feat(bootstrap): Windows recovery + reinstall toolkit for GURU-5070
Add .claude/bootstrap/ (windows-bootstrap.ps1, restore-secrets.ps1, backup-to-bundle.ps1, RESTORE.md) plus machines/guru-5070.md. Idempotent 11-phase rebuild after a clean Windows reset: winget core tools + .NET/WiX, protoc, Poppler, Tailscale; restore SOPS age key/SSH/tool-auth/identity from the E:/F: recovery bundle; clone repos+submodules; set OLLAMA_MODELS/HOST/PROTOC; detect existing D:\OllamaModels; register scheduled tasks. Includes session log. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
124
.claude/bootstrap/RESTORE.md
Normal file
124
.claude/bootstrap/RESTORE.md
Normal file
@@ -0,0 +1,124 @@
|
||||
# ClaudeTools Windows Bootstrap & Recovery Runbook
|
||||
|
||||
Rebuild this workstation (GURU-5070, Lenovo Legion Pro 7 16IAX10H) after a clean
|
||||
Windows reset. Everything here is driven by two scripts in this folder:
|
||||
|
||||
- `windows-bootstrap.ps1` — installs tools, restores secrets, clones repos, wires tasks
|
||||
- `restore-secrets.ps1` — copies secrets/identity from the recovery bundle back into place
|
||||
|
||||
The recovery bundle lives on the removable drives:
|
||||
|
||||
| Drive | Label | Holds |
|
||||
|-------|---------|-------|
|
||||
| **E:** | (FAT32) | `claudetools-recovery\` — secrets + identity + manifests (redundant copy) |
|
||||
| **F:** | Ventoy | `claudetools-recovery\` — same bundle **plus** `data\` (large client data) |
|
||||
|
||||
> F: is also a bootable rescue stick (SystemRescue, Boot Repair) — keep it; it can
|
||||
> help fix the machine. The bundle lives in `F:\claudetools-recovery\`, Ventoy is untouched.
|
||||
|
||||
---
|
||||
|
||||
## What's in the bundle (and why it can't just be re-cloned)
|
||||
|
||||
`claudetools-recovery\`
|
||||
- `secrets\`
|
||||
- `sops-age\keys.txt` — **THE most critical file.** The SOPS age private key. Without
|
||||
it the entire vault (`D:\vault`) is permanently undecryptable. Not stored in any repo.
|
||||
- `ssh\` — `id_ed25519` (+pub), `pst-cc-ucg` (+pub), `config`, `known_hosts`
|
||||
- `claude\` — `.claude.json`, `.credentials.json` (Claude Code login), settings, keybindings, statusline
|
||||
- `grok\` — `auth.json`, `config.toml`, `agent_id`
|
||||
- `gemini\` — `oauth_creds.json`, `google_accounts.json`, settings, installation_id
|
||||
- `git\.gitconfig`, `powershell\Microsoft.PowerShell_profile.ps1`
|
||||
- `identity\` — repo-local gitignored files: `identity.json`, `settings.local.json`,
|
||||
`current-mode`, `coord-broadcasts-seen`, `mcp.json`, `.claude/state\`, ticktick tokens, dataforth oauth
|
||||
- `config\` — Windows Terminal settings, fleet `hosts` file, quote-wizard `.env.production`
|
||||
- `manifests\` — `installed-tools.txt`, `ollama-models.txt`, `git-global-config.txt`,
|
||||
`repos.txt`, `user-environment.reg` / `.txt` (incl. `OLLAMA_MODELS`/`OLLAMA_HOST`/`PROTOC`), `scheduled-tasks\*.xml`
|
||||
- `data\` (F: only) — large non-Gitea client/project data, repo-relative paths
|
||||
|
||||
Everything else (all tracked code, skills, commands, docs, session logs, wiki) comes
|
||||
back from Gitea on clone — no need to back it up.
|
||||
|
||||
---
|
||||
|
||||
## Fast path (one shot)
|
||||
|
||||
From an **elevated PowerShell**, with E: or F: plugged in:
|
||||
|
||||
```powershell
|
||||
# copy the script off the drive first (so it survives a re-clone)
|
||||
Copy-Item F:\claudetools-recovery\bootstrap\windows-bootstrap.ps1 $env:TEMP\boot.ps1
|
||||
& $env:TEMP\.. # or just run directly:
|
||||
F:\claudetools-recovery\bootstrap\windows-bootstrap.ps1 -SkipModels
|
||||
```
|
||||
|
||||
`-SkipModels` defers the ~50 GB Ollama downloads. Drop it (or run Phase 8 later) when
|
||||
you want them. Add `-RestoreData` to also pull back the large client data from `F:\...\data`.
|
||||
|
||||
The script is **idempotent** — safe to re-run; it skips anything already done. To run
|
||||
just part of it: `-OnlyPhases "1,2,3"`.
|
||||
|
||||
---
|
||||
|
||||
## Manual path (if you'd rather do it by hand)
|
||||
|
||||
1. **Install App Installer** (winget) from the Microsoft Store if missing.
|
||||
2. **Core tools** (winget ids):
|
||||
`Git.Git`, `OpenJS.NodeJS.LTS`, `Python.Python.3.14`, `Rustlang.Rustup`,
|
||||
`Microsoft.VisualStudioCode`, `Ollama.Ollama`, `jqlang.jq`,
|
||||
`SecretsOPerationS.SOPS`, `FiloSottile.age`, `GitHub.cli`, `AgileBits.1Password.CLI`,
|
||||
`Microsoft.DotNet.SDK.8`, `Google.Protobuf`, `oschwartz10612.Poppler`, `Tailscale.Tailscale`
|
||||
Then `dotnet tool install --global wix` (MSI builds).
|
||||
Set env: `OLLAMA_MODELS=D:\OllamaModels`, `OLLAMA_HOST=0.0.0.0:11434`, `PROTOC=<protoc.exe>`.
|
||||
3. **AI CLIs:**
|
||||
- Claude: `irm https://claude.ai/install.ps1 | iex` → `~/.local/bin/claude.exe`
|
||||
- Gemini: `npm install -g @google/gemini-cli`
|
||||
- Grok: `bash -c "curl -fsSL https://x.ai/cli/install.sh | bash"` (Git Bash)
|
||||
4. **Restore home secrets:** `F:\claudetools-recovery\bootstrap\restore-secrets.ps1 -Group home`
|
||||
5. **Clone repos:**
|
||||
```
|
||||
git clone https://git.azcomputerguru.com/azcomputerguru/claudetools.git D:\claudetools
|
||||
cd D:\claudetools; git submodule update --init --recursive
|
||||
git clone https://git.azcomputerguru.com/azcomputerguru/vault.git D:\vault
|
||||
```
|
||||
(On-network you can use `http://172.16.3.20:3000/...` to bypass the SSL-renewal blips.)
|
||||
6. **Restore identity:** `restore-secrets.ps1 -Group repo`
|
||||
7. **Ollama models (proper set for this 12 GB-VRAM laptop):**
|
||||
`ollama pull nomic-embed-text:latest` (GrepAI embeddings) and `ollama pull qwen3:8b` (prose_model).
|
||||
Models live on `D:\OllamaModels` (47.8 GB) — **if D: survived the reset they're already there, skip this.**
|
||||
Heavy extras (`qwen3:14b`, `codestral:22b`, `qwen3.6:latest`) are opt-in only; they over-saturate 12 GB VRAM.
|
||||
8. **Scheduled tasks:** import each XML in `manifests\scheduled-tasks\` via
|
||||
`Register-ScheduledTask -Xml (Get-Content x.xml -Raw) -TaskName "..."`.
|
||||
9. **Verify:** `D:\claudetools\.claude\scripts\onboarding-diagnostic.ps1`, then `/self-check` in Claude Code.
|
||||
|
||||
---
|
||||
|
||||
## Post-install: things that need an interactive login
|
||||
|
||||
Auth tokens are backed up, but some expire. If a tool says it's unauthenticated:
|
||||
|
||||
- **Claude Code:** run `claude`, then `/login` (browser).
|
||||
- **GitHub CLI:** `gh auth login`
|
||||
- **1Password:** `op signin`
|
||||
- **Gemini:** launch `gemini`, complete the Google OAuth browser flow.
|
||||
- **Grok:** `grok login` (tokens expire after 7 days).
|
||||
- **Gitea git push:** uses the Windows Credential Manager (`credential.helper=manager`).
|
||||
First push prompts for the shared `azcomputerguru` account. **Do NOT** bake the password
|
||||
into the remote URL (the old `D:\work\gururmm` clone did — reset it to a clean URL).
|
||||
|
||||
## Verify the vault decrypts (proves the age key restored correctly)
|
||||
|
||||
```
|
||||
bash D:/claudetools/.claude/scripts/vault.sh list
|
||||
bash D:/claudetools/.claude/scripts/vault.sh get-field projects/claudetools/database.sops.yaml credentials.password
|
||||
```
|
||||
|
||||
If that returns the password, recovery succeeded. If it errors about decryption, the
|
||||
age key at `%APPDATA%\sops\age\keys.txt` and `~/.config/sops/age/keys.txt` is missing/wrong.
|
||||
|
||||
---
|
||||
|
||||
## Refreshing this bundle later
|
||||
|
||||
Re-run the backup any time (it's just file copies):
|
||||
`D:\claudetools\.claude\bootstrap\backup-to-bundle.ps1` (writes to E: and F:).
|
||||
Reference in New Issue
Block a user