4NK_node/docker-compose.yml

services:
  tor:
    build: ./tor
    image: 4nk_node-tor
    container_name: tor-proxy
    networks:
      btcnet:
        aliases:
          - tor
    ports:
      - "9050:9050"  # Port SOCKS
      - "9051:9051"  # Port de contrôle
    restart: unless-stopped
    volumes:
      - ./tor/torrc:/etc/tor/torrc:ro
      - ./tor/bridges.extra:/etc/tor/bridges.extra:ro
    command: ["tor", "-f", "/etc/tor/torrc"]
    healthcheck:
      test: ["CMD-SHELL", "nc -z 127.0.0.1 9050"]
      interval: 30s
      timeout: 5s
      retries: 3

  bitcoin:
    build: ./bitcoin
    container_name: bitcoin-signet
    depends_on:
      - tor
    volumes:
      - bitcoin_data:/home/bitcoin/.bitcoin
      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
    # ports supprimés: service interne uniquement
    networks:
      btcnet:
        aliases:
          - bitcoin
    environment:
      - TOR_HOST=tor
      - TOR_PORT=9050
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "bitcoin-cli", "-conf=/home/bitcoin/.bitcoin/bitcoin.conf", "getblockchaininfo"]
      interval: 30s
      timeout: 10s
      retries: 3

  blindbit:
    build: ./blindbit
    container_name: blindbit-oracle
    depends_on:
      - bitcoin
    volumes:
      - blindbit_data:/data
      - ./blindbit/blindbit.toml:/data/blindbit.toml
      - bitcoin_data:/home/bitcoin/.bitcoin
    # ports supprimés: service interne uniquement
    networks:
      btcnet:
        aliases:
          - blindbit
    restart: unless-stopped

  sdk_relay_1:
    build:
      context: ..
      dockerfile: 4NK_node/sdk_relay/Dockerfile
    container_name: sdk_relay_1
    depends_on:
      bitcoin:
        condition: service_healthy
      blindbit:
        condition: service_started
    volumes:
      - bitcoin_data:/home/bitcoin/.bitcoin
      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
      - sdk_relay_1_data:/home/bitcoin/.4nk
      - ./sdk_relay/.conf.docker.relay1:/home/bitcoin/.conf.docker
    # ports supprimés: service utilisé via reverse proxy interne
    networks:
      btcnet:
        aliases:
          - sdk_relay_1
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    environment:
      - RUST_LOG=debug,bitcoincore_rpc=trace
      - HOME=/home/bitcoin
      - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
      - ENABLE_SYNC_TEST=1
    restart: on-failure:3
    entrypoint: >
      /bin/sh -c "
      cp /home/bitcoin/.conf.docker /home/bitcoin/.conf &&
      cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie &&
      chmod 600 /home/bitcoin/.4nk/bitcoin.cookie &&
      echo 'Configuration loaded:' &&
      cat /home/bitcoin/.conf &&
      echo 'Testing DNS resolution:' &&
      getent hosts bitcoin &&
      echo 'Testing connectivity:' &&
      curl -s --connect-timeout 5 http://bitcoin:18443 &&
      echo 'Bitcoin accessible via curl' &&
      echo 'Starting sdk_relay_1:' &&
      /usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091"
    healthcheck:
      test: ["CMD", "/usr/local/bin/healthcheck.sh"]
      interval: 30s
      timeout: 15s
      retries: 3
      start_period: 60s

  sdk_relay_2:
    build:
      context: ..
      dockerfile: 4NK_node/sdk_relay/Dockerfile
    container_name: sdk_relay_2
    depends_on:
      bitcoin:
        condition: service_healthy
      blindbit:
        condition: service_started
    volumes:
      - bitcoin_data:/home/bitcoin/.bitcoin
      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
      - sdk_relay_2_data:/home/bitcoin/.4nk
      - ./sdk_relay/.conf.docker.relay2:/home/bitcoin/.conf.docker
    # ports supprimés: service utilisé via reverse proxy interne
    networks:
      btcnet:
        aliases:
          - sdk_relay_2
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    environment:
      - RUST_LOG=debug,bitcoincore_rpc=trace
      - HOME=/home/bitcoin
      - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
      - ENABLE_SYNC_TEST=1
    restart: on-failure:3
    entrypoint: >
      /bin/sh -c "
      cp /home/bitcoin/.conf.docker /home/bitcoin/.conf &&
      cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie &&
      chmod 600 /home/bitcoin/.4nk/bitcoin.cookie &&
      echo 'Configuration loaded:' &&
      cat /home/bitcoin/.conf &&
      echo 'Testing DNS resolution:' &&
      getent hosts bitcoin &&
      echo 'Testing connectivity:' &&
      curl -s --connect-timeout 5 http://bitcoin:18443 &&
      echo 'Bitcoin accessible via curl' &&
      echo 'Starting sdk_relay_2:' &&
      /usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091"
    healthcheck:
      test: ["CMD", "/usr/local/bin/healthcheck.sh"]
      interval: 30s
      timeout: 15s
      retries: 3
      start_period: 60s

  sdk_relay_3:
    build:
      context: ..
      dockerfile: 4NK_node/sdk_relay/Dockerfile
    container_name: sdk_relay_3
    depends_on:
      bitcoin:
        condition: service_healthy
      blindbit:
        condition: service_started
    volumes:
      - bitcoin_data:/home/bitcoin/.bitcoin
      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
      - sdk_relay_3_data:/home/bitcoin/.4nk
      - ./sdk_relay/.conf.docker.relay3:/home/bitcoin/.conf.docker
    # ports supprimés: service utilisé via reverse proxy interne
    networks:
      btcnet:
        aliases:
          - sdk_relay_3
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    environment:
      - RUST_LOG=debug,bitcoincore_rpc=trace
      - HOME=/home/bitcoin
      - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
      - ENABLE_SYNC_TEST=1
    restart: on-failure:3
    entrypoint: >
      /bin/sh -c "
      cp /home/bitcoin/.conf.docker /home/bitcoin/.conf &&
      cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie &&
      chmod 600 /home/bitcoin/.4nk/bitcoin.cookie &&
      echo 'Configuration loaded:' &&
      cat /home/bitcoin/.conf &&
      echo 'Testing DNS resolution:' &&
      getent hosts bitcoin &&
      echo 'Testing connectivity:' &&
      curl -s --connect-timeout 5 http://bitcoin:18443 &&
      echo 'Bitcoin accessible via curl' &&
      echo 'Starting sdk_relay_3:' &&
      /usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091"
    healthcheck:
      test: ["CMD", "/usr/local/bin/healthcheck.sh"]
      interval: 30s
      timeout: 15s
      retries: 3
      start_period: 60s

  ihm_client:
    image: busybox:latest
    container_name: 4nk-ihm-client
    command: sh -c "sleep infinity"
    volumes:
      - ./ihm_client/dist:/usr/share/nginx/html:ro
    networks:
      - btcnet

  reverse_proxy:
    image: nginx:alpine
    container_name: 4nk-reverse-proxy
    depends_on:
      - sdk_relay_1
      - sdk_storage
    volumes:
      - ./proxy/nginx.conf:/etc/nginx/conf.d/default.conf:ro
      - ./certs:/etc/nginx/certs:ro
      - ./ihm_client/dist:/usr/share/nginx/html:ro
      - ./acme:/var/www/certbot:ro
    ports:
      - "80:80"
      - "443:443"
    networks:
      btcnet:
        aliases:
          - reverse_proxy

  sdk_storage:
    build: ./sdk_storage
    container_name: sdk-storage
    restart: unless-stopped
    entrypoint: >
      /bin/sh -lc "chown -R 10001:10001 /app/storage || true; exec /usr/local/bin/sdk_storage --permanent"
    networks:
      btcnet:
        aliases:
          - sdk_storage
    volumes:
      - sdk_storage_data:/app/storage
    # Service interne: aucun port exposé

  sdk_signer:
    build:
      context: ./sdk_signer
      dockerfile: ../dockerfiles/sdk_signer.Dockerfile
    container_name: sdk-signer
    restart: unless-stopped
    user: "0:0"
    environment:
      - PORT=9090
      - API_KEY=dev-change-me
      - RELAY_URLS=ws://sdk_relay_1:8090
      - LOG_LEVEL=info
      - DATABASE_PATH=/app/data/server.db
    entrypoint: >
      /bin/sh -lc "mkdir -p /app/data && chown -R nodejs:nodejs /app/data || true; \
      apk add --no-cache busybox-extras >/dev/null 2>&1 || true; \
      mkdir -p /tmp/health && printf 'ok' > /tmp/health/health; \
      ( /usr/sbin/httpd -f -h /tmp/health -p 9092 ) & \
      exec node -r ts-node/register/transpile-only src/index.ts"
    networks:
      btcnet:
        aliases:
          - sdk_signer
    depends_on:
      sdk_relay_1:
        condition: service_started
    volumes:
      - sdk_signer_data:/app/data
    # Service interne: aucun port exposé

volumes:
  bitcoin_data:
    name: 4nk_node_bitcoin_data
  blindbit_data:
    name: 4nk_node_blindbit_data
  sdk_relay_1_data:
    name: 4nk_node_sdk_relay_1_data
  sdk_relay_2_data:
    name: 4nk_node_sdk_relay_2_data
  sdk_relay_3_data:
    name: 4nk_node_sdk_relay_3_data
  sdk_storage_data:
    name: 4nk_node_sdk_storage_data
  sdk_signer_data:
    name: 4nk_node_sdk_signer_data

networks:
  btcnet:
    name: 4nk_node_btcnet
    driver: bridge