πΌ CrumbZeros TTYD Deployment Scripts
For: TTYD user isolation + BashPanda Lektion 1 + Crumbmissions integration
Philosophy: PrΓ€zision ΓΌber Geschwindigkeit
Date: 2026-02-21
π― Die drei Scripts
check.sh β Was ist im Wald? (Status Check)
test.sh β Was soll neu? (Test Suite)
make.sh β wuuuhuuu! (Deployment)
π 1. check.sh - "Was ist im Wald?"
Purpose: Check current deployment status
What it checks:
- β
System prerequisites (ttyd, nginx, htpasswd)
- β
crumbforest group existence
- β
KrΓΌmel users & group membership
- β
Home directory permissions
- β
TTYD processes running
- β
Nginx configuration
- β
Password files
- β
BashPanda lektionen
- β
Crumbmissions integration
- β
External access (should be 401!)
Usage:
sudo ./check.sh
# Output:
# β Shows what's deployed
# β Shows what's missing
# Exit code = number of issues
When to use:
- Before deployment (see baseline)
- After deployment (verify success)
- Regular health checks
- Troubleshooting
π§ͺ 2. test.sh - "Was soll neu?"
Purpose: Test plan & validation for new features
What it tests:
- β
User creation & isolation
- β
Directory permissions
- β
chmod basics (BashPanda Lektion 1)
- β
File ownership
- β
TTYD readonly mode
- β
htpasswd functionality
- β
Nginx configuration syntax
- β
Nginx proxy module
- β
Crumbmissions file structure
- β
Passkante scenarios (intentional failures)
Usage:
sudo ./test.sh
# Output:
# Shows test results
# Pass/Fail summary
# What's ready to deploy
Philosophy:
Test 3x:
1x = GlΓΌck (luck)
2x = Zufall (coincidence)
3x = Verstanden (understood)
When to use:
- Before make.sh (verify system ready)
- After make.sh (verify deployment)
- Development/testing
- Learning how it works
π 3. make.sh - "wuuuhuuu!"
Purpose: Deploy the complete TTYD user isolation system
What it deploys:
1. crumbforest Group
- Creates group for all krΓΌmel users
- Shared group, isolated homes
2. KrΓΌmel Users (default: 5)
kruemel1, kruemel2, kruemel3, kruemel4, kruemel5
- Home: /home/kruemelN
- Shell: /bin/bash
- Group: crumbforest
- Password: Random (saved to passwords.txt)
3. Home Directories
/home/kruemelN/
βββ mein_verzeichnis/ (700 - protected!)
β βββ willkommen.txt (600 - welcome message)
βββ .bashrc (user's environment)
Permissions:
/home/kruemelN β 700 (only user can access)
mein_verzeichnis β 700 (for Lektion 1 practice)
4. Authentication
/opt/crumbforest/auth/
βββ .htpasswd-kruemel1
βββ .htpasswd-kruemel2
βββ ...
βββ passwords.txt (admin reference - 600!)
5. TTYD Services
systemd services:
ttyd-kruemel1.service β port 7681
ttyd-kruemel2.service β port 7682
ttyd-kruemel3.service β port 7683
...
Features:
- Readonly mode (safe!)
- Per-user credentials
- Writable in home dir only
- Auto-restart
6. BashPanda Lektion 1
/opt/crumbforest/bashpanda/
βββ lektion1.md
Topic: "SchΓΌtze dein Verzeichnis"
Teaches:
- chmod basics
- File permissions
- Directory protection
- Passkante (learning from mistakes)
7. Crumbmissions Framework
/opt/crumbforest/crumbmissions/
βββ missions/
β βββ mission1.md β Links to BashPanda Lektion 1
βββ progress/
(for tracking user progress)
8. Nginx Configuration
/etc/nginx/sites-available/ttyd.crumbforest.com
Routes:
https://ttyd.crumbforest.com/kruemel1 β port 7681
https://ttyd.crumbforest.com/kruemel2 β port 7682
...
Security:
- auth_basic (username/password required!)
- SSL/HTTPS
- Per-user htpasswd files
- Security headers
9. Service Start
- Enables all TTYD services
- Starts all TTYD instances
- Reloads nginx
- Verifies everything running
Usage:
# Default: 5 users
sudo ./make.sh
# Custom number of users
sudo NUM_KRUEMEL=10 ./make.sh
# Output:
# Step-by-step deployment
# Confirmation prompts
# Success summary
# Access URLs
# Credentials location
After deployment:
β crumbforest group created
β N krΓΌmel users created
β N protected home directories
β N TTYD instances running
β Nginx configured & reloaded
β Auth files created
β BashPanda Lektion 1 ready
β Crumbmissions framework deployed
π Workflow
First Time Setup:
# 1. Check baseline
sudo ./check.sh
# β Shows what's missing
# 2. Run tests
sudo ./test.sh
# β Verify system ready
# 3. Deploy!
sudo ./make.sh
# β Follow prompts
# 4. Verify deployment
sudo ./check.sh
# β Should show 0 issues!
Regular Operations:
# Health check
sudo ./check.sh
# If issues found:
sudo ./make.sh # Re-deploy
π Access After Deployment
URLs:
https://ttyd.crumbforest.com/kruemel1
https://ttyd.crumbforest.com/kruemel2
https://ttyd.crumbforest.com/kruemel3
...
Credentials:
See: /opt/crumbforest/auth/passwords.txt
Format: username:password
Important: Change default passwords!
Test from outside:
# Should return 401 (auth required)
curl https://ttyd.crumbforest.com/kruemel1
# Output: 401 Unauthorized β Good!
# Should NOT show terminal!
πΌ BashPanda Lektion 1
Once logged in as krΓΌmel:
# Read welcome message
cat ~/mein_verzeichnis/willkommen.txt
# Start Lektion 1
cat /opt/crumbforest/bashpanda/lektion1.md | less
# Practice!
cd ~/mein_verzeichnis
echo "Mein Geheimnis" > geheimes.txt
chmod 600 geheimes.txt
ls -la
# Check Mission 1
cat /opt/crumbforest/crumbmissions/missions/mission1.md
Learning Goals:
- β
Understand chmod
- β
Protect your directory (700)
- β
Protect your files (600)
- β
Learn from mistakes (Passkante!)
π Security Features
Multi-Layer Protection:
Layer 1: Nginx auth_basic
β Username/password required
β Per-user htpasswd files
Layer 2: TTYD credentials
β Additional credential check
β Even if nginx bypassed
Layer 3: User isolation
β Each user in own home
β 700 permissions (only owner!)
β Group membership (crumbforest)
Layer 4: Readonly mode
β TTYD readonly by default
β Writable only in home dir
β Can't break system
Layer 5: Systemd isolation
β Each user = own service
β Service restart on failure
β Monitored by systemd
Passkante (Conscious Risk):
Why TTYD in browser?
β
Educational value (learn bash!)
β
Low barrier to entry
β
Accessible anywhere
β
Protected by multiple layers
β
Documented & transparent
= Pedagogical choice with safeguards
= Not reckless, but conscious
= As per Robotikids Manifest
π― Configuration
Environment Variables:
# Number of users to create
NUM_KRUEMEL=5 # Default
# Change it:
sudo NUM_KRUEMEL=10 ./make.sh
File Locations:
/opt/crumbforest/
βββ auth/ (htpasswd files)
βββ bashpanda/ (lektionen)
βββ crumbmissions/ (missions framework)
/home/kruemelN/
βββ mein_verzeichnis/ (practice space)
/etc/systemd/system/
βββ ttyd-kruemelN.service (per-user services)
/etc/nginx/sites-available/
βββ ttyd.crumbforest.com (nginx config)
π§ Maintenance
View logs:
# TTYD service logs
journalctl -u ttyd-kruemel1 -f
# All TTYD services
journalctl -u 'ttyd-*' -f
# Nginx logs
tail -f /var/log/nginx/access.log
tail -f /var/log/nginx/error.log
Restart services:
# Single user
sudo systemctl restart ttyd-kruemel1
# All TTYD services
sudo systemctl restart 'ttyd-*'
# Nginx
sudo systemctl reload nginx
Add more users:
# Run make.sh again with higher number
sudo NUM_KRUEMEL=10 ./make.sh
# Will create kruemel6-10
π Philosophy
From Robotikids Manifest:
"Wir lehren Technik β aber mit Haltung.
Wir fΓΆrdern Talente β aber ohne Druck.
Wir zeigen MΓΆglichkeiten β aber mit Werten."
From BashPanda:
"PrΓ€zision ΓΌber Geschwindigkeit.
Verstehen ΓΌber Quick-Fix.
Atmen vor AusfΓΌhren."
From Passkante:
"Fehler sind Einladungen zum Verstehen,
keine Katastrophen."
π² Integration
CrumbZeros:
- Raspberry Pi Zero setups
- Pelicase deployments
- Offline-first architecture
Crumbmissions:
- Mission-based learning
- Progress tracking
- Gamification (optional)
Crumbforest:
- Local AI (Ollama)
- RAG (Qdrant)
- Crew characters
= Complete ecosystem for learning!
π Next Steps
After Deployment:
- Test Access
- Login to https://ttyd.crumbforest.com/kruemel1
-
Complete BashPanda Lektion 1
-
Monitor
- Check logs regularly
-
Run check.sh weekly
-
Expand
- Add more lektionen
- Create more missions
-
Integrate with Ollama AI
-
Share
- Document learnings
- Share with community
- Improve scripts
Version: 1.0
Date: 2026-02-21
For: TTYD + BashPanda + Crumbmissions
Philosophy: Passkante + PrΓ€zision + Crew
wuuuhuuu! πΌπ²π