add bootnodoor as el & cl bootnode

ansible/inventories/devnet-0/group_vars/all/all.sops.yaml

@@ -12,6 +12,7 @@ secret_nginx_shared_basic_auth:
     name: ENC[AES256_GCM,data:O7L3,iv:DiOGlqfOfrDlt7X4OGY27OYlkDDEHguv+kg1zRhBek0=,tag:KuOX20lI/iYZOORFraiISw==,type:str]
     password: ENC[AES256_GCM,data:HyMDeoK5s6JDfsJ7j5Gg,iv:yvC4WWOOJvVeegWl0uj2P8yxcfBgNrvYSm5xUB5qux8=,tag:XoZbXpvLtUJPVoEaV3ltsg==,type:str]
 secret_ethstats: ENC[AES256_GCM,data:vO/gY2iluciwksE=,iv:WHYxXgQ2LdLGMKxvagmT3UhmQl/dRucpyhYzZxHvLHc=,tag:NX4Lkg6SPPusRx/zHGn00w==,type:str]
+secret_bootnodoor_seed: ENC[AES256_GCM,data:A611+/dn9lT08iGrqgLNgqPpWGEyGf1usFFWM4P9uB0Twfryjk5bzBVFLcLPKzkhuj4DThToS8F3s4iCAmq/+Q==,iv:ic2cap4ynWi/IS6dkn3fkKgNTndnZCxTbBbIABpXgrA=,tag:1Jwqi77lNG3yXZ9RZnZe5g==,type:str]
 secret_genesis_mnemonic: ENC[AES256_GCM,data:zRxUC65Kt1b8DM4QPyEJ/u0Uhp2ftMcJVtacbXRrOCUGm+gy0n+VH199hVxvviouJQkbv5FiJYiFjwjJ/yFX5ajPgOqanjRpBfEfwwD2Drtafaw/mWT7pSILHlo7oI18+bGIWjXve5mpUSuAC7jiaufDVROvSa6bcew0Ogbp5pzbFJBFFim3LFjyC1uSRO7JbRoK4cUl1CxnaCUaC/3GKz4l/fIe,iv:EaQilsQbnswzCqkWSK9G/R3wwmMRDwWZDjdZQ1fUZRk=,tag:2kWU1BNG/B82qzmNxmwIjQ==,type:str]
 secret_mev_coinbase_secret_key: ENC[AES256_GCM,data:TYLALYjoxOyyrpPoJ/gBvXO2vMdbbFqrI0gyZAJ7MHgI7SMmb7qTfDzakHmOASZ5ezJXfOMWqy0zBqQwymLhzA==,iv:MNJfTjd3pfAW9tR8WUEcp5BOcjjBTQFRoAN+NkC+VAA=,tag:dlR3sMxJb9he8xZn3FcD6w==,type:str]
 secret_mev_builder_tx_signing_key: ENC[AES256_GCM,data:Tr01nA3sls3AhttJga/ndK+nMjZSiyMIE3zafwsEZjZt9aETG+zEnkcAK5y9P1aq2N1UZ/KMOF0BPNbgCtOddw==,iv:tBmNG6Esy/3HFCiNZIggEb2Xlgc5MEwS4mVgQpcuSyc=,tag:2mfyvSzaMvCqeIFQGV7NMA==,type:str]
@@ -41,8 +42,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2025-09-29T12:17:20Z"
-    mac: ENC[AES256_GCM,data:uADIBQaMWRk8OtH0RU5/5xvdaz9pFvHoBBMTUdTbtX+H7ly4IUCJ6AmryNnO3WBV719ikiZ5ofLcnN7+BTJLOjaDGxKR1OrpUvQNuhn8q0BVYkL1QB6QJeJnVf2p9ylEg6LpgAmFBaMkdndUyoVZcdvON13mIeBqhRg80MvwMg8=,iv:nImuyf6+ql6ixbQuEjCayBAt3vtvEDU7n/+/gmKvLK4=,tag:GSfy52+wzjSRdvUA+3iaGA==,type:str]
+    lastmodified: "2025-12-12T05:07:13Z"
+    mac: ENC[AES256_GCM,data:GCMJnneHuL+040VvJyp65IXdchCnWFyoiJgvKwcV3fPU8WNaMOuUEbDHK3wW6oZyEGeu0HlOQOuJwXacqb9iG5hG4aqN93uu/th0dRNEfJr0ij4lRU9Yrrx0t3kpzVYhLI7sPE82XwhbsOXSWlQIRl9PDQPtgudeEcARn2fSt68=,iv:vOD+PBlJqgEnzEPdhwrGHGEzJ5L6wM5HUY3I7Flleyw=,tag:NNJ9SfOkEAAv3R3r1n+rww==,type:str]
     pgp:
         - created_at: "2025-10-27T13:25:35Z"
           enc: |-

ansible/inventories/devnet-0/group_vars/bootnode.yaml

@@ -1,4 +1,5 @@
-ethereum_cl_bootnode: "{{ hostvars['bootnode-1']['cl_bootnode_fact_enr'] }}"
+ethereum_cl_bootnode: "{{ hostvars['bootnode-1']['bootnodoor_fact_enr'] }}"
+ethereum_el_bootnode: "{{ hostvars['bootnode-1']['bootnodoor_fact_enode'] }}"
 
 # role: eth_inventory_web
 eth_inventory_web_container_networks: "{{ docker_networks_shared }}"
@@ -9,6 +10,36 @@ eth_inventory_web_container_env:
   VIRTUAL_DEST: "/"
   LETSENCRYPT_HOST: "{{ server_fqdn }}"
 
+# role: ethpandaops.general.bootnodoor
+bootnodoor_privkey: >-
+  {{
+    (secret_bootnodoor_seed ~ ':' ~ ethereum_genesis_chain_id|string)
+    | hash('sha256')
+  }}
+bootnodoor_set_facts: true
+bootnodoor_el_enabled: true
+bootnodoor_cl_enabled: true
+
+bootnodoor_container_name: "bootnodoor"
+bootnodoor_container_image: "ethpandaops/bootnodoor:master"
+bootnodoor_container_networks: "{{ docker_networks_shared }}"
+bootnodoor_p2p_port: 9010
+bootnodoor_ui_port: 8004
+bootnodoor_enr_ip: "{{ ansible_host }}"
+
+bootnodoor_el_config: /network-config/genesis.json
+bootnodoor_el_genesis_hash: /network-config/deposit_contract_block_hash.txt
+bootnodoor_cl_config: /network-config/config.yaml
+bootnodoor_cl_gvr: /network-config/genesis_validators_root.txt
+bootnodoor_container_volumes_extra:
+  - "{{ eth_testnet_config_dir }}:/network-config:ro"
+
+bootnodoor_container_command_extra_args: []
+bootnodoor_container_env:
+  VIRTUAL_HOST: "bootnodoor-{{ server_fqdn }}"
+  VIRTUAL_PORT: "{{ bootnodoor_ui_port | string }}"
+  LETSENCRYPT_HOST: "bootnodoor-{{ server_fqdn }}"
+
 # role: ethpandaops.general.ethereum_node
 ethereum_node_el: geth
 ethereum_node_cl: teku
@@ -34,6 +65,25 @@ teku_container_command_extra_args:
   - --logging=info
   - --Xlog-include-p2p-warnings-enabled
   - --metrics-block-timing-tracking-enabled
+  - >-
+    --p2p-discovery-bootnodes={{
+      (
+        (
+          groups['bootnode']
+          | map('extract', hostvars, ['ethereum_node_fact_cl_enr'])
+          | select('defined')
+          | list
+        )
+        +
+        (
+          groups['bootnode']
+          | map('extract', hostvars, ['bootnodoor_fact_enr'])
+          | select('defined')
+          | list
+        )
+      )
+      | join(',')
+    }}
 
 # role: ethpandaops.general.geth
 geth_container_name: execution
@@ -50,7 +100,25 @@ geth_container_command_extra_args:
   - --syncmode=full
   - --gcmode=archive
   - --state.scheme=hash
-
+  - >-
+    --bootnodes={{
+      (
+        (
+          groups['bootnode']
+          | map('extract', hostvars, ['ethereum_node_fact_el_enode'])
+          | select('defined')
+          | list
+        )
+        +
+        (
+          groups['bootnode']
+          | map('extract', hostvars, ['bootnodoor_fact_enode'])
+          | select('defined')
+          | list
+        )
+      )
+      | join(',')
+    }}
 
 # role: ethpandaops.general.prometheus
 prometheus_remote_push_url: https://victoriametrics.ethdevops.io/insert/0/prometheus/api/v1/write

ansible/inventories/devnet-0/group_vars/dns_server.yaml

@@ -39,6 +39,7 @@ dns_server_zones:
       {{ hostvars[host]['inventory_hostname'] }}                                   IN  A     {{ hostvars[host]['ansible_host'] }}
       {{ ethereum_node_rpc_prefix }}{{ hostvars[host]['inventory_hostname'] }}     IN  A     {{ hostvars[host]['ansible_host'] }}
       {{ ethereum_node_beacon_prefix }}{{ hostvars[host]['inventory_hostname'] }}  IN  A     {{ hostvars[host]['ansible_host'] }}
+      bootnodoor-{{ hostvars[host]['inventory_hostname'] }}                        IN  A     {{ hostvars[host]['ansible_host'] }}
       {% if hostvars[host]['ipv6'] is defined %}
       {{ hostvars[host]['inventory_hostname'] }}                                   IN  AAAA  {{ hostvars[host]['ipv6'] }}
       {{ ethereum_node_rpc_prefix }}{{ hostvars[host]['inventory_hostname'] }}     IN  AAAA  {{ hostvars[host]['ipv6'] }}

ansible/inventories/devnet-0/group_vars/ethereum_node.yaml

@@ -1,8 +1,9 @@
 ethereum_cl_bootnodes:
-  - "{{ hostvars['bootnode-1']['cl_bootnode_fact_enr'] }}"
+  - "{{ hostvars['bootnode-1']['bootnodoor_fact_enr'] }}"
   - "{{ hostvars['bootnode-1']['ethereum_node_fact_cl_enr'] }}"
 
 ethereum_el_bootnodes:
+  - "{{ hostvars['bootnode-1']['bootnodoor_fact_enode'] }}"
   - "{{ hostvars['bootnode-1']['ethereum_node_fact_el_enode'] }}"
 
 ethereum_node_xatu_sentry_enabled: true

ansible/playbook.yaml

@@ -43,10 +43,10 @@
 - hosts: bootnode
   become: true
   roles:
-    - role: ethpandaops.general.cl_bootnode
-      tags: [cl_bootnode]
     - role: ethpandaops.general.ethereum_testnet_config
       tags: [ethereum, eth_testnet_config, ethereum_testnet_config]
+    - role: ethpandaops.general.bootnodoor
+      tags: [bootnodoor]
     - role: ethpandaops.general.validator_keys
       when: ethereum_node_cl_validator_enabled == true
       tags: [ethereum, validator_keys]

terraform/devnet-0/firewall.tf

@@ -30,7 +30,7 @@ resource "digitalocean_firewall" "main" {
   // Consensus layer p2p port
   inbound_rule {
     protocol         = "tcp"
-    port_range       = "9000-9002"
+    port_range       = "9000-9001"
     source_addresses = ["0.0.0.0/0", "::/0"]
   }
   inbound_rule {
@@ -39,13 +39,6 @@ resource "digitalocean_firewall" "main" {
     source_addresses = ["0.0.0.0/0", "::/0"]
   }
 
-  // Bootnode
-  inbound_rule {
-    protocol         = "udp"
-    port_range       = "9010"
-    source_addresses = ["0.0.0.0/0", "::/0"]
-  }
-
   // Execution layer p2p Port
   inbound_rule {
     protocol         = "tcp"
@@ -112,6 +105,19 @@ resource "digitalocean_firewall" "bootnode" {
     port_range       = "53"
     source_addresses = ["0.0.0.0/0", "::/0"]
   }
+
+  // Bootnodoor P2P
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "9010"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  inbound_rule {
+    protocol         = "udp"
+    port_range       = "9010"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
   depends_on = [digitalocean_project_resources.droplets]
 }
 

terraform/devnet-0/hetzner/firewall.tf

@@ -134,6 +134,22 @@ resource "hcloud_firewall" "bootnode_firewall" {
     port        = "53"
     source_ips  = ["0.0.0.0/0", "::/0"]
   }
+
+  // Bootnodoor P2P
+  rule {
+    description = "Allow Bootnodoor P2P port TCP"
+    direction   = "in"
+    protocol    = "tcp"
+    port        = "9010"
+    source_ips  = ["0.0.0.0/0", "::/0"]
+  }
+  rule {
+    description = "Allow Bootnodoor P2P port UDP"
+    direction   = "in"
+    protocol    = "udp"
+    port        = "9010"
+    source_ips  = ["0.0.0.0/0", "::/0"]
+  }
 }
 
 resource "hcloud_firewall" "mev_relay_firewall" {