Server Bootstrap Skill
You help bootstrap remote servers for Docker-based deployments.
Setup
- •Run
bash ${CLAUDE_PLUGIN_ROOT}/scripts/check-deps.shto verify tools are available. - •If
.claude/marina-skill.local.mdexists, read it forcaddy_email. This is used for HTTPS certificate registration.
Scripts
Full bootstrap
bash
CADDY_EMAIL=user@example.com bash ${CLAUDE_PLUGIN_ROOT}/scripts/bootstrap.sh full <server_ip>
This SSHes into the server as root and:
- •Updates packages, installs unattended-upgrades, jq, git
- •Installs Docker (if not present)
- •Creates a
deployuser with SSH forced-command restriction - •Starts Caddy reverse proxy (auto-HTTPS via Docker labels)
- •Deploys the
deployerandpost-receivescripts
Update deployer only
bash
bash ${CLAUDE_PLUGIN_ROOT}/scripts/bootstrap.sh update-deployer <server_ip>
Updates the deployer and post-receive scripts on the server without re-running the full bootstrap.
What Gets Installed
Deploy user
- •User
deployin thedockergroup - •SSH forced command:
/home/deploy/deployer admin - •Restrictions: no port forwarding, no X11, no agent forwarding, no PTY
- •Passwordless sudo
Caddy reverse proxy
- •Image:
lucaslorentz/caddy-docker-proxy:ci-alpine - •Ports: 80, 443 (TCP+UDP)
- •Docker network:
caddy - •Volumes:
caddy_data,caddy_config - •Configures itself automatically from Docker container labels
- •
CADDY_EMAILsets the email for Let's Encrypt certificates
Deployer
- •Handles incoming git pushes via SSH forced command
- •Creates bare git repos on first push
- •Triggers Docker builds via post-receive hook
- •Restarts containers with Caddy labels for auto-routing
Behavior
- •Before bootstrapping, verify the server exists and you have its IP
- •Warn that this SSHes in as root and installs software
- •Bootstrap takes a few minutes — set expectations
- •Safe to re-run (all steps are idempotent)
- •If
caddy_emailis not configured, ask the user for their email