colin
/
bootstrap-scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
81 Commits 1 Branch 0 Tags 92 KiB
Shell 99.5%
Dockerfile 0.5%
Go to file
Leopere 7ea275f7e6
Modernize bootstrap: fix bugs, idempotent reruns, OS/arch detection 
Security / correctness:
- Remove embedded basic-auth credential in scripts/bootstrap.sh (was fetching
  zsh-setup.sh via a credentialed URL when the binary was already installed
  by strap.sh into /usr/local/sbin/zsh-setup; the .profile dance + curl was
  dead code).
- Drop pre-install eval of `sentry-cli bash-hook` (sentry-cli was never
  installed by this repo, so the call halted under `set -e`).
- Fix /root/.ssh order-of-operations: mkdir + chmod before writing
  authorized_keys, and append-if-missing instead of clobbering existing keys.
- Replace `defaults-bootstrap|*` wildcard in strap.sh with an explicit error
  arm so typos no longer silently run defaults.
- Pass `nosalt` (the actual recognized token) as the salt arg to bootstrap.sh
  instead of `nogluster`, which fell through to the help branch.

Modernization:
- Drop docker-compose v1 binary download; rely on docker-compose-plugin only.
- CTOP install detects arch (amd64/arm64) via `dpkg --print-architecture`.
- Salt repo URLs detect Ubuntu codename + version + arch from /etc/os-release
  instead of hardcoding jammy/22.04/amd64.
- Drop deprecated `apt-get --force-yes`.
- Remove obsolete `version: '3.7'` from docker-compose.yml.
- Add `--no-install-recommends` to apt installs.

Robustness / idempotency:
- `set -euo pipefail` across all three scripts.
- `append_unique` helper guards every `.zshrc` edit so reruns no longer
  duplicate `SENTRY_DSN`, `DOCKER_BUILDKIT`, plugin block, etc.
- Replace `USRDIR=$(echo ~)` with `$HOME` / explicit defaults.
- chsh now skipped if zsh is already the user's shell, and the trailing
  `exec zsh` only runs on an interactive TTY (no more hanging non-interactive
  bootstraps).
- zsh-setup.sh's old .profile cleanup sed actually matches the line written
  by bootstrap.sh.

Architecture:
- Environment overrides: STRAP_BASE_URL, STRAP_AUTHORIZED_KEYS,
  STRAP_SENTRY_DSN, STRAP_SALT_MASTER. Built-in defaults preserve existing
  behavior on a no-env-var invocation.

Default flow (strap.sh / strap.sh defaults-bootstrap → `bootstrap none nosalt`
+ docker + ctop + oh-my-zsh + defaultkey SSH key + SENTRY_DSN) is unchanged.

Shellcheck clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 		2026-05-12 10:11:51 -04:00
scripts Modernize bootstrap: fix bugs, idempotent reruns, OS/arch detection 2026-05-12 10:11:51 -04:00
.gitignore f 2022-10-28 15:52:19 -04:00
Dockerfile f 2022-12-15 13:00:24 -05:00
README.md Modernize bootstrap: fix bugs, idempotent reruns, OS/arch detection 2026-05-12 10:11:51 -04:00
docker-compose.yml Modernize bootstrap: fix bugs, idempotent reruns, OS/arch detection 2026-05-12 10:11:51 -04:00
strap.sh Modernize bootstrap: fix bugs, idempotent reruns, OS/arch detection 2026-05-12 10:11:51 -04:00

README.md

Bootstrap Script Documentation

Scope

A server bootstrap script that installs essential utilities and configurations: ZSH (with Oh My Zsh and plugins), Docker (with the Compose v2 plugin), system tooling (htop, glances, iftop, ctop), and optional provider / Salt configuration. Targets Debian/Ubuntu hosts (apt-get) on amd64 or arm64. Re-runs are safe — edits to .zshrc and SSH keys are idempotent.

Usage

To run the bootstrap with the default configuration on a fresh host (as root):

source <(curl -fsSL https://git.nixc.us/colin/bootstrap-scripts/raw/branch/main/strap.sh) defaults-bootstrap

This fetches and executes the bootstrap script, applying a standard suite of tools and settings.

Advanced Usage and Provider-specific Deploys

The bootstrap supports per-provider configuration and selective feature toggles via positional args.

Example for OVH deployment

source <(curl -fsSL https://git.nixc.us/colin/bootstrap-scripts/raw/branch/main/strap.sh) bootstrap ovh nosalt

Argument reference

  • strap.sh defaults-bootstrap — provider=none, salt=nosalt. Also the default when no args are given.
  • strap.sh bootstrap PROVIDER SALT where:
    • PROVIDER ∈ {none, ovh, digitalocean}
    • SALT ∈ {salt, nosalt}

Environment overrides

Variable Default Purpose
STRAP_BASE_URL https://git.nixc.us/colin/bootstrap-scripts/raw/branch/main Base URL for fetching bootstrap.sh / zsh-setup.sh
STRAP_AUTHORIZED_KEYS built-in defaultkey_key SSH public key appended to /root/.ssh/authorized_keys
STRAP_SENTRY_DSN https://...@sentry.aenow.com/3 Sentry DSN exported in .zshrc
STRAP_SALT_MASTER aerence.aenow.fun Salt master address (only used when SALT=salt)

Example:

STRAP_AUTHORIZED_KEYS="$(cat ~/.ssh/id_ed25519.pub)" \
  source <(curl -fsSL https://git.nixc.us/colin/bootstrap-scripts/raw/branch/main/strap.sh) defaults-bootstrap