4nk/4NK_vault
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: 4nk:f1558d5eb58ef2d176d1edbd5bc3cecad5a748c7
Branches Tags
4nk:master
4nk:ext
...
compare: 4nk:d48ccc8fbc214ceb8c4640b274693b88095c6e4e
Branches Tags
4nk:ext
4nk:master

3 Commits
f1558d5eb5 ... d48ccc8fbc

Author SHA1 Message Date
4NK Dev
d48ccc8fbc resolve: merge conflicts in ignore files 
- Keep Cursor-specific content in .cursorignore and .dockerignore
- Keep comprehensive Git ignore rules in .gitignore
- Maintain protection for sensitive files and directories
 2025-10-01 22:17:04 +00:00
4NK Dev
da54db3345 feat: intégration des variables .env.secrets dans l'API et variabilisation docker-compose 
- Modifie EnvProcessor pour charger .env et .env.secrets (140 variables total)
- Variabilise docker-compose.yml avec variables d'environnement
- Ajoute variables manquantes (ports, noms services, chemins config)
- Met à jour documentation environment-variables.md
- Nettoie fichiers ignore (supprime .cursorignore2, renomme en .cursorignore)
 2025-10-01 22:15:49 +00:00
4NK Dev
9d016648b3 docs+ops: vault sync workflow; deploy-all with live progress and URL checks; prompt updates 2025-10-01 22:09:45 +00:00
10 changed files with 721 additions and 163 deletions
Show Stats Expand all files Collapse all files

90
.cursorignore
View File

@ -1,79 +1,17 @@
# 4NK Environment - Git Ignore
# ============================
confs/
# Dossiers de sauvegarde des scripts
**/backup/
**/*backup*
# PROTECTION COMPLÈTE - Empêcher l'accès Docker à storage/
**/__pycache__/
**/dist/
**/node_modules/
**/package-lock.json*
**/yarn.lock*
**/.cargo/
# Variables d'environnement (protection renforcée)
# Fichiers temporaires
**/*.tmp*
**/*.temp*
**/*.log*
**/*.pid*
**/.crt*
**/.key*
**/.pem*
# Fichiers de configuration locale
**/*.env*
**/*.conf*
**/*.yaml*
**/*.yml*
**/*.ini*
**/*.json*
**/*.toml*
**/*.lock*
# Données et logs
**/*.logs*
**/*.data
*.db
*.sqlite
# Certificats et clés
**/*.key
**/*.pem
**/*.crt
**/*.p12
**/*.pfx
ssl/
certs/
# Docker
**/*.docker*
# Cache et build
**/*.node_modules/
**/*.dist/
**/*build/
**/*target/
**/*.*.o
**/*.so
**/*.dylib
# IDE et éditeurs
**/*.vscode/
**/*.idea/
**/*.swp
**/*.swo
**/*~
# OS
**/*.DS_Store
**/*Thumbs.db
**/*tmp*
# Git
**/*.git/
**/*.orig*
# Backup des projets existants
**/*backup*
**/*wallet*
**/*keys*
**/*node_modules*
**/*cursor*
**/*pid*
**/*next*
# Clés utilisateur et données sensibles
**/_keys/
**/keys.json*
storage/dev/.env.secrets

90
.dockerignore
View File

@ -1,79 +1,17 @@
# 4NK Environment - Git Ignore
# ============================
confs/
# Dossiers de sauvegarde des scripts
**/backup/
**/*backup*
# PROTECTION COMPLÈTE - Empêcher l'accès Docker à storage/
**/__pycache__/
**/dist/
**/node_modules/
**/package-lock.json*
**/yarn.lock*
**/.cargo/
# Variables d'environnement (protection renforcée)
# Fichiers temporaires
**/*.tmp*
**/*.temp*
**/*.log*
**/*.pid*
**/.crt*
**/.key*
**/.pem*
# Fichiers de configuration locale
**/*.env*
**/*.conf*
**/*.yaml*
**/*.yml*
**/*.ini*
**/*.json*
**/*.toml*
**/*.lock*
# Données et logs
**/*.logs*
**/*.data
*.db
*.sqlite
# Certificats et clés
**/*.key
**/*.pem
**/*.crt
**/*.p12
**/*.pfx
ssl/
certs/
# Docker
**/*.docker*
# Cache et build
**/*.node_modules/
**/*.dist/
**/*build/
**/*target/
**/*.*.o
**/*.so
**/*.dylib
# IDE et éditeurs
**/*.vscode/
**/*.idea/
**/*.swp
**/*.swo
**/*~
# OS
**/*.DS_Store
**/*Thumbs.db
**/*tmp*
# Git
**/*.git/
**/*.orig*
# Backup des projets existants
**/*backup*
**/*wallet*
**/*keys*
**/*node_modules*
**/*cursor*
**/*pid*
**/*next*
# Clés utilisateur et données sensibles
**/_keys/
**/keys.json*
storage/dev/.env.secrets

3
.gitignore vendored
View File

@ -69,6 +69,9 @@ certs/
# Backup des projets existants
**/*backup*
# Clés utilisateur et données sensibles
**/_keys/
**/keys.json*
**/*wallet*
**/*keys*

20
api_server.py
View File

@ -140,10 +140,10 @@ class EnvProcessor:
self.variables = self._load_env_file(env_file)
def _load_env_file(self, env_file: Path) -> Dict[str, str]:
"""Charge uniquement le fichier .env principal (pas les sous-répertoires)"""
"""Charge le fichier .env principal et le fichier .env.secrets"""
variables = {}
# Charger uniquement le fichier .env principal
# Charger le fichier .env principal
if env_file.exists():
try:
with open(env_file, 'r', encoding='utf-8') as f:
@ -156,6 +156,22 @@ class EnvProcessor:
except Exception as e:
logger.error(f"Erreur lors du chargement du fichier .env: {e}")
# Charger le fichier .env.secrets (si il existe)
env_secrets_file = env_file.parent / '.env.secrets'
if env_secrets_file.exists():
try:
secrets_count = 0
with open(env_secrets_file, 'r', encoding='utf-8') as f:
for line in f:
line = line.strip()
if line and not line.startswith('#') and '=' in line:
key, value = line.split('=', 1)
variables[key.strip()] = value.strip()
secrets_count += 1
logger.info(f"Secrets chargés depuis {env_secrets_file}: {secrets_count} variables")
except Exception as e:
logger.error(f"Erreur lors du chargement du fichier .env.secrets: {e}")
# Note: Les fichiers .env des sous-répertoires ne sont PAS chargés
# car ils sont des configurations spécifiques aux services, pas des variables globales

21
docs/environment-variables.md
View File

@ -14,6 +14,7 @@ L'API Vault 4NK intègre un système avancé de traitement des variables d'envir
### Sources de variables
- **Fichier `.env` principal** : `storage/<env>/.env`
- **Fichier `.env.secrets`** : `storage/<env>/.env.secrets` (mots de passe, clés API, etc.)
- **Variables système** : Non utilisées (isolation complète)
- **Fichiers de sous-répertoires** : Non chargés (configurations spécifiques aux services)
@ -51,9 +52,10 @@ TOR_LOG_DIR → /home/debian/4NK_env/logs/tor
### 1. Chargement des variables
```python
# Seul le fichier .env principal est chargé
# Chargement du fichier .env principal et .env.secrets
env_file = STORAGE_ROOT / env / '.env'
variables = load_env_file(env_file)
env_secrets_file = STORAGE_ROOT / env / '.env.secrets'
variables = load_env_file(env_file) # Charge les deux fichiers
```
### 2. Résolution récursive
@ -125,6 +127,21 @@ TOR_LOGS_DIR=$ROOT_DIR_LOGS/tor
SDK_TOR_DATA_DIR=$ROOT_DIR_LOGS/sdk_tor
```
### Fichier `.env.secrets`
```bash
# storage/dev/.env.secrets
BDD_USER=bdd_user
BDD_PASSWORD=bdd_password
POSTGRESQL_USER=$BDD_USER
POSTGRESQL_PASSWORD=$BDD_PASSWORD
SIGNER_API_KEY=your-api-key-change-this
VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9
GRAFANA_ADMIN_PASSWORD=admin123
BITCOIN_RPC_AUTH=bitcoin:c8ea921c7357bd6a5a8a7c43a12350a7$955e25b17672987b17c5a12f12cd8b9c1d38f0f86201c8cd47fc431f2e1c7956
```
> **⚠️ Important** : Le fichier `.env.secrets` contient des informations sensibles et ne doit jamais être committé dans le contrôle de version.
### Fichiers de configuration
```bash
# storage/dev/bitcoin/bitcoin.conf

151
storage/dev/.env Normal file
View File

@ -0,0 +1,151 @@
# Modifiez ces valeurs selon votre environnement
API_PASS=testpass
ENV_NAME=DEV
DOMAIN=4nkweb.com
HOST=dev4.$DOMAIN
DOCKER_LOG_LEVEL=info
COMPOSE_LOG_LEVEL=WARNING
NODE_OPTIONS=--max-old-space-size=4096
NODE_ENV=production
DOCKER_GLOBAL=project/lecoffre/lecoffre_node
# Répertoires
ROOT_DIR=/home/debian/4NK_env
ROOT_DIR_DATA=$ROOT_DIR/$DOCKER_GLOBAL/data
BITCOIN_DATA_DIR=$ROOT_DIR_DATA/bitcoin
BITCOIN_COOKIE_PATH=$BITCOIN_DATA_DIR/signet/.cookie
SIGNER_DATA_DIR=$ROOT_DIR_DATA/signer
SDK_RELAY_DATA_DIR=$ROOT_DIR_DATA/sdk_relay
SDK_STORAGE_DATA_DIR=$ROOT_DIR_DATA/sdk_storage
SDK_TOR_DATA_DIR=$ROOT_DIR_DATA/tor
BLINDBIT_DATA_DIR=$ROOT_DIR_DATA/blindbit-oracle
ROOT_DIR_LOGS=$ROOT_DIR/$DOCKER_GLOBAL/logs
BITCOIN_LOGS_DIR=$ROOT_DIR_LOGS/bitcoin
BLINDBIT_LOGS_DIR=$ROOT_DIR_LOGS/blindbit-oracle
IHM_CLIENT_LOGS_DIR=$ROOT_DIR_LOGS/ihm_client
LECOFFRE_FRONT_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-front
LECOFFRE_BACK_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-back-mini
MINER_LOGS_DIR=$ROOT_DIR_LOGS/miner
NGINX_LOGS_DIR=$ROOT_DIR_LOGS/nginx
SDK_RELAY_LOGS_DIR=$ROOT_DIR_LOGS/sdk_relay
SDK_STORAGE_LOGS_DIR=$ROOT_DIR_LOGS/sdk_storage
TOR_LOGS_DIR=$ROOT_DIR_LOGS/tor
SUPERVISOR_LOGS_DIR=$ROOT_DIR_LOGS/supervisor
ROOT_DIR_CONFS=$ROOT_DIR/$DOCKER_GLOBAL/confs
PROMTAIL_CONF_DIR=$ROOT_DIR_CONFS/promtail
GRAFANA_CONF_DIR=$ROOT_DIR_CONFS/grafana
NGINX_CONF_DIR=$ROOT_DIR_CONFS/nginx
BITCOIN_CONF_DIR=$ROOT_DIR_CONFS/bitcoin
LOGROTATE_CONF_DIR=$ROOT_DIR_CONFS/logrotate
ROOT_DIR_BACKUPS=$ROOT_DIR/$DOCKER_GLOBAL/backups
ROOT_DIR_RUN=$ROOT_DIR/$DOCKER_GLOBAL/run
LECOFFRE_NODE_SCRIPTS_DIR=$ROOT_DIR/$DOCKER_GLOBAL/scripts
CERT_PATH=/etc/letsencrypt/live/$HOST
# Noms internes
TOR_DOCKER_HOST=tor-proxy
BITCOIN_DOCKER_HOST=bitcoin-signet
BLINDBIT_DOCKER_NAME=blindbit-oracle
STORAGE_DOCKER_HOST=storage
LOKI_DOCKER_HOST=loki
SDK_RELAY_DOCKER_HOST=sdk_relay
LECOFFRE_FRONT_DOCKER_HOST=lecoffre-front
# Ports des services
TOR_PORT=9050
BITCOIN_SIGNET_P2P_PORT=38333
BITCOIN_SIGNET_RPC_PORT=38332
BITCOIN_ZMQPUBRAWTX_PORT=29001
BITCOIN_ZMQPBUBHASHBLOCK_PORT=29000
BLINDBIT_PORT=8000
SDK_RELAY_PORT=8080
STORAGE_PORT=8081
SIGNER_PORT=9090
LECOFFRE_FRONT_PORT=3000
GRAFANA_PORT=3001
LOKI_PORT=3100
STATUS_PORT=3005
STATUS_API_PORT=3006
PROMTAIL_PORT=8090
IHM_CLIENT_PORT=3003
CERTIFICATOR_PORT=8082
REDIS_PORT=6379
# Routes
URL_ROUTE_SIGNER=/signer
URL_ROUTE_STORAGE=/storage
URL_ROUTE_IHM_CLIENT=/
URL_ROUTE_LECOFFRE_FRONT=/lecoffre
URL_ROUTE_LECOFFRE_FRONT_HMR=/lecoffre-hmr
URL_ROUTE_LECOFFRE_BACK=/api
POSTGRESQL_USER=postgres
POSTGRESQL_PASSWORD=password
URL_ROUTE_RELAY=/relay
URL_ROUTE_GRAFAN=/grafana
URL_ROUTE_STATUS=/status
URL_ROUTE_STATUS_API=/status/api
URL_ROUTE_BLINDBIT=/blindbit
URL_ROUTE_NEXT=/_next
# URLs et domaines
ROOT_HOST=$HOST
ROOT_URL=https://$ROOT_HOST
BOOTSTRAP_HOST=dev3.$DOMAIN
LECOFFRE_BACK_HOST=dev3.$DOMAIN
LECOFFRE_FRONT_URL=https://$ROOT_HOST$URL_ROUTE_LECOFFRE_FRONT
LECOFFRE_BACK_URL=https://$LECOFFRE_BACK_HOST$URL_ROUTE_LECOFFRE_BACK
IHM_CLIENT_URL=$ROOT_URL$URL_ROUTE_IHM_CLIENT
RELAY_URL=wss://$ROOT_HOST$URL_ROUTE_RELAY
RELAY_BOOSTRAP_URL=wss://$BOOTSTRAP_HOST$URL_ROUTE_RELAY
RELAY_URLS=$RELAY_URL,$RELAY_BOOSTRAP_URL
SIGNER_URL=https://dev3.$DOMAIN$URL_ROUTE_SIGNER
STORAGE_URL=$ROOT_URL$URL_ROUTE_STORAGE
LOKI_URL=http://$LOKI_DOCKER_HOST:$LOKI_PORT
BLINDBIT_URL=http://$BLINDBIT_DOCKER_NAME:$BLINDBIT_PORT
BITCOIN_RPC_URL=http://$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT
GRAFANA_URL=$ROOT_URL$URL_ROUTE_GRAFAN
ZMQ_URL=tcp://$BITCOIN_DOCKER_HOST:$BITCOIN_ZMQPBUBHASHBLOCK_PORT
# Variables
BITCOIN_WALLET_NAME=mining
BITCOIN_CERTIFICATOR_NAME=certificator
# DB
CERTIFICATOR_POSTGRESQL_CONNECT=$POSTGRESQL_USER:$POSTGRESQL_PASSWORD//certificator:@certificator_db/certificator_db
CERTIFICATOR_REDIS_CONNECT=redis://certificator_redis:$REDIS_PORT
# Noms des services Docker
SDK_RELAY_DOCKER_NAME=sdk_relay
LECOFFRE_FRONT_DOCKER_NAME=lecoffre-front
IHM_CLIENT_DOCKER_NAME=ihm_client
SDK_STORAGE_DOCKER_NAME=sdk_storage
WATCHTOWER_DOCKER_NAME=watchtower
SIGNET_MINER_DOCKER_NAME=signet_miner
GRAFANA_DOCKER_NAME=grafana
LOKI_DOCKER_NAME=loki
PROMTAIL_DOCKER_NAME=promtail
STATUS_API_DOCKER_NAME=status-api
# Ports externes exposés
LECOFFRE_FRONT_EXTERNAL_PORT=3004
IHM_CLIENT_EXTERNAL_PORT=3003
SDK_STORAGE_EXTERNAL_PORT=8081
GRAFANA_EXTERNAL_PORT=3005
LOKI_EXTERNAL_PORT=3100
STATUS_API_EXTERNAL_PORT=3006
# Mots de passe et secrets
GRAFANA_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
# Chemins de configuration
LECOFFRE_NODE_CONFS_DIR=/home/debian/4NK_env/confs
LECOFFRE_NODE_LOGS_DIR=/home/debian/4NK_env/logs
# Ports supplémentaires
BLINDBIT_EXTERNAL_PORT=8000
SDK_RELAY_EXTERNAL_PORT_1=8090
SDK_RELAY_EXTERNAL_PORT_2=8091

151
storage/dev/lecoffre_node/.env Normal file
View File

@ -0,0 +1,151 @@
# Modifiez ces valeurs selon votre environnement
API_PASS=testpass
ENV_NAME=DEV
DOMAIN=4nkweb.com
HOST=dev4.$DOMAIN
DOCKER_LOG_LEVEL=info
COMPOSE_LOG_LEVEL=WARNING
NODE_OPTIONS=--max-old-space-size=4096
NODE_ENV=production
DOCKER_GLOBAL=project/lecoffre/lecoffre_node
# Répertoires
ROOT_DIR=/home/debian/4NK_env
ROOT_DIR_DATA=$ROOT_DIR/$DOCKER_GLOBAL/data
BITCOIN_DATA_DIR=$ROOT_DIR_DATA/bitcoin
BITCOIN_COOKIE_PATH=$BITCOIN_DATA_DIR/signet/.cookie
SIGNER_DATA_DIR=$ROOT_DIR_DATA/signer
SDK_RELAY_DATA_DIR=$ROOT_DIR_DATA/sdk_relay
SDK_STORAGE_DATA_DIR=$ROOT_DIR_DATA/sdk_storage
SDK_TOR_DATA_DIR=$ROOT_DIR_DATA/tor
BLINDBIT_DATA_DIR=$ROOT_DIR_DATA/blindbit-oracle
ROOT_DIR_LOGS=$ROOT_DIR/$DOCKER_GLOBAL/logs
BITCOIN_LOGS_DIR=$ROOT_DIR_LOGS/bitcoin
BLINDBIT_LOGS_DIR=$ROOT_DIR_LOGS/blindbit-oracle
IHM_CLIENT_LOGS_DIR=$ROOT_DIR_LOGS/ihm_client
LECOFFRE_FRONT_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-front
LECOFFRE_BACK_LOGS_DIR=$ROOT_DIR_LOGS/lecoffre-back-mini
MINER_LOGS_DIR=$ROOT_DIR_LOGS/miner
NGINX_LOGS_DIR=$ROOT_DIR_LOGS/nginx
SDK_RELAY_LOGS_DIR=$ROOT_DIR_LOGS/sdk_relay
SDK_STORAGE_LOGS_DIR=$ROOT_DIR_LOGS/sdk_storage
TOR_LOGS_DIR=$ROOT_DIR_LOGS/tor
ROOT_DIR_CONFS=$ROOT_DIR/$DOCKER_GLOBAL/confs
PROMTAIL_CONF_DIR=$ROOT_DIR_CONFS/promtail
GRAFANA_CONF_DIR=$ROOT_DIR_CONFS/grafana
NGINX_CONF_DIR=$ROOT_DIR_CONFS/nginx
BITCOIN_CONF_DIR=$ROOT_DIR_CONFS/bitcoin
ROOT_DIR_BACKUPS=$ROOT_DIR/$DOCKER_GLOBAL/backups
LECOFFRE_NODE_SCRIPTS_DIR=$ROOT_DIR/$DOCKER_GLOBAL/scripts
CERT_PATH=/etc/letsencrypt/live/$HOST
# Noms internes
TOR_DOCKER_HOST=tor-proxy
BITCOIN_DOCKER_HOST=bitcoin-signet
BLINDBIT_DOCKER_NAME=blindbit-oracle
STORAGE_DOCKER_HOST=storage
LOKI_DOCKER_HOST=loki
# Ports des services
TOR_PORT=9050
BITCOIN_SIGNET_P2P_PORT=38333
BITCOIN_SIGNET_RPC_PORT=38332
BITCOIN_ZMQPUBRAWTX_PORT=29001
BITCOIN_ZMQPBUBHASHBLOCK_PORT=29000
BLINDBIT_PORT=8000
SDK_RELAY_PORT=8080
STORAGE_PORT=8081
SIGNER_PORT=9090
LECOFFRE_FRONT_PORT=3000
GRAFANA_PORT=3001
LOKI_PORT=3100
STATUS_PORT=3005
STATUS_API_PORT=3006
PROMTAIL_PORT=8090
IHM_CLIENT_PORT=3003
CERTIFICATOR_PORT=8082
REDIS_PORT=6379
# Routes
URL_ROUTE_SIGNER=/signer
URL_ROUTE_STORAGE=/storage
URL_ROUTE_IHM_CLIENT=/
URL_ROUTE_LECOFFRE_FRONT=/lecoffre
URL_ROUTE_LECOFFRE_FRONT_HMR=/lecoffre-hmr
URL_ROUTE_LECOFFRE_BACK=/api
POSTGRESQL_USER=postgres
POSTGRESQL_PASSWORD=password
URL_ROUTE_RELAY=/relay
URL_ROUTE_GRAFAN=/grafana
URL_ROUTE_STATUS=/status
URL_ROUTE_STATUS_API=/status/api
URL_ROUTE_BLINDBIT=/blindbit
URL_ROUTE_NEXT=/_next
# URLs et domaines
ROOT_HOST=$HOST
ROOT_URL=https://$ROOT_HOST
BOOTSTRAP_HOST=dev3.$DOMAIN
LECOFFRE_BACK_HOST=dev3.$DOMAIN
LECOFFRE_FRONT_URL=https://$ROOT_HOST$URL_ROUTE_LECOFFRE_FRONT
LECOFFRE_BACK_URL=https://$LECOFFRE_BACK_HOST$URL_ROUTE_LECOFFRE_BACK
IHM_CLIENT_URL=$ROOT_URL$URL_ROUTE_IHM_CLIENT
RELAY_URL=wss://$ROOT_HOST$URL_ROUTE_RELAY
RELAY_BOOSTRAP_URL=wss://$BOOTSTRAP_HOST$URL_ROUTE_RELAY
RELAY_URLS=$RELAY_URL,$RELAY_BOOSTRAP_URL
SIGNER_URL=https://dev3.$DOMAIN$URL_ROUTE_SIGNER
STORAGE_URL=$ROOT_URL$URL_ROUTE_STORAGE
LOKI_URL=http://$LOKI_DOCKER_HOST:$LOKI_PORT
BLINDBIT_URL=http://$BLINDBIT_DOCKER_NAME:$BLINDBIT_PORT
BITCOIN_RPC_URL=http://$BITCOIN_DOCKER_HOST:$BITCOIN_SIGNET_RPC_PORT
GRAFANA_URL=$ROOT_URL$URL_ROUTE_GRAFAN
ZMQ_URL=tcp://$BITCOIN_DOCKER_HOST:$BITCOIN_ZMQPBUBHASHBLOCK_PORT
# Variables
BITCOIN_WALLET_NAME=mining
BITCOIN_CERTIFICATOR_NAME=certificator
# DB
CERTIFICATOR_POSTGRESQL_CONNECT=$POSTGRESQL_USER:$POSTGRESQL_PASSWORD//certificator:@certificator_db/certificator_db
CERTIFICATOR_REDIS_CONNECT=redis://certificator_redis:$REDIS_PORT
# Noms des services Docker
SDK_RELAY_DOCKER_NAME=sdk_relay
LECOFFRE_FRONT_DOCKER_NAME=lecoffre-front
IHM_CLIENT_DOCKER_NAME=ihm_client
SDK_STORAGE_DOCKER_NAME=sdk_storage
WATCHTOWER_DOCKER_NAME=watchtower
SIGNET_MINER_DOCKER_NAME=signet_miner
GRAFANA_DOCKER_NAME=grafana
LOKI_DOCKER_NAME=loki
PROMTAIL_DOCKER_NAME=promtail
STATUS_API_DOCKER_NAME=status-api
# Ports externes exposés
LECOFFRE_FRONT_EXTERNAL_PORT=3004
IHM_CLIENT_EXTERNAL_PORT=3003
SDK_STORAGE_EXTERNAL_PORT=8081
GRAFANA_EXTERNAL_PORT=3005
LOKI_EXTERNAL_PORT=3100
STATUS_API_EXTERNAL_PORT=3006
# Mots de passe et secrets
GRAFANA_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
# Chemins de configuration
LECOFFRE_NODE_CONFS_DIR=/home/debian/4NK_env/confs
LECOFFRE_NODE_LOGS_DIR=/home/debian/4NK_env/logs
# Ports supplémentaires
BLINDBIT_EXTERNAL_PORT=8000
SDK_RELAY_EXTERNAL_PORT_1=8090
SDK_RELAY_EXTERNAL_PORT_2=8091
# Routes manquantes
# Variables manquantes pour la DB

347
storage/dev/lecoffre_node/docker-compose.yml Normal file
View File

@ -0,0 +1,347 @@
services:
tor:
image: btcpayserver/tor:0.4.8.10
container_name: $TOR_DOCKER_HOST
volumes:
- $TOR_LOGS_DIR/tor:/var/log/tor
- $LECOFFRE_NODE_SCRIPTS_DIR:/scripts:ro
networks:
btcnet:
aliases:
- tor
healthcheck:
test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/tor-progress.sh"]
interval: 10s
timeout: 5s
retries: 50
restart: unless-stopped
bitcoin:
build: ./bitcoin
container_name: $BITCOIN_DOCKER_HOST
depends_on:
tor:
condition: service_healthy
volumes:
- $BITCOIN_DATA_DIR:/home/bitcoin/.bitcoin
- $BITCOIN_CONF_DIR/bitcoin.conf:/etc/bitcoin/bitcoin.conf
- $BITCOIN_LOGS_DIR:/var/log/bitcoin
- $LECOFFRE_NODE_SCRIPTS_DIR:/scripts:ro
networks:
btcnet:
aliases:
- $BITCOIN_DOCKER_HOST
user: root
entrypoint: >
/bin/sh -c "
chown -R bitcoin:bitcoin /home/bitcoin/.bitcoin || echo 'warn: chown partiel (fichiers bind-mount Windows)';
exec su-exec bitcoin bitcoind -conf=/etc/bitcoin/bitcoin.conf -signet"
healthcheck:
test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/bitcoin-progress.sh"]
interval: 30s
timeout: 10s
retries: 50
restart: unless-stopped
blindbit:
image: git.4nkweb.com/4nk/blindbit-oracle:fixed-source
container_name: $BLINDBIT_DOCKER_NAME
depends_on:
bitcoin:
condition: service_healthy
volumes:
- $BLINDBIT_DATA_DIR:/root/.blindbit-oracle
# - $LECOFFRE_NODE_CONFS_DIR/blindbit-oracle/blindbit.toml:/tmp/blindbit.toml:ro
- $BITCOIN_DATA_DIR:/home/bitcoin/.bitcoin
- $LECOFFRE_NODE_LOGS_DIR/blindbit:/var/log/blindbit
- $LECOFFRE_NODE_SCRIPTS_DIR:$LECOFFRE_NODE_SCRIPTS_DIR:ro
entrypoint: >
sh -c "mkdir -p /root/.blindbit-oracle &&
if [ ! -f /root/.blindbit-oracle/blindbit.toml ]; then
cp /tmp/blindbit.toml /root/.blindbit-oracle/blindbit.toml;
fi &&
echo 'Starting BlindBit Oracle with corrected host binding...' &&
exec ./main -datadir /root/.blindbit-oracle"
networks:
btcnet:
aliases:
- $BLINDBIT_DOCKER_NAME
ports:
- "0.0.0.0:$BLINDBIT_EXTERNAL_PORT"
healthcheck:
test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/blindbit-progress.sh"]
interval: 10s
timeout: 5s
retries: 60
start_period: 180s
restart: unless-stopped
$SDK_RELAY_DOCKER_HOST:
image: git.4nkweb.com/4nk/sdk_relay:ext
container_name: $SDK_RELAY_DOCKER_HOST
env_file:
- $LECOFFRE_NODE_CONFS_DIR/sdk_relay/.env
depends_on:
blindbit:
condition: service_healthy
volumes:
- $LECOFFRE_NODE_CONFS_DIR/relay/.conf:/app/.conf:ro
- sdk_data:/app/.4nk
- bitcoin_data:/app/.bitcoin
- $SDK_RELAY_LOGS_DIR:/var/log/sdk_relay
- $LECOFFRE_NODE_SCRIPTS_DIR:$LECOFFRE_NODE_SCRIPTS_DIR:ro
ports:
- "0.0.0.0:$SDK_RELAY_PORT"
networks:
btcnet:
aliases:
- $SDK_RELAY_DOCKER_HOST
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
- HOME=/app
- RUST_LOG=INFO
healthcheck:
test: ["CMD", "sh", "$LECOFFRE_NODE_SCRIPTS_DIR/sdk-relay-progress.sh"]
interval: 30s
timeout: 10s
retries: 50
restart: unless-stopped
lecoffre-front:
image: git.4nkweb.com/4nk/lecoffre-front:ext
container_name: lecoffre-front
working_dir: /leCoffre-front
# env_file:
# - $LECOFFRE_NODE_CONFS_DIR/lecoffre-front/.env
ports:
- "0.0.0.0:$LECOFFRE_FRONT_EXTERNAL_PORT:8080"
volumes:
- $LECOFFRE_NODE_LOGS_DIR/lecoffre-front:/var/log/lecoffre-front
networks:
btcnet:
aliases:
- lecoffre-front
depends_on:
ihm_client:
condition: service_healthy
sdk_storage:
condition: service_healthy
user: lecoffreuser
command: ["sh", "-c", "exec npm run start >> /var/log/lecoffre-front/stdout.log 2>&1"]
healthcheck:
test: ["CMD", "sh", "-c", "if ps aux | grep -v grep | grep next-server >/dev/null 2>&1; then echo 'LeCoffre Frontend ready: Next.js server running'; exit 0; else echo 'LeCoffre Frontend starting: Next.js server not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
ihm_client:
image: git.4nkweb.com/4nk/ihm_client:ext
container_name: ihm_client
# env_file:
# - $LECOFFRE_NODE_CONFS_DIR/ihm_client/.env
environment:
- VITE_JWT_SECRET_KEY
- VITE_API_BASE_URL
- VITE_WS_URL
- VITE_STORAGE_URL
- VITE_SIGNER_URL
- VITE_BOOTSTRAPURL
ports:
- "0.0.0.0:$IHM_CLIENT_EXTERNAL_PORT:3003"
volumes:
- $LECOFFRE_NODE_LOGS_DIR/ihm_client:/var/log/ihm_client
networks:
btcnet:
aliases:
- ihm_client
depends_on:
sdk_relay:
condition: service_healthy
sdk_storage:
condition: service_healthy
user: root
command: ["sh", "-c", "exec npm start >> /var/log/ihm_client/stdout.log 2>&1"]
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:3003/ >/dev/null 2>&1; then echo 'IHM Client ready: Vite dev server responding'; exit 0; else echo 'IHM Client starting: Vite dev server not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
sdk_storage:
image: git.4nkweb.com/4nk/sdk_storage:ext
container_name: sdk_storage
ports:
- "0.0.0.0:$SDK_STORAGE_EXTERNAL_PORT:8080"
volumes:
- sdk_storage_data:/app/data
- $LECOFFRE_NODE_LOGS_DIR/sdk_storage:/var/log/sdk_storage
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:8080/health >/dev/null 2>&1; then echo 'SDK Storage ready: API responding'; exit 0; else echo 'SDK Storage starting: API not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
networks:
btcnet:
aliases:
- sdk_storage
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
watchtower:
image: containrrr/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --interval 30 --label-enable
networks:
- btcnet
restart: unless-stopped
signet_miner:
build:
context: ./miner
container_name: signet_miner
depends_on:
bitcoin:
condition: service_healthy
# env_file:
# - $LECOFFRE_NODE_CONFS_DIR/lecoffre_node/.env
volumes:
- bitcoin_data:/bitcoin:ro
- $LECOFFRE_NODE_LOGS_DIR/miner:/var/log/miner
networks:
btcnet:
aliases:
- signet_miner
profiles: ["miner"]
restart: unless-stopped
grafana:
image: grafana/grafana:latest
container_name: grafana
ports:
- "0.0.0.0:$GRAFANA_EXTERNAL_PORT:3000"
volumes:
- grafana_data:/var/lib/grafana
# - $LECOFFRE_NODE_CONFS_DIR/grafana/provisioning:/etc/grafana/provisioning
# - $LECOFFRE_NODE_CONFS_DIR/grafana/dashboards:/var/lib/grafana/dashboards
# - $LECOFFRE_NODE_CONFS_DIR/grafana/grafana.ini:/etc/grafana/grafana.ini:ro
- $LECOFFRE_NODE_LOGS_DIR:/var/log/lecoffre:ro
environment:
- GF_SECURITY_ADMIN_PASSWORD=$GRAFANA_ADMIN_PASSWORD
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SERVER_ROOT_URL=$GRAFANA_URL/
- GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource
networks:
btcnet:
aliases:
- grafana
depends_on:
loki:
condition: service_healthy
promtail:
condition: service_healthy
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:3000/api/health >/dev/null 2>&1; then echo 'Grafana ready: Dashboard service responding'; exit 0; else echo 'Grafana starting: Dashboard service not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 60s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
loki:
image: grafana/loki:latest
container_name: loki
ports:
- "0.0.0.0:$LOKI_EXTERNAL_PORT:3100"
volumes:
- loki_data:/loki
# - $LECOFFRE_NODE_CONFS_DIR/loki/loki-config.yaml:/etc/loki/loki-config.yaml:ro
command: -config.file=/etc/loki/loki-config.yaml
networks:
btcnet:
aliases:
- loki
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3100/ready"]
interval: 30s
timeout: 15s
retries: 50
start_period: 120s
restart: unless-stopped
promtail:
image: grafana/promtail:latest
container_name: promtail
volumes:
- $LECOFFRE_NODE_LOGS_DIR:$LECOFFRE_NODE_LOGS_DIR:ro
# - $LECOFFRE_NODE_CONFS_DIR/promtail/promtail.yml:/etc/promtail/config.yml:ro
- /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/config.yml
networks:
btcnet:
aliases:
- promtail
depends_on:
loki:
condition: service_healthy
healthcheck:
test: ["CMD", "sh", "-c", "if [ -f /tmp/positions.yaml ]; then echo 'Promtail ready: Log collection service responding'; exit 0; else echo 'Promtail starting: Log collection service not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
restart: unless-stopped
# Service de statut des services
status-api:
build:
context: ./web/status
dockerfile: Dockerfile.python
container_name: status-api
# env_file:
# - $LECOFFRE_NODE_CONFS_DIR/monitoring/.env
ports:
- "0.0.0.0:$STATUS_API_EXTERNAL_PORT:3006"
volumes:
- ./web/status/api.py:/app/api.py:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- $LECOFFRE_NODE_LOGS_DIR:/var/log/lecoffre:ro
- $LECOFFRE_NODE_SCRIPTS_DIR:$LECOFFRE_NODE_SCRIPTS_DIR:ro
networks:
btcnet:
aliases:
- status-api
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:3006/api >/dev/null 2>&1; then echo 'Status API ready: Service monitoring API responding'; exit 0; else echo 'Status API starting: Service monitoring API not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
networks:
btcnet:
name: 4nk_node_btcnet
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16

0
storage/dev/promtail/.gitkeep copy
View File

9
storage/dev/tor/torrc
View File

@ -2,10 +2,7 @@
# Écoute sur 127.0.0.1 pour la sécurité
# Port SOCKS pour les connexions sortantes
SOCKSPort 127.0.0.1:9050
# Port de contrôle (désactivé pour la sécurité)
# ControlPort 127.0.0.1:$TOR_PORT
SOCKSPort 127.0.0.1:$TOR_PORT
# Configuration de base
Log notice file $TOR_LOGS_DIR/tor.log
@ -17,5 +14,5 @@ SafeLogging 1
WarnUnsafeSocks 1
# Désactiver les services cachés
HiddenServiceDir $SDK_TOR_DATA_DIR/hidden_service/
HiddenServicePort 80 127.0.0.1:80
# HiddenServiceDir $SDK_TOR_DATA_DIR/hidden_service/
# HiddenServicePort 80 127.0.0.1:80