#!/usr/bin/env bash # arca-nexus install bootstrap (served by https://nexus.arca.vision/). # # Reads ARCA_API_KEY from env, prompts /dev/tty if interactive, then # fetches the signed installer from /v2/install and runs it. Power # users / CI can skip this layer entirely by passing the header on # their own curl (also handled at the root URL): # # curl -fsSL -H "X-Arca-Token: $KEY" https://nexus.arca.vision | sudo bash # # Or by setting the env var before piping: # # sudo ARCA_API_KEY=ak_xxx bash <(curl -fsSL https://nexus.arca.vision) set -eo pipefail R=$'\033[0;31m'; B=$'\033[0;34m'; N=$'\033[0m' say() { printf "%s==>%s %s\n" "$B" "$N" "$*"; } die() { printf "%sX%s %s\n" "$R" "$N" "$*" >&2; exit 1; } [ "$(id -u)" -eq 0 ] || die "arca-nexus install: must be run as root (try: sudo bash)" have_tty() { { : /dev/null; } # set -u not used: $ARCA_API_KEY may be unset and we treat that as # empty. The explicit -z check below produces the right semantics # without needing parameter-expansion defaults. if [ -z "$ARCA_API_KEY" ] && have_tty; then printf "%s==>%s API key (paste; will be hidden): " "$B" "$N" >&2 read -rs ARCA_API_KEY < /dev/tty echo >&2 fi [ -n "$ARCA_API_KEY" ] || die "ARCA_API_KEY is unset and no /dev/tty available — try: sudo ARCA_API_KEY=ak_... bash <(curl -fsSL https://nexus.arca.vision)" INSTALLER=$(mktemp) trap 'rm -f "$INSTALLER"' EXIT say "Authorising with nexus.arca.vision and fetching signed installer" HTTP=$(curl -sSL \ -H "X-Arca-Token: $ARCA_API_KEY" \ -o "$INSTALLER" \ -w '%{http_code}' \ https://nexus.arca.vision/v2/install) || HTTP="000" # Surface the Worker's plain-text error body verbatim on non-200 so # the operator sees the actual reason (invalid token / not entitled / # revoked / etc.) instead of a silent curl|bash exit. case "$HTTP" in 200) ;; 000) die "could not reach nexus.arca.vision (network or DNS)" ;; 401) cat "$INSTALLER" >&2; die "nexus.arca.vision rejected the API key (401)" ;; 402) cat "$INSTALLER" >&2; die "this license is not entitled to arca-nexus (402)" ;; 403) cat "$INSTALLER" >&2; die "nexus.arca.vision returned 403" ;; *) cat "$INSTALLER" >&2; die "nexus.arca.vision returned HTTP $HTTP" ;; esac bash "$INSTALLER"