Bauxite Networks | Sovereign Infrastructure for Autonomous Systems

# Deploying via Docker

Deploying Bauxite via Docker is ideal for local simulation, development, and
containerized edge deployments.

## Prerequisites

- Docker and Docker Compose installed.
- Host support for TUN/TAP devices.
- A GitHub Personal Access Token (PAT) if building from source (to fetch private dependencies).

## 1. Building the Image

The Bauxite Mesh repository includes a multi-stage `Dockerfile` that builds the
agent and its dependencies.

```bash
# Build the image
docker compose build
```

The build uses the `ros:humble` base image and produces a final image based on
`eprosima/vulcanexus` for optimized ROS 2 performance.

## 2. Configuration via Environment Variables

The Bauxite Docker image can be configured using environment variables. On startup,
the container's entrypoint (`entrypoint.sh`) requests a provisioning token from the Hub via `grpcurl`, then calls `bauxite join`, which reads these
variables and writes a `config.toml` into the node's data directory.

Key variables include:
- `NODE_ID`: Unique name for the node.
- `HUB_URL`: URL of the Bauxite Control Plane.
- `BAUXITE_CIPHER`: Encryption cipher (`chacha20-poly1305` or `aes256-gcm`).
- `BAUXITE_ML_ENABLED`: Set to `true` to enable ML sidecar integration.

## 3. Running with Docker Compose

The provided `docker-compose.yml` sets up a complete local mesh environment, including:
- The Bauxite Control Plane Hub (`bauxite-dispatch`).
- Two robot nodes (`robot-1`, `robot-2`).
- A TURN relay (`coturn`) for NAT traversal testing.
- A mock Triton inference server (`mock_triton`) for ML sidecar integration testing.

### Starting the Simulation

```bash
docker compose up
```

### Critical Container Settings

For Bauxite to manage network interfaces correctly within a container, the
following settings are required (and included in the provided compose file):

```yaml
cap_add:
- NET_ADMIN
- SYS_ADMIN
devices:
- "/dev/net/tun:/dev/net/tun"
```

- **`NET_ADMIN`**: Allows the container to create and configure the `bauxite0` TUN interface.
- **`SYS_ADMIN`**: Required for certain eBPF and advanced networking operations.
- **`/dev/net/tun`**: Grants the container access to the host's TUN device driver.

## 4. Verifying Connectivity

Once the containers are running, you can execute commands inside them to
verify the mesh:

```bash
# Check the assigned virtual IP (printed during join)
docker logs robot-2 | grep "Virtual IP"

# Ping robot-2 from robot-1 over the virtual mesh network (replace with actual VIP)
docker exec -it robot-1 ping <robot-2-virtual-ip>
```

The virtual IPs are assigned sequentially from the hub's IP pool (10.42.0.2–254) based on join order. Since `robot-1` and `robot-2` start in parallel, the assignment is non-deterministic — check the agent logs for the actual assigned address.