2026-01-12 10:34:04 +00:00
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
|
|
# Bootstrap installer - Universal kickstart script
|
|
|
|
|
|
# Decrypts and executes target-specific setup scripts
|
|
|
|
|
|
|
|
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
|
|
|
|
|
|
|
|
# Default target is nbmain (nbase2)
|
|
|
|
|
|
TARGET="${1:-nbmain}"
|
|
|
|
|
|
|
|
|
|
|
|
ENC_FILE="${SCRIPT_DIR}/${TARGET}.sh.enc"
|
|
|
|
|
|
NBCRYPT="${SCRIPT_DIR}/nbcrypt"
|
|
|
|
|
|
|
|
|
|
|
|
echo "🚀 Bootstrap: Starting ${TARGET}..."
|
|
|
|
|
|
|
|
|
|
|
|
# Check if encrypted script exists
|
|
|
|
|
|
if [ ! -f "$ENC_FILE" ]; then
|
|
|
|
|
|
echo "❌ Error: Target '${TARGET}' not found."
|
|
|
|
|
|
echo " Expected file: ${ENC_FILE}"
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
# Check if nbcrypt exists
|
|
|
|
|
|
if [ ! -f "$NBCRYPT" ]; then
|
|
|
|
|
|
echo "❌ Error: nbcrypt not found at ${NBCRYPT}"
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2026-01-20 16:40:01 +09:00
|
|
|
|
# Load SSH Agent environment BEFORE running nbcrypt
|
|
|
|
|
|
# This ensures nbcrypt can find the Ed25519 key without prompting for BWS token
|
|
|
|
|
|
AGENT_ENV_FILE="/tmp/.nb_agent_env_${USER:-$(id -un)}"
|
|
|
|
|
|
if [ -f "$AGENT_ENV_FILE" ]; then
|
|
|
|
|
|
# Check if we already have a valid SSH_AUTH_SOCK (Agent Forward)
|
|
|
|
|
|
# But also verify it actually works with ssh-add -l
|
|
|
|
|
|
if [ -n "${SSH_AUTH_SOCK:-}" ] && [ -S "${SSH_AUTH_SOCK}" ]; then
|
|
|
|
|
|
# Test if the agent actually works
|
|
|
|
|
|
if ssh-add -l >/dev/null 2>&1; then
|
|
|
|
|
|
# Agent Forward exists and works, preserve it and skip file loading
|
|
|
|
|
|
echo "🔑 Using existing SSH Agent Forward (preserved)"
|
|
|
|
|
|
else
|
|
|
|
|
|
# Agent Forward exists but doesn't work (stale socket), load from file
|
|
|
|
|
|
echo "🔑 Existing SSH Agent Forward is stale, loading from file..."
|
|
|
|
|
|
source "$AGENT_ENV_FILE"
|
|
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
# No valid agent, safe to load from file
|
|
|
|
|
|
echo "🔑 Loading SSH Agent environment..."
|
|
|
|
|
|
source "$AGENT_ENV_FILE"
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
# Ed25519 が無いときは BWS から鍵を取得して ssh-add(--keep でディスクに残す)
|
|
|
|
|
|
if ! ssh-add -l 2>/dev/null | grep -q ED25519; then
|
|
|
|
|
|
"$NBCRYPT" keychain --keep
|
|
|
|
|
|
[ -f "$AGENT_ENV_FILE" ] && source "$AGENT_ENV_FILE"
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2026-01-12 10:34:04 +00:00
|
|
|
|
# Decrypt and execute
|
|
|
|
|
|
echo "🔐 Decrypting ${TARGET}.sh..."
|
|
|
|
|
|
TEMP_SCRIPT="/tmp/${TARGET}-$$.sh"
|
|
|
|
|
|
|
2026-01-20 16:40:01 +09:00
|
|
|
|
if "$NBCRYPT" decfile "$ENC_FILE" "$TEMP_SCRIPT"; then
|
2026-01-12 10:34:04 +00:00
|
|
|
|
chmod +x "$TEMP_SCRIPT"
|
2026-01-18 07:52:01 +00:00
|
|
|
|
|
2026-01-20 16:40:01 +09:00
|
|
|
|
# Reload SSH Agent environment if it was updated by nbcrypt/BWS setup
|
|
|
|
|
|
# (in case BWS setup created a new agent)
|
2026-01-18 07:52:01 +00:00
|
|
|
|
if [ -f "$AGENT_ENV_FILE" ]; then
|
|
|
|
|
|
# Check if we already have a valid SSH_AUTH_SOCK (Agent Forward)
|
|
|
|
|
|
if [ -z "${SSH_AUTH_SOCK:-}" ] || [ ! -S "${SSH_AUTH_SOCK}" ]; then
|
|
|
|
|
|
# No valid agent, safe to load from file
|
|
|
|
|
|
source "$AGENT_ENV_FILE"
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2026-01-12 10:34:04 +00:00
|
|
|
|
echo "✅ Executing ${TARGET} setup..."
|
|
|
|
|
|
exec bash "$TEMP_SCRIPT"
|
|
|
|
|
|
else
|
|
|
|
|
|
echo "❌ Decryption failed."
|
|
|
|
|
|
echo " Please ensure your Ed25519 key is loaded in SSH Agent."
|
|
|
|
|
|
rm -f "$TEMP_SCRIPT"
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2026-01-18 07:52:01 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
