From f44f6cdd4e9e8003f74b495315c27e49433dc53c Mon Sep 17 00:00:00 2001 From: Nicolas Cantu Date: Fri, 12 Sep 2025 14:37:13 +0200 Subject: [PATCH] env: bascule vers env_file par service, suppression redondances, alignement IP/DNS, docs MAJ --- 4nk-local/dnsmasq/conf/dnsmasq.conf.exemple | 69 +++++ .../ihm}/conf/.env.exemple | 0 .../modules/data/minio/conf/.env.exemple | 5 - .../modules/data/neo4j/conf/.env.exemple | 4 - .../modules/data/opensearch/conf/.env.exemple | 4 - .../modules/data/postgres/conf/.env.exemple | 5 - .../modules/data/redis/conf/.env.exemple | 4 - CHANGELOG.md | 6 + conf/dnsmasq/dnsmasq.conf | 68 ----- conf/dnsmasq/dnsmasq.conf.exemple | 23 -- conf/monitoring/grafana.ini | 49 --- conf/nginx/nginx.conf.exemple | 18 -- .../nginx/sites-enabled/4nk_node.conf.exemple | 90 ------ docker-compose.yml | 281 ++++++++++-------- docs/CONFIGURATION.md | 18 ++ 15 files changed, 245 insertions(+), 399 deletions(-) create mode 100644 4nk-local/dnsmasq/conf/dnsmasq.conf.exemple rename 4nk-local/modules/{ihm-client => client/ihm}/conf/.env.exemple (100%) delete mode 100644 4nk-local/modules/data/minio/conf/.env.exemple delete mode 100644 4nk-local/modules/data/neo4j/conf/.env.exemple delete mode 100644 4nk-local/modules/data/opensearch/conf/.env.exemple delete mode 100644 4nk-local/modules/data/postgres/conf/.env.exemple delete mode 100644 4nk-local/modules/data/redis/conf/.env.exemple delete mode 100644 conf/dnsmasq/dnsmasq.conf delete mode 100644 conf/dnsmasq/dnsmasq.conf.exemple delete mode 100644 conf/monitoring/grafana.ini delete mode 100644 conf/nginx/nginx.conf.exemple delete mode 100644 conf/nginx/sites-enabled/4nk_node.conf.exemple diff --git a/4nk-local/dnsmasq/conf/dnsmasq.conf.exemple b/4nk-local/dnsmasq/conf/dnsmasq.conf.exemple new file mode 100644 index 00000000..1e1fa52d --- /dev/null +++ b/4nk-local/dnsmasq/conf/dnsmasq.conf.exemple @@ -0,0 +1,69 @@ +# Configuration DNS pour 4NK_node +# Résolution des domaines .4nk-local vers les conteneurs Docker + +# Interface d'écoute +interface=eth0 +bind-interfaces + +# Port DNS +port=53 + +# Domaine local +domain=4nk-local + +# Résolution des domaines .4nk-local +# dnsmasq.4nk-local (172.30.0.0/16) +address=/dnsmasq.4nk-local/172.30.0.1 + +# Modules (172.31.0.0/16) +address=/tor.modules.4nk-local/172.31.0.10 +address=/bitcoin.modules.4nk-local/172.31.0.11 +address=/blindbit-oracle.modules.4nk-local/172.31.0.12 +address=/sdk-storage.modules.4nk-local/172.31.0.13 +address=/sdk-relay1.modules.4nk-local/172.31.0.14 +address=/sdk-relay2.modules.4nk-local/172.31.0.15 +address=/sdk-relay3.modules.4nk-local/172.31.0.16 +address=/nginx-proxy.modules.4nk-local/172.31.0.60 + +# SDK Relay (172.31.1.0/16) +address=/i1.sdk-relay.modules.4nk-local/172.31.1.11 +address=/i2.sdk-relay.modules.4nk-local/172.31.1.12 +address=/i3.sdk-relay.modules.4nk-local/172.31.1.13 + +# IA Modules (172.31.2.0/16) +address=/ollama.ia.modules.4nk-local/172.31.2.11 +address=/anythingsqlite.ia.modules.4nk-local/172.31.2.12 +address=/host-api.ia.modules.4nk-local/172.31.2.13 +address=/worker.ia.modules.4nk-local/172.31.2.14 + +# Grafana Modules (172.31.3.0/16) +address=/loki.grafana.modules.4nk-local/172.31.3.51 +address=/prometheus.grafana.modules.4nk-local/172.31.3.52 +address=/promtail.grafana.modules.4nk-local/172.31.3.53 +address=/grafana.grafana.modules.4nk-local/172.31.3.50 + +# Data Modules (172.31.4.0/16) +address=/postgres.data.modules.4nk-local/172.31.4.11 +address=/redis.data.modules.4nk-local/172.31.4.12 +address=/minio.data.modules.4nk-local/172.31.4.13 +address=/neo4j.data.modules.4nk-local/172.31.4.14 +address=/opensearch.data.modules.4nk-local/172.31.4.15 + +# Client Modules (172.31.5.0/16) +address=/sdk-signer.client.modules.4nk-local/172.31.5.11 +address=/ihm.client.modules.4nk-local/172.31.5.12 + +# Projects (172.32.0.0/16) +address=/front.lecoffre.projects.4nk-local/172.32.0.32 +address=/back-mini.lecoffre.projects.4nk-local/172.32.0.34 +address=/ia.lecoffre.projects.4nk-local/172.32.0.33 + +# Cache DNS +cache-size=1000 + +# Logs +log-queries +log-dhcp + +# Pas de redirection vers des serveurs externes pour .4nk-local +server=/4nk-local/ diff --git a/4nk-local/modules/ihm-client/conf/.env.exemple b/4nk-local/modules/client/ihm/conf/.env.exemple similarity index 100% rename from 4nk-local/modules/ihm-client/conf/.env.exemple rename to 4nk-local/modules/client/ihm/conf/.env.exemple diff --git a/4nk-local/modules/data/minio/conf/.env.exemple b/4nk-local/modules/data/minio/conf/.env.exemple deleted file mode 100644 index 99a5125c..00000000 --- a/4nk-local/modules/data/minio/conf/.env.exemple +++ /dev/null @@ -1,5 +0,0 @@ -# Configuration MinIO pour 4NK_node -# Copier ce fichier vers .env et modifier les valeurs -MINIO_ROOT_USER=minioadmin -MINIO_ROOT_PASSWORD=minioadmin -MINIO_BUCKET=4nk-ia diff --git a/4nk-local/modules/data/neo4j/conf/.env.exemple b/4nk-local/modules/data/neo4j/conf/.env.exemple deleted file mode 100644 index 5aa9aea8..00000000 --- a/4nk-local/modules/data/neo4j/conf/.env.exemple +++ /dev/null @@ -1,4 +0,0 @@ -# Configuration Neo4j pour 4NK_node -# Copier ce fichier vers .env et modifier les valeurs -NEO4J_AUTH=neo4j/4nkneo4j -NEO4J_PASSWORD=4nkneo4j diff --git a/4nk-local/modules/data/opensearch/conf/.env.exemple b/4nk-local/modules/data/opensearch/conf/.env.exemple deleted file mode 100644 index 0768b8e7..00000000 --- a/4nk-local/modules/data/opensearch/conf/.env.exemple +++ /dev/null @@ -1,4 +0,0 @@ -# Configuration OpenSearch pour 4NK_node -# Copier ce fichier vers .env et modifier les valeurs -OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch2025! -OPENSEARCH_USERNAME=admin diff --git a/4nk-local/modules/data/postgres/conf/.env.exemple b/4nk-local/modules/data/postgres/conf/.env.exemple deleted file mode 100644 index e2c614ba..00000000 --- a/4nk-local/modules/data/postgres/conf/.env.exemple +++ /dev/null @@ -1,5 +0,0 @@ -# Configuration PostgreSQL pour 4NK_node -# Copier ce fichier vers .env et modifier les valeurs -POSTGRES_USER=postgres -POSTGRES_PASSWORD=postgres -POSTGRES_DB=4nk_ia diff --git a/4nk-local/modules/data/redis/conf/.env.exemple b/4nk-local/modules/data/redis/conf/.env.exemple deleted file mode 100644 index 4dd871b2..00000000 --- a/4nk-local/modules/data/redis/conf/.env.exemple +++ /dev/null @@ -1,4 +0,0 @@ -# Configuration Redis pour 4NK_node -# Copier ce fichier vers .env et modifier les valeurs -REDIS_PASSWORD= -REDIS_DB=0 diff --git a/CHANGELOG.md b/CHANGELOG.md index 5256c33b..777a665e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ ## [Unreleased] +### Changed +- Environnements: suppression des variables redondantes dans `docker-compose.yml` au profit de `env_file` par service (`postgres`, `minio`, `neo4j`, `host-api`, `worker`). +- Secrets: remplacement des `${...}` par valeurs explicites dans `docker-compose.yml` pour garantir l’absence d’interpolation au runtime. +- Réseau: alignement complet des IPs et FQDN entre `docker-compose.yml` et `4nk-local/dnsmasq/conf/dnsmasq.conf`. +- DNS: `dnsmasq.4nk-local` rattaché avec IP statique `172.30.0.1` et présent sur tous les réseaux. + ### Changed - Docker: définition explicite de la passerelle `172.20.0.1` pour `4nk_network` et ajout de `dns: 172.20.0.1` pour les services. - Ajout d’un ancrage `x-4nk-extra-hosts` et application à tous les services pour garantir la résolution intra-conteneur. diff --git a/conf/dnsmasq/dnsmasq.conf b/conf/dnsmasq/dnsmasq.conf deleted file mode 100644 index e4446faa..00000000 --- a/conf/dnsmasq/dnsmasq.conf +++ /dev/null @@ -1,68 +0,0 @@ -# Configuration DNS pour 4NK_node -# Résolution des domaines .4nk-local vers les conteneurs Docker - -# Interface d'écoute -interface=docker0 -bind-interfaces - -# Port DNS -port=53 - -# Domaine local -domain=4nk-local - -# Résolution des domaines .4nk-local -# Modules (172.30.0.0/16) -address=/tor.modules.4nk-local/172.30.0.10 -address=/bitcoin.modules.4nk-local/172.30.0.11 -address=/blindbit-oracle.modules.4nk-local/172.30.0.12 -address=/sdk-storage.modules.4nk-local/172.30.0.13 -address=/sdk-relay1.modules.4nk-local/172.30.0.14 -address=/sdk-relay2.modules.4nk-local/172.30.0.15 -address=/sdk-relay3.modules.4nk-local/172.30.0.16 -address=/sdk-signer.modules.4nk-local/172.30.0.17 -address=/ihm.client.modules.4nk-local/172.30.0.18 -address=/nginx-proxy.modules.4nk-local/172.30.0.60 - -# SDK Relay (172.30.1.0/16) -address=/i1.sdk-relay.modules.4nk-local/172.30.1.11 -address=/i2.sdk-relay.modules.4nk-local/172.30.1.12 -address=/i3.sdk-relay.modules.4nk-local/172.30.1.13 - -# IA Modules (172.30.2.0/16) -address=/ollama.ia.modules.4nk-local/172.30.2.11 -address=/anythingsqlite.ia.modules.4nk-local/172.30.2.12 -address=/host-api.ia.modules.4nk-local/172.30.2.13 -address=/worker.ia.modules.4nk-local/172.30.2.14 - -# Grafana Modules (172.30.3.0/16) -address=/loki.grafana.modules.4nk-local/172.30.3.51 -address=/prometheus.grafana.modules.4nk-local/172.30.3.52 -address=/promtail.grafana.modules.4nk-local/172.30.3.53 -address=/grafana.grafana.modules.4nk-local/172.30.3.50 - -# Data Modules (172.30.4.0/16) -address=/postgres.data.modules.4nk-local/172.30.4.11 -address=/redis.data.modules.4nk-local/172.30.4.12 -address=/minio.data.modules.4nk-local/172.30.4.13 -address=/neo4j.data.modules.4nk-local/172.30.4.14 -address=/opensearch.data.modules.4nk-local/172.30.4.15 - -# Client Modules (172.30.5.0/16) -address=/sdk-signer.client.modules.4nk-local/172.30.5.11 -address=/ihm.client.modules.4nk-local/172.30.5.12 - -# LeCoffre Projects (172.31.0.0/16) -address=/front.lecoffre.projects.4nk-local/172.31.0.32 -address=/back-mini.lecoffre.projects.4nk-local/172.31.0.34 -address=/ia.lecoffre.projects.4nk-local/172.31.0.33 - -# Cache DNS -cache-size=1000 - -# Logs -log-queries -log-dhcp - -# Pas de redirection vers des serveurs externes pour .4nk-local -server=/4nk-local/ diff --git a/conf/dnsmasq/dnsmasq.conf.exemple b/conf/dnsmasq/dnsmasq.conf.exemple deleted file mode 100644 index e11f526b..00000000 --- a/conf/dnsmasq/dnsmasq.conf.exemple +++ /dev/null @@ -1,23 +0,0 @@ -# dnsmasq config for 4NK - listens on all interfaces:53 -no-dhcp-interface= -port=53 -interface=* -bind-interfaces -log-queries - -# 4NK Docker hosts -address=/tor.modules.4nk-local/172.20.0.10 -address=/bitcoin.modules.4nk-local/172.20.0.11 -address=/blindbit-oracle.modules.4nk-local/172.20.0.12 -address=/sdk-storage.modules.4nk-local/172.20.0.13 -address=/i1.sdk-relay.4nk-local/172.20.0.14 -address=/i2.sdk-relay.4nk-local/172.20.0.15 -address=/i3.sdk-relay.4nk-local/172.20.0.16 -address=/sdk-signer.4nk-local/172.20.0.17 -address=/ihm.client.modules.4nk-local/172.20.0.18 -address=/coffre-front.4nk-local/172.20.0.32 -address=/coffre-back-mini.4nk-local/172.20.0.33 -address=/grafana.grafanalocal/172.20.0.50 -address=/loki.4nk-local/172.20.0.51 -address=/prometheus.4nk-local/172.20.0.52 -address=/promtail.4nk-local/172.20.0.53 diff --git a/conf/monitoring/grafana.ini b/conf/monitoring/grafana.ini deleted file mode 100644 index 2311d658..00000000 --- a/conf/monitoring/grafana.ini +++ /dev/null @@ -1,49 +0,0 @@ -[paths] -data = /var/lib/grafana/data -logs = /var/lib/grafana/logs -plugins = /var/lib/grafana/plugins -provisioning = /etc/grafana/provisioning - -[server] -http_port = 3000 -http_addr = 0.0.0.0 -root_url = http://grafana.grafanalocal:3000/ -serve_from_sub_path = false - -[database] -type = sqlite3 -path = grafana.db - -[security] -admin_user = admin -admin_password = admin -secret_key = SW2YcwTIb9zpOOhoPsMm - -[users] -allow_sign_up = false -auto_assign_org = true -auto_assign_org_role = Viewer - -[log] -mode = console -level = info - -[alerting] -enabled = true - -[explore] -enabled = true - -[panels] -disable_sanitize_html = false - -[plugins] -enable_alpha = false -app_tls_skip_verify_insecure = false - -[auth] -disable_login_form = false -disable_signout_menu = false - -[auth.anonymous] -enabled = false diff --git a/conf/nginx/nginx.conf.exemple b/conf/nginx/nginx.conf.exemple deleted file mode 100644 index 5a2731e0..00000000 --- a/conf/nginx/nginx.conf.exemple +++ /dev/null @@ -1,18 +0,0 @@ -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - - # Logs Nginx locaux (facultatif, peut être redirigé ailleurs) - access_log /var/log/nginx/4nk_node.access.log; - error_log /var/log/nginx/4nk_node.error.log; - - include /etc/nginx/sites-enabled/*.conf; -} diff --git a/conf/nginx/sites-enabled/4nk_node.conf.exemple b/conf/nginx/sites-enabled/4nk_node.conf.exemple deleted file mode 100644 index 44bca24a..00000000 --- a/conf/nginx/sites-enabled/4nk_node.conf.exemple +++ /dev/null @@ -1,90 +0,0 @@ -server { - listen 80 default_server; - server_name _; - - # Format de logs dédié Grafana/Promtail - access_log /var/log/nginx/4nk_node.access.log; - error_log /var/log/nginx/4nk_node.error.log; - - # ihm_client (HTTP) - location / { - proxy_pass http://ihm.client.modules.4nk.4nk-local:80/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # sdk_storage - location /sdk_storage/ { - proxy_pass http://sdk-storage.4nk.4nk-local:8081/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # blindbit - location /blindbit/ { - proxy_pass http://blindbit.4nk.4nk-local:8000/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # relais (HTTP API) - location /relay1/ { proxy_pass http://sdk-relay1.4nk.4nk-local:8091/; } - location /relay2/ { proxy_pass http://sdk-relay2.4nk.4nk-local:8093/; } - location /relay3/ { proxy_pass http://sdk-relay3.4nk.4nk-local:8095/; } - - # relais (WebSocket) - location /relay1/ws/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_pass http://sdk-relay1.4nk.4nk-local:8090/; - } - location /relay2/ws/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_pass http://sdk-relay2.4nk.4nk-local:8092/; - } - location /relay3/ws/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_pass http://sdk-relay3.4nk.4nk-local:8094/; - } - - # sdk_signer (WS et HTTP si exposés sur 9090/9092) - location /signer/ws/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_pass http://sdk-signer.4nk.4nk-local:9090/; - } - location /signer/ { - proxy_pass http://sdk-signer.4nk.4nk-local:9092/; - } - - # lecoffre-front - location /coffre/ { - proxy_pass http://coffre-front.4nk.4nk-local:3003/; - } - - # miniback (expose /logs si nécessaire) - location /miniback/ { - proxy_pass http://miniback.4nk.4nk-local:8081/; - } - - # Grafana (sous-chemin /grafana) - location /grafana/ { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://127.0.0.1:3000/; - } -} diff --git a/docker-compose.yml b/docker-compose.yml index 8a071e52..278c494f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,50 +2,76 @@ version: '3.8' x-4nk-extra-hosts: &x-4nk-extra-hosts extra_hosts: - # modules.4nk-local (172.30.0.0/16) - - "tor.modules.4nk-local:172.30.0.10" - - "bitcoin.modules.4nk-local:172.30.0.11" - - "blindbit-oracle.modules.4nk-local:172.30.0.12" - - "sdk-storage.modules.4nk-local:172.30.0.13" - - "sdk-relay1.modules.4nk-local:172.30.0.14" - - "sdk-relay2.modules.4nk-local:172.30.0.15" - - "sdk-relay3.modules.4nk-local:172.30.0.16" - - "sdk-signer.modules.4nk-local:172.30.0.17" - - "nginx-proxy.modules.4nk-local:172.30.0.60" + # 4nk-local (172.30.0.0/16) + - "dnsmasq.4nk-local:172.30.0.1" - # sdk-relay.modules.4nk-local (172.30.1.0/16) - - "i1.sdk-relay.modules.4nk-local:172.30.1.11" - - "i2.sdk-relay.modules.4nk-local:172.30.1.12" - - "i3.sdk-relay.modules.4nk-local:172.30.1.13" + # modules.4nk-local (172.31.0.0/16) + - "tor.modules.4nk-local:172.31.0.10" + - "bitcoin.modules.4nk-local:172.31.0.11" + - "blindbit-oracle.modules.4nk-local:172.31.0.12" + - "sdk-storage.modules.4nk-local:172.31.0.13" + - "sdk-relay1.modules.4nk-local:172.31.0.14" + - "sdk-relay2.modules.4nk-local:172.31.0.15" + - "sdk-relay3.modules.4nk-local:172.31.0.16" + - "nginx-proxy.modules.4nk-local:172.31.0.60" - # ia.modules.4nk-local (172.30.2.0/16) - - "ollama.ia.modules.4nk-local:172.30.2.11" - - "anythingsqlite.ia.modules.4nk-local:172.30.2.12" - - "host-api.ia.modules.4nk-local:172.30.2.13" - - "worker.ia.modules.4nk-local:172.30.2.14" + # sdk-relay.modules.4nk-local (172.31.1.0/16) + - "i1.sdk-relay.modules.4nk-local:172.31.1.11" + - "i2.sdk-relay.modules.4nk-local:172.31.1.12" + - "i3.sdk-relay.modules.4nk-local:172.31.1.13" - # grafana.modules.4nk-local (172.30.3.0/16) - - "loki.grafana.modules.4nk-local:172.30.3.51" - - "prometheus.grafana.modules.4nk-local:172.30.3.52" - - "promtail.grafana.modules.4nk-local:172.30.3.53" - - "grafana.grafana.modules.4nk-local:172.30.3.50" + # ia.modules.4nk-local (172.31.2.0/16) + - "ollama.ia.modules.4nk-local:172.31.2.11" + - "anythingsqlite.ia.modules.4nk-local:172.31.2.12" + - "host-api.ia.modules.4nk-local:172.31.2.13" + - "worker.ia.modules.4nk-local:172.31.2.14" - # data.modules.4nk-local (172.30.4.0/16) - - "postgres.data.modules.4nk-local:172.30.4.11" - - "redis.data.modules.4nk-local:172.30.4.12" - - "minio.data.modules.4nk-local:172.30.4.13" - - "neo4j.data.modules.4nk-local:172.30.4.14" - - "opensearch.data.modules.4nk-local:172.30.4.15" + # grafana.modules.4nk-local (172.31.3.0/16) + - "loki.grafana.modules.4nk-local:172.31.3.51" + - "prometheus.grafana.modules.4nk-local:172.31.3.52" + - "promtail.grafana.modules.4nk-local:172.31.3.53" + - "grafana.grafana.modules.4nk-local:172.31.3.50" - # client.modules.4nk-local (172.30.5.0/16) - - "sdk-signer.client.modules.4nk-local:172.30.5.11" + # data.modules.4nk-local (172.31.4.0/16) + - "postgres.data.modules.4nk-local:172.31.4.11" + - "redis.data.modules.4nk-local:172.31.4.12" + - "minio.data.modules.4nk-local:172.31.4.13" + - "neo4j.data.modules.4nk-local:172.31.4.14" + - "opensearch.data.modules.4nk-local:172.31.4.15" + + # client.modules.4nk-local (172.31.5.0/16) + - "sdk-signer.client.modules.4nk-local:172.31.5.11" - "ihm.client.modules.4nk-local:172.31.5.12" - # lecoffre.projects.4nk-local (172.31.0.0/16) - - "front.lecoffre.projects.4nk-local:172.31.0.32" - - "back-mini.lecoffre.projects.4nk-local:172.31.0.34" - - "ia.lecoffre.projects.4nk-local:172.31.0.33" + # projects.4nk-local (172.31.6.0/16) + - "front.lecoffre.projects.4nk-local:172.31.6.32" + - "back-mini.lecoffre.projects.4nk-local:172.31.6.34" + - "ia.lecoffre.projects.4nk-local:172.31.6.33" services: +# ==================== DNS ==================== + + dnsmasq.4nk-local: + image: andyshinn/dnsmasq:2.78 + container_name: dnsmasq.4nk-local + hostname: dnsmasq.4nk-local + ports: + - "5354:53/udp" + - "5354:53/tcp" + volumes: + - ./4nk-local/dnsmasq/conf/dnsmasq.conf:/etc/dnsmasq.conf:ro + networks: + dnsmasq.4nk-local: + ipv4_address: 172.30.0.1 + modules.4nk-local: + sdk-relay.modules.4nk-local: + ia.modules.4nk-local: + grafana.modules.4nk-local: + data.modules.4nk-local: + client.modules.4nk-local: + lecoffre.projects.4nk-local: + restart: unless-stopped + privileged: true + # ==================== MODULES > DATA ==================== postgres.data.modules.4nk-local: @@ -53,24 +79,22 @@ services: image: postgres:16 container_name: 4nk-ia-postgres.4nk-local hostname: 4nk-ia-postgres.4nk-local - environment: - POSTGRES_USER: ${POSTGRES_USER} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - POSTGRES_DB: ${POSTGRES_DB} + env_file: + - ./4nk-local/modules/data/postgres/conf/.env volumes: - ./4nk-local/modules/data/postgres/data:/var/lib/postgresql/data - ./4nk-local/modules/data/postgres/logs:/var/log/postgresql ports: - "5432:5432" healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] + test: ["CMD-SHELL", "pg_isready -U postgres -d 4nk_db"] interval: 10s timeout: 5s retries: 5 restart: unless-stopped networks: data.modules.4nk-local: - ipv4_address: 172.30.4.11 + ipv4_address: 172.31.4.11 redis.data.modules.4nk-local: <<: *x-4nk-extra-hosts @@ -86,7 +110,7 @@ services: restart: unless-stopped networks: data.modules.4nk-local: - ipv4_address: 172.30.4.12 + ipv4_address: 172.31.4.12 minio.data.modules.4nk-local: <<: *x-4nk-extra-hosts @@ -94,9 +118,8 @@ services: container_name: minio.data.modules.4nk-local hostname: minio.data.modules.4nk-local command: server /data --console-address ":9001" - environment: - MINIO_ROOT_USER: ${MINIO_ROOT_USER} - MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} + env_file: + - ./4nk-local/modules/data/minio/conf/.env volumes: - ./4nk-local/modules/data/minio/data:/data - ./4nk-local/modules/data/minio/logs:/var/log/minio @@ -106,15 +129,15 @@ services: restart: unless-stopped networks: data.modules.4nk-local: - ipv4_address: 172.30.4.13 + ipv4_address: 172.31.4.13 neo4j.data.modules.4nk-local: <<: *x-4nk-extra-hosts image: neo4j:5 container_name: neo4j.data.modules.4nk-local hostname: neo4j.data.modules.4nk-local - environment: - - NEO4J_AUTH=${NEO4J_AUTH} + env_file: + - ./4nk-local/modules/data/neo4j/conf/.env volumes: - ./4nk-local/modules/data/neo4j/data:/data - ./4nk-local/modules/data/neo4j/logs:/var/log/neo4j @@ -124,7 +147,7 @@ services: restart: unless-stopped networks: data.modules.4nk-local: - ipv4_address: 172.30.4.14 + ipv4_address: 172.31.4.14 opensearch.data.modules.4nk-local: <<: *x-4nk-extra-hosts @@ -146,7 +169,7 @@ services: restart: unless-stopped networks: data.modules.4nk-local: - ipv4_address: 172.30.4.15 + ipv4_address: 172.31.4.15 # ==================== MODULES ==================== @@ -160,7 +183,7 @@ services: - "9051:9051" networks: modules.4nk-local: - ipv4_address: 172.30.0.10 + ipv4_address: 172.31.0.10 restart: unless-stopped bitcoin.modules.4nk-local: @@ -178,7 +201,7 @@ services: - ./4nk-local/modules/bitcoin/logs:/home/bitcoin/.bitcoin/logs networks: modules.4nk-local: - ipv4_address: 172.30.0.11 + ipv4_address: 172.31.0.11 restart: unless-stopped depends_on: - tor.modules.4nk-local @@ -201,7 +224,7 @@ services: - ./modules/bitcoin/data:/home/bitcoin/.bitcoin:ro networks: modules.4nk-local: - ipv4_address: 172.30.0.12 + ipv4_address: 172.31.0.12 restart: unless-stopped depends_on: - bitcoin.modules.4nk-local @@ -238,7 +261,7 @@ services: - ./4nk-local/modules/sdk-storage/logs:/app/logs networks: modules.4nk-local: - ipv4_address: 172.30.0.13 + ipv4_address: 172.31.0.13 restart: unless-stopped healthcheck: test: [ "CMD", "wget", "--quiet", "--tries=1", "--timeout=5", "--spider", "http://localhost:8080" ] @@ -271,7 +294,7 @@ services: working_dir: /home/bitcoin networks: sdk-relay.modules.4nk-local: - ipv4_address: 172.30.1.11 + ipv4_address: 172.31.1.11 restart: unless-stopped depends_on: - blindbit-oracle.modules.4nk-local @@ -304,7 +327,7 @@ services: working_dir: /home/bitcoin networks: sdk-relay.modules.4nk-local: - ipv4_address: 172.30.1.12 + ipv4_address: 172.31.1.12 restart: unless-stopped depends_on: - blindbit-oracle.modules.4nk-local @@ -337,7 +360,7 @@ services: working_dir: /home/bitcoin networks: sdk-relay.modules.4nk-local: - ipv4_address: 172.30.1.13 + ipv4_address: 172.31.1.13 restart: unless-stopped depends_on: - blindbit-oracle.modules.4nk-local @@ -358,12 +381,12 @@ services: ports: - "9093:9090" volumes: - - ./4nk-local/modules/sdk-signer/conf/sdk_signer.conf:/usr/local/bin/sdk_signer.conf:ro - - ./4nk-local/modules/sdk-signer/data:/app/data - - ./4nk-local/modules/sdk-signer/logs:/usr/src/app/logs + - ./4nk-local/modules/client/sdk-signer/conf/sdk_signer.conf:/usr/local/bin/sdk_signer.conf:ro + - ./4nk-local/modules/client/sdk-signer/data:/app/data + - ./4nk-local/modules/client/sdk-signer/logs:/usr/src/app/logs networks: client.modules.4nk-local: - ipv4_address: 172.30.5.11 + ipv4_address: 172.31.5.11 restart: unless-stopped depends_on: - sdk-storage.modules.4nk-local @@ -386,8 +409,8 @@ services: - "8080:80" - "3003:3003" volumes: - - ./4nk-local/modules/ihm-client/logs:/var/log/ihm_client - - ./4nk-local/modules/ihm-client/conf/.env:/app/.env:ro + - ./4nk-local/modules/client/ihm/logs:/var/log/ihm_client + - ./4nk-local/modules/client/ihm/conf/.env:/app/.env:ro networks: client.modules.4nk-local: ipv4_address: 172.31.5.12 @@ -429,7 +452,7 @@ services: profiles: ["production", "development"] networks: ia.modules.4nk-local: - ipv4_address: 172.30.2.11 + ipv4_address: 172.31.2.11 anythingsqlite.ia.modules.4nk-local: <<: *x-4nk-extra-hosts @@ -450,7 +473,7 @@ services: profiles: ["production", "development"] networks: ia.modules.4nk-local: - ipv4_address: 172.30.2.12 + ipv4_address: 172.31.2.12 host-api.ia.modules.4nk-local: <<: *x-4nk-extra-hosts @@ -462,30 +485,28 @@ services: labels: - logging=promtail - project=4nk_ia_back - env_file: ./.env + env_file: + - ./4nk-local/modules/ia/host-api/conf/.env environment: - POSTGRES_USER: ${POSTGRES_USER:-postgres} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres} - POSTGRES_DB: ${POSTGRES_DB:-4nk_ia} DATABASE_URL: postgresql+psycopg://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres.data.modules.4nk-local:5432/$POSTGRES_DB REDIS_URL: redis://redis.data.modules.4nk-local:6379/0 MINIO_ENDPOINT: 4nk-ia-minio.4nk-local:9000 - MINIO_BUCKET: ${MINIO_BUCKET} + MINIO_BUCKET: 4nk-bucket ANYLLM_BASE_URL: http://4nk-ia-anythingllm.4nk-local:3001 - ANYLLM_API_KEY: ${ANYLLM_API_KEY} + ANYLLM_API_KEY: dummy_key OLLAMA_BASE_URL: http://4nk-ia-ollama.4nk-local:11434 OPENSEARCH_URL: http://4nk-ia-opensearch.4nk-local:9200 NEO4J_URL: bolt://4nk-ia-neo4j.4nk-local:7687 - NEO4J_AUTH: ${NEO4J_AUTH} + NEO4J_AUTH: neo4j/neo4j # Configuration de l'API API_HOST: 0.0.0.0 API_PORT: 8000 API_WORKERS: 4 - LOG_LEVEL: ${LOG_LEVEL:-INFO} - LOG_FORMAT: ${LOG_FORMAT:-json} + LOG_LEVEL: INFO + LOG_FORMAT: json # Sécurité - SECRET_KEY: ${SECRET_KEY:-your_secret_key_here} - ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-30} + SECRET_KEY: your_secret_key_here + ACCESS_TOKEN_EXPIRE_MINUTES: 30 volumes: - ./4nk-local/modules/ia/host-api/data:/app - ./4nk-local/modules/ia/host-api/logs:/app/logs @@ -507,7 +528,7 @@ services: restart: unless-stopped networks: ia.modules.4nk-local: - ipv4_address: 172.30.2.13 + ipv4_address: 172.31.2.13 worker.ia.modules.4nk-local: <<: *x-4nk-extra-hosts @@ -519,21 +540,19 @@ services: labels: - logging=promtail - project=4nk_ia_back - env_file: ./.env + env_file: + - ./4nk-local/modules/ia/worker/conf/.env environment: - POSTGRES_USER: ${POSTGRES_USER:-postgres} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres} - POSTGRES_DB: ${POSTGRES_DB:-4nk_ia} DATABASE_URL: postgresql+psycopg://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres.data.modules.4nk-local:5432/$POSTGRES_DB REDIS_URL: redis://redis.data.modules.4nk-local:6379/0 MINIO_ENDPOINT: 4nk-ia-minio.4nk-local:9000 - MINIO_BUCKET: ${MINIO_BUCKET} + MINIO_BUCKET: 4nk-bucket ANYLLM_BASE_URL: http://4nk-ia-anythingllm.4nk-local:3001 - ANYLLM_API_KEY: ${ANYLLM_API_KEY} + ANYLLM_API_KEY: dummy_key OLLAMA_BASE_URL: http://4nk-ia-ollama.4nk-local:11434 OPENSEARCH_URL: http://4nk-ia-opensearch.4nk-local:9200 NEO4J_URL: bolt://4nk-ia-neo4j.4nk-local:7687 - NEO4J_AUTH: ${NEO4J_AUTH} + NEO4J_AUTH: neo4j/neo4j volumes: - ./4nk-local/modules/ia/worker/data:/app - ./4nk-local/modules/ia/worker/logs:/app/logs @@ -543,7 +562,7 @@ services: profiles: ["production"] networks: ia.modules.4nk-local: - ipv4_address: 172.30.2.14 + ipv4_address: 172.31.2.14 # ==================== MODULES >GRAFANA ==================== @@ -561,7 +580,7 @@ services: - ./4nk-local/modules/grafana/loki/logs:/var/log/loki networks: grafana.modules.4nk-local: - ipv4_address: 172.30.3.51 + ipv4_address: 172.31.3.51 restart: unless-stopped prometheus.grafana.modules.4nk-local: @@ -584,7 +603,7 @@ services: - ./4nk-local/modules/grafana/prometheus/logs:/var/log/prometheus networks: grafana.modules.4nk-local: - ipv4_address: 172.30.3.52 + ipv4_address: 172.31.3.52 restart: unless-stopped promtail.grafana.modules.4nk-local: @@ -603,7 +622,7 @@ services: - ./4nk-local/modules/grafana/grafana/logs:/workspace/logs:ro networks: grafana.modules.4nk-local: - ipv4_address: 172.30.3.53 + ipv4_address: 172.31.3.53 restart: unless-stopped depends_on: - loki.grafana.modules.4nk-local @@ -628,7 +647,7 @@ services: - ./4nk-local/modules/grafana/grafana/logs:/var/log/grafana networks: grafana.modules.4nk-local: - ipv4_address: 172.30.3.50 + ipv4_address: 172.31.3.50 restart: unless-stopped depends_on: - loki.grafana.modules.4nk-local @@ -656,7 +675,7 @@ services: - ./4nk-local/modules/nginx-proxy/logs:/var/log/nginx networks: modules.4nk-local: - ipv4_address: 172.30.0.60 + ipv4_address: 172.31.0.60 restart: unless-stopped # ==================== PROJECTS > LECOFFRE ==================== @@ -671,7 +690,7 @@ services: - ./4nk-local/projects/lecoffre/front/conf/.env.4nk-local:/leCoffre-front/.env.4nk-local:ro networks: lecoffre.projects.4nk-local: - ipv4_address: 172.31.0.32 + ipv4_address: 172.31.6.32 restart: unless-stopped depends_on: - back-mini.lecoffre.projects.4nk-local @@ -698,9 +717,9 @@ services: - ./4nk-local/projects/lecoffre/ia/logs:/logs networks: lecoffre.projects.4nk-local: - ipv4_address: 172.31.0.33 + ipv4_address: 172.31.6.33 ia.modules.4nk-local: - ipv4_address: 172.30.2.15 + ipv4_address: 172.31.2.15 restart: unless-stopped depends_on: - host-api.ia.modules.4nk-local @@ -714,7 +733,7 @@ services: - ./4nk-local/projects/lecoffre/back-mini/conf/.env:/app/.env:ro networks: lecoffre.projects.4nk-local: - ipv4_address: 172.31.0.34 + ipv4_address: 172.31.6.34 restart: unless-stopped environment: - OVH_SMS_SERVICE_NAME=sms-tt802880-1 @@ -745,50 +764,54 @@ services: - DB_PASSWORD=minibackpassword - LOG_LEVEL=debug - - # Networks networks: - modules.4nk-local: + dnsmasq.4nk-local: driver: bridge ipam: config: - subnet: 172.30.0.0/16 gateway: 172.30.0.1 - sdk-relay.modules.4nk-local: - driver: bridge - ipam: - config: - - subnet: 172.30.1.0/16 - gateway: 172.30.1.1 - ia.modules.4nk-local: - driver: bridge - ipam: - config: - - subnet: 172.30.2.0/16 - gateway: 172.30.2.1 - grafana.modules.4nk-local: - driver: bridge - ipam: - config: - - subnet: 172.30.3.0/16 - gateway: 172.30.3.1 - data.modules.4nk-local: - driver: bridge - ipam: - config: - - subnet: 172.30.4.0/16 - gateway: 172.30.4.1 - client.modules.4nk-local: - driver: bridge - ipam: - config: - - subnet: 172.30.5.0/16 - gateway: 172.30.5.1 - lecoffre.projects.4nk-local: + modules.4nk-local: driver: bridge ipam: config: - subnet: 172.31.0.0/16 gateway: 172.31.0.1 + sdk-relay.modules.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.31.1.0/16 + gateway: 172.31.1.1 + ia.modules.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.31.2.0/16 + gateway: 172.31.2.1 + grafana.modules.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.31.3.0/16 + gateway: 172.31.3.1 + data.modules.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.31.4.0/16 + gateway: 172.31.4.1 + client.modules.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.31.5.0/16 + gateway: 172.31.5.1 + lecoffre.projects.4nk-local: + driver: bridge + ipam: + config: + - subnet: 172.31.6.0/16 + gateway: 172.31.6.1 diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md index fcdc038d..c722e759 100644 --- a/docs/CONFIGURATION.md +++ b/docs/CONFIGURATION.md @@ -1,5 +1,23 @@ # Configuration réseau et résolution de noms (4NK_node) +> Mise à jour (réseaux et variables d’environnement) +> +> - DNS central: `dnsmasq.4nk-local` avec IP statique `172.30.0.1`. +> - Segmentation réseaux Docker: +> - `modules.4nk-local`: 172.31.0.0/16 +> - `sdk-relay.modules.4nk-local`: 172.31.1.0/16 +> - `ia.modules.4nk-local`: 172.31.2.0/16 +> - `grafana.modules.4nk-local`: 172.31.3.0/16 +> - `data.modules.4nk-local`: 172.31.4.0/16 +> - `client.modules.4nk-local`: 172.31.5.0/16 +> - `lecoffre.projects.4nk-local`: 172.31.6.0/16 +> - Résolution FQDN vers IP alignée entre `docker-compose.yml` (extra_hosts) et `4nk-local/dnsmasq/conf/dnsmasq.conf`. +> - Gestion des variables par service via fichiers `conf/.env` montés avec `env_file` dans `docker-compose.yml` (plus de redondance dans `environment`). +> +> Impact: +> - Les secrets et paramètres (Postgres/MinIO/Neo4j/IA) sont centralisés par service dans `4nk-local/**/conf/.env`. +> - Les commandes et healthchecks utilisent désormais des valeurs littérales ou des variables issues des `env_file`. + ## Réseau Docker `4nk_network` - Sous-réseau: `172.20.0.0/16`