chore: sync projects/lecoffre/lecoffre_node compose paths, add scripts/push_modules.sh, set bitcoin datadir to projects tree

2025-10-01 16:18:04 +00:00 · 2025-10-01 16:18:04 +00:00 · e030496c99
commit e030496c99
parent 66f1844587
10 changed files with 87 additions and 450 deletions
--- a/IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh
+++ b/IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh
@ -15,3 +15,4 @@ exec "$CHECK"



+
--- a/scripts/push_modules.sh
+++ b/scripts/push_modules.sh
@ -87,3 +87,4 @@ main() {
 }

 main "$@"
+
--- a/scripts/safe-clean-configs.sh
+++ b/scripts/safe-clean-configs.sh
@ -0,0 +1,85 @@
+#!/usr/bin/env sh
+set -euo pipefail
+
+# Safe cleaner for local .env and config files in project/module trees.
+# - DRY-RUN by default (shows actions)
+# - Use --apply to actually delete
+# - Never touches:
+#   - 4NK_modules/4NK_vault (kept)
+#   - blindbit-oracle (external dep images)
+#   - rust-silentPayments (external dep)
+#   - projects/lecoffre/lecoffre_node/confs (centralized confs)
+
+ROOT="/home/debian/4NK_env"
+CENTRAL_CONFS="$ROOT/projects/lecoffre/lecoffre_node/confs"
+
+APPLY=0
+[ "${1-}" = "--apply" ] && APPLY=1
+
+info()  { printf "%s\n" "$*"; }
+warn()  { printf "[WARN] %s\n" "$*"; }
+error() { printf "[ERR] %s\n" "$*" 1>&2; }
+
+# Candidates to remove (relative globs) in repos (non-central)
+# We only remove if the corresponding central conf exists.
+
+# Map: repo_dir|local_path|central_path
+map_entry() {
+  repo="$1"; local_p="$2"; central_p="$3";
+  # Skip if repo does not exist
+  [ -e "$repo" ] || return 0
+  if [ -e "$repo/$local_p" ]; then
+    if [ -e "$CENTRAL_CONFS/$central_p" ]; then
+      if [ $APPLY -eq 1 ]; then
+        info "[DEL] $repo/$local_p (central: $central_p present)"
+        rm -f "$repo/$local_p" || true
+      else
+        info "[DRY] would delete: $repo/$local_p (central OK: $central_p)"
+      fi
+    else
+      warn "central missing for $repo/$local_p → expected: $CENTRAL_CONFS/$central_p"
+    fi
+  fi
+}
+
+main() {
+  info "Central confs: $CENTRAL_CONFS"
+  [ -d "$CENTRAL_CONFS" ] || warn "central confs directory missing: $CENTRAL_CONFS"
+
+  # lecoffre-front: remove local .env if any; runtime env via compose
+  map_entry "$ROOT/lecoffre-front" ".env" "lecoffre-front/.env"
+
+  # ihm_client: remove local .env
+  map_entry "$ROOT/ihm_client" ".env" "ihm_client/.env"
+
+  # sdk_relay: remove local .env and sdk_relay.conf (use central)
+  map_entry "$ROOT/sdk_relay" ".env" "sdk_relay/.env"
+  map_entry "$ROOT/sdk_relay" "sdk_relay.conf" "relay/sdk_relay.conf"
+
+  # sdk_storage: remove local .env
+  map_entry "$ROOT/sdk_storage" ".env" "sdk_storage/.env"
+
+  # 4NK_certificator: remove local config.toml (keep example)
+  map_entry "$ROOT/4NK_certificator" "config.toml" "4nk_certificator/certificator.toml"
+
+  # 4NK_web_status: remove local .env if any (status API reads env at runtime)
+  map_entry "$ROOT/4NK_modules/4NK_web_status" ".env" "monitoring/.env"
+
+  # 4NK_miner: remove local .env if any (already cleaned miner.env earlier)
+  map_entry "$ROOT/4NK_modules/4NK_miner" ".env" "lecoffre_node/.env"
+
+  # Projects nested: avoid touching central confs; warn only
+  for f in "$ROOT"/projects/lecoffre/lecoffre_node/*/*.env; do
+    [ -e "$f" ] || continue
+    warn "local env in projects tree: $f (not deleting; central expected in $CENTRAL_CONFS)"
+  done
+
+  if [ $APPLY -eq 0 ]; then
+    info "\nRun with --apply to delete the [DRY] listed files."
+  else
+    info "\n[OK] Deletions applied."
+  fi
+}
+
+main "$@"
+
--- a/tmp/nginx/assets/favicon.ico
+++ b/tmp/nginx/assets/favicon.ico
--- a/tmp/nginx/dev4.4nkweb.com-http.conf
+++ b/tmp/nginx/dev4.4nkweb.com-http.conf
@ -1,15 +0,0 @@
-# HTTP server for ACME and redirect to HTTPS
-server {
-    listen 80 default_server;
-    server_name _;
-
-    # ACME HTTP-01 challenges
-    location /.well-known/acme-challenge/ {
-        root /var/www/letsencrypt;
-    }
-
-    # Redirection vers HTTPS pour toutes les autres requêtes
-    location / {
-        return 301 https://$server_name$request_uri;
-    }
-}
--- a/tmp/nginx/dev4.4nkweb.com-https.conf
+++ b/tmp/nginx/dev4.4nkweb.com-https.conf
@ -1,263 +0,0 @@
-# Configuration HTTPS pour dev4.4nkweb.com
-server {
-    listen 443 ssl;
-    http2 on;
-    server_name dev4.4nkweb.com;
-
-    include /home/debian/4NK_env/confs/lecoffre_node/nginx/logging.conf;
-
-    # Certificats SSL
-    ssl_certificate     /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
-
-    # Configuration SSL
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
-    ssl_prefer_server_ciphers off;
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_timeout 10m;
-
-    # Headers de sécurité
-    add_header Strict-Transport-Security "max-age=63072000" always;
-    add_header X-Frame-Options DENY always;
-    add_header X-Content-Type-Options nosniff always;
-    add_header X-XSS-Protection "1; mode=block" always;
-
-    # Grafana - Interface de monitoring (DOIT être avant location /)
-    location /grafana/ {
-        proxy_pass http://localhost:3005/;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-
-        # Configuration spécifique pour Grafana
-        proxy_set_header X-Grafana-Org-Id 1;
-
-        # Support des WebSockets pour les live updates
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-
-        # Timeouts
-        proxy_connect_timeout 60s;
-        proxy_send_timeout 60s;
-        proxy_read_timeout 60s;
-
-        # Buffer settings
-        proxy_buffering off;
-        proxy_request_buffering off;
-    }
-
-    # Loki API - API de logs (DOIT être avant location /)
-    location /loki/ {
-        proxy_pass http://localhost:3100/;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-
-        # CORS pour les requêtes depuis Grafana
-        add_header Access-Control-Allow-Origin *;
-        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
-        add_header Access-Control-Allow-Headers "Content-Type, Authorization";
-
-        if ($request_method = 'OPTIONS') {
-            return 204;
-        }
-    }
-
-    # Page de statut des services (DOIT être avant location /)
-    location /status {
-        # Redirection vers /status/
-        return 301 /status/;
-    }
-
-    location /status/ {
-        # Serveur statique pour la page HTML
-        alias /var/www/lecoffre/status/;
-        index index.html;
-        try_files $uri $uri/ /status/index.html;
-
-        # Headers de sécurité
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-
-        # Cache pour les assets statiques
-        location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
-            expires 1h;
-            add_header Cache-Control "public, immutable";
-        }
-    }
-
-    # API de statut des services (DOIT être avant location /)
-    location /status/api {
-        proxy_pass http://localhost:3006/api;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-
-        # CORS pour les requêtes AJAX
-        add_header Access-Control-Allow-Origin *;
-        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
-        add_header Access-Control-Allow-Headers "Content-Type, Authorization";
-
-        # Timeouts
-        proxy_connect_timeout 10s;
-        proxy_send_timeout 10s;
-        proxy_read_timeout 10s;
-
-        if ($request_method = 'OPTIONS') {
-            return 204;
-        }
-    }
-
-    # API backend - route /back/ vers /api/ du backend
-    location ~* ^/back/(.*)$ {
-        proxy_pass http://localhost:8080/api/$1;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Connection "";
-        proxy_buffering off;
-    }
-
-    # API direct - route /api/ vers le backend
-    # Autorisations CORS dynamiques pour origines connues
-    set $cors_origin "";
-    if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
-        set $cors_origin $http_origin;
-    }
-
-    location /api/ {
-        # CORS pour développement local Next.js
-        proxy_hide_header Access-Control-Allow-Origin;
-        proxy_hide_header Access-Control-Allow-Credentials;
-        proxy_hide_header Access-Control-Allow-Headers;
-        proxy_hide_header Access-Control-Allow-Methods;
-
-        if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin $cors_origin always;
-            add_header Access-Control-Allow-Credentials "true" always;
-            add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
-            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-            return 204;
-        }
-
-        add_header Access-Control-Allow-Origin $cors_origin always;
-        add_header Access-Control-Allow-Credentials "true" always;
-        add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
-        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-
-        proxy_set_header X-Request-ID $x_request_id;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_pass http://dev3.4nkweb.com:8080/api/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-        proxy_connect_timeout 300;
-        proxy_send_timeout 300;
-    }
-
-    # WebSocket relay (sdk_relay)
-    location /ws/ {
-        proxy_pass http://localhost:8090/;
-        proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
-        proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
-        proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
-        proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 86400;
-    }
-
-    # API de transfert de fonds
-    location /api/v1/funds/ {
-        proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-        proxy_connect_timeout 300;
-        proxy_send_timeout 300;
-    }
-
-    # favicon
-    location = /favicon.ico {
-        root /home/debian/4NK_env/confs/lecoffre_node/nginx/assets;
-        try_files /favicon.ico =404;
-    }
-
-    # blindbit
-    location /blindbit/ {
-        proxy_pass http://localhost:8000/;
-        include /etc/nginx/proxy_params;
-    }
-
-    # lecoffre-front - Application LeCoffre
-    location = /lecoffre { return 301 /lecoffre/; }
-    location ^~ /lecoffre/ {
-        # ensure no redirect here; only proxy to Next
-        add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
-        add_header Pragma "no-cache" always;
-        add_header Expires "-1" always;
-        proxy_hide_header ETag;
-        proxy_hide_header Last-Modified;
-        rewrite ^/lecoffre/(.*)$ /$1 break;
-        proxy_pass http://localhost:3004;
-        include /etc/nginx/proxy_params;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header X-Request-ID $x_request_id;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_read_timeout 300;
-        proxy_send_timeout 300;
-        proxy_connect_timeout 300;
-    }
-    # HMR dev front
-    location ^~ /lecoffre-hmr/ {
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        rewrite ^/lecoffre-hmr/(.*)$ /lecoffre/$1 break;
-        proxy_pass http://localhost:3000;
-    }
-
-
-    # ihm_client (root) - DOIT être en dernier
-
-    # Next.js assets for lecoffre-front
-    location ^~ /_next/ {
-        proxy_pass http://localhost:3004/_next/;
-        include /etc/nginx/proxy_params;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 300;
-        add_header Cache-Control "public, max-age=31536000, immutable";
-    }
-
-    location / {
-        proxy_pass http://localhost:3003;
-        include /etc/nginx/proxy_params;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 300;
-    }
-}
--- a/tmp/nginx/logging.conf
+++ b/tmp/nginx/logging.conf
@ -1,39 +0,0 @@
-# Logging configuration for lecoffre front
-
-log_format lecoffre_json escape=json
-  '{'
-    '"time":"$time_iso8601",'
-    '"request_id":"$request_id",'
-    '"remote_addr":"$remote_addr",'
-    '"host":"$host",'
-    '"method":"$request_method",'
-    '"uri":"$uri",'
-    '"args":"$args",'
-    '"status":$status,'
-    '"bytes":$body_bytes_sent,'
-    '"referer":"$http_referer",'
-    '"user_agent":"$http_user_agent",'
-    '"request_time":$request_time,'
-    '"upstream_addr":"$upstream_addr",'
-    '"upstream_status":"$upstream_status",'
-    '"upstream_connect_time":"$upstream_connect_time",'
-    '"upstream_header_time":"$upstream_header_time",'
-    '"upstream_response_time":"$upstream_response_time",'
-    '"x_forwarded_for":"$http_x_forwarded_for"'
-  '}';
-
-# Default access and error logs for the front site
-access_log /home/debian/4NK_env/logs/nginx/lecoffre_front_access.log lecoffre_json;
-error_log  /home/debian/4NK_env/logs/nginx/lecoffre_front_error.log warn;
-
-# Map incoming X-Request-ID or generate one
-map $http_x_request_id $x_request_id {
-  default $http_x_request_id;
-  ""      $request_id;
-}
-
-# These headers should be set in each proxy location of the vhost
-# proxy_set_header X-Request-ID $x_request_id;
-# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-# proxy_set_header X-Forwarded-Proto $scheme;
-# proxy_set_header X-Forwarded-Host $host;
--- a/tmp/nginx_removed_20250929085641/local.4nkweb.com.conf
+++ b/tmp/nginx_removed_20250929085641/local.4nkweb.com.conf
@ -1,9 +0,0 @@
-server {
-    listen 80;
-    server_name local.4nkweb.com;
-
-    # HTTP only: pas de redirection HTTPS, pas d'HSTS
-    location / {
-        return 302 http://local.4nkweb.com:3000$request_uri;
-    }
-}
--- a/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.bak_20250917_072943
+++ b/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.bak_20250917_072943
@ -1,31 +0,0 @@
-server {
-    listen 443 ssl http2;
-    server_name dev4.4nkweb.com;
-    ssl_certificate     /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
-    include /etc/nginx/proxy_params;
-    location /lecoffre/ {
-        proxy_pass http://127.0.0.2:3004/;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Prefix /lecoffre;
-    }
-
-    location / {
-        proxy_pass http://127.0.0.1:3003;
-        include /etc/nginx/proxy_params;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 300;
-    }
-
-    location /lecoffre/_next/ {
-        proxy_read_timeout 300;
-    }
-    location /_next/ {
-        proxy_pass http://127.0.0.2:3004/_next/;
-        proxy_read_timeout 300;
-    }
-}
--- a/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.disabled
+++ b/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.disabled
@ -1,93 +0,0 @@
-server {
-    listen 443 ssl http2;
-    server_name dev4.4nkweb.com;
-    ssl_certificate     /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
-    include /etc/nginx/proxy_params;
-
-    # API backend - route /back/ vers /api/ du backend
-    location ~* ^/back/(.*)$ {
-        proxy_pass http://127.0.0.1:8080/api/$1;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Connection "";
-        proxy_buffering off;
-    }
-
-    # API direct - route /api/ vers le backend
-    location /api/ {
-        proxy_pass http://127.0.0.1:8080/api/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-        proxy_connect_timeout 300;
-        proxy_send_timeout 300;
-    }
-    # Root → ihm_client
-    location / {
-        proxy_pass http://127.0.0.1:3003;
-        include /etc/nginx/proxy_params;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 300;
-    }
-
-    # lecoffre-front (préserver le préfixe)
-    location = /lecoffre {
-        proxy_pass http://127.0.0.2:3004;
-        include /etc/nginx/proxy_params;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Prefix /lecoffre;
-        proxy_read_timeout 300;
-    }
-    location /lecoffre/ {
-        proxy_pass http://127.0.0.2:3004;
-        include /etc/nginx/proxy_params;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Prefix /lecoffre;
-        proxy_read_timeout 300;
-    }
-
-    # Next.js assets sous basePath
-    location /lecoffre/_next/webpack-hmr {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_buffering off;
-        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
-        proxy_read_timeout 600s;
-    }
-    location /lecoffre/_next/ {
-        proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-    }
-
-    # signer (sdk_signer) avec support WebSocket
-    location /signer/ {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_pass http://127.0.0.1:3001/;
-        proxy_read_timeout 600s;
-        proxy_buffering off;
-    }
-
-    # Next.js assets au root si nécessaire
-    location /_next/ {
-        proxy_pass http://127.0.0.2:3004/_next/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-    }
-}