4nk/4NK_vault
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: 4nk:d48ccc8fbc214ceb8c4640b274693b88095c6e4e
Branches Tags
4nk:master
4nk:ext
..
compare: 4nk:f1558d5eb58ef2d176d1edbd5bc3cecad5a748c7
Branches Tags
4nk:ext
4nk:master

No commits in common. "d48ccc8fbc214ceb8c4640b274693b88095c6e4e" and "f1558d5eb58ef2d176d1edbd5bc3cecad5a748c7" have entirely different histories.
d48ccc8fbc ... f1558d5eb5

10 changed files with 163 additions and 721 deletions
Show Stats Expand all files Collapse all files

90
.cursorignore
View File

@ -1,17 +1,79 @@
# PROTECTION COMPLÈTE - Empêcher l'accès Docker à storage/ # 4NK Environment - Git Ignore
**/__pycache__/ # ============================
**/dist/ confs/
**/node_modules/ # Dossiers de sauvegarde des scripts
**/package-lock.json* **/backup/
**/yarn.lock* **/*backup*
# Variables d'environnement (protection renforcée) **/.cargo/
**/.crt* # Fichiers temporaires
**/.key* **/*.tmp*
**/.pem* **/*.temp*
**/*.log*
**/*.pid*
# Clés utilisateur et données sensibles # Fichiers de configuration locale
**/_keys/ **/*.env*
**/keys.json* **/*.conf*
storage/dev/.env.secrets **/*.yaml*
**/*.yml*
**/*.ini*
**/*.json*
**/*.toml*
**/*.lock*
# Données et logs
**/*.logs*
**/*.data
*.db
*.sqlite
# Certificats et clés
**/*.key
**/*.pem
**/*.crt
**/*.p12
**/*.pfx
ssl/
certs/
# Docker
**/*.docker*
# Cache et build
**/*.node_modules/
**/*.dist/
**/*build/
**/*target/
**/*.*.o
**/*.so
**/*.dylib
# IDE et éditeurs
**/*.vscode/
**/*.idea/
**/*.swp
**/*.swo
**/*~
# OS
**/*.DS_Store
**/*Thumbs.db
**/*tmp*
# Git
**/*.git/
**/*.orig*
# Backup des projets existants
**/*backup*
**/*wallet*
**/*keys*
**/*node_modules*
**/*cursor*
**/*pid*
**/*next*

90
.dockerignore
View File

@ -1,17 +1,79 @@
# PROTECTION COMPLÈTE - Empêcher l'accès Docker à storage/ # 4NK Environment - Git Ignore
**/__pycache__/ # ============================
**/dist/ confs/
**/node_modules/ # Dossiers de sauvegarde des scripts
**/package-lock.json* **/backup/
**/yarn.lock* **/*backup*
# Variables d'environnement (protection renforcée) **/.cargo/
**/.crt* # Fichiers temporaires
**/.key* **/*.tmp*
**/.pem* **/*.temp*
**/*.log*
**/*.pid*
# Clés utilisateur et données sensibles # Fichiers de configuration locale
**/_keys/ **/*.env*
**/keys.json* **/*.conf*
storage/dev/.env.secrets **/*.yaml*
**/*.yml*
**/*.ini*
**/*.json*
**/*.toml*
**/*.lock*
# Données et logs
**/*.logs*
**/*.data
*.db
*.sqlite
# Certificats et clés
**/*.key
**/*.pem
**/*.crt
**/*.p12
**/*.pfx
ssl/
certs/
# Docker
**/*.docker*
# Cache et build
**/*.node_modules/
**/*.dist/
**/*build/
**/*target/
**/*.*.o
**/*.so
**/*.dylib
# IDE et éditeurs
**/*.vscode/
**/*.idea/
**/*.swp
**/*.swo
**/*~
# OS
**/*.DS_Store
**/*Thumbs.db
**/*tmp*
# Git
**/*.git/
**/*.orig*
# Backup des projets existants
**/*backup*
**/*wallet*
**/*keys*
**/*node_modules*
**/*cursor*
**/*pid*
**/*next*

5
.gitignore vendored
View File

@ -69,9 +69,6 @@ certs/
# Backup des projets existants # Backup des projets existants
**/*backup* **/*backup*
# Clés utilisateur et données sensibles
**/_keys/
**/keys.json*
**/*wallet* **/*wallet*
**/*keys* **/*keys*
@ -79,4 +76,4 @@ certs/
**/*node_modules* **/*node_modules*
**/*cursor* **/*cursor*
**/*pid* **/*pid*
**/*next* **/*next*

20
api_server.py
View File

@ -140,10 +140,10 @@ class EnvProcessor:
self.variables = self._load_env_file(env_file) self.variables = self._load_env_file(env_file)
def _load_env_file(self, env_file: Path) -> Dict[str, str]: def _load_env_file(self, env_file: Path) -> Dict[str, str]:
"""Charge le fichier .env principal et le fichier .env.secrets""" """Charge uniquement le fichier .env principal (pas les sous-répertoires)"""
variables = {} variables = {}
# Charger le fichier .env principal # Charger uniquement le fichier .env principal
if env_file.exists(): if env_file.exists():
try: try:
with open(env_file, 'r', encoding='utf-8') as f: with open(env_file, 'r', encoding='utf-8') as f:
@ -156,22 +156,6 @@ class EnvProcessor:
except Exception as e: except Exception as e:
logger.error(f"Erreur lors du chargement du fichier .env: {e}") logger.error(f"Erreur lors du chargement du fichier .env: {e}")
# Charger le fichier .env.secrets (si il existe)
env_secrets_file = env_file.parent / '.env.secrets'
if env_secrets_file.exists():
try:
secrets_count = 0
with open(env_secrets_file, 'r', encoding='utf-8') as f:
for line in f:
line = line.strip()
if line and not line.startswith('#') and '=' in line:
key, value = line.split('=', 1)
variables[key.strip()] = value.strip()
secrets_count += 1
logger.info(f"Secrets chargés depuis {env_secrets_file}: {secrets_count} variables")
except Exception as e:
logger.error(f"Erreur lors du chargement du fichier .env.secrets: {e}")
# Note: Les fichiers .env des sous-répertoires ne sont PAS chargés # Note: Les fichiers .env des sous-répertoires ne sont PAS chargés
# car ils sont des configurations spécifiques aux services, pas des variables globales # car ils sont des configurations spécifiques aux services, pas des variables globales

21
docs/environment-variables.md
View File

@ -14,7 +14,6 @@ L'API Vault 4NK intègre un système avancé de traitement des variables d'envir
### Sources de variables ### Sources de variables
- **Fichier `.env` principal** : `storage/<env>/.env` - **Fichier `.env` principal** : `storage/<env>/.env`
- **Fichier `.env.secrets`** : `storage/<env>/.env.secrets` (mots de passe, clés API, etc.)
- **Variables système** : Non utilisées (isolation complète) - **Variables système** : Non utilisées (isolation complète)
- **Fichiers de sous-répertoires** : Non chargés (configurations spécifiques aux services) - **Fichiers de sous-répertoires** : Non chargés (configurations spécifiques aux services)
@ -52,10 +51,9 @@ TOR_LOG_DIR → /home/debian/4NK_env/logs/tor
### 1. Chargement des variables ### 1. Chargement des variables
```python ```python
# Chargement du fichier .env principal et .env.secrets # Seul le fichier .env principal est chargé
env_file = STORAGE_ROOT / env / '.env' env_file = STORAGE_ROOT / env / '.env'
env_secrets_file = STORAGE_ROOT / env / '.env.secrets' variables = load_env_file(env_file)
variables = load_env_file(env_file) # Charge les deux fichiers
``` ```
### 2. Résolution récursive ### 2. Résolution récursive
@ -127,21 +125,6 @@ TOR_LOGS_DIR=$ROOT_DIR_LOGS/tor
SDK_TOR_DATA_DIR=$ROOT_DIR_LOGS/sdk_tor SDK_TOR_DATA_DIR=$ROOT_DIR_LOGS/sdk_tor
``` ```
### Fichier `.env.secrets`
```bash
# storage/dev/.env.secrets
BDD_USER=bdd_user
BDD_PASSWORD=bdd_password
POSTGRESQL_USER=$BDD_USER
POSTGRESQL_PASSWORD=$BDD_PASSWORD
SIGNER_API_KEY=your-api-key-change-this
VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9
GRAFANA_ADMIN_PASSWORD=admin123
BITCOIN_RPC_AUTH=bitcoin:c8ea921c7357bd6a5a8a7c43a12350a7$955e25b17672987b17c5a12f12cd8b9c1d38f0f86201c8cd47fc431f2e1c7956
```
> **⚠️ Important** : Le fichier `.env.secrets` contient des informations sensibles et ne doit jamais être committé dans le contrôle de version.
### Fichiers de configuration ### Fichiers de configuration
```bash ```bash
# storage/dev/bitcoin/bitcoin.conf # storage/dev/bitcoin/bitcoin.conf

151
storage/dev/.env
View File

@ -1,151 +0,0 @@
# Modifiez ces valeurs selon votre environnement
API_PASS=testpass
ENV_NAME=DEV
DOMAIN=4nkweb.com
HOST=dev4.$DOMAIN
DOCKER_LOG_LEVEL=info
COMPOSE_LOG_LEVEL=WARNING
NODE_OPTIONS=--max-old-space-size=4096
NODE_ENV=production
DOCKER_GLOBAL=project/lecoffre/lecoffre_node
# Répertoires
ROOT_DIR=/home/debian/4NK_env
ROOT_DIR_DATA=$ROOT_DIR/$DOCKER_GLOBAL/data
BITCOIN_DATA_DIR=$ROOT_DIR_DATA/bitcoin
BITCOIN_COOKIE_PATH=$BITCOIN_DATA_DIR/signet/.cookie
SIGNER_DATA_DIR=$ROOT_DIR_DATA/signer
SDK_RELAY_DATA_DIR=$ROOT_DIR_DATA/sdk_relay
SDK_STORAGE_DATA_DIR=$ROOT_DIR_DATA/sdk_storage
SDK_TOR_DATA_DIR=$ROOT_DIR_DATA/tor
BLINDBIT_DATA_DIR=$ROOT_DIR_DATA/blindbit-oracle
ROOT_DIR_LOGS=$ROOT_DIR/$DOCKER_GLOBAL/logs
BITCOIN_LOGS_DIR=$ROOT_DIR_LOGS/bitcoin
BLINDBIT_LOGS_DIR=$ROOT_DIR_LOGS/blindbit-oracle
IHM_CLIENT_LOGS_DIR=$ROOT_DIR_LOGS/ihm_client
LECOFFRE_FRONT_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-front
LECOFFRE_BACK_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-back-mini
MINER_LOGS_DIR=$ROOT_DIR_LOGS/miner
NGINX_LOGS_DIR=$ROOT_DIR_LOGS/nginx
SDK_RELAY_LOGS_DIR=$ROOT_DIR_LOGS/sdk_relay
SDK_STORAGE_LOGS_DIR=$ROOT_DIR_LOGS/sdk_storage
TOR_LOGS_DIR=$ROOT_DIR_LOGS/tor
SUPERVISOR_LOGS_DIR=$ROOT_DIR_LOGS/supervisor
ROOT_DIR_CONFS=$ROOT_DIR/$DOCKER_GLOBAL/confs
PROMTAIL_CONF_DIR=$ROOT_DIR_CONFS/promtail
GRAFANA_CONF_DIR=$ROOT_DIR_CONFS/grafana
NGINX_CONF_DIR=$ROOT_DIR_CONFS/nginx
BITCOIN_CONF_DIR=$ROOT_DIR_CONFS/bitcoin
LOGROTATE_CONF_DIR=$ROOT_DIR_CONFS/logrotate
ROOT_DIR_BACKUPS=$ROOT_DIR/$DOCKER_GLOBAL/backups
ROOT_DIR_RUN=$ROOT_DIR/$DOCKER_GLOBAL/run
LECOFFRE_NODE_SCRIPTS_DIR=$ROOT_DIR/$DOCKER_GLOBAL/scripts
CERT_PATH=/etc/letsencrypt/live/$HOST
# Noms internes
TOR_DOCKER_HOST=tor-proxy
BITCOIN_DOCKER_HOST=bitcoin-signet
BLINDBIT_DOCKER_NAME=blindbit-oracle
STORAGE_DOCKER_HOST=storage
LOKI_DOCKER_HOST=loki
SDK_RELAY_DOCKER_HOST=sdk_relay
LECOFFRE_FRONT_DOCKER_HOST=lecoffre-front
# Ports des services
TOR_PORT=9050
BITCOIN_SIGNET_P2P_PORT=38333
BITCOIN_SIGNET_RPC_PORT=38332
BITCOIN_ZMQPUBRAWTX_PORT=29001
BITCOIN_ZMQPBUBHASHBLOCK_PORT=29000
BLINDBIT_PORT=8000
SDK_RELAY_PORT=8080
STORAGE_PORT=8081
SIGNER_PORT=9090
LECOFFRE_FRONT_PORT=3000
GRAFANA_PORT=3001
LOKI_PORT=3100
STATUS_PORT=3005
STATUS_API_PORT=3006
PROMTAIL_PORT=8090
IHM_CLIENT_PORT=3003
CERTIFICATOR_PORT=8082
REDIS_PORT=6379
# Routes
URL_ROUTE_SIGNER=/signer
URL_ROUTE_STORAGE=/storage
URL_ROUTE_IHM_CLIENT=/
URL_ROUTE_LECOFFRE_FRONT=/lecoffre
URL_ROUTE_LECOFFRE_FRONT_HMR=/lecoffre-hmr
URL_ROUTE_LECOFFRE_BACK=/api
POSTGRESQL_USER=postgres
POSTGRESQL_PASSWORD=password
URL_ROUTE_RELAY=/relay
URL_ROUTE_GRAFAN=/grafana
URL_ROUTE_STATUS=/status
URL_ROUTE_STATUS_API=/status/api
URL_ROUTE_BLINDBIT=/blindbit
URL_ROUTE_NEXT=/_next
# URLs et domaines
ROOT_HOST=$HOST
ROOT_URL=https://$ROOT_HOST
BOOTSTRAP_HOST=dev3.$DOMAIN
LECOFFRE_BACK_HOST=dev3.$DOMAIN
LECOFFRE_FRONT_URL=https://$ROOT_HOST$URL_ROUTE_LECOFFRE_FRONT
LECOFFRE_BACK_URL=https://$LECOFFRE_BACK_HOST$URL_ROUTE_LECOFFRE_BACK
IHM_CLIENT_URL=$ROOT_URL$URL_ROUTE_IHM_CLIENT
RELAY_URL=wss://$ROOT_HOST$URL_ROUTE_RELAY
RELAY_BOOSTRAP_URL=wss://$BOOTSTRAP_HOST$URL_ROUTE_RELAY
RELAY_URLS=$RELAY_URL,$RELAY_BOOSTRAP_URL
SIGNER_URL=https://dev3.$DOMAIN$URL_ROUTE_SIGNER
STORAGE_URL=$ROOT_URL$URL_ROUTE_STORAGE
LOKI_URL=http://$LOKI_DOCKER_HOST:$LOKI_PORT
BLINDBIT_URL=http://$BLINDBIT_DOCKER_NAME:$BLINDBIT_PORT
BITCOIN_RPC_URL=http://$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT
GRAFANA_URL=$ROOT_URL$URL_ROUTE_GRAFAN
ZMQ_URL=tcp://$BITCOIN_DOCKER_HOST:$BITCOIN_ZMQPBUBHASHBLOCK_PORT
# Variables
BITCOIN_WALLET_NAME=mining
BITCOIN_CERTIFICATOR_NAME=certificator
# DB
CERTIFICATOR_POSTGRESQL_CONNECT=$POSTGRESQL_USER:$POSTGRESQL_PASSWORD//certificator:@certificator_db/certificator_db
CERTIFICATOR_REDIS_CONNECT=redis://certificator_redis:$REDIS_PORT
# Noms des services Docker
SDK_RELAY_DOCKER_NAME=sdk_relay
LECOFFRE_FRONT_DOCKER_NAME=lecoffre-front
IHM_CLIENT_DOCKER_NAME=ihm_client
SDK_STORAGE_DOCKER_NAME=sdk_storage
WATCHTOWER_DOCKER_NAME=watchtower
SIGNET_MINER_DOCKER_NAME=signet_miner
GRAFANA_DOCKER_NAME=grafana
LOKI_DOCKER_NAME=loki
PROMTAIL_DOCKER_NAME=promtail
STATUS_API_DOCKER_NAME=status-api
# Ports externes exposés
LECOFFRE_FRONT_EXTERNAL_PORT=3004
IHM_CLIENT_EXTERNAL_PORT=3003
SDK_STORAGE_EXTERNAL_PORT=8081
GRAFANA_EXTERNAL_PORT=3005
LOKI_EXTERNAL_PORT=3100
STATUS_API_EXTERNAL_PORT=3006
# Mots de passe et secrets
GRAFANA_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
# Chemins de configuration
LECOFFRE_NODE_CONFS_DIR=/home/debian/4NK_env/confs
LECOFFRE_NODE_LOGS_DIR=/home/debian/4NK_env/logs
# Ports supplémentaires
BLINDBIT_EXTERNAL_PORT=8000
SDK_RELAY_EXTERNAL_PORT_1=8090
SDK_RELAY_EXTERNAL_PORT_2=8091

151
storage/dev/lecoffre_node/.env
View File

@ -1,151 +0,0 @@
# Modifiez ces valeurs selon votre environnement
API_PASS=testpass
ENV_NAME=DEV
DOMAIN=4nkweb.com
HOST=dev4.$DOMAIN
DOCKER_LOG_LEVEL=info
COMPOSE_LOG_LEVEL=WARNING
NODE_OPTIONS=--max-old-space-size=4096
NODE_ENV=production
DOCKER_GLOBAL=project/lecoffre/lecoffre_node
# Répertoires
ROOT_DIR=/home/debian/4NK_env
ROOT_DIR_DATA=$ROOT_DIR/$DOCKER_GLOBAL/data
BITCOIN_DATA_DIR=$ROOT_DIR_DATA/bitcoin
BITCOIN_COOKIE_PATH=$BITCOIN_DATA_DIR/signet/.cookie
SIGNER_DATA_DIR=$ROOT_DIR_DATA/signer
SDK_RELAY_DATA_DIR=$ROOT_DIR_DATA/sdk_relay
SDK_STORAGE_DATA_DIR=$ROOT_DIR_DATA/sdk_storage
SDK_TOR_DATA_DIR=$ROOT_DIR_DATA/tor
BLINDBIT_DATA_DIR=$ROOT_DIR_DATA/blindbit-oracle
ROOT_DIR_LOGS=$ROOT_DIR/$DOCKER_GLOBAL/logs
BITCOIN_LOGS_DIR=$ROOT_DIR_LOGS/bitcoin
BLINDBIT_LOGS_DIR=$ROOT_DIR_LOGS/blindbit-oracle
IHM_CLIENT_LOGS_DIR=$ROOT_DIR_LOGS/ihm_client
LECOFFRE_FRONT_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-front
LECOFFRE_BACK_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-back-mini
MINER_LOGS_DIR=$ROOT_DIR_LOGS/miner
NGINX_LOGS_DIR=$ROOT_DIR_LOGS/nginx
SDK_RELAY_LOGS_DIR=$ROOT_DIR_LOGS/sdk_relay
SDK_STORAGE_LOGS_DIR=$ROOT_DIR_LOGS/sdk_storage
TOR_LOGS_DIR=$ROOT_DIR_LOGS/tor
ROOT_DIR_CONFS=$ROOT_DIR/$DOCKER_GLOBAL/confs
PROMTAIL_CONF_DIR=$ROOT_DIR_CONFS/promtail
GRAFANA_CONF_DIR=$ROOT_DIR_CONFS/grafana
NGINX_CONF_DIR=$ROOT_DIR_CONFS/nginx
BITCOIN_CONF_DIR=$ROOT_DIR_CONFS/bitcoin
ROOT_DIR_BACKUPS=$ROOT_DIR/$DOCKER_GLOBAL/backups
LECOFFRE_NODE_SCRIPTS_DIR=$ROOT_DIR/$DOCKER_GLOBAL/scripts
CERT_PATH=/etc/letsencrypt/live/$HOST
# Noms internes
TOR_DOCKER_HOST=tor-proxy
BITCOIN_DOCKER_HOST=bitcoin-signet
BLINDBIT_DOCKER_NAME=blindbit-oracle
STORAGE_DOCKER_HOST=storage
LOKI_DOCKER_HOST=loki
# Ports des services
TOR_PORT=9050
BITCOIN_SIGNET_P2P_PORT=38333
BITCOIN_SIGNET_RPC_PORT=38332
BITCOIN_ZMQPUBRAWTX_PORT=29001
BITCOIN_ZMQPBUBHASHBLOCK_PORT=29000
BLINDBIT_PORT=8000
SDK_RELAY_PORT=8080
STORAGE_PORT=8081
SIGNER_PORT=9090
LECOFFRE_FRONT_PORT=3000
GRAFANA_PORT=3001
LOKI_PORT=3100
STATUS_PORT=3005
STATUS_API_PORT=3006
PROMTAIL_PORT=8090
IHM_CLIENT_PORT=3003
CERTIFICATOR_PORT=8082
REDIS_PORT=6379
# Routes
URL_ROUTE_SIGNER=/signer
URL_ROUTE_STORAGE=/storage
URL_ROUTE_IHM_CLIENT=/
URL_ROUTE_LECOFFRE_FRONT=/lecoffre
URL_ROUTE_LECOFFRE_FRONT_HMR=/lecoffre-hmr
URL_ROUTE_LECOFFRE_BACK=/api
POSTGRESQL_USER=postgres
POSTGRESQL_PASSWORD=password
URL_ROUTE_RELAY=/relay
URL_ROUTE_GRAFAN=/grafana
URL_ROUTE_STATUS=/status
URL_ROUTE_STATUS_API=/status/api
URL_ROUTE_BLINDBIT=/blindbit
URL_ROUTE_NEXT=/_next
# URLs et domaines
ROOT_HOST=$HOST
ROOT_URL=https://$ROOT_HOST
BOOTSTRAP_HOST=dev3.$DOMAIN
LECOFFRE_BACK_HOST=dev3.$DOMAIN
LECOFFRE_FRONT_URL=https://$ROOT_HOST$URL_ROUTE_LECOFFRE_FRONT
LECOFFRE_BACK_URL=https://$LECOFFRE_BACK_HOST$URL_ROUTE_LECOFFRE_BACK
IHM_CLIENT_URL=$ROOT_URL$URL_ROUTE_IHM_CLIENT
RELAY_URL=wss://$ROOT_HOST$URL_ROUTE_RELAY
RELAY_BOOSTRAP_URL=wss://$BOOTSTRAP_HOST$URL_ROUTE_RELAY
RELAY_URLS=$RELAY_URL,$RELAY_BOOSTRAP_URL
SIGNER_URL=https://dev3.$DOMAIN$URL_ROUTE_SIGNER
STORAGE_URL=$ROOT_URL$URL_ROUTE_STORAGE
LOKI_URL=http://$LOKI_DOCKER_HOST:$LOKI_PORT
BLINDBIT_URL=http://$BLINDBIT_DOCKER_NAME:$BLINDBIT_PORT
BITCOIN_RPC_URL=http://$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT
GRAFANA_URL=$ROOT_URL$URL_ROUTE_GRAFAN
ZMQ_URL=tcp://$BITCOIN_DOCKER_HOST:$BITCOIN_ZMQPBUBHASHBLOCK_PORT
# Variables
BITCOIN_WALLET_NAME=mining
BITCOIN_CERTIFICATOR_NAME=certificator
# DB
CERTIFICATOR_POSTGRESQL_CONNECT=$POSTGRESQL_USER:$POSTGRESQL_PASSWORD//certificator:@certificator_db/certificator_db
CERTIFICATOR_REDIS_CONNECT=redis://certificator_redis:$REDIS_PORT
# Noms des services Docker
SDK_RELAY_DOCKER_NAME=sdk_relay
LECOFFRE_FRONT_DOCKER_NAME=lecoffre-front
IHM_CLIENT_DOCKER_NAME=ihm_client
SDK_STORAGE_DOCKER_NAME=sdk_storage
WATCHTOWER_DOCKER_NAME=watchtower
SIGNET_MINER_DOCKER_NAME=signet_miner
GRAFANA_DOCKER_NAME=grafana
LOKI_DOCKER_NAME=loki
PROMTAIL_DOCKER_NAME=promtail
STATUS_API_DOCKER_NAME=status-api
# Ports externes exposés
LECOFFRE_FRONT_EXTERNAL_PORT=3004
IHM_CLIENT_EXTERNAL_PORT=3003
SDK_STORAGE_EXTERNAL_PORT=8081
GRAFANA_EXTERNAL_PORT=3005
LOKI_EXTERNAL_PORT=3100
STATUS_API_EXTERNAL_PORT=3006
# Mots de passe et secrets
GRAFANA_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
# Chemins de configuration
LECOFFRE_NODE_CONFS_DIR=/home/debian/4NK_env/confs
LECOFFRE_NODE_LOGS_DIR=/home/debian/4NK_env/logs
# Ports supplémentaires
BLINDBIT_EXTERNAL_PORT=8000
SDK_RELAY_EXTERNAL_PORT_1=8090
SDK_RELAY_EXTERNAL_PORT_2=8091
# Routes manquantes
# Variables manquantes pour la DB

347
storage/dev/lecoffre_node/docker-compose.yml
View File

@ -1,347 +0,0 @@
services:
tor:
image: btcpayserver/tor:0.4.8.10
container_name: $TOR_DOCKER_HOST
volumes:
- $TOR_LOGS_DIR/tor:/var/log/tor
- $LECOFFRE_NODE_SCRIPTS_DIR:/scripts:ro
networks:
btcnet:
aliases:
- tor
healthcheck:
test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/tor-progress.sh"]
interval: 10s
timeout: 5s
retries: 50
restart: unless-stopped
bitcoin:
build: ./bitcoin
container_name: $BITCOIN_DOCKER_HOST
depends_on:
tor:
condition: service_healthy
volumes:
- $BITCOIN_DATA_DIR:/home/bitcoin/.bitcoin
- $BITCOIN_CONF_DIR/bitcoin.conf:/etc/bitcoin/bitcoin.conf
- $BITCOIN_LOGS_DIR:/var/log/bitcoin
- $LECOFFRE_NODE_SCRIPTS_DIR:/scripts:ro
networks:
btcnet:
aliases:
- $BITCOIN_DOCKER_HOST
user: root
entrypoint: >
/bin/sh -c "
chown -R bitcoin:bitcoin /home/bitcoin/.bitcoin || echo 'warn: chown partiel (fichiers bind-mount Windows)';
exec su-exec bitcoin bitcoind -conf=/etc/bitcoin/bitcoin.conf -signet"
healthcheck:
test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/bitcoin-progress.sh"]
interval: 30s
timeout: 10s
retries: 50
restart: unless-stopped
blindbit:
image: git.4nkweb.com/4nk/blindbit-oracle:fixed-source
container_name: $BLINDBIT_DOCKER_NAME
depends_on:
bitcoin:
condition: service_healthy
volumes:
- $BLINDBIT_DATA_DIR:/root/.blindbit-oracle
# - $LECOFFRE_NODE_CONFS_DIR/blindbit-oracle/blindbit.toml:/tmp/blindbit.toml:ro
- $BITCOIN_DATA_DIR:/home/bitcoin/.bitcoin
- $LECOFFRE_NODE_LOGS_DIR/blindbit:/var/log/blindbit
- $LECOFFRE_NODE_SCRIPTS_DIR:$LECOFFRE_NODE_SCRIPTS_DIR:ro
entrypoint: >
sh -c "mkdir -p /root/.blindbit-oracle &&
if [ ! -f /root/.blindbit-oracle/blindbit.toml ]; then
cp /tmp/blindbit.toml /root/.blindbit-oracle/blindbit.toml;
fi &&
echo 'Starting BlindBit Oracle with corrected host binding...' &&
exec ./main -datadir /root/.blindbit-oracle"
networks:
btcnet:
aliases:
- $BLINDBIT_DOCKER_NAME
ports:
- "0.0.0.0:$BLINDBIT_EXTERNAL_PORT"
healthcheck:
test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/blindbit-progress.sh"]
interval: 10s
timeout: 5s
retries: 60
start_period: 180s
restart: unless-stopped
$SDK_RELAY_DOCKER_HOST:
image: git.4nkweb.com/4nk/sdk_relay:ext
container_name: $SDK_RELAY_DOCKER_HOST
env_file:
- $LECOFFRE_NODE_CONFS_DIR/sdk_relay/.env
depends_on:
blindbit:
condition: service_healthy
volumes:
- $LECOFFRE_NODE_CONFS_DIR/relay/.conf:/app/.conf:ro
- sdk_data:/app/.4nk
- bitcoin_data:/app/.bitcoin
- $SDK_RELAY_LOGS_DIR:/var/log/sdk_relay
- $LECOFFRE_NODE_SCRIPTS_DIR:$LECOFFRE_NODE_SCRIPTS_DIR:ro
ports:
- "0.0.0.0:$SDK_RELAY_PORT"
networks:
btcnet:
aliases:
- $SDK_RELAY_DOCKER_HOST
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
- HOME=/app
- RUST_LOG=INFO
healthcheck:
test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/sdk-relay-progress.sh"]
interval: 30s
timeout: 10s
retries: 50
restart: unless-stopped
lecoffre-front:
image: git.4nkweb.com/4nk/lecoffre-front:ext
container_name: lecoffre-front
working_dir: /leCoffre-front
# env_file:
# - $LECOFFRE_NODE_CONFS_DIR/lecoffre-front/.env
ports:
- "0.0.0.0:$LECOFFRE_FRONT_EXTERNAL_PORT:8080"
volumes:
- $LECOFFRE_NODE_LOGS_DIR/lecoffre-front:/var/log/lecoffre-front
networks:
btcnet:
aliases:
- lecoffre-front
depends_on:
ihm_client:
condition: service_healthy
sdk_storage:
condition: service_healthy
user: lecoffreuser
command: ["sh", "-c", "exec npm run start >> /var/log/lecoffre-front/stdout.log 2>&1"]
healthcheck:
test: ["CMD", "sh", "-c", "if ps aux | grep -v grep | grep next-server >/dev/null 2>&1; then echo 'LeCoffre Frontend ready: Next.js server running'; exit 0; else echo 'LeCoffre Frontend starting: Next.js server not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
ihm_client:
image: git.4nkweb.com/4nk/ihm_client:ext
container_name: ihm_client
# env_file:
# - $LECOFFRE_NODE_CONFS_DIR/ihm_client/.env
environment:
- VITE_JWT_SECRET_KEY
- VITE_API_BASE_URL
- VITE_WS_URL
- VITE_STORAGE_URL
- VITE_SIGNER_URL
- VITE_BOOTSTRAPURL
ports:
- "0.0.0.0:$IHM_CLIENT_EXTERNAL_PORT:3003"
volumes:
- $LECOFFRE_NODE_LOGS_DIR/ihm_client:/var/log/ihm_client
networks:
btcnet:
aliases:
- ihm_client
depends_on:
sdk_relay:
condition: service_healthy
sdk_storage:
condition: service_healthy
user: root
command: ["sh", "-c", "exec npm start >> /var/log/ihm_client/stdout.log 2>&1"]
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:3003/ >/dev/null 2>&1; then echo 'IHM Client ready: Vite dev server responding'; exit 0; else echo 'IHM Client starting: Vite dev server not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
sdk_storage:
image: git.4nkweb.com/4nk/sdk_storage:ext
container_name: sdk_storage
ports:
- "0.0.0.0:$SDK_STORAGE_EXTERNAL_PORT:8080"
volumes:
- sdk_storage_data:/app/data
- $LECOFFRE_NODE_LOGS_DIR/sdk_storage:/var/log/sdk_storage
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:8080/health >/dev/null 2>&1; then echo 'SDK Storage ready: API responding'; exit 0; else echo 'SDK Storage starting: API not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
networks:
btcnet:
aliases:
- sdk_storage
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
watchtower:
image: containrrr/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --interval 30 --label-enable
networks:
- btcnet
restart: unless-stopped
signet_miner:
build:
context: ./miner
container_name: signet_miner
depends_on:
bitcoin:
condition: service_healthy
# env_file:
# - $LECOFFRE_NODE_CONFS_DIR/lecoffre_node/.env
volumes:
- bitcoin_data:/bitcoin:ro
- $LECOFFRE_NODE_LOGS_DIR/miner:/var/log/miner
networks:
btcnet:
aliases:
- signet_miner
profiles: ["miner"]
restart: unless-stopped
grafana:
image: grafana/grafana:latest
container_name: grafana
ports:
- "0.0.0.0:$GRAFANA_EXTERNAL_PORT:3000"
volumes:
- grafana_data:/var/lib/grafana
# - $LECOFFRE_NODE_CONFS_DIR/grafana/provisioning:/etc/grafana/provisioning
# - $LECOFFRE_NODE_CONFS_DIR/grafana/dashboards:/var/lib/grafana/dashboards
# - $LECOFFRE_NODE_CONFS_DIR/grafana/grafana.ini:/etc/grafana/grafana.ini:ro
- $LECOFFRE_NODE_LOGS_DIR:/var/log/lecoffre:ro
environment:
- GF_SECURITY_ADMIN_PASSWORD=$GRAFANA_ADMIN_PASSWORD
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SERVER_ROOT_URL=$GRAFANA_URL/
- GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource
networks:
btcnet:
aliases:
- grafana
depends_on:
loki:
condition: service_healthy
promtail:
condition: service_healthy
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:3000/api/health >/dev/null 2>&1; then echo 'Grafana ready: Dashboard service responding'; exit 0; else echo 'Grafana starting: Dashboard service not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 60s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
loki:
image: grafana/loki:latest
container_name: loki
ports:
- "0.0.0.0:$LOKI_EXTERNAL_PORT:3100"
volumes:
- loki_data:/loki
# - $LECOFFRE_NODE_CONFS_DIR/loki/loki-config.yaml:/etc/loki/loki-config.yaml:ro
command: -config.file=/etc/loki/loki-config.yaml
networks:
btcnet:
aliases:
- loki
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3100/ready"]
interval: 30s
timeout: 15s
retries: 50
start_period: 120s
restart: unless-stopped
promtail:
image: grafana/promtail:latest
container_name: promtail
volumes:
- $LECOFFRE_NODE_LOGS_DIR:$LECOFFRE_NODE_LOGS_DIR:ro
# - $LECOFFRE_NODE_CONFS_DIR/promtail/promtail.yml:/etc/promtail/config.yml:ro
- /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/config.yml
networks:
btcnet:
aliases:
- promtail
depends_on:
loki:
condition: service_healthy
healthcheck:
test: ["CMD", "sh", "-c", "if [ -f /tmp/positions.yaml ]; then echo 'Promtail ready: Log collection service responding'; exit 0; else echo 'Promtail starting: Log collection service not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
restart: unless-stopped
# Service de statut des services
status-api:
build:
context: ./web/status
dockerfile: Dockerfile.python
container_name: status-api
# env_file:
# - $LECOFFRE_NODE_CONFS_DIR/monitoring/.env
ports:
- "0.0.0.0:$STATUS_API_EXTERNAL_PORT:3006"
volumes:
- ./web/status/api.py:/app/api.py:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- $LECOFFRE_NODE_LOGS_DIR:/var/log/lecoffre:ro
- $LECOFFRE_NODE_SCRIPTS_DIR:$LECOFFRE_NODE_SCRIPTS_DIR:ro
networks:
btcnet:
aliases:
- status-api
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:3006/api >/dev/null 2>&1; then echo 'Status API ready: Service monitoring API responding'; exit 0; else echo 'Status API starting: Service monitoring API not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
networks:
btcnet:
name: 4nk_node_btcnet
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16

0
storage/dev/promtail/.gitkeep copy Normal file
View File

9
storage/dev/tor/torrc
View File

@ -2,7 +2,10 @@
# Écoute sur 127.0.0.1 pour la sécurité # Écoute sur 127.0.0.1 pour la sécurité
# Port SOCKS pour les connexions sortantes # Port SOCKS pour les connexions sortantes
SOCKSPort 127.0.0.1:$TOR_PORT SOCKSPort 127.0.0.1:9050
# Port de contrôle (désactivé pour la sécurité)
# ControlPort 127.0.0.1:$TOR_PORT
# Configuration de base # Configuration de base
Log notice file $TOR_LOGS_DIR/tor.log Log notice file $TOR_LOGS_DIR/tor.log
@ -14,5 +17,5 @@ SafeLogging 1
WarnUnsafeSocks 1 WarnUnsafeSocks 1
# Désactiver les services cachés # Désactiver les services cachés
# HiddenServiceDir $SDK_TOR_DATA_DIR/hidden_service/ HiddenServiceDir $SDK_TOR_DATA_DIR/hidden_service/
# HiddenServicePort 80 127.0.0.1:80 HiddenServicePort 80 127.0.0.1:80