From ee278f88330e3fcd730ebe9a91b1638c9c0a773c Mon Sep 17 00:00:00 2001 From: danny8632 Date: Tue, 12 May 2026 06:50:05 +0000 Subject: [PATCH] bootstrap: pre-install node/npm/build/python, set up agent user properly --- provisioning/bootstrap-dev-lxc.sh | 38 +++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/provisioning/bootstrap-dev-lxc.sh b/provisioning/bootstrap-dev-lxc.sh index c872773..f3cf045 100755 --- a/provisioning/bootstrap-dev-lxc.sh +++ b/provisioning/bootstrap-dev-lxc.sh @@ -26,22 +26,33 @@ TOKEN_FILE="${2:-/tmp/gitea-token-staging}" pct exec "$CTID" -- bash -c ' apt-get update -qq DEBIAN_FRONTEND=noninteractive apt-get install -y -qq \ - git curl ca-certificates jq openssh-server xz-utils + git curl ca-certificates jq openssh-server xz-utils sudo \ + nodejs npm build-essential python3 python3-pip mkdir -p /root/.claude /root/.local/bin /root/.local/share /root/.ssh /etc/agent /var/agent/workspaces /var/agent/logs - chmod 700 /root/.ssh /root/.claude /etc/agent + chmod 700 /root/.ssh /root/.claude + + # Non-root agent user (claude refuses bypassPermissions as root) + id agent &>/dev/null || useradd -m -s /bin/bash agent + chown agent:agent /etc/agent /var/agent /var/agent/workspaces /var/agent/logs + chmod 700 /etc/agent + grep -q "/.local/bin" /home/agent/.profile 2>/dev/null || \ + echo "export PATH=\$HOME/.local/bin:/usr/local/bin:\$PATH" >> /home/agent/.profile ' # --- claude-code --- tar -czf /tmp/claude-bundle.tgz -C /tmp claude-staging pct push "$CTID" /tmp/claude-bundle.tgz /tmp/claude-bundle.tgz -pct push "$CTID" /tmp/claude-creds-staging.json /root/.claude/.credentials.json --perms 600 +pct push "$CTID" /tmp/claude-creds-staging.json /home/agent/.claude/.credentials.json --perms 600 pct exec "$CTID" -- bash -c ' set -e - rm -rf /root/.local/share/claude - tar -xzf /tmp/claude-bundle.tgz -C /root/.local/share/ - mv /root/.local/share/claude-staging /root/.local/share/claude - CLAUDE_VERSION=$(ls /root/.local/share/claude/versions/ | sort -V | tail -1) - ln -sf /root/.local/share/claude/versions/$CLAUDE_VERSION /root/.local/bin/claude + install -d -o agent -g agent /home/agent/.local/share /home/agent/.local/bin /home/agent/.claude + tar -xzf /tmp/claude-bundle.tgz -C /home/agent/.local/share/ + mv /home/agent/.local/share/claude-staging /home/agent/.local/share/claude + CLAUDE_VERSION=$(ls /home/agent/.local/share/claude/versions/ | sort -V | tail -1) + ln -sf /home/agent/.local/share/claude/versions/$CLAUDE_VERSION /home/agent/.local/bin/claude + chown -R agent:agent /home/agent/.local /home/agent/.claude + chmod 700 /home/agent/.claude + chmod 600 /home/agent/.claude/.credentials.json rm -f /tmp/claude-bundle.tgz ' rm -f /tmp/claude-bundle.tgz @@ -51,9 +62,18 @@ pct push "$CTID" /tmp/tea-staging /usr/local/bin/tea --perms 755 # --- gitea token --- pct push "$CTID" "$TOKEN_FILE" /etc/agent/gitea-token --perms 600 +pct exec "$CTID" -- chown agent:agent /etc/agent/gitea-token + +# --- SSH authorized_keys for agent user --- +pct push "$CTID" /tmp/agent-authorized-keys /home/agent/.ssh/authorized_keys --perms 600 2>/dev/null || \ + echo "(skip: place orchestrator pubkey at /tmp/agent-authorized-keys before bootstrap to enable SSH)" +pct exec "$CTID" -- bash -c ' + install -d -o agent -g agent -m 700 /home/agent/.ssh + [ -f /home/agent/.ssh/authorized_keys ] && chown agent:agent /home/agent/.ssh/authorized_keys +' # --- enable sshd --- pct exec "$CTID" -- systemctl enable --now ssh echo "Bootstrap complete for CT $CTID. Versions:" -pct exec "$CTID" -- bash -lc 'PATH=/root/.local/bin:/usr/local/bin:$PATH; claude --version; tea --version | head -2' +pct exec "$CTID" -- su - agent -c 'claude --version; tea --version | head -2; node --version'