chore: Cleanup QA reports and improve setup scripts

Scripts: - common.sh: Fix select_option to use /dev/tty for interactive prompts - common.sh: Improve check_docker with detailed error messages - setup.sh: Add Traefik configuration options - setup.sh: Add argument validation for --mode, --external-authentik, etc. - setup.sh: Add fun taglines QA Reports: - Remove stale remediation reports - Keep current pending reports Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 22:53:47 -06:00
parent cb0948214e
commit e63c19d158
42 changed files with 1764 additions and 759 deletions
--- a/scripts/lib/common.sh
+++ b/scripts/lib/common.sh
@@ -20,7 +20,7 @@ else
    GREEN=''
    YELLOW=''
    BLUE=''
-    CYAN='\033[0;36m'
+    CYAN=''
    BOLD=''
    NC=''
 fi
@@ -91,22 +91,24 @@ select_option() {
    local options=("$@")
    local num_options=${#options[@]}

-    echo "$prompt"
+    # Output UI to /dev/tty so it's visible even when function output is captured
+    echo "$prompt" >/dev/tty
    for i in "${!options[@]}"; do
-        printf "  %d) %s\n" "$((i + 1))" "${options[$i]}"
+        printf "  %d) %s\n" "$((i + 1))" "${options[$i]}" >/dev/tty
    done
-    echo ""
+    echo "" >/dev/tty

    local selection
    while true; do
-        read -r -p "Enter selection [1-$num_options]: " selection
+        read -r -p "Enter selection [1-$num_options]: " selection </dev/tty >/dev/tty
        if [[ "$selection" =~ ^[0-9]+$ ]] && \
           [ "$selection" -ge 1 ] && \
           [ "$selection" -le "$num_options" ]; then
+            # Only output the selected value to stdout (for capture)
            echo "${options[$((selection - 1))]}"
            return 0
        else
-            print_error "Invalid selection. Please enter a number between 1 and $num_options."
+            print_error "Invalid selection. Please enter a number between 1 and $num_options." >/dev/tty
        fi
    done
 }
@@ -204,7 +206,34 @@ check_command() {
 }

 check_docker() {
-    check_command docker && docker info >/dev/null 2>&1
+    if ! check_command docker; then
+        return 1
+    fi
+
+    # Check if daemon is accessible
+    if docker info >/dev/null 2>&1; then
+        return 0
+    fi
+
+    # Docker exists but daemon not accessible
+    # This could be permission issue or daemon not running
+    local error_msg
+    error_msg=$(docker info 2>&1)
+
+    if [[ "$error_msg" =~ "permission denied" ]]; then
+        print_warning "Docker installed but permission denied"
+        print_info "You may need to add your user to the docker group:"
+        print_info "  sudo usermod -aG docker \$USER"
+        print_info "  Then log out and back in"
+        return 2  # Special code for permission issue
+    elif [[ "$error_msg" =~ "Cannot connect to the Docker daemon" ]]; then
+        print_warning "Docker installed but daemon not running"
+        print_info "Start it with: sudo systemctl start docker"
+        return 3  # Special code for daemon not running
+    else
+        print_warning "Docker installed but not accessible"
+        return 4  # Unknown issue
+    fi
 }

 check_docker_compose() {
@@ -316,16 +345,17 @@ install_package() {

    case "$pkg_manager" in
        apt)
-            sudo apt update && sudo apt install -y "$package"
+            # Don't quote $package to allow multi-word package names
+            sudo apt update && sudo apt install -y $package
            ;;
        pacman)
-            sudo pacman -Sy --noconfirm "$package"
+            sudo pacman -Sy --noconfirm $package
            ;;
        dnf)
-            sudo dnf install -y "$package"
+            sudo dnf install -y $package
            ;;
        brew)
-            brew install "$package"
+            brew install $package
            ;;
        *)
            print_error "Unknown package manager: $pkg_manager"
@@ -367,13 +397,34 @@ validate_port() {

 validate_domain() {
    local domain="$1"
-    if [[ "$domain" =~ ^[a-zA-Z0-9][a-zA-Z0-9.-]{0,61}[a-zA-Z0-9]\.[a-zA-Z]{2,}$ ]]; then
+    # Allow single-character subdomains and properly validate domain structure
+    if [[ "$domain" =~ ^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$ ]]; then
        return 0
    else
        return 1
    fi
 }

+validate_ipv4() {
+    local ip="$1"
+    local IFS='.'
+    local -a octets
+    read -ra octets <<< "$ip"
+
+    # Must have exactly 4 octets
+    [[ ${#octets[@]} -eq 4 ]] || return 1
+
+    # Each octet must be 0-255
+    for octet in "${octets[@]}"; do
+        # Must be numeric
+        [[ "$octet" =~ ^[0-9]+$ ]] || return 1
+        # Must be in range 0-255
+        (( octet >= 0 && octet <= 255 )) || return 1
+    done
+
+    return 0
+}
+
 # ============================================================================
 # Secret and Password Generation
 # ============================================================================
@@ -407,7 +458,7 @@ is_placeholder() {
    # Check for common placeholder patterns
    if [[ "$value" =~ ^\$\{.*\}$ ]] || \
       [[ "$value" =~ ^(change-me|changeme|your-.*|example|placeholder|TODO|FIXME|xxx+)$ ]] || \
-       [[ "$value" =~ ^<.*>$ ]] || \
+       [[ "$value" =~ ^\<.*\>$ ]] || \
       [[ -z "$value" ]]; then
        return 0
    else
--- a/scripts/setup.sh
+++ b/scripts/setup.sh