diff --git a/.env.master b/.env.master index eeebf40..a75d350 100644 --- a/.env.master +++ b/.env.master @@ -1,3 +1,142 @@ +# DOMAIN +DOMAIN=dev4.4nkweb.com +BOOTSTRAP_DOMAIN=dev3.4nkweb.com +LOCAL_DOMAIN=lecoffreio.4nkweb.com +LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com + +# GIT +GITEA_BASE_URL=git.4nkweb.com +GIT_TOKEN=8cde80690a5ffd737536d82a1ab16a765d5105df +GITEA_OWNER="nicolas.cantu,Omar" +GITEA_RUNNER_NAME=debian-runner + +# Variables d'environnement pour l'application back-end +NODE_ENV=production +RUST_LOG=DEBUG +NODE_OPTIONS=--max-old-space-size=2048 + +# Configuration IDNOT +IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire +IDNOT_REDIRECT_URI=https:///lecoffre/authorized-client +IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1 +IDNOT_API_BASE_URL=https://qual-api.notaires.fr + +# Configuration serveur +APP_HOST=dev4.4nkweb.com +API_BASE_URL=https://${DOMAIN}/back +DEFAULT_STORAGE=https://${DOMAIN}/storage + +# Variables d'environnement pour l'application front-end +NEXT_PUBLIC_4NK_URL=https://${DOMAIN} +NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre +NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr +NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 +NEXT_PUBLIC_BACK_API_PROTOCOL=https +NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN} +NEXT_PUBLIC_BACK_API_PORT=443 +NEXT_PUBLIC_BACK_API_ROOT_URL=/api +NEXT_PUBLIC_BACK_API_VERSION=v1 +NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client +NEXT_PUBLIC_TARGET_ORIGIN=https://${DOMAIN}/lecoffre +NEXT_PUBLIC_4NK_IFRAME_URL=https://${DOMAIN} +NEXT_PUBLIC_IDNOT_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client +NEXT_PUBLIC_DOCAPOSTE_API_URL= +NEXT_PUBLIC_API_URL=https://${DOMAIN}/api +NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99 +NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://${DOMAIN}/storage + +# WS +RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/ + +# SIGNER +SIGNER_WS_URL=ws://${BOOTSTRAP_DOMAIN}:9090 +SIGNER_BASE_URL=https://${BOOTSTRAP_DOMAIN} + +# IHM URLS +VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/ + +# Cartes de test Stripe +SUCCES='4242 4242 4242 4242' +DECLINED='4000 0025 0000 3155' +CORS_ALLOWED_ORIGINS=https://${DOMAIN} + +core_url=http://bitcoin:38332 +ws_url=0.0.0.0:8090 +wallet_name=default +network=signet +blindbit_url=http://blindbit:8000 +zmq_url=tcp://bitcoin:29000 +storage=https://${DOMAIN}/storage +data_dir=/home/bitcoin/.4nk +bitcoin_data_dir=/home/bitcoin/.bitcoin +bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/ +bootstrap_faucet=true + +# ================== /!\ sensible ========================= + +# Configuration IDNOT +IDNOT_API_KEY=ba557f84-0bf6-4dbf-844f-df2767555e3e +IDNOT_CLIENT_ID=B3CE56353EDB15A9 +IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C +NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9 + +SIGNER_API_KEY=your-api-key-change-this +VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9 + +# Configuration pour réduire les traces Docker +DOCKER_LOG_LEVEL=info +COMPOSE_LOG_LEVEL=WARNING + +# =========================================== +# VARIABLES(manquantes) +# =========================================== +SIGNER_PORT=9090 +SIGNER_DATABASE_PATH=./data/server.db +SIGNER_RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/ +SIGNER_AUTO_RESTART=true +SIGNER_MAX_RESTARTS=3 +SIGNER_LOG_LEVEL=info + +# =========================================== +# VARIABLES SDK_RELAY (formatées pour docker-compose) +# =========================================== +SDK_RELAY_CORE_URL=http://bitcoin:38332 +SDK_RELAY_WS_URL=0.0.0.0:8090 +SDK_RELAY_WALLET_NAME=default +SDK_RELAY_NETWORK=signet +SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000 +SDK_RELAY_STORAGE=https://${DOMAIN}/storage +SDK_RELAY_DATA_DIR=/app/.4nk +SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin +SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/ +SDK_RELAY_BOOTSTRAP_FAUCET=true +SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000 + + +# =========================================== +# VARIABLES IHM_CLIENT (formatées pour docker-compose) +# =========================================== +VITE_API_BASE_URL=https://${DOMAIN}/back/api/v1 +VITE_WS_URL=wss://${DOMAIN}/ws/ +VITE_STORAGE_URL=https://${DOMAIN}/storage +VITE_SIGNER_URL=https://${DOMAIN}/signer + +# =========================================== +# VARIABLES MONITORING +# =========================================== +GRAFANA_ADMIN_USER=admin +GRAFANA_ADMIN_PASSWORD=admin123 +LOKI_URL=http://loki:3100 +PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml + +# =========================================== +# GRAFANA +# =========================================== +GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU +GF_USERS_ALLOW_SIGN_UP=false +GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/ +GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource + # Frontend runtime NODE_OPTIONS=--max-old-space-size=4096 NODE_ENV=production diff --git a/.env.master.bak_20250922162513 b/.env.master.bak_20250922162513 index d3075a4..a75d350 100644 --- a/.env.master.bak_20250922162513 +++ b/.env.master.bak_20250922162513 @@ -17,7 +17,7 @@ NODE_OPTIONS=--max-old-space-size=2048 # Configuration IDNOT IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire -IDNOT_REDIRECT_URI=https://${LOCAL_DOMAIN}/authorized-client +IDNOT_REDIRECT_URI=https:///lecoffre/authorized-client IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1 IDNOT_API_BASE_URL=https://qual-api.notaires.fr @@ -136,3 +136,28 @@ GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU GF_USERS_ALLOW_SIGN_UP=false GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/ GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource + +# Frontend runtime +NODE_OPTIONS=--max-old-space-size=4096 +NODE_ENV=production + +# Public URLs +NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com +NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com +NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre + +# Backend API (via dev4 Nginx proxying to dev3) +NEXT_PUBLIC_BACK_API_PROTOCOL=https +NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com +NEXT_PUBLIC_BACK_API_PORT=443 +NEXT_PUBLIC_BACK_API_ROOT_URL=/api +NEXT_PUBLIC_BACK_API_VERSION=v1 + +# IdNot +NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr +NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/ +# NEXT_PUBLIC_IDNOT_CLIENT_ID is expected to be set in image/secrets +NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=http://local.4nkweb.com:3000/authorized-client + +# Back base for state endpoint (dev3) +NEXT_PUBLIC_BACK_BASE=https://dev3.4nkweb.com diff --git a/ENV_EXAMPLE.md b/ENV_EXAMPLE.md new file mode 100644 index 0000000..b40bd44 --- /dev/null +++ b/ENV_EXAMPLE.md @@ -0,0 +1,31 @@ +Example environment (.env.master) for lecoffre-front + +Copy to lecoffre_node/.env.master and fill secrets/IDs. + +Required NEXT_PUBLIC variables + +NEXT_PUBLIC_IDNOT_CLIENT_ID=... +NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr +NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/ +NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=http://local.4nkweb.com:3000/authorized-client +NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre +NEXT_PUBLIC_BACK_BASE=https://dev3.4nkweb.com + +Optional legacy variables + +NEXT_PUBLIC_IDNOT_REDIRECT_URI= +NEXT_PUBLIC_4NK_IFRAME_URL= +NEXT_PUBLIC_4NK_URL= +NEXT_PUBLIC_BACK_API_PROTOCOL= +NEXT_PUBLIC_BACK_API_HOST= +NEXT_PUBLIC_BACK_API_PORT= +NEXT_PUBLIC_BACK_API_ROOT_URL= +NEXT_PUBLIC_BACK_API_VERSION= + +Backend (in backend repo on dev3) + +BACK_HMAC_SECRET= +STATE_TTL_SECONDS=180 +ALLOW_LOCALHOST_REDIRECTS=true +ALLOWED_REDIRECT_HOST_PATTERNS=^dev4\.4nkweb\.com$,^localhost$,^127\.0\.0\.1$ + diff --git a/blindbit/Dockerfile b/blindbit/Dockerfile index 4be638c..67599e8 100644 --- a/blindbit/Dockerfile +++ b/blindbit/Dockerfile @@ -10,3 +10,4 @@ RUN apt-get update && apt-get install -y procps wget curl && \ USER root + diff --git a/docker-compose.yml b/docker-compose.yml index a6656aa..920e696 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -175,24 +175,34 @@ services: # restart: unless-stopped lecoffre-front: - image: git.4nkweb.com/4nk/lecoffre-front:ext + build: + context: ../lecoffre-front + dockerfile: Dockerfile + args: + - NEXT_PUBLIC_4NK_URL + - NEXT_PUBLIC_FRONT_APP_HOST + - NEXT_PUBLIC_IDNOT_BASE_URL + - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT + - NEXT_PUBLIC_BACK_API_PROTOCOL + - NEXT_PUBLIC_BACK_API_HOST + - NEXT_PUBLIC_BACK_API_PORT + - NEXT_PUBLIC_BACK_API_ROOT_URL + - NEXT_PUBLIC_BACK_API_VERSION + - NEXT_PUBLIC_ANK_BASE_REDIRECT_URI + - NEXT_PUBLIC_TARGET_ORIGIN + - NEXT_PUBLIC_4NK_IFRAME_URL + - NEXT_PUBLIC_IDNOT_REDIRECT_URI + - NEXT_PUBLIC_DOCAPOSTE_API_URL + - NEXT_PUBLIC_API_URL + - NEXT_PUBLIC_DEFAULT_VALIDATOR_ID + - NEXT_PUBLIC_DEFAULT_STORAGE_URLS + - NEXT_PUBLIC_IDNOT_CLIENT_ID + - NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED + - NEXT_PUBLIC_BACK_BASE container_name: lecoffre-front working_dir: /leCoffre-front env_file: - .env.master - environment: - - NODE_OPTIONS=${NODE_OPTIONS} - - NODE_ENV=${NODE_ENV} - - NEXT_PUBLIC_4NK_IFRAME_URL=${NEXT_PUBLIC_4NK_IFRAME_URL} - - NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL} - - NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST} - - NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL} - - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT} - - NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL} - - NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST} - - NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT} - - NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL} - - NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION} ports: - "0.0.0.0:3004:3000" volumes: @@ -228,12 +238,12 @@ services: env_file: - .env.master environment: - - VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY} - - VITE_API_BASE_URL=${VITE_API_BASE_URL} - - VITE_WS_URL=${VITE_WS_URL} - - VITE_STORAGE_URL=${VITE_STORAGE_URL} - - VITE_SIGNER_URL=${VITE_SIGNER_URL} - - VITE_BOOTSTRAPURL=wss://dev4.4nkweb.com/ws/ + - VITE_JWT_SECRET_KEY + - VITE_API_BASE_URL + - VITE_WS_URL + - VITE_STORAGE_URL + - VITE_SIGNER_URL + - VITE_BOOTSTRAPURL ports: - "0.0.0.0:3003:3003" volumes: