feat(aztec): rootless docker, hardening, feedback improvements

[coincashew]

Summary by CodeRabbit

• New Features

  • Rootless Docker mode for non-root users; system Docker path retained for root.
  • Consolidated automatic network initialization at startup (endpoints, remote RPC selection, network state prepared before menu).
  • Aztec node: resource/security limits, structured logging, and explicit port mappings (RPC bound to localhost).
  • Health checks now show rootless status, peer/ENR counts, and improved container status reporting.

• Bug Fixes

  • Removed sudo from docker/docker-compose invocations for smoother operation.
  • Installer: clearer ownership/relogin messaging, more reliable log/port detection, and early exit after Aztec L2 Sequencer install.

[coderabbitai]

Walkthrough

Adds a public initializeNetwork() to ethpillar.sh to centralize endpoint and Aztec .env remote-RPC handling and calls it during startup; converts many sudo docker/docker compose invocations to non-sudo; introduces rootless Docker install flow; updates Aztec compose example with explicit ports, resource/security, and logging.

Changes

Cohort / File(s)	Summary
Core orchestration ethpillar.sh	Adds public initializeNetwork() which sets default CL/REST and EL host/port values, computes/exports API_BN_ENDPOINT and EL_RPC_ENDPOINT, optionally reads /opt/ethpillar/aztec/.env (ETHEREUM_HOSTS / L1_CONSENSUS_HOST_URLS) to pick first RPCs, and calls getNetworkConfig/getNetwork; replaces previous top-level init and ensures invocation during startup/initial setup; exits early after Aztec L2 Sequencer install path.
Docker installation helpers/install_docker.sh	Implements root vs non-root branching: for non-root configures rootless Docker (installs docker-ce-rootless-extras, uidmap, runs rootless setup, enables user lingering and per-user docker.service, sets DOCKER_HOST in profiles); for root enables/starts system docker.service; updates GPG URL quoting and messaging.
Aztec compose configuration plugins/aztec/docker-compose.yml.example	Removes network_mode: host; adds explicit ports (RPC bound to 127.0.0.1, P2P TCP/UDP), resource limits (cpus, mem_limit, mem_reservation), stop_grace_period, security_opt, tmpfs, capability drop/add, and logging config (json-file with rotation/compression).
Aztec plugin operations & logs plugins/aztec/menu.sh, plugins/aztec/plugin_aztec.sh, view_logs.sh	Replaces many sudo docker/sudo docker compose calls with non-sudo equivalents; adds ROOTLESS Docker checks/messages and guidance; extends health checks to include peer count/ENR and ports logic; tightens remote RPC input validation and interactive prompts; reorders Docker install/ownership steps and adds relogin prompts where needed; adjusts logs/ps/stop/restart/pull flows to non-sudo usage.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant User
  participant Script as ethpillar.sh
  participant Init as initializeNetwork()
  participant Env as /opt/ethpillar/aztec/.env
  participant Cfg as getNetworkConfig
  participant Net as getNetwork

  User->>Script: start
  Script->>Init: initializeNetwork()
  Init->>Init: set default CL/REST & EL host/ports
  alt Aztec .env present
    Init->>Env: read ETHEREUM_HOSTS, L1_CONSENSUS_HOST_URLS
    Env-->>Init: values
    Init->>Init: select first RPC(s), export endpoints
  end
  Init->>Cfg: getNetworkConfig()
  Cfg-->>Init: config
  Init->>Net: getNetwork()
  Net-->>Init: network info
  Init->>Script: export API_BN_ENDPOINT & EL_RPC_ENDPOINT
  Script->>User: continue startup / show menu

Loading

sequenceDiagram
  autonumber
  participant User
  participant Installer as helpers/install_docker.sh
  participant Systemd as systemd

  User->>Installer: run install_docker.sh
  alt Running as non-root
    Installer->>Installer: install rootless extras & uidmap
    Installer->>Installer: run dockerd-rootless-setuptool.sh
    Installer->>Systemd: enable user lingering & per-user docker.service (best-effort)
    Systemd-->>Installer: user service status
    Installer-->>User: set DOCKER_HOST in ~/.profile / ~/.bashrc
  else Running as root
    Installer->>Systemd: systemctl enable --now docker
    Systemd-->>Installer: service active
    Installer-->>User: system docker enabled
  end
  Installer-->>User: installation complete (mode-specific instructions)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat(aztec): add improvements from user feedback #135 — Overlaps with centralizing Aztec remote RPC handling and early network initialization in ethpillar.sh (strong code-level relation).
• feat(aztec plugin): add integration for aztec sequencer node #130 — Related to Aztec plugin/composition and non-sudo Docker wiring changes affecting plugin install and runtime flows.

Poem

I twitch my whiskers at ports aligned,
New endpoints chosen, configs refined.
Rootless feet tiptoe where sudo once trod,
Docker hums gentle — light paws on the sod.
Aztec sails set, carrots snug and bright. 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 26.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "feat(aztec): rootless docker, hardening, feedback improvements" accurately and concisely summarizes the PR’s main changes—adding rootless Docker support, security/hardening updates, and user feedback/message improvements—which match the modifications in install_docker.sh, aztec plugins, and ethpillar.sh; it is clear, uses conventional commit style, and is relevant to the changeset.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch least

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 26d8c98 and e71564f.

📒 Files selected for processing (6)

• ethpillar.sh (5 hunks)
• helpers/install_docker.sh (2 hunks)
• plugins/aztec/docker-compose.yml.example (2 hunks)
• plugins/aztec/menu.sh (6 hunks)
• plugins/aztec/plugin_aztec.sh (4 hunks)
• view_logs.sh (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• ethpillar.sh
• plugins/aztec/docker-compose.yml.example
• view_logs.sh

🧰 Additional context used

🧬 Code graph analysis (2)

plugins/aztec/menu.sh (1)

plugins/aztec/plugin_aztec.sh (2)

• error (33-36)
• info (29-31)

plugins/aztec/plugin_aztec.sh (1)

plugins/aztec/menu.sh (1)

• info (15-17)

🔇 Additional comments (13)

helpers/install_docker.sh (3)

14-16: LGTM! Proper GPG key retrieval with variable interpolation

The changes correctly use the sourced /etc/os-release ID variable with proper quoting.

---

30-60: Verify systemctl --user invocations run as the target user

The Docker documentation shows that systemctl --user commands should be run as the target user for rootless setup. Currently, the script runs systemctl --user commands directly without ensuring they execute as the non-root user who will own the rootless daemon.

The past review comment correctly identified this issue. Based on Docker's official documentation, the proper approach is to use sudo -u "$SUDO_USER" when running systemctl --user commands.

Apply this diff to fix the user context:

    # enable user service (best-effort) and allow running after logout
    sudo loginctl enable-linger "$USER" || true
-   systemctl --user enable docker || true
-   systemctl --user restart docker || true
+   sudo -u "$SUDO_USER" -- systemctl --user enable docker || true
+   sudo -u "$SUDO_USER" -- systemctl --user restart docker || true

---

42-52: Verify DOCKER_HOST persistence uses target user's home directory

The Docker documentation specifies that DOCKER_HOST=unix:///run/user/1000/docker.sock (or $XDG_RUNTIME_DIR) should be set for the target user. The current implementation uses $HOME which may refer to root's home when running with sudo.

Apply this diff to ensure the environment variable is set in the target user's profile:

    # shellcheck disable=SC2016
-   if ! grep -q 'DOCKER_HOST=unix://\$XDG_RUNTIME_DIR/docker.sock' "$HOME/.profile" 2>/dev/null; then
+   if ! grep -q 'DOCKER_HOST=unix://\$XDG_RUNTIME_DIR/docker.sock' "$(getent passwd "$SUDO_USER" | cut -d: -f6)/.profile" 2>/dev/null; then
      # shellcheck disable=SC2016
-     echo 'export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock' >> "$HOME/.profile"
+     echo 'export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock' >> "$(getent passwd "$SUDO_USER" | cut -d: -f6)/.profile"
    fi
    # shellcheck disable=SC2016
-   if ! grep -q 'DOCKER_HOST=unix://\$XDG_RUNTIME_DIR/docker.sock' "$HOME/.bashrc" 2>/dev/null; then
+   if ! grep -q 'DOCKER_HOST=unix://\$XDG_RUNTIME_DIR/docker.sock' "$(getent passwd "$SUDO_USER" | cut -d: -f6)/.bashrc" 2>/dev/null; then
      # shellcheck disable=SC2016
-     echo 'export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock' >> "$HOME/.bashrc"
+     echo 'export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock' >> "$(getent passwd "$SUDO_USER" | cut -d: -f6)/.bashrc"
    fi

plugins/aztec/plugin_aztec.sh (4)

63-63: LGTM! Docker installation now uses non-sudo approach

The change from sudo bash -c to bash -c aligns with the rootless Docker paradigm implemented throughout the PR.

---

140-161: LGTM! Enhanced RPC input validation with proper error handling

The new validation loop structure properly validates that URLs start with http(s):// and provides clear error messages. The input sanitization using tr -d '[:space:]' is also appropriate.

---

236-240: LGTM! Proper ownership assignment and completion messaging

The ownership update ensures the installed files are accessible to the installing user, and the completion message provides clear next steps.

---

294-303: Verify Docker installation handles DOCKER_HOST for rootless mode

After Docker installation, users running in rootless mode need DOCKER_HOST set to access the per-user Docker daemon. The relogin prompt is good, but ensure the install_docker.sh script properly configures the environment.

Run this script to verify the DOCKER_HOST environment variable is properly configured after Docker installation:

#!/bin/bash
# Check if DOCKER_HOST is set in user profile files for rootless Docker

echo "=== Checking DOCKER_HOST configuration ==="

# Check if install_docker.sh sets DOCKER_HOST properly
if grep -n 'DOCKER_HOST=unix://\$XDG_RUNTIME_DIR/docker.sock' helpers/install_docker.sh; then
    echo "✅ install_docker.sh configures DOCKER_HOST"
else
    echo "❌ install_docker.sh may not configure DOCKER_HOST properly"
fi

echo ""
echo "=== Verifying rootless Docker setup in install_docker.sh ==="
grep -A 10 -B 2 "ROOTLESS.*Mode" helpers/install_docker.sh || echo "No ROOTLESS mode section found"

plugins/aztec/menu.sh (6)

43-43: LGTM! Consistent non-sudo Docker usage

The change to non-sudo docker compose aligns with the rootless Docker implementation throughout the PR.

---

144-156: LGTM! Enhanced peer metrics with non-sudo Docker commands

The additions of peer count extraction and ENR retrieval using docker logs provide valuable networking insights. The non-sudo approach is consistent with the rootless theme.

---

160-168: LGTM! Rootless Docker mode verification adds important security context

The addition of rootless mode verification helps users understand their Docker security posture and provides guidance for proper setup.

---

211-215: LGTM! Fixed port calculation logic

The change from using tcp_check_ok (a boolean string) to include_tcp (numeric 0/1) fixes the arithmetic calculation issue. This addresses the past review comment correctly.

---

236-236: LGTM! Non-sudo Docker inspect usage

The change to non-sudo docker inspect is consistent with the rootless Docker approach.

---

410-436: LGTM! Consistent non-sudo Docker operations

All the menu operations (logs, stop, restart, pull) now use non-sudo Docker commands, which aligns perfectly with the rootless Docker implementation. The --tail=233 flag usage is also correct.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

plugins/aztec/plugin_aztec.sh (1)

262-267: Uninstall path mixes root and rootless docker

sudo docker rm/rmi will miss containers/images owned by the rootless daemon. Prefer plain docker (same daemon used by compose) for consistency.

Updated removeAll (outside changed hunk):

removeAll() {
  if whiptail --title "Uninstall $APP_NAME" --defaultno --yesno "Are you sure you want to remove $APP_NAME" 9 78; then
    cd "$PLUGIN_INSTALL_PATH" 2>/dev/null && docker compose down || true
    docker rm -f "$APP_NAME" 2>/dev/null || true
    TAG=$(grep "DOCKER_TAG" "$PLUGIN_INSTALL_PATH/.env" | sed "s/^DOCKER_TAG=\(.*\)/\1/")
    docker rmi -f "$DOCKER_IMAGE:$TAG" 2>/dev/null || true
    if [[ -f "$PLUGIN_INSTALL_PATH/.cast_installed_by_plugin" && -f /usr/local/bin/cast ]]; then
      sudo rm /usr/local/bin/cast
    fi
    sudo rm -rf "$PLUGIN_INSTALL_PATH"
    whiptail --title "Uninstall finished" --msgbox "You have uninstalled $APP_NAME." 8 78
  fi
}

🧹 Nitpick comments (2)

plugins/aztec/docker-compose.yml.example (1)

21-22: NET_BIND_SERVICE is unnecessary here

All exposed ports are >1024, so NET_BIND_SERVICE is not needed. Dropping it reduces config noise.

Apply this diff:

-    cap_add:                                # Add only required capabilities
-      - NET_BIND_SERVICE                    # Needed for binding to ports
+    # No cap_add needed for high ports

plugins/aztec/plugin_aztec.sh (1)

140-161: URL validation only checks the first entry in comma‑separated lists

Subsequent URLs aren’t validated. Split on commas and validate each to catch bad entries early.

Example:

validate_list() {
  IFS=',' read -ra items <<<"$1"
  for u in "${items[@]}"; do [[ "$u" =~ ^https?:// ]] || return 1; done
}

Use validate_list for ETH_RPC and BEACON_RPC.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ac2f791 and 53de261.

📒 Files selected for processing (6)

• ethpillar.sh (5 hunks)
• helpers/install_docker.sh (1 hunks)
• plugins/aztec/docker-compose.yml.example (2 hunks)
• plugins/aztec/menu.sh (5 hunks)
• plugins/aztec/plugin_aztec.sh (4 hunks)
• view_logs.sh (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (4)

helpers/install_docker.sh (1)

plugins/aztec/plugin_aztec.sh (1)

• install (109-258)

ethpillar.sh (1)

functions.sh (2)

• getNetworkConfig (21-26)
• getNetwork (192-218)

plugins/aztec/plugin_aztec.sh (1)

plugins/aztec/menu.sh (1)

• info (15-17)

plugins/aztec/menu.sh (1)

plugins/aztec/plugin_aztec.sh (2)

• error (33-36)
• info (29-31)

🔇 Additional comments (15)

ethpillar.sh (5)

37-65: initializeNetwork(): solid centralization of endpoints

Good guard for Aztec remote RPCs and CSV handling; exports are scoped and only override when both URLs exist.

Please confirm .env always contains L1_CONSENSUS_HOST_URLS and ETHEREUM_HOSTS (unquoted, no spaces), as grep/sed assume that shape.

---

227-228: Non‑sudo logs for Aztec (remote RPC path)

Matches rootless posture; good.

---

1576-1578: Exiting after Aztec install: confirm intent

exit 0 stops EthPillar immediately after installing Aztec. If the intent was to return to menu, consider returning instead.

---

1640-1641: Calling initializeNetwork before menu

Right placement to prep BACKTITLE and helpers.

---

83-84: Non‑sudo docker compose invocation

Verification ran docker compose version in the sandbox and failed: "/bin/bash: line 3: docker: command not found". Cannot confirm Docker Compose plugin availability — ensure Docker + the Compose plugin are installed on target hosts/CI, or add runtime detection/fallback in ethpillar.sh (lines 83–84).

    test -d /opt/ethpillar/"${_DIRNAME[i]}" && cd "/opt/ethpillar/${_DIRNAME[i]}" && docker compose "$1"
  done

view_logs.sh (2)

56-56: Switched to non‑sudo docker compose logs (remote RPC path)

LGTM.

---

70-70: Switched to non‑sudo docker compose logs (local RPC path)

LGTM.

plugins/aztec/menu.sh (5)

160-168: Rootless detection: helpful UX

Clear signal to the user about daemon mode. Good addition.

---

232-239: Container start time formatting

Robust fallback to N/A; concise status block.

---

406-406: Non‑sudo docker compose logs

Aligns with rootless path; good.

---

418-422: Non‑sudo stop/restart

Consistent with the rest of the PR.

---

428-429: Pull then write current_version

Consider pulling with --quiet to avoid noisy UI; logic looks fine.

plugins/aztec/plugin_aztec.sh (3)

63-66: docker install wrapper is fine; group add is optional for rootless

Adding the user to the docker group isn’t needed for rootless, but harmless. No action required.

If you want to skip the group add when rootless is detected: check docker info | grep -q rootless.

---

236-240: Chown to current user

Good to ensure non‑sudo compose can manage files.

---

294-304: Post‑install re‑login prompt for docker

Nice UX. Complements rootless setup.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

helpers/install_docker.sh (2)

43-48: Ensure non-root usage works when installed as root (docker group).

If the script runs as root, later non-sudo docker calls will fail for the regular user unless they’re in the docker group.

Apply this diff:

 if [ "$(id -u)" -eq 0 ]; then
   echo "🚦 Enabling and starting Docker service..."
   sudo systemctl enable --now docker
+  # Allow current login user to use docker without sudo (effective after re-login)
+  if id -nG "${SUDO_USER:-$USER}" | grep -qw docker; then
+    :
+  else
+    sudo usermod -aG docker "${SUDO_USER:-$USER}" || true
+    echo "ℹ️ Added ${SUDO_USER:-$USER} to docker group. Please log out/in for group changes to take effect."
+  fi
 else

---

29-41: Optional: surface DOCKER_HOST guidance for rootless.

Some environments won’t auto-detect the rootless socket. Consider exporting DOCKER_HOST in the user’s shell profile after setup.

Apply this diff:

     dockerd-rootless-setuptool.sh install
     # enable user service (best-effort) and allow running after logout
     sudo loginctl enable-linger "$USER" || true
-    systemctl --user enable docker || true
-    systemctl --user restart docker || true
+    systemctl --user enable docker || true
+    systemctl --user restart docker || true
+    # Hint for non-interactive/CI shells where autodetect may fail
+    SOCK="unix:///run/user/$(id -u)/docker.sock"
+    if ! grep -q 'DOCKER_HOST=' "$HOME/.profile" 2>/dev/null; then
+      echo "export DOCKER_HOST=${SOCK}" >> "$HOME/.profile"
+    fi

ethpillar.sh (2)

37-65: Add sane defaults and slightly harden .env parsing.

Avoid “http://:” when env is unset and be resilient to spaces. Also quote vars.

Apply this diff:

 initializeNetwork(){
-  # Consensus client or beacon node HTTP Endpoint
-  export API_BN_ENDPOINT="http://${CL_IP_ADDRESS}:${CL_REST_PORT}"
-
-  # Execution layer RPC API
-  export EL_RPC_ENDPOINT="http://${EL_IP_ADDRESS}:${EL_RPC_PORT}"
+  # Defaults if not provided
+  : "${CL_IP_ADDRESS:=127.0.0.1}"
+  : "${CL_REST_PORT:=5052}"
+  : "${EL_IP_ADDRESS:=127.0.0.1}"
+  : "${EL_RPC_PORT:=8545}"
+  # Consensus client or beacon node HTTP Endpoint
+  export API_BN_ENDPOINT="http://${CL_IP_ADDRESS}:${CL_REST_PORT}"
+  # Execution layer RPC API
+  export EL_RPC_ENDPOINT="http://${EL_IP_ADDRESS}:${EL_RPC_PORT}"
 
   # Handle Aztec remote RPC nodes
   if [[ -d /opt/ethpillar/aztec ]] && [[ ! -f /etc/systemd/system/consensus.service ]]; then
     # Load RPC URLs from .env
     if [[ -f /opt/ethpillar/aztec/.env ]]; then
-      consensus_beacon_rpc=$(grep ^L1_CONSENSUS_HOST_URLS /opt/ethpillar/aztec/.env | sed 's/L1_CONSENSUS_HOST_URLS=//g')
-      execution_l1_rpc=$(grep ^ETHEREUM_HOSTS /opt/ethpillar/aztec/.env | sed 's/ETHEREUM_HOSTS=//g')
+      consensus_beacon_rpc=$(sed -n 's/^L1_CONSENSUS_HOST_URLS=\(.*\)/\1/p' /opt/ethpillar/aztec/.env | tr -d '[:space:]')
+      execution_l1_rpc=$(sed -n 's/^ETHEREUM_HOSTS=\(.*\)/\1/p' /opt/ethpillar/aztec/.env | tr -d '[:space:]')
     fi
 
     # If there's a list of comma separated rpc nodes, use the first node
     consensus_beacon_rpc=${consensus_beacon_rpc%%,*}
     execution_l1_rpc=${execution_l1_rpc%%,*}
 
-    if [[ -n "$consensus_beacon_rpc" && -n "$execution_l1_rpc" ]]; then
-      export API_BN_ENDPOINT="$consensus_beacon_rpc"
-      export EL_RPC_ENDPOINT="$execution_l1_rpc"
+    if [[ -n "$consensus_beacon_rpc" && -n "$execution_l1_rpc" ]]; then
+      export API_BN_ENDPOINT="$consensus_beacon_rpc"
+      export EL_RPC_ENDPOINT="$execution_l1_rpc"
     fi
   fi
 
   # Initialize network variables
   getNetworkConfig
   getNetwork
 }

---

227-228: Compose logs flags: avoid ambiguous short-option bundling.

Use separate flags for clarity/compatibility.

Apply this diff:

-              cd  /opt/ethpillar/aztec && docker compose logs -fn 233
+              cd /opt/ethpillar/aztec && docker compose logs -f -n 233

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 53de261 and 58363a4.

📒 Files selected for processing (6)

• ethpillar.sh (5 hunks)
• helpers/install_docker.sh (1 hunks)
• plugins/aztec/docker-compose.yml.example (2 hunks)
• plugins/aztec/menu.sh (6 hunks)
• plugins/aztec/plugin_aztec.sh (4 hunks)
• view_logs.sh (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• view_logs.sh
• plugins/aztec/menu.sh
• plugins/aztec/plugin_aztec.sh
• plugins/aztec/docker-compose.yml.example

🧰 Additional context used

🧬 Code graph analysis (2)

ethpillar.sh (1)

functions.sh (2)

• getNetworkConfig (21-26)
• getNetwork (192-218)

helpers/install_docker.sh (1)

plugins/aztec/plugin_aztec.sh (1)

• install (109-258)

🔇 Additional comments (4)

helpers/install_docker.sh (2)

29-41: Great: rootless/system daemon split implemented as discussed previously.

The UID-branching, safe socket removal, linger, and user-service handling address the earlier conflict. Nice fix.

---

39-40: Don’t use sudo with systemctl --user.

User units should be managed without sudo; sudo can target the root user session (or fail if none).

Apply this diff:

-    sudo systemctl --user enable docker || true
-    sudo systemctl --user restart docker || true
+    systemctl --user enable docker || true
+    systemctl --user restart docker || true

ethpillar.sh (2)

83-84: Non‑sudo docker compose in plugin ops: good alignment with rootless.

If system (rootful) Docker is used, ensure the invoking user is in the docker group; otherwise these commands will fail. See suggested group addition in helpers/install_docker.sh.

---

1640-1641: initializeNetwork before menu: LGTM.

This keeps NETWORK/API_BN_ENDPOINT/EL_RPC_ENDPOINT consistent for the UI.

[coincashew]

@coderabbitai generate docstrings

[coderabbitai]

✅ Actions performed

Docstrings generation started.

[coderabbitai]

Note

Generated docstrings for this pull request at #140

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

plugins/aztec/plugin_aztec.sh (3)

204-212: Secret leakage: .env with private key is likely world‑readable

After sed injects the private key/address, .env inherits default perms (often 0644). This exposes secrets to other users.

Apply this diff to restrict permissions immediately after writes:

 [[ -n $PRIVATE_KEY ]] && sudo sed -i "s/^VALIDATOR_PRIVATE_KEYS.*$/VALIDATOR_PRIVATE_KEYS=${PRIVATE_KEY}/" $PLUGIN_INSTALL_PATH/.env || error "Unable to set VALIDATOR_PRIVATE_KEYS"
 [[ -n $ADDRESS ]] && sudo sed -i "s/^VALIDATOR_ADDRESS.*$/VALIDATOR_ADDRESS=${ADDRESS}/" $PLUGIN_INSTALL_PATH/.env || error "Unable to set VALIDATOR_ADDRESS"
 # COINBASE is block reward recipient. On mainnet, use a unique hardware wallet secured ETH address.
 [[ -n $ADDRESS ]] && sudo sed -i "s/^COINBASE.*$/COINBASE=${ADDRESS}/" $PLUGIN_INSTALL_PATH/.env || error "Unable to set COINBASE"
+sudo chmod 600 "$PLUGIN_INSTALL_PATH/.env" || error "Unable to chmod .env to 600"

---

262-268: Inconsistent with rootless: avoid sudo docker here

Elsewhere you moved to non‑sudo docker. Using sudo targets the system daemon and can fail under rootless.

Apply this diff:

-    sudo docker rm -f $APP_NAME 2>/dev/null || true
+    docker rm -f $APP_NAME 2>/dev/null || true
@@
-    sudo docker rmi -f $DOCKER_IMAGE:"$TAG"
+    docker rmi -f $DOCKER_IMAGE:"$TAG" || true

---

353-359: Use PRIVATE_KEY environment variable instead of passing the key on the CLI
Aztec CLI supports setting PRIVATE_KEY for the --private-key flag to avoid leaking secrets (npm.io). Remove the --private-key argument and export or inline the env var:

# Export the private key in your environment
export PRIVATE_KEY="$VALIDATOR_PRIVATE_KEYS"

aztec add-l1-validator \
  --staking-asset-handler 0xF739D03e98e23A7B65940848aBA8921fF3bAc4b2 \
  --l1-rpc-urls    "$ETHEREUM_HOSTS" \
  --l1-chain-id    11155111 \
  --attester       "$VALIDATOR_ADDRESS" \
  --proposer-eoa   "$VALIDATOR_ADDRESS"

🧹 Nitpick comments (5)

plugins/aztec/docker-compose.yml.example (1)

16-17: Drop unnecessary NET_BIND_SERVICE capability

You’re only using high ports (>1024). NET_BIND_SERVICE isn’t needed and can be removed to keep the container least‑privileged.

Apply this diff:

-    cap_add:                                # Add only required capabilities
-      - NET_BIND_SERVICE                    # Needed for binding to ports
+    # No capabilities needed for ports >1024
+    # cap_add: []

plugins/aztec/menu.sh (2)

166-171: More robust rootless detection

docker info output varies; match formatted info to reduce false negatives.

Apply this diff:

-      if docker info 2>&1 | grep -q "rootless"; then
+      if docker info --format '{{json .SecurityOptions}}' 2>/dev/null | grep -qi rootless; then
           echo -e "${g}   ✅ ROOTLESS Docker mode is active${nc}"
       else
           echo -e "${r}   ⚠️ Container is running as root. Re-install Docker with non-root user.${nc}"
       fi

---

435-436: Avoid double pull + ensure atomic update

Use up with --pull=always and recreate to minimize race conditions and avoid pulling twice.

Apply this diff:

-          if docker compose pull; then echo "$TAG" | sudo tee $PLUGIN_INSTALL_PATH/current_version; fi
-          startCommand
+          if docker compose up -d --pull=always --no-deps aztec-node; then
+            echo "$TAG" | sudo tee $PLUGIN_INSTALL_PATH/current_version
+          fi

plugins/aztec/plugin_aztec.sh (2)

62-67: Adding user to docker group is unnecessary in rootless mode

Not harmful, but it’s redundant and can confuse users about which daemon they’re talking to.

Apply this diff:

 function install_docker() {
   bash -c "$SOURCE_DIR/../../helpers/install_docker.sh"
-  info "Adding current user to docker group..."
-  sudo usermod -aG docker "$USER"
+  # Rootless path does not require docker group membership
 }

---

288-293: Nit: stray parenthesis in usage text

Minor typo.

Apply this diff:

-About $APP_NAME)
+About $APP_NAME

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 58363a4 and 8f33b15.

📒 Files selected for processing (6)

• ethpillar.sh (7 hunks)
• helpers/install_docker.sh (1 hunks)
• plugins/aztec/docker-compose.yml.example (2 hunks)
• plugins/aztec/menu.sh (6 hunks)
• plugins/aztec/plugin_aztec.sh (6 hunks)
• view_logs.sh (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• view_logs.sh
• ethpillar.sh

🧰 Additional context used

🧬 Code graph analysis (2)

plugins/aztec/menu.sh (1)

plugins/aztec/plugin_aztec.sh (1)

• error (33-36)

plugins/aztec/plugin_aztec.sh (1)

plugins/aztec/menu.sh (1)

• info (15-17)

🔇 Additional comments (3)

plugins/aztec/menu.sh (1)

214-219: LGTM: corrected expected-port arithmetic

The include_tcp flag derived from tcp_json fixes the earlier miscount. Good.

helpers/install_docker.sh (1)

39-40: Don’t use sudo with systemctl --user; it targets root’s user manager

This manages the wrong user session and often fails silently. Use the caller’s user manager.

Apply this diff:

-    sudo systemctl --user enable docker || true
-    sudo systemctl --user restart docker || true
+    systemctl --user enable docker || true
+    systemctl --user restart docker || true

plugins/aztec/docker-compose.yml.example (1)

7-9: Confirm resource limits are enforced under rootless

Automated check failed (runner missing docker/systemctl). Run on the host and paste outputs.

File: plugins/aztec/docker-compose.yml.example Lines: 7-9

    cpus: "4.0"                             # Limit to 4 CPU cores
    mem_limit: 16g                          # Limit to 16GB RAM
    mem_reservation: 8g                     # Reserve 8GB RAM

Run on host:

docker info | sed -nE 's/.*Cgroup Version: (.*)/Cgroup:\1/p; s/.*rootless.*/&/p'
systemctl --user show --property=Delegate | sed 's/^/User slice /'

Expect to see "Cgroup: v2" and systemd --user Delegate=yes; without cgroup v2 + delegation, rootless Docker may ignore these CPU/memory limits.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

plugins/aztec/plugin_aztec.sh (2)

232-235: Open the configured P2P_PORT in UFW, not a hardcoded 40400

Respect user overrides in .env.

-info "🔧 Configuring UFW firewall"
-sudo ufw allow 40400 comment 'Allow aztec node p2p port' || error "Unable to configure ufw"
+info "🔧 Configuring UFW firewall"
+P2P_PORT_CFG=$(grep -m1 -E '^\s*P2P_PORT\s*=' "$PLUGIN_INSTALL_PATH"/.env | sed -E 's/^\s*P2P_PORT\s*=\s*([0-9]+).*/\1/')
+P2P_PORT_CFG=${P2P_PORT_CFG:-40400}
+sudo ufw allow "${P2P_PORT_CFG}" comment 'Allow aztec node p2p port' || error "Unable to configure ufw"

---

262-267: Uninstall may fail in rootless setups due to sudo docker usage

Align with rootless by dropping sudo.

-    cd $PLUGIN_INSTALL_PATH 2>/dev/null && docker compose down || true
-    sudo docker rm -f $APP_NAME 2>/dev/null || true
+    cd $PLUGIN_INSTALL_PATH 2>/dev/null && docker compose down || true
+    docker rm -f $APP_NAME 2>/dev/null || true
@@
-    sudo docker rmi -f $DOCKER_IMAGE:"$TAG"
+    docker rmi -f $DOCKER_IMAGE:"$TAG"

plugins/aztec/menu.sh (1)

19-21: error() must exit to preserve control‑flow guarantees

Many callers use || error expecting termination. Add exit 1.

-function error {
-  echo -e "${r}${bold}ERROR: $1${nc}"
-}
+function error {
+  echo -e "${r}${bold}ERROR: $1${nc}"
+  exit 1
+}

🧹 Nitpick comments (4)

ethpillar.sh (2)

49-63: Harden .env parsing and quote expansions in initializeNetwork

Current grep/sed will break on spaces, quotes, or inline comments. Use anchored keys, trim whitespace/quotes, and quote vars on export.

Apply:

-    if [[ -f /opt/ethpillar/aztec/.env ]]; then
-      consensus_beacon_rpc=$(grep ^L1_CONSENSUS_HOST_URLS /opt/ethpillar/aztec/.env | sed 's/L1_CONSENSUS_HOST_URLS=//g')
-      execution_l1_rpc=$(grep ^ETHEREUM_HOSTS /opt/ethpillar/aztec/.env | sed 's/ETHEREUM_HOSTS=//g')
-    fi
+    if [[ -f /opt/ethpillar/aztec/.env ]]; then
+      consensus_beacon_rpc=$(grep -m1 -E '^\s*L1_CONSENSUS_HOST_URLS\s*=' /opt/ethpillar/aztec/.env | sed -E 's/^\s*L1_CONSENSUS_HOST_URLS\s*=\s*"?([^"#]+).*/\1/' | tr -d " ")
+      execution_l1_rpc=$(grep -m1 -E '^\s*ETHEREUM_HOSTS\s*=' /opt/ethpillar/aztec/.env | sed -E 's/^\s*ETHEREUM_HOSTS\s*=\s*"?([^"#]+).*/\1/' | tr -d " ")
+    fi
@@
-    consensus_beacon_rpc=${consensus_beacon_rpc%%,*}
-    execution_l1_rpc=${execution_l1_rpc%%,*}
+    consensus_beacon_rpc="${consensus_beacon_rpc%%,*}"
+    execution_l1_rpc="${execution_l1_rpc%%,*}"
@@
-    if [[ -n "$consensus_beacon_rpc" && -n "$execution_l1_rpc" ]]; then
-      export API_BN_ENDPOINT="$consensus_beacon_rpc"
-      export EL_RPC_ENDPOINT="$execution_l1_rpc"
+    if [[ -n "$consensus_beacon_rpc" && -n "$execution_l1_rpc" ]]; then
+      export API_BN_ENDPOINT="$consensus_beacon_rpc"
+      export EL_RPC_ENDPOINT="$execution_l1_rpc"
     fi

---

87-87: Avoid changing the parent shell’s CWD in testAndPluginCommand

cd persists and may break subsequent relative paths. Use a subshell.

-    test -d /opt/ethpillar/"${_DIRNAME[i]}" && cd "/opt/ethpillar/${_DIRNAME[i]}" && docker compose "$1"
+    test -d /opt/ethpillar/"${_DIRNAME[i]}" && ( cd "/opt/ethpillar/${_DIRNAME[i]}" && docker compose "$1" )

plugins/aztec/docker-compose.yml.example (1)

6-17: Resource limits and hardening look good; cap_add likely unnecessary

NET_BIND_SERVICE isn’t needed for ports >1024 (8080/40400). Consider dropping to minimize surface.

-    cap_add:                                # Add only required capabilities
-      - NET_BIND_SERVICE                    # Needed for binding to ports
+    # cap_add not required for ports >1024; keep minimal privileges
+    # cap_add:
+    #   - NET_BIND_SERVICE

plugins/aztec/menu.sh (1)

41-44: Make startCommand independent of CWD

Pass compose file explicitly to avoid relying on prior cd.

-    docker compose --env-file "$PLUGIN_INSTALL_PATH"/.env up -d || error "Error starting command"
+    docker compose -f "$PLUGIN_INSTALL_PATH"/docker-compose.yml --env-file "$PLUGIN_INSTALL_PATH"/.env up -d || error "Error starting command"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f33b15 and ff41a4a.

📒 Files selected for processing (6)

• ethpillar.sh (5 hunks)
• helpers/install_docker.sh (1 hunks)
• plugins/aztec/docker-compose.yml.example (2 hunks)
• plugins/aztec/menu.sh (6 hunks)
• plugins/aztec/plugin_aztec.sh (4 hunks)
• view_logs.sh (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• helpers/install_docker.sh
• view_logs.sh

🧰 Additional context used

🧬 Code graph analysis (3)

ethpillar.sh (1)

functions.sh (2)

• getNetworkConfig (21-26)
• getNetwork (192-218)

plugins/aztec/plugin_aztec.sh (1)

plugins/aztec/menu.sh (1)

• info (15-17)

plugins/aztec/menu.sh (1)

plugins/aztec/plugin_aztec.sh (2)

• error (33-36)
• info (29-31)

🔇 Additional comments (12)

ethpillar.sh (2)

1644-1644: initializeNetwork placement is good

Network/env priming before menuMain looks correct.

---

1579-1582: Do not terminate the entire TUI after Aztec install; return instead of exit

-              runScript plugins/aztec/plugin_aztec.sh -i
-              exit 0
+              runScript plugins/aztec/plugin_aztec.sh -i
+              return 0

plugins/aztec/docker-compose.yml.example (2)

32-42: Port mapping syntax OK; confirm host_ip support on target Compose version

host_ip in long syntax requires a sufficiently recent docker compose. If compatibility is a concern, use short syntax "127.0.0.1:${PORT}:${PORT}".

---

45-50: Logging options LGTM

Reasonable rotation and compression settings.

plugins/aztec/plugin_aztec.sh (5)

63-66: Rootless‑friendly Docker install

Removing sudo for installer invocation is consistent with rootless flow; usermod is correctly sudo’d.

---

140-161: Input validation loops for remote RPCs are solid

Good UX; trims whitespace and enforces http(s) scheme.

---

212-215: Remote RPC write‑back LGTM

.env updates for ETHEREUM_HOSTS and L1_CONSENSUS_HOST_URLS are correct.

---

236-240: Ownership handoff to current user is a good addition

Prevents permission issues with rootless Docker.

---

294-303: Docker readiness + relog prompt LGTM

Nice UX for rootless enablement.

plugins/aztec/menu.sh (3)

158-169: Rootless Docker check is helpful

Clear guidance for users; good addition.

---

209-215: Expected-port calculation fix looks correct

Numeric include flag derived from tcp_json resolves prior bug.

---

422-426: Non‑sudo compose stop/restart LGTM

Consistent with rootless flow.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

plugins/aztec/menu.sh (1)

19-21: error() must terminate

Many call sites use || error "...". Without exit 1, failures won’t abort and flow continues in a bad state.

Apply this diff:

 function error {
   echo -e "${r}${bold}ERROR: $1${nc}"
+  exit 1
 }

🧹 Nitpick comments (5)

ethpillar.sh (2)

37-69: Centralizing endpoint init is good; sanitize .env-derived URLs

initializeNetwork is a nice consolidation. Minor: when grepping Aztec .env, values may be quoted; strip any surrounding quotes to avoid literal quotes in endpoints.

Apply this diff:

-      consensus_beacon_rpc=$(grep ^L1_CONSENSUS_HOST_URLS /opt/ethpillar/aztec/.env | sed 's/L1_CONSENSUS_HOST_URLS=//g')
-      execution_l1_rpc=$(grep ^ETHEREUM_HOSTS /opt/ethpillar/aztec/.env | sed 's/ETHEREUM_HOSTS=//g')
+      consensus_beacon_rpc=$(grep ^L1_CONSENSUS_HOST_URLS /opt/ethpillar/aztec/.env | sed 's/^L1_CONSENSUS_HOST_URLS=//; s/^"//; s/"$//')
+      execution_l1_rpc=$(grep ^ETHEREUM_HOSTS /opt/ethpillar/aztec/.env | sed 's/^ETHEREUM_HOSTS=//; s/^"//; s/"$//')

---

87-88: Avoid changing the caller’s CWD; run docker compose in a subshell

cd inside this helper mutates global CWD and can break later file-relative paths.

Apply this diff:

-    test -d /opt/ethpillar/"${_DIRNAME[i]}" && cd "/opt/ethpillar/${_DIRNAME[i]}" && docker compose "$1"
+    test -d /opt/ethpillar/"${_DIRNAME[i]}" && ( cd "/opt/ethpillar/${_DIRNAME[i]}" && docker compose "$1" )

plugins/aztec/plugin_aztec.sh (1)

140-161: Validate each comma-separated RPC URL

Current check only validates the first URL. Split on commas and ensure every entry starts with http(s)://; give actionable error.

Apply this diff:

-  while true; do
+  while true; do
       ETH_RPC=$(whiptail --title "Ethereum RPC URL(s) (ETHEREUM_HOSTS)" --inputbox "🔗 Enter one or more URLs, comma-separated (e.g. https://sepolia.rpc.url,http://192.168.1.123:8545):" 9 78 --ok-button "Submit" 3>&1 1>&2 2>&3)
       if [ -z "$ETH_RPC" ]; then exit; fi #pressed cancel
       # sanitize: strip spaces
       ETH_RPC=$(echo "$ETH_RPC" | tr -d '[:space:]')
-      if [[ "$ETH_RPC" =~ ^https?:// ]]; then
+      invalid=0
+      IFS=',' read -r -a arr <<< "$ETH_RPC"
+      for u in "${arr[@]}"; do
+        [[ "$u" =~ ^https?:// ]] || invalid=1
+      done
+      if [[ $invalid -eq 0 ]]; then
           break
       else
           whiptail --title "Error" --msgbox "ETHEREUM_HOSTS must be one or more http(s):// URLs, comma-separated" 8 78
       fi
   done
-  while true; do
+  while true; do
       BEACON_RPC=$(whiptail --title "Beacon RPC URL(s) (L1_CONSENSUS_HOST_URLS)" --inputbox "🔗 Enter one or more URLs, comma-separated (e.g. https://beacon.rpc.url,http://192.168.1.123:5052):" 9 78 --ok-button "Submit" 3>&1 1>&2 2>&3)
       if [ -z "$BEACON_RPC" ]; then exit; fi #pressed cancel
       # sanitize: strip spaces
       BEACON_RPC=$(echo "$BEACON_RPC" | tr -d '[:space:]')
-      if [[ "$BEACON_RPC" =~ ^https?:// ]]; then
+      invalid=0
+      IFS=',' read -r -a arr <<< "$BEACON_RPC"
+      for u in "${arr[@]}"; do
+        [[ "$u" =~ ^https?:// ]] || invalid=1
+      done
+      if [[ $invalid -eq 0 ]]; then
         break
       else
-          whiptail --title "Error" --msgbox "L1_CONSENSUS_HOST_URLS must start with http(s)://" 8 78
+          whiptail --title "Error" --msgbox "L1_CONSENSUS_HOST_URLS must be one or more http(s):// URLs, comma-separated" 8 78
       fi
   done

plugins/aztec/menu.sh (2)

143-152: Peer ID/peer count scraping is OK; consider a slightly longer window

Using -n 100 may miss recent lines on quiet nodes. Optional: increase to 300 for resiliency.

Apply this diff:

-      peercount=$(docker logs aztec-sequencer -n 100 2>&1 | grep 'peer_manager' | tail -n1 | sed "s/.*Connected to \([0-9]*\).*/\1/")
+      peercount=$(docker logs aztec-sequencer -n 300 2>&1 | grep 'peer_manager' | tail -n1 | sed "s/.*Connected to \([0-9]*\).*/\1/")

---

177-191: Minor nit: stray tcp_check_ok toggled in UDP loop

tcp_check_ok is set true on UDP success and not used later; drop it or rename to udp_check_ok to avoid confusion.

Apply this diff:

-      tcp_check_ok=false
+      # tcp_json presence decides TCP; no separate flag needed
       tcp_json=$(curl -s --connect-timeout 3 --max-time 5 --fail "${checker_url}${tcp_ports}") || true
@@
-          if nc -z -u localhost "$port" &>/dev/null; then
+          if nc -z -u localhost "$port" &>/dev/null; then
               ((udp_open_ports++))
               open_udp_ports+=("$port")
-              tcp_check_ok=true
           fi

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ff41a4a and 26d8c98.

📒 Files selected for processing (6)

• ethpillar.sh (5 hunks)
• helpers/install_docker.sh (1 hunks)
• plugins/aztec/docker-compose.yml.example (2 hunks)
• plugins/aztec/menu.sh (6 hunks)
• plugins/aztec/plugin_aztec.sh (4 hunks)
• view_logs.sh (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• plugins/aztec/docker-compose.yml.example
• view_logs.sh

🧰 Additional context used

🧬 Code graph analysis (3)

ethpillar.sh (1)

functions.sh (2)

• getNetworkConfig (21-26)
• getNetwork (192-218)

plugins/aztec/plugin_aztec.sh (1)

plugins/aztec/menu.sh (1)

• info (15-17)

plugins/aztec/menu.sh (1)

plugins/aztec/plugin_aztec.sh (1)

• error (33-36)

🔇 Additional comments (9)

ethpillar.sh (3)

231-232: Don’t change CWD when tailing Aztec logs

Run the log tail in a subshell to avoid CWD side effects.

Apply this diff:

-              cd  /opt/ethpillar/aztec && docker compose logs -f --tail=233
+              ( cd /opt/ethpillar/aztec && docker compose logs -f --tail=233 )

---

1644-1645: LGTM: initializeNetwork() invoked at startup

Good placement after setNodeMode; prepares endpoints before menus.

---

1581-1581: Avoid exiting the entire TUI after Aztec install

exit 0 tears down EthPillar and skips patches/checks/menus. Return to caller instead.

Apply this diff:

-              exit 0
+              return 0

plugins/aztec/plugin_aztec.sh (2)

62-66: LGTM: delegating to helpers/install_docker.sh

Calling the central installer keeps Docker logic in one place.

---

236-238: Good: fix ownership at end of install

Chowning the install path avoids permission friction for subsequent non-root operations.

plugins/aztec/menu.sh (3)

160-168: LGTM: compose ps uses project file and aligns with rootless flow

Non-sudo compose matches the broader rootless migration.

---

209-216: LGTM: corrected expected-ports arithmetic

The include_tcp flag based on tcp_json fixes prior miscounts.

---

410-433: Logs, stop/restart, pull: non-sudo compose is correct

These changes align with rootless Docker. Pull writeback to current_version is fine.

helpers/install_docker.sh (1)

39-40: Do not use sudo with systemctl --user

systemctl --user must run as the target user, not via sudo. Using sudo targets root’s user session and often fails, especially without a login session/DBus.

Apply this diff:

-    sudo systemctl --user enable docker || true
-    sudo systemctl --user restart docker || true
+    systemctl --user enable docker || true
+    systemctl --user restart docker || true