workstation: machine-wide config inheritance (managed claudeMd + setup-devvm.sh + skel)
Spike confirmed (claude 2.1.168): /etc/claude-code/managed-settings.json claudeMd reaches a session (sentinel echoed). Hybrid inheritance = enforced org claudeMd machine-wide (top precedence, non-overridable) + per-user ~/.claude/{skills,rules,...} symlinks to the config base (live, the proven emo pattern) seeded via /etc/skel. setup-devvm.sh is idempotent: apt toolset, node>=18 + claude-code, system-wide kubelogin (NOT the Azure apt pkg), the managed config, and /etc/skel (launcher that cd's $HOME/code, tmux UX, inheritance symlinks). Verified: emo unchanged (groups/symlinks/live sessions intact), emo can read the managed config, idempotent re-run clean.
Security fix (host state): /home/wizard/.claude/settings.json was 0664, exposing MEMORY_API_KEY to all devvm users -> chmod 0600. chezmoi source needs a private_ prefix + the key templated out to persist this (dotfiles-repo follow-up).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
parent
55d4b4cf2d
commit
1757cb59e7
5 changed files with 165 additions and 0 deletions
42
scripts/workstation/skel/start-claude.sh
Executable file
42
scripts/workstation/skel/start-claude.sh
Executable file
|
|
@ -0,0 +1,42 @@
|
|||
#!/bin/bash
|
||||
# Per-user Claude Code Workstation launcher (devvm). Lands the user in their OWN
|
||||
# ~/code clone (NOT a hardcoded /home/wizard/code) and names the Claude session
|
||||
# after the tmux session so /resume, the prompt box, and the terminal title line
|
||||
# up. Deployed via /etc/skel by setup-devvm.sh, so new accounts get it on
|
||||
# `useradd -m`. Existing users are repointed to this during their migration.
|
||||
echo ""
|
||||
echo " Welcome, $(id -un)! 🚀"
|
||||
echo ""
|
||||
echo " Starting Claude Code in $HOME/code ..."
|
||||
echo " (Right-click for tmux menu, or Ctrl+B then | or - to split)"
|
||||
echo ""
|
||||
|
||||
name_args=()
|
||||
if [ -n "${TMUX:-}" ]; then
|
||||
sess="$(tmux display-message -p '#{session_name}' 2>/dev/null)"
|
||||
[ -n "$sess" ] && name_args=(--name "$sess")
|
||||
fi
|
||||
|
||||
cd "$HOME/code" 2>/dev/null || cd "$HOME"
|
||||
|
||||
# Prefer the system-wide `claude` (installed by setup-devvm.sh); fall back to npx.
|
||||
launch() {
|
||||
if command -v claude >/dev/null 2>&1; then
|
||||
claude "$@"
|
||||
else
|
||||
npx @anthropic-ai/claude-code "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
# Deliberately not `exec` so we can branch on the exit code: clean quit ends the
|
||||
# pane (ttyd closes the terminal); a crash drops to a shell so the tmux session
|
||||
# isn't destroyed-and-recreated in a ttyd auto-reconnect loop.
|
||||
launch --dangerously-skip-permissions --model claude-opus-4-8 "${name_args[@]}"
|
||||
code=$?
|
||||
[ "$code" -eq 0 ] && exit 0
|
||||
|
||||
echo ""
|
||||
echo " claude exited abnormally (status $code). Dropping to a shell — your tmux session is preserved."
|
||||
echo " Re-launch any time with: ~/start-claude.sh"
|
||||
echo ""
|
||||
exec "${SHELL:-/bin/bash}" -l
|
||||
Loading…
Add table
Add a link
Reference in a new issue