From e1c2f6065d04a3c67677739f28a5687aa4ecebe0 Mon Sep 17 00:00:00 2001 From: "Luma (Enclave AI)" Date: Wed, 13 May 2026 01:32:12 +0000 Subject: [PATCH 1/6] fix(install): generate Ollama peer SSH key if missing .env.example sets OLLAMA_SSH_KEY_PUB to ~/.ssh/id_ed25519_ollama.pub but install.sh never created the file. Docker then auto-creates a directory at that path and fails mounting it as a file. Generate the key during install so the volume mount works on first boot. Co-Authored-By: Claude Sonnet 4.6 --- install.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/install.sh b/install.sh index 68570c0..cbc8be6 100755 --- a/install.sh +++ b/install.sh @@ -145,6 +145,18 @@ else fi info "GPU_TYPE=${GPU_TYPE} saved to .env" +# ─── Generate Ollama peer SSH key ───────────────────────────────────────────── +# Required by docker-compose.yml volume mount: OLLAMA_SSH_KEY_PUB → /root/.ollama/id_ed25519.pub +# If the file is missing Docker auto-creates a directory and the mount fails. +OLLAMA_SSH_KEY="${HOME}/.ssh/id_ed25519_ollama" +if [[ ! -f "${OLLAMA_SSH_KEY}" ]]; then + mkdir -p "${HOME}/.ssh" + ssh-keygen -t ed25519 -f "${OLLAMA_SSH_KEY}" -N "" -q + success "Generated Ollama peer SSH key at ${OLLAMA_SSH_KEY}" +else + success "Ollama peer SSH key already exists at ${OLLAMA_SSH_KEY}" +fi + # ─── Preflight checks ───────────────────────────────────────────────────────── header "Preflight Checks" From f765f22c7fb3dc11d0646d1c47ae25cae9b4714a Mon Sep 17 00:00:00 2001 From: "Luma (Enclave AI)" Date: Wed, 13 May 2026 01:33:36 +0000 Subject: [PATCH 2/6] fix(compose): remove Phase 1 SSH key volume mounts from Ollama container MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SSH peer communication was replaced by HTTP in Phase 2. The OLLAMA_SSH_KEY* mounts in docker-compose.yml were Phase 1 remnants — when the referenced files don't exist Docker fails to start the container. Remove the mounts and clean up the corresponding .env.example vars and install.sh key-generation block. Co-Authored-By: Claude Sonnet 4.6 --- .env.example | 2 -- docker-compose.yml | 2 -- install.sh | 12 ------------ 3 files changed, 16 deletions(-) diff --git a/.env.example b/.env.example index 71e09c3..1973dba 100644 --- a/.env.example +++ b/.env.example @@ -25,8 +25,6 @@ OLLAMA_DATA=/home/${STACK_USER}/.ollama # ── Ollama ──────────────────────────────────────────────────────────────────── OLLAMA_PORT=11434 -OLLAMA_SSH_KEY=/home/${STACK_USER}/.ssh/id_ed25519_ollama -OLLAMA_SSH_KEY_PUB=/home/${STACK_USER}/.ssh/id_ed25519_ollama.pub # Memory limits — adjust for your hardware. # Intel Arc users: 16gb / 32g is a good starting point for a 32GB system. # NVIDIA GPU users: match shm to your VRAM size. diff --git a/docker-compose.yml b/docker-compose.yml index b91df65..ff5507d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -48,8 +48,6 @@ services: - OLLAMA_KEEP_ALIVE=-1 volumes: - ${OLLAMA_DATA:-/home/user/.ollama}:/root/.ollama - - ${OLLAMA_SSH_KEY:-/dev/null}:/root/.ollama/id_ed25519:ro - - ${OLLAMA_SSH_KEY_PUB:-/dev/null}:/root/.ollama/id_ed25519.pub:ro ports: - "${OLLAMA_PORT:-11434}:11434" shm_size: '${OLLAMA_SHM_SIZE:-2gb}' diff --git a/install.sh b/install.sh index cbc8be6..68570c0 100755 --- a/install.sh +++ b/install.sh @@ -145,18 +145,6 @@ else fi info "GPU_TYPE=${GPU_TYPE} saved to .env" -# ─── Generate Ollama peer SSH key ───────────────────────────────────────────── -# Required by docker-compose.yml volume mount: OLLAMA_SSH_KEY_PUB → /root/.ollama/id_ed25519.pub -# If the file is missing Docker auto-creates a directory and the mount fails. -OLLAMA_SSH_KEY="${HOME}/.ssh/id_ed25519_ollama" -if [[ ! -f "${OLLAMA_SSH_KEY}" ]]; then - mkdir -p "${HOME}/.ssh" - ssh-keygen -t ed25519 -f "${OLLAMA_SSH_KEY}" -N "" -q - success "Generated Ollama peer SSH key at ${OLLAMA_SSH_KEY}" -else - success "Ollama peer SSH key already exists at ${OLLAMA_SSH_KEY}" -fi - # ─── Preflight checks ───────────────────────────────────────────────────────── header "Preflight Checks" From 78f3c6126a56e32750c42196cf207910f7b52335 Mon Sep 17 00:00:00 2001 From: "Luma (Enclave AI)" Date: Wed, 13 May 2026 21:35:19 +0000 Subject: [PATCH 3/6] fix(install): generate Ollama SSH key pair and clean stale pub dir docker-compose.yml mounts OLLAMA_SSH_KEY_PUB into the ollama container. If the .pub file is absent Docker auto-creates a directory there, then runc fails trying to bind-mount a file over a directory. Fix: generate the key pair during install, and remove any stale directory at the .pub path before writing the file. Co-Authored-By: Claude Sonnet 4.6 --- install.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/install.sh b/install.sh index 68570c0..a4c09d1 100755 --- a/install.sh +++ b/install.sh @@ -145,6 +145,26 @@ else fi info "GPU_TYPE=${GPU_TYPE} saved to .env" +# ─── Generate Ollama peer SSH key ───────────────────────────────────────────── +# docker-compose.yml mounts OLLAMA_SSH_KEY_PUB into the container. If the file +# is absent, Docker auto-creates a directory there and the mount fails at boot. +OLLAMA_SSH_KEY_PATH="${HOME}/.ssh/id_ed25519_ollama" +if [[ ! -f "${OLLAMA_SSH_KEY_PATH}" ]]; then + mkdir -p "${HOME}/.ssh" + ssh-keygen -t ed25519 -f "${OLLAMA_SSH_KEY_PATH}" -N "" -q + success "Generated Ollama peer SSH key at ${OLLAMA_SSH_KEY_PATH}" +else + success "Ollama peer SSH key exists at ${OLLAMA_SSH_KEY_PATH}" +fi +# Also ensure the public key file exists (not a stale directory from a failed mount) +if [[ -d "${OLLAMA_SSH_KEY_PATH}.pub" ]]; then + rm -rf "${OLLAMA_SSH_KEY_PATH}.pub" +fi +if [[ ! -f "${OLLAMA_SSH_KEY_PATH}.pub" ]]; then + ssh-keygen -y -f "${OLLAMA_SSH_KEY_PATH}" > "${OLLAMA_SSH_KEY_PATH}.pub" + success "Derived public key at ${OLLAMA_SSH_KEY_PATH}.pub" +fi + # ─── Preflight checks ───────────────────────────────────────────────────────── header "Preflight Checks" From f77683cc7c4f3df18b48ccf6c0c5da65007ab4db Mon Sep 17 00:00:00 2001 From: "Luma (Enclave AI)" Date: Wed, 13 May 2026 21:35:50 +0000 Subject: [PATCH 4/6] fix(generate-olla-config): replace eval with printf -v to prevent shell injection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit eval "export $key=$val" interprets shell metacharacters in values — angle brackets, pipes, ampersands — as shell syntax. A literal placeholder like caused bash to try a stdin redirect and exit 1, bringing the entire stack down. Use printf -v / export to set the variable safely. Co-Authored-By: Claude Sonnet 4.6 --- scripts/generate-olla-config.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/generate-olla-config.sh b/scripts/generate-olla-config.sh index 298dea4..0658756 100755 --- a/scripts/generate-olla-config.sh +++ b/scripts/generate-olla-config.sh @@ -43,7 +43,12 @@ if [[ -f "$ENV_FILE" ]]; then val="${val#\"}"; val="${val%\"}" val="${val#\'}"; val="${val%\'}" case "$key" in - OLLA_*|OLLAMA_REMOTE_*) eval "export $key=\$val" ;; + OLLA_*|OLLAMA_REMOTE_*) + # Use printf -v instead of eval to avoid shell injection from values + # containing special characters like < > | & (e.g. placeholder text) + printf -v "$key" '%s' "$val" + export "$key" + ;; esac done < "$ENV_FILE" fi From 985fe18255777121c39b878bcaa0b658d6cf4649 Mon Sep 17 00:00:00 2001 From: "Luma (Enclave AI)" Date: Wed, 13 May 2026 21:37:19 +0000 Subject: [PATCH 5/6] fix(install): remove dead SSH key generation block MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit f765f22 removed the OLLAMA_SSH_KEY* volume mounts from docker-compose.yml (Phase 1 remnants, replaced by HTTP in Phase 2). A subsequent commit added key generation back to install.sh referencing those removed mounts. Dead code — the keys are no longer mounted anywhere. Co-Authored-By: Claude Sonnet 4.6 --- install.sh | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/install.sh b/install.sh index a4c09d1..68570c0 100755 --- a/install.sh +++ b/install.sh @@ -145,26 +145,6 @@ else fi info "GPU_TYPE=${GPU_TYPE} saved to .env" -# ─── Generate Ollama peer SSH key ───────────────────────────────────────────── -# docker-compose.yml mounts OLLAMA_SSH_KEY_PUB into the container. If the file -# is absent, Docker auto-creates a directory there and the mount fails at boot. -OLLAMA_SSH_KEY_PATH="${HOME}/.ssh/id_ed25519_ollama" -if [[ ! -f "${OLLAMA_SSH_KEY_PATH}" ]]; then - mkdir -p "${HOME}/.ssh" - ssh-keygen -t ed25519 -f "${OLLAMA_SSH_KEY_PATH}" -N "" -q - success "Generated Ollama peer SSH key at ${OLLAMA_SSH_KEY_PATH}" -else - success "Ollama peer SSH key exists at ${OLLAMA_SSH_KEY_PATH}" -fi -# Also ensure the public key file exists (not a stale directory from a failed mount) -if [[ -d "${OLLAMA_SSH_KEY_PATH}.pub" ]]; then - rm -rf "${OLLAMA_SSH_KEY_PATH}.pub" -fi -if [[ ! -f "${OLLAMA_SSH_KEY_PATH}.pub" ]]; then - ssh-keygen -y -f "${OLLAMA_SSH_KEY_PATH}" > "${OLLAMA_SSH_KEY_PATH}.pub" - success "Derived public key at ${OLLAMA_SSH_KEY_PATH}.pub" -fi - # ─── Preflight checks ───────────────────────────────────────────────────────── header "Preflight Checks" From fa51584a404e70b7242c362c98a3c40789cd321b Mon Sep 17 00:00:00 2001 From: "Luma (Enclave AI)" Date: Wed, 13 May 2026 21:42:02 +0000 Subject: [PATCH 6/6] fix(generate-olla-config): use declare -gx to pass shellcheck SC2163 Co-Authored-By: Claude Sonnet 4.6 --- scripts/generate-olla-config.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scripts/generate-olla-config.sh b/scripts/generate-olla-config.sh index 0658756..e8fdaa7 100755 --- a/scripts/generate-olla-config.sh +++ b/scripts/generate-olla-config.sh @@ -44,10 +44,7 @@ if [[ -f "$ENV_FILE" ]]; then val="${val#\'}"; val="${val%\'}" case "$key" in OLLA_*|OLLAMA_REMOTE_*) - # Use printf -v instead of eval to avoid shell injection from values - # containing special characters like < > | & (e.g. placeholder text) - printf -v "$key" '%s' "$val" - export "$key" + declare -gx "$key=$val" ;; esac done < "$ENV_FILE"