canadabot/hops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ce0f7f2ae467323814e1e7eeb0b5a5c6f98bd7ff
hops/privileged-setup
T
Stephen Klein ce0f7f2ae4 Fix Linux Mint Docker repository detection in lib/system.sh 
- Replace Docker convenience script with manual repository setup in lib/system.sh
- Add proper Ubuntu codename detection for Linux Mint using UBUNTU_CODENAME from /etc/os-release
- Include fallback version mapping for older Linux Mint versions (22.x->noble, 21.x->jammy, 20.x->focal)
- Add debug output to track codename detection
- Resolves issue where get.docker.com script was using incorrect "xia" codename instead of "noble"

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-19 23:35:58 -04:00

266 lines
6.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# HOPS Privileged Setup Script
# This script handles operations that require root privileges
# Version: 3.1.0-beta
set -e
# Source common functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/lib/common.sh"
source "$SCRIPT_DIR/lib/system.sh"
source "$SCRIPT_DIR/lib/security.sh"
# Initialize logging
setup_logging "privileged-setup"
# Check root privileges
check_root
# Install Docker if not present
install_docker() {
info "🐳 Installing Docker..."
if command_exists docker; then
success "Docker already installed"
return 0
fi
# Update package index
apt-get update
# Install prerequisites
apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
# Add Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# Add Docker repository with proper Ubuntu codename detection for Linux Mint
local ubuntu_codename
if [[ "$(lsb_release -is)" == "LinuxMint" ]]; then
# Linux Mint provides UBUNTU_CODENAME in /etc/os-release
if [[ -f /etc/os-release ]]; then
ubuntu_codename=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2)
fi
# Fallback to version mapping if UBUNTU_CODENAME not found
if [[ -z "$ubuntu_codename" ]]; then
case "$(lsb_release -rs)" in
"22"|"22.1"|"22.2"|"22.3")
ubuntu_codename="noble" # Ubuntu 24.04
;;
"21"|"21.1"|"21.2"|"21.3")
ubuntu_codename="jammy" # Ubuntu 22.04
;;
"20"|"20.1"|"20.2"|"20.3")
ubuntu_codename="focal" # Ubuntu 20.04
;;
*)
ubuntu_codename="noble" # Default to latest LTS
;;
esac
fi
else
ubuntu_codename=$(lsb_release -cs)
fi
echo "DEBUG: Detected OS: $(lsb_release -is), Ubuntu codename: $ubuntu_codename"
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $ubuntu_codename stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
# Update package index with Docker packages
apt-get update
# Install Docker
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# Start and enable Docker service
systemctl start docker
systemctl enable docker
success "Docker installed successfully"
}
# Configure firewall
configure_firewall() {
info "🔥 Configuring firewall..."
# Install UFW if not present
if ! command_exists ufw; then
apt-get update
apt-get install -y ufw
fi
# Reset firewall to defaults
ufw --force reset
# Set default policies
ufw default deny incoming
ufw default allow outgoing
# Allow SSH (prevent lockout)
ufw allow ssh
# Allow HTTP and HTTPS
ufw allow 80/tcp
ufw allow 443/tcp
# Enable firewall
ufw --force enable
success "Firewall configured successfully"
}
# Create system directories
create_system_directories() {
info "📁 Creating system directories..."
local directories=(
"/opt/appdata"
"/mnt/media"
"/mnt/media/movies"
"/mnt/media/tv"
"/mnt/media/music"
"/mnt/media/downloads"
"/var/log/hops"
)
for dir in "${directories[@]}"; do
if mkdir -p "$dir"; then
success "Created directory: $dir"
else
error_exit "Failed to create directory: $dir"
fi
done
# Set ownership to the user who ran sudo
if [[ -n "$SUDO_USER" ]]; then
local user_info
user_info=$(get_user_info)
local uid=$(echo "$user_info" | grep "uid=" | cut -d= -f2)
local gid=$(echo "$user_info" | grep "gid=" | cut -d= -f2)
chown -R "$uid:$gid" /opt/appdata /mnt/media
success "Set ownership of directories to $SUDO_USER"
fi
}
# Add user to docker group
add_user_to_docker_group() {
if [[ -z "$SUDO_USER" ]]; then
warning "No SUDO_USER set, skipping docker group addition"
return 0
fi
info "👥 Adding user to docker group..."
if usermod -aG docker "$SUDO_USER"; then
success "User $SUDO_USER added to docker group"
warning "User must log out and back in for group changes to take effect"
else
error_exit "Failed to add user to docker group"
fi
}
# Install required packages
install_packages() {
info "📦 Installing required packages..."
apt-get update
local packages=(
"curl"
"wget"
"git"
"jq"
"htop"
"tree"
"unzip"
"gnupg"
"software-properties-common"
"apt-transport-https"
"ca-certificates"
"lsb-release"
)
for package in "${packages[@]}"; do
if apt-get install -y "$package"; then
success "Installed package: $package"
else
warning "Failed to install package: $package"
fi
done
}
# Setup secrets directory
setup_secrets_directory() {
info "🔐 Setting up secrets directory..."
local secrets_dir="/etc/hops/secrets"
if mkdir -p "$secrets_dir"; then
chmod 700 "$secrets_dir"
success "Secrets directory created: $secrets_dir"
else
error_exit "Failed to create secrets directory"
fi
}
# Configure system settings
configure_system() {
info "⚙️ Configuring system settings..."
# Set timezone if not already set
if [[ -n "$TZ" ]]; then
timedatectl set-timezone "$TZ" 2>/dev/null || true
fi
# Enable IP forwarding for Docker
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
success "System configuration completed"
}
# Main privileged setup
main() {
info "🚀 Starting privileged setup..."
# System checks
detect_os
check_system_requirements
# Install packages
install_packages
# Install Docker
install_docker
# Configure firewall
configure_firewall
# Create directories
create_system_directories
# Add user to docker group
add_user_to_docker_group
# Setup secrets
setup_secrets_directory
# Configure system
configure_system
success "Privileged setup completed successfully"
success "Please log out and back in for group changes to take effect"
}
# Run if executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi
Reference in New Issue View Git Blame Copy Permalink