canadabot/hops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: canadabot/hops:2ba24f2a9423200955d833211c68ab6bf17b11aa
Branches Tags
canadabot/hops:main
..
compare: canadabot/hops:a99a1e65cea437659ba731cd855ead293b4ea6b3
Branches Tags
canadabot/hops:main

3 Commits
2ba24f2a94 .. a99a1e65ce

Author SHA1 Message Date
Stephen Klein a99a1e65ce Elevate cleanup tasks to high priority in TODO 
Mark A2, A5, Q1, Q3 as DO FIRST before bug fixes -- consolidating
duplicate functions and the service catalog ensures each bug only
needs to be fixed in one place. Update order of attack accordingly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-10 21:09:37 -04:00
Stephen Klein 814c4e71a3 Remove Path B pipeline and dev artifacts 
Deletes the incomplete, never-wired second install pipeline:
setup, privileged-setup, user-operations, services-improved,
lib/privileges.sh. Also removes committed dev artifacts
(summary7-19.txt, discord-header.md). Path A (hops -> install
-> services) is now the sole canonical pipeline.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-10 21:05:46 -04:00
Stephen Klein a0e4e63d01 Reset version to 1.0.0 and add TODO/CHANGELOG 
Reset all Path A script versions from 3.x to 1.0.0 following architectural
decision to treat this as a fresh stable baseline after the Path B cleanup.
Added TODO.md with prioritized audit findings and replaced the old CHANGELOG
with a clean stub.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-10 21:05:28 -04:00
20 changed files with 316 additions and 2313 deletions
Expand all files Collapse all files
CHANGELOG.md
+28 -247
View File
@@ -1,257 +1,38 @@
# Changelog
All notable changes to HOPS will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [3.3.0] - 2025-01-19
### Added
- **🔄 Automatic Updates**: Git-based update mechanism with backup functionality
- **📱 Command Line Interface**: New flags for update management
- `--update`: Update HOPS to latest version automatically
- `--check-updates`: Check for available updates (returns exit code 1 if updates available)
- `--version`: Display current version information
- `--help`: Show comprehensive help and usage information
- **🛡️ Safe Updates**: Automatic backup of local changes before updating
- **📋 Change Tracking**: Display recent changes and version comparison during updates
- **🎛️ Interactive Updates**: Update checking integrated into main menu (option 6)
### Changed
- **Version Numbering**: Updated to v3.3.0 across all components
- **Menu Structure**: Added "Check for Updates" as menu option 6, shifted other options
- **Documentation**: Updated README.md and CLAUDE.md with new update functionality
- **Color Code Handling**: Removed duplicate color definitions, now sourced from lib/common.sh
### Fixed
- **Script Compatibility**: Resolved readonly variable conflicts between main script and libraries
- **Update Process**: Robust error handling and rollback for failed updates
- **Exit Codes**: Proper exit codes for command-line operations
### Security
- **Backup Protection**: Local changes are automatically backed up before any updates
- **Git Validation**: Comprehensive validation that HOPS is in a git repository before updates
- **Privilege Handling**: Updates require appropriate privileges (root/sudo) for system changes
## [3.2.0] - 2024-07-18
### Added
- **Caddy Support**: Added Caddy reverse proxy as a service option
- **Enhanced macOS Compatibility**: Comprehensive improvements for macOS installation and operation
- **Docker Desktop Integration**: Improved Docker Desktop startup and management on macOS
- **Keychain Integration**: Proper Docker authentication with macOS keychain on macOS
### Fixed
- **User Directory Fixes**: All directories now use actual user home instead of root on macOS
- **Password Generation**: Resolved `shuf` command and encoding issues on macOS
- **Container Creation**: Fixed Docker Compose working directory and execution context issues
- **Healthcheck Improvements**: Enhanced service health monitoring, particularly for Jellyseerr
- **File Permissions**: Proper ownership of all directories and files across platforms
- **Docker Compose Warnings**: Resolved version warnings and compatibility issues
### Changed
- **macOS File Structure**: Improved directory layout using user home instead of system directories
- **Error Handling**: Enhanced error messages and troubleshooting information for macOS
- **Documentation**: Updated platform-specific installation and configuration guides
### Security
- **Secure Authentication**: Enhanced Docker authentication methods on macOS
- **File Ownership**: Improved file permission management across all platforms
## [3.1.0-beta] - 2024-06-15
### Added
- **Encrypted Secret Management**: All passwords and sensitive data now encrypted with AES-256
- **Input Validation**: Comprehensive validation preventing injection attacks
- **Privilege Separation**: Root operations separated from user operations for enhanced security
- **Pinned Container Versions**: All container images use specific versions, not `latest`
- **Modular Architecture**: Shared code organized in `lib/` directory for better maintainability
- **Cross-Platform Support**: Native support for Linux, macOS, and Windows (WSL2)
- **Enhanced Error Handling**: Better error messages and recovery mechanisms
- **Improved Service Definitions**: Standardized service generation with validation
- **Complete Documentation**: Added `CLAUDE.md` for development guidance
### Changed
- **Installation Methods**: New secure installer `setup` script as recommended method
- **Service Management**: New `user-operations` script for non-privileged service management
- **Architecture**: Modular library system replacing monolithic scripts
- **Security Model**: Clear separation between privileged and user operations
### Security
- **AES-256 Encryption**: All secrets stored encrypted with master key management
- **Input Sanitization**: Comprehensive validation preventing code injection
- **Container Security**: Pinned versions preventing supply chain attacks
- **Privilege Minimization**: Reduced root access requirements
## [3.0.0] - 2024-05-01
### Added
- **Cross-Platform Support**: Full support for Linux, macOS, and Windows (WSL2)
- **Automatic Dependency Installation**: Docker and system requirements installed automatically
- **Platform Detection**: Intelligent OS detection and platform-specific optimizations
- **Enhanced Service Catalog**: Expanded service definitions with health checks
- **Comprehensive Logging**: Detailed logging system for troubleshooting
- **Service Health Monitoring**: Built-in health checks for all services
- **Rollback Capabilities**: Automatic rollback on deployment failure
### Changed
- **Installation Process**: Streamlined installation with better user experience
- **Directory Structure**: Platform-appropriate directory layouts
- **Service Definitions**: Standardized Docker Compose patterns
- **Error Handling**: Improved error messages and recovery procedures
### Fixed
- **Port Conflict Detection**: Better handling of port conflicts
- **Permission Issues**: Improved file permission management
- **Service Dependencies**: Enhanced dependency resolution
## [2.1.0] - 2024-03-15
### Added
- **Huntarr Support**: Missing media discovery and automation
- **Jellystat Support**: Jellyfin statistics and monitoring
- **Watchtower Integration**: Automatic container updates
- **Enhanced Monitoring**: Improved service status monitoring
- **Backup Utilities**: Built-in backup and recovery tools
### Changed
- **Service Management**: Improved start/stop/restart functionality
- **Log Viewing**: Enhanced centralized log viewing
- **Configuration Management**: Better environment variable handling
### Fixed
- **Memory Usage**: Optimized resource usage for low-resource systems
- **Startup Issues**: Resolved service startup race conditions
- **Network Configuration**: Fixed Docker network isolation issues
## [2.0.0] - 2024-02-01
### Added
- **Management Interface**: Comprehensive web-based management
- **Security Hardening**: Automatic firewall configuration and secure passwords
- **Service Templates**: Standardized service definitions
- **Real-time Monitoring**: Live service status and resource monitoring
- **User Interface**: Menu-driven installation and management
### Changed
- **Architecture**: Complete rewrite with modular design
- **Installation**: Simplified one-command installation
- **Configuration**: Centralized configuration management
### Breaking Changes
- **Directory Structure**: New standardized directory layout
- **Configuration Format**: Updated environment variable structure
- **Service Names**: Standardized container and service naming
## [1.2.0] - 2024-01-15
### Added
- **Authelia Support**: Multi-factor authentication and SSO
- **Nginx Proxy Manager**: Alternative reverse proxy option
- **Enhanced SSL**: Automatic SSL certificate management
- **Service Discovery**: Automatic service registration
### Fixed
- **Traefik Configuration**: Improved reverse proxy setup
- **SSL Issues**: Resolved certificate generation problems
- **Network Routing**: Fixed internal service communication
## [1.1.0] - 2023-12-01
### Added
- **Traefik Integration**: Automatic reverse proxy with SSL
- **Service Categories**: Organized services by function
- **Dependency Management**: Automatic service dependency resolution
- **Health Checks**: Service health monitoring and restart
### Changed
- **Service Definitions**: Improved Docker Compose templates
- **Network Configuration**: Enhanced Docker networking
## [1.0.0] - 2023-11-01
### Added
- **Initial Release**: Core HOPS functionality
- **Service Support**: Basic *arr stack, download clients, and media servers
- **Docker Integration**: Docker Compose based deployment
- **Linux Support**: Ubuntu/Debian/Mint support
- **Basic Management**: Simple service management interface
### Features
- **Automated Installation**: One-command deployment
- **Service Selection**: Interactive service selection
- **Basic Security**: Firewall rules and secure passwords
- **Directory Management**: Automatic directory creation and permissions
All notable changes to HOPS will be documented here.
Format based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
---
## Version Support
## [Unreleased]
- **v3.3.x**: Current stable release with automatic update support
- **v3.2.x**: Previous stable release, upgrade recommended
- **v3.1.x**: Beta features, limited support
- **v3.0.x**: Legacy support for critical bugs only
- **v2.x and earlier**: No longer supported
### Removed
- Path B install pipeline (setup, privileged-setup, user-operations,
services-improved, lib/privileges.sh) -- dead code, never wired in
## Upgrade Path
### From v3.2.x to v3.3.0 (Recommended - Automatic)
```bash
# Use built-in update system
cd /path/to/hops
sudo ./hops --update
# Or use interactive menu
sudo ./hops
# Select option 6: Check for Updates
```
### From v3.1.x to v3.3.0 (Manual)
```bash
# Backup current installation
sudo tar -czf hops-backup-$(date +%Y%m%d).tar.gz ~/hops /opt/appdata
# Pull latest version
cd ~/hops
git pull origin main
# Run upgrade
sudo ./setup --upgrade
```
### From v3.0.x to v3.2.0
```bash
# Major version upgrade requires fresh installation
# Backup data first
sudo ./uninstall --keep-data
sudo ./setup
```
### From v2.x to v3.2.0
```bash
# Migration script available
sudo ./migrate-from-v2.sh
```
## Migration Notes
### v3.2.0 Changes
- **macOS Users**: Directory structure has changed, migration handled automatically
- **Caddy Users**: Manual Caddyfile configuration required
- **Configuration**: Encrypted secrets now default for new installations
### v3.1.0 Changes
- **Security**: All passwords moved to encrypted storage
- **Architecture**: New modular library system
- **Privileges**: Installation process now uses privilege separation
### v3.0.0 Changes
- **Cross-Platform**: New platform detection and configuration
- **Directories**: Platform-specific directory structures
- **Services**: Updated service definitions and health checks
### Changed
- Version reset to 1.0.0
---
For detailed upgrade instructions, see [INSTALLATION.md](INSTALLATION.md).
For breaking changes and migration help, see [ADVANCED.md](ADVANCED.md).
## [1.0.0] - TBD
Full rewrite and stabilization of the Path A install pipeline.
### Fixed
- Infinite recursion in get_timezone_mount() and get_gpu_devices() on Linux
- ((x++)) abort under set -e across hops and install
- Glob stored as string breaking multi-user directory detection
- Missing hops_service_definitions.sh reference in firewall setup
### Security
- Replace broken AES-GCM encryption with supported cipher
- Move passphrases off command line (use fd-based passphrase input)
- Remove committed default Authelia credential
- Use mktemp for temp files instead of predictable /tmp paths
### Changed
- Single canonical service catalog (services)
- Latest image tags throughout
- lib/secrets.sh wired into install flow for .env encryption at rest
README.md
+1 -1
View File
@@ -1,7 +1,7 @@
# HOPS - Homelab Orchestration Provisioning Script
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Version](https://img.shields.io/badge/Version-3.3.0-blue.svg)]()
[![Version](https://img.shields.io/badge/Version-1.0.0-blue.svg)]()
[![Platform](https://img.shields.io/badge/Platform-Linux%20%7C%20macOS%20%7C%20Windows-orange.svg)]()
**HOPS** is a comprehensive automation tool for deploying homelab infrastructure using Docker Compose. Deploy and manage popular homelab services including media servers, download clients, monitoring tools, and more through an intuitive menu-driven interface.
TODO.md
+273
View File
@@ -0,0 +1,273 @@
# HOPS TODO
Generated by codebase audit (2026-06-10). Ranked by severity.
## Decisions (2026-06-10)
- **Canonical pipeline**: Path A (`hops` -> `install` -> `services`). Path B deleted.
- **Deleted**: `setup`, `privileged-setup`, `user-operations`, `services-improved`,
`lib/privileges.sh` -- all Path B artifacts, gone.
- **Service catalog**: `services` is the single source of truth. Latest tags kept.
- **`lib/secrets.sh`**: keep and fix. Goal is to encrypt the `.env` file at rest
(passwords/API keys written by `install`). Fix the broken AES-GCM crypto and
wire encryption/decryption into the install flow.
- **macOS**: future roadmap. Linux is the target for now.
---
## CRITICAL BUGS (breaks primary use cases)
### B1 -- Infinite recursion in `services` on Linux [CRITICAL]
- File: `services:25-46`
- `get_timezone_mount()` and `get_gpu_devices()` call themselves on the non-Darwin
branch via `echo "$(get_timezone_mount)"`. Hits bash FUNCNEST limit on every
Linux compose generation. Main `./hops` install is broken on Linux.
- Fix: replace the recursive calls with the literal YAML strings they should emit.
### B2 -- Brace mismatch in `lib/privileges.sh` [CRITICAL] -- RESOLVED: delete file
- File: `lib/privileges.sh:429,612`
- Moot -- `lib/privileges.sh` is Path B dead code, scheduled for deletion (see A3).
---
## HIGH BUGS
### B3 -- Glob stored as string, directory detection always fails [HIGH]
- Files: `hops:154-166`, `uninstall:127-147`
- `homelab_dirs=( "/home/*/hops" )` stores a literal glob; the quoted for-loop
never expands it. Multi-user detection is broken, `cd "$HOMELAB_DIR"` fails
under `set -e`.
- Fix: iterate unquoted or use `compgen -G "/home/*/hops"`.
### B4 -- Missing service definitions file reference [HIGH]
- File: `install:916`
- `setup_firewall()` sources `"$SCRIPT_DIR/hops_service_definitions.sh"` which
does not exist (the file is named `services`). Per-service firewall rules are
silently never applied.
- Fix: correct the filename to `services`.
### B5 -- `((x++))` aborts script under `set -e` [HIGH]
- Files: `hops:299,317`, `install:784`, and others
- `((running_count++))` returns exit code 1 when the pre-increment value is 0,
which kills the script under `set -e`.
- Fix: use `running_count=$((running_count + 1))` or append `|| true`.
### B6 -- `hops` entry point is Linux-only despite macOS library support [HIGH]
- File: `hops:108-136,263`
- `check_dependencies` requires `systemctl`, `check_system_requirements` calls
`free` and `df -BG`, `show_service_status` calls `systemctl`. All Linux-only.
The documented entry point fails immediately on macOS.
- Fix: add OS guards or document `hops` as Linux-only.
### B7 -- Port collisions not detected within a selection [HIGH]
- File: `services` (port map)
- sabnzbd and traefik dashboard both use 8080; traefik and nginx-proxy-manager
both bind 80/443; authelia and transmission both use 9091.
- `check_all_ports` only checks host listeners, not intra-selection conflicts,
so users can generate an un-startable compose silently.
- Fix: add intra-selection conflict check before compose generation.
---
## MEDIUM BUGS
### B8 -- Watchtower assigned a bogus port [MED]
- Files: `lib/docker.sh:47`, `services-improved:90`
- Watchtower has no web UI. Assigning it port 8080 emits a spurious `ports:`
block and broken healthcheck in the generated compose.
### B9 -- Update backup copies into itself [MED]
- File: `hops:586-595`
- `update_hops` does `cp -r "$SCRIPT_DIR" "$backup_dir"` where `$backup_dir`
is inside `$SCRIPT_DIR`. Results in recursive self-copy including `.git/`.
- Fix: create the backup dir outside the script directory.
### B10 -- `secure_delete` `stat` flag wrong on macOS [MED]
- File: `lib/secrets.sh:146`
- Uses `stat -c%s` (GNU) which fails on macOS (`stat -f%z`).
Manual-overwrite fallback silently no-ops on macOS.
### B11 -- `jellystat` generated with wrong template in `services-improved` [MED]
- File: `services-improved:422`
- Routed through the generic media-server template; gets no postgres DB and no
JWT_SECRET, so it cannot run. The hand-written `services` version is correct.
### B12 -- Empty-password detection regex broken [LOW]
- File: `lib/security.sh:361-384`
- `grep "PASSWORD=\s*$"` without `-E` or `-P` means `\s` is matched literally,
not as whitespace. Empty-password detection is dead.
---
## SECURITY
### S1 -- Broken/unauthenticated encryption [HIGH]
- File: `lib/secrets.sh:85,115`
- `openssl enc -aes-256-gcm` via the CLI does not handle the GCM auth tag.
This is not authenticated encryption and round-trips unreliably.
- Fix: use a supported openssl mode or switch to `gpg --symmetric`.
### S2 -- Passphrases/keys exposed in process list [HIGH]
- Files: `lib/secrets.sh:85,115`, `lib/security.sh:140,156,175,204,416,442`
- `-pass pass:"$key"` and `--passphrase "$x"` on the command line are visible
to any local user via `ps`.
- Fix: use `-pass fd:N` or `--passphrase-fd N` with a file descriptor.
### S3 -- Committed default Authelia credential [HIGH]
- File: `services:1148-1157`
- `users_database.yml` ships a default admin account with a known password hash
(hash of literal "password"). Every Authelia deploy has this credential.
- Fix: force password change on first login or generate the hash at deploy time.
### S4 -- Traefik dashboard exposed with no auth [MED]
- File: `services:672-673,684`
- `api.insecure=true` exposes the Traefik dashboard on :8080 with no auth.
Consider disabling or requiring middleware auth.
### S5 -- `eval` on environment-derived value [MED]
- Files: `install:598,671`, `uninstall:136,462`, `lib/system.sh:306`, others
- `eval echo "~$SUDO_USER"` expands an env-sourced value through eval.
- Fix: `getent passwd "$SUDO_USER" | cut -d: -f6`
### S6 -- Predictable temp file paths [MED]
- Files: `lib/secrets.sh:16,188,288`, `uninstall:374`
- `/tmp/hops_env_$$` etc. in world-writable `/tmp` are symlink-race targets
before the `chmod 600` runs.
- Fix: use `mktemp` and assign before use.
### S7 -- Commands built as strings, run unquoted [MED]
- File: `install:731-736,755,773-779`
- `pull_cmd="sudo -u $SUDO_USER docker compose pull"` run as `$pull_cmd`
is fragile with unusual usernames and bypasses quoting.
- Fix: use bash arrays.
### S9 -- Non-idempotent sysctl append [LOW]
- File: `privileged-setup:224`
- `echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf` appended every run.
Accumulates duplicate lines.
- Fix: check before appending (`grep -q ... || echo ... >>`)
---
## ARCHITECTURE / DESIGN
### A1 -- Two divergent install pipelines [HIGH] -- RESOLVED
- Path A chosen. Delete: `setup`, `privileged-setup`, `user-operations`,
`services-improved`.
### A2 -- Three sources of truth for the service catalog [HIGH] -- DO FIRST
- `services`: `get_service_ports()` + inline image strings (CANONICAL)
- `services-improved`: scheduled for deletion (Path B)
- `lib/docker.sh`: `HOPS_SERVICES` array -- reconcile or remove duplicates
- Fix: `lib/docker.sh` service maps must match `services`; remove anything
only used by Path B.
- Must be done before port collision fix (B7) so there is one authoritative map.
### A3 -- `lib/privileges.sh` is dead code [MED] -- RESOLVED: delete
- Path B artifact. Delete it.
### A4 -- `lib/secrets.sh` crypto needs fixing and wiring in [MED]
- Goal: encrypt the `.env` file at rest after `install` writes it.
- Fix broken AES-GCM (use `gpg --symmetric` or a supported openssl mode).
- Fix passphrase-on-command-line exposure (S1, S2).
- Wire encrypt/decrypt calls into `install` flow.
### A5 -- `hops` duplicates functions from `lib/common.sh` [HIGH] -- DO FIRST
- `log`, `error_exit`, `warning`, `success`, `info`, `validate_timezone`,
`validate_password`, `generate_secure_password`, `create_docker_networks`,
`get_service_port/image` are all defined twice (or three times).
- Fix: source `lib/common.sh` from `hops` and remove local duplicates.
- Must be done before bug fixes to avoid patching the same logic in multiple places.
### A6 -- Caddy is unreachable via the menu [LOW]
- `services` defines `generate_caddy` but the `select_services` menu in
`install` never lists caddy as a selectable option.
### A7 -- Committed dev artifacts [LOW]
- `summary7-19.txt` and `discord-header.md` should not be in the repo.
Add to `.gitignore` or delete.
---
## MISSING / INCOMPLETE
### M1 -- RESOLVED (Path B deleted)
### M2 -- RESOLVED (Path B deleted)
### M3 -- RESOLVED (Path B deleted)
### M4 -- RESOLVED (`lib/privileges.sh` deleted)
---
## PLATFORM SUPPORT
### P2 -- `uninstall` is Linux-only [HIGH] -- deferred (Linux-first)
- Unconditional `apt-get`, `dpkg`, `systemctl`, `groupdel`, `ufw` with no
OS branching. Acceptable for now; revisit when macOS support is scoped.
### P3 -- RESOLVED (Path B deleted)
### P4 -- No WSL2 detection [MED]
- README claims WSL2 support but there is no WSL2 detection.
`systemctl`-based service management fails on WSL distros without systemd.
### P5 -- Inconsistent port-check tools [MED]
- `lib/common.sh` uses `ss`; `install` uses `lsof`. `ss` is absent on macOS.
### P6 -- Hardcoded render GID for Jellyfin GPU [LOW]
- File: `services:435`
- `group_add: "109"` is the render GID on a specific distro, wrong on most
systems and meaningless on macOS.
---
## CODE QUALITY
### Q1 -- Three separate error-handling implementations [HIGH] -- DO FIRST
- `hops`, `uninstall`, and `lib/common.sh` each define their own `error_exit`
and `log` with different formats. Consolidate in `lib/common.sh`.
- Covered by A5; tracked here for completeness.
### Q2 -- `set -e` + intentional non-zero returns is a minefield [MED]
- `validate_password` returns 1/2/3, `check_port` returns 1 -- these work only
because they happen to be in conditionals. Combined with B5 this is fragile.
Consider `set -euo pipefail` with explicit `|| true` where non-zero is intended.
### Q3 -- Debug `echo` statements left in production code [MED] -- DO FIRST
- Files: `lib/system.sh:605,823,1043,1046,1084,1089,1149-1156`
- `DEBUG:` prefixed echo lines should be removed or gated behind a `$DEBUG` flag.
- Clean these before bug fixes so signal isn't buried in debug noise.
### Q4 -- `services-improved` leaks `set -e` when sourced [LOW]
- File: `services-improved` top of file
- File sets `set -e` then is sourced by `user-operations` and `privileges`,
leaking the option into the caller's shell.
---
## SUGGESTED ORDER OF ATTACK
### Cleanup first (do before any bug fixes)
1. [DONE] Delete Path B files (A1/A3)
2. Consolidate duplicate functions into `lib/common.sh` (A5, Q1) -- one copy to fix
3. Reconcile `lib/docker.sh` service maps with `services` (A2) -- one catalog to fix
4. Remove debug echo statements from `lib/system.sh` (Q3) -- reduce noise
### Bug fixes
5. Fix B1 (infinite recursion in `services`) -- unblocks all Linux installs
6. Fix B5 (`((x++))` under `set -e`) -- prevents silent aborts
7. Fix B3 (glob directory detection) -- fixes multi-user and uninstall
8. Fix B4 (wrong filename in firewall setup)
9. Fix B7 (intra-selection port collision detection)
### Security pass
10. S3 (default Authelia cred), S5 (eval on env var), S6 (mktemp),
S7 (string-built commands), S2 (passphrase on cmdline)
11. Fix and wire in `lib/secrets.sh`: replace broken crypto, hook into install
flow to encrypt `.env` at rest (A4/S1/S2)
### Remaining
12. Fix B12 empty-password regex, B8 watchtower port, B9 backup self-copy
13. macOS / WSL2 support (B6, P4) -- future roadmap
discord-header.md
-5
View File
@@ -1,5 +0,0 @@
# HOPS Discord Channel Header
**HOPS - Homelab Orchestration Provisioning Script** 🏠
Cross-platform automation tool for deploying homelab infrastructure using Docker Compose. Menu-driven installation and management of media servers, download clients, monitoring tools, and more. Supports Linux, macOS, and Windows (WSL2).
🔗 **GitHub**: https://github.com/skiercm/hops
hops
+2 -2
View File
@@ -2,13 +2,13 @@
# HOPS - Homelab Orchestration Provisioning Script
# Primary Management Script
# Version: 3.3.0
# Version: 1.0.0
# Exit on any error
set -e
# Script version and metadata
readonly SCRIPT_VERSION="3.3.0"
readonly SCRIPT_VERSION="1.0.0"
readonly SCRIPT_NAME="HOPS"
readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
install
+1 -1
View File
@@ -8,7 +8,7 @@ install_hops() {
set -e
# Script version for update tracking
local SCRIPT_VERSION="3.2.0"
local SCRIPT_VERSION="1.0.0"
local SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Load system utilities
lib/common.sh
+2 -2
View File
@@ -2,7 +2,7 @@
# HOPS - Common Utility Functions
# Shared functions for logging, error handling, and UI
# Version: 3.2.0
# Version: 1.0.0
# Prevent multiple sourcing
if [[ -n "${HOPS_COMMON_LOADED:-}" ]]; then
@@ -101,7 +101,7 @@ show_hops_header() {
local subtitle="$2"
if [[ -z "$version" ]]; then
version="3.2.0"
version="1.0.0"
fi
clear
lib/docker.sh
+1 -1
View File
@@ -2,7 +2,7 @@
# HOPS - Docker Service Management
# Functions for Docker service management and monitoring
# Version: 3.1.0-beta
# Version: 1.0.0
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
lib/privileges.sh
-775
View File
@@ -1,775 +0,0 @@
#!/bin/bash
# HOPS - Privilege Management System
# Split operations into privileged and non-privileged components
# Version: 3.1.0-beta
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/common.sh"
# Operations that require root privileges
PRIVILEGED_OPERATIONS=(
"install_docker"
"configure_firewall"
"create_system_directories"
"install_packages"
"configure_systemd"
"setup_secrets_directory"
"modify_system_files"
)
# Operations that can run as regular user
NON_PRIVILEGED_OPERATIONS=(
"generate_docker_compose"
"pull_docker_images"
"start_containers"
"stop_containers"
"view_logs"
"check_service_status"
"validate_configuration"
"backup_user_data"
)
# Check if operation requires privileges
requires_privileges() {
local operation="$1"
for priv_op in "${PRIVILEGED_OPERATIONS[@]}"; do
if [[ "$operation" == "$priv_op" ]]; then
return 0
fi
done
return 1
}
# Check if operation can run as regular user
can_run_as_user() {
local operation="$1"
for user_op in "${NON_PRIVILEGED_OPERATIONS[@]}"; do
if [[ "$operation" == "$user_op" ]]; then
return 0
fi
done
return 1
}
# Get current user information
get_current_user_info() {
local -A user_info
if [[ -n "$SUDO_USER" ]]; then
user_info["username"]="$SUDO_USER"
user_info["uid"]=$(id -u "$SUDO_USER")
user_info["gid"]=$(id -g "$SUDO_USER")
user_info["home"]=$(eval echo "~$SUDO_USER")
user_info["is_sudo"]="true"
else
user_info["username"]="$USER"
user_info["uid"]=$(id -u)
user_info["gid"]=$(id -g)
user_info["home"]="$HOME"
user_info["is_sudo"]="false"
fi
# Return as key=value pairs
for key in "${!user_info[@]}"; do
echo "${key}=${user_info[$key]}"
done
}
# Drop privileges to regular user
drop_privileges() {
local command="$1"
shift
local args=("$@")
if [[ $EUID -ne 0 ]]; then
debug "Already running as non-root user"
exec "$command" "${args[@]}"
return $?
fi
if [[ -z "$SUDO_USER" ]]; then
error_exit "Cannot drop privileges: SUDO_USER not set"
fi
local user_info
user_info=$(get_current_user_info)
local uid=$(echo "$user_info" | grep "uid=" | cut -d= -f2)
local gid=$(echo "$user_info" | grep "gid=" | cut -d= -f2)
local home=$(echo "$user_info" | grep "home=" | cut -d= -f2)
debug "Dropping privileges to user: $SUDO_USER (uid=$uid, gid=$gid)"
# Set environment variables for the user
local env_vars=(
"HOME=$home"
"USER=$SUDO_USER"
"LOGNAME=$SUDO_USER"
"PATH=/usr/local/bin:/usr/bin:/bin"
)
# Execute command as user
sudo -u "$SUDO_USER" env "${env_vars[@]}" "$command" "${args[@]}"
}
# Run operation with appropriate privileges
run_with_privileges() {
local operation="$1"
local command="$2"
shift 2
local args=("$@")
if requires_privileges "$operation"; then
debug "Operation '$operation' requires root privileges"
if [[ $EUID -ne 0 ]]; then
error_exit "Operation '$operation' requires root privileges. Please run with sudo."
fi
# Run as root
exec "$command" "${args[@]}"
elif can_run_as_user "$operation"; then
debug "Operation '$operation' can run as regular user"
if [[ $EUID -eq 0 ]]; then
# Drop privileges
drop_privileges "$command" "${args[@]}"
else
# Run as current user
exec "$command" "${args[@]}"
fi
else
error_exit "Unknown operation: $operation"
fi
}
# Create privileged setup script
create_privileged_setup() {
local setup_script="$1"
cat > "$setup_script" << 'EOF'
#!/bin/bash
# HOPS Privileged Setup Script
# This script handles operations that require root privileges
# Version: 3.1.0-beta
set -e
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/lib/common.sh"
source "$SCRIPT_DIR/lib/system.sh"
source "$SCRIPT_DIR/lib/security.sh"
# Initialize logging
setup_logging "privileged-setup"
# Check root privileges
check_root
# Install Docker if not present
install_docker() {
info "🐳 Installing Docker..."
if command_exists docker; then
success "Docker already installed"
return 0
fi
# Update package index
apt-get update
# Install prerequisites
apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
# Add Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# Add Docker repository with proper Ubuntu codename detection for Linux Mint
local ubuntu_codename
if [[ "$(lsb_release -is)" == "Linuxmint" ]]; then
# Linux Mint provides UBUNTU_CODENAME in /etc/os-release
if [[ -f /etc/os-release ]]; then
ubuntu_codename=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2)
fi
# Fallback to version mapping if UBUNTU_CODENAME not found
if [[ -z "$ubuntu_codename" ]]; then
case "$(lsb_release -rs)" in
"22"|"22.1"|"22.2"|"22.3")
ubuntu_codename="noble" # Ubuntu 24.04
;;
"21"|"21.1"|"21.2"|"21.3")
ubuntu_codename="jammy" # Ubuntu 22.04
;;
"20"|"20.1"|"20.2"|"20.3")
ubuntu_codename="focal" # Ubuntu 20.04
;;
*)
ubuntu_codename="noble" # Default to latest LTS
;;
esac
fi
else
ubuntu_codename=$(lsb_release -cs)
fi
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $ubuntu_codename stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
# Update package index with Docker packages
apt-get update
# Install Docker
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# Start and enable Docker service
systemctl start docker
systemctl enable docker
success "Docker installed successfully"
}
# Configure firewall
configure_firewall() {
info "🔥 Configuring firewall..."
# Install UFW if not present
if ! command_exists ufw; then
apt-get update
apt-get install -y ufw
fi
# Reset firewall to defaults
ufw --force reset
# Set default policies
ufw default deny incoming
ufw default allow outgoing
# Allow SSH (prevent lockout)
ufw allow ssh
# Allow HTTP and HTTPS
ufw allow 80/tcp
ufw allow 443/tcp
# Enable firewall
ufw --force enable
success "Firewall configured successfully"
}
# Create system directories
create_system_directories() {
info "📁 Creating system directories..."
local directories=(
"/opt/appdata"
"/mnt/media"
"/mnt/media/movies"
"/mnt/media/tv"
"/mnt/media/music"
"/mnt/media/downloads"
"/var/log/hops"
)
for dir in "${directories[@]}"; do
if mkdir -p "$dir"; then
success "Created directory: $dir"
else
error_exit "Failed to create directory: $dir"
fi
done
# Set ownership to the user who ran sudo
if [[ -n "$SUDO_USER" ]]; then
local user_info
user_info=$(get_user_info)
local uid=$(echo "$user_info" | grep "uid=" | cut -d= -f2)
local gid=$(echo "$user_info" | grep "gid=" | cut -d= -f2)
chown -R "$uid:$gid" /opt/appdata /mnt/media
success "Set ownership of directories to $SUDO_USER"
fi
}
# Add user to docker group
add_user_to_docker_group() {
if [[ -z "$SUDO_USER" ]]; then
warning "No SUDO_USER set, skipping docker group addition"
return 0
fi
info "👥 Adding user to docker group..."
if usermod -aG docker "$SUDO_USER"; then
success "User $SUDO_USER added to docker group"
warning "User must log out and back in for group changes to take effect"
else
error_exit "Failed to add user to docker group"
fi
}
# Install required packages
install_packages() {
info "📦 Installing required packages..."
apt-get update
local packages=(
"curl"
"wget"
"git"
"jq"
"htop"
"tree"
"unzip"
"gnupg"
"software-properties-common"
"apt-transport-https"
"ca-certificates"
"lsb-release"
)
for package in "${packages[@]}"; do
if apt-get install -y "$package"; then
success "Installed package: $package"
else
warning "Failed to install package: $package"
fi
done
}
# Setup secrets directory
setup_secrets_directory() {
info "🔐 Setting up secrets directory..."
local secrets_dir="/etc/hops/secrets"
if mkdir -p "$secrets_dir"; then
chmod 700 "$secrets_dir"
success "Secrets directory created: $secrets_dir"
else
error_exit "Failed to create secrets directory"
fi
}
# Configure system settings
configure_system() {
info "⚙️ Configuring system settings..."
# Set timezone if not already set
if [[ -n "$TZ" ]]; then
timedatectl set-timezone "$TZ" 2>/dev/null || true
fi
# Enable IP forwarding for Docker
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
success "System configuration completed"
}
# Main privileged setup
main() {
info "🚀 Starting privileged setup..."
# System checks
detect_os
check_system_requirements
# Install packages
install_packages
# Install Docker
install_docker
# Configure firewall
configure_firewall
# Create directories
create_system_directories
# Add user to docker group
add_user_to_docker_group
# Setup secrets
setup_secrets_directory
# Configure system
configure_system
success "Privileged setup completed successfully"
success "Please log out and back in for group changes to take effect"
}
# Run if executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi
EOF
chmod +x "$setup_script"
success "Privileged setup script created: $setup_script"
}
# Create non-privileged user script
create_user_script() {
local user_script="$1"
cat > "$user_script" << 'EOF'
#!/bin/bash
# HOPS User Script
# This script handles operations that can run as regular user
# Version: 3.1.0-beta
set -e
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/lib/common.sh"
source "$SCRIPT_DIR/lib/docker.sh"
source "$SCRIPT_DIR/lib/validation.sh"
# Initialize logging
setup_logging "user-operations"
# Check if user is in docker group
check_docker_access() {
if ! groups "\$USER" | grep -q docker; then
error_exit "User not in docker group. Please run the privileged setup first and log out/in."
fi
if ! docker info >/dev/null 2>&1; then
error_exit "Cannot access Docker daemon. Please ensure Docker is running."
fi
}
# Generate Docker Compose configuration
generate_docker_compose() {
local services=("$@")
local compose_file="$HOME/hops/docker-compose.yml"
info "📝 Generating Docker Compose configuration..."
# Create homelab directory
mkdir -p "$HOME/hops"
# Generate compose file header
cat > "$compose_file" << EOF
services:
EOF
# Generate service definitions
for service in "${services[@]}"; do
if "$SCRIPT_DIR/services-improved" generate "$service" >> "$compose_file"; then
success "Added service: $service"
else
error_exit "Failed to generate service definition for: $service"
fi
done
# Add networks section
cat >> "$compose_file" << EOF
networks:
homelab:
driver: bridge
traefik:
driver: bridge
database:
driver: bridge
EOF
success "Docker Compose configuration generated: $compose_file"
}
# Deploy services
deploy_services() {
local compose_file="$HOME/hops/docker-compose.yml"
if [[ ! -f "$compose_file" ]]; then
error_exit "Docker Compose file not found: $compose_file"
fi
info "🚀 Deploying services..."
cd "$HOME/hops"
# Pull images
if docker compose pull; then
success "Docker images pulled successfully"
else
error_exit "Failed to pull Docker images"
fi
# Start services
if docker compose up -d; then
success "Services deployed successfully"
else
error_exit "Failed to deploy services"
fi
}
# Stop services
stop_services() {
local compose_file="$HOME/hops/docker-compose.yml"
if [[ ! -f "$compose_file" ]]; then
error_exit "Docker Compose file not found: $compose_file"
fi
info "🛑 Stopping services..."
cd "$HOME/hops"
if docker compose down; then
success "Services stopped successfully"
else
error_exit "Failed to stop services"
fi
}
# Show service status
show_service_status() {
local compose_file="$HOME/hops/docker-compose.yml"
if [[ ! -f "$compose_file" ]]; then
error_exit "Docker Compose file not found: $compose_file"
fi
info "📊 Service status:"
cd "$HOME/hops"
docker compose ps
}
# Main user operations
main() {
local action="$1"
shift
# Check Docker access
check_docker_access
case "$action" in
"generate")
if [[ $# -eq 0 ]]; then
error_exit "Usage: $0 generate <service1> [service2] ..."
fi
generate_docker_compose "$@"
;;
"deploy")
deploy_services
;;
"stop")
stop_services
;;
"status")
show_service_status
;;
"logs")
if [[ $# -eq 0 ]]; then
error_exit "Usage: $0 logs <service_name>"
fi
cd "$HOME/hops"
docker compose logs -f "$1"
;;
*)
error_exit "Unknown action: $action"
;;
esac
}
# Run if executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi
EOF
chmod +x "$user_script"
success "User script created: $user_script"
# Create installation wrapper
create_installation_wrapper() {
local wrapper_script="$1"
cat > "$wrapper_script" << 'EOF'
#!/bin/bash
# HOPS Installation Wrapper
# Orchestrates privileged and non-privileged installation steps
# Version: 3.1.0-beta
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/lib/common.sh"
# Initialize logging
setup_logging "installation-wrapper"
# Show header
show_hops_header "3.1.0" "Installation Wrapper"
# Check if we're running as root
if [[ $EUID -eq 0 ]]; then
if [[ -z "$SUDO_USER" ]]; then
error_exit "Please run with sudo, not as root directly"
fi
else
error_exit "This script must be run with sudo"
fi
# Phase 1: Privileged setup
info "📋 Phase 1: Privileged setup (requires root)"
if "$SCRIPT_DIR/privileged-setup"; then
success "Privileged setup completed"
else
error_exit "Privileged setup failed"
fi
# Phase 2: User setup
info "📋 Phase 2: User setup (running as $SUDO_USER)"
# Drop privileges and run user setup
sudo -u "$SUDO_USER" bash << 'USERSCRIPT'
cd "$HOME"
echo "Running as user: $(whoami)"
# Interactive service selection
echo "Select services to install:"
echo "1) Media Server Stack (Jellyfin, Sonarr, Radarr, Prowlarr)"
echo "2) Download Client Stack (qBittorrent, Transmission)"
echo "3) Monitoring Stack (Portainer, Uptime Kuma)"
echo "4) Custom selection"
read -p "Enter your choice (1-4): " choice
case "$choice" in
1)
services=("jellyfin" "sonarr" "radarr" "prowlarr")
;;
2)
services=("qbittorrent" "transmission")
;;
3)
services=("portainer" "uptime-kuma")
;;
4)
echo "Available services:"
"$SCRIPT_DIR/services-improved" list
read -p "Enter service names (space-separated): " -a services
;;
*)
echo "Invalid choice"
exit 1
;;
esac
# Generate and deploy
if "$SCRIPT_DIR/user-operations" generate "${services[@]}"; then
echo "Configuration generated successfully"
if "$SCRIPT_DIR/user-operations" deploy; then
echo "Services deployed successfully"
else
echo "Deployment failed"
exit 1
fi
else
echo "Configuration generation failed"
exit 1
fi
USERSCRIPT
success "Installation completed successfully"
success "Services are now running. Check status with: ./user-operations status"
EOF
chmod +x "$wrapper_script"
success "Installation wrapper created: $wrapper_script"
}
# Main function
main() {
local action="$1"
shift
case "$action" in
"create-setup")
create_privileged_setup "$1"
;;
"create-user")
create_user_script "$1"
;;
"create-wrapper")
create_installation_wrapper "$1"
;;
"create-all")
create_privileged_setup "privileged-setup"
create_user_script "user-operations"
create_installation_wrapper "setup"
;;
"run")
local operation="$1"
local command="$2"
shift 2
run_with_privileges "$operation" "$command" "$@"
;;
"help"|"--help"|"-h")
cat <<EOF
HOPS Privilege Management System
Usage: $0 <action> [options]
Actions:
create-setup <file> Create privileged setup script
create-user <file> Create non-privileged user script
create-wrapper <file> Create installation wrapper
create-all Create all scripts
run <op> <cmd> [args] Run operation with appropriate privileges
help Show this help message
Examples:
$0 create-all
$0 run install_docker /usr/bin/apt-get install docker-ce
$0 run generate_docker_compose ./compose-gen.sh
EOF
;;
*)
error_exit "Unknown action: $action. Use 'help' for usage information."
;;
esac
}
# If script is run directly (not sourced)
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
setup_logging "privileges"
main "$@"
fi
lib/secrets.sh
+2 -2
View File
@@ -2,7 +2,7 @@
# HOPS - Secret Management System
# Secure encryption and management of sensitive configuration data
# Version: 3.1.0-beta
# Version: 1.0.0
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
@@ -190,7 +190,7 @@ create_encrypted_environment() {
cat > "$temp_env_file" << EOF
# HOPS Environment Configuration
# Generated on: $(date)
# Version: 3.1.0-beta
# Version: 1.0.0
# Core Configuration
PUID=$puid
lib/security.sh
+1 -1
View File
@@ -2,7 +2,7 @@
# HOPS - Security Functions
# Password generation, validation, and security utilities
# Version: 3.2.0
# Version: 1.0.0
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
lib/system.sh
+1 -1
View File
@@ -2,7 +2,7 @@
# HOPS - System Validation Functions
# Functions for system checks, OS detection, and requirements validation
# Version: 3.2.0
# Version: 1.0.0
# Source common functions
LIB_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
lib/validation.sh
+1 -1
View File
@@ -2,7 +2,7 @@
# HOPS - Input Validation and Sanitization Functions
# Comprehensive input validation and sanitization utilities
# Version: 3.1.0-beta
# Version: 1.0.0
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
privileged-setup
-266
View File
@@ -1,266 +0,0 @@
#!/bin/bash
# HOPS Privileged Setup Script
# This script handles operations that require root privileges
# Version: 3.1.0-beta
set -e
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/lib/common.sh"
source "$SCRIPT_DIR/lib/system.sh"
source "$SCRIPT_DIR/lib/security.sh"
# Initialize logging
setup_logging "privileged-setup"
# Check root privileges
check_root
# Install Docker if not present
install_docker() {
info "🐳 Installing Docker..."
if command_exists docker; then
success "Docker already installed"
return 0
fi
# Update package index
apt-get update
# Install prerequisites
apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
# Add Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# Add Docker repository with proper Ubuntu codename detection for Linux Mint
local ubuntu_codename
if [[ "$(lsb_release -is)" == "Linuxmint" ]]; then
# Linux Mint provides UBUNTU_CODENAME in /etc/os-release
if [[ -f /etc/os-release ]]; then
ubuntu_codename=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2)
fi
# Fallback to version mapping if UBUNTU_CODENAME not found
if [[ -z "$ubuntu_codename" ]]; then
case "$(lsb_release -rs)" in
"22"|"22.1"|"22.2"|"22.3")
ubuntu_codename="noble" # Ubuntu 24.04
;;
"21"|"21.1"|"21.2"|"21.3")
ubuntu_codename="jammy" # Ubuntu 22.04
;;
"20"|"20.1"|"20.2"|"20.3")
ubuntu_codename="focal" # Ubuntu 20.04
;;
*)
ubuntu_codename="noble" # Default to latest LTS
;;
esac
fi
else
ubuntu_codename=$(lsb_release -cs)
fi
echo "DEBUG: Detected OS: $(lsb_release -is), Ubuntu codename: $ubuntu_codename"
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $ubuntu_codename stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
# Update package index with Docker packages
apt-get update
# Install Docker
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# Start and enable Docker service
systemctl start docker
systemctl enable docker
success "Docker installed successfully"
}
# Configure firewall
configure_firewall() {
info "🔥 Configuring firewall..."
# Install UFW if not present
if ! command_exists ufw; then
apt-get update
apt-get install -y ufw
fi
# Reset firewall to defaults
ufw --force reset
# Set default policies
ufw default deny incoming
ufw default allow outgoing
# Allow SSH (prevent lockout)
ufw allow ssh
# Allow HTTP and HTTPS
ufw allow 80/tcp
ufw allow 443/tcp
# Enable firewall
ufw --force enable
success "Firewall configured successfully"
}
# Create system directories
create_system_directories() {
info "📁 Creating system directories..."
local directories=(
"/opt/appdata"
"/mnt/media"
"/mnt/media/movies"
"/mnt/media/tv"
"/mnt/media/music"
"/mnt/media/downloads"
"/var/log/hops"
)
for dir in "${directories[@]}"; do
if mkdir -p "$dir"; then
success "Created directory: $dir"
else
error_exit "Failed to create directory: $dir"
fi
done
# Set ownership to the user who ran sudo
if [[ -n "$SUDO_USER" ]]; then
local user_info
user_info=$(get_user_info)
local uid=$(echo "$user_info" | grep "uid=" | cut -d= -f2)
local gid=$(echo "$user_info" | grep "gid=" | cut -d= -f2)
chown -R "$uid:$gid" /opt/appdata /mnt/media
success "Set ownership of directories to $SUDO_USER"
fi
}
# Add user to docker group
add_user_to_docker_group() {
if [[ -z "$SUDO_USER" ]]; then
warning "No SUDO_USER set, skipping docker group addition"
return 0
fi
info "👥 Adding user to docker group..."
if usermod -aG docker "$SUDO_USER"; then
success "User $SUDO_USER added to docker group"
warning "User must log out and back in for group changes to take effect"
else
error_exit "Failed to add user to docker group"
fi
}
# Install required packages
install_packages() {
info "📦 Installing required packages..."
apt-get update
local packages=(
"curl"
"wget"
"git"
"jq"
"htop"
"tree"
"unzip"
"gnupg"
"software-properties-common"
"apt-transport-https"
"ca-certificates"
"lsb-release"
)
for package in "${packages[@]}"; do
if apt-get install -y "$package"; then
success "Installed package: $package"
else
warning "Failed to install package: $package"
fi
done
}
# Setup secrets directory
setup_secrets_directory() {
info "🔐 Setting up secrets directory..."
local secrets_dir="/etc/hops/secrets"
if mkdir -p "$secrets_dir"; then
chmod 700 "$secrets_dir"
success "Secrets directory created: $secrets_dir"
else
error_exit "Failed to create secrets directory"
fi
}
# Configure system settings
configure_system() {
info "⚙️ Configuring system settings..."
# Set timezone if not already set
if [[ -n "$TZ" ]]; then
timedatectl set-timezone "$TZ" 2>/dev/null || true
fi
# Enable IP forwarding for Docker
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
success "System configuration completed"
}
# Main privileged setup
main() {
info "🚀 Starting privileged setup..."
# System checks
detect_os
check_system_requirements
# Install packages
install_packages
# Install Docker
install_docker
# Configure firewall
configure_firewall
# Create directories
create_system_directories
# Add user to docker group
add_user_to_docker_group
# Setup secrets
setup_secrets_directory
# Configure system
configure_system
success "Privileged setup completed successfully"
success "Please log out and back in for group changes to take effect"
}
# Run if executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi
services
+2 -2
View File
@@ -2,7 +2,7 @@
# HOPS Service Definitions
# Contains all Docker Compose service configurations
# Version: 3.2.0
# Version: 1.0.0
# This script provides functions to generate Docker Compose service definitions
# Usage: Source this script and call generate_service_definition <service_name>
@@ -1349,7 +1349,7 @@ list_available_services() {
# Usage information
show_usage() {
cat <<EOF
HOPS Service Definitions Script v3.2.0
HOPS Service Definitions Script v1.0.0
Usage:
source services
services-improved
-572
View File
@@ -1,572 +0,0 @@
#!/bin/bash
# HOPS Service Definitions - Improved Version
# Contains all Docker Compose service configurations with error handling and pinned versions
# Version: 3.1.0-beta
# Exit on any error
set -e
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
if [[ -f "$SCRIPT_DIR/lib/common.sh" ]]; then
source "$SCRIPT_DIR/lib/common.sh"
else
echo "ERROR: Common library not found. Please ensure lib/common.sh exists." >&2
exit 1
fi
if [[ -f "$SCRIPT_DIR/lib/security.sh" ]]; then
source "$SCRIPT_DIR/lib/security.sh"
else
echo "ERROR: Security library not found. Please ensure lib/security.sh exists." >&2
exit 1
fi
# Service definitions with pinned versions (from docker.sh)
declare -A SERVICE_IMAGES=(
# Media Management (*arr Stack)
["sonarr"]="lscr.io/linuxserver/sonarr:4.0.10"
["radarr"]="lscr.io/linuxserver/radarr:5.8.3"
["lidarr"]="lscr.io/linuxserver/lidarr:2.5.3"
["readarr"]="lscr.io/linuxserver/readarr:0.3.32-develop"
["bazarr"]="lscr.io/linuxserver/bazarr:1.4.3"
["prowlarr"]="lscr.io/linuxserver/prowlarr:1.24.3"
["tdarr"]="ghcr.io/haveagitgat/tdarr:2.26.01"
# Download Clients
["qbittorrent"]="lscr.io/linuxserver/qbittorrent:4.6.7"
["transmission"]="lscr.io/linuxserver/transmission:4.0.6"
["nzbget"]="lscr.io/linuxserver/nzbget:24.3"
["sabnzbd"]="lscr.io/linuxserver/sabnzbd:4.3.3"
# Media Servers
["jellyfin"]="lscr.io/linuxserver/jellyfin:10.9.11"
["plex"]="lscr.io/linuxserver/plex:1.40.5"
["emby"]="lscr.io/linuxserver/emby:4.8.8"
["jellystat"]="cyfershepard/jellystat:1.1.0"
# Request Management
["overseerr"]="lscr.io/linuxserver/overseerr:1.33.2"
["jellyseerr"]="fallenbagel/jellyseerr:1.9.2"
["ombi"]="lscr.io/linuxserver/ombi:4.43.5"
# Reverse Proxy & Security
["traefik"]="traefik:v3.1.6"
["nginx-proxy-manager"]="jc21/nginx-proxy-manager:2.11.3"
["authelia"]="authelia/authelia:4.38.16"
# Monitoring & Management
["portainer"]="portainer/portainer-ce:2.21.4"
["uptime-kuma"]="louislam/uptime-kuma:1.23.15"
["watchtower"]="containrrr/watchtower:1.7.1"
)
# Service port mapping
declare -A SERVICE_PORTS=(
["sonarr"]="8989"
["radarr"]="7878"
["lidarr"]="8686"
["readarr"]="8787"
["bazarr"]="6767"
["prowlarr"]="9696"
["tdarr"]="8265"
["qbittorrent"]="8082"
["transmission"]="9091"
["nzbget"]="6789"
["sabnzbd"]="8080"
["jellyfin"]="8096"
["plex"]="32400"
["emby"]="8096"
["jellystat"]="3000"
["overseerr"]="5055"
["jellyseerr"]="5056"
["ombi"]="3579"
["traefik"]="8080"
["nginx-proxy-manager"]="81"
["authelia"]="9091"
["portainer"]="9000"
["uptime-kuma"]="3001"
["watchtower"]="8080"
)
# Initialize logging
setup_logging "service-definitions"
# Validate service name
validate_service_name_internal() {
local service_name="$1"
if [[ -z "$service_name" ]]; then
error_exit "Service name is required"
fi
if ! validate_service_name "$service_name"; then
error_exit "Invalid service name: $service_name"
fi
if [[ -z "${SERVICE_IMAGES[$service_name]}" ]]; then
error_exit "Unknown service: $service_name"
fi
}
# Get service image with validation
get_service_image() {
local service_name="$1"
validate_service_name_internal "$service_name"
echo "${SERVICE_IMAGES[$service_name]}"
}
# Get service port with validation
get_service_port() {
local service_name="$1"
validate_service_name_internal "$service_name"
echo "${SERVICE_PORTS[$service_name]}"
}
# Common environment variables for LinuxServer containers
get_linuxserver_env() {
cat <<EOF
- PUID=\${PUID:-1000}
- PGID=\${PGID:-1000}
- TZ=\${TZ:-UTC}
- UMASK=002
EOF
}
# Common restart policy
get_restart_policy() {
echo " restart: unless-stopped"
}
# Common network configuration
get_homelab_network() {
cat <<EOF
networks:
- homelab
EOF
}
# Common healthcheck for web services
get_web_healthcheck() {
local service_name="$1"
local path="${2:-/}"
if [[ -z "$service_name" ]]; then
error_exit "Service name required for healthcheck"
fi
local port=$(get_service_port "$service_name")
cat <<EOF
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:$port$path || exit 1"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
EOF
}
# Common volume configuration
get_common_volumes() {
local service_name="$1"
if [[ -z "$service_name" ]]; then
error_exit "Service name required for volumes"
fi
cat <<EOF
volumes:
- \${CONFIG_ROOT:-/opt/appdata}/$service_name:/config
- \${DATA_ROOT:-/mnt/media}:/data
- /etc/localtime:/etc/localtime:ro
EOF
}
# Common Traefik labels
get_traefik_labels() {
local service_name="$1"
if [[ -z "$service_name" ]]; then
error_exit "Service name required for Traefik labels"
fi
local port=$(get_service_port "$service_name")
cat <<EOF
labels:
- "traefik.enable=true"
- "traefik.http.routers.$service_name.rule=Host(\`$service_name.\${DOMAIN:-localhost}\`)"
- "traefik.http.routers.$service_name.entrypoints=websecure"
- "traefik.http.routers.$service_name.tls.certresolver=letsencrypt"
- "traefik.http.services.$service_name.loadbalancer.server.port=$port"
EOF
}
# --------------------------------------------
# SERVICE GENERATORS
# --------------------------------------------
# Generate *arr service (template for Sonarr, Radarr, etc.)
generate_arr_service() {
local service_name="$1"
validate_service_name_internal "$service_name"
local image=$(get_service_image "$service_name")
local port=$(get_service_port "$service_name")
cat <<EOF
$service_name:
image: $image
container_name: $service_name
$(get_restart_policy)
ports:
- "$port:$port"
environment:
$(get_linuxserver_env)
$(get_common_volumes "$service_name")
$(get_web_healthcheck "$service_name")
$(get_homelab_network)
$(get_traefik_labels "$service_name")
EOF
}
# Generate media server service
generate_media_server() {
local service_name="$1"
validate_service_name_internal "$service_name"
local image=$(get_service_image "$service_name")
local port=$(get_service_port "$service_name")
# Special handling for Plex
local additional_config=""
if [[ "$service_name" == "plex" ]]; then
additional_config=" - PLEX_CLAIM=\${PLEX_CLAIM:-}
- ADVERTISE_IP=\${ADVERTISE_IP:-}"
fi
cat <<EOF
$service_name:
image: $image
container_name: $service_name
$(get_restart_policy)
ports:
- "$port:$port"
environment:
$(get_linuxserver_env)
$additional_config
$(get_common_volumes "$service_name")
$(get_web_healthcheck "$service_name")
$(get_homelab_network)
$(get_traefik_labels "$service_name")
EOF
}
# Generate download client service
generate_download_client() {
local service_name="$1"
validate_service_name_internal "$service_name"
local image=$(get_service_image "$service_name")
local port=$(get_service_port "$service_name")
# Special handling for qBittorrent
local additional_config=""
if [[ "$service_name" == "qbittorrent" ]]; then
additional_config=" - WEBUI_PORT=$port"
fi
cat <<EOF
$service_name:
image: $image
container_name: $service_name
$(get_restart_policy)
ports:
- "$port:$port"
environment:
$(get_linuxserver_env)
$additional_config
$(get_common_volumes "$service_name")
$(get_web_healthcheck "$service_name")
$(get_homelab_network)
$(get_traefik_labels "$service_name")
EOF
}
# Generate monitoring service
generate_monitoring_service() {
local service_name="$1"
validate_service_name_internal "$service_name"
local image=$(get_service_image "$service_name")
local port=$(get_service_port "$service_name")
# Special handling for Portainer
local additional_config=""
local volume_config=""
if [[ "$service_name" == "portainer" ]]; then
volume_config=" volumes:
- \${CONFIG_ROOT:-/opt/appdata}/$service_name:/data
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro"
elif [[ "$service_name" == "watchtower" ]]; then
volume_config=" volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro"
additional_config=" - WATCHTOWER_CLEANUP=true
- WATCHTOWER_SCHEDULE=0 0 4 * * *"
else
volume_config=$(get_common_volumes "$service_name")
fi
cat <<EOF
$service_name:
image: $image
container_name: $service_name
$(get_restart_policy)
ports:
- "$port:$port"
environment:
$(get_linuxserver_env)
$additional_config
$volume_config
$(get_web_healthcheck "$service_name")
$(get_homelab_network)
$(get_traefik_labels "$service_name")
EOF
}
# Generate Traefik service
generate_traefik() {
local service_name="traefik"
validate_service_name_internal "$service_name"
local image=$(get_service_image "$service_name")
local port=$(get_service_port "$service_name")
cat <<EOF
traefik:
image: $image
container_name: traefik
$(get_restart_policy)
ports:
- "80:80"
- "443:443"
- "$port:$port"
environment:
- CF_API_EMAIL=\${CF_API_EMAIL:-}
- CF_API_KEY=\${CF_API_KEY:-}
command:
- "--api.dashboard=true"
- "--api.insecure=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
- "--certificatesresolvers.letsencrypt.acme.email=\${ACME_EMAIL:-admin@localhost}"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
volumes:
- \${CONFIG_ROOT:-/opt/appdata}/traefik:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
networks:
- homelab
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(\`traefik.\${DOMAIN:-localhost}\`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.services.traefik.loadbalancer.server.port=$port"
EOF
}
# Main service generator function
generate_service_definition() {
local service_name="$1"
if [[ -z "$service_name" ]]; then
error_exit "Service name is required"
fi
validate_service_name_internal "$service_name"
debug "Generating service definition for: $service_name"
case "$service_name" in
# Media Management (*arr Stack)
"sonarr"|"radarr"|"lidarr"|"readarr"|"bazarr"|"prowlarr")
generate_arr_service "$service_name"
;;
# Download Clients
"qbittorrent"|"transmission"|"nzbget"|"sabnzbd")
generate_download_client "$service_name"
;;
# Media Servers
"jellyfin"|"plex"|"emby"|"jellystat")
generate_media_server "$service_name"
;;
# Request Management
"overseerr"|"jellyseerr"|"ombi")
generate_arr_service "$service_name" # They use similar patterns
;;
# Reverse Proxy & Security
"traefik")
generate_traefik
;;
# Monitoring & Management
"portainer"|"uptime-kuma"|"watchtower")
generate_monitoring_service "$service_name"
;;
# Other services
"nginx-proxy-manager"|"authelia"|"tdarr")
generate_arr_service "$service_name" # Use generic template
;;
*)
error_exit "Unknown service: $service_name"
;;
esac
}
# Generate multiple services
generate_multiple_services() {
local services=("$@")
if [[ ${#services[@]} -eq 0 ]]; then
error_exit "No services specified"
fi
debug "Generating definitions for ${#services[@]} services"
for service in "${services[@]}"; do
generate_service_definition "$service"
done
}
# List all available services
list_available_services() {
echo "Available services:"
echo
local categories=(
"Media Management:sonarr,radarr,lidarr,readarr,bazarr,prowlarr,tdarr"
"Download Clients:qbittorrent,transmission,nzbget,sabnzbd"
"Media Servers:jellyfin,plex,emby,jellystat"
"Request Management:overseerr,jellyseerr,ombi"
"Reverse Proxy & Security:traefik,nginx-proxy-manager,authelia"
"Monitoring & Management:portainer,uptime-kuma,watchtower"
)
for category in "${categories[@]}"; do
local category_name="${category%%:*}"
local services="${category#*:}"
echo -e "${CYAN}${category_name}:${NC}"
IFS=',' read -ra service_list <<< "$services"
for service in "${service_list[@]}"; do
local port=$(get_service_port "$service")
local image=$(get_service_image "$service")
printf " %-20s Port: %-6s Image: %s\n" "$service" "$port" "$image"
done
echo
done
}
# Validate service configuration
validate_service_config() {
local service_name="$1"
validate_service_name_internal "$service_name"
local image=$(get_service_image "$service_name")
local port=$(get_service_port "$service_name")
# Check if image exists (basic validation)
if [[ -z "$image" ]]; then
error_exit "No image defined for service: $service_name"
fi
# Check if port is valid
if [[ ! "$port" =~ ^[0-9]+$ ]] || [[ "$port" -lt 1 ]] || [[ "$port" -gt 65535 ]]; then
error_exit "Invalid port for service $service_name: $port"
fi
success "Service configuration valid: $service_name"
}
# Main function for command line usage
main() {
local action="$1"
shift
case "$action" in
"generate")
if [[ $# -eq 0 ]]; then
error_exit "Usage: $0 generate <service_name> [service_name...]"
fi
generate_multiple_services "$@"
;;
"list")
list_available_services
;;
"validate")
if [[ $# -eq 0 ]]; then
error_exit "Usage: $0 validate <service_name>"
fi
validate_service_config "$1"
;;
"help"|"--help"|"-h")
cat <<EOF
HOPS Service Definitions - Improved Version
Usage: $0 <action> [options]
Actions:
generate <service>... Generate service definitions
list List all available services
validate <service> Validate service configuration
help Show this help message
Examples:
$0 generate sonarr radarr jellyfin
$0 list
$0 validate traefik
EOF
;;
*)
error_exit "Unknown action: $action. Use 'help' for usage information."
;;
esac
}
# If script is run directly (not sourced)
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi
setup
-90
View File
@@ -1,90 +0,0 @@
#!/bin/bash
# HOPS Installation Wrapper
# Orchestrates privileged and non-privileged installation steps
# Version: 3.1.0-beta
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/lib/common.sh"
# Initialize logging
setup_logging "installation-wrapper"
# Show header
show_hops_header "3.1.0-beta" "Installation Wrapper"
# Check if we're running as root
if [[ $EUID -eq 0 ]]; then
if [[ -z "$SUDO_USER" ]]; then
error_exit "Please run with sudo, not as root directly"
fi
else
error_exit "This script must be run with sudo"
fi
# Phase 1: Privileged setup
info "📋 Phase 1: Privileged setup (requires root)"
if "$SCRIPT_DIR/privileged-setup"; then
success "Privileged setup completed"
else
error_exit "Privileged setup failed"
fi
# Phase 2: User setup
info "📋 Phase 2: User setup (running as $SUDO_USER)"
# Drop privileges and run user setup
sudo -u "$SUDO_USER" bash << 'USERSCRIPT'
cd "$HOME"
echo "Running as user: $(whoami)"
# Interactive service selection
echo "Select services to install:"
echo "1) Media Server Stack (Jellyfin, Sonarr, Radarr, Prowlarr)"
echo "2) Download Client Stack (qBittorrent, Transmission)"
echo "3) Monitoring Stack (Portainer, Uptime Kuma)"
echo "4) Custom selection"
read -p "Enter your choice (1-4): " choice
case "$choice" in
1)
services=("jellyfin" "sonarr" "radarr" "prowlarr")
;;
2)
services=("qbittorrent" "transmission")
;;
3)
services=("portainer" "uptime-kuma")
;;
4)
echo "Available services:"
"$SCRIPT_DIR/services-improved" list
read -p "Enter service names (space-separated): " -a services
;;
*)
echo "Invalid choice"
exit 1
;;
esac
# Generate and deploy
if "$SCRIPT_DIR/user-operations" generate "${services[@]}"; then
echo "Configuration generated successfully"
if "$SCRIPT_DIR/user-operations" deploy; then
echo "Services deployed successfully"
else
echo "Deployment failed"
exit 1
fi
else
echo "Configuration generation failed"
exit 1
fi
USERSCRIPT
success "Installation completed successfully"
success "Services are now running. Check status with: ./user-operations status"
summary7-19.txt
-170
View File
@@ -1,170 +0,0 @@
# HOPS Linux Mint Docker Repository Troubleshooting Summary
## Date: July 19, 2025
### Problem Description
HOPS installation failing on Linux Mint 22.1 with Docker repository error:
```
E: The repository 'https://download.docker.com/linux/ubuntu xia Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
```
### Root Cause Analysis
- Linux Mint uses its own codenames (e.g., "xia" for version 22.1)
- Docker repositories are structured around Ubuntu codenames (e.g., "noble", "jammy", "focal")
- HOPS was using `lsb_release -cs` which returns "xia" instead of the Ubuntu base codename
- Docker doesn't have a repository for Linux Mint's "xia" codename
### System Information (Linux Mint 22.1)
```
Distributor ID: LinuxMint
Description: Linux Mint 22.1
Release: 22.1
Codename: xia
UBUNTU_CODENAME=noble (from /etc/os-release)
```
### Troubleshooting Steps Attempted
#### 1. Initial Fix Attempt (Commit af57a77)
**Files Modified:** `privileged-setup`, `lib/privileges.sh`
**Approach:** Added Linux Mint version to Ubuntu codename mapping
- Mint 22.x → Ubuntu 24.04 (noble)
- Mint 21.x → Ubuntu 22.04 (jammy)
- Mint 20.x → Ubuntu 20.04 (focal)
**Result:** Still failed with same error
#### 2. System Cleanup
**Commands Executed:**
```bash
sudo rm -f /etc/apt/sources.list.d/docker*
sudo rm -f /etc/apt/sources.list.d/*docker*
sudo rm -f /usr/share/keyrings/docker*
sudo rm -f /etc/apt/keyrings/docker*
sudo grep -i docker /etc/apt/sources.list
sudo apt clean
sudo apt autoclean
```
**Result:** Confirmed clean state, but error persisted
#### 3. Improved Fix (Commit 4fd78ec)
**Files Modified:** `privileged-setup`, `lib/privileges.sh`
**Approach:** Use `UBUNTU_CODENAME` from `/etc/os-release` with fallback to version mapping
```bash
# Primary method: Read UBUNTU_CODENAME from /etc/os-release
ubuntu_codename=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2)
# Fallback: Version mapping if UBUNTU_CODENAME not found
```
**Result:** Still experiencing same error after system cleanup
#### 4. Discovery of UBUNTU_CODENAME
**Key Finding:** Linux Mint 22.1 provides `UBUNTU_CODENAME=noble` in `/etc/os-release`
- This is the correct Ubuntu codename that Docker repositories support
- Should eliminate need for manual version mapping
#### 5. Root Cause Discovery - Wrong Installation Path (Session 2)
**Date:** July 19, 2025 (Evening)
**Discovery:** User was running `./setup` script, but fixes were applied to different code paths
**Investigation Steps:**
- Confirmed user had latest code with fixes (commit 4fd78ec)
- System was completely clean of Docker repositories
- `UBUNTU_CODENAME=noble` correctly detected
- Still getting "xia" error despite fixes
**Key Finding:** The `setup` script uses `lib/system.sh::install_docker()` which was calling Docker's convenience script `curl -fsSL https://get.docker.com | sh`, NOT the fixed installation functions in `privileged-setup` or `lib/privileges.sh`.
#### 6. Fix Applied to Correct Installation Path (Commit ce0f7f2)
**Files Modified:** `lib/system.sh` (lines 1122-1168)
**Approach:**
- Replaced Docker convenience script with manual repository setup
- Added Linux Mint Ubuntu codename detection logic to `lib/system.sh`
- Included same UBUNTU_CODENAME detection and fallback mapping
- Added debug output: "Using Ubuntu codename: X for Docker repository"
**Result:** User tested after pulling latest code - still experiencing same "xia" error
### Current Status (End of Session 2)
**Problem State:** Persistent "xia" repository error despite comprehensive fixes
**Fixes Applied:**
- Three different installation paths updated with Linux Mint detection
- Complete Docker repository cleanup performed multiple times
- Debug output added to track codename detection
- Manual testing confirmed UBUNTU_CODENAME=noble is available
**Unresolved Questions:**
1. Why debug output from fixed code is not appearing in installation logs
2. Whether there's a fourth Docker installation path not yet discovered
3. Possible system-level caching or existing Docker installation interfering
4. Whether the correct script path is actually being executed
### Next Steps (For Tomorrow)
1. **Execution Path Verification:** Add debug traces to determine which exact functions are being called during `./setup`
2. **Docker Installation Check:** Verify if Docker is already installed and causing early function returns
3. **Complete Docker Removal:** If Docker exists, completely remove it before testing fixes
4. **Alternative Installation Methods:** Test other entry points (`./hops`, `./install`, `./privileged-setup` directly)
5. **System State Analysis:** Check for any persistent apt configurations or cached repository information
### Technical Notes
- Linux Mint consistently provides `UBUNTU_CODENAME` in modern versions
- Using this field is more reliable than version-based mapping
- Docker installation uses Ubuntu repositories for Debian-based distributions
- Issue affects all Linux Mint installations using HOPS
- The Docker convenience script `get.docker.com` has its own broken Linux Mint detection
### Files Modified
- `privileged-setup` (lines 43-70, 72) - ✅ Fixed
- `lib/privileges.sh` (lines 199-226, 228) - ✅ Fixed
- `lib/system.sh` (lines 1122-1168) - ✅ Fixed
#### 7. Final Resolution (Session 3 - July 20, 2025)
**Root Cause Identified:** Critical case sensitivity bug in Linux Mint detection
- `lsb_release -is` returns `"Linuxmint"` (lowercase 'm')
- All code was checking for `"LinuxMint"` (uppercase 'M')
- This caused Linux Mint detection to fail completely, falling back to "xia" codename
**Final Fixes Applied:**
1. **Case Sensitivity Fix (Commit 736ed1b):**
- Fixed `lib/system.sh:1151`: `"LinuxMint"` → `"Linuxmint"`
- Fixed `privileged-setup:45`: `"LinuxMint"` → `"Linuxmint"`
- Fixed `lib/privileges.sh:201`: `"LinuxMint"` → `"Linuxmint"`
2. **Debug Tracing Added (Commit d2e9a69):**
- Added comprehensive debug output to trace execution paths
- Fixed Docker repository cleanup order in `remove_docker_linux()`
- Added specific cleanup for Linux Mint codenames (xia, vera, vanessa)
3. **Docker Service Issues (Manual Fix):**
- Created missing `docker` group: `sudo groupadd docker`
- Added user to docker group: `sudo usermod -aG docker skier`
- Started Docker services: `sudo systemctl start docker.socket docker`
4. **Directory Detection Fix (Commit a28a6e5):**
- Fixed sudo home directory resolution in `install` script
- Changed `$HOME/hops` to use `$SUDO_USER` home directory
- Resolved `/root/hops` vs `/home/skier/hops` issue
**Final Result:** ✅ **COMPLETE SUCCESS**
- Docker repositories now use correct Ubuntu codename "noble"
- Sonarr container deployed and running successfully
- Web UI accessible at localhost:8989
- All Linux Mint Docker repository issues resolved
### Current Status (RESOLVED)
**Problem State:** ✅ **COMPLETELY RESOLVED**
**Final Working State:**
- Linux Mint detection working: `DEBUG: Linux Mint detected, checking for UBUNTU_CODENAME`
- Ubuntu codename detection: `DEBUG: Found UBUNTU_CODENAME=noble in /etc/os-release`
- Repository configuration: `️ Using Ubuntu codename: noble for Docker repository`
- Docker installation: Downloads from `https://download.docker.com/linux/ubuntu noble`
- Service deployment: Sonarr running and accessible
### Git Commits
- `af57a77`: Initial Linux Mint version mapping fix
- `4fd78ec`: Improved fix using UBUNTU_CODENAME detection
- `ce0f7f2`: Fix lib/system.sh Docker installation path with manual repository setup
- `d2e9a69`: Fix Docker repository issues with debug tracing and cleanup order
- `736ed1b`: Fix critical Linux Mint case sensitivity bug in repository detection
- `a28a6e5`: Fix homelab directory detection when running with sudo
uninstall
+1 -1
View File
@@ -8,7 +8,7 @@ uninstall_hops() {
set +e
# Script version for consistency
local SCRIPT_VERSION="3.1.0-beta"
local SCRIPT_VERSION="1.0.0"
# --------------------------------------------
# LOGGING SETUP
user-operations
-173
View File
@@ -1,173 +0,0 @@
#!/bin/bash
# HOPS User Script
# This script handles operations that can run as regular user
# Version: 3.1.0-beta
set -e
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/lib/common.sh"
source "$SCRIPT_DIR/lib/docker.sh"
source "$SCRIPT_DIR/lib/validation.sh"
# Initialize logging
setup_logging "user-operations"
# Check if user is in docker group
check_docker_access() {
if ! groups "$USER" | grep -q docker; then
error_exit "User not in docker group. Please run the privileged setup first and log out/in."
fi
if ! docker info >/dev/null 2>&1; then
error_exit "Cannot access Docker daemon. Please ensure Docker is running."
fi
}
# Generate Docker Compose configuration
generate_docker_compose() {
local services=("$@")
local compose_file="$HOME/hops/docker-compose.yml"
info "📝 Generating Docker Compose configuration..."
# Create homelab directory
mkdir -p "$HOME/hops"
# Generate compose file header
cat > "$compose_file" << EOF
services:
EOF
# Generate service definitions
for service in "${services[@]}"; do
if "$SCRIPT_DIR/services-improved" generate "$service" >> "$compose_file"; then
success "Added service: $service"
else
error_exit "Failed to generate service definition for: $service"
fi
done
# Add networks section
cat >> "$compose_file" << EOF
networks:
homelab:
driver: bridge
traefik:
driver: bridge
database:
driver: bridge
EOF
success "Docker Compose configuration generated: $compose_file"
}
# Deploy services
deploy_services() {
local compose_file="$HOME/hops/docker-compose.yml"
if [[ ! -f "$compose_file" ]]; then
error_exit "Docker Compose file not found: $compose_file"
fi
info "🚀 Deploying services..."
cd "$HOME/hops"
# Pull images
if docker compose pull; then
success "Docker images pulled successfully"
else
error_exit "Failed to pull Docker images"
fi
# Start services
if docker compose up -d; then
success "Services deployed successfully"
else
error_exit "Failed to deploy services"
fi
}
# Stop services
stop_services() {
local compose_file="$HOME/hops/docker-compose.yml"
if [[ ! -f "$compose_file" ]]; then
error_exit "Docker Compose file not found: $compose_file"
fi
info "🛑 Stopping services..."
cd "$HOME/hops"
if docker compose down; then
success "Services stopped successfully"
else
error_exit "Failed to stop services"
fi
}
# Show service status
show_service_status() {
local compose_file="$HOME/hops/docker-compose.yml"
if [[ ! -f "$compose_file" ]]; then
error_exit "Docker Compose file not found: $compose_file"
fi
info "📊 Service status:"
cd "$HOME/hops"
docker compose ps
}
# Main user operations
main() {
local action="$1"
shift
# Check Docker access
check_docker_access
case "$action" in
"generate")
if [[ $# -eq 0 ]]; then
error_exit "Usage: $0 generate <service1> [service2] ..."
fi
generate_docker_compose "$@"
;;
"deploy")
deploy_services
;;
"stop")
stop_services
;;
"status")
show_service_status
;;
"logs")
if [[ $# -eq 0 ]]; then
error_exit "Usage: $0 logs <service_name>"
fi
cd "$HOME/hops"
docker compose logs -f "$1"
;;
*)
error_exit "Unknown action: $action"
;;
esac
}
# Run if executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi