align for IA agents + grafana

.env.master

@@ -1,3 +1,142 @@
+# DOMAIN
+DOMAIN=dev4.4nkweb.com
+BOOTSTRAP_DOMAIN=dev3.4nkweb.com
+LOCAL_DOMAIN=lecoffreio.4nkweb.com
+LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
+
+# GIT
+GITEA_BASE_URL=git.4nkweb.com
+GIT_TOKEN=8cde80690a5ffd737536d82a1ab16a765d5105df
+GITEA_OWNER="nicolas.cantu,Omar"
+GITEA_RUNNER_NAME=debian-runner
+
+# Variables d'environnement pour l'application back-end
+NODE_ENV=production
+RUST_LOG=DEBUG
+NODE_OPTIONS=--max-old-space-size=2048
+
+# Configuration IDNOT
+IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
+IDNOT_REDIRECT_URI=https:///lecoffre/authorized-client
+IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
+IDNOT_API_BASE_URL=https://qual-api.notaires.fr
+
+# Configuration serveur
+APP_HOST=dev4.4nkweb.com
+API_BASE_URL=https://${DOMAIN}/back
+DEFAULT_STORAGE=https://${DOMAIN}/storage
+
+# Variables d'environnement pour l'application front-end
+NEXT_PUBLIC_4NK_URL=https://${DOMAIN}
+NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
+NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
+NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
+NEXT_PUBLIC_BACK_API_PROTOCOL=https
+NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN}
+NEXT_PUBLIC_BACK_API_PORT=443
+NEXT_PUBLIC_BACK_API_ROOT_URL=/api
+NEXT_PUBLIC_BACK_API_VERSION=v1
+NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client
+NEXT_PUBLIC_TARGET_ORIGIN=https://${DOMAIN}/lecoffre
+NEXT_PUBLIC_4NK_IFRAME_URL=https://${DOMAIN}
+NEXT_PUBLIC_IDNOT_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client
+NEXT_PUBLIC_DOCAPOSTE_API_URL=
+NEXT_PUBLIC_API_URL=https://${DOMAIN}/api
+NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99
+NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://${DOMAIN}/storage
+
+# WS
+RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/
+
+# SIGNER
+SIGNER_WS_URL=ws://${BOOTSTRAP_DOMAIN}:9090
+SIGNER_BASE_URL=https://${BOOTSTRAP_DOMAIN}
+
+# IHM URLS
+VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
+
+# Cartes de test Stripe
+SUCCES='4242 4242 4242 4242'
+DECLINED='4000 0025 0000 3155'
+CORS_ALLOWED_ORIGINS=https://${DOMAIN}
+
+core_url=http://bitcoin:38332
+ws_url=0.0.0.0:8090
+wallet_name=default
+network=signet
+blindbit_url=http://blindbit:8000
+zmq_url=tcp://bitcoin:29000
+storage=https://${DOMAIN}/storage
+data_dir=/home/bitcoin/.4nk
+bitcoin_data_dir=/home/bitcoin/.bitcoin
+bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/
+bootstrap_faucet=true
+
+# ================== /!\ sensible =========================
+
+# Configuration IDNOT
+IDNOT_API_KEY=ba557f84-0bf6-4dbf-844f-df2767555e3e
+IDNOT_CLIENT_ID=B3CE56353EDB15A9
+IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C
+NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9
+
+SIGNER_API_KEY=your-api-key-change-this
+VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9
+
+# Configuration pour réduire les traces Docker
+DOCKER_LOG_LEVEL=info
+COMPOSE_LOG_LEVEL=WARNING
+
+# ===========================================
+# VARIABLES(manquantes)
+# ===========================================
+SIGNER_PORT=9090
+SIGNER_DATABASE_PATH=./data/server.db
+SIGNER_RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/
+SIGNER_AUTO_RESTART=true
+SIGNER_MAX_RESTARTS=3
+SIGNER_LOG_LEVEL=info
+
+# ===========================================
+# VARIABLES SDK_RELAY (formatées pour docker-compose)
+# ===========================================
+SDK_RELAY_CORE_URL=http://bitcoin:38332
+SDK_RELAY_WS_URL=0.0.0.0:8090
+SDK_RELAY_WALLET_NAME=default
+SDK_RELAY_NETWORK=signet
+SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000
+SDK_RELAY_STORAGE=https://${DOMAIN}/storage
+SDK_RELAY_DATA_DIR=/app/.4nk
+SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin
+SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/
+SDK_RELAY_BOOTSTRAP_FAUCET=true
+SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000
+
+
+# ===========================================
+# VARIABLES IHM_CLIENT (formatées pour docker-compose)
+# ===========================================
+VITE_API_BASE_URL=https://${DOMAIN}/back/api/v1
+VITE_WS_URL=wss://${DOMAIN}/ws/
+VITE_STORAGE_URL=https://${DOMAIN}/storage
+VITE_SIGNER_URL=https://${DOMAIN}/signer
+
+# ===========================================
+# VARIABLES MONITORING
+# ===========================================
+GRAFANA_ADMIN_USER=admin
+GRAFANA_ADMIN_PASSWORD=admin123
+LOKI_URL=http://loki:3100
+PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml
+
+# ===========================================
+# GRAFANA
+# ===========================================
+GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
+GF_USERS_ALLOW_SIGN_UP=false
+GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/
+GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource
+
 # Frontend runtime
 NODE_OPTIONS=--max-old-space-size=4096
 NODE_ENV=production

.env.master.bak_20250922162513

@@ -17,7 +17,7 @@ NODE_OPTIONS=--max-old-space-size=2048
 
 # Configuration IDNOT
 IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
-IDNOT_REDIRECT_URI=https://${LOCAL_DOMAIN}/authorized-client
+IDNOT_REDIRECT_URI=https:///lecoffre/authorized-client
 IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
 IDNOT_API_BASE_URL=https://qual-api.notaires.fr
 
@@ -136,3 +136,28 @@ GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
 GF_USERS_ALLOW_SIGN_UP=false
 GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/
 GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource
+
+# Frontend runtime
+NODE_OPTIONS=--max-old-space-size=4096
+NODE_ENV=production
+
+# Public URLs
+NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com
+NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com
+NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
+
+# Backend API (via dev4 Nginx proxying to dev3)
+NEXT_PUBLIC_BACK_API_PROTOCOL=https
+NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com
+NEXT_PUBLIC_BACK_API_PORT=443
+NEXT_PUBLIC_BACK_API_ROOT_URL=/api
+NEXT_PUBLIC_BACK_API_VERSION=v1
+
+# IdNot
+NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
+NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/
+# NEXT_PUBLIC_IDNOT_CLIENT_ID is expected to be set in image/secrets
+NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=http://local.4nkweb.com:3000/authorized-client
+
+# Back base for state endpoint (dev3)
+NEXT_PUBLIC_BACK_BASE=https://dev3.4nkweb.com

ENV_EXAMPLE.md

@@ -0,0 +1,31 @@
+Example environment (.env.master) for lecoffre-front
+
+Copy to lecoffre_node/.env.master and fill secrets/IDs.
+
+Required NEXT_PUBLIC variables
+
+NEXT_PUBLIC_IDNOT_CLIENT_ID=...
+NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
+NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/
+NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=http://local.4nkweb.com:3000/authorized-client
+NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
+NEXT_PUBLIC_BACK_BASE=https://dev3.4nkweb.com
+
+Optional legacy variables
+
+NEXT_PUBLIC_IDNOT_REDIRECT_URI=
+NEXT_PUBLIC_4NK_IFRAME_URL=
+NEXT_PUBLIC_4NK_URL=
+NEXT_PUBLIC_BACK_API_PROTOCOL=
+NEXT_PUBLIC_BACK_API_HOST=
+NEXT_PUBLIC_BACK_API_PORT=
+NEXT_PUBLIC_BACK_API_ROOT_URL=
+NEXT_PUBLIC_BACK_API_VERSION=
+
+Backend (in backend repo on dev3)
+
+BACK_HMAC_SECRET=<random-long-hex>
+STATE_TTL_SECONDS=180
+ALLOW_LOCALHOST_REDIRECTS=true
+ALLOWED_REDIRECT_HOST_PATTERNS=^dev4\.4nkweb\.com$,^localhost$,^127\.0\.0\.1$
+

blindbit/Dockerfile

@@ -10,3 +10,4 @@ RUN apt-get update && apt-get install -y procps wget curl && \
 USER root
 
 
+

docker-compose.yml

@@ -175,24 +175,34 @@ services:
   #   restart: unless-stopped
 
   lecoffre-front:
-    image: git.4nkweb.com/4nk/lecoffre-front:ext
+    build:
+      context: ../lecoffre-front
+      dockerfile: Dockerfile
+      args:
+        - NEXT_PUBLIC_4NK_URL
+        - NEXT_PUBLIC_FRONT_APP_HOST
+        - NEXT_PUBLIC_IDNOT_BASE_URL
+        - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT
+        - NEXT_PUBLIC_BACK_API_PROTOCOL
+        - NEXT_PUBLIC_BACK_API_HOST
+        - NEXT_PUBLIC_BACK_API_PORT
+        - NEXT_PUBLIC_BACK_API_ROOT_URL
+        - NEXT_PUBLIC_BACK_API_VERSION
+        - NEXT_PUBLIC_ANK_BASE_REDIRECT_URI
+        - NEXT_PUBLIC_TARGET_ORIGIN
+        - NEXT_PUBLIC_4NK_IFRAME_URL
+        - NEXT_PUBLIC_IDNOT_REDIRECT_URI
+        - NEXT_PUBLIC_DOCAPOSTE_API_URL
+        - NEXT_PUBLIC_API_URL
+        - NEXT_PUBLIC_DEFAULT_VALIDATOR_ID
+        - NEXT_PUBLIC_DEFAULT_STORAGE_URLS
+        - NEXT_PUBLIC_IDNOT_CLIENT_ID
+        - NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED
+        - NEXT_PUBLIC_BACK_BASE
     container_name: lecoffre-front
     working_dir: /leCoffre-front
     env_file:
       - .env.master
-    environment:
-      - NODE_OPTIONS=${NODE_OPTIONS}
-      - NODE_ENV=${NODE_ENV}
-      - NEXT_PUBLIC_4NK_IFRAME_URL=${NEXT_PUBLIC_4NK_IFRAME_URL}
-      - NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL}
-      - NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST}
-      - NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL}
-      - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT}
-      - NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL}
-      - NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST}
-      - NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT}
-      - NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL}
-      - NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION}
     ports:
       - "0.0.0.0:3004:3000"
     volumes:
@@ -228,12 +238,12 @@ services:
     env_file:
       - .env.master
     environment:
-      - VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY}
+      - VITE_JWT_SECRET_KEY
-      - VITE_API_BASE_URL=${VITE_API_BASE_URL}
+      - VITE_API_BASE_URL
-      - VITE_WS_URL=${VITE_WS_URL}
+      - VITE_WS_URL
-      - VITE_STORAGE_URL=${VITE_STORAGE_URL}
+      - VITE_STORAGE_URL
-      - VITE_SIGNER_URL=${VITE_SIGNER_URL}
+      - VITE_SIGNER_URL
-      - VITE_BOOTSTRAPURL=wss://dev4.4nkweb.com/ws/
+      - VITE_BOOTSTRAPURL
     ports:
       - "0.0.0.0:3003:3003"
     volumes: