```

[+] chore(root): Initialise le projet avec une structure de base

Crée la structure de base du projet Symfony, incluant les entités,
services, formulaires, et templates nécessaires pour la gestion des
comptes utilisateurs, la sécurité, et la gestion des mots de passe
oubliés. Ajoute également la configuration pour la gestion des assets
avec Vite, la gestion des fichiers avec Flysystem, et la
génération de sitemaps.
```

docker/actions/Dockerfile

@@ -0,0 +1,123 @@
+# Use the official Debian 12.11 (Bookworm) image as the base
+FROM debian:12.11
+
+# Set environment variables to prevent interactive prompts during apt operations
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Update the package list and install necessary dependencies for adding Node.js and PHP repositories
+# curl is needed to download the NodeSource setup script, Bun install script, and Composer installer
+# gnupg is needed to handle GPG keys for apt repositories
+# ca-certificates is needed for secure connections
+# apt-transport-https is needed for apt to fetch packages over HTTPS
+# unzip and tar are often required for Bun's installation process
+# lsb-release is needed for add-apt-repository (which is not used directly, but useful for detecting distro)
+# dirmngr is needed for adding GPG keys
+# wget is needed to download the PHP repository GPG key
+RUN apt-get update && \
+    apt-get install -y curl gnupg ca-certificates apt-transport-https unzip tar lsb-release dirmngr wget && \
+    rm -rf /var/lib/apt/lists/*
+
+# Add NodeSource GPG key for Node.js 23.x repository
+# The NodeSource setup script adds the repository and imports the GPG key.
+# We're specifically targeting Node.js 23.x.
+RUN curl -fsSL https://deb.nodesource.com/setup_23.x | bash -
+
+# Install Node.js and npm from the NodeSource repository
+# nodejs package includes both Node.js runtime and npm (Node Package Manager)
+RUN apt-get update && \
+    apt-get install -y nodejs && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install Bun
+# This command downloads and executes the official Bun installation script.
+# It installs Bun globally.
+RUN curl -fsSL https://bun.sh/install | bash
+
+# Add Bun to the PATH for non-interactive shells and subsequent commands
+# The Bun installer typically adds it to ~/.bashrc or similar, but for Docker,
+# we need to ensure it's in the system-wide PATH or explicitly sourced.
+# This line appends the Bun binary directory to the PATH environment variable.
+ENV PATH="/root/.bun/bin:$PATH"
+
+# Add Ondrej's PHP repository for Debian 12 (Bookworm)
+# This repository provides up-to-date PHP versions.
+RUN echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/sury-php.list && \
+    wget -qO - https://packages.sury.org/php/apt.gpg | apt-key add -
+
+# Install PHP 8.3 and common extensions
+# php8.3-cli: Command Line Interface
+# php8.3-fpm: FastCGI Process Manager (for web servers like Nginx/Apache)
+# php8.3-mysql: MySQL database extension
+# php8.3-curl: cURL extension for making HTTP requests
+# php8.3-mbstring: Multibyte string functions
+# php8.3-xml: XML extension
+# php8.3-zip: Zip archive extension (already present, but good to ensure)
+# php8.3-gd: GD extension (for JPEG, WebP, etc.)
+# php8.3-pdo: PDO (PHP Data Objects) extension
+# php8.3-pgsql: PostgreSQL PDO driver
+# php8.3-gmp: GNU Multiple Precision arithmetic functions
+# php8.3-bcmath: Arbitrary precision mathematics
+# php8.3-intl: Internationalization extension
+# php8.3-redis: Redis extension
+# php8.3-excimer: Excimer extension (for profiling)
+# php8.3-xdebug: Xdebug extension (for debugging and profiling)
+RUN apt-get update && \
+    apt-get install -y php8.3 php8.3-cli php8.3-fpm php8.3-mysql php8.3-curl php8.3-mbstring php8.3-xml php8.3-zip php8.3-gd php8.3-pdo php8.3-pgsql php8.3-gmp php8.3-bcmath php8.3-intl php8.3-redis php8.3-excimer php8.3-xdebug && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install Composer
+# Download the Composer installer script
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+
+# Configure Xdebug
+# Create a new INI file for Xdebug configuration.
+# Set xdebug.mode to 'develop,debug' for development and debugging features.
+# Set xdebug.start_with_request to 'yes' to always start Xdebug on every request.
+# Set xdebug.client_host to 'host.docker.internal' for Docker Desktop compatibility
+# This allows Xdebug to connect back to the host machine's IDE.
+RUN echo "zend_extension=xdebug" > /etc/php/8.3/mods-available/xdebug.ini && \
+    echo "xdebug.mode=develop,debug" >> /etc/php/8.3/mods-available/xdebug.ini && \
+    echo "xdebug.start_with_request=yes" >> /etc/php/8.3/mods-available/xdebug.ini && \
+    echo "xdebug.client_host=host.docker.internal" >> /etc/php/8.3/mods-available/xdebug.ini
+
+# --- Install Docker into the image ---
+# Add Docker's official GPG key
+RUN install -m 0755 -d /etc/apt/keyrings && \
+    curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+    chmod a+r /etc/apt/keyrings/docker.gpg
+
+# Add the Docker repository to Apt sources
+RUN echo \
+  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
+  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
+  tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+# Update apt package index and install Docker Engine, CLI, containerd, and Docker Compose plugin
+RUN apt-get update && \
+    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
+    rm -rf /var/lib/apt/lists/*
+
+# Verify Node.js, npm, Bun, PHP, Composer, and Docker installations
+RUN node -v
+RUN npm -v
+RUN bun -v
+RUN php -v
+RUN composer -v
+
+# Set a working directory (optional, but good practice for applications)
+WORKDIR /app
+
+# You can add your application code here, for example:
+# COPY . /app
+
+# Install dependencies using Bun
+# This command assumes you have a package.json or bun.lockb file in your /app directory.
+# If you don't have one, this command will likely fail or do nothing.
+# RUN bun install
+
+# EXPOSE 3000
+# CMD ["node", "your-app.js"]
+
+# Default command if no other command is specified when running the container
+# This will keep the container running and allow you to exec into it.
+CMD ["node"]

docker/caddy/Caddyfile

@@ -0,0 +1,46 @@
+# ./docker/caddy/Caddyfile
+
+# Nous écoutons sur le port 80 (qui est mappé depuis le port 8000 de l'hôte)
+:80 {
+    # La racine de votre application Symfony
+    root * /srv/app/public
+
+    # Activation de la compression (optionnel)
+    encode gzip zstd
+
+    # Gère les assets statiques directement (améliore les performances)
+    file_server
+
+    # Passe toutes les requêtes non résolues par file_server à Symfony (index.php)
+    php_fastcgi php:9000 { # 'php' est le nom de votre service PHP dans docker-compose
+        # Transmet les en-têtes X-Forwarded-* reçus de Nginx à PHP-FPM
+        # C'est CRUCIAL pour que Symfony détecte HTTPS
+        env HTTPS on # Simule que la connexion est HTTPS pour PHP
+        env HTTP_X_FORWARDED_PROTO {header.X-Forwarded-Proto} # Récupère le proto original de Nginx
+        env HTTP_X_FORWARDED_HOST {header.X-Forwarded-Host} # Récupère l'hôte original de Nginx
+        env HTTP_X_FORWARDED_PORT {header.X-Forwarded-Port} # Récupère le port original de Nginx
+        env HTTP_X_REAL_IP {header.X-Real-IP} # Récupère l'IP réelle du client (si Nginx la passe)
+
+        # Assurez-vous que l'adresse IP de Nginx est aussi trustée par Symfony
+        # via framework.trusted_proxies dans Symfony.
+    }
+
+    # Journalisation des accès (utile pour le débogage)
+    log {
+        output stdout
+        format json
+    }
+    handle_path /ts.js {
+    	redir https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
+    }
+    handle_path /tp.widget.bootstrap.min.js.map {
+    	redir https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js.map
+    }
+    # Configuration des en-têtes CORS pour les requêtes OPTIONS du profiler
+    # Note: Caddy a une directive 'header' mais c'est pour les réponses.
+    # Pour gérer spécifiquement les OPTIONS en tant que preflight, c'est plus direct
+    # de le faire via php_fastcgi si Symfony peut le gérer, ou avec une directive
+    # 'handle' ou 'route' spécifique si Caddy doit répondre directement.
+    # Pour l'instant, faisons confiance à Symfony pour gérer les CORS via NelmioCorsBundle
+    # une fois que le protocole est correct.
+}

docker/php/Dockerfile

@@ -0,0 +1,91 @@
+# Utiliser une image PHP 8.3 FPM (Ubuntu-based)
+FROM php:8.3-fpm
+
+# Arguments pour les permissions de fichiers
+ARG UID
+ARG GID
+
+# Mettre à jour et installer les dépendances système requises
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    # Outils de compilation et dépendances pour PHP extensions
+    build-essential \
+    libpq-dev \
+    libzip-dev \
+    libpng-dev \
+    libjpeg-dev \
+    libfreetype6-dev \
+    libwebp-dev \
+    libicu-dev \
+    # Dépendance pour GMP (bibliothèque de développement)
+    libgmp-dev \
+    # Outils généraux
+    zip \
+    unzip \
+    ffmpeg \
+    jq \
+    wget \
+    nodejs \
+    npm \
+    postgresql-client \
+    git \
+    # Nettoyage des listes de paquets pour réduire la taille de l'image
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Installer le client HashiCorp Vault
+ENV VAULT_VERSION=1.17.1
+RUN wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip -O vault.zip && \
+    unzip vault.zip -d /usr/local/bin && \
+    rm vault.zip
+
+# Installer le client MinIO (mc)
+RUN wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /usr/local/bin/mc && \
+    chmod +x /usr/local/bin/mc
+
+RUN npm install -g mjml
+# Configurer et installer les extensions PHP
+# Utilisation de -j$(nproc) pour paralléliser la compilation et accélérer le build
+RUN docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp \
+    && docker-php-ext-install -j$(nproc) gd pdo pdo_pgsql zip gmp bcmath intl exif
+
+# Installer Redis via pecl
+RUN pecl install redis && docker-php-ext-enable redis
+
+# Installer Excimer via pecl
+RUN pecl install excimer && docker-php-ext-enable excimer
+
+# Configuration et installation de Xdebug
+# Utilisation de --no-install-recommends pour éviter l'installation de paquets inutiles
+RUN apt-get update && apt-get install -y --no-install-recommends git \
+    && mkdir -p /usr/src/php/ext/xdebug \
+    && git clone https://github.com/xdebug/xdebug.git /usr/src/php/ext/xdebug \
+    && cd /usr/src/php/ext/xdebug \
+    && phpize \
+    && ./configure --enable-xdebug \
+    && make && make install \
+    && rm -rf /usr/src/php/ext/xdebug \
+    && apt-get autoremove -y build-essential git \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+COPY ./docker/php/custom.ini /usr/local/etc/php/conf.d/custom.ini
+
+RUN echo "zend_extension=xdebug" > /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
+RUN echo "xdebug.mode=develop,debug" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+    && echo "xdebug.start_with_request=yes" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+    && echo "xdebug.client_host=host.docker.internal" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
+RUN mkdir -p /opt/phpstorm-coverage && \
+    chmod -R 777 /opt/phpstorm-coverage
+
+# Installer Composer globalement
+COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+RUN mkdir -p /opt/phpstorm-coverage/ && chmod -R 777 /opt/phpstorm-coverage/
+
+# Créer un utilisateur et un groupe non-root pour l'application
+# Utilisation de useradd/groupadd pour les systèmes basés sur Debian/Ubuntu
+RUN groupadd -g $GID appuser && \
+    useradd -u $UID -g appuser -ms /bin/bash appuser
+
+# Changer pour l'utilisateur non-root
+USER appuser
+# Définir le répertoire de travail
+WORKDIR /srv/app

docker/php/custom.ini

@@ -0,0 +1,2 @@
+upload_max_filesize=128M
+post_max_size=128M

docker/vault/config.json

@@ -0,0 +1 @@
+{"storage": {"file": {"path": "/vault/file"}}, "listener": [{"tcp": { "address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}

docker/vault/entrypoint.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# 'exec' remplace le processus du shell par celui de vault, ce qui est une bonne pratique.
+exec vault server -dev