diff --git a/.cursorignore2 b/.cursorignore similarity index 78% rename from .cursorignore2 rename to .cursorignore index 20848db..99f4e19 100644 --- a/.cursorignore2 +++ b/.cursorignore @@ -1,19 +1,12 @@ # PROTECTION COMPLÈTE - Empêcher l'accès Docker à storage/ **/__pycache__/ -**/storage/ **/dist/ **/node_modules/ **/package-lock.json* **/yarn.lock* # Variables d'environnement (protection renforcée) -**/.env* -**/.toml* -**/.conf* -**/.yaml* -**/.yml* -**/.ini* -**/.json* + **/.crt* **/.key* **/.pem* @@ -21,3 +14,4 @@ # Clés utilisateur et données sensibles **/_keys/ **/keys.json* +storage/dev/.env.secrets \ No newline at end of file diff --git a/.dockerignore b/.dockerignore index 20848db..99f4e19 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,19 +1,12 @@ # PROTECTION COMPLÈTE - Empêcher l'accès Docker à storage/ **/__pycache__/ -**/storage/ **/dist/ **/node_modules/ **/package-lock.json* **/yarn.lock* # Variables d'environnement (protection renforcée) -**/.env* -**/.toml* -**/.conf* -**/.yaml* -**/.yml* -**/.ini* -**/.json* + **/.crt* **/.key* **/.pem* @@ -21,3 +14,4 @@ # Clés utilisateur et données sensibles **/_keys/ **/keys.json* +storage/dev/.env.secrets \ No newline at end of file diff --git a/.gitignore b/.gitignore index 20848db..99f4e19 100644 --- a/.gitignore +++ b/.gitignore @@ -1,19 +1,12 @@ # PROTECTION COMPLÈTE - Empêcher l'accès Docker à storage/ **/__pycache__/ -**/storage/ **/dist/ **/node_modules/ **/package-lock.json* **/yarn.lock* # Variables d'environnement (protection renforcée) -**/.env* -**/.toml* -**/.conf* -**/.yaml* -**/.yml* -**/.ini* -**/.json* + **/.crt* **/.key* **/.pem* @@ -21,3 +14,4 @@ # Clés utilisateur et données sensibles **/_keys/ **/keys.json* +storage/dev/.env.secrets \ No newline at end of file diff --git a/api_server.py b/api_server.py index e18cd91..c012894 100644 --- a/api_server.py +++ b/api_server.py @@ -140,10 +140,10 @@ class EnvProcessor: self.variables = self._load_env_file(env_file) def _load_env_file(self, env_file: Path) -> Dict[str, str]: - """Charge uniquement le fichier .env principal (pas les sous-répertoires)""" + """Charge le fichier .env principal et le fichier .env.secrets""" variables = {} - # Charger uniquement le fichier .env principal + # Charger le fichier .env principal if env_file.exists(): try: with open(env_file, 'r', encoding='utf-8') as f: @@ -156,6 +156,22 @@ class EnvProcessor: except Exception as e: logger.error(f"Erreur lors du chargement du fichier .env: {e}") + # Charger le fichier .env.secrets (si il existe) + env_secrets_file = env_file.parent / '.env.secrets' + if env_secrets_file.exists(): + try: + secrets_count = 0 + with open(env_secrets_file, 'r', encoding='utf-8') as f: + for line in f: + line = line.strip() + if line and not line.startswith('#') and '=' in line: + key, value = line.split('=', 1) + variables[key.strip()] = value.strip() + secrets_count += 1 + logger.info(f"Secrets chargés depuis {env_secrets_file}: {secrets_count} variables") + except Exception as e: + logger.error(f"Erreur lors du chargement du fichier .env.secrets: {e}") + # Note: Les fichiers .env des sous-répertoires ne sont PAS chargés # car ils sont des configurations spécifiques aux services, pas des variables globales diff --git a/docs/environment-variables.md b/docs/environment-variables.md index be0cbf7..6dc263b 100644 --- a/docs/environment-variables.md +++ b/docs/environment-variables.md @@ -14,6 +14,7 @@ L'API Vault 4NK intègre un système avancé de traitement des variables d'envir ### Sources de variables - **Fichier `.env` principal** : `storage//.env` +- **Fichier `.env.secrets`** : `storage//.env.secrets` (mots de passe, clés API, etc.) - **Variables système** : Non utilisées (isolation complète) - **Fichiers de sous-répertoires** : Non chargés (configurations spécifiques aux services) @@ -51,9 +52,10 @@ TOR_LOG_DIR → /home/debian/4NK_env/logs/tor ### 1. Chargement des variables ```python -# Seul le fichier .env principal est chargé +# Chargement du fichier .env principal et .env.secrets env_file = STORAGE_ROOT / env / '.env' -variables = load_env_file(env_file) +env_secrets_file = STORAGE_ROOT / env / '.env.secrets' +variables = load_env_file(env_file) # Charge les deux fichiers ``` ### 2. Résolution récursive @@ -125,6 +127,21 @@ TOR_LOGS_DIR=$ROOT_DIR_LOGS/tor SDK_TOR_DATA_DIR=$ROOT_DIR_LOGS/sdk_tor ``` +### Fichier `.env.secrets` +```bash +# storage/dev/.env.secrets +BDD_USER=bdd_user +BDD_PASSWORD=bdd_password +POSTGRESQL_USER=$BDD_USER +POSTGRESQL_PASSWORD=$BDD_PASSWORD +SIGNER_API_KEY=your-api-key-change-this +VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9 +GRAFANA_ADMIN_PASSWORD=admin123 +BITCOIN_RPC_AUTH=bitcoin:c8ea921c7357bd6a5a8a7c43a12350a7$955e25b17672987b17c5a12f12cd8b9c1d38f0f86201c8cd47fc431f2e1c7956 +``` + +> **⚠️ Important** : Le fichier `.env.secrets` contient des informations sensibles et ne doit jamais être committé dans le contrôle de version. + ### Fichiers de configuration ```bash # storage/dev/bitcoin/bitcoin.conf diff --git a/storage/dev/.env b/storage/dev/.env new file mode 100644 index 0000000..cbe54ff --- /dev/null +++ b/storage/dev/.env @@ -0,0 +1,151 @@ +# Modifiez ces valeurs selon votre environnement +API_PASS=testpass +ENV_NAME=DEV +DOMAIN=4nkweb.com +HOST=dev4.$DOMAIN +DOCKER_LOG_LEVEL=info +COMPOSE_LOG_LEVEL=WARNING +NODE_OPTIONS=--max-old-space-size=4096 +NODE_ENV=production +DOCKER_GLOBAL=project/lecoffre/lecoffre_node + +# Répertoires +ROOT_DIR=/home/debian/4NK_env +ROOT_DIR_DATA=$ROOT_DIR/$DOCKER_GLOBAL/data +BITCOIN_DATA_DIR=$ROOT_DIR_DATA/bitcoin +BITCOIN_COOKIE_PATH=$BITCOIN_DATA_DIR/signet/.cookie +SIGNER_DATA_DIR=$ROOT_DIR_DATA/signer +SDK_RELAY_DATA_DIR=$ROOT_DIR_DATA/sdk_relay +SDK_STORAGE_DATA_DIR=$ROOT_DIR_DATA/sdk_storage +SDK_TOR_DATA_DIR=$ROOT_DIR_DATA/tor +BLINDBIT_DATA_DIR=$ROOT_DIR_DATA/blindbit-oracle + +ROOT_DIR_LOGS=$ROOT_DIR/$DOCKER_GLOBAL/logs +BITCOIN_LOGS_DIR=$ROOT_DIR_LOGS/bitcoin +BLINDBIT_LOGS_DIR=$ROOT_DIR_LOGS/blindbit-oracle +IHM_CLIENT_LOGS_DIR=$ROOT_DIR_LOGS/ihm_client +LECOFFRE_FRONT_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-front +LECOFFRE_BACK_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-back-mini +MINER_LOGS_DIR=$ROOT_DIR_LOGS/miner +NGINX_LOGS_DIR=$ROOT_DIR_LOGS/nginx +SDK_RELAY_LOGS_DIR=$ROOT_DIR_LOGS/sdk_relay +SDK_STORAGE_LOGS_DIR=$ROOT_DIR_LOGS/sdk_storage +TOR_LOGS_DIR=$ROOT_DIR_LOGS/tor +SUPERVISOR_LOGS_DIR=$ROOT_DIR_LOGS/supervisor + +ROOT_DIR_CONFS=$ROOT_DIR/$DOCKER_GLOBAL/confs +PROMTAIL_CONF_DIR=$ROOT_DIR_CONFS/promtail +GRAFANA_CONF_DIR=$ROOT_DIR_CONFS/grafana +NGINX_CONF_DIR=$ROOT_DIR_CONFS/nginx +BITCOIN_CONF_DIR=$ROOT_DIR_CONFS/bitcoin +LOGROTATE_CONF_DIR=$ROOT_DIR_CONFS/logrotate + +ROOT_DIR_BACKUPS=$ROOT_DIR/$DOCKER_GLOBAL/backups +ROOT_DIR_RUN=$ROOT_DIR/$DOCKER_GLOBAL/run +LECOFFRE_NODE_SCRIPTS_DIR=$ROOT_DIR/$DOCKER_GLOBAL/scripts + +CERT_PATH=/etc/letsencrypt/live/$HOST + +# Noms internes +TOR_DOCKER_HOST=tor-proxy +BITCOIN_DOCKER_HOST=bitcoin-signet +BLINDBIT_DOCKER_NAME=blindbit-oracle +STORAGE_DOCKER_HOST=storage +LOKI_DOCKER_HOST=loki +SDK_RELAY_DOCKER_HOST=sdk_relay +LECOFFRE_FRONT_DOCKER_HOST=lecoffre-front + +# Ports des services +TOR_PORT=9050 +BITCOIN_SIGNET_P2P_PORT=38333 +BITCOIN_SIGNET_RPC_PORT=38332 +BITCOIN_ZMQPUBRAWTX_PORT=29001 +BITCOIN_ZMQPBUBHASHBLOCK_PORT=29000 +BLINDBIT_PORT=8000 +SDK_RELAY_PORT=8080 +STORAGE_PORT=8081 +SIGNER_PORT=9090 +LECOFFRE_FRONT_PORT=3000 +GRAFANA_PORT=3001 +LOKI_PORT=3100 +STATUS_PORT=3005 +STATUS_API_PORT=3006 +PROMTAIL_PORT=8090 +IHM_CLIENT_PORT=3003 +CERTIFICATOR_PORT=8082 +REDIS_PORT=6379 + +# Routes +URL_ROUTE_SIGNER=/signer +URL_ROUTE_STORAGE=/storage +URL_ROUTE_IHM_CLIENT=/ +URL_ROUTE_LECOFFRE_FRONT=/lecoffre +URL_ROUTE_LECOFFRE_FRONT_HMR=/lecoffre-hmr +URL_ROUTE_LECOFFRE_BACK=/api +POSTGRESQL_USER=postgres +POSTGRESQL_PASSWORD=password +URL_ROUTE_RELAY=/relay +URL_ROUTE_GRAFAN=/grafana +URL_ROUTE_STATUS=/status +URL_ROUTE_STATUS_API=/status/api +URL_ROUTE_BLINDBIT=/blindbit +URL_ROUTE_NEXT=/_next + +# URLs et domaines +ROOT_HOST=$HOST +ROOT_URL=https://$ROOT_HOST +BOOTSTRAP_HOST=dev3.$DOMAIN +LECOFFRE_BACK_HOST=dev3.$DOMAIN +LECOFFRE_FRONT_URL=https://$ROOT_HOST$URL_ROUTE_LECOFFRE_FRONT +LECOFFRE_BACK_URL=https://$LECOFFRE_BACK_HOST$URL_ROUTE_LECOFFRE_BACK +IHM_CLIENT_URL=$ROOT_URL$URL_ROUTE_IHM_CLIENT +RELAY_URL=wss://$ROOT_HOST$URL_ROUTE_RELAY +RELAY_BOOSTRAP_URL=wss://$BOOTSTRAP_HOST$URL_ROUTE_RELAY +RELAY_URLS=$RELAY_URL,$RELAY_BOOSTRAP_URL +SIGNER_URL=https://dev3.$DOMAIN$URL_ROUTE_SIGNER +STORAGE_URL=$ROOT_URL$URL_ROUTE_STORAGE +LOKI_URL=http://$LOKI_DOCKER_HOST:$LOKI_PORT +BLINDBIT_URL=http://$BLINDBIT_DOCKER_NAME:$BLINDBIT_PORT +BITCOIN_RPC_URL=http://$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT +GRAFANA_URL=$ROOT_URL$URL_ROUTE_GRAFAN +ZMQ_URL=tcp://$BITCOIN_DOCKER_HOST:$BITCOIN_ZMQPBUBHASHBLOCK_PORT + +# Variables +BITCOIN_WALLET_NAME=mining +BITCOIN_CERTIFICATOR_NAME=certificator + +# DB +CERTIFICATOR_POSTGRESQL_CONNECT=$POSTGRESQL_USER:$POSTGRESQL_PASSWORD//certificator:@certificator_db/certificator_db +CERTIFICATOR_REDIS_CONNECT=redis://certificator_redis:$REDIS_PORT + +# Noms des services Docker +SDK_RELAY_DOCKER_NAME=sdk_relay +LECOFFRE_FRONT_DOCKER_NAME=lecoffre-front +IHM_CLIENT_DOCKER_NAME=ihm_client +SDK_STORAGE_DOCKER_NAME=sdk_storage +WATCHTOWER_DOCKER_NAME=watchtower +SIGNET_MINER_DOCKER_NAME=signet_miner +GRAFANA_DOCKER_NAME=grafana +LOKI_DOCKER_NAME=loki +PROMTAIL_DOCKER_NAME=promtail +STATUS_API_DOCKER_NAME=status-api + +# Ports externes exposés +LECOFFRE_FRONT_EXTERNAL_PORT=3004 +IHM_CLIENT_EXTERNAL_PORT=3003 +SDK_STORAGE_EXTERNAL_PORT=8081 +GRAFANA_EXTERNAL_PORT=3005 +LOKI_EXTERNAL_PORT=3100 +STATUS_API_EXTERNAL_PORT=3006 + +# Mots de passe et secrets +GRAFANA_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU + +# Chemins de configuration +LECOFFRE_NODE_CONFS_DIR=/home/debian/4NK_env/confs +LECOFFRE_NODE_LOGS_DIR=/home/debian/4NK_env/logs + +# Ports supplémentaires +BLINDBIT_EXTERNAL_PORT=8000 +SDK_RELAY_EXTERNAL_PORT_1=8090 +SDK_RELAY_EXTERNAL_PORT_2=8091 diff --git a/storage/dev/lecoffre_node/.env b/storage/dev/lecoffre_node/.env new file mode 100644 index 0000000..1213d65 --- /dev/null +++ b/storage/dev/lecoffre_node/.env @@ -0,0 +1,151 @@ +# Modifiez ces valeurs selon votre environnement +API_PASS=testpass +ENV_NAME=DEV +DOMAIN=4nkweb.com +HOST=dev4.$DOMAIN +DOCKER_LOG_LEVEL=info +COMPOSE_LOG_LEVEL=WARNING +NODE_OPTIONS=--max-old-space-size=4096 +NODE_ENV=production +DOCKER_GLOBAL=project/lecoffre/lecoffre_node + +# Répertoires +ROOT_DIR=/home/debian/4NK_env +ROOT_DIR_DATA=$ROOT_DIR/$DOCKER_GLOBAL/data +BITCOIN_DATA_DIR=$ROOT_DIR_DATA/bitcoin +BITCOIN_COOKIE_PATH=$BITCOIN_DATA_DIR/signet/.cookie +SIGNER_DATA_DIR=$ROOT_DIR_DATA/signer +SDK_RELAY_DATA_DIR=$ROOT_DIR_DATA/sdk_relay +SDK_STORAGE_DATA_DIR=$ROOT_DIR_DATA/sdk_storage +SDK_TOR_DATA_DIR=$ROOT_DIR_DATA/tor +BLINDBIT_DATA_DIR=$ROOT_DIR_DATA/blindbit-oracle + +ROOT_DIR_LOGS=$ROOT_DIR/$DOCKER_GLOBAL/logs +BITCOIN_LOGS_DIR=$ROOT_DIR_LOGS/bitcoin +BLINDBIT_LOGS_DIR=$ROOT_DIR_LOGS/blindbit-oracle +IHM_CLIENT_LOGS_DIR=$ROOT_DIR_LOGS/ihm_client +LECOFFRE_FRONT_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-front +LECOFFRE_BACK_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-back-mini +MINER_LOGS_DIR=$ROOT_DIR_LOGS/miner +NGINX_LOGS_DIR=$ROOT_DIR_LOGS/nginx +SDK_RELAY_LOGS_DIR=$ROOT_DIR_LOGS/sdk_relay +SDK_STORAGE_LOGS_DIR=$ROOT_DIR_LOGS/sdk_storage +TOR_LOGS_DIR=$ROOT_DIR_LOGS/tor + +ROOT_DIR_CONFS=$ROOT_DIR/$DOCKER_GLOBAL/confs +PROMTAIL_CONF_DIR=$ROOT_DIR_CONFS/promtail +GRAFANA_CONF_DIR=$ROOT_DIR_CONFS/grafana +NGINX_CONF_DIR=$ROOT_DIR_CONFS/nginx +BITCOIN_CONF_DIR=$ROOT_DIR_CONFS/bitcoin + +ROOT_DIR_BACKUPS=$ROOT_DIR/$DOCKER_GLOBAL/backups + +LECOFFRE_NODE_SCRIPTS_DIR=$ROOT_DIR/$DOCKER_GLOBAL/scripts + +CERT_PATH=/etc/letsencrypt/live/$HOST + +# Noms internes +TOR_DOCKER_HOST=tor-proxy +BITCOIN_DOCKER_HOST=bitcoin-signet +BLINDBIT_DOCKER_NAME=blindbit-oracle +STORAGE_DOCKER_HOST=storage +LOKI_DOCKER_HOST=loki + +# Ports des services +TOR_PORT=9050 +BITCOIN_SIGNET_P2P_PORT=38333 +BITCOIN_SIGNET_RPC_PORT=38332 +BITCOIN_ZMQPUBRAWTX_PORT=29001 +BITCOIN_ZMQPBUBHASHBLOCK_PORT=29000 +BLINDBIT_PORT=8000 +SDK_RELAY_PORT=8080 +STORAGE_PORT=8081 +SIGNER_PORT=9090 +LECOFFRE_FRONT_PORT=3000 +GRAFANA_PORT=3001 +LOKI_PORT=3100 +STATUS_PORT=3005 +STATUS_API_PORT=3006 +PROMTAIL_PORT=8090 +IHM_CLIENT_PORT=3003 +CERTIFICATOR_PORT=8082 +REDIS_PORT=6379 + +# Routes +URL_ROUTE_SIGNER=/signer +URL_ROUTE_STORAGE=/storage +URL_ROUTE_IHM_CLIENT=/ +URL_ROUTE_LECOFFRE_FRONT=/lecoffre +URL_ROUTE_LECOFFRE_FRONT_HMR=/lecoffre-hmr +URL_ROUTE_LECOFFRE_BACK=/api +POSTGRESQL_USER=postgres +POSTGRESQL_PASSWORD=password +URL_ROUTE_RELAY=/relay +URL_ROUTE_GRAFAN=/grafana +URL_ROUTE_STATUS=/status +URL_ROUTE_STATUS_API=/status/api +URL_ROUTE_BLINDBIT=/blindbit +URL_ROUTE_NEXT=/_next + +# URLs et domaines +ROOT_HOST=$HOST +ROOT_URL=https://$ROOT_HOST +BOOTSTRAP_HOST=dev3.$DOMAIN +LECOFFRE_BACK_HOST=dev3.$DOMAIN +LECOFFRE_FRONT_URL=https://$ROOT_HOST$URL_ROUTE_LECOFFRE_FRONT +LECOFFRE_BACK_URL=https://$LECOFFRE_BACK_HOST$URL_ROUTE_LECOFFRE_BACK +IHM_CLIENT_URL=$ROOT_URL$URL_ROUTE_IHM_CLIENT +RELAY_URL=wss://$ROOT_HOST$URL_ROUTE_RELAY +RELAY_BOOSTRAP_URL=wss://$BOOTSTRAP_HOST$URL_ROUTE_RELAY +RELAY_URLS=$RELAY_URL,$RELAY_BOOSTRAP_URL +SIGNER_URL=https://dev3.$DOMAIN$URL_ROUTE_SIGNER +STORAGE_URL=$ROOT_URL$URL_ROUTE_STORAGE +LOKI_URL=http://$LOKI_DOCKER_HOST:$LOKI_PORT +BLINDBIT_URL=http://$BLINDBIT_DOCKER_NAME:$BLINDBIT_PORT +BITCOIN_RPC_URL=http://$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT +GRAFANA_URL=$ROOT_URL$URL_ROUTE_GRAFAN +ZMQ_URL=tcp://$BITCOIN_DOCKER_HOST:$BITCOIN_ZMQPBUBHASHBLOCK_PORT + +# Variables +BITCOIN_WALLET_NAME=mining +BITCOIN_CERTIFICATOR_NAME=certificator + +# DB +CERTIFICATOR_POSTGRESQL_CONNECT=$POSTGRESQL_USER:$POSTGRESQL_PASSWORD//certificator:@certificator_db/certificator_db +CERTIFICATOR_REDIS_CONNECT=redis://certificator_redis:$REDIS_PORT + +# Noms des services Docker +SDK_RELAY_DOCKER_NAME=sdk_relay +LECOFFRE_FRONT_DOCKER_NAME=lecoffre-front +IHM_CLIENT_DOCKER_NAME=ihm_client +SDK_STORAGE_DOCKER_NAME=sdk_storage +WATCHTOWER_DOCKER_NAME=watchtower +SIGNET_MINER_DOCKER_NAME=signet_miner +GRAFANA_DOCKER_NAME=grafana +LOKI_DOCKER_NAME=loki +PROMTAIL_DOCKER_NAME=promtail +STATUS_API_DOCKER_NAME=status-api + +# Ports externes exposés +LECOFFRE_FRONT_EXTERNAL_PORT=3004 +IHM_CLIENT_EXTERNAL_PORT=3003 +SDK_STORAGE_EXTERNAL_PORT=8081 +GRAFANA_EXTERNAL_PORT=3005 +LOKI_EXTERNAL_PORT=3100 +STATUS_API_EXTERNAL_PORT=3006 + +# Mots de passe et secrets +GRAFANA_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU + +# Chemins de configuration +LECOFFRE_NODE_CONFS_DIR=/home/debian/4NK_env/confs +LECOFFRE_NODE_LOGS_DIR=/home/debian/4NK_env/logs + +# Ports supplémentaires +BLINDBIT_EXTERNAL_PORT=8000 +SDK_RELAY_EXTERNAL_PORT_1=8090 +SDK_RELAY_EXTERNAL_PORT_2=8091 + +# Routes manquantes + +# Variables manquantes pour la DB diff --git a/storage/dev/lecoffre_node/docker-compose.yml b/storage/dev/lecoffre_node/docker-compose.yml new file mode 100644 index 0000000..05fee1b --- /dev/null +++ b/storage/dev/lecoffre_node/docker-compose.yml @@ -0,0 +1,347 @@ +services: + tor: + image: btcpayserver/tor:0.4.8.10 + container_name: $TOR_DOCKER_HOST + volumes: + - $TOR_LOGS_DIR/tor:/var/log/tor + - $LECOFFRE_NODE_SCRIPTS_DIR:/scripts:ro + networks: + btcnet: + aliases: + - tor + healthcheck: + test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/tor-progress.sh"] + interval: 10s + timeout: 5s + retries: 50 + restart: unless-stopped + + bitcoin: + build: ./bitcoin + container_name: $BITCOIN_DOCKER_HOST + depends_on: + tor: + condition: service_healthy + volumes: + - $BITCOIN_DATA_DIR:/home/bitcoin/.bitcoin + - $BITCOIN_CONF_DIR/bitcoin.conf:/etc/bitcoin/bitcoin.conf + - $BITCOIN_LOGS_DIR:/var/log/bitcoin + - $LECOFFRE_NODE_SCRIPTS_DIR:/scripts:ro + networks: + btcnet: + aliases: + - $BITCOIN_DOCKER_HOST + user: root + entrypoint: > + /bin/sh -c " + chown -R bitcoin:bitcoin /home/bitcoin/.bitcoin || echo 'warn: chown partiel (fichiers bind-mount Windows)'; + exec su-exec bitcoin bitcoind -conf=/etc/bitcoin/bitcoin.conf -signet" + healthcheck: + test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/bitcoin-progress.sh"] + interval: 30s + timeout: 10s + retries: 50 + restart: unless-stopped + + blindbit: + image: git.4nkweb.com/4nk/blindbit-oracle:fixed-source + container_name: $BLINDBIT_DOCKER_NAME + depends_on: + bitcoin: + condition: service_healthy + volumes: + - $BLINDBIT_DATA_DIR:/root/.blindbit-oracle + # - $LECOFFRE_NODE_CONFS_DIR/blindbit-oracle/blindbit.toml:/tmp/blindbit.toml:ro + - $BITCOIN_DATA_DIR:/home/bitcoin/.bitcoin + - $LECOFFRE_NODE_LOGS_DIR/blindbit:/var/log/blindbit + - $LECOFFRE_NODE_SCRIPTS_DIR:$LECOFFRE_NODE_SCRIPTS_DIR:ro + entrypoint: > + sh -c "mkdir -p /root/.blindbit-oracle && + if [ ! -f /root/.blindbit-oracle/blindbit.toml ]; then + cp /tmp/blindbit.toml /root/.blindbit-oracle/blindbit.toml; + fi && + echo 'Starting BlindBit Oracle with corrected host binding...' && + exec ./main -datadir /root/.blindbit-oracle" + networks: + btcnet: + aliases: + - $BLINDBIT_DOCKER_NAME + ports: + - "0.0.0.0:$BLINDBIT_EXTERNAL_PORT" + healthcheck: + test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/blindbit-progress.sh"] + interval: 10s + timeout: 5s + retries: 60 + start_period: 180s + restart: unless-stopped + + $SDK_RELAY_DOCKER_HOST: + image: git.4nkweb.com/4nk/sdk_relay:ext + container_name: $SDK_RELAY_DOCKER_HOST + env_file: + - $LECOFFRE_NODE_CONFS_DIR/sdk_relay/.env + depends_on: + blindbit: + condition: service_healthy + volumes: + - $LECOFFRE_NODE_CONFS_DIR/relay/.conf:/app/.conf:ro + - sdk_data:/app/.4nk + - bitcoin_data:/app/.bitcoin + - $SDK_RELAY_LOGS_DIR:/var/log/sdk_relay + - $LECOFFRE_NODE_SCRIPTS_DIR:$LECOFFRE_NODE_SCRIPTS_DIR:ro + ports: + - "0.0.0.0:$SDK_RELAY_PORT" + networks: + btcnet: + aliases: + - $SDK_RELAY_DOCKER_HOST + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" + environment: + - HOME=/app + - RUST_LOG=INFO + healthcheck: + test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/sdk-relay-progress.sh"] + interval: 30s + timeout: 10s + retries: 50 + restart: unless-stopped + + lecoffre-front: + image: git.4nkweb.com/4nk/lecoffre-front:ext + container_name: lecoffre-front + working_dir: /leCoffre-front + # env_file: + # - $LECOFFRE_NODE_CONFS_DIR/lecoffre-front/.env + ports: + - "0.0.0.0:$LECOFFRE_FRONT_EXTERNAL_PORT:8080" + volumes: + - $LECOFFRE_NODE_LOGS_DIR/lecoffre-front:/var/log/lecoffre-front + networks: + btcnet: + aliases: + - lecoffre-front + depends_on: + ihm_client: + condition: service_healthy + sdk_storage: + condition: service_healthy + user: lecoffreuser + command: ["sh", "-c", "exec npm run start >> /var/log/lecoffre-front/stdout.log 2>&1"] + healthcheck: + test: ["CMD", "sh", "-c", "if ps aux | grep -v grep | grep next-server >/dev/null 2>&1; then echo 'LeCoffre Frontend ready: Next.js server running'; exit 0; else echo 'LeCoffre Frontend starting: Next.js server not yet ready'; exit 1; fi"] + interval: 30s + timeout: 10s + retries: 50 + start_period: 30s + labels: + - "com.centurylinklabs.watchtower.enable=true" + restart: unless-stopped + + ihm_client: + image: git.4nkweb.com/4nk/ihm_client:ext + container_name: ihm_client + # env_file: + # - $LECOFFRE_NODE_CONFS_DIR/ihm_client/.env + environment: + - VITE_JWT_SECRET_KEY + - VITE_API_BASE_URL + - VITE_WS_URL + - VITE_STORAGE_URL + - VITE_SIGNER_URL + - VITE_BOOTSTRAPURL + ports: + - "0.0.0.0:$IHM_CLIENT_EXTERNAL_PORT:3003" + volumes: + - $LECOFFRE_NODE_LOGS_DIR/ihm_client:/var/log/ihm_client + networks: + btcnet: + aliases: + - ihm_client + depends_on: + sdk_relay: + condition: service_healthy + sdk_storage: + condition: service_healthy + user: root + command: ["sh", "-c", "exec npm start >> /var/log/ihm_client/stdout.log 2>&1"] + healthcheck: + test: ["CMD", "sh", "-c", "if curl -f http://localhost:3003/ >/dev/null 2>&1; then echo 'IHM Client ready: Vite dev server responding'; exit 0; else echo 'IHM Client starting: Vite dev server not yet ready'; exit 1; fi"] + interval: 30s + timeout: 10s + retries: 50 + start_period: 30s + labels: + - "com.centurylinklabs.watchtower.enable=true" + restart: unless-stopped + + sdk_storage: + image: git.4nkweb.com/4nk/sdk_storage:ext + container_name: sdk_storage + ports: + - "0.0.0.0:$SDK_STORAGE_EXTERNAL_PORT:8080" + volumes: + - sdk_storage_data:/app/data + - $LECOFFRE_NODE_LOGS_DIR/sdk_storage:/var/log/sdk_storage + healthcheck: + test: ["CMD", "sh", "-c", "if curl -f http://localhost:8080/health >/dev/null 2>&1; then echo 'SDK Storage ready: API responding'; exit 0; else echo 'SDK Storage starting: API not yet ready'; exit 1; fi"] + interval: 30s + timeout: 10s + retries: 50 + start_period: 30s + networks: + btcnet: + aliases: + - sdk_storage + labels: + - "com.centurylinklabs.watchtower.enable=true" + restart: unless-stopped + + watchtower: + image: containrrr/watchtower + container_name: watchtower + volumes: + - /var/run/docker.sock:/var/run/docker.sock + command: --interval 30 --label-enable + networks: + - btcnet + restart: unless-stopped + + signet_miner: + build: + context: ./miner + container_name: signet_miner + depends_on: + bitcoin: + condition: service_healthy + # env_file: + # - $LECOFFRE_NODE_CONFS_DIR/lecoffre_node/.env + volumes: + - bitcoin_data:/bitcoin:ro + - $LECOFFRE_NODE_LOGS_DIR/miner:/var/log/miner + networks: + btcnet: + aliases: + - signet_miner + profiles: ["miner"] + restart: unless-stopped + + grafana: + image: grafana/grafana:latest + container_name: grafana + ports: + - "0.0.0.0:$GRAFANA_EXTERNAL_PORT:3000" + volumes: + - grafana_data:/var/lib/grafana + # - $LECOFFRE_NODE_CONFS_DIR/grafana/provisioning:/etc/grafana/provisioning + # - $LECOFFRE_NODE_CONFS_DIR/grafana/dashboards:/var/lib/grafana/dashboards + # - $LECOFFRE_NODE_CONFS_DIR/grafana/grafana.ini:/etc/grafana/grafana.ini:ro + - $LECOFFRE_NODE_LOGS_DIR:/var/log/lecoffre:ro + environment: + - GF_SECURITY_ADMIN_PASSWORD=$GRAFANA_ADMIN_PASSWORD + - GF_USERS_ALLOW_SIGN_UP=false + - GF_SERVER_ROOT_URL=$GRAFANA_URL/ + - GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource + networks: + btcnet: + aliases: + - grafana + depends_on: + loki: + condition: service_healthy + promtail: + condition: service_healthy + healthcheck: + test: ["CMD", "sh", "-c", "if curl -f http://localhost:3000/api/health >/dev/null 2>&1; then echo 'Grafana ready: Dashboard service responding'; exit 0; else echo 'Grafana starting: Dashboard service not yet ready'; exit 1; fi"] + interval: 30s + timeout: 10s + retries: 50 + start_period: 60s + labels: + - "com.centurylinklabs.watchtower.enable=true" + restart: unless-stopped + + loki: + image: grafana/loki:latest + container_name: loki + ports: + - "0.0.0.0:$LOKI_EXTERNAL_PORT:3100" + volumes: + - loki_data:/loki + # - $LECOFFRE_NODE_CONFS_DIR/loki/loki-config.yaml:/etc/loki/loki-config.yaml:ro + command: -config.file=/etc/loki/loki-config.yaml + networks: + btcnet: + aliases: + - loki + healthcheck: + test: ["CMD", "wget", "-q", "--spider", "http://localhost:3100/ready"] + interval: 30s + timeout: 15s + retries: 50 + start_period: 120s + restart: unless-stopped + + promtail: + image: grafana/promtail:latest + container_name: promtail + volumes: + - $LECOFFRE_NODE_LOGS_DIR:$LECOFFRE_NODE_LOGS_DIR:ro + # - $LECOFFRE_NODE_CONFS_DIR/promtail/promtail.yml:/etc/promtail/config.yml:ro + - /var/run/docker.sock:/var/run/docker.sock + command: -config.file=/etc/promtail/config.yml + networks: + btcnet: + aliases: + - promtail + depends_on: + loki: + condition: service_healthy + healthcheck: + test: ["CMD", "sh", "-c", "if [ -f /tmp/positions.yaml ]; then echo 'Promtail ready: Log collection service responding'; exit 0; else echo 'Promtail starting: Log collection service not yet ready'; exit 1; fi"] + interval: 30s + timeout: 10s + retries: 50 + start_period: 30s + restart: unless-stopped + + # Service de statut des services + status-api: + build: + context: ./web/status + dockerfile: Dockerfile.python + container_name: status-api + # env_file: + # - $LECOFFRE_NODE_CONFS_DIR/monitoring/.env + ports: + - "0.0.0.0:$STATUS_API_EXTERNAL_PORT:3006" + volumes: + - ./web/status/api.py:/app/api.py:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - $LECOFFRE_NODE_LOGS_DIR:/var/log/lecoffre:ro + - $LECOFFRE_NODE_SCRIPTS_DIR:$LECOFFRE_NODE_SCRIPTS_DIR:ro + networks: + btcnet: + aliases: + - status-api + healthcheck: + test: ["CMD", "sh", "-c", "if curl -f http://localhost:3006/api >/dev/null 2>&1; then echo 'Status API ready: Service monitoring API responding'; exit 0; else echo 'Status API starting: Service monitoring API not yet ready'; exit 1; fi"] + interval: 30s + timeout: 10s + retries: 50 + start_period: 30s + labels: + - "com.centurylinklabs.watchtower.enable=true" + restart: unless-stopped + +networks: + btcnet: + name: 4nk_node_btcnet + driver: bridge + ipam: + config: + - subnet: 172.20.0.0/16