Tirodem (96c2adf7) at 17 Mar 15:30

... and 1 more commit

be-bop-cli is a new command-line tool designed to help you maintain and operate an existing be-BOP installation.

Once be-BOP is installed, be-bop-cli becomes the primary way to perform regular tasks such as maintenance, diagnostics, and operational actions. It provides a stable, scriptable interface that can be used both interactively and in automated workflows.

What’s new?

• A first-class CLI for be-BOP operations

  be-bop-cli is now installed automatically during the initial setup. Once installed, it becomes the primary interface for managing be-BOP. Operational logic is no longer embedded in the installer itself. This makes routine tasks repeatable, scriptable, and safer to automate.

• be-bop-bootstrap installer

  Installation now starts with be-bop-bootstrap, a single-file installer that bundles be-bop-wizard, be-bop-cli and other required resources. Running this script launches the familiar interactive installation flow, but ensures all components are installed in a consistent and reproducible way.

  Most users will not notice any difference beyond the new entry point.

  ⚠️ Note on command-line arguments When running be-bop-bootstrap script, any arguments intended for be-bop-wizard must currently be passed after --.

  Example: be-bop-bootstrap -- --domain example.com --email [email protected]

• Consistent and predictable execution model

  All maintenance operations now run under a dedicated system user (be-bop-cli). This ensures that commands behave consistently, regardless of the user invoking it or how the user invokes it. The wizard sets this up during installation, so no manual configuration is required.

• Controlled privilege escalation (without passwords)

  Some CLI actions require elevated privileges (for example, managing the be-BOP system service). To make this safe and usable:

  • A minimal, purpose-built wrapper is installed alongside the CLI.
  • Regular users can simply be-bop-cli without sudo prompts, the wrapper automatically takes care of running in the correct environment.
  • Privilege escalation is tightly scoped to the exact operations required.

  Under the hood, this wrapper:

  • Verifies the CLI script cryptographically before execution,
  • Enforces strict ownership and permission checks,
  • Runs with a sanitized environment,
  • Prevents common attack classes such as script tampering, symlink attacks, and environment manipulation.

  The result is a small, auditable trust surface instead of a broad, shell-based escalation path.

• Version coherence by design

  The installer and the CLI are always released together. CI now enforces version matching between components. This prevents subtle breakage caused by mismatched tooling. Users get a coherent, self-consistent toolchain with every release.

This release is obviously compatible with existing installations. be-bop-cli will simply be installed.

On first try :

[wizard-1773679511-21637] [2026-03-16 17:45:32] [INFO] Installing Garage S3-compatible storage server... /dev/fd/63: line 2453: в: command not found [wizard-1773679511-21637] [2026-03-16 17:45:32] [ERROR] A command failed at line 2453 with exit code 127 [wizard-1773679511-21637] [2026-03-16 17:45:32] [ERROR] The script paused to prevent any potential issues.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 💡 Don’t panic — the script stopped safely after an error. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Indeed :

After removing :

[wizard-1773679693-22739] [2026-03-16 17:48:17] [INFO] Beginning installation... [wizard-1773679693-22739] [2026-03-16 17:48:17] [INFO] Executing planned tasks... [wizard-1773679693-22739] [2026-03-16 17:48:17] [INFO] Running task: setup_bebop_directory_permissions [wizard-1773679693-22739] [2026-03-16 17:48:17] [INFO] Setting up be-BOP directory permissions... [wizard-1773679693-22739] [2026-03-16 17:48:17] [INFO] Running task: install_garage [wizard-1773679693-22739] [2026-03-16 17:48:17] [INFO] Installing Garage S3-compatible storage server... be-bop-wizard.sh: line 2454: arch_string: unbound variable

@gnt.store I don't think it's supposed to be there ^^"

When the wizard runs on a machine whose CPU does not support AVX instructions, MongoDB 8.0 crashes immediately with signal=ILL (Illegal instruction). This is expected behavior because MongoDB ≥5.0 requires AVX, and some budget VPS hosts still use CPUs without it.

Currently, the wizard only reports:

MongoDB failed to start after 30 seconds

This message does not help the user understand the root cause or how to resolve it, leading to confusion and unnecessary troubleshooting.

Observed Outcome:

• MongoDB is installed normally.
• mongod crashes instantly (code=dumped, signal=ILL).
• Wizard retries and times out.
• User has no guidance about why the failure occurred or what to do next.

This was observed in a VPS provided by namecheap (Pulsar).

The installation wizard now handles more system configurations smoothly. It checks whether your CPU supports AVX (required for MongoDB), waits for be-BOP to fully start before moving to the next step, and handles non-systemd systems with clearer messages. System readiness detection is also more forgiving and robust, and connection timeouts have been slightly increased for better reliability during setup.

Closes #9 and #10.

The installation wizard now handles more system configurations smoothly. It checks whether your CPU supports AVX (required for MongoDB), waits for be-BOP to fully start before moving to the next step, and handles non-systemd systems with clearer messages. System readiness detection is also more forgiving and robust, and connection timeouts have been slightly increased for better reliability during setup.

Closes #9 and #10.

We fixed a timing issue where the system sometimes tried to set up the be-BOP configuration before Phoenixd was ready. This could cause the setup to fail because it couldn’t access the required seed yet. The order has now been adjusted so that be-BOP configuration only happens after Phoenixd has fully started, improving reliability.

We fixed a timing issue where the system sometimes tried to set up the be-BOP configuration before Phoenixd was ready. This could cause the setup to fail because it couldn’t access the required seed yet. The order has now been adjusted so that be-BOP configuration only happens after Phoenixd has fully started, improving reliability.

• Phoenixd Support – The wizard now embeds Phoenixd credentials in the be-BOP configuration, enabling automatic connectivity and simplifying deployment.

• Configuration Fingerprints – Each configuration file now includes a fingerprint so the wizard can detect and safely refresh outdated settings without losing user changes.

• Refined Messaging – Command-line output and terminology have been standardized for clarity.

• Version Integrity – Version updates are now enforced by continuous integration to ensure consistent, traceable releases.

• Phoenixd Support – The wizard now embeds Phoenixd credentials in the be-BOP configuration, enabling automatic connectivity and simplifying deployment.

• Configuration Fingerprints – Each configuration file now includes a fingerprint so the wizard can detect and safely refresh outdated settings without losing user changes.

• Refined Messaging – Command-line output and terminology have been standardized for clarity.

• Version Integrity – Version updates are now enforced by continuous integration to ensure consistent, traceable releases.

With the current wizard, we aren't with git anymore and cannot git pull. We can update be-BOP code by replaying the wizard with correct parameters. We need a fast, easier way to update (either a single command or stuff like that, but before the whole be-bop-cli if possible).

be-BOP can now be updated by simply running the wizard, without needing to specify the domain or email address.

Closes https://github.com/be-BOP-io-SA/be-BOP-tooling/issues/4.

be-BOP can now be updated by simply running the wizard, without needing to specify the domain or email address.

Closes https://github.com/be-BOP-io-SA/be-BOP-tooling/issues/4.

A standalone script that provides comprehensive be-BOP installation. Key features:

• Smart provisioning: Only installs missing components, supports partial installations • Complete stack: Node.js, MongoDB, nginx, phoenixd (Lightning), MinIO (S3), be-BOP app • Security-first: Systemd hardening, Let's Encrypt SSL, proper credential management • Container-aware: Detects containers vs VMs, adjusts security policies accordingly • Developer-friendly: Configurable GitHub repo for testing with forks

The wizard uses a fact-based architecture that detects system state, plans necessary actions, and executes them idempotently. All configuration files are managed with ucf for proper upgrade handling.

A standalone script that provides comprehensive be-BOP installation. Key features:

• Smart provisioning: Only installs missing components, supports partial installations • Complete stack: Node.js, MongoDB, nginx, phoenixd (Lightning), MinIO (S3), be-BOP app • Security-first: Systemd hardening, Let's Encrypt SSL, proper credential management • Container-aware: Detects containers vs VMs, adjusts security policies accordingly • Developer-friendly: Configurable GitHub repo for testing with forks

The wizard uses a fact-based architecture that detects system state, plans necessary actions, and executes them idempotently. All configuration files are managed with ucf for proper upgrade handling.