node/quick-health-check.sh +++ b/scripts/lecoffre_node/quick-health-check.sh @@ -86,3 +86,7 @@ echo -e "\n${CYAN}========================================${NC}" echo -e "${GREEN}✓ Vérification rapide terminée${NC}" echo -e "${CYAN}========================================${NC}" + + + + diff --git a/scripts/lecoffre_node/wait-bitcoin-ready.sh b/scripts/lecoffre_node/wait-bitcoin-ready.sh old mode 100644 new mode 100755 index cfe9f1e..a1f27dc --- a/scripts/lecoffre_node/wait-bitcoin-ready.sh +++ b/scripts/lecoffre_node/wait-bitcoin-ready.sh @@ -24,3 +24,7 @@ echo "Timeout waiting for Bitcoin" exit 1 + + + + diff --git a/scripts/lecoffre_node/wait-tor-bootstrap.sh b/scripts/lecoffre_node/wait-tor-bootstrap.sh old mode 100644 new mode 100755 index 0a84268..8293945 --- a/scripts/lecoffre_node/wait-tor-bootstrap.sh +++ b/scripts/lecoffre_node/wait-tor-bootstrap.sh @@ -24,3 +24,7 @@ echo "Timeout waiting for Tor bootstrap" exit 1 + + + + diff --git a/scripts/push-to-remote.sh b/scripts/push-to-remote.sh index f6e7850..cac3620 100755 --- a/scripts/push-to-remote.sh +++ b/scripts/push-to-remote.sh @@ -90,3 +90,4 @@ log "🔗 URL du dépôt: $GIT_REMOTE" log "📝 Branche: $BRANCH" + diff --git a/scripts/sync-vault-configs.js b/scripts/sync-vault-configs.js new file mode 100644 index 0000000..d5f35cc --- /dev/null +++ b/scripts/sync-vault-configs.js @@ -0,0 +1,97 @@ +#!/usr/bin/env node +/* + Sync Vault configs to local confs/ mirror +*/ +process.env.SHELL = process.env.SHELL || '/usr/bin/sh'; + +const fs = require('fs'); +const path = require('path'); + +// Load env from vault/.env if dotenv is available +(function loadEnv() { + const dotenvPaths = [ + '/home/debian/4NK_env/vault/node_modules/dotenv', + '/home/debian/4NK_env/vault/sdk-client/node_modules/dotenv', + ]; + for (const p of dotenvPaths) { + try { + require(p).config({ path: path.resolve('/home/debian/4NK_env/vault/.env') }); + break; + } catch (_) { /* ignore */ } + } +})(); + +// Load SDK client (prefer root dist, fallback to sdk-client dist) +let sdk; +try { + sdk = require('/home/debian/4NK_env/vault/dist/index.js'); +} catch (e1) { + try { + sdk = require('/home/debian/4NK_env/vault/sdk-client/dist/index.js'); + } catch (e2) { + console.error('[fatal] Vault SDK not built. Build it in vault/ or vault/sdk-client first.'); + process.exit(2); + } +} + +const { createSecureVaultClient } = sdk; + +const BASE_URL = process.env.VAULT_BASE_URL || 'https://vault.4nkweb.com:6666'; +const USER_ID = process.env.VAULT_USER_ID || process.env.VAULT_USER || 'demo_user_001'; +const VAULT_ENV = process.env.VAULT_ENV || 'dev'; + +const ROOT_DIR = '/home/debian/4NK_env'; +const OUTPUT_DIR = path.join(ROOT_DIR, 'confs'); +const ENCRYPTED_MIRROR_DIR = path.join(ROOT_DIR, 'confs_encrypted_mirror'); + +function ensureDirSync(dir) { + if (!fs.existsSync(dir)) { + fs.mkdirSync(dir, { recursive: true }); + } +} + +function looksEncryptedPlaceholder(content) { + return typeof content === 'string' && content.startsWith('[CONTENU CHIFFRÉ - DÉCHIFFREMENT NÉCESSAIRE]'); +} + +async function main() { + console.log(`[vault-sync] base=${BASE_URL} user=${USER_ID} env=${VAULT_ENV}`); + const client = createSecureVaultClient(BASE_URL, USER_ID); + + const routes = await client.getRoutes(); + console.log(`[vault-sync] routes: ${routes.total_routes}`); + + const argFiles = process.argv.slice(2); + let files = argFiles.length > 0 ? argFiles : [ + 'bitcoin/bitcoin.conf', + 'blindbit-oracle/blindbit.toml', + 'grafana/grafana.ini', + 'loki/loki-config.yaml', + 'promtail/promtail.yml', + 'relay/sdk_relay.conf' + ]; + + for (const relPath of files) { + try { + const file = await client.getFile(VAULT_ENV, relPath); + const outPath = path.join(OUTPUT_DIR, relPath); + const encPath = path.join(ENCRYPTED_MIRROR_DIR, relPath); + ensureDirSync(path.dirname(outPath)); + ensureDirSync(path.dirname(encPath)); + + if (looksEncryptedPlaceholder(file.content)) { + fs.writeFileSync(encPath, file.content, { encoding: 'utf-8' }); + console.warn(`[skip-write] ${outPath} content appears encrypted; saved to ${encPath}`); + } else { + fs.writeFileSync(outPath, file.content, { encoding: 'utf-8' }); + console.log(`[write] ${outPath} (${file.size} bytes)`); + } + } catch (e) { + console.error(`[error] ${relPath}: ${e.message}`); + } + } + + console.log('[vault-sync] done'); +} + +main().catch(err => { console.error(err); process.exit(1); }); diff --git a/scripts/test-env-config.sh b/scripts/test-env-config.sh index 22a80c1..1db5bca 100755 --- a/scripts/test-env-config.sh +++ b/scripts/test-env-config.sh @@ -121,3 +121,4 @@ log "2. Pousser le dépôt: git push origin ext" log "3. Tester le déploiement avec: docker compose --env-file .env.master up" + diff --git a/scripts/update-configs.sh b/scripts/update-configs.sh new file mode 100755 index 0000000..6fe6103 --- /dev/null +++ b/scripts/update-configs.sh @@ -0,0 +1,149 @@ +#!/bin/bash + +# Script pour mettre à jour les fichiers de configuration +# à partir des variables définies dans /home/debian/4NK_env/confs/.env + +set -e + +# Couleurs pour les messages +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Fonction pour afficher les messages +log_info() { + echo -e "${BLUE}[INFO]${NC} $1" +} + +log_success() { + echo -e "${GREEN}[SUCCESS]${NC} $1" +} + +log_warning() { + echo -e "${YELLOW}[WARNING]${NC} $1" +} + +log_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +# Vérifier que le fichier .env existe +ENV_FILE="/home/debian/4NK_env/env/.env" +if [[ ! -f "$ENV_FILE" ]]; then + log_error "Le fichier $ENV_FILE n'existe pas!" + log_error "Veuillez créer ce fichier avec les variables nécessaires avant d'exécuter le script." + exit 1 +fi + +# Charger les variables d'environnement +log_info "Chargement des variables depuis $ENV_FILE" +source "$ENV_FILE" + +# Fonction pour remplacer une valeur dans un fichier +replace_in_file() { + local file="$1" + local pattern="$2" + local replacement="$3" + local description="$4" + + if [[ -f "$file" ]]; then + # Utiliser sed pour remplacer la ligne + sed -i "s|$pattern|$replacement|g" "$file" + log_success "Mis à jour: $description dans $(basename "$file")" + else + log_warning "Fichier non trouvé: $file" + fi +} + +# Fonction pour ajouter ou modifier une ligne dans un fichier +set_config_value() { + local file="$1" + local key="$2" + local value="$3" + local description="$4" + + if [[ -f "$file" ]]; then + # Vérifier si la clé existe déjà + if grep -q "^$key=" "$file" 2>/dev/null || grep -q "^$key " "$file" 2>/dev/null; then + # Remplacer la ligne existante + sed -i "/^$key[ =]/c\\$key=$value" "$file" + else + # Ajouter la ligne à la fin du fichier + echo "$key=$value" >> "$file" + fi + log_success "Mis à jour: $description dans $(basename "$file")" + else + log_warning "Fichier non trouvé: $file" + fi +} + +log_info "Début de la mise à jour des configurations..." + +# 1. Configuration Bitcoin +log_info "Mise à jour de bitcoin.conf..." +BITCOIN_CONF="/home/debian/4NK_env/confs/bitcoin/bitcoin.conf" + +replace_in_file "$BITCOIN_CONF" "datadir=.*" "datadir=$BITCOIN_DATA_DIR" "datadir" +replace_in_file "$BITCOIN_CONF" "zmqpubrawtx=.*" "zmqpubrawtx=tcp://$BITCOIN_BIND:$BITCOIN_ZMQPUBRAWTX_PORT" "zmqpubrawtx" +replace_in_file "$BITCOIN_CONF" "zmqpubhashblock=.*" "zmqpubhashblock=tcp://$BITCOIN_BIND:$BITCOIN_ZMQPBUBHASHBLOCK_PORT" "zmqpubhashblock" +replace_in_file "$BITCOIN_CONF" "bind=.*" "bind=$BITCOIN_BIND:$BITCOIN_SIGNET_P2P_PORT" "bind" +replace_in_file "$BITCOIN_CONF" "rpcbind=.*" "rpcbind=$BITCOIN_BIND:$BITCOIN_SIGNET_RPC_PORT" "rpcbind" + +# 2. Configuration Blindbit Oracle +log_info "Mise à jour de blindbit.toml..." +BLINDBIT_CONF="/home/debian/4NK_env/confs/blindbit-oracle/blindbit.toml" + +replace_in_file "$BLINDBIT_CONF" 'host = ".*"' 'host = "0.0.0.0:'$BLINDBIT_PORT'"' "host" +replace_in_file "$BLINDBIT_CONF" 'rpc_endpoint = ".*"' 'rpc_endpoint = "http://'$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT'"' "rpc_endpoint" +replace_in_file "$BLINDBIT_CONF" 'cookie_path = ".*"' 'cookie_path = "'$BITCOIN_DATA_DIR'/signet/.cookie"' "cookie_path" + +# 3. Configuration Grafana +log_info "Mise à jour de grafana.ini..." +GRAFANA_CONF="/home/debian/4NK_env/confs/grafana/grafana.ini" + +replace_in_file "$GRAFANA_CONF" "root_url = .*" "root_url = $ROOT_URL/grafana/" "root_url" + +# 4. Configuration Loki +log_info "Mise à jour de loki-config.yaml..." +LOKI_CONF="/home/debian/4NK_env/confs/loki/loki-config.yaml" + +replace_in_file "$LOKI_CONF" "http_listen_port:.*" "http_listen_port: $LOKI_HTTP_LISTEN_PORT" "http_listen_port" + +# 5. Configuration Promtail +log_info "Mise à jour de promtail.yml..." +PROMTAIL_CONF="/home/debian/4NK_env/confs/promtail/promtail.yml" + +replace_in_file "$PROMTAIL_CONF" "url: http://.*" "url: http://$LOKI_DOCKER_HOST:$LOKI_HTTP_LISTEN_PORT/loki/api/v1/push" "url" +replace_in_file "$PROMTAIL_CONF" "/home/debian/4NK_env/" "$ROOT_DIR/" "__path__" + +# 6. Configuration SDK Relay +log_info "Mise à jour de sdk_relay.conf..." +RELAY_CONF="/home/debian/4NK_env/confs/relay/sdk_relay.conf" + +set_config_value "$RELAY_CONF" "core_url" "http://$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT" "core_url" +set_config_value "$RELAY_CONF" "ws_url" "0.0.0.0:$RELAY_PORT" "ws_url" +set_config_value "$RELAY_CONF" "wallet_name" "$BITCOIN_WALLET_NAME" "wallet_name" +set_config_value "$RELAY_CONF" "blindbit_url" "http://$BLINDBIT_DOCKER_NAME:$BLINDBIT_PORT" "blindbit_url" +set_config_value "$RELAY_CONF" "zmq_url" "tcp://$BITCOIN_BIND:$BITCOIN_ZMQPBUBHASHBLOCK_PORT" "zmq_url" +set_config_value "$RELAY_CONF" "storage" "https://dev4.4nkweb.com/storage" "storage" +set_config_value "$RELAY_CONF" "data_dir" "$ROOT_DIR/data" "data_dir" +set_config_value "$RELAY_CONF" "bitcoin_data_dir" "$BITCOIN_DATA_DIR" "bitcoin_data_dir" +set_config_value "$RELAY_CONF" "bootstrap_url" "wss://$BOOTSTRAP_HOST/ws" "bootstrap_url" + +log_success "Mise à jour des configurations terminée!" +log_info "Seuls les fichiers de configuration principaux ont été modifiés" +log_warning "Vérifiez les configurations avant de redémarrer les services" + +# Afficher un résumé des fichiers modifiés +echo "" +log_info "Résumé des fichiers modifiés:" +echo " - $BITCOIN_CONF" +echo " - $BLINDBIT_CONF" +echo " - $GRAFANA_CONF" +echo " - $LOKI_CONF" +echo " - $PROMTAIL_CONF" +echo " - $RELAY_CONF" +echo "" +log_info "Les fichiers .env existants n'ont PAS été modifiés pour préserver la sécurité" \ No newline at end of file diff --git a/confs/lecoffre_node/nginx/assets/favicon.ico b/tmp/nginx/assets/favicon.ico similarity index 100% rename from confs/lecoffre_node/nginx/assets/favicon.ico rename to tmp/nginx/assets/favicon.ico diff --git a/confs/lecoffre_node/nginx/dev4.4nkweb.com-http.conf b/tmp/nginx/dev4.4nkweb.com-http.conf similarity index 100% rename from confs/lecoffre_node/nginx/dev4.4nkweb.com-http.conf rename to tmp/nginx/dev4.4nkweb.com-http.conf diff --git a/confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf b/tmp/nginx/dev4.4nkweb.com-https.conf similarity index 98% rename from confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf rename to tmp/nginx/dev4.4nkweb.com-https.conf index 8d788dd..7406527 100644 --- a/confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf +++ b/tmp/nginx/dev4.4nkweb.com-https.conf @@ -143,14 +143,14 @@ server { if ($request_method = OPTIONS) { add_header Access-Control-Allow-Origin $cors_origin always; add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization, x-request-id" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; return 204; } add_header Access-Control-Allow-Origin $cors_origin always; add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization, x-request-id" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; proxy_set_header X-Request-ID $x_request_id; diff --git a/confs/lecoffre_node/nginx/logging.conf b/tmp/nginx/logging.conf similarity index 100% rename from confs/lecoffre_node/nginx/logging.conf rename to tmp/nginx/logging.conf diff --git a/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com.conf b/tmp/nginx_removed_20250929085641/local.4nkweb.com.conf similarity index 100% rename from confs/lecoffre_node/nginx_backups_host/local.4nkweb.com.conf rename to tmp/nginx_removed_20250929085641/local.4nkweb.com.conf diff --git a/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.bak_20250917_072943 b/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.bak_20250917_072943 new file mode 100755 index 0000000..abef143 --- /dev/null +++ b/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.bak_20250917_072943 @@ -0,0 +1,31 @@ +server { + listen 443 ssl http2; + server_name dev4.4nkweb.com; + ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; + include /etc/nginx/proxy_params; + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004/; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + } + + location / { + proxy_pass http://127.0.0.1:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + + location /lecoffre/_next/ { + proxy_read_timeout 300; + } + location /_next/ { + proxy_pass http://127.0.0.2:3004/_next/; + proxy_read_timeout 300; + } +} diff --git a/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.disabled b/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.disabled new file mode 100755 index 0000000..fdd7143 --- /dev/null +++ b/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.disabled @@ -0,0 +1,93 @@ +server { + listen 443 ssl http2; + server_name dev4.4nkweb.com; + ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; + include /etc/nginx/proxy_params; + + # API backend - route /back/ vers /api/ du backend + location ~* ^/back/(.*)$ { + proxy_pass http://127.0.0.1:8080/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - route /api/ vers le backend + location /api/ { + proxy_pass http://127.0.0.1:8080/api/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + # Root → ihm_client + location / { + proxy_pass http://127.0.0.1:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + + # lecoffre-front (préserver le préfixe) + location = /lecoffre { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # Next.js assets sous basePath + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + location /lecoffre/_next/ { + proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } + + # signer (sdk_signer) avec support WebSocket + location /signer/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://127.0.0.1:3001/; + proxy_read_timeout 600s; + proxy_buffering off; + } + + # Next.js assets au root si nécessaire + location /_next/ { + proxy_pass http://127.0.0.2:3004/_next/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } +} diff --git a/vault b/vault new file mode 160000 index 0000000..4d314db --- /dev/null +++ b/vault @@ -0,0 +1 @@ +Subproject commit 4d314db8898c66f25420824a65b7a71e4fa6e823