4nk/4NK_node
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

env: bascule vers env_file par service, suppression redondances, alignement IP/DNS, docs MAJ

Browse Source
This commit is contained in:
Nicolas Cantu 2025-09-12 14:37:13 +02:00
parent b5e000231f
commit f44f6cdd4e
15 changed files with 245 additions and 399 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
4nk-local/dnsmasq/conf/dnsmasq.conf.exemple Normal file
View File

@ -0,0 +1,69 @@
# Configuration DNS pour 4NK_node
# Résolution des domaines .4nk-local vers les conteneurs Docker
# Interface d'écoute
interface=eth0
bind-interfaces
# Port DNS
port=53
# Domaine local
domain=4nk-local
# Résolution des domaines .4nk-local
# dnsmasq.4nk-local (172.30.0.0/16)
address=/dnsmasq.4nk-local/172.30.0.1
# Modules (172.31.0.0/16)
address=/tor.modules.4nk-local/172.31.0.10
address=/bitcoin.modules.4nk-local/172.31.0.11
address=/blindbit-oracle.modules.4nk-local/172.31.0.12
address=/sdk-storage.modules.4nk-local/172.31.0.13
address=/sdk-relay1.modules.4nk-local/172.31.0.14
address=/sdk-relay2.modules.4nk-local/172.31.0.15
address=/sdk-relay3.modules.4nk-local/172.31.0.16
address=/nginx-proxy.modules.4nk-local/172.31.0.60
# SDK Relay (172.31.1.0/16)
address=/i1.sdk-relay.modules.4nk-local/172.31.1.11
address=/i2.sdk-relay.modules.4nk-local/172.31.1.12
address=/i3.sdk-relay.modules.4nk-local/172.31.1.13
# IA Modules (172.31.2.0/16)
address=/ollama.ia.modules.4nk-local/172.31.2.11
address=/anythingsqlite.ia.modules.4nk-local/172.31.2.12
address=/host-api.ia.modules.4nk-local/172.31.2.13
address=/worker.ia.modules.4nk-local/172.31.2.14
# Grafana Modules (172.31.3.0/16)
address=/loki.grafana.modules.4nk-local/172.31.3.51
address=/prometheus.grafana.modules.4nk-local/172.31.3.52
address=/promtail.grafana.modules.4nk-local/172.31.3.53
address=/grafana.grafana.modules.4nk-local/172.31.3.50
# Data Modules (172.31.4.0/16)
address=/postgres.data.modules.4nk-local/172.31.4.11
address=/redis.data.modules.4nk-local/172.31.4.12
address=/minio.data.modules.4nk-local/172.31.4.13
address=/neo4j.data.modules.4nk-local/172.31.4.14
address=/opensearch.data.modules.4nk-local/172.31.4.15
# Client Modules (172.31.5.0/16)
address=/sdk-signer.client.modules.4nk-local/172.31.5.11
address=/ihm.client.modules.4nk-local/172.31.5.12
# Projects (172.32.0.0/16)
address=/front.lecoffre.projects.4nk-local/172.32.0.32
address=/back-mini.lecoffre.projects.4nk-local/172.32.0.34
address=/ia.lecoffre.projects.4nk-local/172.32.0.33
# Cache DNS
cache-size=1000
# Logs
log-queries
log-dhcp
# Pas de redirection vers des serveurs externes pour .4nk-local
server=/4nk-local/

0
4nk-local/modules/ihm-client/conf/.env.exemple → 4nk-local/modules/client/ihm/conf/.env.exemple
View File

5
4nk-local/modules/data/minio/conf/.env.exemple
View File

@ -1,5 +0,0 @@
# Configuration MinIO pour 4NK_node
# Copier ce fichier vers .env et modifier les valeurs
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin
MINIO_BUCKET=4nk-ia

4
4nk-local/modules/data/neo4j/conf/.env.exemple
View File

@ -1,4 +0,0 @@
# Configuration Neo4j pour 4NK_node
# Copier ce fichier vers .env et modifier les valeurs
NEO4J_AUTH=neo4j/4nkneo4j
NEO4J_PASSWORD=4nkneo4j

4
4nk-local/modules/data/opensearch/conf/.env.exemple
View File

@ -1,4 +0,0 @@
# Configuration OpenSearch pour 4NK_node
# Copier ce fichier vers .env et modifier les valeurs
OPENSEARCH_INITIAL_ADMIN_PASSWORD=OpenSearch2025!
OPENSEARCH_USERNAME=admin

5
4nk-local/modules/data/postgres/conf/.env.exemple
View File

@ -1,5 +0,0 @@
# Configuration PostgreSQL pour 4NK_node
# Copier ce fichier vers .env et modifier les valeurs
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
POSTGRES_DB=4nk_ia

4
4nk-local/modules/data/redis/conf/.env.exemple
View File

@ -1,4 +0,0 @@
# Configuration Redis pour 4NK_node
# Copier ce fichier vers .env et modifier les valeurs
REDIS_PASSWORD=
REDIS_DB=0

6
CHANGELOG.md
View File

@ -1,5 +1,11 @@
## [Unreleased] ## [Unreleased]
### Changed
- Environnements: suppression des variables redondantes dans `docker-compose.yml` au profit de `env_file` par service (`postgres`, `minio`, `neo4j`, `host-api`, `worker`).
- Secrets: remplacement des `${...}` par valeurs explicites dans `docker-compose.yml` pour garantir labsence dinterpolation au runtime.
- Réseau: alignement complet des IPs et FQDN entre `docker-compose.yml` et `4nk-local/dnsmasq/conf/dnsmasq.conf`.
- DNS: `dnsmasq.4nk-local` rattaché avec IP statique `172.30.0.1` et présent sur tous les réseaux.
### Changed ### Changed
- Docker: définition explicite de la passerelle `172.20.0.1` pour `4nk_network` et ajout de `dns: 172.20.0.1` pour les services. - Docker: définition explicite de la passerelle `172.20.0.1` pour `4nk_network` et ajout de `dns: 172.20.0.1` pour les services.
- Ajout dun ancrage `x-4nk-extra-hosts` et application à tous les services pour garantir la résolution intra-conteneur. - Ajout dun ancrage `x-4nk-extra-hosts` et application à tous les services pour garantir la résolution intra-conteneur.

68
conf/dnsmasq/dnsmasq.conf
View File

@ -1,68 +0,0 @@
# Configuration DNS pour 4NK_node
# Résolution des domaines .4nk-local vers les conteneurs Docker
# Interface d'écoute
interface=docker0
bind-interfaces
# Port DNS
port=53
# Domaine local
domain=4nk-local
# Résolution des domaines .4nk-local
# Modules (172.30.0.0/16)
address=/tor.modules.4nk-local/172.30.0.10
address=/bitcoin.modules.4nk-local/172.30.0.11
address=/blindbit-oracle.modules.4nk-local/172.30.0.12
address=/sdk-storage.modules.4nk-local/172.30.0.13
address=/sdk-relay1.modules.4nk-local/172.30.0.14
address=/sdk-relay2.modules.4nk-local/172.30.0.15
address=/sdk-relay3.modules.4nk-local/172.30.0.16
address=/sdk-signer.modules.4nk-local/172.30.0.17
address=/ihm.client.modules.4nk-local/172.30.0.18
address=/nginx-proxy.modules.4nk-local/172.30.0.60
# SDK Relay (172.30.1.0/16)
address=/i1.sdk-relay.modules.4nk-local/172.30.1.11
address=/i2.sdk-relay.modules.4nk-local/172.30.1.12
address=/i3.sdk-relay.modules.4nk-local/172.30.1.13
# IA Modules (172.30.2.0/16)
address=/ollama.ia.modules.4nk-local/172.30.2.11
address=/anythingsqlite.ia.modules.4nk-local/172.30.2.12
address=/host-api.ia.modules.4nk-local/172.30.2.13
address=/worker.ia.modules.4nk-local/172.30.2.14
# Grafana Modules (172.30.3.0/16)
address=/loki.grafana.modules.4nk-local/172.30.3.51
address=/prometheus.grafana.modules.4nk-local/172.30.3.52
address=/promtail.grafana.modules.4nk-local/172.30.3.53
address=/grafana.grafana.modules.4nk-local/172.30.3.50
# Data Modules (172.30.4.0/16)
address=/postgres.data.modules.4nk-local/172.30.4.11
address=/redis.data.modules.4nk-local/172.30.4.12
address=/minio.data.modules.4nk-local/172.30.4.13
address=/neo4j.data.modules.4nk-local/172.30.4.14
address=/opensearch.data.modules.4nk-local/172.30.4.15
# Client Modules (172.30.5.0/16)
address=/sdk-signer.client.modules.4nk-local/172.30.5.11
address=/ihm.client.modules.4nk-local/172.30.5.12
# LeCoffre Projects (172.31.0.0/16)
address=/front.lecoffre.projects.4nk-local/172.31.0.32
address=/back-mini.lecoffre.projects.4nk-local/172.31.0.34
address=/ia.lecoffre.projects.4nk-local/172.31.0.33
# Cache DNS
cache-size=1000
# Logs
log-queries
log-dhcp
# Pas de redirection vers des serveurs externes pour .4nk-local
server=/4nk-local/

23
conf/dnsmasq/dnsmasq.conf.exemple
View File

@ -1,23 +0,0 @@
# dnsmasq config for 4NK - listens on all interfaces:53
no-dhcp-interface=
port=53
interface=*
bind-interfaces
log-queries
# 4NK Docker hosts
address=/tor.modules.4nk-local/172.20.0.10
address=/bitcoin.modules.4nk-local/172.20.0.11
address=/blindbit-oracle.modules.4nk-local/172.20.0.12
address=/sdk-storage.modules.4nk-local/172.20.0.13
address=/i1.sdk-relay.4nk-local/172.20.0.14
address=/i2.sdk-relay.4nk-local/172.20.0.15
address=/i3.sdk-relay.4nk-local/172.20.0.16
address=/sdk-signer.4nk-local/172.20.0.17
address=/ihm.client.modules.4nk-local/172.20.0.18
address=/coffre-front.4nk-local/172.20.0.32
address=/coffre-back-mini.4nk-local/172.20.0.33
address=/grafana.grafanalocal/172.20.0.50
address=/loki.4nk-local/172.20.0.51
address=/prometheus.4nk-local/172.20.0.52
address=/promtail.4nk-local/172.20.0.53

49
conf/monitoring/grafana.ini
View File

@ -1,49 +0,0 @@
[paths]
data = /var/lib/grafana/data
logs = /var/lib/grafana/logs
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
[server]
http_port = 3000
http_addr = 0.0.0.0
root_url = http://grafana.grafanalocal:3000/
serve_from_sub_path = false
[database]
type = sqlite3
path = grafana.db
[security]
admin_user = admin
admin_password = admin
secret_key = SW2YcwTIb9zpOOhoPsMm
[users]
allow_sign_up = false
auto_assign_org = true
auto_assign_org_role = Viewer
[log]
mode = console
level = info
[alerting]
enabled = true
[explore]
enabled = true
[panels]
disable_sanitize_html = false
[plugins]
enable_alpha = false
app_tls_skip_verify_insecure = false
[auth]
disable_login_form = false
disable_signout_menu = false
[auth.anonymous]
enabled = false

18
conf/nginx/nginx.conf.exemple
View File

@ -1,18 +0,0 @@
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# Logs Nginx locaux (facultatif, peut être redirigé ailleurs)
access_log /var/log/nginx/4nk_node.access.log;
error_log /var/log/nginx/4nk_node.error.log;
include /etc/nginx/sites-enabled/*.conf;
}

90
conf/nginx/sites-enabled/4nk_node.conf.exemple
View File

@ -1,90 +0,0 @@
server {
listen 80 default_server;
server_name _;
# Format de logs dédié Grafana/Promtail
access_log /var/log/nginx/4nk_node.access.log;
error_log /var/log/nginx/4nk_node.error.log;
# ihm_client (HTTP)
location / {
proxy_pass http://ihm.client.modules.4nk.4nk-local:80/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# sdk_storage
location /sdk_storage/ {
proxy_pass http://sdk-storage.4nk.4nk-local:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# blindbit
location /blindbit/ {
proxy_pass http://blindbit.4nk.4nk-local:8000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# relais (HTTP API)
location /relay1/ { proxy_pass http://sdk-relay1.4nk.4nk-local:8091/; }
location /relay2/ { proxy_pass http://sdk-relay2.4nk.4nk-local:8093/; }
location /relay3/ { proxy_pass http://sdk-relay3.4nk.4nk-local:8095/; }
# relais (WebSocket)
location /relay1/ws/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://sdk-relay1.4nk.4nk-local:8090/;
}
location /relay2/ws/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://sdk-relay2.4nk.4nk-local:8092/;
}
location /relay3/ws/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://sdk-relay3.4nk.4nk-local:8094/;
}
# sdk_signer (WS et HTTP si exposés sur 9090/9092)
location /signer/ws/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://sdk-signer.4nk.4nk-local:9090/;
}
location /signer/ {
proxy_pass http://sdk-signer.4nk.4nk-local:9092/;
}
# lecoffre-front
location /coffre/ {
proxy_pass http://coffre-front.4nk.4nk-local:3003/;
}
# miniback (expose /logs si nécessaire)
location /miniback/ {
proxy_pass http://miniback.4nk.4nk-local:8081/;
}
# Grafana (sous-chemin /grafana)
location /grafana/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:3000/;
}
}

281
docker-compose.yml
View File

@ -2,50 +2,76 @@ version: '3.8'
x-4nk-extra-hosts: &x-4nk-extra-hosts x-4nk-extra-hosts: &x-4nk-extra-hosts
extra_hosts: extra_hosts:
# modules.4nk-local (172.30.0.0/16) # 4nk-local (172.30.0.0/16)
- "tor.modules.4nk-local:172.30.0.10" - "dnsmasq.4nk-local:172.30.0.1"
- "bitcoin.modules.4nk-local:172.30.0.11"
- "blindbit-oracle.modules.4nk-local:172.30.0.12"
- "sdk-storage.modules.4nk-local:172.30.0.13"
- "sdk-relay1.modules.4nk-local:172.30.0.14"
- "sdk-relay2.modules.4nk-local:172.30.0.15"
- "sdk-relay3.modules.4nk-local:172.30.0.16"
- "sdk-signer.modules.4nk-local:172.30.0.17"
- "nginx-proxy.modules.4nk-local:172.30.0.60"
# sdk-relay.modules.4nk-local (172.30.1.0/16) # modules.4nk-local (172.31.0.0/16)
- "i1.sdk-relay.modules.4nk-local:172.30.1.11" - "tor.modules.4nk-local:172.31.0.10"
- "i2.sdk-relay.modules.4nk-local:172.30.1.12" - "bitcoin.modules.4nk-local:172.31.0.11"
- "i3.sdk-relay.modules.4nk-local:172.30.1.13" - "blindbit-oracle.modules.4nk-local:172.31.0.12"
- "sdk-storage.modules.4nk-local:172.31.0.13"
- "sdk-relay1.modules.4nk-local:172.31.0.14"
- "sdk-relay2.modules.4nk-local:172.31.0.15"
- "sdk-relay3.modules.4nk-local:172.31.0.16"
- "nginx-proxy.modules.4nk-local:172.31.0.60"
# ia.modules.4nk-local (172.30.2.0/16) # sdk-relay.modules.4nk-local (172.31.1.0/16)
- "ollama.ia.modules.4nk-local:172.30.2.11" - "i1.sdk-relay.modules.4nk-local:172.31.1.11"
- "anythingsqlite.ia.modules.4nk-local:172.30.2.12" - "i2.sdk-relay.modules.4nk-local:172.31.1.12"
- "host-api.ia.modules.4nk-local:172.30.2.13" - "i3.sdk-relay.modules.4nk-local:172.31.1.13"
- "worker.ia.modules.4nk-local:172.30.2.14"
# grafana.modules.4nk-local (172.30.3.0/16) # ia.modules.4nk-local (172.31.2.0/16)
- "loki.grafana.modules.4nk-local:172.30.3.51" - "ollama.ia.modules.4nk-local:172.31.2.11"
- "prometheus.grafana.modules.4nk-local:172.30.3.52" - "anythingsqlite.ia.modules.4nk-local:172.31.2.12"
- "promtail.grafana.modules.4nk-local:172.30.3.53" - "host-api.ia.modules.4nk-local:172.31.2.13"
- "grafana.grafana.modules.4nk-local:172.30.3.50" - "worker.ia.modules.4nk-local:172.31.2.14"
# data.modules.4nk-local (172.30.4.0/16) # grafana.modules.4nk-local (172.31.3.0/16)
- "postgres.data.modules.4nk-local:172.30.4.11" - "loki.grafana.modules.4nk-local:172.31.3.51"
- "redis.data.modules.4nk-local:172.30.4.12" - "prometheus.grafana.modules.4nk-local:172.31.3.52"
- "minio.data.modules.4nk-local:172.30.4.13" - "promtail.grafana.modules.4nk-local:172.31.3.53"
- "neo4j.data.modules.4nk-local:172.30.4.14" - "grafana.grafana.modules.4nk-local:172.31.3.50"
- "opensearch.data.modules.4nk-local:172.30.4.15"
# client.modules.4nk-local (172.30.5.0/16) # data.modules.4nk-local (172.31.4.0/16)
- "sdk-signer.client.modules.4nk-local:172.30.5.11" - "postgres.data.modules.4nk-local:172.31.4.11"
- "redis.data.modules.4nk-local:172.31.4.12"
- "minio.data.modules.4nk-local:172.31.4.13"
- "neo4j.data.modules.4nk-local:172.31.4.14"
- "opensearch.data.modules.4nk-local:172.31.4.15"
# client.modules.4nk-local (172.31.5.0/16)
- "sdk-signer.client.modules.4nk-local:172.31.5.11"
- "ihm.client.modules.4nk-local:172.31.5.12" - "ihm.client.modules.4nk-local:172.31.5.12"
# lecoffre.projects.4nk-local (172.31.0.0/16) # projects.4nk-local (172.31.6.0/16)
- "front.lecoffre.projects.4nk-local:172.31.0.32" - "front.lecoffre.projects.4nk-local:172.31.6.32"
- "back-mini.lecoffre.projects.4nk-local:172.31.0.34" - "back-mini.lecoffre.projects.4nk-local:172.31.6.34"
- "ia.lecoffre.projects.4nk-local:172.31.0.33" - "ia.lecoffre.projects.4nk-local:172.31.6.33"
services: services:
# ==================== DNS ====================
dnsmasq.4nk-local:
image: andyshinn/dnsmasq:2.78
container_name: dnsmasq.4nk-local
hostname: dnsmasq.4nk-local
ports:
- "5354:53/udp"
- "5354:53/tcp"
volumes:
- ./4nk-local/dnsmasq/conf/dnsmasq.conf:/etc/dnsmasq.conf:ro
networks:
dnsmasq.4nk-local:
ipv4_address: 172.30.0.1
modules.4nk-local:
sdk-relay.modules.4nk-local:
ia.modules.4nk-local:
grafana.modules.4nk-local:
data.modules.4nk-local:
client.modules.4nk-local:
lecoffre.projects.4nk-local:
restart: unless-stopped
privileged: true
# ==================== MODULES > DATA ==================== # ==================== MODULES > DATA ====================
postgres.data.modules.4nk-local: postgres.data.modules.4nk-local:
@ -53,24 +79,22 @@ services:
image: postgres:16 image: postgres:16
container_name: 4nk-ia-postgres.4nk-local container_name: 4nk-ia-postgres.4nk-local
hostname: 4nk-ia-postgres.4nk-local hostname: 4nk-ia-postgres.4nk-local
environment: env_file:
POSTGRES_USER: ${POSTGRES_USER} - ./4nk-local/modules/data/postgres/conf/.env
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
volumes: volumes:
- ./4nk-local/modules/data/postgres/data:/var/lib/postgresql/data - ./4nk-local/modules/data/postgres/data:/var/lib/postgresql/data
- ./4nk-local/modules/data/postgres/logs:/var/log/postgresql - ./4nk-local/modules/data/postgres/logs:/var/log/postgresql
ports: ports:
- "5432:5432" - "5432:5432"
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] test: ["CMD-SHELL", "pg_isready -U postgres -d 4nk_db"]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 5 retries: 5
restart: unless-stopped restart: unless-stopped
networks: networks:
data.modules.4nk-local: data.modules.4nk-local:
ipv4_address: 172.30.4.11 ipv4_address: 172.31.4.11
redis.data.modules.4nk-local: redis.data.modules.4nk-local:
<<: *x-4nk-extra-hosts <<: *x-4nk-extra-hosts
@ -86,7 +110,7 @@ services:
restart: unless-stopped restart: unless-stopped
networks: networks:
data.modules.4nk-local: data.modules.4nk-local:
ipv4_address: 172.30.4.12 ipv4_address: 172.31.4.12
minio.data.modules.4nk-local: minio.data.modules.4nk-local:
<<: *x-4nk-extra-hosts <<: *x-4nk-extra-hosts
@ -94,9 +118,8 @@ services:
container_name: minio.data.modules.4nk-local container_name: minio.data.modules.4nk-local
hostname: minio.data.modules.4nk-local hostname: minio.data.modules.4nk-local
command: server /data --console-address ":9001" command: server /data --console-address ":9001"
environment: env_file:
MINIO_ROOT_USER: ${MINIO_ROOT_USER} - ./4nk-local/modules/data/minio/conf/.env
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
volumes: volumes:
- ./4nk-local/modules/data/minio/data:/data - ./4nk-local/modules/data/minio/data:/data
- ./4nk-local/modules/data/minio/logs:/var/log/minio - ./4nk-local/modules/data/minio/logs:/var/log/minio
@ -106,15 +129,15 @@ services:
restart: unless-stopped restart: unless-stopped
networks: networks:
data.modules.4nk-local: data.modules.4nk-local:
ipv4_address: 172.30.4.13 ipv4_address: 172.31.4.13
neo4j.data.modules.4nk-local: neo4j.data.modules.4nk-local:
<<: *x-4nk-extra-hosts <<: *x-4nk-extra-hosts
image: neo4j:5 image: neo4j:5
container_name: neo4j.data.modules.4nk-local container_name: neo4j.data.modules.4nk-local
hostname: neo4j.data.modules.4nk-local hostname: neo4j.data.modules.4nk-local
environment: env_file:
- NEO4J_AUTH=${NEO4J_AUTH} - ./4nk-local/modules/data/neo4j/conf/.env
volumes: volumes:
- ./4nk-local/modules/data/neo4j/data:/data - ./4nk-local/modules/data/neo4j/data:/data
- ./4nk-local/modules/data/neo4j/logs:/var/log/neo4j - ./4nk-local/modules/data/neo4j/logs:/var/log/neo4j
@ -124,7 +147,7 @@ services:
restart: unless-stopped restart: unless-stopped
networks: networks:
data.modules.4nk-local: data.modules.4nk-local:
ipv4_address: 172.30.4.14 ipv4_address: 172.31.4.14
opensearch.data.modules.4nk-local: opensearch.data.modules.4nk-local:
<<: *x-4nk-extra-hosts <<: *x-4nk-extra-hosts
@ -146,7 +169,7 @@ services:
restart: unless-stopped restart: unless-stopped
networks: networks:
data.modules.4nk-local: data.modules.4nk-local:
ipv4_address: 172.30.4.15 ipv4_address: 172.31.4.15
# ==================== MODULES ==================== # ==================== MODULES ====================
@ -160,7 +183,7 @@ services:
- "9051:9051" - "9051:9051"
networks: networks:
modules.4nk-local: modules.4nk-local:
ipv4_address: 172.30.0.10 ipv4_address: 172.31.0.10
restart: unless-stopped restart: unless-stopped
bitcoin.modules.4nk-local: bitcoin.modules.4nk-local:
@ -178,7 +201,7 @@ services:
- ./4nk-local/modules/bitcoin/logs:/home/bitcoin/.bitcoin/logs - ./4nk-local/modules/bitcoin/logs:/home/bitcoin/.bitcoin/logs
networks: networks:
modules.4nk-local: modules.4nk-local:
ipv4_address: 172.30.0.11 ipv4_address: 172.31.0.11
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- tor.modules.4nk-local - tor.modules.4nk-local
@ -201,7 +224,7 @@ services:
- ./modules/bitcoin/data:/home/bitcoin/.bitcoin:ro - ./modules/bitcoin/data:/home/bitcoin/.bitcoin:ro
networks: networks:
modules.4nk-local: modules.4nk-local:
ipv4_address: 172.30.0.12 ipv4_address: 172.31.0.12
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- bitcoin.modules.4nk-local - bitcoin.modules.4nk-local
@ -238,7 +261,7 @@ services:
- ./4nk-local/modules/sdk-storage/logs:/app/logs - ./4nk-local/modules/sdk-storage/logs:/app/logs
networks: networks:
modules.4nk-local: modules.4nk-local:
ipv4_address: 172.30.0.13 ipv4_address: 172.31.0.13
restart: unless-stopped restart: unless-stopped
healthcheck: healthcheck:
test: [ "CMD", "wget", "--quiet", "--tries=1", "--timeout=5", "--spider", "http://localhost:8080" ] test: [ "CMD", "wget", "--quiet", "--tries=1", "--timeout=5", "--spider", "http://localhost:8080" ]
@ -271,7 +294,7 @@ services:
working_dir: /home/bitcoin working_dir: /home/bitcoin
networks: networks:
sdk-relay.modules.4nk-local: sdk-relay.modules.4nk-local:
ipv4_address: 172.30.1.11 ipv4_address: 172.31.1.11
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- blindbit-oracle.modules.4nk-local - blindbit-oracle.modules.4nk-local
@ -304,7 +327,7 @@ services:
working_dir: /home/bitcoin working_dir: /home/bitcoin
networks: networks:
sdk-relay.modules.4nk-local: sdk-relay.modules.4nk-local:
ipv4_address: 172.30.1.12 ipv4_address: 172.31.1.12
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- blindbit-oracle.modules.4nk-local - blindbit-oracle.modules.4nk-local
@ -337,7 +360,7 @@ services:
working_dir: /home/bitcoin working_dir: /home/bitcoin
networks: networks:
sdk-relay.modules.4nk-local: sdk-relay.modules.4nk-local:
ipv4_address: 172.30.1.13 ipv4_address: 172.31.1.13
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- blindbit-oracle.modules.4nk-local - blindbit-oracle.modules.4nk-local
@ -358,12 +381,12 @@ services:
ports: ports:
- "9093:9090" - "9093:9090"
volumes: volumes:
- ./4nk-local/modules/sdk-signer/conf/sdk_signer.conf:/usr/local/bin/sdk_signer.conf:ro - ./4nk-local/modules/client/sdk-signer/conf/sdk_signer.conf:/usr/local/bin/sdk_signer.conf:ro
- ./4nk-local/modules/sdk-signer/data:/app/data - ./4nk-local/modules/client/sdk-signer/data:/app/data
- ./4nk-local/modules/sdk-signer/logs:/usr/src/app/logs - ./4nk-local/modules/client/sdk-signer/logs:/usr/src/app/logs
networks: networks:
client.modules.4nk-local: client.modules.4nk-local:
ipv4_address: 172.30.5.11 ipv4_address: 172.31.5.11
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- sdk-storage.modules.4nk-local - sdk-storage.modules.4nk-local
@ -386,8 +409,8 @@ services:
- "8080:80" - "8080:80"
- "3003:3003" - "3003:3003"
volumes: volumes:
- ./4nk-local/modules/ihm-client/logs:/var/log/ihm_client - ./4nk-local/modules/client/ihm/logs:/var/log/ihm_client
- ./4nk-local/modules/ihm-client/conf/.env:/app/.env:ro - ./4nk-local/modules/client/ihm/conf/.env:/app/.env:ro
networks: networks:
client.modules.4nk-local: client.modules.4nk-local:
ipv4_address: 172.31.5.12 ipv4_address: 172.31.5.12
@ -429,7 +452,7 @@ services:
profiles: ["production", "development"] profiles: ["production", "development"]
networks: networks:
ia.modules.4nk-local: ia.modules.4nk-local:
ipv4_address: 172.30.2.11 ipv4_address: 172.31.2.11
anythingsqlite.ia.modules.4nk-local: anythingsqlite.ia.modules.4nk-local:
<<: *x-4nk-extra-hosts <<: *x-4nk-extra-hosts
@ -450,7 +473,7 @@ services:
profiles: ["production", "development"] profiles: ["production", "development"]
networks: networks:
ia.modules.4nk-local: ia.modules.4nk-local:
ipv4_address: 172.30.2.12 ipv4_address: 172.31.2.12
host-api.ia.modules.4nk-local: host-api.ia.modules.4nk-local:
<<: *x-4nk-extra-hosts <<: *x-4nk-extra-hosts
@ -462,30 +485,28 @@ services:
labels: labels:
- logging=promtail - logging=promtail
- project=4nk_ia_back - project=4nk_ia_back
env_file: ./.env env_file:
- ./4nk-local/modules/ia/host-api/conf/.env
environment: environment:
POSTGRES_USER: ${POSTGRES_USER:-postgres}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
POSTGRES_DB: ${POSTGRES_DB:-4nk_ia}
DATABASE_URL: postgresql+psycopg://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres.data.modules.4nk-local:5432/$POSTGRES_DB DATABASE_URL: postgresql+psycopg://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres.data.modules.4nk-local:5432/$POSTGRES_DB
REDIS_URL: redis://redis.data.modules.4nk-local:6379/0 REDIS_URL: redis://redis.data.modules.4nk-local:6379/0
MINIO_ENDPOINT: 4nk-ia-minio.4nk-local:9000 MINIO_ENDPOINT: 4nk-ia-minio.4nk-local:9000
MINIO_BUCKET: ${MINIO_BUCKET} MINIO_BUCKET: 4nk-bucket
ANYLLM_BASE_URL: http://4nk-ia-anythingllm.4nk-local:3001 ANYLLM_BASE_URL: http://4nk-ia-anythingllm.4nk-local:3001
ANYLLM_API_KEY: ${ANYLLM_API_KEY} ANYLLM_API_KEY: dummy_key
OLLAMA_BASE_URL: http://4nk-ia-ollama.4nk-local:11434 OLLAMA_BASE_URL: http://4nk-ia-ollama.4nk-local:11434
OPENSEARCH_URL: http://4nk-ia-opensearch.4nk-local:9200 OPENSEARCH_URL: http://4nk-ia-opensearch.4nk-local:9200
NEO4J_URL: bolt://4nk-ia-neo4j.4nk-local:7687 NEO4J_URL: bolt://4nk-ia-neo4j.4nk-local:7687
NEO4J_AUTH: ${NEO4J_AUTH} NEO4J_AUTH: neo4j/neo4j
# Configuration de l'API # Configuration de l'API
API_HOST: 0.0.0.0 API_HOST: 0.0.0.0
API_PORT: 8000 API_PORT: 8000
API_WORKERS: 4 API_WORKERS: 4
LOG_LEVEL: ${LOG_LEVEL:-INFO} LOG_LEVEL: INFO
LOG_FORMAT: ${LOG_FORMAT:-json} LOG_FORMAT: json
# Sécurité # Sécurité
SECRET_KEY: ${SECRET_KEY:-your_secret_key_here} SECRET_KEY: your_secret_key_here
ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-30} ACCESS_TOKEN_EXPIRE_MINUTES: 30
volumes: volumes:
- ./4nk-local/modules/ia/host-api/data:/app - ./4nk-local/modules/ia/host-api/data:/app
- ./4nk-local/modules/ia/host-api/logs:/app/logs - ./4nk-local/modules/ia/host-api/logs:/app/logs
@ -507,7 +528,7 @@ services:
restart: unless-stopped restart: unless-stopped
networks: networks:
ia.modules.4nk-local: ia.modules.4nk-local:
ipv4_address: 172.30.2.13 ipv4_address: 172.31.2.13
worker.ia.modules.4nk-local: worker.ia.modules.4nk-local:
<<: *x-4nk-extra-hosts <<: *x-4nk-extra-hosts
@ -519,21 +540,19 @@ services:
labels: labels:
- logging=promtail - logging=promtail
- project=4nk_ia_back - project=4nk_ia_back
env_file: ./.env env_file:
- ./4nk-local/modules/ia/worker/conf/.env
environment: environment:
POSTGRES_USER: ${POSTGRES_USER:-postgres}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
POSTGRES_DB: ${POSTGRES_DB:-4nk_ia}
DATABASE_URL: postgresql+psycopg://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres.data.modules.4nk-local:5432/$POSTGRES_DB DATABASE_URL: postgresql+psycopg://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres.data.modules.4nk-local:5432/$POSTGRES_DB
REDIS_URL: redis://redis.data.modules.4nk-local:6379/0 REDIS_URL: redis://redis.data.modules.4nk-local:6379/0
MINIO_ENDPOINT: 4nk-ia-minio.4nk-local:9000 MINIO_ENDPOINT: 4nk-ia-minio.4nk-local:9000
MINIO_BUCKET: ${MINIO_BUCKET} MINIO_BUCKET: 4nk-bucket
ANYLLM_BASE_URL: http://4nk-ia-anythingllm.4nk-local:3001 ANYLLM_BASE_URL: http://4nk-ia-anythingllm.4nk-local:3001
ANYLLM_API_KEY: ${ANYLLM_API_KEY} ANYLLM_API_KEY: dummy_key
OLLAMA_BASE_URL: http://4nk-ia-ollama.4nk-local:11434 OLLAMA_BASE_URL: http://4nk-ia-ollama.4nk-local:11434
OPENSEARCH_URL: http://4nk-ia-opensearch.4nk-local:9200 OPENSEARCH_URL: http://4nk-ia-opensearch.4nk-local:9200
NEO4J_URL: bolt://4nk-ia-neo4j.4nk-local:7687 NEO4J_URL: bolt://4nk-ia-neo4j.4nk-local:7687
NEO4J_AUTH: ${NEO4J_AUTH} NEO4J_AUTH: neo4j/neo4j
volumes: volumes:
- ./4nk-local/modules/ia/worker/data:/app - ./4nk-local/modules/ia/worker/data:/app
- ./4nk-local/modules/ia/worker/logs:/app/logs - ./4nk-local/modules/ia/worker/logs:/app/logs
@ -543,7 +562,7 @@ services:
profiles: ["production"] profiles: ["production"]
networks: networks:
ia.modules.4nk-local: ia.modules.4nk-local:
ipv4_address: 172.30.2.14 ipv4_address: 172.31.2.14
# ==================== MODULES >GRAFANA ==================== # ==================== MODULES >GRAFANA ====================
@ -561,7 +580,7 @@ services:
- ./4nk-local/modules/grafana/loki/logs:/var/log/loki - ./4nk-local/modules/grafana/loki/logs:/var/log/loki
networks: networks:
grafana.modules.4nk-local: grafana.modules.4nk-local:
ipv4_address: 172.30.3.51 ipv4_address: 172.31.3.51
restart: unless-stopped restart: unless-stopped
prometheus.grafana.modules.4nk-local: prometheus.grafana.modules.4nk-local:
@ -584,7 +603,7 @@ services:
- ./4nk-local/modules/grafana/prometheus/logs:/var/log/prometheus - ./4nk-local/modules/grafana/prometheus/logs:/var/log/prometheus
networks: networks:
grafana.modules.4nk-local: grafana.modules.4nk-local:
ipv4_address: 172.30.3.52 ipv4_address: 172.31.3.52
restart: unless-stopped restart: unless-stopped
promtail.grafana.modules.4nk-local: promtail.grafana.modules.4nk-local:
@ -603,7 +622,7 @@ services:
- ./4nk-local/modules/grafana/grafana/logs:/workspace/logs:ro - ./4nk-local/modules/grafana/grafana/logs:/workspace/logs:ro
networks: networks:
grafana.modules.4nk-local: grafana.modules.4nk-local:
ipv4_address: 172.30.3.53 ipv4_address: 172.31.3.53
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- loki.grafana.modules.4nk-local - loki.grafana.modules.4nk-local
@ -628,7 +647,7 @@ services:
- ./4nk-local/modules/grafana/grafana/logs:/var/log/grafana - ./4nk-local/modules/grafana/grafana/logs:/var/log/grafana
networks: networks:
grafana.modules.4nk-local: grafana.modules.4nk-local:
ipv4_address: 172.30.3.50 ipv4_address: 172.31.3.50
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- loki.grafana.modules.4nk-local - loki.grafana.modules.4nk-local
@ -656,7 +675,7 @@ services:
- ./4nk-local/modules/nginx-proxy/logs:/var/log/nginx - ./4nk-local/modules/nginx-proxy/logs:/var/log/nginx
networks: networks:
modules.4nk-local: modules.4nk-local:
ipv4_address: 172.30.0.60 ipv4_address: 172.31.0.60
restart: unless-stopped restart: unless-stopped
# ==================== PROJECTS > LECOFFRE ==================== # ==================== PROJECTS > LECOFFRE ====================
@ -671,7 +690,7 @@ services:
- ./4nk-local/projects/lecoffre/front/conf/.env.4nk-local:/leCoffre-front/.env.4nk-local:ro - ./4nk-local/projects/lecoffre/front/conf/.env.4nk-local:/leCoffre-front/.env.4nk-local:ro
networks: networks:
lecoffre.projects.4nk-local: lecoffre.projects.4nk-local:
ipv4_address: 172.31.0.32 ipv4_address: 172.31.6.32
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- back-mini.lecoffre.projects.4nk-local - back-mini.lecoffre.projects.4nk-local
@ -698,9 +717,9 @@ services:
- ./4nk-local/projects/lecoffre/ia/logs:/logs - ./4nk-local/projects/lecoffre/ia/logs:/logs
networks: networks:
lecoffre.projects.4nk-local: lecoffre.projects.4nk-local:
ipv4_address: 172.31.0.33 ipv4_address: 172.31.6.33
ia.modules.4nk-local: ia.modules.4nk-local:
ipv4_address: 172.30.2.15 ipv4_address: 172.31.2.15
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- host-api.ia.modules.4nk-local - host-api.ia.modules.4nk-local
@ -714,7 +733,7 @@ services:
- ./4nk-local/projects/lecoffre/back-mini/conf/.env:/app/.env:ro - ./4nk-local/projects/lecoffre/back-mini/conf/.env:/app/.env:ro
networks: networks:
lecoffre.projects.4nk-local: lecoffre.projects.4nk-local:
ipv4_address: 172.31.0.34 ipv4_address: 172.31.6.34
restart: unless-stopped restart: unless-stopped
environment: environment:
- OVH_SMS_SERVICE_NAME=sms-tt802880-1 - OVH_SMS_SERVICE_NAME=sms-tt802880-1
@ -745,50 +764,54 @@ services:
- DB_PASSWORD=minibackpassword - DB_PASSWORD=minibackpassword
- LOG_LEVEL=debug - LOG_LEVEL=debug
# Networks # Networks
networks: networks:
modules.4nk-local: dnsmasq.4nk-local:
driver: bridge driver: bridge
ipam: ipam:
config: config:
- subnet: 172.30.0.0/16 - subnet: 172.30.0.0/16
gateway: 172.30.0.1 gateway: 172.30.0.1
sdk-relay.modules.4nk-local: modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.30.1.0/16
gateway: 172.30.1.1
ia.modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.30.2.0/16
gateway: 172.30.2.1
grafana.modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.30.3.0/16
gateway: 172.30.3.1
data.modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.30.4.0/16
gateway: 172.30.4.1
client.modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.30.5.0/16
gateway: 172.30.5.1
lecoffre.projects.4nk-local:
driver: bridge driver: bridge
ipam: ipam:
config: config:
- subnet: 172.31.0.0/16 - subnet: 172.31.0.0/16
gateway: 172.31.0.1 gateway: 172.31.0.1
sdk-relay.modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.31.1.0/16
gateway: 172.31.1.1
ia.modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.31.2.0/16
gateway: 172.31.2.1
grafana.modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.31.3.0/16
gateway: 172.31.3.1
data.modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.31.4.0/16
gateway: 172.31.4.1
client.modules.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.31.5.0/16
gateway: 172.31.5.1
lecoffre.projects.4nk-local:
driver: bridge
ipam:
config:
- subnet: 172.31.6.0/16
gateway: 172.31.6.1

18
docs/CONFIGURATION.md
View File

@ -1,5 +1,23 @@
# Configuration réseau et résolution de noms (4NK_node) # Configuration réseau et résolution de noms (4NK_node)
> Mise à jour (réseaux et variables denvironnement)
>
> - DNS central: `dnsmasq.4nk-local` avec IP statique `172.30.0.1`.
> - Segmentation réseaux Docker:
> - `modules.4nk-local`: 172.31.0.0/16
> - `sdk-relay.modules.4nk-local`: 172.31.1.0/16
> - `ia.modules.4nk-local`: 172.31.2.0/16
> - `grafana.modules.4nk-local`: 172.31.3.0/16
> - `data.modules.4nk-local`: 172.31.4.0/16
> - `client.modules.4nk-local`: 172.31.5.0/16
> - `lecoffre.projects.4nk-local`: 172.31.6.0/16
> - Résolution FQDN vers IP alignée entre `docker-compose.yml` (extra_hosts) et `4nk-local/dnsmasq/conf/dnsmasq.conf`.
> - Gestion des variables par service via fichiers `conf/.env` montés avec `env_file` dans `docker-compose.yml` (plus de redondance dans `environment`).
>
> Impact:
> - Les secrets et paramètres (Postgres/MinIO/Neo4j/IA) sont centralisés par service dans `4nk-local/**/conf/.env`.
> - Les commandes et healthchecks utilisent désormais des valeurs littérales ou des variables issues des `env_file`.
## Réseau Docker `4nk_network` ## Réseau Docker `4nk_network`
- Sous-réseau: `172.20.0.0/16` - Sous-réseau: `172.20.0.0/16`