Optimised db sync config

[gilescope]

Trial of settings to fix #15

Also sources cardano config files as git submodule rather than taking a copy of them.

Also adds cardano healthcheck

(Note, this builds on #23 - please land / review that first.)

[github-actions]

Checkmarx One – Scan Summary & Details – f47c78d9-2e78-488a-8722-66d583972352

New Issues (10)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Container Capabilities Unrestricted	/compose-partner-chains.yml: 44	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: WWFvVF3XKn2QMoO7EtCXNsVGzlY%3D
	Container Capabilities Unrestricted	/compose-partner-chains.yml: 86	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: euOHpLTXW2CON4Pg9vX55nuQk9Y%3D
	Container Capabilities Unrestricted	/compose-partner-chains.yml: 64	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: HpPp%2BMkm5YCxEvQI6lOl5%2BUpAYU%3D
	Container Traffic Not Bound To Host Interface	/compose-partner-chains.yml: 56	details Incoming container traffic should be bound to a specific host interface ID: %2FueQTj1yXmzcruVHnNusM2%2F0zRc%3D
	Container Traffic Not Bound To Host Interface	/compose-partner-chains.yml: 93	details Incoming container traffic should be bound to a specific host interface ID: bwqqgAqsZ6UxuL%2Bue0wfAFfo0tU%3D
	Healthcheck Not Set	/compose-partner-chains.yml: 64	details Check containers periodically to see if they are running properly. ID: lDrh6%2F1NmRh4%2B2dXtpY%2F7QzW2cQ%3D
	Healthcheck Not Set	/compose-partner-chains.yml: 86	details Check containers periodically to see if they are running properly. ID: X2w7cQ%2FwouzdR0zwoxrSbPC8W4Y%3D
	Security Opt Not Set	/compose-partner-chains.yml: 86	details Attribute 'security_opt' should be defined. ID: YKBP3sKKAqOxBZFhg0t%2FhzIBFjc%3D
	Security Opt Not Set	/compose-partner-chains.yml: 44	details Attribute 'security_opt' should be defined. ID: radny%2FQ5PewQLbNdY%2FKldLsEyCE%3D
	Security Opt Not Set	/compose-partner-chains.yml: 64	details Attribute 'security_opt' should be defined. ID: N4o74p4JBjcNZSnyr4UeQXJrbhw%3D

Fixed Issues (11)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Container Capabilities Unrestricted	/compose-partner-chains.yml: 55
	Container Capabilities Unrestricted	/compose-partner-chains.yml: 74
	Container Capabilities Unrestricted	/compose-partner-chains.yml: 37
	Container Traffic Not Bound To Host Interface	/compose-partner-chains.yml: 47
	Container Traffic Not Bound To Host Interface	/compose-partner-chains.yml: 81
	Healthcheck Not Set	/compose-partner-chains.yml: 55
	Healthcheck Not Set	/compose-partner-chains.yml: 74
	Healthcheck Not Set	/compose-partner-chains.yml: 23
	Security Opt Not Set	/compose-partner-chains.yml: 55
	Security Opt Not Set	/compose-partner-chains.yml: 37
	Security Opt Not Set	/compose-partner-chains.yml: 74

[gilescope]

Having synced db-sync from scratch using the partner chains settings, the following error occurs on start up against testnet-02:

midnight  | 2025-05-29 08:02:20 💔 Verification failed for block 0x507cd73ae005050a74006a0837dc9dcec92dbd08257a645abecc49a89e1963f8 received from (12D3KooWGRdTkxsuUwRiHw2jWEW3xXuWdJBLpr83MxLBJAE1FcM7): 
"Failed to create authority selection inputs: Failed to get Ariadne parameters for
epoch: 933, 
D-parameter: PolicyId(0x83424b65e444e98e9659f68484ed4c5a97f7cbe1936a8b301fc1b6dd), 
permissioned candidates: PolicyId(0x2f459d50b96ac59957d20b36ae967cda64a2174e37c5cdac93af597c):
 'DParameter Datum' not found. Possible causes: main chain follower configuration error,
db-sync not synced fully, or data not set on the main chain."   

It seems the settings partner chains has provided are necessary but not sufficient.

[gilescope]

Plutus was required (not a big surprise that one). With plutus added for preview it might shave half a gb off storage, but not a big difference.

[gilescope]

I'm going to close this as there's not been any significant advantage to this bespoke configuration.

[gilescope]

There's some suggestions by PC that this might lead to improved performance for the queries that midnight-node makes on db-sync.

[CLAassistant]

All committers have signed the CLA.