From ef4f769f898a0e4ace8a24f7d14d1f14a1aecc8e Mon Sep 17 00:00:00 2001 From: Nicolas Cantu Date: Fri, 12 Sep 2025 13:20:35 +0200 Subject: [PATCH] =?UTF-8?q?feat:=20R=C3=A9=C3=A9criture=20compl=C3=A8te=20?= =?UTF-8?q?de=20dnsmasq.conf=20et=20d=C3=A9centralisation=20des=20configur?= =?UTF-8?q?ations=20.env?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Réécriture complète de dnsmasq.conf avec résolution DNS pour tous les services .4nk-local - Décentralisation des configurations .env vers chaque service (modules/projects) - Création de fichiers .env et .env.exemple pour chaque service concerné - Suppression du fichier .env global - Mise à jour de la structure 4nk-local avec configurations décentralisées - Amélioration de la sécurité et de l isolation des configurations par service --- .../modules/data/minio/conf/.env.exemple | 5 + .../modules/data/neo4j/conf/.env.exemple | 4 + .../modules/data/opensearch/conf/.env.exemple | 4 + .../modules/data/postgres/conf/.env.exemple | 5 + .../modules/data/redis/conf/.env.exemple | 4 + .../modules/grafana/grafana/conf/grafana.ini | 49 + .../ia/anythingsqlite/conf/.env.exemple | 5 + .../modules/ia/host-api/conf/.env.exemple | 11 + 4nk-local/modules/ia/ollama/conf/.env.exemple | 4 + 4nk-local/modules/ia/worker/conf/.env.exemple | 12 + .../modules/ihm-client/conf/.env.exemple | 3 + .../lecoffre/back-mini/conf/.env.exemple | 4 + .../projects/lecoffre/front/conf/.env.exemple | 6 + .../projects/lecoffre/ia/conf/.env.exemple | 3 + CHANGELOG.md | 10 +- conf/dnsmasq/dnsmasq.conf | 68 ++ conf/dnsmasq/dnsmasq.conf.exemple | 30 +- conf/monitoring/grafana.ini | 2 +- .../nginx/sites-enabled/4nk_node.conf.exemple | 26 +- docker-compose.yml | 854 ++++++++++++------ docs/ARCHITECTURE.md | 4 +- docs/BITCOIN_TROUBLESHOOTING.md | 12 +- docs/CONFIGURATION.md | 38 +- docs/DNSMASQ_SETUP.md | 32 +- docs/MONITORING.md | 28 +- docs/MONITORING_MODULES.md | 10 +- docs/NETWORK.md | 38 +- 27 files changed, 860 insertions(+), 411 deletions(-) create mode 100644 4nk-local/modules/data/minio/conf/.env.exemple create mode 100644 4nk-local/modules/data/neo4j/conf/.env.exemple create mode 100644 4nk-local/modules/data/opensearch/conf/.env.exemple create mode 100644 4nk-local/modules/data/postgres/conf/.env.exemple create mode 100644 4nk-local/modules/data/redis/conf/.env.exemple create mode 100644 4nk-local/modules/grafana/grafana/conf/grafana.ini create mode 100644 4nk-local/modules/ia/anythingsqlite/conf/.env.exemple create mode 100644 4nk-local/modules/ia/host-api/conf/.env.exemple create mode 100644 4nk-local/modules/ia/ollama/conf/.env.exemple create mode 100644 4nk-local/modules/ia/worker/conf/.env.exemple create mode 100644 4nk-local/modules/ihm-client/conf/.env.exemple create mode 100644 4nk-local/projects/lecoffre/back-mini/conf/.env.exemple create mode 100644 4nk-local/projects/lecoffre/front/conf/.env.exemple create mode 100644 4nk-local/projects/lecoffre/ia/conf/.env.exemple create mode 100644 conf/dnsmasq/dnsmasq.conf diff --git a/4nk-local/modules/data/minio/conf/.env.exemple b/4nk-local/modules/data/minio/conf/.env.exemple new file mode 100644 index 00000000..99a5125c --- /dev/null +++ b/4nk-local/modules/data/minio/conf/.env.exemple @@ -0,0 +1,5 @@ +# Configuration MinIO pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +MINIO_ROOT_USER=minioadmin +MINIO_ROOT_PASSWORD=minioadmin +MINIO_BUCKET=4nk-ia diff --git a/4nk-local/modules/data/neo4j/conf/.env.exemple b/4nk-local/modules/data/neo4j/conf/.env.exemple new file mode 100644 index 00000000..5aa9aea8 --- /dev/null +++ b/4nk-local/modules/data/neo4j/conf/.env.exemple @@ -0,0 +1,4 @@ +# Configuration Neo4j pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +NEO4J_AUTH=neo4j/4nkneo4j +NEO4J_PASSWORD=4nkneo4j diff --git a/4nk-local/modules/data/opensearch/conf/.env.exemple b/4nk-local/modules/data/opensearch/conf/.env.exemple new file mode 100644 index 00000000..0768b8e7 --- /dev/null +++ b/4nk-local/modules/data/opensearch/conf/.env.exemple @@ -0,0 +1,4 @@ +# Configuration OpenSearch pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch2025! +OPENSEARCH_USERNAME=admin diff --git a/4nk-local/modules/data/postgres/conf/.env.exemple b/4nk-local/modules/data/postgres/conf/.env.exemple new file mode 100644 index 00000000..e2c614ba --- /dev/null +++ b/4nk-local/modules/data/postgres/conf/.env.exemple @@ -0,0 +1,5 @@ +# Configuration PostgreSQL pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=4nk_ia diff --git a/4nk-local/modules/data/redis/conf/.env.exemple b/4nk-local/modules/data/redis/conf/.env.exemple new file mode 100644 index 00000000..4dd871b2 --- /dev/null +++ b/4nk-local/modules/data/redis/conf/.env.exemple @@ -0,0 +1,4 @@ +# Configuration Redis pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +REDIS_PASSWORD= +REDIS_DB=0 diff --git a/4nk-local/modules/grafana/grafana/conf/grafana.ini b/4nk-local/modules/grafana/grafana/conf/grafana.ini new file mode 100644 index 00000000..2311d658 --- /dev/null +++ b/4nk-local/modules/grafana/grafana/conf/grafana.ini @@ -0,0 +1,49 @@ +[paths] +data = /var/lib/grafana/data +logs = /var/lib/grafana/logs +plugins = /var/lib/grafana/plugins +provisioning = /etc/grafana/provisioning + +[server] +http_port = 3000 +http_addr = 0.0.0.0 +root_url = http://grafana.grafanalocal:3000/ +serve_from_sub_path = false + +[database] +type = sqlite3 +path = grafana.db + +[security] +admin_user = admin +admin_password = admin +secret_key = SW2YcwTIb9zpOOhoPsMm + +[users] +allow_sign_up = false +auto_assign_org = true +auto_assign_org_role = Viewer + +[log] +mode = console +level = info + +[alerting] +enabled = true + +[explore] +enabled = true + +[panels] +disable_sanitize_html = false + +[plugins] +enable_alpha = false +app_tls_skip_verify_insecure = false + +[auth] +disable_login_form = false +disable_signout_menu = false + +[auth.anonymous] +enabled = false diff --git a/4nk-local/modules/ia/anythingsqlite/conf/.env.exemple b/4nk-local/modules/ia/anythingsqlite/conf/.env.exemple new file mode 100644 index 00000000..ab2075fa --- /dev/null +++ b/4nk-local/modules/ia/anythingsqlite/conf/.env.exemple @@ -0,0 +1,5 @@ +# Configuration AnythingLLM pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +ANYLLM_API_KEY=4nk-anyllm-key +DISABLE_AUTH=true +STORAGE_DIR=/app/server/storage diff --git a/4nk-local/modules/ia/host-api/conf/.env.exemple b/4nk-local/modules/ia/host-api/conf/.env.exemple new file mode 100644 index 00000000..0379030f --- /dev/null +++ b/4nk-local/modules/ia/host-api/conf/.env.exemple @@ -0,0 +1,11 @@ +# Configuration Host API pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=4nk_ia +DATABASE_URL=postgresql+psycopg://postgres:postgres@postgres.data.modules.4nk-local:5432/4nk_ia +REDIS_URL=redis://redis.data.modules.4nk-local:6379/0 +LOG_LEVEL=INFO +LOG_FORMAT=json +SECRET_KEY=your_secret_key_here +ACCESS_TOKEN_EXPIRE_MINUTES=30 diff --git a/4nk-local/modules/ia/ollama/conf/.env.exemple b/4nk-local/modules/ia/ollama/conf/.env.exemple new file mode 100644 index 00000000..bdb9f936 --- /dev/null +++ b/4nk-local/modules/ia/ollama/conf/.env.exemple @@ -0,0 +1,4 @@ +# Configuration Ollama pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +OLLAMA_HOST=0.0.0.0 +OLLAMA_PORT=11434 diff --git a/4nk-local/modules/ia/worker/conf/.env.exemple b/4nk-local/modules/ia/worker/conf/.env.exemple new file mode 100644 index 00000000..35c9c1bb --- /dev/null +++ b/4nk-local/modules/ia/worker/conf/.env.exemple @@ -0,0 +1,12 @@ +# Configuration Worker pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=4nk_ia +DATABASE_URL=postgresql+psycopg://postgres:postgres@postgres.data.modules.4nk-local:5432/4nk_ia +REDIS_URL=redis://redis.data.modules.4nk-local:6379/0 +ANYLLM_API_KEY=4nk-anyllm-key +OLLAMA_BASE_URL=http://ollama.ia.modules.4nk-local:11434 +OPENSEARCH_URL=http://opensearch.data.modules.4nk-local:9200 +NEO4J_URL=bolt://neo4j.data.modules.4nk-local:7687 +NEO4J_AUTH=neo4j/4nkneo4j diff --git a/4nk-local/modules/ihm-client/conf/.env.exemple b/4nk-local/modules/ihm-client/conf/.env.exemple new file mode 100644 index 00000000..b0a8c630 --- /dev/null +++ b/4nk-local/modules/ihm-client/conf/.env.exemple @@ -0,0 +1,3 @@ +# Configuration IHM Client pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +# Configuration pour l'interface utilisateur diff --git a/4nk-local/projects/lecoffre/back-mini/conf/.env.exemple b/4nk-local/projects/lecoffre/back-mini/conf/.env.exemple new file mode 100644 index 00000000..ecf0050d --- /dev/null +++ b/4nk-local/projects/lecoffre/back-mini/conf/.env.exemple @@ -0,0 +1,4 @@ +# Configuration LeCoffre Back Mini pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +DB_PASSWORD=minibackpassword +LOG_LEVEL=debug diff --git a/4nk-local/projects/lecoffre/front/conf/.env.exemple b/4nk-local/projects/lecoffre/front/conf/.env.exemple new file mode 100644 index 00000000..95e6f652 --- /dev/null +++ b/4nk-local/projects/lecoffre/front/conf/.env.exemple @@ -0,0 +1,6 @@ +# Configuration LeCoffre Front pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +NEXT_PUBLIC_4NK_URL=http://ihm.client.modules.4nk-local:3003 +NEXT_PUBLIC_FRONT_APP_HOST=http://0.0.0.0:3000 +NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr +NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 diff --git a/4nk-local/projects/lecoffre/ia/conf/.env.exemple b/4nk-local/projects/lecoffre/ia/conf/.env.exemple new file mode 100644 index 00000000..3b96af6c --- /dev/null +++ b/4nk-local/projects/lecoffre/ia/conf/.env.exemple @@ -0,0 +1,3 @@ +# Configuration IA LeCoffre pour 4NK_node +# Copier ce fichier vers .env et modifier les valeurs +# Configuration pour le frontend IA intégré dans LeCoffre diff --git a/CHANGELOG.md b/CHANGELOG.md index e4925ee7..5256c33b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,9 @@ - Docker: définition explicite de la passerelle `172.20.0.1` pour `4nk_network` et ajout de `dns: 172.20.0.1` pour les services. - Ajout d’un ancrage `x-4nk-extra-hosts` et application à tous les services pour garantir la résolution intra-conteneur. - Entrypoints d’attente: - - `bitcoin.local`: attente brève réseau/DNS avant lancement. - - `blindbit-oracle.local`, `sdk_relay1/2/3.local`: attente de la résolution `bitcoin.local` et du cookie RPC avant lancement. -- Ports: `prometheus.local` écoute maintenant `9092 -> 9090` côté hôte; `sdk-signer.local` écoute `9093 -> 9090` (conflit 9090 résolu). + - `bitcoin.modules.4nk-local`: attente brève réseau/DNS avant lancement. + - `blindbit-oracle.modules.4nk-local`, `sdk_relay1/2/3.4nk-local`: attente de la résolution `bitcoin.modules.4nk-local` et du cookie RPC avant lancement. +- Ports: `prometheus.4nk-local` écoute maintenant `9092 -> 9090` côté hôte; `sdk-signer.4nk-local` écoute `9093 -> 9090` (conflit 9090 résolu). - Monitoring: centralisation des fichiers de configuration sous `conf/monitoring` et mise à jour des montages Compose (`grafana.ini`, `datasources.yml`, `prometheus.yml`, `promtail-config.yml`, `loki-config.yaml`). ### Docs @@ -48,8 +48,8 @@ ### Changed - **Architecture monitoring** : Remplacement de `log-monitoring.yml` par un système centralisé -- **Grafana** : Migration vers un Grafana central partagé (`grafana-central.local:3000`) -- **Configuration Bitcoin** : Correction de la résolution DNS pour `bitcoin.local` +- **Grafana** : Migration vers un Grafana central partagé (`grafana.grafanalocal:3000`) +- **Configuration Bitcoin** : Correction de la résolution DNS pour `bitcoin.modules.4nk-local` - **Port Prometheus** : Changement du port 9090 vers 9091 pour éviter les conflits ### Removed diff --git a/conf/dnsmasq/dnsmasq.conf b/conf/dnsmasq/dnsmasq.conf new file mode 100644 index 00000000..e4446faa --- /dev/null +++ b/conf/dnsmasq/dnsmasq.conf @@ -0,0 +1,68 @@ +# Configuration DNS pour 4NK_node +# Résolution des domaines .4nk-local vers les conteneurs Docker + +# Interface d'écoute +interface=docker0 +bind-interfaces + +# Port DNS +port=53 + +# Domaine local +domain=4nk-local + +# Résolution des domaines .4nk-local +# Modules (172.30.0.0/16) +address=/tor.modules.4nk-local/172.30.0.10 +address=/bitcoin.modules.4nk-local/172.30.0.11 +address=/blindbit-oracle.modules.4nk-local/172.30.0.12 +address=/sdk-storage.modules.4nk-local/172.30.0.13 +address=/sdk-relay1.modules.4nk-local/172.30.0.14 +address=/sdk-relay2.modules.4nk-local/172.30.0.15 +address=/sdk-relay3.modules.4nk-local/172.30.0.16 +address=/sdk-signer.modules.4nk-local/172.30.0.17 +address=/ihm.client.modules.4nk-local/172.30.0.18 +address=/nginx-proxy.modules.4nk-local/172.30.0.60 + +# SDK Relay (172.30.1.0/16) +address=/i1.sdk-relay.modules.4nk-local/172.30.1.11 +address=/i2.sdk-relay.modules.4nk-local/172.30.1.12 +address=/i3.sdk-relay.modules.4nk-local/172.30.1.13 + +# IA Modules (172.30.2.0/16) +address=/ollama.ia.modules.4nk-local/172.30.2.11 +address=/anythingsqlite.ia.modules.4nk-local/172.30.2.12 +address=/host-api.ia.modules.4nk-local/172.30.2.13 +address=/worker.ia.modules.4nk-local/172.30.2.14 + +# Grafana Modules (172.30.3.0/16) +address=/loki.grafana.modules.4nk-local/172.30.3.51 +address=/prometheus.grafana.modules.4nk-local/172.30.3.52 +address=/promtail.grafana.modules.4nk-local/172.30.3.53 +address=/grafana.grafana.modules.4nk-local/172.30.3.50 + +# Data Modules (172.30.4.0/16) +address=/postgres.data.modules.4nk-local/172.30.4.11 +address=/redis.data.modules.4nk-local/172.30.4.12 +address=/minio.data.modules.4nk-local/172.30.4.13 +address=/neo4j.data.modules.4nk-local/172.30.4.14 +address=/opensearch.data.modules.4nk-local/172.30.4.15 + +# Client Modules (172.30.5.0/16) +address=/sdk-signer.client.modules.4nk-local/172.30.5.11 +address=/ihm.client.modules.4nk-local/172.30.5.12 + +# LeCoffre Projects (172.31.0.0/16) +address=/front.lecoffre.projects.4nk-local/172.31.0.32 +address=/back-mini.lecoffre.projects.4nk-local/172.31.0.34 +address=/ia.lecoffre.projects.4nk-local/172.31.0.33 + +# Cache DNS +cache-size=1000 + +# Logs +log-queries +log-dhcp + +# Pas de redirection vers des serveurs externes pour .4nk-local +server=/4nk-local/ diff --git a/conf/dnsmasq/dnsmasq.conf.exemple b/conf/dnsmasq/dnsmasq.conf.exemple index 983010fb..e11f526b 100644 --- a/conf/dnsmasq/dnsmasq.conf.exemple +++ b/conf/dnsmasq/dnsmasq.conf.exemple @@ -6,18 +6,18 @@ bind-interfaces log-queries # 4NK Docker hosts -address=/tor.local/172.20.0.10 -address=/bitcoin.local/172.20.0.11 -address=/blindbit-oracle.local/172.20.0.12 -address=/sdk-storage.local/172.20.0.13 -address=/sdk-relay1.local/172.20.0.14 -address=/sdk-relay2.local/172.20.0.15 -address=/sdk-relay3.local/172.20.0.16 -address=/sdk-signer.local/172.20.0.17 -address=/ihm-client.local/172.20.0.18 -address=/coffre-front.local/172.20.0.32 -address=/coffre-back-mini.local/172.20.0.33 -address=/grafana-central.local/172.20.0.50 -address=/loki.local/172.20.0.51 -address=/prometheus.local/172.20.0.52 -address=/promtail.local/172.20.0.53 +address=/tor.modules.4nk-local/172.20.0.10 +address=/bitcoin.modules.4nk-local/172.20.0.11 +address=/blindbit-oracle.modules.4nk-local/172.20.0.12 +address=/sdk-storage.modules.4nk-local/172.20.0.13 +address=/i1.sdk-relay.4nk-local/172.20.0.14 +address=/i2.sdk-relay.4nk-local/172.20.0.15 +address=/i3.sdk-relay.4nk-local/172.20.0.16 +address=/sdk-signer.4nk-local/172.20.0.17 +address=/ihm.client.modules.4nk-local/172.20.0.18 +address=/coffre-front.4nk-local/172.20.0.32 +address=/coffre-back-mini.4nk-local/172.20.0.33 +address=/grafana.grafanalocal/172.20.0.50 +address=/loki.4nk-local/172.20.0.51 +address=/prometheus.4nk-local/172.20.0.52 +address=/promtail.4nk-local/172.20.0.53 diff --git a/conf/monitoring/grafana.ini b/conf/monitoring/grafana.ini index 0f7dea86..2311d658 100644 --- a/conf/monitoring/grafana.ini +++ b/conf/monitoring/grafana.ini @@ -7,7 +7,7 @@ provisioning = /etc/grafana/provisioning [server] http_port = 3000 http_addr = 0.0.0.0 -root_url = http://grafana-central.local:3000/ +root_url = http://grafana.grafanalocal:3000/ serve_from_sub_path = false [database] diff --git a/conf/nginx/sites-enabled/4nk_node.conf.exemple b/conf/nginx/sites-enabled/4nk_node.conf.exemple index 2936262f..44bca24a 100644 --- a/conf/nginx/sites-enabled/4nk_node.conf.exemple +++ b/conf/nginx/sites-enabled/4nk_node.conf.exemple @@ -8,7 +8,7 @@ server { # ihm_client (HTTP) location / { - proxy_pass http://ihm-client.4nk.local:80/; + proxy_pass http://ihm.client.modules.4nk.4nk-local:80/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -17,7 +17,7 @@ server { # sdk_storage location /sdk_storage/ { - proxy_pass http://sdk-storage.4nk.local:8081/; + proxy_pass http://sdk-storage.4nk.4nk-local:8081/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -26,7 +26,7 @@ server { # blindbit location /blindbit/ { - proxy_pass http://blindbit.4nk.local:8000/; + proxy_pass http://blindbit.4nk.4nk-local:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -34,28 +34,28 @@ server { } # relais (HTTP API) - location /relay1/ { proxy_pass http://sdk-relay1.4nk.local:8091/; } - location /relay2/ { proxy_pass http://sdk-relay2.4nk.local:8093/; } - location /relay3/ { proxy_pass http://sdk-relay3.4nk.local:8095/; } + location /relay1/ { proxy_pass http://sdk-relay1.4nk.4nk-local:8091/; } + location /relay2/ { proxy_pass http://sdk-relay2.4nk.4nk-local:8093/; } + location /relay3/ { proxy_pass http://sdk-relay3.4nk.4nk-local:8095/; } # relais (WebSocket) location /relay1/ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - proxy_pass http://sdk-relay1.4nk.local:8090/; + proxy_pass http://sdk-relay1.4nk.4nk-local:8090/; } location /relay2/ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - proxy_pass http://sdk-relay2.4nk.local:8092/; + proxy_pass http://sdk-relay2.4nk.4nk-local:8092/; } location /relay3/ws/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - proxy_pass http://sdk-relay3.4nk.local:8094/; + proxy_pass http://sdk-relay3.4nk.4nk-local:8094/; } # sdk_signer (WS et HTTP si exposés sur 9090/9092) @@ -63,20 +63,20 @@ server { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - proxy_pass http://sdk-signer.4nk.local:9090/; + proxy_pass http://sdk-signer.4nk.4nk-local:9090/; } location /signer/ { - proxy_pass http://sdk-signer.4nk.local:9092/; + proxy_pass http://sdk-signer.4nk.4nk-local:9092/; } # lecoffre-front location /coffre/ { - proxy_pass http://coffre-front.4nk.local:3003/; + proxy_pass http://coffre-front.4nk.4nk-local:3003/; } # miniback (expose /logs si nécessaire) location /miniback/ { - proxy_pass http://miniback.4nk.local:8081/; + proxy_pass http://miniback.4nk.4nk-local:8081/; } # Grafana (sous-chemin /grafana) diff --git a/docker-compose.yml b/docker-compose.yml index 276c8e8b..8a071e52 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,127 +2,209 @@ version: '3.8' x-4nk-extra-hosts: &x-4nk-extra-hosts extra_hosts: - - "tor.local:172.20.0.10" - - "bitcoin.local:172.20.0.11" - - "blindbit-oracle.local:172.20.0.12" - - "sdk-storage.local:172.20.0.13" - - "sdk-relay1.local:172.20.0.14" - - "sdk-relay2.local:172.20.0.15" - - "sdk-relay3.local:172.20.0.16" - - "sdk-signer.local:172.20.0.17" - - "ihm-client.local:172.20.0.18" - - "coffre-front.local:172.20.0.32" - - "coffre-back-mini.local:172.20.0.33" - - "grafana-central.local:172.20.0.50" - - "loki.local:172.20.0.51" - - "prometheus.local:172.20.0.52" - - "promtail.local:172.20.0.53" - - "4nk-ia-api.local:172.23.0.10" - - "4nk-ia-worker.local:172.23.0.11" - - "4nk-ia-postgres.local:172.23.0.12" - - "4nk-ia-redis.local:172.23.0.13" - - "4nk-ia-minio.local:172.23.0.14" - - "4nk-ia-ollama.local:172.23.0.15" - - "4nk-ia-anythingllm.local:172.23.0.16" - - "4nk-ia-neo4j.local:172.23.0.17" - - "4nk-ia-opensearch.local:172.23.0.18" + # modules.4nk-local (172.30.0.0/16) + - "tor.modules.4nk-local:172.30.0.10" + - "bitcoin.modules.4nk-local:172.30.0.11" + - "blindbit-oracle.modules.4nk-local:172.30.0.12" + - "sdk-storage.modules.4nk-local:172.30.0.13" + - "sdk-relay1.modules.4nk-local:172.30.0.14" + - "sdk-relay2.modules.4nk-local:172.30.0.15" + - "sdk-relay3.modules.4nk-local:172.30.0.16" + - "sdk-signer.modules.4nk-local:172.30.0.17" + - "nginx-proxy.modules.4nk-local:172.30.0.60" -# Updated to use newer Go-based images for builds; placeholder for future dynamic tag adjustments + # sdk-relay.modules.4nk-local (172.30.1.0/16) + - "i1.sdk-relay.modules.4nk-local:172.30.1.11" + - "i2.sdk-relay.modules.4nk-local:172.30.1.12" + - "i3.sdk-relay.modules.4nk-local:172.30.1.13" + # ia.modules.4nk-local (172.30.2.0/16) + - "ollama.ia.modules.4nk-local:172.30.2.11" + - "anythingsqlite.ia.modules.4nk-local:172.30.2.12" + - "host-api.ia.modules.4nk-local:172.30.2.13" + - "worker.ia.modules.4nk-local:172.30.2.14" + + # grafana.modules.4nk-local (172.30.3.0/16) + - "loki.grafana.modules.4nk-local:172.30.3.51" + - "prometheus.grafana.modules.4nk-local:172.30.3.52" + - "promtail.grafana.modules.4nk-local:172.30.3.53" + - "grafana.grafana.modules.4nk-local:172.30.3.50" + + # data.modules.4nk-local (172.30.4.0/16) + - "postgres.data.modules.4nk-local:172.30.4.11" + - "redis.data.modules.4nk-local:172.30.4.12" + - "minio.data.modules.4nk-local:172.30.4.13" + - "neo4j.data.modules.4nk-local:172.30.4.14" + - "opensearch.data.modules.4nk-local:172.30.4.15" + + # client.modules.4nk-local (172.30.5.0/16) + - "sdk-signer.client.modules.4nk-local:172.30.5.11" + - "ihm.client.modules.4nk-local:172.31.5.12" + + # lecoffre.projects.4nk-local (172.31.0.0/16) + - "front.lecoffre.projects.4nk-local:172.31.0.32" + - "back-mini.lecoffre.projects.4nk-local:172.31.0.34" + - "ia.lecoffre.projects.4nk-local:172.31.0.33" services: - # Service de setup Bitcoin - s'exécute une seule fois pour préparer les dossiers - bitcoin-setup: - image: alpine:latest - container_name: bitcoin-setup - volumes: - - ./modules/bitcoin/data:/bitcoin-data - - ./modules/bitcoin/conf:/bitcoin-conf - - ./modules/bitcoin/logs:/bitcoin-logs - - ./modules/blindbit-oracle/data:/blindbit-data - - ./modules/sdk_relay1/conf:/relay1-conf - - ./modules/sdk_relay2/conf:/relay2-conf - - ./modules/sdk_relay3/conf:/relay3-conf - - ./modules/ihm_client/conf:/ihm-conf - - ./scripts:/scripts - command: | - sh -c " - echo '=== Setup des dossiers Bitcoin ===' && - mkdir -p /bitcoin-data/wallets /bitcoin-data/signet /bitcoin-data/blocks /bitcoin-data/chainstate && - echo 'Dossiers Bitcoin créés' && - echo '=== Correction des fichiers de configuration ===' && - ([ -d /relay1-conf/sdk_relay1.conf ] && rm -rf /relay1-conf/sdk_relay1.conf && echo 'Suppression répertoire sdk_relay1.conf') || true && - ([ -d /relay2-conf/sdk_relay2.conf ] && rm -rf /relay2-conf/sdk_relay2.conf && echo 'Suppression répertoire sdk_relay2.conf') || true && - ([ -d /relay3-conf/sdk_relay3.conf ] && rm -rf /relay3-conf/sdk_relay3.conf && echo 'Suppression répertoire sdk_relay3.conf') || true && - ([ -d /ihm-conf/.env ] && rm -rf /ihm-conf/.env && echo 'Suppression répertoire .env') || true && - echo '=== Création des fichiers de configuration ===' && - ([ ! -f /relay1-conf/sdk_relay1.conf ] && [ -f /relay1-conf/sdk_relay1.conf.exemple ] && cp /relay1-conf/sdk_relay1.conf.exemple /relay1-conf/sdk_relay1.conf && echo 'Création sdk_relay1.conf') || true && - ([ ! -f /relay2-conf/sdk_relay2.conf ] && [ -f /relay2-conf/sdk_relay2.conf.exemple ] && cp /relay2-conf/sdk_relay2.conf.exemple /relay2-conf/sdk_relay2.conf && echo 'Création sdk_relay2.conf') || true && - ([ ! -f /relay3-conf/sdk_relay3.conf ] && [ -f /relay3-conf/sdk_relay3.conf.exemple ] && cp /relay3-conf/sdk_relay3.conf.exemple /relay3-conf/sdk_relay3.conf && echo 'Création sdk_relay3.conf') || true && - ([ ! -f /ihm-conf/.env ] && [ -f /ihm-conf/.env.exemple ] && cp /ihm-conf/.env.exemple /ihm-conf/.env && echo 'Création .env') || true && - echo '=== Correction blindbit-oracle ===' && - ([ -d /blindbit-data/blindbit.toml ] && rm -rf /blindbit-data/blindbit.toml && echo 'Suppression répertoire blindbit.toml dans data') || true && - echo '=== Setup terminé avec succès ===' - " - restart: "no" +# ==================== MODULES > DATA ==================== - tor.local: + postgres.data.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: postgres:16 + container_name: 4nk-ia-postgres.4nk-local + hostname: 4nk-ia-postgres.4nk-local + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: ${POSTGRES_DB} + volumes: + - ./4nk-local/modules/data/postgres/data:/var/lib/postgresql/data + - ./4nk-local/modules/data/postgres/logs:/var/log/postgresql + ports: + - "5432:5432" + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] + interval: 10s + timeout: 5s + retries: 5 + restart: unless-stopped + networks: + data.modules.4nk-local: + ipv4_address: 172.30.4.11 + + redis.data.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: redis:7 + container_name: 4nk-ia-redis.4nk-local + hostname: 4nk-ia-redis.4nk-local + command: ["redis-server", "--appendonly", "yes"] + volumes: + - ./4nk-local/modules/data/redis/data:/data + - ./4nk-local/modules/data/redis/logs:/var/log/redis + ports: + - "6379:6379" + restart: unless-stopped + networks: + data.modules.4nk-local: + ipv4_address: 172.30.4.12 + + minio.data.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: minio/minio:latest + container_name: minio.data.modules.4nk-local + hostname: minio.data.modules.4nk-local + command: server /data --console-address ":9001" + environment: + MINIO_ROOT_USER: ${MINIO_ROOT_USER} + MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} + volumes: + - ./4nk-local/modules/data/minio/data:/data + - ./4nk-local/modules/data/minio/logs:/var/log/minio + ports: + - "9000:9000" + - "9001:9001" + restart: unless-stopped + networks: + data.modules.4nk-local: + ipv4_address: 172.30.4.13 + + neo4j.data.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: neo4j:5 + container_name: neo4j.data.modules.4nk-local + hostname: neo4j.data.modules.4nk-local + environment: + - NEO4J_AUTH=${NEO4J_AUTH} + volumes: + - ./4nk-local/modules/data/neo4j/data:/data + - ./4nk-local/modules/data/neo4j/logs:/var/log/neo4j + ports: + - "7474:7474" + - "7687:7687" + restart: unless-stopped + networks: + data.modules.4nk-local: + ipv4_address: 172.30.4.14 + + opensearch.data.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: opensearchproject/opensearch:2.14.0 + container_name: opensearch.data.modules.4nk-local + hostname: 4nk-ia-opensearch.4nk-local + environment: + - discovery.type=single-node + - OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch2025! + ulimits: + memlock: + soft: -1 + hard: -1 + volumes: + - ./4nk-local/modules/data/opensearch/data:/usr/share/opensearch/data + - ./4nk-local/modules/data/opensearch/logs:/var/log/opensearch + ports: + - "9200:9200" + restart: unless-stopped + networks: + data.modules.4nk-local: + ipv4_address: 172.30.4.15 + +# ==================== MODULES ==================== + + tor.modules.4nk-local: <<: *x-4nk-extra-hosts image: dperson/torproxy:latest - container_name: tor.local - hostname: tor.local + container_name: tor.modules.4nk-local + hostname: tor.modules.4nk-local ports: - "9050:9050" - "9051:9051" networks: - 4nk_network: - ipv4_address: 172.20.0.10 + modules.4nk-local: + ipv4_address: 172.30.0.10 restart: unless-stopped - bitcoin.local: + bitcoin.modules.4nk-local: <<: *x-4nk-extra-hosts image: ruimarinho/bitcoin-core:latest - container_name: bitcoin.local - hostname: bitcoin.local + container_name: bitcoin.modules.4nk-local + hostname: bitcoin.modules.4nk-local entrypoint: ["/bin/sh","-c","for i in $(seq 1 30); do if grep -q '172.20.0.11' /proc/net/fib_trie 2>/dev/null; then break; fi; sleep 1; done; exec /entrypoint.sh bitcoind"] ports: - "38332:38332" - "29000:29000" volumes: - - ./modules/bitcoin/data:/home/bitcoin/.bitcoin - - ./modules/bitcoin/conf/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf - - ./modules/bitcoin/logs:/home/bitcoin/.bitcoin/logs - dns: - - 172.20.0.1 # Gateway Docker pour accéder à dnsmasq + - ./4nk-local/modules/bitcoin/data:/home/bitcoin/.bitcoin + - ./4nk-local/modules/bitcoin/conf/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf + - ./4nk-local/modules/bitcoin/logs:/home/bitcoin/.bitcoin/logs networks: - 4nk_network: - ipv4_address: 172.20.0.11 + modules.4nk-local: + ipv4_address: 172.30.0.11 restart: unless-stopped depends_on: - - bitcoin-setup - - tor.local + - tor.modules.4nk-local - blindbit-oracle.local: + blindbit-oracle.modules.4nk-local: <<: *x-4nk-extra-hosts image: git.4nkweb.com/4nk/blindbit-oracle:dev - container_name: blindbit-oracle.local - hostname: blindbit-oracle.local - entrypoint: ["/bin/sh","-c","for i in $(seq 1 300); do if getent hosts bitcoin.local >/dev/null 2>&1 && [ -f /home/bitcoin/.bitcoin/signet/.cookie ]; then break; fi; sleep 1; done; exec \"$@\"","--"] + container_name: blindbit-oracle.modules.4nk-local + hostname: blindbit-oracle.modules.4nk-local + entrypoint: ["/bin/sh","-c","for i in $(seq 1 300); do if getent hosts bitcoin.modules.4nk-local >/dev/null 2>&1 && [ -f /home/bitcoin/.bitcoin/signet/.cookie ]; then break; fi; sleep 1; done; exec \"$@\"","--"] ports: - "8000:8000" command: [ "/main", "--datadir", "/blindbit-oracle" ] working_dir: / volumes: - - ./modules/blindbit-oracle/data:/blindbit-oracle - - ./modules/blindbit-oracle/conf/blindbit.toml:/blindbit-oracle/blindbit.toml:ro - - ./modules/blindbit-oracle/logs:/blindbit-oracle/logs + - ./4nk-local/modules/blindbit-oracle/data:/blindbit-oracle + - ./4nk-local/modules/blindbit-oracle/conf/blindbit.toml:/blindbit-oracle/blindbit.toml:ro + - ./4nk-local/modules/blindbit-oracle/logs:/blindbit-oracle/logs # Accès au répertoire Bitcoin pour le cookie RPC - ./modules/bitcoin/data:/home/bitcoin/.bitcoin:ro networks: - 4nk_network: - ipv4_address: 172.20.0.12 + modules.4nk-local: + ipv4_address: 172.30.0.12 restart: unless-stopped depends_on: - - bitcoin.local + - bitcoin.modules.4nk-local healthcheck: test: [ "CMD", "wget", "--quiet", "--tries=1", "--timeout=5", "--spider", "http://localhost:8000" ] interval: 30s @@ -130,9 +212,9 @@ services: retries: 3 start_period: 40s environment: - - host=blindbit-oracle.local:8000 + - host=blindbit-oracle.modules.4nk-local:8000 - chain=signet - - rpc_endpoint=http://bitcoin.local:38332 + - rpc_endpoint=http://bitcoin.modules.4nk-local:38332 - cookie_path=/home/bitcoin/.bitcoin/signet/.cookie - rpc_user= - rpc_pass= @@ -144,19 +226,19 @@ services: - tweaks_full_with_dust_filter=1 - tweaks_cut_through_with_dust_filter=1 - sdk_storage.local: + sdk-storage.modules.4nk-local: <<: *x-4nk-extra-hosts image: git.4nkweb.com/4nk/sdk_storage:dev - container_name: sdk-storage.local - hostname: sdk-storage.local + container_name: sdk-storage.modules.4nk-local + hostname: sdk-storage.modules.4nk-local ports: - "8081:8080" volumes: - - ./modules/sdk_storage/conf/sdk_storage.conf:/usr/local/bin/sdk_storage.conf:ro - - ./modules/sdk_storage/log:/app/logs + - ./4nk-local/modules/sdk-storage/conf/sdk_storage.conf:/usr/local/bin/sdk_storage.conf:ro + - ./4nk-local/modules/sdk-storage/logs:/app/logs networks: - 4nk_network: - ipv4_address: 172.20.0.13 + modules.4nk-local: + ipv4_address: 172.30.0.13 restart: unless-stopped healthcheck: test: [ "CMD", "wget", "--quiet", "--tries=1", "--timeout=5", "--spider", "http://localhost:8080" ] @@ -165,12 +247,14 @@ services: retries: 3 start_period: 40s - sdk_relay1.local: +# ==================== MODULES > RELAY ==================== + + i1.sdk-relay.modules.4nk-local: <<: *x-4nk-extra-hosts image: git.4nkweb.com/4nk/sdk_relay:dev - container_name: sdk-relay1.local - hostname: sdk-relay1.local - entrypoint: ["/bin/sh","-c","for i in $(seq 1 300); do if getent hosts bitcoin.local >/dev/null 2>&1 && [ -f /home/bitcoin/.bitcoin/signet/.cookie ]; then break; fi; sleep 1; done; exec \"$@\""] + container_name: i1.sdk-relay.modules.4nk-local + hostname: i1.sdk-relay.modules.4nk-local + entrypoint: ["/bin/sh","-c","for i in $(seq 1 300); do if getent hosts bitcoin.modules.4nk-local >/dev/null 2>&1 && [ -f /home/bitcoin/.bitcoin/signet/.cookie ]; then break; fi; sleep 1; done; exec \"$@\""] ports: - "8090:8090" - "8091:8091" @@ -182,15 +266,15 @@ services: - relay_rpc_password= - cookie_path=/home/bitcoin/.bitcoin/signet/.cookie volumes: - - ./modules/sdk_relay1/conf/sdk_relay1.conf:/home/bitcoin/.conf:ro - - ./modules/sdk_relay1/logs:/home/bitcoin/logs + - ./4nk-local/modules/sdk-relay/i1/conf/1.sdk-relay.modulesconf:/home/bitcoin/.conf:ro + - ./4nk-local/modules/sdk-relay/i1/logs:/home/bitcoin/logs working_dir: /home/bitcoin networks: - 4nk_network: - ipv4_address: 172.20.0.14 + sdk-relay.modules.4nk-local: + ipv4_address: 172.30.1.11 restart: unless-stopped depends_on: - - blindbit-oracle.local + - blindbit-oracle.modules.4nk-local healthcheck: test: [ "CMD", "curl", "-f", "http://localhost:8090/health" ] interval: 30s @@ -198,12 +282,12 @@ services: retries: 3 start_period: 40s - sdk_relay2.local: + i2.sdk-relay.modules.4nk-local: <<: *x-4nk-extra-hosts image: git.4nkweb.com/4nk/sdk_relay:dev - container_name: sdk-relay2.local - hostname: sdk-relay2.local - entrypoint: ["/bin/sh","-c","for i in $(seq 1 300); do if getent hosts bitcoin.local >/dev/null 2>&1 && [ -f /home/bitcoin/.bitcoin/signet/.cookie ]; then break; fi; sleep 1; done; exec \"$@\""] + container_name: i2.sdk-relay.modules.4nk-local + hostname: i2.sdk-relay.modules.4nk-local + entrypoint: ["/bin/sh","-c","for i in $(seq 1 300); do if getent hosts bitcoin.modules.4nk-local >/dev/null 2>&1 && [ -f /home/bitcoin/.bitcoin/signet/.cookie ]; then break; fi; sleep 1; done; exec \"$@\""] ports: - "8092:8090" - "8093:8091" @@ -215,15 +299,15 @@ services: - relay_rpc_password= - cookie_path=/home/bitcoin/.bitcoin/signet/.cookie volumes: - - ./modules/sdk_relay2/conf/sdk_relay2.conf:/home/bitcoin/.conf:ro - - ./modules/sdk_relay2/logs:/home/bitcoin/logs + - ./4nk-local/modules/sdk-relay/i2/conf/sdk_relay2.conf:/home/bitcoin/.conf:ro + - ./4nk-local/modules/sdk-relay/i2/logs:/home/bitcoin/logs working_dir: /home/bitcoin networks: - 4nk_network: - ipv4_address: 172.20.0.15 + sdk-relay.modules.4nk-local: + ipv4_address: 172.30.1.12 restart: unless-stopped depends_on: - - blindbit-oracle.local + - blindbit-oracle.modules.4nk-local healthcheck: test: [ "CMD", "curl", "-f", "http://localhost:8090/health" ] interval: 30s @@ -231,12 +315,12 @@ services: retries: 3 start_period: 40s - sdk_relay3.local: + i3.sdk-relay.modules.4nk-local: <<: *x-4nk-extra-hosts image: git.4nkweb.com/4nk/sdk_relay:dev - container_name: sdk-relay3.local - hostname: sdk-relay3.local - entrypoint: ["/bin/sh","-c","for i in $(seq 1 300); do if getent hosts bitcoin.local >/dev/null 2>&1 && [ -f /home/bitcoin/.bitcoin/signet/.cookie ]; then break; fi; sleep 1; done; exec \"$@\""] + container_name: i3.sdk-relay.modules.4nk-local + hostname: i3.sdk-relay.modules.4nk-local + entrypoint: ["/bin/sh","-c","for i in $(seq 1 300); do if getent hosts bitcoin.modules.4nk-local >/dev/null 2>&1 && [ -f /home/bitcoin/.bitcoin/signet/.cookie ]; then break; fi; sleep 1; done; exec \"$@\""] ports: - "8094:8090" - "8095:8091" @@ -248,15 +332,15 @@ services: - relay_rpc_password= - cookie_path=/home/bitcoin/.bitcoin/signet/.cookie volumes: - - ./modules/sdk_relay3/conf/sdk_relay3.conf:/home/bitcoin/.conf:ro - - ./modules/sdk_relay3/logs:/home/bitcoin/logs + - ./4nk-local/modules/sdk-relay/i3/conf/sdk_relay3.conf:/home/bitcoin/.conf:ro + - ./4nk-local/modules/sdk-relay/i3/logs:/home/bitcoin/logs working_dir: /home/bitcoin networks: - 4nk_network: - ipv4_address: 172.20.0.16 + sdk-relay.modules.4nk-local: + ipv4_address: 172.30.1.13 restart: unless-stopped depends_on: - - blindbit-oracle.local + - blindbit-oracle.modules.4nk-local healthcheck: test: [ "CMD", "curl", "-f", "http://localhost:8090/health" ] interval: 30s @@ -264,26 +348,28 @@ services: retries: 3 start_period: 40s - sdk_signer.local: +# ==================== MODULES > CLIENT MODES ==================== + + sdk-signer.client.modules.4nk-local: <<: *x-4nk-extra-hosts image: git.4nkweb.com/4nk/sdk_signer:dev - container_name: sdk-signer.local - hostname: sdk-signer.local + container_name: sdk-signer.client.modules.4nk-local + hostname: sdk-signer.client.modules.4nk-local ports: - "9093:9090" volumes: - - ./modules/sdk_signer/conf/sdk_signer.conf:/usr/local/bin/sdk_signer.conf:ro - - ./modules/sdk_signer/data:/app/data - - ./modules/sdk_signer/logs:/usr/src/app/logs + - ./4nk-local/modules/sdk-signer/conf/sdk_signer.conf:/usr/local/bin/sdk_signer.conf:ro + - ./4nk-local/modules/sdk-signer/data:/app/data + - ./4nk-local/modules/sdk-signer/logs:/usr/src/app/logs networks: - 4nk_network: - ipv4_address: 172.20.0.17 + client.modules.4nk-local: + ipv4_address: 172.30.5.11 restart: unless-stopped depends_on: - - sdk_storage.local - - sdk_relay1.local - - sdk_relay2.local - - sdk_relay3.local + - sdk-storage.modules.4nk-local + - i1.sdk-relay.modules.4nk-local + - i2.sdk-relay.modules.4nk-local + - i3.sdk-relay.modules.4nk-local healthcheck: test: [ "CMD", "wget", "--quiet", "--tries=1", "--timeout=5", "--spider", "http://localhost:9090" ] interval: 30s @@ -291,26 +377,26 @@ services: retries: 3 start_period: 40s - ihm_client.local: + ihm.client.modules.4nk-local: <<: *x-4nk-extra-hosts image: git.4nkweb.com/4nk/ihm_client:dev - container_name: ihm-client.local - hostname: ihm-client.local + container_name: ihm.client.modules.4nk-local + hostname: ihm.client.modules.4nk-local ports: - "8080:80" - "3003:3003" volumes: - - ./modules/ihm_client/logs:/var/log/ihm_client - - ./modules/ihm_client/conf/.env:/app/.env:ro + - ./4nk-local/modules/ihm-client/logs:/var/log/ihm_client + - ./4nk-local/modules/ihm-client/conf/.env:/app/.env:ro networks: - 4nk_network: - ipv4_address: 172.20.0.18 + client.modules.4nk-local: + ipv4_address: 172.31.5.12 restart: unless-stopped depends_on: - - sdk_storage.local - - sdk_relay1.local - - sdk_relay2.local - - sdk_relay3.local + - sdk-storage.modules.4nk-local + - i1.sdk-relay.modules.4nk-local + - i2.sdk-relay.modules.4nk-local + - i3.sdk-relay.modules.4nk-local healthcheck: test: [ "CMD", "wget", "--quiet", "--tries=1", "--timeout=5", "--spider", "http://localhost" ] interval: 30s @@ -319,31 +405,280 @@ services: start_period: 40s environment: - U32_MAX=4294967295 - - BASEURL=http://ihm-client.local - - BOOTSTRAPURL=["http://sdk-relay1.local:8090"] - - STORAGEURL=http://sdk-storage.local/storage - - BLINDBITURL=http://blindbit.local:8000 + - BASEURL=http://ihm.client.modules.4nk-local + - BOOTSTRAPURL=["http://i1.sdk-relay.4nk-local:8090"] + - STORAGEURL=http://sdk-storage.modules.4nk-local/storage + - BLINDBITURL=http://blindbit.modules.4nk-local:8000 - DEFAULTAMOUNT=1000 - coffre-front.local: +# ==================== MODULES > IA ==================== + + ollama.ia.modules.4nk-local: <<: *x-4nk-extra-hosts - image: git.4nkweb.com/4nk/lecoffre-front:ajanin - container_name: coffre-front.local - hostname: coffre-front.local + image: ollama/ollama:latest + container_name: ollama.ia.modules.4nk-local + hostname: ollama.ia.modules.4nk-local volumes: - - ./projects/lecoffre/lecoffre-front/logs:/logs - - ./projects/lecoffre/lecoffre-front/conf/.env.local:/leCoffre-front/.env.local:ro + - ./4nk-local/modules/ia/ollama/data:/root/.ollama + - ./4nk-local/modules/ia/ollama/logs:/var/log/ollama + ports: + - "11435:11434" # Port modifié pour éviter les conflits + environment: + - OLLAMA_HOST=0.0.0.0 + restart: unless-stopped + profiles: ["production", "development"] networks: - 4nk_network: - ipv4_address: 172.20.0.32 + ia.modules.4nk-local: + ipv4_address: 172.30.2.11 + + anythingsqlite.ia.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: mintplexlabs/anythingllm:latest + container_name: anythingsqlite.ia.modules.4nk-local + hostname: anythingsqlite.ia.modules.4nk-local + environment: + - DISABLE_AUTH=true + - STORAGE_DIR=/app/server/storage + depends_on: + - ollama.ia.modules.4nk-local + ports: + - "3001:3001" + volumes: + - ./4nk-local/modules/ia/anythingsqlite/data:/app/server/storage + - ./4nk-local/modules/ia/anythingsqlite/logs:/var/log/anythingllm + restart: unless-stopped + profiles: ["production", "development"] + networks: + ia.modules.4nk-local: + ipv4_address: 172.30.2.12 + + host-api.ia.modules.4nk-local: + <<: *x-4nk-extra-hosts + build: + context: ./docker/host-api + dockerfile: Dockerfile + container_name: host-api.ia.modules.4nk-local + hostname: host-api.ia.modules.4nk-local + labels: + - logging=promtail + - project=4nk_ia_back + env_file: ./.env + environment: + POSTGRES_USER: ${POSTGRES_USER:-postgres} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres} + POSTGRES_DB: ${POSTGRES_DB:-4nk_ia} + DATABASE_URL: postgresql+psycopg://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres.data.modules.4nk-local:5432/$POSTGRES_DB + REDIS_URL: redis://redis.data.modules.4nk-local:6379/0 + MINIO_ENDPOINT: 4nk-ia-minio.4nk-local:9000 + MINIO_BUCKET: ${MINIO_BUCKET} + ANYLLM_BASE_URL: http://4nk-ia-anythingllm.4nk-local:3001 + ANYLLM_API_KEY: ${ANYLLM_API_KEY} + OLLAMA_BASE_URL: http://4nk-ia-ollama.4nk-local:11434 + OPENSEARCH_URL: http://4nk-ia-opensearch.4nk-local:9200 + NEO4J_URL: bolt://4nk-ia-neo4j.4nk-local:7687 + NEO4J_AUTH: ${NEO4J_AUTH} + # Configuration de l'API + API_HOST: 0.0.0.0 + API_PORT: 8000 + API_WORKERS: 4 + LOG_LEVEL: ${LOG_LEVEL:-INFO} + LOG_FORMAT: ${LOG_FORMAT:-json} + # Sécurité + SECRET_KEY: ${SECRET_KEY:-your_secret_key_here} + ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-30} + volumes: + - ./4nk-local/modules/ia/host-api/data:/app + - ./4nk-local/modules/ia/host-api/logs:/app/logs + ports: + - "8001:8000" # Port externe 8001 pour éviter les conflits + depends_on: + postgres.data.modules.4nk-local: + condition: service_healthy + redis.data.modules.4nk-local: + condition: service_started + minio.data.modules.4nk-local: + condition: service_started + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000/api/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + restart: unless-stopped + networks: + ia.modules.4nk-local: + ipv4_address: 172.30.2.13 + + worker.ia.modules.4nk-local: + <<: *x-4nk-extra-hosts + build: + context: ./ + dockerfile: docker/worker/Dockerfile + container_name: worker.ia.modules.4nk-local + hostname: worker.ia.modules.4nk-local + labels: + - logging=promtail + - project=4nk_ia_back + env_file: ./.env + environment: + POSTGRES_USER: ${POSTGRES_USER:-postgres} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres} + POSTGRES_DB: ${POSTGRES_DB:-4nk_ia} + DATABASE_URL: postgresql+psycopg://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres.data.modules.4nk-local:5432/$POSTGRES_DB + REDIS_URL: redis://redis.data.modules.4nk-local:6379/0 + MINIO_ENDPOINT: 4nk-ia-minio.4nk-local:9000 + MINIO_BUCKET: ${MINIO_BUCKET} + ANYLLM_BASE_URL: http://4nk-ia-anythingllm.4nk-local:3001 + ANYLLM_API_KEY: ${ANYLLM_API_KEY} + OLLAMA_BASE_URL: http://4nk-ia-ollama.4nk-local:11434 + OPENSEARCH_URL: http://4nk-ia-opensearch.4nk-local:9200 + NEO4J_URL: bolt://4nk-ia-neo4j.4nk-local:7687 + NEO4J_AUTH: ${NEO4J_AUTH} + volumes: + - ./4nk-local/modules/ia/worker/data:/app + - ./4nk-local/modules/ia/worker/logs:/app/logs + depends_on: + - host-api.ia.modules.4nk-local + restart: unless-stopped + profiles: ["production"] + networks: + ia.modules.4nk-local: + ipv4_address: 172.30.2.14 + + # ==================== MODULES >GRAFANA ==================== + + loki.grafana.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: grafana/loki:2.9.0 + container_name: loki.grafana.modules.4nk-local + hostname: loki.grafana.modules.4nk-local + ports: + - "3100:3100" + command: -config.file=/etc/loki/local-config.yaml + volumes: + - ./4nk-local/modules/grafana/loki/conf/loki-config.yaml:/etc/loki/local-config.yaml:ro + - ./4nk-local/modules/grafana/loki/data:/loki + - ./4nk-local/modules/grafana/loki/logs:/var/log/loki + networks: + grafana.modules.4nk-local: + ipv4_address: 172.30.3.51 restart: unless-stopped + prometheus.grafana.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: prom/prometheus:v2.54.1 + container_name: prometheus.grafana.modules.4nk-local + hostname: prometheus.grafana.modules.4nk-local + ports: + - "9092:9091" + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/etc/prometheus/console_libraries' + - '--web.console.templates=/etc/prometheus/consoles' + - '--storage.tsdb.retention.time=200h' + - '--web.enable-lifecycle' + volumes: + - ./4nk-local/modules/grafana/prometheus/conf/prometheus.yml:/etc/prometheus/prometheus.yml:ro + - ./4nk-local/modules/grafana/prometheus/data:/prometheus + - ./4nk-local/modules/grafana/prometheus/logs:/var/log/prometheus + networks: + grafana.modules.4nk-local: + ipv4_address: 172.30.3.52 + restart: unless-stopped + + promtail.grafana.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: grafana/promtail:2.9.0 + container_name: promtail.grafana.modules.4nk-local + hostname: promtail.grafana.modules.4nk-local + command: -config.file=/etc/promtail/config.yml + volumes: + - ./4nk-local/modules/grafana/promtail/conf/promtail-config.yml:/etc/promtail/config.yml:ro + - ./4nk-local/modules/grafana/promtail/logs:/var/log/promtail + - /var/lib/docker/containers:/var/lib/docker/containers:ro + - /var/log/docker:/var/log/docker:ro + - ./4nk-local/modules:/workspace/modules:ro + - ./4nk-local/projects:/workspace/projects:ro + - ./4nk-local/modules/grafana/grafana/logs:/workspace/logs:ro + networks: + grafana.modules.4nk-local: + ipv4_address: 172.30.3.53 + restart: unless-stopped depends_on: - - coffre-back-mini.local - - ihm_client.local - - sdk_signer.local + - loki.grafana.modules.4nk-local + + grafana.grafana.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: grafana/grafana:10.0.0 + container_name: grafana.grafana.modules.4nk-local + hostname: grafana.grafana.modules.4nk-local + ports: + - "3000:3000" environment: - - NEXT_PUBLIC_4NK_URL=http://ihm-client.local:3003 + - GF_SECURITY_ADMIN_PASSWORD=admin + - GF_USERS_ALLOW_SIGN_UP=false + - GF_SERVER_ROOT_URL=http://grafana.grafanalocal:3000 + - GF_SERVER_SERVE_FROM_SUB_PATH=false + volumes: + - ./4nk-local/modules/grafana/grafana/data:/var/lib/grafana + - ./4nk-local/modules/grafana/grafana/conf/grafana.ini:/etc/grafana/grafana.ini:ro + - ./4nk-local/modules/grafana/grafana/conf/datasources.yml:/etc/grafana/provisioning/datasources/datasources.yml:ro + - ./4nk-local/modules/grafana/grafana/conf/dashboards:/etc/grafana/provisioning/dashboards:ro + - ./4nk-local/modules/grafana/grafana/logs:/var/log/grafana + networks: + grafana.modules.4nk-local: + ipv4_address: 172.30.3.50 + restart: unless-stopped + depends_on: + - loki.grafana.modules.4nk-local + - prometheus.grafana.modules.4nk-local + healthcheck: + test: ["CMD", "wget", "--quiet", "--tries=1", "--timeout=5", "--spider", "http://localhost:3000/api/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + + # ==================== MODULES OTHER ==================== + + nginx-proxy.modules.4nk-local: + <<: *x-4nk-extra-hosts + image: nginx:alpine + container_name: nginx-proxy.modules.4nk-local + hostname: nginx-proxy.modules.4nk-local + ports: + - "443:443" + volumes: + - ./4nk-local/modules/nginx-proxy/conf/nginx.conf:/etc/nginx/nginx.conf:ro + - ./4nk-local/modules/nginx-proxy/certs/local.crt:/etc/nginx/certs/local.crt:ro + - ./4nk-local/modules/nginx-proxy/certs/local.key:/etc/nginx/certs/local.key:ro + - ./4nk-local/modules/nginx-proxy/logs:/var/log/nginx + networks: + modules.4nk-local: + ipv4_address: 172.30.0.60 + restart: unless-stopped + +# ==================== PROJECTS > LECOFFRE ==================== + + front.lecoffre.projects.4nk-local: + <<: *x-4nk-extra-hosts + image: git.4nkweb.com/4nk/lecoffre-front:ajanin + container_name: front.lecoffre.projects.4nk-local + hostname: front.lecoffre.projects.4nk-local + volumes: + - ./4nk-local/projects/lecoffre/front/logs:/logs + - ./4nk-local/projects/lecoffre/front/conf/.env.4nk-local:/leCoffre-front/.env.4nk-local:ro + networks: + lecoffre.projects.4nk-local: + ipv4_address: 172.31.0.32 + restart: unless-stopped + depends_on: + - back-mini.lecoffre.projects.4nk-local + - ihm.client.modules.4nk-local + - sdk-signer.client.modules.4nk-local + environment: + - NEXT_PUBLIC_4NK_URL=http://ihm.client.modules.4nk-local:3003 - NEXT_PUBLIC_FRONT_APP_HOST=http://0.0.0.0:3000 - NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 @@ -353,16 +688,33 @@ services: - NEXT_PUBLIC_BACK_API_ROOT_URL=/api - NEXT_PUBLIC_BACK_API_VERSION=/v1 - coffre-back-mini.local: + + ia.lecoffre.projects.4nk-local: + <<: *x-4nk-extra-hosts + image: git.4nkweb.com/4nk/4nk-ia-front:dev + container_name: ia.lecoffre.projects.4nk-local + hostname: ia.lecoffre.projects.4nk-local + volumes: + - ./4nk-local/projects/lecoffre/ia/logs:/logs + networks: + lecoffre.projects.4nk-local: + ipv4_address: 172.31.0.33 + ia.modules.4nk-local: + ipv4_address: 172.30.2.15 + restart: unless-stopped + depends_on: + - host-api.ia.modules.4nk-local + + back-mini.lecoffre.projects.4nk-local: <<: *x-4nk-extra-hosts image: git.4nkweb.com/4nk/lecoffre-back-mini:dev - container_name: coffre-back-mini.local - hostname: coffre-back-mini.local + container_name: back-mini.lecoffre.projects.4nk-local + hostname: back-mini.lecoffre.projects.4nk-local volumes: - - ./modules/lecoffre/lecoffre-back-mini/conf/.env:/app/.env:ro + - ./4nk-local/projects/lecoffre/back-mini/conf/.env:/app/.env:ro networks: - 4nk_network: - ipv4_address: 172.20.0.33 + lecoffre.projects.4nk-local: + ipv4_address: 172.31.0.34 restart: unless-stopped environment: - OVH_SMS_SERVICE_NAME=sms-tt802880-1 @@ -375,8 +727,8 @@ services: - STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB - APP_HOST=http://0.0.0.0 - PORT=8080 - - NEXT_PUBLIC_4NK_URL=http://ihm-client.local - - NEXT_PUBLIC_FRONT_APP_HOST=http://coffre-front.local:3000 + - NEXT_PUBLIC_4NK_URL=http://ihm.client.modules.4nk-local + - NEXT_PUBLIC_FRONT_APP_HOST=http://coffre-front.4nk-local:3000 - NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 - NEXT_PUBLIC_IDNOT_CLIENT_ID=4501646203F3EF67 @@ -393,140 +745,50 @@ services: - DB_PASSWORD=minibackpassword - LOG_LEVEL=debug - loki.local: - <<: *x-4nk-extra-hosts - image: grafana/loki:2.9.0 - container_name: loki.local - hostname: loki.local - ports: - - "3100:3100" - command: -config.file=/etc/loki/local-config.yaml - volumes: - - ./conf/monitoring/loki-config.yaml:/etc/loki/local-config.yaml:ro - - loki_data:/loki - networks: - 4nk_network: - ipv4_address: 172.20.0.51 - restart: unless-stopped - prometheus.local: - <<: *x-4nk-extra-hosts - image: prom/prometheus:v2.54.1 - container_name: prometheus.local - hostname: prometheus.local - ports: - - "9092:9091" - command: - - '--config.file=/etc/prometheus/prometheus.yml' - - '--storage.tsdb.path=/prometheus' - - '--web.console.libraries=/etc/prometheus/console_libraries' - - '--web.console.templates=/etc/prometheus/consoles' - - '--storage.tsdb.retention.time=200h' - - '--web.enable-lifecycle' - volumes: - - ./conf/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro - - prometheus_data:/prometheus - networks: - 4nk_network: - ipv4_address: 172.20.0.52 - restart: unless-stopped - promtail.local: - <<: *x-4nk-extra-hosts - image: grafana/promtail:2.9.0 - container_name: promtail.local - hostname: promtail.local - command: -config.file=/etc/promtail/config.yml - volumes: - - ./conf/monitoring/promtail-config.yml:/etc/promtail/config.yml:ro - - /var/lib/docker/containers:/var/lib/docker/containers:ro - - /var/log/docker:/var/log/docker:ro - - ./modules:/workspace/modules:ro - - ./projects:/workspace/projects:ro - - ./modules/grafana-central/logs:/workspace/logs:ro - networks: - 4nk_network: - ipv4_address: 172.20.0.53 - restart: unless-stopped - depends_on: - - loki.local - - grafana-central.local: - <<: *x-4nk-extra-hosts - image: grafana/grafana:10.0.0 - container_name: grafana-central.local - hostname: grafana-central.local - ports: - - "3000:3000" - environment: - - GF_SECURITY_ADMIN_PASSWORD=admin - - GF_USERS_ALLOW_SIGN_UP=false - - GF_SERVER_ROOT_URL=http://grafana-central.local:3000 - - GF_SERVER_SERVE_FROM_SUB_PATH=false - volumes: - - grafana_central_data:/var/lib/grafana - - ./conf/monitoring/grafana.ini:/etc/grafana/grafana.ini:ro - - ./conf/monitoring/datasources.yml:/etc/grafana/provisioning/datasources/datasources.yml:ro - - ./modules/grafana-central/dashboards:/etc/grafana/provisioning/dashboards:ro - - ./modules/grafana-central/logs:/var/log/grafana - networks: - 4nk_network: - ipv4_address: 172.20.0.50 - restart: unless-stopped - depends_on: - - loki.local - - prometheus.local - healthcheck: - test: ["CMD", "wget", "--quiet", "--tries=1", "--timeout=5", "--spider", "http://localhost:3000/api/health"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 40s - - nginx-proxy.local: - <<: *x-4nk-extra-hosts - image: nginx:alpine - container_name: nginx-proxy.local - hostname: nginx-proxy.local - ports: - - "443:443" - volumes: - - ./modules/nginx-proxy/conf/nginx.conf:/etc/nginx/nginx.conf:ro - - ./modules/nginx-proxy/certs/local.crt:/etc/nginx/certs/local.crt:ro - - ./modules/nginx-proxy/certs/local.key:/etc/nginx/certs/local.key:ro - - ./modules/nginx-proxy/logs:/var/log/nginx - networks: - 4nk_network: - ipv4_address: 172.20.0.60 - restart: unless-stopped - - 4nk-ia-front.local: - <<: *x-4nk-extra-hosts - image: git.4nkweb.com/4nk/4nk-ia-front:dev - container_name: 4nk-ia-front.local - hostname: 4nk-ia-front.local - volumes: - - ./projects/4NK_IA_front/logs:/logs - networks: - 4nk_projects_net: - ipv4_address: 172.21.0.10 - restart: unless-stopped - -volumes: - grafana_central_data: - loki_data: - prometheus_data: +# Networks networks: - 4nk_network: + modules.4nk-local: driver: bridge ipam: config: - - subnet: 172.20.0.0/16 - gateway: 172.20.0.1 - 4nk_projects_net: + - subnet: 172.30.0.0/16 + gateway: 172.30.0.1 + sdk-relay.modules.4nk-local: driver: bridge ipam: config: - - subnet: 172.21.0.0/16 - gateway: 172.21.0.1 + - subnet: 172.30.1.0/16 + gateway: 172.30.1.1 + ia.modules.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.30.2.0/16 + gateway: 172.30.2.1 + grafana.modules.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.30.3.0/16 + gateway: 172.30.3.1 + data.modules.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.30.4.0/16 + gateway: 172.30.4.1 + client.modules.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.30.5.0/16 + gateway: 172.30.5.1 + lecoffre.projects.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.31.0.0/16 + gateway: 172.31.0.1 diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md index e309410b..48a006f9 100644 --- a/docs/ARCHITECTURE.md +++ b/docs/ARCHITECTURE.md @@ -19,7 +19,7 @@ Cette page décrit l’architecture fonctionnelle et technique de `4NK_node`, un ### Réseaux et adresses -- Réseau principal : `4nk_network` en 172.20.0.0/16, IP statiques et hostnames Docker en `.4nk.local`. +- Réseau principal : `4nk_network` en 172.20.0.0/16, IP statiques et hostnames Docker en `.4nk.4nk-local`. - Réseau projets : `4nk_projects_net` en 172.21.0.0/16 (réservé, non attaché par défaut). ### Flux et dépendances @@ -64,5 +64,5 @@ Cette politique s’aligne avec la stratégie locale : les tags `:dev` sont uti ### Décisions et implications - Exécution locale possible de Nginx et Grafana conformément à `USAGE.md` : ne pas modifier les fichiers de configuration, mais documenter les points d’intégration et de provisioning. -- Réservation d’IP statiques et de hostnames `.4nk.local` : simplifie le routage et la documentation réseau. +- Réservation d’IP statiques et de hostnames `.4nk.4nk-local` : simplifie le routage et la documentation réseau. - Pas de workflow CI pour l’instant : les validations (tests/documentation) sont manuelles et locales. diff --git a/docs/BITCOIN_TROUBLESHOOTING.md b/docs/BITCOIN_TROUBLESHOOTING.md index 92f9564c..38f26435 100644 --- a/docs/BITCOIN_TROUBLESHOOTING.md +++ b/docs/BITCOIN_TROUBLESHOOTING.md @@ -33,8 +33,8 @@ sudo chown -R 101:101 modules/bitcoin/data/wallets ```ini [signet] listen=1 -bind=bitcoin.local:38333 -rpcbind=bitcoin.local:18443 +bind=bitcoin.modules.4nk-local:38333 +rpcbind=bitcoin.modules.4nk-local:18443 rpcport=18443 fallbackfee=0.0001 blockfilterindex=1 @@ -53,12 +53,12 @@ addnode=tlv2yqamflv22vfdzy2hha2nwmt6zrwrhjjzz4lx7qyq7lyc6wfhabyd.onion ### 4. Dépendances Docker Compose -**Problème** : Service `blindbit-oracle` dépendait de `bitcoin.local` au lieu de `bitcoin`. +**Problème** : Service `blindbit-oracle` dépendait de `bitcoin.modules.4nk-local` au lieu de `bitcoin`. **Solution appliquée** : ```yaml depends_on: - - bitcoin # au lieu de bitcoin.local + - bitcoin # au lieu de bitcoin.modules.4nk-local ``` ### 5. Configuration réseau Docker @@ -89,8 +89,8 @@ networks: - ✅ **miniback-postgres** : Up ### Services en redémarrage -- ⚠️ **bitcoin.local** : Restarting (1) -- ⚠️ **blindbit-oracle.local** : Restarting (1) +- ⚠️ **bitcoin.modules.4nk-local** : Restarting (1) +- ⚠️ **blindbit-oracle.modules.4nk-local** : Restarting (1) - ⚠️ **4nk-sdk-relay1** : Restarting (1) - ⚠️ **4nk-sdk-relay2** : Restarting (1) - ⚠️ **4nk-sdk-relay3** : Restarting (1) diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md index 2a77914f..fcdc038d 100644 --- a/docs/CONFIGURATION.md +++ b/docs/CONFIGURATION.md @@ -5,23 +5,23 @@ - Sous-réseau: `172.20.0.0/16` - Passerelle: `172.20.0.1` - IPs statiques par service (extrait): - - `tor.local`: 172.20.0.10 - - `bitcoin.local`: 172.20.0.11 - - `blindbit-oracle.local`: 172.20.0.12 - - `sdk-storage.local`: 172.20.0.13 - - `sdk-relay{1,2,3}.local`: 172.20.0.14-16 - - `sdk-signer.local`: 172.20.0.17 - - `ihm-client.local`: 172.20.0.18 - - `grafana-central.local`: 172.20.0.50 - - `loki.local`: 172.20.0.51 - - `prometheus.local`: 172.20.0.52 - - `promtail.local`: 172.20.0.53 + - `tor.modules.4nk-local`: 172.20.0.10 + - `bitcoin.modules.4nk-local`: 172.20.0.11 + - `blindbit-oracle.modules.4nk-local`: 172.20.0.12 + - `sdk-storage.modules.4nk-local`: 172.20.0.13 + - `sdk-relay{1,2,3}.4nk-local`: 172.20.0.14-16 + - `sdk-signer.4nk-local`: 172.20.0.17 + - `ihm.client.modules.4nk-local`: 172.20.0.18 + - `grafana.grafanalocal`: 172.20.0.50 + - `loki.4nk-local`: 172.20.0.51 + - `prometheus.4nk-local`: 172.20.0.52 + - `promtail.4nk-local`: 172.20.0.53 ## DNS local (dnsmasq) - Fichier chargé par le service système: `/etc/dnsmasq.d/4nk_node.conf` (lien symbolique vers `conf/dnsmasq/dnsmasq.conf`). - Port d’écoute: 53. -- Les entrées `address=/.../172.20.x.x` assurent la résolution des hôtes `*.local` du réseau projet. +- Les entrées `address=/.../172.20.x.x` assurent la résolution des hôtes `*.4nk-local` du réseau projet. ## Compose: DNS et extra_hosts @@ -30,13 +30,13 @@ ## Démarrage ordonné et attentes réseau -- `bitcoin.local`: entrypoint attend brièvement la disponibilité réseau/DNS avant de lancer `bitcoind`. -- `blindbit-oracle.local` et `sdk_relay{1,2,3}.local`: entrypoint attend la résolution de `bitcoin.local` et la présence de `/home/bitcoin/.bitcoin/signet/.cookie` avant d’exécuter la commande du service. +- `bitcoin.modules.4nk-local`: entrypoint attend brièvement la disponibilité réseau/DNS avant de lancer `bitcoind`. +- `blindbit-oracle.modules.4nk-local` et `sdk_relay{1,2,3}.4nk-local`: entrypoint attend la résolution de `bitcoin.modules.4nk-local` et la présence de `/home/bitcoin/.bitcoin/signet/.cookie` avant d’exécuter la commande du service. ## Commandes utiles - Redémarrer dnsmasq: `systemctl restart dnsmasq` -- Vérifier une résolution depuis un conteneur: `docker exec tor.local nslookup bitcoin.local 172.20.0.1` +- Vérifier une résolution depuis un conteneur: `docker exec tor.modules.4nk-local nslookup bitcoin.modules.4nk-local 172.20.0.1` ## Configuration des images, réseaux et paramètres @@ -50,7 +50,7 @@ ### Réseaux et adresses -- `4nk_network` : `172.20.0.0/16` avec IP statiques et hostnames `.4nk.local` par service. +- `4nk_network` : `172.20.0.0/16` avec IP statiques et hostnames `.4nk.4nk-local` par service. - `4nk_projects_net` : `172.21.0.0/16` réservé pour des projets additionnels. ### Montages (configuration, données, logs) @@ -111,12 +111,12 @@ Le service `bitcoin-setup` s'exécute automatiquement avant le démarrage de Bit - Liaison RPC et P2P : `rpcbind=0.0.0.0:38332`, `bind=0.0.0.0:38333`. - ZMQ publication : `zmqpubhashblock=tcp://0.0.0.0:29000`, `zmqpubrawtx=tcp://0.0.0.0:29000`. - Dossier wallets : `walletdir=/home/bitcoin/.bitcoin/wallets` (créé automatiquement par le setup). -- Ces paramètres évitent les erreurs de bind/résolution liées à l'hôte `bitcoin.local`. +- Ces paramètres évitent les erreurs de bind/résolution liées à l'hôte `bitcoin.modules.4nk-local`. ### Ports exposés (hôte → conteneur) -- `prometheus.local` : 9092 → 9090 (au lieu de 9091 → 9090 précédemment) -- `sdk-signer.local` : 9093 → 9090 (conflit évité avec 9090 hôte) +- `prometheus.4nk-local` : 9092 → 9090 (au lieu de 9091 → 9090 précédemment) +- `sdk-signer.4nk-local` : 9093 → 9090 (conflit évité avec 9090 hôte) ### Conclusion diff --git a/docs/DNSMASQ_SETUP.md b/docs/DNSMASQ_SETUP.md index 18b627c6..79e0f20c 100644 --- a/docs/DNSMASQ_SETUP.md +++ b/docs/DNSMASQ_SETUP.md @@ -25,18 +25,18 @@ Services Docker (172.20.0.0/16) | Service | Hostname | IP Docker | |---------|----------|-----------| -| tor | `tor.4nk.local` | 172.20.0.10 | -| bitcoin | `bitcoin.4nk.local` | 172.20.0.11 | -| blindbit | `blindbit-core.4nk.local` | 172.20.0.12 | -| sdk_storage | `sdk-storage.4nk.local` | 172.20.0.13 | -| sdk_relay1 | `sdk-relay1.4nk.local` | 172.20.0.14 | -| sdk_relay2 | `sdk-relay2.4nk.local` | 172.20.0.15 | -| sdk_relay3 | `sdk-relay3.4nk.local` | 172.20.0.16 | -| sdk_signer | `sdk-signer.4nk.local` | 172.20.0.17 | -| ihm_client | `ihm-client.4nk.local` | 172.20.0.18 | -| coffre_front | `coffre-front.4nk.local` | 172.20.0.32 | -| coffre_back_mini | `coffre-back-mini.4nk.local` | 172.20.0.33 | -| miniback-postgres | `miniback-postgres.4nk.local` | 172.20.0.30 | +| tor | `tor.4nk.4nk-local` | 172.20.0.10 | +| bitcoin | `bitcoin.4nk.4nk-local` | 172.20.0.11 | +| blindbit | `blindbit-core.4nk.4nk-local` | 172.20.0.12 | +| sdk_storage | `sdk-storage.4nk.4nk-local` | 172.20.0.13 | +| sdk_relay1 | `sdk-relay1.4nk.4nk-local` | 172.20.0.14 | +| sdk_relay2 | `sdk-relay2.4nk.4nk-local` | 172.20.0.15 | +| sdk_relay3 | `sdk-relay3.4nk.4nk-local` | 172.20.0.16 | +| sdk_signer | `sdk-signer.4nk.4nk-local` | 172.20.0.17 | +| ihm_client | `ihm.client.modules.4nk.4nk-local` | 172.20.0.18 | +| coffre_front | `coffre-front.4nk.4nk-local` | 172.20.0.32 | +| coffre_back_mini | `coffre-back-mini.4nk.4nk-local` | 172.20.0.33 | +| miniback-postgres | `miniback-postgres.4nk.4nk-local` | 172.20.0.30 | ## Utilisation @@ -49,11 +49,11 @@ Services Docker (172.20.0.0/16) ### Test de résolution ```bash # Test avec nslookup -nslookup -port=5353 tor.4nk.local 127.0.0.1 -nslookup -port=5353 coffre-front.4nk.local 127.0.0.1 +nslookup -port=5353 tor.4nk.4nk-local 127.0.0.1 +nslookup -port=5353 coffre-front.4nk.4nk-local 127.0.0.1 # Test avec dig -dig @127.0.0.1 -p 5353 bitcoin.4nk.local +dig @127.0.0.1 -p 5353 bitcoin.4nk.4nk-local ``` ### Configuration système (optionnel) @@ -70,7 +70,7 @@ Nginx peut maintenant utiliser les hostnames Docker : ```nginx # Configuration Nginx location /coffre/ { - proxy_pass http://coffre-front.4nk.local:80/; + proxy_pass http://coffre-front.4nk.4nk-local:80/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } diff --git a/docs/MONITORING.md b/docs/MONITORING.md index 408f786f..bacacfd9 100644 --- a/docs/MONITORING.md +++ b/docs/MONITORING.md @@ -8,19 +8,19 @@ Le système de monitoring 4NK utilise une stack complète d'observabilité basé ### Services de monitoring -- **Grafana Central** (`grafana-central.local:3000`) +- **Grafana Central** (`grafana.grafanalocal:3000`) - Tableau de bord central pour visualisation des métriques et logs - - Accès : http://grafana-central.local:3000 (admin/admin) + - Accès : http://grafana.grafanalocal:3000 (admin/admin) -- **Loki** (`loki.local:3100`) +- **Loki** (`loki.4nk-local:3100`) - Système de collecte et d'indexation des logs - Stockage des logs de tous les services 4NK -- **Prometheus** (`prometheus.local:9091`) +- **Prometheus** (`prometheus.4nk-local:9091`) - Collecte et stockage des métriques de performance - Surveillance des services et alertes -- **Promtail** (`promtail.local`) +- **Promtail** (`promtail.4nk-local`) - Agent de collecte des logs - Envoi des logs vers Loki @@ -98,13 +98,13 @@ Le système de monitoring est organisé par module avec des dashboards spécifiq ```bash # Grafana (tableau de bord principal) -http://grafana-central.local:3000 +http://grafana.grafanalocal:3000 # Prometheus (métriques brutes) -http://prometheus.local:9091 +http://prometheus.4nk-local:9091 # Loki (logs bruts) -http://loki.local:3100 +http://loki.4nk-local:3100 ``` ### Requêtes de logs dans Grafana @@ -139,10 +139,10 @@ process_resident_memory_bytes ```bash # Redémarrage complet du monitoring -docker-compose restart loki.local prometheus.local promtail.local grafana-central.local +docker-compose restart loki.4nk-local prometheus.4nk-local promtail.4nk-local grafana.grafanalocal # Redémarrage d'un service spécifique -docker-compose restart loki.local +docker-compose restart loki.4nk-local ``` ### Sauvegarde des données @@ -187,16 +187,16 @@ docker run --rm -v 4nk_node_grafana_central_data:/data -v $(pwd):/backup alpine ```bash # Logs Promtail -docker logs promtail.local +docker logs promtail.4nk-local # Logs Loki -docker logs loki.local +docker logs loki.4nk-local # Logs Prometheus -docker logs prometheus.local +docker logs prometheus.4nk-local # Logs Grafana -docker logs grafana-central.local +docker logs grafana.grafanalocal ``` ## Évolutions futures diff --git a/docs/MONITORING_MODULES.md b/docs/MONITORING_MODULES.md index f3187253..906cc04e 100644 --- a/docs/MONITORING_MODULES.md +++ b/docs/MONITORING_MODULES.md @@ -114,7 +114,7 @@ projects/ ```bash # Créer le dossier si nécessaire mkdir -p modules/[module-name]/grafana/dashboards/ - + # Créer le fichier JSON du dashboard touch modules/[module-name]/grafana/dashboards/[module-name]-monitoring.json ``` @@ -127,7 +127,7 @@ projects/ ```bash # Créer le dossier de destination mkdir -p modules/grafana-central/dashboards/[module-name]/ - + # Copier le dashboard cp modules/[module-name]/grafana/dashboards/[module-name]-monitoring.json \ modules/grafana-central/dashboards/[module-name]/ @@ -135,7 +135,7 @@ projects/ 4. **Redémarrer Grafana Central** : ```bash - docker-compose restart grafana-central.local + docker-compose restart grafana.grafanalocal ``` ### Structure d'un dashboard JSON @@ -201,7 +201,7 @@ projects/ ``` 3. **Redémarrer Grafana Central** : ```bash - docker-compose restart grafana-central.local + docker-compose restart grafana.grafanalocal ``` ### Sauvegarde des dashboards @@ -219,7 +219,7 @@ tar -czf dashboards-backup-$(date +%Y%m%d).tar.gz \ ```bash # Restauration tar -xzf dashboards-backup-YYYYMMDD.tar.gz -docker-compose restart grafana-central.local +docker-compose restart grafana.grafanalocal ``` ## Bonnes pratiques diff --git a/docs/NETWORK.md b/docs/NETWORK.md index 3ddf871b..eaa0c449 100644 --- a/docs/NETWORK.md +++ b/docs/NETWORK.md @@ -8,22 +8,22 @@ | Service | Hostname | IP | Ports exposés | Montages conf/data/logs | Nginx (routes) | Dépendances | |---|---|---|---|---|---|---| -| tor | tor.4nk.local | 172.20.0.10 | 9050, 9051 | conf:/etc/tor/torrc(ro), data:/var/lib/tor, logs:/var/log/tor | — | — | -| bitcoin | bitcoin.4nk.local | 172.20.0.11 | 38333, 38332, 29000 | conf:/home/bitcoin/.bitcoin/bitcoin.conf(ro), data:/home/bitcoin/.bitcoin, logs:/home/bitcoin/.bitcoin/logs | — | tor | -| blindbit | blindbit.4nk.local | 172.20.0.12 | 8000 | conf:/blindbit/blindbit.toml(ro), data:/blindbit, logs:/blindbit/logs | /blindbit/ → :8000 | bitcoin | -| sdk_storage | sdk-storage.4nk.local | 172.20.0.13 | 8081 | conf:/usr/local/bin/sdk_storage.conf(ro), logs:/app/logs | /sdk_storage/ → :8081 | blindbit | -| sdk_relay1 | sdk-relay1.4nk.local | 172.20.0.14 | 8090(ws), 8091(http) | conf:/home/bitcoin/.conf(ro), logs:/home/bitcoin/logs | /relay1/, /relay1/ws/ | sdk_storage | -| sdk_relay2 | sdk-relay2.4nk.local | 172.20.0.15 | 8092(ws), 8093(http) | conf:/home/bitcoin/.conf(ro), logs:/home/bitcoin/logs | /relay2/, /relay2/ws/ | sdk_storage | -| sdk_relay3 | sdk-relay3.4nk.local | 172.20.0.16 | 8094(ws), 8095(http) | conf:/home/bitcoin/.conf(ro), logs:/home/bitcoin/logs | /relay3/, /relay3/ws/ | sdk_storage | -| sdk_signer | sdk-signer.4nk.local | 172.20.0.17 | 9090(ws), 9092(http) | conf:/usr/local/bin/sdk_signer.conf(ro), data:/app/data, logs:/usr/src/app/logs | /signer/, /signer/ws/ | sdk_relay1/2/3 | -| ihm_client | ihm-client.4nk.local | 172.20.0.18 | 80, 3003 | logs:/var/log/ihm_client | / (→:80), /coffre/ (→coffre_front:3003) | sdk_signer | -| miniback-postgres | miniback-postgres.4nk.local | 172.20.0.30 | 5432 | data:/var/lib/postgresql/data(volume) | — | — | -| miniback | miniback.4nk.local | 172.20.0.31 | — | logs:/logs, env:.env(ro) | /miniback/ (si HTTP) | miniback-postgres | -| coffre_front | coffre-front.4nk.local | 172.20.0.32 | 3003 | logs:/logs | /coffre/ → :3003 | — | -| coffre_back_mini | coffre-back-mini.4nk.local | 172.20.0.33 | — | — | — | — | -| nginx | nginx.4nk.local | 172.20.0.40 | 80 | conf:/etc/nginx, logs:/var/log/nginx | reverse proxy + /grafana/ | — | -| ollama | ollama.4nk.local | 172.20.0.50 | 11434 | data:/root/.ollama, logs:/var/log/ollama | /ollama/ → :11434 | — | -| anythingllm | anythingllm.4nk.local | 172.20.0.51 | 3001 | conf:/app/config, data:/app/storage, logs:/app/logs | /anythingllm/ → :3001 | ollama | +| tor | tor.4nk.4nk-local | 172.20.0.10 | 9050, 9051 | conf:/etc/tor/torrc(ro), data:/var/lib/tor, logs:/var/log/tor | — | — | +| bitcoin | bitcoin.4nk.4nk-local | 172.20.0.11 | 38333, 38332, 29000 | conf:/home/bitcoin/.bitcoin/bitcoin.conf(ro), data:/home/bitcoin/.bitcoin, logs:/home/bitcoin/.bitcoin/logs | — | tor | +| blindbit | blindbit.4nk.4nk-local | 172.20.0.12 | 8000 | conf:/blindbit/blindbit.toml(ro), data:/blindbit, logs:/blindbit/logs | /blindbit/ → :8000 | bitcoin | +| sdk_storage | sdk-storage.4nk.4nk-local | 172.20.0.13 | 8081 | conf:/usr/local/bin/sdk_storage.conf(ro), logs:/app/logs | /sdk_storage/ → :8081 | blindbit | +| sdk_relay1 | sdk-relay1.4nk.4nk-local | 172.20.0.14 | 8090(ws), 8091(http) | conf:/home/bitcoin/.conf(ro), logs:/home/bitcoin/logs | /relay1/, /relay1/ws/ | sdk_storage | +| sdk_relay2 | sdk-relay2.4nk.4nk-local | 172.20.0.15 | 8092(ws), 8093(http) | conf:/home/bitcoin/.conf(ro), logs:/home/bitcoin/logs | /relay2/, /relay2/ws/ | sdk_storage | +| sdk_relay3 | sdk-relay3.4nk.4nk-local | 172.20.0.16 | 8094(ws), 8095(http) | conf:/home/bitcoin/.conf(ro), logs:/home/bitcoin/logs | /relay3/, /relay3/ws/ | sdk_storage | +| sdk_signer | sdk-signer.4nk.4nk-local | 172.20.0.17 | 9090(ws), 9092(http) | conf:/usr/local/bin/sdk_signer.conf(ro), data:/app/data, logs:/usr/src/app/logs | /signer/, /signer/ws/ | sdk_relay1/2/3 | +| ihm_client | ihm.client.modules.4nk.4nk-local | 172.20.0.18 | 80, 3003 | logs:/var/log/ihm_client | / (→:80), /coffre/ (→coffre_front:3003) | sdk_signer | +| miniback-postgres | miniback-postgres.4nk.4nk-local | 172.20.0.30 | 5432 | data:/var/lib/postgresql/data(volume) | — | — | +| miniback | miniback.4nk.4nk-local | 172.20.0.31 | — | logs:/logs, env:.env(ro) | /miniback/ (si HTTP) | miniback-postgres | +| coffre_front | coffre-front.4nk.4nk-local | 172.20.0.32 | 3003 | logs:/logs | /coffre/ → :3003 | — | +| coffre_back_mini | coffre-back-mini.4nk.4nk-local | 172.20.0.33 | — | — | — | — | +| nginx | nginx.4nk.4nk-local | 172.20.0.40 | 80 | conf:/etc/nginx, logs:/var/log/nginx | reverse proxy + /grafana/ | — | +| ollama | ollama.4nk.4nk-local | 172.20.0.50 | 11434 | data:/root/.ollama, logs:/var/log/ollama | /ollama/ → :11434 | — | +| anythingllm | anythingllm.4nk.4nk-local | 172.20.0.51 | 3001 | conf:/app/config, data:/app/storage, logs:/app/logs | /anythingllm/ → :3001 | ollama | ### Observabilité - Promtail lit: `./log/**/*.log`, `./modules/*/logs/**/*.log`, `./projects/*/*/logs/**/*.log` et pousse vers Loki. @@ -31,9 +31,9 @@ ### Liens entre services (flux réseau et dépendances) - Tor → Bitcoin Core - - Bitcoin utilise Tor comme proxy (`proxy=tor.4nk.local:9050`) et active `listenonion=1`. + - Bitcoin utilise Tor comme proxy (`proxy=tor.4nk.4nk-local:9050`) et active `listenonion=1`. - Bitcoin Core → Blindbit - - Blindbit lit l’endpoint RPC de Bitcoin (`http://bitcoin.4nk.local:38332`) et s’appuie sur ZMQ (`tcp://bitcoin.4nk.local:29000`). + - Blindbit lit l’endpoint RPC de Bitcoin (`http://bitcoin.4nk.4nk-local:38332`) et s’appuie sur ZMQ (`tcp://bitcoin.4nk.4nk-local:29000`). - Blindbit → SDK Storage - SDK Storage consomme les index/infos de Blindbit (config via `sdk_storage.conf`). - SDK Storage → SDK Relays (1/2/3) @@ -48,5 +48,5 @@ - Reverse‑proxy vers: IHM (`/`), Storage (`/sdk_storage/`), Blindbit (`/blindbit/`), Relais (`/relayX/` + `/relayX/ws/`), Signer (`/signer/` + `/signer/ws/`), Coffre (`/coffre/`), Miniback (`/miniback/`), Grafana (`/grafana/`). ### Notes -- Les services internes utilisent des hostnames Docker `.4nk.local` résolus par le DNS du réseau `4nk_network`. +- Les services internes utilisent des hostnames Docker `.4nk.4nk-local` résolus par le DNS du réseau `4nk_network`. - Les tags d’images `:dev` sont en cours de création; voir `docs/CONFIGURATION.md`. \ No newline at end of file