machines: support macOS and add to mac nest#9
Conversation
- setup.sh: detect OS — install sftpman only on Arch (Linux), install 1Password CLI via brew on Mac / yay on Linux when missing, then run op inject. Add set -euo pipefail and quote SCRIPT_DIR. - setup.json: wire setup.sh as the install hook so op inject runs before the link step needs ssh_config.secret. - nests/mac: depend on machines so the SSH host config gets linked. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit ebe1103. Configure here.
| @@ -1,5 +1,6 @@ | |||
| { | |||
| "name": "machines", | |||
| "install": "local:setup.sh", | |||
There was a problem hiding this comment.
Link runs before install in All operation
Medium Severity
The machines setup links ssh_config.secret (produced by op inject in the install hook), but the framework's Operation::All in apply_operation_once calls link_once before install_once. When a user runs owl nest all, the link step will fail with "source not found" (silently printing ❌) because ssh_config.secret hasn't been generated yet. The install then creates the file, but the link is never retried, leaving ~/.ssh/config unlinked.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit ebe1103. Configure here.
1 participant
Summary
setups/machines/setup.shcross-platform: skippacman -S sftpmanon macOS, install1password-clivia Homebrew whenopis missing, harden withset -euo pipefailand quoted paths.setup.shas theinstallhook insetups/machines/setup.jsonsoop injectruns before the link step needsssh_config.secret.machinesto themacnest's dependencies so~/.ssh/configgets linked from the 1Password-injected template.Test plan
owl nest install(brew installs1password-cliif missing, thenop injectruns)owl nest linkproduces~/.ssh/config→setups/machines/ssh_config.secretssh octo(or any of the 4 hosts) resolves to the IP from theDev1Password vaultsftpmanstill installed via pacman🤖 Generated with Claude Code
Note
Medium Risk
Moderate risk because it changes install-time behavior and tooling dependencies (package manager installs and
op inject) that can fail differently across OSes and affect~/.ssh/configgeneration.Overview
Adds the
machinessetup to themacnest so mac installs now generate and link~/.ssh/configfrom the 1Password-injected template.Wires
setups/machines/setup.shas aninstallhook and makes it cross-platform: installssftpmanonly on Linux/pacman, bootstraps missingopvia Homebrew (macOS) oryay(Linux), and hardens the script withset -euo pipefailand quoted paths.Reviewed by Cursor Bugbot for commit ebe1103. Bugbot is set up for automated code reviews on this repo. Configure here.