bootstrap-scripts

Commit Graph

Author	SHA1	Message	Date
Leopere	7ea275f7e6	Modernize bootstrap: fix bugs, idempotent reruns, OS/arch detection Security / correctness: - Remove embedded basic-auth credential in scripts/bootstrap.sh (was fetching zsh-setup.sh via a credentialed URL when the binary was already installed by strap.sh into /usr/local/sbin/zsh-setup; the .profile dance + curl was dead code). - Drop pre-install eval of `sentry-cli bash-hook` (sentry-cli was never installed by this repo, so the call halted under `set -e`). - Fix /root/.ssh order-of-operations: mkdir + chmod before writing authorized_keys, and append-if-missing instead of clobbering existing keys. - Replace `defaults-bootstrap\|*` wildcard in strap.sh with an explicit error arm so typos no longer silently run defaults. - Pass `nosalt` (the actual recognized token) as the salt arg to bootstrap.sh instead of `nogluster`, which fell through to the help branch. Modernization: - Drop docker-compose v1 binary download; rely on docker-compose-plugin only. - CTOP install detects arch (amd64/arm64) via `dpkg --print-architecture`. - Salt repo URLs detect Ubuntu codename + version + arch from /etc/os-release instead of hardcoding jammy/22.04/amd64. - Drop deprecated `apt-get --force-yes`. - Remove obsolete `version: '3.7'` from docker-compose.yml. - Add `--no-install-recommends` to apt installs. Robustness / idempotency: - `set -euo pipefail` across all three scripts. - `append_unique` helper guards every `.zshrc` edit so reruns no longer duplicate `SENTRY_DSN`, `DOCKER_BUILDKIT`, plugin block, etc. - Replace `USRDIR=$(echo ~)` with `$HOME` / explicit defaults. - chsh now skipped if zsh is already the user's shell, and the trailing `exec zsh` only runs on an interactive TTY (no more hanging non-interactive bootstraps). - zsh-setup.sh's old .profile cleanup sed actually matches the line written by bootstrap.sh. Architecture: - Environment overrides: STRAP_BASE_URL, STRAP_AUTHORIZED_KEYS, STRAP_SENTRY_DSN, STRAP_SALT_MASTER. Built-in defaults preserve existing behavior on a no-env-var invocation. Default flow (strap.sh / strap.sh defaults-bootstrap → `bootstrap none nosalt` + docker + ctop + oh-my-zsh + defaultkey SSH key + SENTRY_DSN) is unchanged. Shellcheck clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-12 10:11:51 -04:00
Colin	0e5ec05bd3	f	2022-12-15 13:00:24 -05:00

Author

SHA1

Message

Date

Leopere

7ea275f7e6

Modernize bootstrap: fix bugs, idempotent reruns, OS/arch detection

Security / correctness:
- Remove embedded basic-auth credential in scripts/bootstrap.sh (was fetching
  zsh-setup.sh via a credentialed URL when the binary was already installed
  by strap.sh into /usr/local/sbin/zsh-setup; the .profile dance + curl was
  dead code).
- Drop pre-install eval of `sentry-cli bash-hook` (sentry-cli was never
  installed by this repo, so the call halted under `set -e`).
- Fix /root/.ssh order-of-operations: mkdir + chmod before writing
  authorized_keys, and append-if-missing instead of clobbering existing keys.
- Replace `defaults-bootstrap|*` wildcard in strap.sh with an explicit error
  arm so typos no longer silently run defaults.
- Pass `nosalt` (the actual recognized token) as the salt arg to bootstrap.sh
  instead of `nogluster`, which fell through to the help branch.

Modernization:
- Drop docker-compose v1 binary download; rely on docker-compose-plugin only.
- CTOP install detects arch (amd64/arm64) via `dpkg --print-architecture`.
- Salt repo URLs detect Ubuntu codename + version + arch from /etc/os-release
  instead of hardcoding jammy/22.04/amd64.
- Drop deprecated `apt-get --force-yes`.
- Remove obsolete `version: '3.7'` from docker-compose.yml.
- Add `--no-install-recommends` to apt installs.

Robustness / idempotency:
- `set -euo pipefail` across all three scripts.
- `append_unique` helper guards every `.zshrc` edit so reruns no longer
  duplicate `SENTRY_DSN`, `DOCKER_BUILDKIT`, plugin block, etc.
- Replace `USRDIR=$(echo ~)` with `$HOME` / explicit defaults.
- chsh now skipped if zsh is already the user's shell, and the trailing
  `exec zsh` only runs on an interactive TTY (no more hanging non-interactive
  bootstraps).
- zsh-setup.sh's old .profile cleanup sed actually matches the line written
  by bootstrap.sh.

Architecture:
- Environment overrides: STRAP_BASE_URL, STRAP_AUTHORIZED_KEYS,
  STRAP_SENTRY_DSN, STRAP_SALT_MASTER. Built-in defaults preserve existing
  behavior on a no-env-var invocation.

Default flow (strap.sh / strap.sh defaults-bootstrap → `bootstrap none nosalt`
+ docker + ctop + oh-my-zsh + defaultkey SSH key + SENTRY_DSN) is unchanged.

Shellcheck clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-12 10:11:51 -04:00

Colin

0e5ec05bd3

2022-12-15 13:00:24 -05:00

2 Commits