Deleted lecoffre-db

.env.exemple

@@ -0,0 +1,36 @@
+# Configuration OVH
+OVH_APP_KEY=
+OVH_APP_SECRET=
+OVH_CONSUMER_KEY=
+OVH_SMS_SERVICE_NAME=
+
+# Configuration SMS Factor
+SMS_FACTOR_TOKEN=
+
+#Configuration Mailchimp
+MAILCHIMP_API_KEY=
+MAILCHIMP_KEY=
+MAILCHIMP_LIST_ID=
+
+#Configuration Stripe
+STRIPE_SECRET_KEY=
+STRIPE_WEBHOOK_SECRET=
+STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=
+STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=
+STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=
+STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=
+
+# Configuration serveur
+APP_HOST=
+
+# Configuration front-end
+NEXT_PUBLIC_4NK_URL=
+NEXT_PUBLIC_FRONT_APP_HOST=
+NEXT_PUBLIC_IDNOT_BASE_URL=
+NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=
+NEXT_PUBLIC_IDNOT_CLIENT_ID=
+NEXT_PUBLIC_BACK_API_PROTOCOL=
+NEXT_PUBLIC_BACK_API_HOST=
+BACK_API_PORT=
+BACK_API_ROOT_URL=
+BACK_API_VERSION=

.gitignore

@@ -0,0 +1 @@
+.env

bitcoin/Dockerfile

@@ -1,55 +0,0 @@
-# bitcoin/Dockerfile
-FROM debian:bullseye-slim as builder
-
-# Installation des dépendances
-RUN apt-get update && apt-get install -y \
-    curl \
-    gnupg \
-    && rm -rf /var/lib/apt/lists/*
-
-# Version de Bitcoin Core
-ENV VERSION=24.1
-
-# Téléchargement et vérification de Bitcoin Core
-WORKDIR /tmp
-RUN curl -O https://bitcoincore.org/bin/bitcoin-core-${VERSION}/bitcoin-${VERSION}-x86_64-linux-gnu.tar.gz && \
-    curl -O https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS.asc && \
-    curl -O https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS
-
-# Extraction de Bitcoin Core
-RUN tar -xzf bitcoin-${VERSION}-x86_64-linux-gnu.tar.gz
-
-# Image finale
-FROM debian:bullseye-slim
-
-# On redéfinit la version dans l'image finale
-ENV VERSION=24.1
-
-# Installation des dépendances nécessaires
-RUN apt-get update && apt-get install -y \
-    libatomic1 \
-    && rm -rf /var/lib/apt/lists/*
-
-# Créer l'utilisateur et le groupe bitcoin
-RUN groupadd -g 1000 bitcoin && \
-    useradd -m -d /home/bitcoin -g bitcoin bitcoin
-
-# Copie des binaires depuis le builder
-COPY --from=builder /tmp/bitcoin-${VERSION}/bin/bitcoind /usr/local/bin/
-COPY --from=builder /tmp/bitcoin-${VERSION}/bin/bitcoin-cli /usr/local/bin/
-
-# Configuration
-RUN mkdir -p /home/bitcoin/.bitcoin/wallets /home/bitcoin/.bitcoin/signet && \
-    chown -R bitcoin:bitcoin /home/bitcoin/.bitcoin
-COPY bitcoin.conf /home/bitcoin/.bitcoin/bitcoin.conf
-RUN chown bitcoin:bitcoin /home/bitcoin/.bitcoin/bitcoin.conf
-
-VOLUME ["/home/bitcoin/.bitcoin"]
-
-# Exposition des ports (signet)
-EXPOSE 38332 38333 29000 18443
-
-USER bitcoin
-WORKDIR /home/bitcoin
-ENTRYPOINT ["bitcoind", "-conf=/home/bitcoin/.bitcoin/bitcoin.conf", "-signet", "-printtoconsole"]
-

bitcoin/bitcoin.conf

@@ -2,8 +2,8 @@
 datadir=/home/bitcoin/.bitcoin
 server=1
 txindex=1
-debug=1
-loglevel=debug
+#debug=1
+#loglevel=debug
 logthreadnames=1
 signet=1
 onion=tor:9050
@@ -23,8 +23,8 @@ zmqpubrawtx=tcp://0.0.0.0:29000
 [signet]
 listen=1
 bind=0.0.0.0:38333
-rpcbind=0.0.0.0:18443
-rpcport=18443
+rpcbind=0.0.0.0:38332
+rpcport=38332
 fallbackfee=0.0001
 blockfilterindex=1
 datacarriersize=205
@@ -33,8 +33,9 @@ dustrelayfee=0.00000001
 minrelaytxfee=0.00000001
 prune=0
 signetchallenge=0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821
-walletdir=/home/bitcoin/.bitcoin/wallets
 wallet=mining
 wallet=watchonly
 maxtxfee=1
-addnode=tlv2yqamflv22vfdzy2hha2nwmt6zrwrhjjzz4lx7qyq7lyc6wfhabyd.onion
+addnode=tlv2yqamflv22vfdzy2hha2nwmt6zrwrhjjzz4lx7qyq7lyc6wfhabyd.onion
+addnode=6xi33lwwslsx3yi3f7c56wnqtdx4v73vj2up3prrwebpwbz6qisnqbyd.onion
+addnode=id7e3r3d2epen2v65jebjhmx77aimu7oyhcg45zadafypr4crqsytfid.onion

blindbit/Dockerfile

@@ -1,31 +0,0 @@
-# blindbit-oracle/Dockerfile
-FROM golang:1.22 as builder
-
-WORKDIR /app
-
-# Cloner le repo blindbit-oracle
-RUN git clone --branch dev --depth 1 https://github.com/setavenger/blindbit-oracle.git .
-
-# Compiler le binaire
-RUN go build -o /go/bin/blindbit-oracle ./src
-
-# Utiliser debian:bookworm-slim qui contient GLIBC 2.34
-FROM debian:bookworm-slim
-
-# Installation des dépendances nécessaires
-RUN apt-get update && apt-get install -y ca-certificates curl && rm -rf /var/lib/apt/lists/*
-
-# Copier le binaire depuis le builder
-COPY --from=builder /go/bin/blindbit-oracle /usr/local/bin/blindbit-oracle
-
-# Créer le répertoire de données
-RUN mkdir -p /data
-
-# Créer le volume pour les données
-VOLUME ["/data"]
-
-# Exposer le port par défaut
-EXPOSE 8000
-
-# Démarrer blindbit-oracle avec le répertoire de données spécifié
-ENTRYPOINT ["blindbit-oracle", "-datadir", "/data"] 

blindbit/blindbit.toml

@@ -5,7 +5,7 @@ host = "0.0.0.0:8000"
 chain = "signet"
 
 # Point d'accès RPC Bitcoin
-rpc_endpoint = "http://bitcoin:18443"
+rpc_endpoint = "http://bitcoin:38332"
 
 # Chemin vers le fichier cookie RPC Bitcoin
 cookie_path = "/home/bitcoin/.bitcoin/signet/.cookie"

docker-compose.yml

@@ -1,5 +1,3 @@
-version: "3.8"
-
 services:
   tor:
     image: dperson/torproxy
@@ -8,67 +6,62 @@ services:
       btcnet:
         aliases:
           - tor
-    ports:
-      - "9052:9050"  # Port SOCKS (9052 sur l'hôte, 9050 dans le conteneur)
     restart: unless-stopped
 
   bitcoin:
-    build: ./bitcoin
+    image: git.4nkweb.com/4nk/bitcoin:latest 
     container_name: bitcoin-signet
     depends_on:
       - tor
     volumes:
       - bitcoin_data:/home/bitcoin/.bitcoin
-      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
-    ports:
-      - "38333:38333"  # signet p2p
-      - "18443:18443"  # signet rpc
-      - "29000:29000"  # zmq
+      - ./bitcoin/bitcoin.conf:/etc/bitcoin/bitcoin.conf:ro
     networks:
       btcnet:
         aliases:
           - bitcoin
+    user: root
     entrypoint: >
       /bin/sh -c "
-      mkdir -p /home/bitcoin/.bitcoin/wallets &&
-      bitcoind -conf=/home/bitcoin/.bitcoin/bitcoin.conf -signet -printtoconsole"
+        chown -R bitcoin:bitcoin /home/bitcoin/.bitcoin || echo 'warn: chown partiel (fichiers bind-mount Windows)';
+        exec su-exec bitcoin bitcoind -conf=/etc/bitcoin/bitcoin.conf -signet"
     healthcheck:
-      test: ["CMD", "bitcoin-cli", "-conf=/home/bitcoin/.bitcoin/bitcoin.conf", "getblockchaininfo"]
+      test: ["CMD", "bitcoin-cli", "-conf=/etc/bitcoin/bitcoin.conf", "getblockchaininfo"]
       interval: 30s
       timeout: 10s
       retries: 3
+    restart: unless-stopped
 
   blindbit:
-    build: ./blindbit
+    image: git.4nkweb.com/4nk/blindbit-oracle:dev
     container_name: blindbit-oracle
     depends_on:
       bitcoin:
         condition: service_healthy
     volumes:
-      - blindbit_data:/data
-      - ./blindbit/blindbit.toml:/data/blindbit.toml
+      - blindbit_data:/root/.blindbit-oracle
+      - ./blindbit/blindbit.toml:/tmp/blindbit.toml:ro
       - bitcoin_data:/home/bitcoin/.bitcoin
-    ports:
-      - "8000:8000"
+    entrypoint: >
+      sh -c "cp /tmp/blindbit.toml /root/.blindbit-oracle/blindbit.toml &&
+             ./main"
     networks:
       btcnet:
         aliases:
           - blindbit
+    restart: unless-stopped
 
   sdk_relay:
-    build:
-      context: .
-      dockerfile: sdk_relay/Dockerfile
+    image: git.4nkweb.com/4nk/sdk_relay:dev
     container_name: sdk_relay
     depends_on:
       - blindbit
     volumes:
+      - ./relay/sdk_relay.conf:/home/bitcoin/.conf:ro
+      - sdk_data:/home/bitcoin/.4nk
       - bitcoin_data:/home/bitcoin/.bitcoin
-      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
-      - sdk_relay_data:/home/bitcoin/.4nk
     ports:
       - "8090:8090"
-      - "8091:8091"
     networks:
       btcnet:
         aliases:
@@ -79,29 +72,95 @@ services:
         max-size: "10m"
         max-file: "3"
     environment:
-      - RUST_LOG=debug,bitcoincore_rpc=trace
       - HOME=/home/bitcoin
-      - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
-    restart: on-failure:3
+      - RUST_LOG=DEBUG
     entrypoint: >
-      /bin/sh -c "
-      mkdir -p /home/bitcoin/.4nk &&
-      strace -f -e trace=file /usr/local/bin/sdk_relay --config .conf"
+      /bin/sh -lc "mkdir -p /home/bitcoin/.4nk/logs && exec /usr/local/bin/sdk_relay --config /home/bitcoin/.conf 2>&1 | tee -a /home/bitcoin/.4nk/logs/sdk_relay.log"
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8091/health"]
+      test: ["CMD", "curl", "-f", "http://localhost:8090/health"]
       interval: 30s
       timeout: 10s
       retries: 3
+    restart: unless-stopped
 
   lecoffre-back:
-    image: git.4nkweb.com/4nk/lecoffre-back-mini:latest
+    image: git.4nkweb.com/4nk/lecoffre-back-mini:dev
     container_name: lecoffre-back
+    env_file:
+      - .env
+    ports:
+      - "8080:8080"
     networks:
       btcnet:
         aliases:
           - lecoffre-back
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+    restart: unless-stopped
+
+  lecoffre-front:
+    image: git.4nkweb.com/4nk/lecoffre-front:dev
+    container_name: lecoffre-front
+    env_file:
+      - .env
+    ports:
+      - "3000:3000"
+    networks:
+      btcnet:
+        aliases:
+          - lecoffre-front
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    restart: unless-stopped
+
+  ihm_client:
+    image: git.4nkweb.com/4nk/ihm_client:dev
+    container_name: ihm_client
+    ports:
+      - "3003:3003"
+    networks:
+      btcnet:
+        aliases:
+          - ihm_client
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    restart: unless-stopped
+
+  sdk_signer:
+    image: git.4nkweb.com/4nk/sdk_signer:dev
+    container_name: sdk_signer
+    env_file:
+      - .env
+    ports:
+      - "9090:9090"
+    networks:
+      btcnet:
+        aliases:
+          - sdk_signer
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    restart: unless-stopped
+
+  sdk_storage:
+    image: git.4nkweb.com/4nk/sdk_storage:dev
+    container_name: sdk_storage
+    networks:
+      btcnet:
+        aliases:
+          - sdk_storage
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    restart: unless-stopped
+
+  IA:
+    image: alpine:latest
+    container_name: IA
+    command: tail -f /dev/null
+    networks:
+      btcnet:
+        aliases:
+          - ia
+    restart: unless-stopped
 
   watchtower:
     image: containrrr/watchtower
@@ -111,12 +170,14 @@ services:
     command: --interval 30 --label-enable
     networks:
       - btcnet
+    restart: unless-stopped
 
 volumes:
   bitcoin_data:
     name: 4nk_node_bitcoin_data
   blindbit_data:
-  sdk_relay_data:
+  sdk_data:
+  db_data:
 
 networks:
   btcnet:

installer.nsi

@@ -0,0 +1,127 @@
+;--------------------------------
+; Fichier : installer.nsi
+;--------------------------------
+
+!define MUI_ICON        "kogusico.ico"
+!define MUI_UNICON      "kogusico.ico"
+!define MUI_UNINST_ICON "kogusico.ico"
+!define MUI_UNINSTALLER
+!include "MUI2.nsh"
+!include "LogicLib.nsh"
+
+;--------------------------------
+; Métadonnées produit
+;--------------------------------
+!define PRODUCT_NAME    "Kogus"
+!define PRODUCT_VERSION "1.0.0"
+!define INSTALL_DIR     "$PROGRAMFILES\${PRODUCT_NAME}"
+
+Name "${PRODUCT_NAME} ${PRODUCT_VERSION}"
+!define MUI_PRODUCT "${PRODUCT_NAME}"
+
+; Pages de l’installateur
+!insertmacro MUI_PAGE_WELCOME
+!insertmacro MUI_PAGE_LICENSE "license.txt"
+!insertmacro MUI_PAGE_DIRECTORY
+!insertmacro MUI_PAGE_INSTFILES
+!insertmacro MUI_PAGE_FINISH
+
+; Pages de l’uninstaller
+!insertmacro MUI_UNPAGE_CONFIRM
+!insertmacro MUI_UNPAGE_INSTFILES
+!insertmacro MUI_UNPAGE_FINISH
+
+!insertmacro MUI_LANGUAGE "French"
+
+OutFile "Kogus-${PRODUCT_VERSION}.exe"
+InstallDir "${INSTALL_DIR}"
+RequestExecutionLevel admin
+ShowInstDetails show
+
+Var ExecCode
+
+;--------------------------------
+; Section : Installation
+;--------------------------------
+Section "Install"
+
+  ; 1. Créer le dossier d’installation et copier l’icône
+  SetOutPath "$INSTDIR"
+  File "kogusico.ico"
+
+  ; 2. Copier docker-compose, config et script
+  File ".env"
+  File "docker-compose.yml"
+  File "run.ps1"
+
+  ; 3. Copier relay
+  CreateDirectory "$INSTDIR\relay"
+  SetOutPath    "$INSTDIR\relay"
+  File /r       "relay\*.*"
+
+  ; 4. Copier bitcoin
+  CreateDirectory "$INSTDIR\bitcoin"
+  SetOutPath    "$INSTDIR\bitcoin"
+  File /r       "bitcoin\*.*"
+
+  ; 5. Copier blindbit
+  CreateDirectory "$INSTDIR\blindbit"
+  SetOutPath    "$INSTDIR\blindbit"
+  File /r       "blindbit\*.*"
+
+  ; 6. Créer dossier de logs
+  CreateDirectory "$INSTDIR\logs"
+
+  ; 7. Raccourci Menu Démarrer pour lancer run.ps1
+  CreateDirectory "$SMPROGRAMS\${PRODUCT_NAME}"
+  CreateShortCut "$SMPROGRAMS\${PRODUCT_NAME}\Lancer Kogus.lnk" \
+                 "$INSTDIR\run.ps1" "" \
+                 "$INSTDIR\kogusico.ico" 0
+
+  ; 8. Lancement initial (installe/configure Docker si besoin) + capture code retour
+  ExecWait '"$SYSDIR\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoProfile -ExecutionPolicy Bypass -File "$INSTDIR\run.ps1"' $ExecCode
+  
+  ; 8bis. Si le script signale 3010 => reboot requis (WSL2/VM Platform, etc.)
+  ${If} $ExecCode = 3010
+    MessageBox MB_ICONQUESTION|MB_YESNO "Un redémarrage est requis pour terminer l'installation de Kogus. Redémarrer maintenant ?" IDYES +2 IDNO +4
+    SetRebootFlag true
+    Reboot
+  ${EndIf}
+
+  ; 9. Auto-démarrage Docker Desktop au login utilisateur
+  WriteRegStr HKCU "Software\Microsoft\Windows\CurrentVersion\Run" \
+               "DockerDesktop" \
+               '"$PROGRAMFILES\Docker\Docker\Docker Desktop.exe" --autostart'
+
+  ; 10. Raccourci dans le dossier Démarrage pour relancer la stack Kogus
+  CreateDirectory "$SMSTARTUP"
+  CreateShortCut "$SMSTARTUP\Relancer Kogus Stack.lnk" \
+                 "$SYSDIR\WindowsPowerShell\v1.0\powershell.exe" \
+                 '-NoProfile -ExecutionPolicy Bypass -File "$INSTDIR\run.ps1"' \
+                 "$INSTDIR\kogusico.ico" 0
+
+  ; 11. Générer l’uninstaller
+  WriteUninstaller "$INSTDIR\Uninstall.exe"
+
+SectionEnd
+
+;--------------------------------
+; Section : Désinstallation
+;--------------------------------
+Section "Uninstall"
+
+  ; Arrêter la stack Docker
+  nsExec::ExecToLog '"$SYSDIR\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command "docker compose -f `"$INSTDIR\docker-compose.yml`" down"'
+
+  ; Supprimer tous les fichiers et dossiers
+  RMDir /r "$INSTDIR"
+
+  ; Supprimer le raccourci Menu Démarrer
+  Delete "$SMPROGRAMS\${PRODUCT_NAME}\Lancer Kogus.lnk"
+  RMDir  "$SMPROGRAMS\${PRODUCT_NAME}"
+
+  ; Supprimer le raccourci de démarrage et l’entrée registre
+  Delete "$SMSTARTUP\Relancer Kogus Stack.lnk"
+  DeleteRegValue HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "DockerDesktop"
+
+SectionEnd

license.txt

@@ -0,0 +1 @@
+License Kogus

relay/sdk_relay.conf

@@ -0,0 +1,9 @@
+core_url="http://bitcoin:38332"
+ws_url="0.0.0.0:8090"
+wallet_name="default"
+network="signet"
+blindbit_url="http://blindbit:8000"
+zmq_url="tcp://bitcoin:29000"
+storage="https://demo.4nkweb.com/storage"
+data_dir="/home/bitcoin/.4nk"
+bitcoin_data_dir="/home/bitcoin/.bitcoin"

run.ps1

@@ -0,0 +1,189 @@
+# run.ps1 — installation & démarrage automatiques (Windows)
+# - Installe Docker Desktop si absent
+# - Active WSL2/VirtualMachinePlatform si nécessaire
+# - Démarre Docker Desktop (headless) et attend le daemon
+# - Lance `docker compose up -d`
+# - Enregistre une reprise RunOnce + retourne 3010 si un reboot est requis
+
+Param(
+    [switch]$PostReboot
+)
+
+# --- Sécurité / contexte ---
+$IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()
+).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+if (-not $IsAdmin) {
+    Write-Host "Relance en administrateur..."
+    Start-Process -Verb RunAs -FilePath "powershell.exe" -ArgumentList "-NoProfile", "-ExecutionPolicy", "Bypass", "-File", "`"$PSCommandPath`""
+    exit
+}
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
+# --- Dossiers / chemins ---
+$installRoot = Split-Path -Path $MyInvocation.MyCommand.Path -Parent
+$logDir = Join-Path -Path $installRoot -ChildPath 'logs'
+if (-not (Test-Path $logDir)) { New-Item -ItemType Directory -Path $logDir | Out-Null }
+$PsLog = Join-Path $logDir 'install-ps.log'   # <— log distinct pour éviter le verrou NSIS
+
+Push-Location $installRoot
+
+$ProgramFilesDocker = Join-Path $Env:ProgramFiles 'Docker\Docker'
+$DockerExe = Join-Path $ProgramFilesDocker 'resources\bin\docker.exe'
+$DockerDesktopExe = Join-Path $ProgramFilesDocker 'Docker Desktop.exe'
+$DockerCliExe = Join-Path $ProgramFilesDocker 'DockerCli.exe'
+
+function Write-Log($msg) {
+    $stamp = (Get-Date).ToString("yyyy-MM-dd HH:mm:ss")
+    try { Add-Content -Path $PsLog -Value "$stamp  $msg" -Encoding utf8 -ErrorAction SilentlyContinue } catch { }
+    Write-Host $msg
+}
+
+function Test-PendingReboot {
+    $paths = @(
+        'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending',
+        'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired',
+        'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager'
+    )
+    foreach ($p in $paths) {
+        if (Test-Path $p) {
+            if ($p -like '*Session Manager*') {
+                $val = (Get-ItemProperty -Path $p -Name 'PendingFileRenameOperations' -ErrorAction SilentlyContinue)
+                if ($val) { return $true }
+            }
+            else { return $true }
+        }
+    }
+    return $false
+}
+
+function Register-RunOnce {
+    $runOnceKey = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\RunOnce'
+    New-Item -Path $runOnceKey -Force | Out-Null
+    $cmd = "powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" -PostReboot"
+    Set-ItemProperty -Path $runOnceKey -Name 'KogusPostInstall' -Value $cmd
+    Write-Log "RunOnce enregistré : $cmd"
+}
+
+function Enable-WSLPrereqs {
+    Write-Log "Activation des fonctionnalités Windows (WSL2 / VirtualMachinePlatform) si nécessaire..."
+    $rebootNeeded = $false
+    & dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart | Out-Null
+    if ($LASTEXITCODE -eq 3010) { $rebootNeeded = $true }
+    & dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart | Out-Null
+    if ($LASTEXITCODE -eq 3010) { $rebootNeeded = $true }
+    try { wsl.exe --set-default-version 2 > $null 2>&1 } catch { }
+    return $rebootNeeded
+}
+
+function Install-DockerDesktop {
+    if (Test-Path $DockerExe) { return $false }
+    Write-Log "Docker Desktop absent : installation silencieuse…"
+    $installerUrl = 'https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe'
+    $installerPath = Join-Path -Path $installRoot -ChildPath 'docker-installer.exe'
+    try {
+        Invoke-WebRequest -UseBasicParsing -Uri $installerUrl -OutFile $installerPath
+    }
+    catch {
+        Write-Log "Téléchargement direct échoué, tentative via winget…"
+        try {
+            winget --version > $null 2>&1
+            winget install --id Docker.DockerDesktop -e --accept-source-agreements --accept-package-agreements
+            return $true
+        }
+        catch { throw "Impossible de télécharger Docker Desktop ($($_.Exception.Message))." }
+    }
+    $InstallerArguments = @('install', '--quiet', '--accept-license', '--backend=wsl-2', '--always-run-service')  # flags officiels
+    Start-Process -FilePath $installerPath -ArgumentList $InstallerArguments -Wait
+    Remove-Item -Path $installerPath -Force -ErrorAction SilentlyContinue
+    Write-Log "Installation de Docker Desktop terminée."
+    return $true
+}
+
+function Ensure-UserInDockerUsers {
+    try { & net localgroup docker-users $env:USERNAME /add > $null 2>&1 } catch { }
+}
+
+function Start-DockerDesktop-And-Wait {
+    # 1) s'assurer que le service est en auto + démarré
+    try { Set-Service -Name 'com.docker.service' -StartupType Automatic -ErrorAction SilentlyContinue } catch { }
+    try { Start-Service -Name 'com.docker.service' -ErrorAction SilentlyContinue } catch { }
+
+    # 2) démarrage headless via Docker Desktop CLI (4.37+)  → docker desktop start/status/engine use
+    try { & $DockerExe desktop start > $null 2>&1 } catch { }
+    try { & $DockerExe desktop engine use linux > $null 2>&1 } catch { }   # force le moteur Linux
+
+    # 3) boucle d’attente (statut Desktop + daemon Engine)
+    $deadline = (Get-Date).AddMinutes(10)
+    while ((Get-Date) -lt $deadline) {
+        try {
+            $status = (& $DockerExe desktop status 2>$null).Trim()
+            if ($status -match 'running') {
+                & $DockerExe version --format '{{.Server.Version}}' > $null 2>&1
+                if ($LASTEXITCODE -eq 0) {
+                    Write-Log "Docker Desktop: $status (daemon OK)"
+                    return $true
+                }
+            }
+        }
+        catch { }
+        Start-Sleep -Seconds 3
+    }
+
+    # 4) fallback : lancer l’UI si nécessaire (premier démarrage/initialisation WSL)
+    try { Start-Process -FilePath $DockerDesktopExe -ErrorAction SilentlyContinue } catch { }
+    $deadline2 = (Get-Date).AddMinutes(10)
+    while ((Get-Date) -lt $deadline2) {
+        try {
+            & $DockerExe version --format '{{.Server.Version}}' > $null 2>&1
+            if ($LASTEXITCODE -eq 0) { Write-Log "Docker daemon prêt (après lancement UI)."; return $true }
+        }
+        catch { }
+        Start-Sleep -Seconds 3
+    }
+
+    Write-Log "Le daemon Docker ne répond pas (timeout)."
+    return $false
+}
+
+# --- Orchestration ---
+$rebootNeeded = $false
+
+if (-not $PostReboot) {
+    if (Enable-WSLPrereqs) { $rebootNeeded = $true }
+}
+
+$installedNow = $false
+if (-not (Get-Command $DockerExe -ErrorAction SilentlyContinue)) {
+    $installedNow = Install-DockerDesktop
+}
+
+if ($rebootNeeded -or (Test-PendingReboot)) {
+    Write-Log "Un redémarrage Windows est requis. Enregistrement d'une reprise automatique…"
+    Register-RunOnce
+    Pop-Location
+    exit 3010
+}
+
+Ensure-UserInDockerUsers
+if (-not (Start-DockerDesktop-And-Wait)) {
+    Write-Log "Docker n'est pas prêt. Un redémarrage peut être requis."
+    Pop-Location
+    exit 1
+}
+
+# Lancer la stack
+$composeCmd = "`"$DockerExe`" compose"
+Write-Log "Lancement de '$composeCmd up -d'…"
+$runLog = Join-Path -Path $logDir -ChildPath 'run.log'
+& cmd.exe /c "$composeCmd up -d > `"$runLog`" 2>&1"
+if ($LASTEXITCODE -ne 0) {
+    Write-Log "Erreur lors du démarrage. Voir le log : $runLog"
+    Pop-Location
+    exit 1
+}
+else {
+    Write-Log "Stack démarrée. Logs : $runLog"
+}
+
+Pop-Location
+exit 0