Added unix ops to docker compose

[KesterTan]

Description

This PR adds unix ops daemon to docker compose for the permission model.

Testing

• Test by running docker compose build and checking that everything runs with legacy autolab and tango.
• Change branches to joy-testing and kester-gamma-tango and testing that autolab delegation works as expected.
• Curl unixops in port 4000 while in Autolab and Tango containers

[coderabbitai]

📝 Walkthrough

Walkthrough

The .env.template file is updated to include two new environment variable declarations scoped under an AWS configuration section: UNIX_OPS_SHARED_SECRET as an empty placeholder and AUTOLAB_HOST_COURSES_ROOT with a default filesystem path value.

Changes

Cohort / File(s)	Summary
Environment Template Configuration .env.template	Added two AWS-related environment variables: UNIX_OPS_SHARED_SECRET (empty) and AUTOLAB_HOST_COURSES_ROOT (default: /home/ubuntu/autolab-docker/Autolab/courses).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Added unix ops to docker compose' directly aligns with the PR's main objective of adding a unix ops daemon to the Docker Compose configuration for permission management.
Description check	✅ Passed	The description accurately describes the changeset, explaining the addition of a unix ops daemon to Docker Compose with relevant testing instructions that align with the modifications shown in the commit summary.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch permission-unixops

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.env.template (1)

35-36: Reorder keys to satisfy dotenv-linter.

Low-risk cleanup: place AUTOLAB_HOST_COURSES_ROOT before UNIX_OPS_SHARED_SECRET in this section to match linter ordering.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.template around lines 35 - 36, Reorder the two environment keys so
dotenv-linter's expected alphabetical/section order is satisfied by moving
AUTOLAB_HOST_COURSES_ROOT to appear before UNIX_OPS_SHARED_SECRET; update the
.env.template so
AUTOLAB_HOST_COURSES_ROOT=/home/ubuntu/autolab-docker/Autolab/courses precedes
UNIX_OPS_SHARED_SECRET= (keep values unchanged).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.env.template:
- Line 36: The AUTOLAB_HOST_COURSES_ROOT default uses /home/ubuntu/... which
mismatches the host-user convention used elsewhere; update the
AUTOLAB_HOST_COURSES_ROOT entry to use the same host user path as the template
(e.g., change the value to /home/ec2-user/autolab-docker/Autolab/courses) so it
aligns with other defaults and avoids host path resolution issues; locate the
AUTOLAB_HOST_COURSES_ROOT line in .env.template and replace the host prefix
accordingly.
- Line 35: Change the Docker Compose variable guard to reject empty values:
replace the occurrences of "${UNIX_OPS_SHARED_SECRET?err}" with
"${UNIX_OPS_SHARED_SECRET:?err}" so the expansion fails for both unset and empty
secrets, and update the .env.template to indicate that UNIX_OPS_SHARED_SECRET
must be non-empty (e.g., keep UNIX_OPS_SHARED_SECRET= but document/set a
placeholder) to ensure the new ":?err" guard behaves correctly.

---

Nitpick comments:
In @.env.template:
- Around line 35-36: Reorder the two environment keys so dotenv-linter's
expected alphabetical/section order is satisfied by moving
AUTOLAB_HOST_COURSES_ROOT to appear before UNIX_OPS_SHARED_SECRET; update the
.env.template so
AUTOLAB_HOST_COURSES_ROOT=/home/ubuntu/autolab-docker/Autolab/courses precedes
UNIX_OPS_SHARED_SECRET= (keep values unchanged).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 0583adef-02d0-4669-aa09-afdcd71046e4

📥 Commits

Reviewing files that changed from the base of the PR and between 66de098 and 360690d.

⛔ Files ignored due to path filters (1)

• docker-compose.yml is excluded by !**/*.yml

📒 Files selected for processing (1)

• .env.template

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Verify current secret interpolation guard in compose:"
rg -n '\$\{UNIX_OPS_SHARED_SECRET\??:?\?err\}' docker-compose.yml || true

echo
echo "Verify template default value:"
rg -n '^UNIX_OPS_SHARED_SECRET=' .env.template

Repository: autolab/docker

Length of output: 300

---

Use :?err guard to reject empty secrets, not just unset variables.

Line 35 sets UNIX_OPS_SHARED_SECRET= to empty. Docker Compose's ${UNIX_OPS_SHARED_SECRET?err} (lines 83, 112 in docker-compose.yml) only rejects unset variables, allowing empty values through. Change the guard from ?err to :?err to reject both unset and empty secrets.

Fix in .env.template:

-UNIX_OPS_SHARED_SECRET=
+UNIX_OPS_SHARED_SECRET=<REPLACE_WITH_STRONG_RANDOM_SECRET>

Fix in docker-compose.yml (lines 83, 112):

-- UNIX_OPS_SHARED_SECRET=${UNIX_OPS_SHARED_SECRET?err}
+- UNIX_OPS_SHARED_SECRET=${UNIX_OPS_SHARED_SECRET:?err}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	UNIX_OPS_SHARED_SECRET=
	UNIX_OPS_SHARED_SECRET=<REPLACE_WITH_STRONG_RANDOM_SECRET>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.template at line 35, Change the Docker Compose variable guard to reject
empty values: replace the occurrences of "${UNIX_OPS_SHARED_SECRET?err}" with
"${UNIX_OPS_SHARED_SECRET:?err}" so the expansion fails for both unset and empty
secrets, and update the .env.template to indicate that UNIX_OPS_SHARED_SECRET
must be non-empty (e.g., keep UNIX_OPS_SHARED_SECRET= but document/set a
placeholder) to ensure the new ":?err" guard behaves correctly.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Align host course path default with existing host-user convention.

Line 36 uses /home/ubuntu/..., while the same template (Line 8) uses /home/ec2-user/.... This mismatch can break host path resolution depending on deployment user.

🔧 Suggested fix

-AUTOLAB_HOST_COURSES_ROOT=/home/ubuntu/autolab-docker/Autolab/courses
+AUTOLAB_HOST_COURSES_ROOT=/home/ec2-user/autolab-docker/Autolab/courses

🧰 Tools

🪛 dotenv-linter (4.0.0)

[warning] 36-36: [UnorderedKey] The AUTOLAB_HOST_COURSES_ROOT key should go before the UNIX_OPS_SHARED_SECRET key

(UnorderedKey)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.template at line 36, The AUTOLAB_HOST_COURSES_ROOT default uses
/home/ubuntu/... which mismatches the host-user convention used elsewhere;
update the AUTOLAB_HOST_COURSES_ROOT entry to use the same host user path as the
template (e.g., change the value to
/home/ec2-user/autolab-docker/Autolab/courses) so it aligns with other defaults
and avoids host path resolution issues; locate the AUTOLAB_HOST_COURSES_ROOT
line in .env.template and replace the host prefix accordingly.