chore(scripts): archive unused scripts (build_all_images, build_modules, disable_nginx_docker, pull_repos_in_order)

2025-09-08 14:18:51 +00:00 · 2025-09-08 14:18:51 +00:00 · 92e702193c
commit 92e702193c
parent 17e8b50f7a
8 changed files with 42 additions and 510 deletions
--- a/conf/nginx.conf.exemple
+++ b/conf/nginx.conf.exemple
@ -1,320 +0,0 @@
 # Configuration Nginx pour 4NK_node sur l'hôte Debian
 # Reverse proxy et équilibreur de charge pour tous les services Docker
 # Configuration globale
 user www-data;
 worker_processes auto;
 error_log /var/log/nginx/4nk-node-error.log notice;
 pid /var/run/nginx.pid;
 events {
    worker_connections 1024;
    use epoll;
    multi_accept on;
 }
 http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    # Logging spécifique à 4NK_node
    log_format 4nk_main '$remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for" '
                        'upstream: $upstream_addr';
    access_log /var/log/nginx/4nk-node-access.log 4nk_main;
    # Performance
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    client_max_body_size 100M;
    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        text/plain
        text/css
        text/xml
        text/javascript
        application/json
        application/javascript
        application/xml+rss
        application/atom+xml
        image/svg+xml;
    # Rate limiting
    limit_req_zone $binary_remote_addr zone=4nk_api:10m rate=10r/s;
    limit_req_zone $binary_remote_addr zone=4nk_login:10m rate=1r/s;
    # Upstream servers - ports Docker exposés sur l'hôte
    upstream bitcoin_rpc {
        server 127.0.0.1:38332;
        keepalive 32;
    }
    upstream bitcoin_p2p {
        server 127.0.0.1:38333;
        keepalive 32;
    }
    upstream blindbit_api {
        server 127.0.0.1:8000;
        keepalive 32;
    }
    upstream sdk_storage_api {
        server 127.0.0.1:8081;
        keepalive 32;
    }
    upstream sdk_relay1_api {
        server 127.0.0.1:8090;
        keepalive 32;
    }
    upstream sdk_relay2_api {
        server 127.0.0.1:8092;
        keepalive 32;
    }
    upstream sdk_relay3_api {
        server 127.0.0.1:8094;
        keepalive 32;
    }
    upstream sdk_signer_api {
        server 127.0.0.1:9090;
        keepalive 32;
    }
    upstream ihm_client_web {
        server 127.0.0.1:3003;
        keepalive 32;
    }
    upstream ihm_client_http {
        server 127.0.0.1:8080;
        keepalive 32;
    }
    upstream grafana_dashboard {
        server 127.0.0.1:3000;
        keepalive 32;
    }
    upstream loki_api {
        server 127.0.0.1:3100;
        keepalive 32;
    }
    # Le coffre services (backend/frontend)
    upstream coffre_backend {
        server 127.0.0.1:8082;
        keepalive 32;
    }
    upstream coffre_front {
        server 127.0.0.1:8083;
        keepalive 32;
    }
    # Main server block
    server {
        listen 80;
        server_name 4nk-node.local localhost;
        # Security headers
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
        # Health check endpoint
        location /health {
            access_log off;
            return 200 "4NK Node healthy\n";
            add_header Content-Type text/plain;
        }
        # Bitcoin RPC (JSON-RPC)
        location /bitcoin/rpc/ {
            limit_req zone=4nk_api burst=20 nodelay;
            proxy_pass http://bitcoin_rpc/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            # Bitcoin RPC specific
            proxy_connect_timeout 30s;
            proxy_send_timeout 30s;
            proxy_read_timeout 30s;
        }
        # Bitcoin P2P (port 38333)
        location /bitcoin/p2p/ {
            proxy_pass http://bitcoin_p2p/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        # BlindBit API
        location /blindbit/ {
            limit_req zone=4nk_api burst=20 nodelay;
            proxy_pass http://blindbit_api/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_connect_timeout 30s;
            proxy_send_timeout 30s;
            proxy_read_timeout 30s;
        }
        # SDK Storage API
        location /storage/ {
            limit_req zone=4nk_api burst=20 nodelay;
            proxy_pass http://sdk_storage_api/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        # SDK Relay APIs
        location /relay1/ {
            limit_req zone=4nk_api burst=20 nodelay;
            proxy_pass http://sdk_relay1_api/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        location /relay2/ {
            limit_req zone=4nk_api burst=20 nodelay;
            proxy_pass http://sdk_relay2_api/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        location /relay3/ {
            limit_req zone=4nk_api burst=20 nodelay;
            proxy_pass http://sdk_relay3_api/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        # SDK Signer API
        location /signer/ {
            limit_req zone=4nk_api burst=20 nodelay;
            proxy_pass http://sdk_signer_api/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        # IHM Client Web (React)
        location /ihm/ {
            proxy_pass http://ihm_client_web/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            # WebSocket support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        # IHM Client HTTP
        location /ihm-http/ {
            proxy_pass http://ihm_client_http/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        # Grafana Dashboard
        location /grafana/ {
            proxy_pass http://grafana_dashboard/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            # Grafana specific
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        # Loki API (logs)
        location /loki/ {
            limit_req zone=4nk_api burst=20 nodelay;
            proxy_pass http://loki_api/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        # Default route - IHM Client
        location / {
            proxy_pass http://ihm_client_web/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            # WebSocket support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        # Error pages
        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;
        }
    }
    # HTTPS server (commented out - uncomment and configure SSL for production)
    # server {
    #     listen 443 ssl http2;
    #     server_name 4nk-node.local;
    #
    #     ssl_certificate /etc/ssl/certs/4nk-node.crt;
    #     ssl_certificate_key /etc/ssl/private/4nk-node.key;
    #     ssl_protocols TLSv1.2 TLSv1.3;
    #     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    #     ssl_prefer_server_ciphers off;
    #
    #     # Same location blocks as HTTP server
    #     # ... (copy from above)
    # }
 }
--- a/conf/restart_config.conf.exemple
+++ b/conf/restart_config.conf.exemple
@ -1,32 +0,0 @@
 NETWORK_NAME="4nk_network"
 TOR_IMAGE="4nk-node-tor:docker-support-v2"
 BITCOIN_IMAGE="4nk-node-bitcoin:docker-support-v2"
 BLINDBIT_IMAGE="4nk-node-blindbit:docker-support-v2"
 RELAY_IMAGE="4nk-node-sdk_relay1:docker-support-v2"
 BITCOIN_VOLUME="bitcoin_data"
 BLINDBIT_VOLUME="blindbit_data"
 RELAY_1_VOLUME="sdk_relay_1_data"
 RELAY_2_VOLUME="sdk_relay_2_data"
 RELAY_3_VOLUME="sdk_relay_3_data"
 TOR_PORTS=("9050:9050" "9051:9051")
 BITCOIN_PORTS=("38333:38333" "18443:18443" "29000:29000")
 BLINDBIT_PORTS=("8000:8000")
 RELAY_1_PORTS=("8090:8090" "8091:8091")
 RELAY_2_PORTS=("8092:8090" "8093:8091")
 RELAY_3_PORTS=("8094:8090" "8095:8091")
 BITCOIN_CONF="$PROJECT_DIR/conf/bitcoin.conf"
 BLINDBIT_CONF="$PROJECT_DIR/conf/blindbit.toml"
 RELAY_1_CONF="$PROJECT_DIR/conf/sdk_relay1.conf"
 RELAY_2_CONF="$PROJECT_DIR/conf/sdk_relay2.conf"
 RELAY_3_CONF="$PROJECT_DIR/conf/sdk_relay3.conf"
 EXTERNAL_NODES_CONF="$PROJECT_DIR/sdk_relay/external_nodes.conf"
 COMMON_ENV=(
  "RUST_LOG=debug,bitcoincore_rpc=trace"
  "HOME=/home/bitcoin"
  "BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie"
  "ENABLE_SYNC_TEST=1"
 )
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -277,6 +277,21 @@ services:
        ipv4_address: 172.20.0.33
    restart: unless-stopped
  nginx:
    image: nginx:1.25
    container_name: 4nk-nginx
    hostname: nginx.4nk.local
    ports:
      - "80:80"
    volumes:
      - ./conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./conf/nginx/sites-enabled:/etc/nginx/sites-enabled:ro
      - ./log/nginx:/var/log/nginx
    networks:
      4nk_network:
        ipv4_address: 172.20.0.40
    restart: unless-stopped
 volumes:
  miniback_pg_data:
--- a/docs/USAGE.md
+++ b/docs/USAGE.md
@ -2,10 +2,37 @@
 ## Prérequis
 - Docker et docker compose installés
 - Nginx utilisé via le service `nginx` de l'orchestrateur
 ## Installation locale
 - Cloner le dépôt et se placer à la racine
 - Vérifier la présence des répertoires `modules/` et `projects/` avec `conf/`, `data/`, `logs/`, `scripts/`
 - Vérifier la disponibilité des images taggées `:dev` (en cours de création) ou utiliser des tags stables le cas échéant
 ## Démarrage
 - Démarrer la stack applicative : `docker compose up -d`
 - Démarrer la stack de monitoring (Loki/Promtail/Grafana) si souhaité : `docker compose -f log-monitoring.yml up -d`
 - Accéder aux services via Nginx :
  - IHM: `http://localhost/`
  - Blindbit: `http://localhost/blindbit/`
  - SDK Storage: `http://localhost/sdk_storage/`
  - Relais HTTP: `http://localhost/relay1/`, `/relay2/`, `/relay3/`
  - Relais WebSocket: `ws://localhost/relay1/ws/` (idem `relay2`, `relay3`)
  - Signer WS: `ws://localhost/signer/ws/`; HTTP: `http://localhost/signer/`
  - Coffre front: `http://localhost/coffre/`
 ## Commandes utiles
 - Mettre à jour les images: `docker compose pull`
 - Voir les logs Nginx: `tail -f log/nginx/4nk_node.access.log`
 - Voir les logs des services (montés): `tail -f modules/<service>/logs/*`
 - Logs Promtail/Loki/Grafana: voir `log/` et `log-monitoring.yml`
 ## Dépannage
 - Vérifier les hostnames Docker internes (DNS du réseau `4nk_network`): voir `docker-compose.yml`
 - Les tags `:dev` sont en cours de création; en cas d’indisponibilité, utiliser des tags stables temporaires
 - Conf Tor: `modules/tor/conf/tor.conf` est montée si l'image Tor supporte `/etc/tor/torrc`
--- a/scripts/build_all_images.sh
+++ b/scripts/build_all_images.sh
@ -1,16 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 BASE_DIR="/home/debian/code/4NK_dev/4NK_node"
 echo "Building all local Docker images from Dockerfiles under modules/ and projects/ ..."
 while IFS= read -r df; do
  dir=$(dirname "$df")
  rel=${dir#"$BASE_DIR/"}
  img_tag="4nk-node-"$(echo "$rel" | tr '/' '-')":latest"
  echo "Building $img_tag from $dir"
  # signer image will always be built
  docker build -t "$img_tag" "$dir"
 done < <(find "$BASE_DIR" -name Dockerfile -print)
 echo "All images built."
--- a/scripts/build_modules.sh
+++ b/scripts/build_modules.sh
@ -1,90 +0,0 @@
 #!/bin/bash
 # Script de construction des modules 4NK_node et des projets 4NK_node
 set -e
 echo "🏗️  Construction des modules 4NK_node et projets 4NK_node..."
 # Fonction pour construire un module spécifique
 build_module() {
    local module_name="$1"
    local module_dir="modules/$module_name"
    if [ ! -d "$module_dir" ]; then
        echo "❌ Module $module_name non trouvé dans $module_dir"
        return 1
    fi
    echo "🔨 Construction de $module_name..."
    # Construire l'image Docker
    docker build -t "4nk-node-$module_name:latest" "$module_dir"
    if [ $? -eq 0 ]; then
        echo "✅ Module $module_name construit avec succès"
    else
        echo "❌ Échec de la construction du module $module_name"
        return 1
    fi
 }
 build_project() {
    local project_name="$1"
    local project_dir="projects/$project_name"
    if [ ! -d "$project_dir" ]; then
        echo "❌ Project $project_name non trouvé dans $project_dir"
        return 1
    fi
    echo "🔨 Construction de $project_name (project)..."
    docker build -t "4nk-node-$project_name:latest" "$project_dir"
    if [ $? -eq 0 ]; then
        echo "✅ Project $project_name construit avec succès"
    else
        echo "❌ Échec de la construction du project $project_name"
        return 1
    fi
 }
 # Construction de tous les modules si aucun argument n'est fourni
 if [ $# -eq 0 ]; then
    echo "📦 Construction de tous les modules et projets..."
    # Modules de base (existence check pour éviter les erreurs sur des dépôts partiels)
    if [ -d "modules/tor" ]; then
        build_module "tor"
    else
        echo "⚠️ Tor module absent, skipping"
    fi
    if [ -d "modules/bitcoin" ]; then
        build_module "bitcoin"
    else
        echo "⚠️ Bitcoin module absent, skipping"
    fi
    # Modules applicatifs
    if [ -d "modules/blindbit" ]; then build_module "blindbit"; else echo "⚠️ blindbit module absent"; fi
    if [ -d "modules/sdk_relay1" ]; then build_module "sdk_relay1"; fi
    if [ -d "modules/sdk_relay2" ]; then build_module "sdk_relay2"; fi
    if [ -d "modules/sdk_relay3" ]; then build_module "sdk_relay3"; fi
    if [ -d "modules/sdk_storage" ]; then build_module "sdk_storage"; fi
    if [ -d "modules/sdk_signer" ]; then build_module "sdk_signer"; fi
    if [ -d "modules/ihm_client" ]; then build_module "ihm_client"; fi
    # Projets nouvellement ajoutés (Le coffre)
    # Le coffre-back et le coffre-front dans 4NK_node/projects
    if [ -d "projects/lecoffre-back" ]; then build_project "lecoffre-back"; else echo "⚠️ lecoffre-back project absent"; fi
    if [ -d "projects/lecoffre-front" ]; then build_project "lecoffre-front"; else echo "⚠️ lecoffre-front project absent"; fi
    echo "🎉 Tous les modules et projets ont été construits !"
 else
    # Construction d'un module ou d'un projet spécifique
    if [ -d "modules/$1" ]; then
        build_module "$1"
    elif [ -d "projects/$1" ]; then
        build_project "$1"
    else
        echo "Module ou projet inconnu: $1"
        exit 1
    fi
 fi
--- a/scripts/disable_nginx_docker.sh
+++ b/scripts/disable_nginx_docker.sh
@ -1,16 +0,0 @@
 #!/bin/bash
 set -euo pipefail
 # Désactiver l'exécution de nginx docker
 CONTAINER_NAME="4nk-nginx"
 # Arrêter et supprimer le conteneur s'il est présent
 if docker ps -a --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
  echo "Arrêt et suppression du conteneur Docker '$CONTAINER_NAME'..."
  docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
  docker stop "$CONTAINER_NAME" >/dev/null 2>&1 || true
 else
  echo "Aucun conteneur '$CONTAINER_NAME' trouvé; pas d'action nécessaire."
 fi
 echo "Désactivation Nginx Docker terminée."
--- a/scripts/pull_repos_in_order.sh
+++ b/scripts/pull_repos_in_order.sh
@ -1,36 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 # Pull repos in a defined order to prepare images for docker-compose
 BASE_DIR="/home/debian/code/4NK_dev/4NK_node"
 ORDER=(
  modules/tor
  modules/bitcoin-core
  modules/blindbit-oracle
  modules/sp-client
  modules/sdk_common
  modules/sdk_client
  modules/sdk_relay
  modules/sdk_storage
  modules/sdk_signer_client
  modules/sdk_signer
  modules/ihm_client
  modules/4NK_template
  projects/lecoffre-back-mini
  projects/lecoffre-front
 )
 echo "=== Pull order start ==="
 for path in "${ORDER[@]}"; do
  full_path="$BASE_DIR/$path"
  if [ -d "$full_path" ]; then
    echo "-> pulling $path"
    (cd "$full_path" && git fetch --all --prune || true && git reset --hard origin/docker-support-v2 || true)
  else
    echo "-- skipping missing path $path"
  fi
 done
 echo "=== Pull order finished ==="